fix: normalize POST success response status

Surface specific validation and database failures when updating contact details so API responses are actionable.

.gitignore

@@ -124,3 +124,6 @@ _modules/*
 
 /results/
 /phpunit*.xml
+/public/.htaccess
+
+

.serena/.gitignore

@@ -0,0 +1,2 @@
+/cache
+/project.local.yml

.serena/memories/clqms01-be/style_conventions.md

@@ -0,0 +1 @@
+CLQMS backend is a PHP 8.1+ CodeIgniter 4 API-only project that follows PSR-12 spacing/brace rules and prefers short arrays. New PHP files should enable `declare(strict_types=1)` and use typed arguments/returns (nullable unions over doc-only hints). Controllers use `ResponseTrait` to emit `{ status, message, data }` JSON responses; shared logic lives in `app/Libraries`/`app/Traits`. Guard clauses and single-purpose helpers keep methods ~40 lines; repeated flows are extracted. Database work uses Query Builder/Model methods, `helper('utc')`, and `checkDbError()` for manual queries. Multi-table writes wrap `$this->db->transStart()/transComplete()` with status checks. Lookups leverage `App\\Libraries\\Lookups` and JSON files in `app/Libraries/Data/valuesets/`. Routes stay in `app/Config/Routes.php` grouped by resource; filters like `auth` guard protected routes. Audits/logging use `log_message` with sanitized data. Tests live under `tests/Feature` and `tests/Unit`, use PHPUnit 10.5+ conventions, and expect status assertions per HTTP semantics.

.serena/memories/clqms01-be/suggested_commands.md

@@ -0,0 +1,14 @@
+Essential commands for CLQMS development (run from repo root on Windows PowerShell):
+
+• `composer install` – install PHP dependencies before running CodeIgniter or tests.
+• `npm install` – sync `package-lock.json` for tooling such as API docs bundler.
+• `./vendor/bin/phpunit` – run entire PHPUnit suite (or target files via `--filter`).
+• `php spark test --filter <Class>::<method>` – focused test run when you know the class/method.
+• `php spark migrate` / `php spark migrate:rollback` – apply or roll back database migrations.
+• `php spark serve` – lightweight dev server for the API while developing locally.
+• `node public/bundle-api-docs.js` – regenerate bundled OpenAPI docs whenever the YAML files change.
+• `git status`, `git diff`, `git log --oneline`, `git add <paths>`, `git commit`, `git pull`, `git push` – version control workflow commands.
+• `ls` / `dir` / `Get-ChildItem` – inspect directories in PowerShell; `cd` to move between directories.
+• `type <file>` or `Get-Content` – view file contents when tools are not convenient.
+
+Use these commands routinely after code changes, tests, or migrations.

.serena/memories/clqms01-be/task_completion_steps.md

@@ -0,0 +1,10 @@
+When a task is completed in CLQMS backend, follow these wrap-up steps:
+
+1. Run relevant tests (`./vendor/bin/phpunit` or targeted `php spark test --filter ...`).
+2. If migrations changed, run `php spark migrate` / `php spark migrate:rollback` locally and ensure schema updates succeed.
+3. After editing OpenAPI documentation (YAML files or controller mappings), regenerate `public/api-docs.bundled.yaml` via `node public/bundle-api-docs.js` and check it into Git.
+4. Confirm code adheres to PSR-12/CodeIgniter conventions (strict types, response format, transactions, guard clauses) before committing.
+5. Review `git status/diff` to ensure only intended files are staged; do not commit `.env` or other secret files.
+6. For shared logic changes, double-check lookup JSON cache use and response logging.
+
+These steps keep the API consistent, documented, and tested before merging or deploying.

.serena/project.yml

@@ -0,0 +1,154 @@
+# the name by which the project can be referenced within Serena
+project_name: "clqms01-be"
+
+
+# list of languages for which language servers are started; choose from:
+#   al                  bash                clojure             cpp                 csharp
+#   csharp_omnisharp    dart                elixir              elm                 erlang
+#   fortran             fsharp              go                  groovy              haskell
+#   haxe                java                julia               kotlin              lua
+#   markdown
+#   matlab              nix                 pascal              perl                php
+#   php_phpactor        powershell          python              python_jedi         r
+#   rego                ruby                ruby_solargraph     rust                scala
+#   swift               terraform           toml                typescript          typescript_vts
+#   vue                 yaml                zig
+#   (This list may be outdated. For the current list, see values of Language enum here:
+#   https://github.com/oraios/serena/blob/main/src/solidlsp/ls_config.py
+#   For some languages, there are alternative language servers, e.g. csharp_omnisharp, ruby_solargraph.)
+# Note:
+#   - For C, use cpp
+#   - For JavaScript, use typescript
+#   - For Free Pascal/Lazarus, use pascal
+# Special requirements:
+#   Some languages require additional setup/installations.
+#   See here for details: https://oraios.github.io/serena/01-about/020_programming-languages.html#language-servers
+# When using multiple languages, the first language server that supports a given file will be used for that file.
+# The first language is the default language and the respective language server will be used as a fallback.
+# Note that when using the JetBrains backend, language servers are not used and this list is correspondingly ignored.
+languages:
+- php
+
+# the encoding used by text files in the project
+# For a list of possible encodings, see https://docs.python.org/3.11/library/codecs.html#standard-encodings
+encoding: "utf-8"
+
+# line ending convention to use when writing source files.
+# Possible values: unset (use global setting), "lf", "crlf", or "native" (platform default)
+# This does not affect Serena's own files (e.g. memories and configuration files), which always use native line endings.
+line_ending:
+
+# The language backend to use for this project.
+# If not set, the global setting from serena_config.yml is used.
+# Valid values: LSP, JetBrains
+# Note: the backend is fixed at startup. If a project with a different backend
+# is activated post-init, an error will be returned.
+language_backend:
+
+# whether to use project's .gitignore files to ignore files
+ignore_all_files_in_gitignore: true
+
+# advanced configuration option allowing to configure language server-specific options.
+# Maps the language key to the options.
+# Have a look at the docstring of the constructors of the LS implementations within solidlsp (e.g., for C# or PHP) to see which options are available.
+# No documentation on options means no options are available.
+ls_specific_settings: {}
+
+# list of additional paths to ignore in this project.
+# Same syntax as gitignore, so you can use * and **.
+# Note: global ignored_paths from serena_config.yml are also applied additively.
+ignored_paths: []
+
+# whether the project is in read-only mode
+# If set to true, all editing tools will be disabled and attempts to use them will result in an error
+# Added on 2025-04-18
+read_only: false
+
+# list of tool names to exclude.
+# This extends the existing exclusions (e.g. from the global configuration)
+#
+# Below is the complete list of tools for convenience.
+# To make sure you have the latest list of tools, and to view their descriptions, 
+# execute `uv run scripts/print_tool_overview.py`.
+#
+#  * `activate_project`: Activates a project based on the project name or path.
+#  * `check_onboarding_performed`: Checks whether project onboarding was already performed.
+#  * `create_text_file`: Creates/overwrites a file in the project directory.
+#  * `delete_memory`: Delete a memory file. Should only happen if a user asks for it explicitly,
+#       for example by saying that the information retrieved from a memory file is no longer correct
+#       or no longer relevant for the project.
+#  * `edit_memory`: Replaces content matching a regular expression in a memory.
+#  * `execute_shell_command`: Executes a shell command.
+#  * `find_file`: Finds files in the given relative paths
+#  * `find_referencing_symbols`: Finds symbols that reference the given symbol using the language server backend
+#  * `find_symbol`: Performs a global (or local) search using the language server backend.
+#  * `get_current_config`: Prints the current configuration of the agent, including the active and available projects, tools, contexts, and modes.
+#  * `get_symbols_overview`: Gets an overview of the top-level symbols defined in a given file.
+#  * `initial_instructions`: Provides instructions Serena usage (i.e. the 'Serena Instructions Manual')
+#       for clients that do not read the initial instructions when the MCP server is connected.
+#  * `insert_after_symbol`: Inserts content after the end of the definition of a given symbol.
+#  * `insert_before_symbol`: Inserts content before the beginning of the definition of a given symbol.
+#  * `list_dir`: Lists files and directories in the given directory (optionally with recursion).
+#  * `list_memories`: List available memories. Any memory can be read using the `read_memory` tool.
+#  * `onboarding`: Performs onboarding (identifying the project structure and essential tasks, e.g. for testing or building).
+#  * `read_file`: Reads a file within the project directory.
+#  * `read_memory`: Read the content of a memory file. This tool should only be used if the information
+#       is relevant to the current task. You can infer whether the information
+#       is relevant from the memory file name.
+#       You should not read the same memory file multiple times in the same conversation.
+#  * `rename_memory`: Renames or moves a memory. Moving between project and global scope is supported
+#       (e.g., renaming "global/foo" to "bar" moves it from global to project scope).
+#  * `rename_symbol`: Renames a symbol throughout the codebase using language server refactoring capabilities.
+#       For JB, we use a separate tool.
+#  * `replace_content`: Replaces content in a file (optionally using regular expressions).
+#  * `replace_symbol_body`: Replaces the full definition of a symbol using the language server backend.
+#  * `safe_delete_symbol`:
+#  * `search_for_pattern`: Performs a search for a pattern in the project.
+#  * `write_memory`: Write some information (utf-8-encoded) about this project that can be useful for future tasks to a memory in md format.
+#       The memory name should be meaningful.
+excluded_tools: []
+
+# list of tools to include that would otherwise be disabled (particularly optional tools that are disabled by default).
+# This extends the existing inclusions (e.g. from the global configuration).
+included_optional_tools: []
+
+# fixed set of tools to use as the base tool set (if non-empty), replacing Serena's default set of tools.
+# This cannot be combined with non-empty excluded_tools or included_optional_tools.
+fixed_tools: []
+
+# list of mode names to that are always to be included in the set of active modes
+# The full set of modes to be activated is base_modes + default_modes.
+# If the setting is undefined, the base_modes from the global configuration (serena_config.yml) apply.
+# Otherwise, this setting overrides the global configuration.
+# Set this to [] to disable base modes for this project.
+# Set this to a list of mode names to always include the respective modes for this project.
+base_modes:
+
+# list of mode names that are to be activated by default.
+# The full set of modes to be activated is base_modes + default_modes.
+# If the setting is undefined, the default_modes from the global configuration (serena_config.yml) apply.
+# Otherwise, this overrides the setting from the global configuration (serena_config.yml).
+# This setting can, in turn, be overridden by CLI parameters (--mode).
+default_modes:
+
+# initial prompt for the project. It will always be given to the LLM upon activating the project
+# (contrary to the memories, which are loaded on demand).
+initial_prompt: ""
+
+# time budget (seconds) per tool call for the retrieval of additional symbol information
+# such as docstrings or parameter information.
+# This overrides the corresponding setting in the global configuration; see the documentation there.
+# If null or missing, use the setting from the global configuration.
+symbol_info_budget:
+
+# list of regex patterns which, when matched, mark a memory entry as read‑only.
+# Extends the list from the global configuration, merging the two lists.
+read_only_memory_patterns: []
+
+# list of regex patterns for memories to completely ignore.
+# Matching memories will not appear in list_memories or activate_project output
+# and cannot be accessed via read_memory or write_memory.
+# To access ignored memory files, use the read_file tool on the raw file path.
+# Extends the list from the global configuration, merging the two lists.
+# Example: ["_archive/.*", "_episodes/.*"]
+ignored_memory_patterns: []

AGENTS.md

@@ -0,0 +1,153 @@
+# AGENTS.md - Code Guidelines for CLQMS
+
+> **CLQMS (Clinical Laboratory Quality Management System)** – headless REST API backend built on CodeIgniter 4 with a focus on laboratory workflows, JWT authentication, and synchronized OpenAPI documentation.
+
+---
+
+## Repository Snapshot
+- `app/` holds controllers, models, filters, and traits wired through PSR-4 `App\` namespace.
+- `tests/` relies on CodeIgniter's testing helpers plus Faker for deterministic fixtures.
+- Shared response helpers and ValueSet lookups live under `app/Libraries` and `app/Traits` and should be reused before introducing new helpers.
+- Environment values, secrets, and database credentials live in `.env` but are never committed; treat the file as a reference for defaults.
+
+---
+
+## Build, Lint & Test
+All commands run from the repository root.
+
+```bash
+# Run the entire PHPUnit suite
+./vendor/bin/phpunit
+
+# Target a single test file (fast verification)
+./vendor/bin/phpunit tests/feature/Patients/PatientCreateTest.php
+
+# Run one test case by method
+./vendor/bin/phpunit --filter testCreatePatientSuccess tests/feature/Patients/PatientCreateTest.php
+
+# Generate scaffolding (model, controller, migration)
+php spark make:model <Name>
+php spark make:controller <Name>
+php spark make:migration <name>
+
+# Database migrations
+php spark migrate
+php spark migrate:rollback
+
+# After OpenAPI edits
+node public/bundle-api-docs.js
+```
+
+Use `php spark test --filter <Class>::<method>` when filtering more than one test file is cumbersome.
+
+---
+
+## Agent Rules Scan
+- No `.cursor/rules/*` or `.cursorrules` directory detected; continue without Cursor-specific constraints.
+- No `.github/copilot-instructions.md` present; Copilot behaviors revert to general GitHub defaults.
+
+---
+
+## Coding Standards
+
+### Language & Formatting
+- PHP 8.1+ is the baseline; enable `declare(strict_types=1)` at the top of new files when practical.
+- Follow PSR-12 for spacing, line length (~120), and brace placement; prefer 4 spaces and avoid tabs.
+- Use short arrays `[]`, and wrap multiline arguments/arrays with one-per-line items.
+- Favor expression statements that return early (guard clauses) and keep nested logic shallow.
+- Keep methods under ~40 lines when possible; extract private helpers for repeated flows.
+
+### Naming & Types
+- Classes, controllers, libraries, and traits: PascalCase (e.g., `PatientImportController`).
+- Methods, services, traits: camelCase (`fetchActivePatients`).
+- Properties: camelCase for new code; legacy snake_case may persist but avoid new snake_case unless mirroring legacy columns.
+- Constants: UPPER_SNAKE_CASE.
+- DTOs/array shapes: Use descriptive names (`$patientInput`, `$validatedPayload`).
+- Type hints required for method arguments/returns; use union/nullables (e.g., `?string`) instead of doc-only comments.
+- Prefer PHPDoc only when type inference fails (complex union or array shapes) but still keep method summaries concise.
+
+### Imports & Structure
+- Namespace declarations at the very top followed by grouped `use` statements.
+- Import order: Core framework (`CodeIgniter`), then `App\`, then third-party packages (Firebase, Faker, etc.). Keep each group alphabetical.
+- No inline `use` statements inside methods.
+- Keep `use` statements de-duplicated; rely on IDE or `phpcbf` to reorder.
+
+### Controller Structure
+- Controllers orchestrate request validation, delegates to services/models, and return `ResponseTrait` responses; avoid direct DB queries here.
+- Inject models/services via constructor when they are reused. When instantiating on the fly, reference FQCN (`new \App\Models\...`).
+- Map HTTP verbs to semantic methods (`index`, `show`, `create`, `update`, `delete`). Keep action methods under 30 lines by delegating heavy lifting to models or libraries.
+- Always respond through `$this->respond()` or `$this->respondCreated()` so JSON structure stays consistent.
+
+### Response & Error Handling
+- All responses follow `{ status, message, data }`. `status` values: `success`, `failed`, or `error`.
+- Use `$this->respondCreated()`, `$this->respondNoContent()`, or `$this->respond()` with explicit HTTP codes.
+- Wrap JWT/external calls in try/catch. Log unexpected exceptions with `log_message('error', $e->getMessage())` before responding with a sanitized failure.
+- For validation failures, return HTTP 400 with detailed message; unauthorized access returns 401. Maintain parity with existing tests.
+
+### Database & Transactions
+- Use Query Builder or Model methods; enable `use App\Models\BaseModel` which handles UTC conversions.
+- Always call `helper('utc')` when manipulating timestamps.
+- Wrap multi-table changes in `$this->db->transStart()` / `$this->db->transComplete()` and check `transStatus()` to abort if false.
+- Run `checkDbError()` (existing helper) after saves when manual queries are necessary.
+
+### Service Helpers & Libraries
+- Encapsulate complex lookups (ValueSet, encryption) inside `app/Libraries` or Traits.
+- Reuse `App\Libraries\Lookups` for consistent label/value translations.
+- Keep shared logic (e.g., response formatting, JWT decoding) inside Traits and import them via `use`.
+
+### Testing & Coverage
+- Place feature tests under `tests/Feature`, unit tests under `tests/Unit`.
+- Test class names should follow `ClassNameTest`; methods follow `test<Action><Scenario><Result>` (e.g., `testCreatePatientValidationFail`).
+- Use `FeatureTestTrait` and `CIUnitTestCase` for API tests; prefer `withBodyFormat('json')->post()` flows.
+- Assert status codes: 200 for GET/PATCH, 201 for POST, 400 for validation, 401 for auth, 404 for missing resources, 500 for server errors.
+- Run targeted tests during development, full suite before merging.
+
+### Documentation & API Sync
+- Whenever a controller or route changes, update `public/paths/<resource>.yaml` and matching `public/components/schemas`. Add tags or schema refs in `public/api-docs.yaml`.
+- After editing OpenAPI files, regenerate the bundled docs with `node public/bundle-api-docs.js`. Check `public/api-docs.bundled.yaml` into version control.
+- Keep the controller-to-YAML mapping table updated to reflect new resources.
+
+### Routing Conventions
+- Keep route definitions grouped inside `$routes->group('api/<resource>')` blocks in `app/Config/Routes.php`.
+- Prefer nested controllers (e.g., `Patient\PatientController`) for domain partitioning.
+- Use RESTful verbs (GET: index/show, POST: create, PATCH: update, DELETE: delete) to keep behavior predictable.
+- Document side effects (snapshots, audit logs) directly in the corresponding OpenAPI `paths` file.
+
+### Environment & Secrets
+- Use `.env` as the source of truth for database/jwt settings. Do not commit production credentials.
+- Sample values are provided in `.env`; copy to `.env.local` or CI secrets with overrides.
+- `JWT_SECRET` must be treated as sensitive and rotated via environment updates only.
+
+### Workflows & Misc
+- Use `php spark migrate`/`migrate:rollback` for schema changes.
+- For seeding or test fixtures, prefer factories (Faker) seeded in `tests/Support` when available.
+- Document major changes in `issues.md` or dedicated feature docs under `docs/` before merging.
+
+### Security & Filters
+- Apply the `auth` filter to every protected route, and keep `ApiKey` or other custom filters consolidated under `app/Filters`.
+- Sanitize user inputs via `filter_var`, `esc()` helpers, or validated entities before they hit the database.
+- Always use parameterized queries/Model `save()` methods to prevent SQL injection, especially with legacy PascalCase columns.
+- Respond 401 for missing tokens, 403 when permissions fail, and log sanitized details for ops debugging.
+
+### Legacy Field Naming & ValueSets
+- Databases use PascalCase columns such as `PatientID`, `NameFirst`, `CreatedAt`. Keep migration checks aware of these names.
+- ValueSet lookups centralize label translation: `Lookups::get('gender')`, `Lookups::getLabel('gender', '1')`, `Lookups::transformLabels($payload, ['Sex' => 'gender'])`.
+- Prefer `App\Libraries\Lookups` or `app/Traits/ValueSetTrait` to avoid ad-hoc mappings.
+
+### Nested Data Handling
+- For entities that carry related collections (`PatIdt`, `PatCom`, `PatAtt`), extract nested arrays before filtering and validating.
+- Use transactions whenever multi-table inserts/updates occur so orphan rows are avoided.
+- Guard against empty/null arrays by normalizing to `[]` before iterating.
+
+### Observability & Logging
+- Use `log_message('info', ...)` for happy-path checkpoints and `'error'` for catch-all failures.
+- Avoid leaking sensitive values (tokens, secrets) in logs; log IDs or hash digests instead.
+- Keep `writable/logs` clean by rotating or pruning stale log files with automation outside the repo.
+
+---
+
+## Final Notes for Agents
+- This repo has no UI layer; focus exclusively on REST interactions.
+- Always pull `public/api-docs.bundled.yaml` in after running `node public/bundle-api-docs.js` so downstream services see the latest contract.
+- When in doubt, align with existing controller traits and response helpers to avoid duplicating logic.
+- Rely on Serena tools for guided edits, searches, and context summaries (use the available symbolic and search tools before running shell commands).

README.md

@@ -1 +1,539 @@
-"# clqms-be" 
+# CLQMS (Clinical Laboratory Quality Management System)
+
+> **A REST API backend for modern clinical laboratory workflows.**
+
+---
+
+CLQMS is a **headless REST API backend** designed to streamline laboratory operations, ensure data integrity, and manage complex diagnostic workflows. Built on a foundation of precision and regulatory compliance, this system provides comprehensive JSON endpoints for laboratory operations.
+
+**Key Characteristic:** This is an **API-only system** with no view layer. Frontend applications (web, mobile, desktop) consume these REST endpoints to build laboratory information systems.
+
+---
+
+## 🏛️ Core Architecture & Design
+
+CLQMS is a **headless REST API system** following a clean architecture pattern. The system is designed to be consumed by any frontend client (web, mobile, desktop) through comprehensive JSON endpoints.
+
+**API-First Architecture:**
+- **No View Layer:** This system provides REST APIs only - no HTML views, no server-side rendering
+- **Frontend Agnostic:** Any client can consume these APIs (React, Vue, Angular, mobile apps, desktop apps)
+- **JSON-First:** All requests/responses use JSON format
+- **Stateless:** Each API request is independent with JWT authentication
+
+The system is currently undergoing a strategic **Architectural Redesign** to consolidate legacy structures into a high-performance, maintainable schema. This design focuses on reducing technical debt and improving data consistency across:
+
+- **Unified Test Definitions:** Consolidating technical, calculated, and site-specific test data.
+- **Reference Range Centralization:** A unified engine for numeric, threshold, text, and coded results.
+- **Ordered Workflow Management:** Precise tracking of orders from collection to verification.
+
+---
+
+## 🛡️ Strategic Pillars
+
+- **Precision & Accuracy:** Strict validation for all laboratory parameters and reference ranges.
+- **Scalability:** Optimized for high-volume diagnostic environments.
+- **Compliance:** Built-in audit trails and status history for full traceability.
+- **Interoperability:** Modular architecture designed for LIS, HIS, and analyzer integrations.
+
+---
+
+## 🛠️ Technical Stack
+
+| Component      | Specification |
+| :------------- | :------------ |
+| **Language**   | PHP 8.1+ (PSR-compliant) |
+| **Framework**  | CodeIgniter 4 (API-only mode) |
+| **Security**   | JWT (JSON Web Tokens) Authorization |
+| **Database**   | MySQL (Optimized Schema Migration in progress) |
+| **API Format** | RESTful JSON |
+| **Testing**    | PHPUnit 10.5+ |
+
+
+---
+
+## 📂 Documentation & Specifications
+
+### Key Documents
+
+| Document | Location | Description |
+|----------|----------|-------------|
+| **PRD** | `PRD.md` | Complete Product Requirements Document (API-focused) |
+| **Technical Guide** | `CLAUDE.md` | Architecture, coding standards, common commands |
+| **API Overview** | This file | REST API documentation and endpoints |
+| **Database Migrations** | `app/Database/Migrations/` | Database schema history |
+
+### API Documentation
+
+All API endpoints follow REST conventions:
+
+**Base URL:** `/api`
+
+**Authentication:** JWT token required for most endpoints (except `/api/login`, `/api/demo/*`)
+
+**Response Format:**
+```json
+{
+  "status": "success|error",
+  "message": "Human-readable message",
+  "data": { ... }
+}
+```
+
+---
+
+## 🔌 REST API Overview
+
+### API Endpoint Categories
+
+#### Authentication & Authorization
+
+| Method | Endpoint | Description | Auth Required |
+|--------|----------|-------------|---------------|
+| `POST` | `/api/login` | User login, returns JWT token | No |
+| `POST` | `/api/logout` | Invalidate JWT token | Yes |
+| `POST` | `/api/refresh` | Refresh JWT token | Yes |
+
+#### Patient Management
+
+| Method | Endpoint | Description | Auth Required |
+|--------|----------|-------------|---------------|
+| `GET` | `/api/patient` | List patients with pagination | Yes |
+| `GET` | `/api/patient/{id}` | Get patient details | Yes |
+| `POST` | `/api/patient` | Create new patient | Yes |
+| `PATCH` | `/api/patient/{id}` | Update patient | Yes |
+| `DELETE` | `/api/patient/{id}` | Soft delete patient | Yes |
+
+#### Order Management
+
+| Method | Endpoint | Description | Auth Required |
+|--------|----------|-------------|---------------|
+| `GET` | `/api/ordertest` | List orders | Yes |
+| `GET` | `/api/ordertest/{id}` | Get order details | Yes |
+| `POST` | `/api/ordertest` | Create order | Yes |
+| `PATCH` | `/api/ordertest/{id}` | Update order | Yes |
+| `DELETE` | `/api/ordertest/{id}` | Delete order | Yes |
+| `POST` | `/api/ordertest/status` | Update order status | Yes |
+
+#### Demo/Test Endpoints (No Auth)
+
+| Method | Endpoint | Description | Auth Required |
+|--------|----------|-------------|---------------|
+| `POST` | `/api/demo/order` | Create demo order with patient | No |
+
+#### Specimen Management
+
+| Method | Endpoint | Description | Auth Required |
+|--------|----------|-------------|---------------|
+| `GET` | `/api/specimen` | List specimens | Yes |
+| `GET` | `/api/specimen/{id}` | Get specimen details | Yes |
+| `POST` | `/api/specimen` | Create specimen | Yes |
+| `PATCH` | `/api/specimen/{id}` | Update specimen | Yes |
+| `POST` | `/api/specimen/status` | Update specimen status | Yes |
+
+#### Result Management
+
+| Method | Endpoint | Description | Auth Required |
+|--------|----------|-------------|---------------|
+| `GET` | `/api/patresult` | List patient results | Yes |
+| `GET` | `/api/patresult/{id}` | Get result details | Yes |
+| `POST` | `/api/patresult` | Enter new result | Yes |
+| `PATCH` | `/api/patresult/{id}` | Update result | Yes |
+| `POST` | `/api/patresult/status` | Verify result (VER/REV/REP) | Yes |
+
+#### Edge API (Instrument Integration)
+
+| Method | Endpoint | Description | Auth Required |
+|--------|----------|-------------|---------------|
+| `POST` | `/api/edge/result` | Receive instrument results | API Key |
+| `GET` | `/api/edge/order` | Fetch pending orders | API Key |
+| `POST` | `/api/edge/order/{id}/ack` | Acknowledge order | API Key |
+| `POST` | `/api/edge/status` | Log instrument status | API Key |
+
+### API Response Format
+
+All API endpoints return JSON in this format:
+
+**Success Response:**
+```json
+{
+  "status": "success",
+  "message": "Operation completed successfully",
+  "data": {
+    // Response data here
+  }
+}
+```
+
+**Error Response:**
+```json
+{
+  "status": "error",
+  "message": "Error description",
+  "errors": [
+    {
+      "field": "field_name",
+      "message": "Validation error message"
+    }
+  ]
+}
+```
+
+### Authentication
+
+Most endpoints require JWT authentication:
+
+**Request Headers:**
+```
+Authorization: Bearer {jwt_token}
+Content-Type: application/json
+```
+
+**Login Request Example:**
+```bash
+POST /api/login
+{
+  "username": "labuser",
+  "password": "password123"
+}
+```
+
+**Login Response:**
+```json
+{
+  "status": "success",
+  "message": "Login successful",
+  "data": {
+    "token": "eyJ0eXAiOiJKV1QiLCJhbGc...",
+    "expires_in": 3600,
+    "user": {
+      "id": 1,
+      "username": "labuser",
+      "name": "Lab User"
+    }
+  }
+}
+```
+
+---
+
+## Lookups Library (`app/Libraries/ValueSet.php`)
+
+CLQMS uses a **JSON file-based lookup system** loaded via `App\Libraries\Lookups` class. All lookup data is stored as JSON files in `app/Libraries/Data/valuesets/` for easy maintenance and versioning.
+
+### How It Works
+
+- `Lookups` class extends `ValueSet` which handles caching and file loading
+- Each lookup is stored as `app/Libraries/Data/valuesets/{name}.json`
+- Lookup names are lowercase with underscores (e.g., `gender.json`, `order_priority.json`)
+
+### Available Lookups
+
+| Lookup File | Description | Example Values |
+|-------------|-------------|----------------|
+| `gender` | Patient gender | Female, Male, Unknown |
+| `order_priority` | Order priority levels | Stat, ASAP, Routine, Preop |
+| `order_status` | Order lifecycle status | STC, SCtd, SArrv, SRcvd |
+| `specimen_type` | Specimen types | BLD, SER, PLAS, UR, CSF |
+| `specimen_status` | Specimen status | Ordered, Collected, Received |
+| `specimen_condition` | Specimen quality flags | HEM, ITC, LIP, CLOT |
+| `specimen_activity` | Specimen workflow events | COLLECT, RECEIVE, REJECT |
+| `result_type` | Result data types | NMRIC, RANGE, TEXT, VSET |
+| `result_unit` | Common measurement units | g/dL, mg/dL, x10^6/mL |
+| `result_status` | Result validation status | Preliminary, Final, Corrected |
+| `test_type` | Test definition types | TEST, PARAM, CALC, GROUP |
+| `test_activity` | Test workflow activities | Order, Analyse, VER, REV |
+| `test_status` | Test active status | Active, Inactive, Discontinued |
+| `priority` | General priority values | STAT, HIGH, NORMAL, LOW |
+| `race` | Ethnicity/race categories | Jawa, Sunda, Batak, etc. |
+| `religion` | Religious affiliations | Islam, Kristen, Katolik, Hindu |
+| `marital_status` | Marital status | Single, Married, Divorced |
+| `death_indicator` | Death status flags | Yes, No |
+| `identifier_type` | ID document types | KTP, Passport, SSN, SIM |
+| `operation` | CRUD operation types | Create, Read, Update, Delete |
+| `site_type` | Healthcare facility types | GH, PH, GHL, PHL, GL, PL |
+| `site_class` | Facility classification | A, B, C, D, Utm, Ptm |
+| `ws_type` | Workstation types | Primary, Secondary |
+| `enable_disable` | Boolean toggle states | Enabled, Disabled |
+| `entity_type` | Entity classification | Patient, Provider, Site |
+| `requested_entity` | Requestor types | Physician, Nurse, Lab |
+| `location_type` | Location categories | OPD, IPD, ER, LAB |
+| `area_class` | Geographic classifications | Urban, Rural, Suburban |
+| `adt_event` | ADT event types | Admission, Transfer, Discharge |
+| `body_site` | Collection sites | Left Arm, Right Arm, Finger |
+| `collection_method` | Specimen collection methods | Venipuncture, Fingerstick |
+| `container_size` | Tube/container volumes | 3mL, 5mL, 10mL |
+| `container_class` | Container types | Vacutainer, Tube, Cup |
+| `container_cap_color` | Tube cap colors | Red, Purple, Blue, Green |
+| `additive` | Tube additives | EDTA, Heparin, Fluoride |
+| `fasting_status` | Fasting requirement flags | Fasting, Non-Fasting |
+| `ethnic` | Ethnicity categories | Various regional groups |
+| `math_sign` | Mathematical operators | +, -, *, /, =, <, > |
+| `formula_language` | Formula expression types | Formula, Expression |
+| `generate_by` | Generation methods | Auto, Manual, Import |
+| `did_type` | Device identification types | Serial, MAC, UUID |
+| `activity_result` | Activity outcomes | Success, Fail, Retry |
+| `reference_type` | Reference value types | NMRIC, TEXT, LIST |
+| `range_type` | Range calculation types | REF, CRTC, VAL, RERUN |
+| `numeric_ref_type` | Numeric ref types | Reference, Critical, Valid |
+| `text_ref_type` | Text reference types | Normal, Abnormal, Critical |
+| `request_status` | Request status | Pending, Approved, Rejected |
+| `v_category` | ValueSet categories | Various categories |
+
+### Usage
+
+```php
+use App\Libraries\Lookups;
+
+// Get all lookups (loads all JSON files, cached)
+$allLookups = Lookups::getAll();
+
+// Get single lookup formatted for dropdowns
+$gender = Lookups::get('gender');
+// Returns: [{"value":"1","label":"Female"},{"value":"2","label":"Male"},...]
+
+// Get raw data without formatting
+$raw = Lookups::getRaw('gender');
+// Returns: [{"key":"1","value":"Female"},{"key":"2","value":"Male"},...]
+
+// Get label for a specific key
+$label = Lookups::getLabel('gender', '1'); // Returns 'Female'
+
+// Get key/value pairs for select inputs
+$options = Lookups::getOptions('gender');
+// Returns: [["key":"1","value":"Female"],...]
+
+// Transform database records with lookup text labels
+$patients = [
+    ['ID' => 1, 'Sex' => '1', 'Priority' => 'S'],
+    ['ID' => 2, 'Sex' => '2', 'Priority' => 'R'],
+];
+$labeled = Lookups::transformLabels($patients, [
+    'Sex' => 'gender',
+    'Priority' => 'order_priority'
+]);
+// Result: [['ID'=>1, 'Sex'=>'1', 'SexText'=>'Female', 'Priority'=>'S', 'PriorityText'=>'Stat'],...]
+
+// Clear cache after modifying valueset data
+Lookups::clearCache();
+```
+
+### When to Use
+
+| Approach | Use Case |
+|----------|----------|
+| **Lookups Library** | Server-side static values that rarely change (gender, status, types) - fast, cached |
+| **API `/api/valueset*`** | Dynamic values managed by admins at runtime, or for frontend clients needing lookup data |
+
+### Adding New Lookups
+
+1. Create `app/Libraries/Data/valuesets/{name}.json`:
+```json
+{
+  "name": "example_lookup",
+  "description": "Example lookup description",
+  "values": [
+    {"key": "1", "value": "Option One"},
+    {"key": "2", "value": "Option Two"},
+    {"key": "3", "value": "Option Three"}
+  ]
+}
+```
+
+2. Access via `Lookups::get('example_lookup')`
+
+---
+
+## 📋 Master Data Management
+
+CLQMS provides comprehensive master data management for laboratory operations. All master data is accessible via REST API endpoints.
+
+### 🧪 Laboratory Tests
+
+The Test Definitions module manages all laboratory test configurations including parameters, calculated tests, and test panels.
+
+#### Test Types
+
+| Type Code | Description | Table |
+|-----------|-------------|-------|
+| `TEST` | Individual laboratory test with technical specs | `testdefsite` + `testdeftech` |
+| `PARAM` | Parameter value (non-lab measurement) | `testdefsite` + `testdeftech` |
+| `CALC` | Calculated test with formula | `testdefsite` + `testdefcal` |
+| `GROUP` | Panel/profile containing multiple tests | `testdefsite` + `testdefgrp` |
+| `TITLE` | Section title for report organization | `testdefsite` |
+
+#### API Endpoints
+
+| Method | Endpoint | Description |
+|--------|----------|-------------|
+| `GET` | `/api/tests` | List all tests with optional filtering |
+| `GET` | `/api/tests/{id}` | Get test details with type-specific data |
+| `POST` | `/api/tests` | Create new test definition |
+| `PATCH` | `/api/tests` | Update existing test |
+| `DELETE` | `/api/tests` | Soft delete test (sets EndDate) |
+
+#### Filtering Parameters
+
+- `TestSiteName` - Search by test name (partial match)
+- `TestType` - Filter by test type VID (1-5)
+- `VisibleScr` - Filter by screen visibility (0/1)
+- `VisibleRpt` - Filter by report visibility (0/1)
+
+#### Test Response Structure
+
+```json
+{
+  "status": "success",
+  "message": "Data fetched successfully",
+  "data": [
+    {
+      "TestSiteID": 1,
+      "TestSiteCode": "CBC",
+      "TestSiteName": "Complete Blood Count",
+      "TestType": 4,
+      "TypeCode": "GROUP",
+      "TypeName": "Group Test",
+      "SeqScr": 50,
+      "VisibleScr": 1,
+      "VisibleRpt": 1
+    }
+  ]
+}
+```
+
+### 📏 Reference Ranges
+
+Reference Ranges define normal and critical values for test results. The system supports multiple reference range types based on patient demographics.
+
+#### Reference Range Types
+
+| Type | Table | Description |
+|------|-------|-------------|
+| Numeric | `refnum` | Numeric ranges with age/sex criteria |
+| Text | `reftxt` | Text-based reference values |
+
+#### Numeric Reference Range Structure
+
+| Field | Description |
+|-------|-------------|
+| `NumRefType` | Type: REF (Reference), CRTC (Critical), VAL (Validation), RERUN |
+| `RangeType` | RANGE or THOLD |
+| `Sex` | Gender filter (0=All, 1=Female, 2=Male) |
+| `AgeStart` | Minimum age (years) |
+| `AgeEnd` | Maximum age (years) |
+| `LowSign` | Low boundary sign (=, <, <=) |
+| `Low` | Low boundary value |
+| `HighSign` | High boundary sign (=, >, >=) |
+| `High` | High boundary value |
+| `Flag` | Result flag (H, L, A, etc.) |
+
+#### API Endpoints
+
+| Method | Endpoint | Description |
+|--------|----------|-------------|
+| `GET` | `/api/refnum` | List numeric reference ranges |
+| `GET` | `/api/refnum/{id}` | Get reference range details |
+| `POST` | `/api/refnum` | Create reference range |
+| `PATCH` | `/api/refnum` | Update reference range |
+| `DELETE` | `/api/refnum` | Soft delete reference range |
+
+### 📑 Value Sets
+
+Value Sets are configurable dropdown options used throughout the system. Each Value Set Definition (VSetDef) contains multiple Value Set Values (ValueSet).
+
+#### Value Set Hierarchy
+
+```
+valuesetdef (VSetDefID, VSName, VSDesc)
+    └── valueset (VID, VSetID, VValue, VDesc, VOrder, VCategory)
+```
+
+#### Common Value Sets
+
+| VSetDefID | Name | Example Values |
+|-----------|------|----------------|
+| 1 | Priority | STAT (S), ASAP (A), Routine (R), Preop (P) |
+| 2 | Enable/Disable | Disabled (0), Enabled (1) |
+| 3 | Gender | Female (1), Male (2), Unknown (3) |
+| 10 | Order Status | STC, SCtd, SArrv, SRcvd, SAna, etc. |
+| 15 | Specimen Type | BLD, SER, PLAS, UR, CSF, etc. |
+| 16 | Unit | L, mL, g/dL, mg/dL, etc. |
+| 27 | Test Type | TEST, PARAM, CALC, GROUP, TITLE |
+| 28 | Result Unit | g/dL, g/L, mg/dL, x10^6/mL, etc. |
+| 35 | Test Activity | Order, Analyse, VER, REV, REP |
+
+#### API Endpoints
+
+| Method | Endpoint | Description |
+|--------|----------|-------------|
+| `GET` | `/api/valuesetdef` | List all value set definitions |
+| `GET` | `/api/valuesetdef/{id}` | Get valueset with all values |
+| `GET` | `/api/valuesetdef/{id}/values` | Get values for specific valueset |
+| `POST` | `/api/valuesetdef` | Create new valueset definition |
+| `PATCH` | `/api/valuesetdef` | Update valueset definition |
+| `DELETE` | `/api/valuesetdef` | Delete valueset definition |
+
+#### Value Set Response Structure
+
+```json
+{
+  "status": "success",
+  "data": {
+    "VSetDefID": 27,
+    "VSName": "Test Type",
+    "VSDesc": "testdefsite.TestType",
+    "values": [
+      { "VID": 1, "VValue": "TEST", "VDesc": "Test", "VOrder": 1 },
+      { "VID": 2, "VValue": "PARAM", "VDesc": "Parameter", "VOrder": 2 },
+      { "VID": 3, "VValue": "CALC", "VDesc": "Calculated Test", "VOrder": 3 },
+      { "VID": 4, "VValue": "GROUP", "VDesc": "Group Test", "VOrder": 4 },
+      { "VID": 5, "VValue": "TITLE", "VDesc": "Title", "VOrder": 5 }
+    ]
+  }
+}
+```
+
+### 📊 Database Tables Summary
+
+| Category | Tables | Purpose |
+|----------|--------|---------|
+| Tests | `testdefsite`, `testdeftech`, `testdefcal`, `testdefgrp`, `testmap` | Test definitions |
+| Reference Ranges | `refnum`, `reftxt` | Result validation |
+| Value Sets | `valuesetdef`, `valueset` | Configurable options |
+
+---
+
+## 🔌 Edge API - Instrument Integration
+
+The **Edge API** provides endpoints for integrating laboratory instruments via the `tiny-edge` middleware. Results from instruments are staged in the `edgeres` table before processing into the main patient results (`patres`).
+
+### Endpoints
+
+| Method | Endpoint | Description |
+|--------|----------|-------------|
+| `POST` | `/api/edge/result` | Receive instrument results (stored in `edgeres`) |
+| `GET` | `/api/edge/order` | Fetch pending orders for an instrument |
+| `POST` | `/api/edge/order/:id/ack` | Acknowledge order delivery to instrument |
+| `POST` | `/api/edge/status` | Log instrument status updates |
+
+### Workflow
+
+```
+Instrument → tiny-edge → POST /api/edge/result → edgeres table → [Manual/Auto Processing] → patres table
+```
+
+**Key Features:**
+- **Staging Table:** All results land in `edgeres` first for validation
+- **Rerun Handling:** Duplicate `SampleID` + `TestSiteCode` increments `AspCnt` in `patres`
+- **Configurable Processing:** Auto or manual processing based on settings
+- **Status Tracking:** Full audit trail via `edgestatus` and `edgeack` tables
+
+---
+
+### 📜 Usage Notice
+
+**This is an API-only backend system.** There are no views, HTML templates, or server-side rendering components. Frontend applications should consume these REST endpoints to build user interfaces for laboratory operations.
+
+This repository contains proprietary information intended for the 5Panda Team and authorized collaborators.
+
+---
+*© 2025 5Panda Team. Engineering Precision in Clinical Diagnostics.*

app/Config/App.php

@@ -16,7 +16,7 @@ class App extends BaseConfig
      *
      * E.g., http://example.com/
      */
-    public string $baseURL = 'http://localhost:8080/';
+    public string $baseURL = '';
 
     /**
      * Allowed Hostnames in the Site URL other than the hostname in the baseURL.
@@ -40,7 +40,8 @@ class App extends BaseConfig
      * something else. If you have configured your web server to remove this file
      * from your site URIs, set this variable to an empty string.
      */
-    public string $indexPage = 'index.php';
+    #public string $indexPage = 'index.php';
+    public string $indexPage = '';
 
     /**
      * --------------------------------------------------------------------------

app/Config/Database.php

@@ -27,9 +27,9 @@ class Database extends Config
     public array $default = [
         'DSN'          => '',
         'hostname'     => 'localhost',
-        'username'     => '',
-        'password'     => '',
-        'database'     => '',
+        'username'     => 'root',
+        'password'     => 'adminsakti',
+        'database'     => 'clqms01',
         'DBDriver'     => 'MySQLi',
         'DBPrefix'     => '',
         'pConnect'     => false,
@@ -160,20 +160,27 @@ class Database extends Config
     /**
      * This database connection is used when running PHPUnit database tests.
      * 
+     * These values can be overridden in phpunit.xml.dist or .env file using:
+     * - database.tests.hostname
+     * - database.tests.database
+     * - database.tests.username
+     * - database.tests.password
+     * - database.tests.DBDriver
+     *
      * @var array<string, mixed>
      */
     public array $tests = [
         'DSN'         => '',
-        'hostname'    => '127.0.0.1',
-        'username'    => '',
-        'password'    => '',
-        'database'    => ':memory:',
-        'DBDriver'    => 'SQLite3',
-        'DBPrefix'    => 'db_',  // Needed to ensure we're working correctly with prefixes live. DO NOT REMOVE FOR CI DEVS
+        'hostname'    => 'localhost',
+        'username'    => 'root',
+        'password'    => 'adminsakti',
+        'database'    => 'clqms01_test',
+        'DBDriver'    => 'MySQLi',
+        'DBPrefix'    => '',  // Needed to ensure we're working correctly with prefixes live. DO NOT REMOVE FOR CI DEVS
         'pConnect'    => false,
         'DBDebug'     => true,
-        'charset'     => 'utf8',
-        'DBCollat'    => '',
+        'charset'     => 'utf8mb4',
+        'DBCollat'    => 'utf8mb4_general_ci',
         'swapPre'     => '',
         'encrypt'     => false,
         'compress'    => false,
@@ -197,6 +204,9 @@ class Database extends Config
         // we are currently running an automated test suite, so that
         // we don't overwrite live data on accident.
         if (ENVIRONMENT === 'testing') {
+            if ($this->tests['database'] === $this->default['database']) {
+                throw new \RuntimeException('Tests database cannot match the default database.');
+            }
             $this->defaultGroup = 'tests';
         }
     }

app/Config/Exceptions.php

@@ -44,7 +44,7 @@ class Exceptions extends BaseConfig
      *
      * Default: APPPATH.'Views/errors'
      */
-    public string $errorViewPath = APPPATH . 'Views/errors';
+    public string $errorViewPath = __DIR__ . '/../Views/errors';
 
     /**
      * --------------------------------------------------------------------------

app/Config/Filters.php

@@ -35,6 +35,7 @@ class Filters extends BaseFilters
         'forcehttps'    => ForceHTTPS::class,
         'pagecache'     => PageCache::class,
         'performance'   => PerformanceMetrics::class,
+        'auth'          => \App\Filters\AuthFilter::class,
     ];
 
     /**
@@ -52,7 +53,7 @@ class Filters extends BaseFilters
      */
     public array $required = [
         'before' => [
-            'forcehttps', // Force Global Secure Requests
+            // 'forcehttps', // Force Global Secure Requests - disabled for localhost
             'pagecache',  // Web Page Caching
         ],
         'after' => [
@@ -70,7 +71,7 @@ class Filters extends BaseFilters
      */
     public array $globals = [
         'before' => [
-            'cors'
+            'cors',
             // 'honeypot',
             // 'csrf',
             // 'invalidchars',

app/Config/Routes.php

@@ -5,20 +5,384 @@ use CodeIgniter\Router\RouteCollection;
 /**
  * @var RouteCollection $routes
  */
-$routes->options('(:any)', function() {
+$routes->get('/', function () {
+    return "Backend Running";
+});
+
+$routes->options('(:any)', function () {
     return '';
 });
-$routes->get('/', 'Home::index');
 
-$routes->post('/auth/login/', 'Auth::login');
-$routes->post('/auth/change_pass/', 'Auth::change_pass');
-$routes->post('/auth/register/', 'Auth::register');
+$routes->group('api', ['filter' => 'auth'], function ($routes) {
+    $routes->get('dashboard', 'DashboardController::index');
+    $routes->get('sample', 'SampleController::index');
+    $routes->get('audit-logs', 'Audit\AuditLogController::index');
     
-$routes->get('/patient', 'Patient::index');
-$routes->post('/patient', 'Patient::create');
-$routes->delete('/patient/(:any)', 'Patient::delete/$1');
-$routes->patch('/patient/(:num)', 'Patient::update/$1');
+    // Results CRUD
+    $routes->group('result', function ($routes) {
+        $routes->get('/', 'ResultController::index');
+        $routes->post('/', 'ResultController::create');
+        $routes->get('(:num)', 'ResultController::show/$1');
+        $routes->patch('(:any)', 'ResultController::update/$1');
+        $routes->delete('(:num)', 'ResultController::delete/$1');
+    });
+    
+    // Reports
+    $routes->get('report/(:num)', 'ReportController::view/$1');
+});
+
+
+
+// V2 Auth API Routes (public - no auth required)
+$routes->group('v2/auth', function ($routes) {
+    $routes->post('login', 'AuthV2Controller::login');
+    $routes->post('register', 'AuthV2Controller::register');
+    $routes->get('check', 'AuthV2Controller::checkAuth');
+    $routes->post('logout', 'AuthV2Controller::logout');
+});
+
+// Faker
+$routes->get('faker/faker-patient/(:num)', 'faker\FakerPatient::sendMany/$1');
+
+$routes->group('api', function ($routes) {
+    // Auth
+    $routes->group('auth', function ($routes) {
+        $routes->post('login', 'AuthController::login');
+        $routes->post('change_pass', 'AuthController::change_pass');
+        $routes->post('register', 'AuthController::register');
+        $routes->get('check', 'AuthController::checkAuth');
+        $routes->post('logout', 'AuthController::logout');
+    });
+
+    // Patient
+    $routes->group('patient', function ($routes) {
+        $routes->get('/', 'Patient\PatientController::index');
+        $routes->post('/', 'Patient\PatientController::create');
+        $routes->get('(:num)', 'Patient\PatientController::show/$1');
+        $routes->delete('/', 'Patient\PatientController::delete');
+        $routes->patch('(:any)', 'Patient\PatientController::update/$1');
+        $routes->get('check', 'Patient\PatientController::patientCheck');
+    });
+
+    // PatVisit
+    $routes->group('patvisit', function ($routes) {
+        $routes->get('/', 'PatVisitController::index');
+        $routes->post('/', 'PatVisitController::create');
+        $routes->get('patient/(:num)', 'PatVisitController::showByPatient/$1');
+        $routes->get('(:any)', 'PatVisitController::show/$1');
+        $routes->delete('/', 'PatVisitController::delete');
+        $routes->patch('(:any)', 'PatVisitController::update/$1');
+    });
+
+        $routes->group('patvisitadt', function ($routes) {
+        $routes->get('visit/(:num)', 'PatVisitController::getADTByVisit/$1');
+        $routes->get('(:num)', 'PatVisitController::showADT/$1');
+        $routes->post('/', 'PatVisitController::createADT');
+        $routes->patch('(:any)', 'PatVisitController::updateADT/$1');
+        $routes->delete('/', 'PatVisitController::deleteADT');
+    });
+
+    // Master Data
+
+    // Location
+    $routes->group('location', function ($routes) {
+        $routes->get('/', 'LocationController::index');
+        $routes->get('(:num)', 'LocationController::show/$1');
+        $routes->post('/', 'LocationController::create');
+        $routes->patch('(:any)', 'LocationController::update/$1');
+        $routes->delete('/', 'LocationController::delete');
+    });
+
+    // Contact
+    $routes->group('contact', function ($routes) {
+        $routes->get('/', 'Contact\ContactController::index');
+        $routes->get('(:num)', 'Contact\ContactController::show/$1');
+        $routes->post('/', 'Contact\ContactController::create');
+        $routes->patch('(:any)', 'Contact\ContactController::update/$1');
+        $routes->delete('/', 'Contact\ContactController::delete');
+    });
+
+    $routes->group('occupation', function ($routes) {
+        $routes->get('/', 'Contact\OccupationController::index');
+        $routes->get('(:num)', 'Contact\OccupationController::show/$1');
+        $routes->post('/', 'Contact\OccupationController::create');
+        $routes->patch('(:any)', 'Contact\OccupationController::update/$1');
+        //$routes->delete('/', 'Contact\OccupationController::delete');
+    });
+
+    $routes->group('medicalspecialty', function ($routes) {
+        $routes->get('/', 'Contact\MedicalSpecialtyController::index');
+        $routes->get('(:num)', 'Contact\MedicalSpecialtyController::show/$1');
+        $routes->post('/', 'Contact\MedicalSpecialtyController::create');
+        $routes->patch('(:any)', 'Contact\MedicalSpecialtyController::update/$1');
+    });
+
+    // Lib ValueSet (file-based)
+    $routes->group('valueset', function ($routes) {
+        $routes->get('/', 'ValueSetController::index');
+        $routes->get('(:any)', 'ValueSetController::index/$1');
+        $routes->post('refresh', 'ValueSetController::refresh');
+
+        // User ValueSet (database-based)
+        $routes->group('user', function ($routes) {
+            $routes->group('items', function ($routes) {
+                $routes->get('/', 'ValueSetController::items');
+                $routes->get('(:num)', 'ValueSetController::showItem/$1');
+                $routes->post('/', 'ValueSetController::createItem');
+                $routes->put('(:num)', 'ValueSetController::updateItem/$1');
+                $routes->delete('(:num)', 'ValueSetController::deleteItem/$1');
+            });
+
+            $routes->group('def', function ($routes) {
+                $routes->get('/', 'ValueSetDefController::index');
+                $routes->get('(:num)', 'ValueSetDefController::show/$1');
+                $routes->post('/', 'ValueSetDefController::create');
+                $routes->put('(:num)', 'ValueSetDefController::update/$1');
+                $routes->delete('(:num)', 'ValueSetDefController::delete/$1');
+            });
+        });
+    });
+
+    // Result ValueSet
+    $routes->group('result', function ($routes) {
+        $routes->group('valueset', function ($routes) {
+            $routes->get('/', 'Result\ResultValueSetController::index');
+            $routes->get('(:num)', 'Result\ResultValueSetController::show/$1');
+            $routes->post('/', 'Result\ResultValueSetController::create');
+            $routes->put('(:num)', 'Result\ResultValueSetController::update/$1');
+            $routes->delete('(:num)', 'Result\ResultValueSetController::delete/$1');
+        });
+    });
+
+    $routes->post('calc/testsite/(:num)', 'CalculatorController::calculateByTestSite/$1');
+    $routes->post('calc/testcode/(:any)', 'CalculatorController::calculateByCodeOrName/$1');
+
+    // Counter
+    $routes->group('counter', function ($routes) {
+        $routes->get('/', 'CounterController::index');
+        $routes->get('(:num)', 'CounterController::show/$1');
+        $routes->post('/', 'CounterController::create');
+        $routes->patch('(:any)', 'CounterController::update/$1');
+        $routes->delete('/', 'CounterController::delete');
+    });
+
+    // AreaGeo
+    $routes->group('areageo', function ($routes) {
+        $routes->get('/', 'AreaGeoController::index');
+        $routes->get('provinces', 'AreaGeoController::getProvinces');
+        $routes->get('cities', 'AreaGeoController::getCities');
+    });
+
+    // Organization
+    $routes->group('organization', function ($routes) {
+        // Account
+        $routes->group('account', function ($routes) {
+            $routes->get('/', 'Organization\AccountController::index');
+            $routes->get('(:num)', 'Organization\AccountController::show/$1');
+            $routes->post('/', 'Organization\AccountController::create');
+            $routes->patch('(:any)', 'Organization\AccountController::update/$1');
+            $routes->delete('/', 'Organization\AccountController::delete');
+        });
+
+        // Site
+        $routes->group('site', function ($routes) {
+            $routes->get('/', 'Organization\SiteController::index');
+            $routes->get('(:num)', 'Organization\SiteController::show/$1');
+            $routes->post('/', 'Organization\SiteController::create');
+            $routes->patch('(:any)', 'Organization\SiteController::update/$1');
+            $routes->delete('/', 'Organization\SiteController::delete');
+        });
+
+        // Discipline
+        $routes->group('discipline', function ($routes) {
+            $routes->get('/', 'Organization\DisciplineController::index');
+            $routes->get('(:num)', 'Organization\DisciplineController::show/$1');
+            $routes->post('/', 'Organization\DisciplineController::create');
+            $routes->patch('(:any)', 'Organization\DisciplineController::update/$1');
+            $routes->delete('/', 'Organization\DisciplineController::delete');
+        });
+
+        // Department
+        $routes->group('department', function ($routes) {
+            $routes->get('/', 'Organization\DepartmentController::index');
+            $routes->get('(:num)', 'Organization\DepartmentController::show/$1');
+            $routes->post('/', 'Organization\DepartmentController::create');
+            $routes->patch('(:any)', 'Organization\DepartmentController::update/$1');
+            $routes->delete('/', 'Organization\DepartmentController::delete');
+        });
+
+        // Workstation
+        $routes->group('workstation', function ($routes) {
+            $routes->get('/', 'Organization\WorkstationController::index');
+            $routes->get('(:num)', 'Organization\WorkstationController::show/$1');
+            $routes->post('/', 'Organization\WorkstationController::create');
+            $routes->patch('(:any)', 'Organization\WorkstationController::update/$1');
+            $routes->delete('/', 'Organization\WorkstationController::delete');
+        });
+
+        // HostApp
+        $routes->group('hostapp', function ($routes) {
+            $routes->get('/', 'Organization\HostAppController::index');
+            $routes->get('(:num)', 'Organization\HostAppController::show/$1');
+            $routes->post('/', 'Organization\HostAppController::create');
+            $routes->patch('(:num)', 'Organization\HostAppController::update/$1');
+            $routes->delete('/', 'Organization\HostAppController::delete');
+        });
+
+        // HostComPara
+        $routes->group('hostcompara', function ($routes) {
+            $routes->get('/', 'Organization\HostComParaController::index');
+            $routes->get('(:num)', 'Organization\HostComParaController::show/$1');
+            $routes->post('/', 'Organization\HostComParaController::create');
+            $routes->patch('(:num)', 'Organization\HostComParaController::update/$1');
+            $routes->delete('/', 'Organization\HostComParaController::delete');
+        });
+
+        // CodingSys
+        $routes->group('codingsys', function ($routes) {
+            $routes->get('/', 'Organization\CodingSysController::index');
+            $routes->get('(:num)', 'Organization\CodingSysController::show/$1');
+            $routes->post('/', 'Organization\CodingSysController::create');
+            $routes->patch('(:any)', 'Organization\CodingSysController::update/$1');
+            $routes->delete('/', 'Organization\CodingSysController::delete');
+        });
+    });
+
+    // Infrastructure
+    $routes->group('equipmentlist', function ($routes) {
+        $routes->get('/', 'Infrastructure\EquipmentListController::index');
+        $routes->get('(:num)', 'Infrastructure\EquipmentListController::show/$1');
+        $routes->post('/', 'Infrastructure\EquipmentListController::create');
+        $routes->patch('(:any)', 'Infrastructure\EquipmentListController::update/$1');
+        $routes->delete('/', 'Infrastructure\EquipmentListController::delete');
+    });
+
+    // Users
+    $routes->group('user', function ($routes) {
+        $routes->get('/', 'User\UserController::index');
+        $routes->get('(:num)', 'User\UserController::show/$1');
+        $routes->post('/', 'User\UserController::create');
+        $routes->patch('(:any)', 'User\UserController::update/$1');
+        $routes->delete('(:num)', 'User\UserController::delete/$1');
+    });
+
+    // Specimen
+    $routes->group('specimen', function ($routes) {
+        // Container aliases - 'container' and 'containerdef' both point to ContainerDefController
+        $routes->group('container', function ($routes) {
+            $routes->get('/', 'Specimen\ContainerDefController::index');
+            $routes->get('(:num)', 'Specimen\ContainerDefController::show/$1');
+            $routes->post('/', 'Specimen\ContainerDefController::create');
+            $routes->patch('(:any)', 'Specimen\ContainerDefController::update/$1');
+        });
+        $routes->group('containerdef', function ($routes) {
+            $routes->get('/', 'Specimen\ContainerDefController::index');
+            $routes->get('(:num)', 'Specimen\ContainerDefController::show/$1');
+            $routes->post('/', 'Specimen\ContainerDefController::create');
+            $routes->patch('(:any)', 'Specimen\ContainerDefController::update/$1');
+        });
+
+        $routes->group('prep', function ($routes) {
+            $routes->get('/', 'Specimen\SpecimenPrepController::index');
+            $routes->get('(:num)', 'Specimen\SpecimenPrepController::show/$1');
+            $routes->post('/', 'Specimen\SpecimenPrepController::create');
+            $routes->patch('(:any)', 'Specimen\SpecimenPrepController::update/$1');
+        });
+
+        $routes->group('status', function ($routes) {
+            $routes->get('/', 'Specimen\SpecimenStatusController::index');
+            $routes->get('(:num)', 'Specimen\SpecimenStatusController::show/$1');
+            $routes->post('/', 'Specimen\SpecimenStatusController::create');
+            $routes->patch('(:any)', 'Specimen\SpecimenStatusController::update/$1');
+        });
+
+        $routes->group('collection', function ($routes) {
+            $routes->get('/', 'Specimen\SpecimenCollectionController::index');
+            $routes->get('(:num)', 'Specimen\SpecimenCollectionController::show/$1');
+            $routes->post('/', 'Specimen\SpecimenCollectionController::create');
+            $routes->patch('(:any)', 'Specimen\SpecimenCollectionController::update/$1');
+        });
+
+    $routes->get('/', 'Specimen\SpecimenController::index');
+    $routes->get('(:num)', 'Specimen\SpecimenController::show/$1');
+    $routes->post('/', 'Specimen\SpecimenController::create');
+    $routes->patch('(:any)', 'Specimen\SpecimenController::update/$1');
+    $routes->delete('(:num)', 'Specimen\SpecimenController::delete/$1');
+});
+
+    // Test 
+    $routes->group('test', function ($routes) {
+        $routes->get('/', 'Test\TestsController::index');
+        $routes->get('(:num)', 'Test\TestsController::show/$1');
+        $routes->post('/', 'Test\TestsController::create');
+        $routes->patch('(:segment)', 'Test\TestsController::update/$1');
+        $routes->group('testmap', function ($routes) {
+            $routes->get('/', 'Test\TestMapController::index');
+            $routes->get('(:num)', 'Test\TestMapController::show/$1');
+            $routes->post('/', 'Test\TestMapController::create');
+            $routes->patch('(:segment)', 'Test\TestMapController::update/$1');
+            $routes->delete('/', 'Test\TestMapController::delete');
+
+            // Filter routes
+            $routes->get('by-testcode/(:any)', 'Test\TestMapController::showByTestCode/$1');
+
+            // TestMapDetail nested routes
+            $routes->group('detail', function ($routes) {
+                $routes->get('/', 'Test\TestMapDetailController::index');
+                $routes->get('(:num)', 'Test\TestMapDetailController::show/$1');
+                $routes->post('/', 'Test\TestMapDetailController::create');
+                $routes->patch('(:segment)', 'Test\TestMapDetailController::update/$1');
+                $routes->delete('/', 'Test\TestMapDetailController::delete');
+                $routes->get('by-testmap/(:num)', 'Test\TestMapDetailController::showByTestMap/$1');
+                $routes->post('batch', 'Test\TestMapDetailController::batchCreate');
+                $routes->patch('batch', 'Test\TestMapDetailController::batchUpdate');
+                $routes->delete('batch', 'Test\TestMapDetailController::batchDelete');
+            });
+        });
+    });
+
+    // Orders
+    $routes->group('ordertest', function ($routes) {
+        $routes->get('/', 'OrderTestController::index');
+        $routes->get('(:any)', 'OrderTestController::show/$1');
+        $routes->post('/', 'OrderTestController::create');
+        $routes->patch('(:any)', 'OrderTestController::update/$1');
+        $routes->delete('/', 'OrderTestController::delete');
+        $routes->post('status', 'OrderTestController::updateStatus');
+    });
+
+    // Rules
+    $routes->group('rule', ['filter' => 'auth'], function ($routes) {
+        $routes->get('/', 'Rule\RuleController::index');
+        $routes->get('(:num)', 'Rule\RuleController::show/$1');
+        $routes->post('/', 'Rule\RuleController::create');
+        $routes->patch('(:any)', 'Rule\RuleController::update/$1');
+        $routes->delete('(:num)', 'Rule\RuleController::delete/$1');
+        $routes->post('validate', 'Rule\RuleController::validateExpr');
+        $routes->post('compile', 'Rule\RuleController::compile');
+    });
+
+
+    // Demo/Test Routes (No Auth)
+$routes->group('api/demo', function ($routes) {
+    $routes->post('order', 'Test\DemoOrderController::createDemoOrder');
+    $routes->get('order', 'Test\DemoOrderController::listDemoOrders');
+});
+
+// Edge API - Integration with tiny-edge
+    $routes->group('edge', function ($routes) {
+        $routes->post('result', 'EdgeController::results');
+        $routes->get('order', 'EdgeController::orders');
+        $routes->post('order/(:num)/ack', 'EdgeController::ack/$1');
+        $routes->post('status', 'EdgeController::status');
+    });
+});
+
+// Khusus
+/*
+$routes->get('/api/zones', 'Zones::index');
+$routes->get('/api/zones/synchronize', 'Zones::synchronize');
+$routes->get('/api/zones/provinces', 'Zones::getProvinces');
+$routes->get('/api/zones/cities', 'Zones::getCities');
+*/
 
-$routes->get('/patient/race', 'PatientRace::index');
-$routes->get('/patient/country', 'PatientCountry::index');
-$routes->get('/patient/religion', 'PatientReligion::index');

app/Controllers/AreaGeoController.php

@@ -0,0 +1,52 @@
+<?php
+namespace App\Controllers;
+
+use App\Traits\ResponseTrait;
+use App\Controllers\BaseController;
+use App\Models\AreaGeoModel;
+
+class AreaGeoController extends BaseController {
+	use ResponseTrait;
+	
+	protected $model;
+
+	public function __construct() {	
+		$this->model = new AreaGeoModel();
+	}
+
+    public function index() {
+        try {
+            $filters = [
+                'AreaGeoID' => $this->request->getVar('AreaGeoID') ?? null,
+                'AreaName' => $this->request->getVar('AreaName') ?? null
+            ];
+            $rows = $this->model->getAreaGeos( $filters );
+
+            if(empty($rows)){return $this->respond(['status'=>'success', 'message'=>"no data found.", 'data'=>$rows], 200);}
+            return $this->respond(['status'=>'success', 'message'=>"data fetched successfully", 'data'=>$rows], 200);
+        } catch (\Exception $e) {
+            return $this->respond([ 'status' => 'error', 'message' => $e->getMessage() ], 200);
+        }
+
+    }
+
+    public function getProvinces() {
+        $rows = $this->model->getProvinces();
+        $transformed = array_map(function($row) {
+            return ['value' => $row['AreaGeoID'], 'label' => $row['AreaName']];
+        }, $rows);
+        if (empty($transformed)) { return $this->respond([ 'status'  => 'success', 'data' => [] ], 200); }
+        return $this->respond([ 'status' => 'success', 'data' => $transformed ], 200);
+    }
+
+    public function getCities() {
+        $filter = [ 'Parent' => $this->request->getVar('ProvinceID') ?? null ];
+        $rows = $this->model->getCities($filter);
+        $transformed = array_map(function($row) {
+            return ['value' => $row['AreaGeoID'], 'label' => $row['AreaName']];
+        }, $rows);
+        if (empty($transformed)) { return $this->respond([ 'status'  => 'success', 'data' => [] ], 200); }
+        return $this->respond([ 'status' => 'success', 'data' => $transformed ], 200);
+    }
+   
+}

app/Controllers/Audit/AuditLogController.php

@@ -0,0 +1,60 @@
+<?php
+
+namespace App\Controllers\Audit;
+
+use App\Controllers\BaseController;
+use App\Services\AuditLogService;
+use App\Traits\ResponseTrait;
+use CodeIgniter\HTTP\ResponseInterface;
+use InvalidArgumentException;
+
+class AuditLogController extends BaseController
+{
+    use ResponseTrait;
+
+    private AuditLogService $auditLogService;
+
+    public function __construct()
+    {
+        $this->auditLogService = new AuditLogService();
+    }
+
+    public function index(): ResponseInterface
+    {
+        $filters = [
+            'table' => $this->request->getGet('table'),
+            'rec_id' => $this->request->getGet('rec_id') ?? $this->request->getGet('recId'),
+            'event_id' => $this->request->getGet('event_id') ?? $this->request->getGet('eventId'),
+            'activity_id' => $this->request->getGet('activity_id') ?? $this->request->getGet('activityId'),
+            'from' => $this->request->getGet('from'),
+            'to' => $this->request->getGet('to'),
+            'search' => $this->request->getGet('search'),
+            'page' => $this->request->getGet('page'),
+            'perPage' => $this->request->getGet('perPage') ?? $this->request->getGet('per_page'),
+        ];
+
+        try {
+            $payload = $this->auditLogService->fetchLogs($filters);
+
+            return $this->respond([
+                'status' => 'success',
+                'message' => 'Audit logs retrieved successfully',
+                'data' => $payload,
+            ], 200);
+
+        } catch (InvalidArgumentException $e) {
+            return $this->respond([
+                'status' => 'failed',
+                'message' => $e->getMessage(),
+                'data' => null,
+            ], 400);
+        } catch (\Throwable $e) {
+            log_message('error', 'AuditLogController::index error: ' . $e->getMessage());
+            return $this->respond([
+                'status' => 'failed',
+                'message' => 'Unable to retrieve audit logs',
+                'data' => null,
+            ], 500);
+        }
+    }
+}

app/Controllers/Auth.php

@@ -1,135 +0,0 @@
-<?php
-
-namespace App\Controllers;
-
-use CodeIgniter\API\ResponseTrait;
-use CodeIgniter\Controller;
-use \Firebase\JWT\JWT;
-
-class Auth extends Controller {
-    use ResponseTrait;
-
-    public function __construct() {
-        $this->db = \Config\Database::connect();
-    }
-
-    public function login() {
-        $username = $this->request->getVar('username');
-        $password = $this->request->getVar('password');
-        $key = getenv('JWT_SECRET');
-
-        if (!$username) {
-            return $this->fail('Username required.', 400);
-        }
-        
-        $sql = "select * from users where username=".$this->db->escape($username);
-        $query = $this->db->query($sql);
-        $row = $query->getRowArray();
-
-        if (!$row) {
-            return $this->fail('User not found.', 401); // Use 401 for authentication failures
-        }
-        
-        if (!password_verify($password, $row['password'])) {
-            return $this->fail('Invalid password.', 401);
-        }
-        
-        // JWT payload
-        $payload = [
-            'username' => $row['username'],
-            'exp' => time() + 3600
-        ];
-
-        try {
-            $jwt = JWT::encode($payload, $key, 'HS256');
-        } catch (Exception $e) {
-            return $this->fail('Error generating JWT: ' . $e->getMessage(), 500);
-        }
-
-        // Update last_login
-        //$this->userModel->update($user['id'], ['lastlogin' => date('Y-m-d H:i:s')]);
-
-        $response = [
-            'message' => 'Login successful',
-            'token'   => $jwt,
-        ];
-        return $this->respond($response);
-    }
-
-    public function change_pass() {
-        $db = \Config\Database::connect();
-        $username = $this->request->getJsonVar('username');
-        $password = $this->request->getJsonVar('password');
-        $password = password_hash($password, PASSWORD_DEFAULT);
-
-        $master = $this->request->getJsonVar('master');
-        $masterkey = getenv('masterkey');
-        
-        if($master != $masterkey) {
-            return $this->fail('Invalid master key.', 401);
-        }
-        
-        $sql = "update users set password='$password' where username='$username'";
-        $query = $db->query($sql);
-        $response = [
-            'message' => "Password Changed for $username"
-        ];
-        return $this->respond($response);
-    }
-
-    public function register() {
-        $username = $this->request->getJsonVar('username');
-        $password = $this->request->getJsonVar('password');
-        $password = password_hash($password, PASSWORD_DEFAULT);
-
-        $master = $this->request->getJsonVar('master');
-        $masterkey = getenv('MASTERKEY');
-        
-        if($master != $masterkey) {
-            return $this->fail('Invalid master key.', 401);
-        }
-        
-        $sql = "insert into users(username, password) values('$username', '$password')";
-        $this->db->query($sql);
-        $response = [
-            'message' => "user $username created"
-        ];
-        return $this->respondCreated($response);
-    }
-
-    public function checkAuth() {
-        $authorizationHeader = $this->request->getHeader('Authorization');
-
-        if (!$authorizationHeader) {
-            return $this->fail('Authorization header is missing', 401);
-        }
-
-        $authHeaderValue = $authorizationHeader->getValue();
-
-        if (empty($authHeaderValue)) {
-             return $this->fail('Authorization header is empty', 401);
-        }
-
-        // Extract the token from the "Bearer <token>" format
-        if (strpos($authHeaderValue, 'Bearer ') === 0) {
-            $token = substr($authHeaderValue, 7);
-        } else {
-            $token = $authHeaderValue; // Assume the header contains only the token
-        }
-
-
-        try {
-            $decoded = JWT::decode($token, $this->key, ['HS256']); // Use the Key object
-            // You can now access user data from $decoded
-            $response = [
-                'message' => 'Authentication successful',
-                'user'    => $decoded, //  return the decoded token
-            ];
-            return $this->respond($response);
-
-        } catch (Exception $e) {
-            return $this->fail('Invalid token: ' . $e->getMessage(), 401);
-        }
-    }
-
-}

app/Controllers/AuthController.php

@@ -0,0 +1,329 @@
+<?php
+
+namespace App\Controllers;
+
+use App\Traits\ResponseTrait;
+use CodeIgniter\Controller;
+
+use Firebase\JWT\JWT;
+use Firebase\JWT\Key;
+use Firebase\JWT\ExpiredException;
+use Firebase\JWT\SignatureInvalidException;
+use Firebase\JWT\BeforeValidException;
+use CodeIgniter\Cookie\Cookie;
+
+class AuthController extends Controller
+{
+    use ResponseTrait;
+
+    protected $db;
+
+    // ok
+    public function __construct()
+    {
+        $this->db = \Config\Database::connect();
+    }
+
+    // ok
+    public function checkAuth()
+    {
+        $token = $this->request->getCookie('token');
+        $key = getenv('JWT_SECRET');
+
+        // Jika token FE tidak ada langsung kabarkan failed
+        if (!$token) {
+            return $this->respond([
+                'status' => 'failed',
+                'message' => 'No token found'
+            ], 401);
+        }
+
+        try {
+            // Decode Token dengan Key yg ada di .env
+            $decodedPayload = JWT::decode($token, new Key($key, 'HS256'));
+
+            return $this->respond([
+                'status' => 'success',
+                'message' => 'Authenticated',
+                'data' => $decodedPayload
+            ], 200);
+
+        } catch (ExpiredException $e) {
+            return $this->respond([
+                'status' => 'failed',
+                'message' => 'Token expired',
+                'data' => []
+            ], 401);
+
+        } catch (SignatureInvalidException $e) {
+            return $this->respond([
+                'status' => 'failed',
+                'message' => 'Invalid token signature',
+                'data' => []
+            ], 401);
+
+        } catch (BeforeValidException $e) {
+            return $this->respond([
+                'status' => 'failed',
+                'message' => 'Token not valid yet',
+                'data' => []
+            ], 401);
+
+        } catch (\Exception $e) {
+            return $this->respond([
+                'status' => 'failed',
+                'message' => 'Invalid token: ' . $e->getMessage(),
+                'data' => []
+            ], 401);
+        }
+    }
+
+    // ok
+    // public function login() {
+
+    //     // Ambil dari JSON Form dan Key .env
+    //     $username = $this->request->getVar('username');
+    //     $password = $this->request->getVar('password');
+    //     $key = getenv('JWT_SECRET');
+
+    //     if (!$username) {
+    //         return $this->fail('Username required.', 400);
+    //     }
+
+    //     $sql = "SELECT * FROM users WHERE username=" . $this->db->escape($username);
+    //     $query = $this->db->query($sql);
+    //     $row = $query->getResultArray();
+
+    //     if (!$row) { return $this->fail('User not found.', 401); }
+    //     $row = $row[0];
+    //     if (!password_verify($password, $row['password'])) {
+    //         return $this->fail('Invalid password.', 401);
+    //     }
+
+    //     // Buat JWT payload
+    //     $exp = time() + 864000;
+    //     $payload = [
+    //         'userid'   => $row['id'],
+    //         'roleid' => $row['role_id'],
+    //         'username' => $row['username'],
+    //         'exp'      => $exp
+    //     ];
+
+    //     try {
+    //         // Melakukan Hash terhadap Payload dengan Kunci .env menggunakan Algortima HMAC + SHA-256
+    //         $jwt = JWT::encode($payload, $key, 'HS256');
+    //     } catch (Exception $e) {
+    //         return $this->fail('Error generating JWT: ' . $e->getMessage(), 500);
+    //     }
+
+    //     // Kirim Respon ke HttpOnly yg akan disimpan di browser dan tidak akan dapat diakses oleh siapapun
+    //     // $isSecure = isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on';
+    //     $this->response->setCookie([
+    //         // 'name'     => 'token',              // nama token
+    //         // 'value'    => $jwt,                 // value dari jwt yg sudah di hash
+    //         // 'expire'   => 864000,               // 10 hari
+    //         // 'path'     => '/',                  // valid untuk semua path
+    //         // 'secure'   => $isSecure,            // true for HTTPS, false for HTTP (localhost)
+    //         // 'httponly' => true,                 // dipakai agar cookie berikut tidak dapat diakses oleh javascript
+    //         // 'samesite' => $isSecure ? Cookie::SAMESITE_NONE : Cookie::SAMESITE_LAX 
+    //     ]);
+
+
+    //     // Response tanpa token di body
+    //     return $this->respond([
+    //         'status'  => 'success',
+    //         'code' => 200,
+    //         'message' => 'Login successful'
+    //     ], 200);
+    // }
+    public function login()
+    {
+
+        // Ambil dari JSON Form dan Key .env
+        $username = $this->request->getVar('username');
+        $password = $this->request->getVar('password');
+        $key = getenv('JWT_SECRET');
+
+        if (!$username) {
+            return $this->fail('Username required.', 400);
+        }
+
+        $sql = "SELECT * FROM users WHERE username=" . $this->db->escape($username);
+        $query = $this->db->query($sql);
+        $row = $query->getResultArray();
+
+        if (!$row) {
+            return $this->fail('User not found.', 401);
+        }
+        $row = $row[0];
+        if (!password_verify($password, $row['password'])) {
+            return $this->fail('Invalid password.', 401);
+        }
+
+        // Buat JWT payload
+        $exp = time() + 864000;
+        $payload = [
+            'userid' => $row['id'],
+            'roleid' => $row['role_id'],
+            'username' => $row['username'],
+            'exp' => $exp
+        ];
+
+        try {
+            // Melakukan Hash terhadap Payload dengan Kunci .env menggunakan Algortima HMAC + SHA-256
+            $jwt = JWT::encode($payload, $key, 'HS256');
+        } catch (\Exception $e) {
+            return $this->fail('Error generating JWT: ' . $e->getMessage(), 500);
+        }
+
+        // Detect if HTTPS is being used
+        $isSecure = isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on';
+
+        // Kirim Respon ke HttpOnly yg akan disimpan di browser dan tidak akan dapat diakses oleh siapapun
+        $this->response->setCookie([
+            'name' => 'token',              // nama token
+            'value' => $jwt,                 // value dari jwt yg sudah di hash
+            'expire' => 864000,               // 10 hari
+            'path' => '/',                  // valid untuk semua path
+            'secure' => $isSecure,
+            'httponly' => true,                 // dipakai agar cookie berikut tidak dapat diakses oleh javascript
+            'samesite' => $isSecure ? Cookie::SAMESITE_NONE : Cookie::SAMESITE_LAX
+        ]);
+
+        // Response tanpa token di body
+        return $this->respond([
+            'status' => 'success',
+            'code' => 200,
+            'message' => 'Login successful'
+        ], 200);
+    }
+
+    // ok
+    // public function logout() {
+    //     // Definisikan ini pada cookies browser, harus sama dengan cookies login
+    //     // $isSecure = isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on';
+    //     return $this->response->setCookie([
+    //         'name'     => 'token',
+    //         'value'    => '',
+    //         'expire'   => time() - 3600,
+    //         'path'     => '/',
+    //         'secure'   => $isSecure,   
+    //         'httponly' => true,
+    //         'samesite' => $isSecure ? Cookie::SAMESITE_NONE : Cookie::SAMESITE_LAX
+
+    //     ])->setJSON([
+    //         'status'    => 'success',
+    //         'code' => 200, 
+    //         'message'   => 'Logout successful'
+    //     ], 200);
+    // }
+    public function logout()
+    {
+        // Detect if HTTPS is being used
+        $isSecure = isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on';
+        
+        // Definisikan ini pada cookies browser, harus sama dengan cookies login
+        return $this->response->setCookie([
+            'name' => 'token',
+            'value' => '',
+            'expire' => time() - 3600,
+            'path' => '/',
+            'secure' => $isSecure,
+            'httponly' => true,
+            'samesite' => $isSecure ? Cookie::SAMESITE_NONE : Cookie::SAMESITE_LAX
+
+        ])->setJSON([
+                    'status' => 'success',
+                    'code' => 200,
+                    'message' => 'Logout successful'
+                ], 200);
+    }
+
+    // ok
+    public function register()
+    {
+
+        $username = strtolower($this->request->getJsonVar('username'));
+        $password = $this->request->getJsonVar('password');
+
+        // Validasi Awal Dari BE
+        if (empty($username) || empty($password)) {
+            return $this->respond([
+                'status' => 'failed',
+                'code' => 400,
+                'message' => 'Username and password are required'
+            ], 400); // Gunakan 400 Bad Request
+        }
+
+        // Cek Duplikasi Username
+        $exists = $this->db->query("SELECT id FROM users WHERE username = ?", [$username])->getRow();
+        if ($exists) {
+            return $this->respond(['status' => 'failed', 'code' => 409, 'message' => 'Username already exists'], 409);
+        }
+
+        $hashedPassword = password_hash($password, PASSWORD_DEFAULT);
+
+        // Mulai transaksi Insert
+        $this->db->transStart();
+        $this->db->query(
+            "INSERT INTO users(username, password, role_id) VALUES(?, ?, ?)",
+            [$username, $hashedPassword, 1]
+        );
+        $this->db->transComplete();
+
+        // Cek status transaksi
+        if ($this->db->transStatus() === false) {
+            return $this->respond([
+                'status' => 'error',
+                'code' => 500,
+                'message' => 'Failed to create user. Please try again later.'
+            ], 500);
+        }
+
+        // Respon sukses jika kueri berhasil
+        return $this->respond([
+            'status' => 'success',
+            'code' => 201,
+            'message' => 'User ' . $username . ' successfully created.'
+        ], 201);
+
+    }
+
+    // public function change_pass() {
+    //     $db = \Config\Database::connect();
+    //     $username = $this->request->getJsonVar('username');
+    //     $password = $this->request->getJsonVar('password');
+    //     $password = password_hash($password, PASSWORD_DEFAULT);
+
+    //     $master = $this->request->getJsonVar('master');
+    //     $masterkey = getenv('masterkey');
+
+    //     if($master != $masterkey) {
+    //         return $this->fail('Invalid master key.', 401);
+    //     }
+
+    //     $sql = "update users set password='$password' where username='$username'";
+    //     $query = $db->query($sql);
+    //     $response = [
+    //         'message' => "Password Changed for $username"
+    //     ];
+    //     return $this->respond($response);
+    // }
+
+    public function coba()
+    {
+
+        $token = $this->request->getCookie('token');
+        $key = getenv('JWT_SECRET');
+
+        // Decode Token dengan Key yg ada di .env
+        $decodedPayload = JWT::decode($token, new Key($key, 'HS256'));
+
+        return $this->respond([
+            'status' => 'success',
+            'message' => 'Authenticated',
+            'data' => $decodedPayload
+        ], 200);
+    }
+
+}

app/Controllers/AuthV2Controller.php

@@ -0,0 +1,238 @@
+<?php
+
+namespace App\Controllers;
+
+use App\Traits\ResponseTrait;
+use CodeIgniter\Controller;
+
+use Firebase\JWT\JWT;
+use Firebase\JWT\Key;
+use Firebase\JWT\ExpiredException;
+use Firebase\JWT\SignatureInvalidException;
+use Firebase\JWT\BeforeValidException;
+use CodeIgniter\Cookie\Cookie;
+
+/**
+ * AuthV2 Controller
+ * 
+ * Handles authentication for V2 UI
+ * Separate from the main Auth controller to avoid conflicts
+ */
+class AuthV2Controller extends Controller
+{
+    use ResponseTrait;
+
+    protected $db;
+
+    public function __construct()
+    {
+        $this->db = \Config\Database::connect();
+    }
+
+    /**
+     * Check authentication status
+     * GET /v2/auth/check
+     */
+    public function checkAuth()
+    {
+        $token = $this->request->getCookie('token');
+        $key = getenv('JWT_SECRET');
+
+        if (!$token) {
+            return $this->respond([
+                'status'  => 'failed',
+                'message' => 'No token found'
+            ], 401);
+        }
+
+        try {
+            $decodedPayload = JWT::decode($token, new Key($key, 'HS256'));
+
+            return $this->respond([
+                'status'  => 'success',
+                'message' => 'Authenticated',
+                'data'    => $decodedPayload
+            ], 200);
+
+        } catch (ExpiredException $e) {
+            return $this->respond([
+                'status'  => 'failed',
+                'message' => 'Token expired'
+            ], 401);
+
+        } catch (SignatureInvalidException $e) {
+            return $this->respond([
+                'status'  => 'failed',
+                'message' => 'Invalid token signature'
+            ], 401);
+
+        } catch (BeforeValidException $e) {
+            return $this->respond([
+                'status'  => 'failed',
+                'message' => 'Token not valid yet'
+            ], 401);
+
+        } catch (\Exception $e) {
+            return $this->respond([
+                'status'  => 'failed',
+                'message' => 'Invalid token: ' . $e->getMessage()
+            ], 401);
+        }
+    }
+
+    /**
+     * Login user
+     * POST /v2/auth/login
+     */
+    public function login()
+    {
+        $username = $this->request->getVar('username');
+        $password = $this->request->getVar('password');
+        $key = getenv('JWT_SECRET');
+
+        // Validate username
+        if (!$username) {
+            return $this->respond([
+                'status'  => 'failed',
+                'message' => 'Username is required'
+            ], 400);
+        }
+
+        // Find user
+        $sql = "SELECT * FROM users WHERE username = " . $this->db->escape($username);
+        $query = $this->db->query($sql);
+        $row = $query->getResultArray();
+
+        if (!$row) {
+            return $this->respond([
+                'status'  => 'failed',
+                'message' => 'User not found'
+            ], 401);
+        }
+
+        $row = $row[0];
+
+        // Verify password
+        if (!password_verify($password, $row['password'])) {
+            return $this->respond([
+                'status'  => 'failed',
+                'message' => 'Invalid password'
+            ], 401);
+        }
+
+        // Create JWT payload
+        $exp = time() + 864000; // 10 days
+        $payload = [
+            'userid'   => $row['id'],
+            'roleid'   => $row['role_id'],
+            'username' => $row['username'],
+            'exp'      => $exp
+        ];
+
+        try {
+            $jwt = JWT::encode($payload, $key, 'HS256');
+        } catch (\Exception $e) {
+            return $this->respond([
+                'status'  => 'failed',
+                'message' => 'Error generating JWT: ' . $e->getMessage()
+            ], 500);
+        }
+
+        // Detect if HTTPS is being used
+        $isSecure = isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on';
+
+        // Set HTTP-only cookie
+        $this->response->setCookie([
+            'name'     => 'token',
+            'value'    => $jwt,
+            'expire'   => 864000,
+            'path'     => '/',
+            'secure'   => $isSecure,  // false for localhost HTTP
+            'httponly' => true,
+            'samesite' => $isSecure ? Cookie::SAMESITE_NONE : Cookie::SAMESITE_LAX
+        ]);
+
+        return $this->respond([
+            'status'  => 'success',
+            'message' => 'Login successful',
+            'data'    => [
+                'username' => $row['username'],
+                'role_id'  => $row['role_id']
+            ]
+        ], 200);
+    }
+
+    /**
+     * Logout user
+     * POST /v2/auth/logout
+     */
+    public function logout()
+    {
+        // Detect if HTTPS is being used
+        $isSecure = isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on';
+
+        // Clear the token cookie
+        return $this->response->setCookie([
+            'name'     => 'token',
+            'value'    => '',
+            'expire'   => time() - 3600,
+            'path'     => '/',
+            'secure'   => $isSecure,
+            'httponly' => true,
+            'samesite' => $isSecure ? Cookie::SAMESITE_NONE : Cookie::SAMESITE_LAX
+        ])->setJSON([
+            'status'  => 'success',
+            'message' => 'Logout successful'
+        ]);
+    }
+
+    /**
+     * Register new user
+     * POST /v2/auth/register
+     */
+    public function register()
+    {
+        $username = strtolower($this->request->getJsonVar('username'));
+        $password = $this->request->getJsonVar('password');
+
+        // Validate input
+        if (empty($username) || empty($password)) {
+            return $this->respond([
+                'status'  => 'failed',
+                'message' => 'Username and password are required'
+            ], 400);
+        }
+
+        // Check for existing username
+        $exists = $this->db->query("SELECT id FROM users WHERE username = ?", [$username])->getRow();
+        if ($exists) {
+            return $this->respond([
+                'status'  => 'failed',
+                'message' => 'Username already exists'
+            ], 409);
+        }
+
+        // Hash password
+        $hashedPassword = password_hash($password, PASSWORD_DEFAULT);
+
+        // Insert user
+        $this->db->transStart();
+        $this->db->query(
+            "INSERT INTO users(username, password, role_id) VALUES(?, ?, ?)",
+            [$username, $hashedPassword, 1]
+        );
+        $this->db->transComplete();
+
+        if ($this->db->transStatus() === false) {
+            return $this->respond([
+                'status'  => 'failed',
+                'message' => 'Failed to create user'
+            ], 500);
+        }
+
+        return $this->respond([
+            'status'  => 'success',
+            'message' => 'User ' . $username . ' successfully created'
+        ], 201);
+    }
+}

app/Controllers/BaseController.php

@@ -30,12 +30,12 @@ abstract class BaseController extends Controller
 
     /**
      * An array of helpers to be loaded automatically upon
-     * class instantiation. These helpers will be available
+     * class instantiation. These will be available
      * to all other controllers that extend BaseController.
      *
      * @var list<string>
      */
-    protected $helpers = [];
+    protected $helpers = ['json'];
 
     /**
      * Be sure to declare properties for any property fetch you initialized.

app/Controllers/CalculatorController.php

@@ -0,0 +1,183 @@
+<?php
+
+namespace App\Controllers;
+
+use App\Traits\ResponseTrait;
+use App\Services\CalculatorService;
+use App\Models\Test\TestDefCalModel;
+use CodeIgniter\Controller;
+use CodeIgniter\HTTP\ResponseInterface;
+
+class CalculatorController extends Controller
+{
+  use ResponseTrait;
+
+  protected CalculatorService $calculator;
+  protected TestDefCalModel $calcModel;
+
+  public function __construct()
+  {
+    $this->calculator = new CalculatorService();
+    $this->calcModel = new TestDefCalModel();
+  }
+
+  /**
+   * POST api/calculate
+   * Calculate a formula with provided variables
+   * 
+   * Request: {
+   *   "formula": "{result} * {factor} + {gender}",
+   *   "variables": {
+   *     "result": 100,
+   *     "factor": 0.5,
+   *     "gender": "female"
+   *   }
+   * }
+   */
+  public function calculate(): ResponseInterface
+  {
+    try {
+      $data = $this->request->getJSON(true);
+      
+      if (empty($data['formula'])) {
+        return $this->respond([
+          'status' => 'failed',
+          'message' => 'Formula is required'
+        ], 400);
+      }
+
+      $result = $this->calculator->calculate(
+        $data['formula'],
+        $data['variables'] ?? []
+      );
+
+      return $this->respond([
+        'status' => 'success',
+        'data' => [
+          'result' => $result,
+          'formula' => $data['formula'],
+          'variables' => $data['variables'] ?? []
+        ]
+      ], 200);
+
+    } catch (\Exception $e) {
+      return $this->respond([
+        'status' => 'failed',
+        'message' => $e->getMessage()
+      ], 400);
+    }
+  }
+
+  /**
+   * POST api/calculate/validate
+   * Validate a formula syntax
+   * 
+   * Request: {
+   *   "formula": "{result} * 2 + 5"
+   * }
+   */
+  public function validateFormula(): ResponseInterface
+  {
+    try {
+      $data = $this->request->getJSON(true);
+      
+      if (empty($data['formula'])) {
+        return $this->respond([
+          'status' => 'failed',
+          'message' => 'Formula is required'
+        ], 400);
+      }
+
+      $validation = $this->calculator->validate($data['formula']);
+
+      return $this->respond([
+        'status' => $validation['valid'] ? 'success' : 'failed',
+        'data' => [
+          'valid' => $validation['valid'],
+          'error' => $validation['error'],
+          'variables' => $this->calculator->extractVariables($data['formula'])
+        ]
+      ], 200);
+
+    } catch (\Exception $e) {
+      return $this->respond([
+        'status' => 'failed',
+        'message' => $e->getMessage()
+      ], 400);
+    }
+  }
+
+  /**
+   * POST api/calc/testsite/{testSiteID}
+   * Calculate using TestDefCal definition
+   * 
+   * Request: {
+   *   "result": 85,
+   *   "gender": "female",
+   *   "age": 30
+   * }
+   */
+  public function calculateByTestSite($testSiteID): ResponseInterface
+  {
+    try {
+      $calcDef = $this->calcModel->existsByTestSiteID($testSiteID);
+      
+      if (!$calcDef) {
+        return $this->respond([
+          'status' => 'failed',
+          'message' => 'No calculation defined for this test site'
+        ], 404);
+      }
+
+      $testValues = $this->request->getJSON(true);
+      $result = $this->calculator->calculateFromDefinition($calcDef, $testValues);
+
+      return $this->respond([
+        'status' => 'success',
+        'data' => [
+          'result' => $result,
+          'testSiteID' => $testSiteID,
+          'formula' => $calcDef['FormulaCode'],
+          'variables' => $testValues
+        ]
+      ], 200);
+
+    } catch (\Exception $e) {
+      return $this->respond([
+        'status' => 'failed',
+        'message' => $e->getMessage()
+      ], 400);
+    }
+  }
+
+  /**
+   * POST api/calc/testcode/{codeOrName}
+   * Evaluate a configured calculation by its code or name and return only the result map.
+   */
+  public function calculateByCodeOrName($codeOrName): ResponseInterface
+  {
+    try {
+      $calcDef = $this->calcModel->findActiveByCodeOrName($codeOrName);
+
+      if (!$calcDef || empty($calcDef['FormulaCode'])) {
+        return $this->response->setJSON(new \stdClass());
+      }
+
+      $input = $this->request->getJSON(true);
+      $variables = is_array($input) ? $input : [];
+
+      $result = $this->calculator->calculate($calcDef['FormulaCode'], $variables);
+
+      if ($result === null) {
+        return $this->response->setJSON(new \stdClass());
+      }
+
+      $responseKey = $calcDef['TestSiteCode'] ?? strtoupper($codeOrName);
+
+      return $this->response->setJSON([ $responseKey => $result ]);
+    } catch (\Exception $e) {
+      log_message('error', "Calc lookup failed for {$codeOrName}: " . $e->getMessage());
+      return $this->response->setJSON(new \stdClass());
+    }
+  }
+}

app/Controllers/Contact/ContactController.php

@@ -0,0 +1,133 @@
+<?php
+namespace App\Controllers\Contact;
+
+use App\Traits\PatchValidationTrait;
+use App\Traits\ResponseTrait;
+use App\Controllers\BaseController;
+use App\Libraries\ValueSet;
+use App\Models\Contact\ContactModel;
+
+class ContactController extends BaseController {
+    use ResponseTrait;
+    use PatchValidationTrait;
+
+    protected $db;
+    protected $model;
+    protected $rules;
+    protected $patchRules;
+
+    public function __construct() {
+        $this->db = \Config\Database::connect();
+        $this->model = new ContactModel();
+        $this->rules = [ 'NameFirst' => 'required' ];
+        $this->patchRules = [ 'NameFirst' => 'permit_empty' ];
+    }
+
+    public function index() {
+        $ContactName = $this->request->getVar('ContactName');
+        $Specialty = $this->request->getVar('Specialty');
+        $rows = $this->model->getContacts($ContactName, $Specialty);
+
+        if (empty($rows)) {
+            return $this->respond([ 'status'  => 'success', 'message' => "no Data.", 'data' => [] ], 200);
+        }
+
+        $rows = ValueSet::transformLabels($rows, [
+            'Specialty' => 'specialty',
+            'Occupation' => 'occupation',
+        ]);
+
+        return $this->respond([ 'status' => 'success', 'message'=> "fetch success", 'data' => $rows ], 200);
+    }
+
+    public function show($ContactID = null) {
+        $model = new ContactModel();
+        $row = $model->getContactWithDetail($ContactID);
+
+        if (empty($row)) {
+            return $this->respond([ 'status'  => 'success', 'message' => "no Data.", 'data' => null ], 200);
+        }
+
+        $row = ValueSet::transformLabels([$row], [
+            'Specialty' => 'specialty',
+            'Occupation' => 'occupation',
+        ])[0];
+
+        return $this->respond([ 'status' => 'success', 'message'=> "fetch success", 'data' => $row ], 200);
+    }
+
+    public function delete() {
+        try {
+            $input = $this->request->getJSON(true);
+            $ContactID = $input["ContactID"];
+            if (!$ContactID) { return $this->failValidationErrors('ContactID is required.'); }
+            $this->model->delete($ContactID);
+            return $this->respondDeleted([ 'status' => 'success', 'message' => "Contact with {$ContactID} deleted successfully."]);
+        } catch (\Throwable $e) {
+            return $this->failServerError('Something went wrong: ' . $e->getMessage());
+        }
+    }
+
+    public function create() {
+        $input = $this->request->getJSON(true);
+        if (!$this->validateData($input, $this->rules)) { return $this->failValidationErrors($this->validator->getErrors()); }
+        try {
+            $result = $this->model->saveContact($input);
+
+            if (($result['status'] ?? 'error') !== 'success') {
+                return $this->respond([
+                    'status' => 'failed',
+                    'message' => $result['message'] ?? 'Failed to create contact',
+                    'data' => []
+                ], 400);
+            }
+
+            return $this->respondCreated([ 'status'  => 'success', 'message' => 'data created successfully', 'data' => $result ], 201);
+        } catch (\Throwable $e) {
+            return $this->failServerError('Something went wrong: ' . $e->getMessage());
+        }
+    }
+
+    public function update($ContactID = null) {
+        $input = $this->requirePatchPayload($this->request->getJSON(true));
+        if ($input === null) {
+            return;
+        }
+
+        $id = $this->requirePatchId($ContactID, 'ContactID');
+        if ($id === null) {
+            return;
+        }
+
+        $existing = $this->model->find($id);
+        if (!$existing) {
+            return $this->respond([
+                'status' => 'failed',
+                'message' => 'Contact not found',
+                'data' => []
+            ], 404);
+        }
+
+        $validationInput = array_intersect_key($input, $this->patchRules);
+        if (!empty($validationInput) && !$this->validateData($validationInput, $this->patchRules)) {
+            return $this->failValidationErrors($this->validator->getErrors());
+        }
+
+        $input['ContactID'] = $id;
+        try {
+            $result = $this->model->saveContact($input);
+
+            if (($result['status'] ?? 'error') !== 'success') {
+                return $this->respond([
+                    'status' => 'failed',
+                    'message' => $result['message'] ?? 'Failed to update contact',
+                    'data' => []
+                ], 400);
+            }
+
+            return $this->respond([ 'status'  => 'success', 'message' => 'data updated successfully', 'data' => $result ], 200);
+        } catch (\Throwable $e) {
+            return $this->failServerError('Something went wrong: ' . $e->getMessage());
+        }
+    }
+}

app/Controllers/Contact/MedicalSpecialtyController.php

@@ -0,0 +1,68 @@
+<?php
+namespace App\Controllers\Contact;
+
+use App\Traits\ResponseTrait;
+use App\Controllers\BaseController;
+use App\Models\Contact\MedicalSpecialtyModel;
+
+class MedicalSpecialtyController extends BaseController {
+    use ResponseTrait;
+
+    protected $db;
+    protected $model;
+    protected $rules;
+
+    public function __construct() {
+        $this->db = \Config\Database::connect();
+        $this->model = new MedicalSpecialtyModel();
+        $this->rules = [ 'SpecialtyText' => 'required' ];
+    }
+
+    public function index() {
+        $Parent = $this->request->getVar('Parent');
+        $SpecialtyText = $this->request->getVar('SpecialtyText');
+        $rows = $this->model->getOccupations($Parent,$SpecialtyText);
+        
+        if (empty($rows)) {
+            return $this->respond([ 'status'  => 'success', 'message' => "no Data."], 200);
+        }
+
+        return $this->respond([ 'status' => 'success', 'message'=> "fetch success", 'data'   => $rows ], 200);
+    }
+
+    public function show($SpecialtyID = null) {
+        $model = new MedicalSpecialtyModel();
+        $row = $model->find($SpecialtyID);
+        if (empty($row)) {
+            return $this->respond([ 'status'  => 'success', 'message' => "no Data.", 'data' => null], 200);
+        }
+        return $this->respond([ 'status' => 'success', 'message'=> "fetch success", 'data'   => $row ], 200);
+    }
+
+    public function create() {
+        $input = $this->request->getJSON(true);
+        try {
+            $this->model->insert($input);
+            $id = $this->model->getInsertID();
+            return $this->respondCreated([ 'status'  => 'success', 'message' => 'data created successfully', 'data' => $id ], 201);
+        } catch (\Throwable $e) {
+            $this->db->transRollback();
+            return $this->failServerError('Exception : ' . $e->getMessage());
+        }
+    }
+
+    public function update($SpecialtyID = null) {
+        $input = $this->request->getJSON(true);
+        if (!$SpecialtyID || !ctype_digit((string) $SpecialtyID)) {
+            return $this->respond(['status' => 'error', 'message' => 'SpecialtyID is required and must be a valid integer'], 400);
+        }
+        $input['SpecialtyID'] = (int) $SpecialtyID;
+        try {
+            $this->model->update($input['SpecialtyID'], $input);
+            return $this->respondCreated([ 'status'  => 'success', 'message' => 'Data updated successfully', 'data' => $input['SpecialtyID'] ], 201);
+        } catch (\Throwable $e) {
+            return $this->failServerError('Exception : ' . $e->getMessage());
+        }
+    }
+
+}

app/Controllers/Contact/OccupationController.php

@@ -0,0 +1,68 @@
+<?php
+namespace App\Controllers\Contact;
+
+use App\Traits\ResponseTrait;
+use App\Controllers\BaseController;
+use App\Models\Contact\OccupationModel;
+
+class OccupationController extends BaseController {
+    use ResponseTrait;
+
+    protected $db;
+    protected $model;
+    protected $rules;
+
+    public function __construct() {
+        $this->db = \Config\Database::connect();
+        $this->model = new OccupationModel();
+        $this->rules = [ 'OccCode' => 'required','OccText' => 'required' ];
+    }
+
+    public function index() {
+        $OccCode = $this->request->getVar('OccCode');
+        $OccText = $this->request->getVar('OccText');
+        $rows = $this->model->getOccupations($OccCode,$OccText);
+        
+        if (empty($rows)) {
+            return $this->respond([ 'status'  => 'success', 'message' => "no Data."], 200);
+        }
+
+        return $this->respond([ 'status' => 'success', 'message'=> "fetch success", 'data'   => $rows ], 200);
+    }
+
+    public function show($OccupationID = null) {
+        $model = new OccupationModel();
+        $row = $model->find($OccupationID);
+        if (empty($row)) {
+            return $this->respond([ 'status'  => 'success', 'message' => "no Data.", 'data' => null ], 200);
+        }
+        return $this->respond([ 'status' => 'success', 'message'=> "fetch success", 'data'   => $row ], 200);
+    }
+
+    public function create() {
+        $input = $this->request->getJSON(true);
+        try {
+            $this->model->insert($input);
+            $id = $this->model->getInsertID();
+            return $this->respondCreated([ 'status'  => 'success', 'message' => 'data created successfully', 'data' => $id ], 201);
+        } catch (\Throwable $e) {
+            $this->db->transRollback();
+            return $this->failServerError('Exception : ' . $e->getMessage());
+        }
+    }
+
+    public function update($OccupationID = null) {
+        $input = $this->request->getJSON(true);
+        if (!$OccupationID || !ctype_digit((string) $OccupationID)) {
+            return $this->respond(['status' => 'error', 'message' => 'OccupationID is required and must be a valid integer'], 400);
+        }
+        $input['OccupationID'] = (int) $OccupationID;
+        try {
+            $this->model->update($input['OccupationID'], $input);
+            return $this->respondCreated([ 'status'  => 'success', 'message' => 'Data updated successfully', 'data' => $input['OccupationID'] ], 201);
+        } catch (\Throwable $e) {
+            return $this->failServerError('Exception : ' . $e->getMessage());
+        }
+    }
+
+}

app/Controllers/CounterController.php

@@ -0,0 +1,69 @@
+<?php
+namespace App\Controllers;
+
+use App\Traits\ResponseTrait;
+use App\Controllers\BaseController;
+use App\Models\CounterModel;
+
+class CounterController extends BaseController {
+    use ResponseTrait;
+
+    protected $model; 
+    public function __construct() {
+        $this->model = new CounterModel();
+    }
+
+    public function index() {
+        $rows = $this->model->findAll();
+        
+        if (empty($rows)) { 
+            return $this->respond([ 'status'  => 'success', 'message' => "No Data.", 'data' => [] ], 200);
+        }
+
+        return $this->respond([ 'status' => 'success', 'message'=> "Data fetched successfully", 'data' => $rows ], 200);
+    }
+
+    public function show($CounterID = null) {
+        $row = $this->model->find($CounterID);
+        
+        if (empty($row)) { 
+            return $this->respond([ 'status'  => 'success', 'message' => "No Data.", 'data' => null ], 200);
+        }
+
+        return $this->respond([ 'status' => 'success', 'message'=> "Data fetched successfully", 'data' => $row ], 200);
+    }
+
+    public function create() {
+        $input = $this->request->getJSON(true);
+        try {
+            $id = $this->model->insert($input,true);
+            return $this->respondCreated([ 'status'  => 'success', 'message' => 'Data created successfully', 'data' => $id ], 201);
+        } catch (\Throwable $e) {
+            return $this->failServerError('Something went wrong: ' . $e->getMessage());
+        }
+    }
+
+    public function update($CounterID = null) {
+        $input = $this->request->getJSON(true);
+        if (!$CounterID || !ctype_digit((string) $CounterID)) {
+            return $this->respond(['status' => 'error', 'message' => 'CounterID is required and must be a valid integer'], 400);
+        }
+        $input['CounterID'] = (int) $CounterID;
+        try {
+            $this->model->update($input['CounterID'], $input);
+            return $this->respondCreated([ 'status'  => 'success', 'message' => 'Data updated successfully', 'data' => $input['CounterID'] ], 201);
+        } catch (\Throwable $e) {
+            return $this->failServerError('Something went wrong: ' . $e->getMessage());
+        }
+    }
+
+    public function delete() {
+        $input = $this->request->getJSON(true);
+        try {
+            $this->model->delete($input['CounterID'], $input);
+            return $this->respondCreated([ 'status'  => 'success', 'message' => 'Data deleted successfully', 'data' => $input['CounterID'] ], 201);
+        } catch (\Throwable $e) {
+            return $this->failServerError('Something went wrong: ' . $e->getMessage());
+        }
+    }
+}

app/Controllers/DashboardController.php

@@ -0,0 +1,36 @@
+<?php
+
+namespace App\Controllers;
+
+use App\Traits\ResponseTrait;
+use CodeIgniter\Controller;
+
+use Firebase\JWT\JWT;
+use Firebase\JWT\Key;
+use Firebase\JWT\ExpiredException;
+use Firebase\JWT\SignatureInvalidException;
+use Firebase\JWT\BeforeValidException;
+use CodeIgniter\Cookie\Cookie;
+
+class DashboardController extends Controller
+{
+    use ResponseTrait;
+
+    public function index()
+    {
+
+        $token = $this->request->getCookie('token');
+        $key = getenv('JWT_SECRET');
+
+        // Decode Token dengan Key yg ada di .env
+        $decodedPayload = JWT::decode($token, new Key($key, 'HS256'));
+
+        return $this->respond([
+            'status' => 'success',
+            'code' => 200,
+            'message' => 'Authenticated',
+            'data' => $decodedPayload
+        ], 200);
+    }
+
+}

app/Controllers/EdgeController.php

@@ -0,0 +1,169 @@
+<?php
+
+namespace App\Controllers;
+
+use App\Traits\ResponseTrait;
+use CodeIgniter\Controller;
+
+class EdgeController extends Controller
+{
+    use ResponseTrait;
+
+    protected $db;
+    protected $edgeResModel;
+
+    public function __construct()
+    {
+        $this->db = \Config\Database::connect();
+        $this->edgeResModel = new \App\Models\EdgeResModel();
+    }
+
+    /**
+     * POST /api/edge/result
+     * Receive results from tiny-edge
+     */
+    public function results()
+    {
+        try {
+            $input = $this->request->getJSON(true);
+
+            if (empty($input)) {
+                return $this->failValidationErrors('Invalid JSON payload');
+            }
+
+            // Extract key fields from payload
+            $sampleId = $input['sample_id'] ?? null;
+            $instrumentId = $input['instrument_id'] ?? null;
+            $patientId = $input['patient_id'] ?? null;
+
+            // Store in edgeres table
+            $data = [
+                'SiteID' => 1, // Default site, can be configured
+                'InstrumentID' => $instrumentId,
+                'SampleID' => $sampleId,
+                'PatientID' => $patientId,
+                'Payload' => json_encode($input),
+                'Status' => 'pending',
+                'AutoProcess' => 0, // Default to manual processing
+                'CreateDate' => date('Y-m-d H:i:s')
+            ];
+
+            $id = $this->edgeResModel->insert($data);
+
+            if (!$id) {
+                return $this->failServerError('Failed to save result');
+            }
+
+            return $this->respondCreated([
+                'status' => 'success',
+                'message' => 'Result received and queued',
+                'data' => [
+                    'edge_res_id' => $id,
+                    'sample_id' => $sampleId,
+                    'instrument_id' => $instrumentId
+                ]
+            ]);
+
+        } catch (\Throwable $e) {
+            return $this->failServerError('Error processing result: ' . $e->getMessage());
+        }
+    }
+
+    /**
+     * GET /api/edge/order
+     * Return pending orders for an instrument
+     */
+    public function orders()
+    {
+        try {
+            $instrumentId = $this->request->getGet('instrument');
+
+            if (!$instrumentId) {
+                return $this->failValidationErrors('instrument parameter is required');
+            }
+
+            // TODO: Implement order fetching logic
+            // For now, return empty array
+            return $this->respond([
+                'status' => 'success',
+                'message' => 'Orders fetched',
+                'data' => []
+            ]);
+
+        } catch (\Throwable $e) {
+            return $this->failServerError('Error fetching orders: ' . $e->getMessage());
+        }
+    }
+
+    /**
+     * POST /api/edge/order/:id/ack
+     * Acknowledge order delivery
+     */
+    public function ack($orderId = null)
+    {
+        try {
+            if (!$orderId) {
+                return $this->failValidationErrors('Order ID is required');
+            }
+
+            $input = $this->request->getJSON(true);
+            $instrumentId = $input['instrument_id'] ?? null;
+
+            // Log acknowledgment
+            $this->db->table('edgeack')->insert([
+                'OrderID' => $orderId,
+                'InstrumentID' => $instrumentId,
+                'AckDate' => date('Y-m-d H:i:s'),
+                'CreateDate' => date('Y-m-d H:i:s')
+            ]);
+
+            return $this->respond([
+                'status' => 'success',
+                'message' => 'Order acknowledged',
+                'data' => [
+                    'order_id' => $orderId
+                ]
+            ]);
+
+        } catch (\Throwable $e) {
+            return $this->failServerError('Error acknowledging order: ' . $e->getMessage());
+        }
+    }
+
+    /**
+     * POST /api/edge/status
+     * Log instrument status
+     */
+    public function status()
+    {
+        try {
+            $input = $this->request->getJSON(true);
+
+            $instrumentId = $input['instrument_id'] ?? null;
+            $status = $input['status'] ?? null;
+            $lastActivity = $input['last_activity'] ?? null;
+            $timestamp = $input['timestamp'] ?? date('Y-m-d H:i:s');
+
+            if (!$instrumentId || !$status) {
+                return $this->failValidationErrors('instrument_id and status are required');
+            }
+
+            // Store status log
+            $this->db->table('edgestatus')->insert([
+                'InstrumentID' => $instrumentId,
+                'Status' => $status,
+                'LastActivity' => $lastActivity,
+                'Timestamp' => $timestamp,
+                'CreateDate' => date('Y-m-d H:i:s')
+            ]);
+
+            return $this->respond([
+                'status' => 'success',
+                'message' => 'Status logged'
+            ]);
+
+        } catch (\Throwable $e) {
+            return $this->failServerError('Error logging status: ' . $e->getMessage());
+        }
+    }
+}

app/Controllers/Home.php

@@ -1,11 +0,0 @@
-<?php
-
-namespace App\Controllers;
-
-class Home extends BaseController
-{
-    public function index(): string
-    {
-        return view('welcome_message');
-    }
-}

app/Controllers/HomeController.php

@@ -0,0 +1,33 @@
+<?php
+
+namespace App\Controllers;
+
+use App\Traits\ResponseTrait;
+use CodeIgniter\Controller;
+
+use Firebase\JWT\JWT;
+use Firebase\JWT\Key;
+use Firebase\JWT\ExpiredException;
+use Firebase\JWT\SignatureInvalidException;
+use Firebase\JWT\BeforeValidException;
+use CodeIgniter\Cookie\Cookie;
+
+class HomeController extends Controller {
+    use ResponseTrait;
+    
+    public function index() {
+
+        // $token = $this->request->getCookie('token');
+        // $key   = getenv('JWT_SECRET');
+
+        // // Decode Token dengan Key yg ada di .env
+        // $decodedPayload = JWT::decode($token, new Key($key, 'HS256'));
+
+        // return $this->respond([
+        //     'status'  => 'success',
+        //     'code'    => 200,
+        //     'message' => 'Authenticated',
+        //     'data'    => $decodedPayload
+        // ], 200);
+    }
+}

app/Controllers/Infrastructure/EquipmentListController.php

@@ -0,0 +1,116 @@
+<?php
+
+namespace App\Controllers\Infrastructure;
+
+use App\Controllers\BaseController;
+use App\Traits\ResponseTrait;
+use App\Models\Infrastructure\EquipmentListModel;
+
+class EquipmentListController extends BaseController {
+    use ResponseTrait;
+
+    protected $db;
+    protected $model;
+
+    public function __construct() {
+        $this->db = \Config\Database::connect();
+        $this->model = new EquipmentListModel();
+    }
+
+    public function index() {
+        $filter = [
+            'IEID' => $this->request->getVar('IEID'),
+            'InstrumentName' => $this->request->getVar('InstrumentName'),
+            'DepartmentID' => $this->request->getVar('DepartmentID'),
+            'WorkstationID' => $this->request->getVar('WorkstationID'),
+            'isEnable' => $this->request->getVar('isEnable'),
+        ];
+
+        $rows = $this->model->getEquipmentLists($filter);
+
+        if (empty($rows)) {
+            return $this->respond([
+                'status' => 'success',
+                'message' => 'no Data.',
+                'data' => []
+            ], 200);
+        }
+
+        return $this->respond([
+            'status' => 'success',
+            'message' => 'fetch success',
+            'data' => $rows
+        ], 200);
+    }
+
+    public function show($EID = null) {
+        $row = $this->model->getEquipmentList($EID);
+
+        if (empty($row)) {
+            return $this->respond([
+                'status' => 'success',
+                'message' => 'no Data.',
+                'data' => null
+            ], 200);
+        }
+
+        return $this->respond([
+            'status' => 'success',
+            'message' => 'fetch success',
+            'data' => $row
+        ], 200);
+    }
+
+    public function create() {
+        $input = $this->request->getJSON(true);
+
+        try {
+            $EID = $this->model->insert($input, true);
+            return $this->respondCreated([
+                'status' => 'success',
+                'message' => 'data created successfully',
+                'data' => $EID
+            ], 201);
+        } catch (\Throwable $e) {
+            return $this->failServerError('Something went wrong: ' . $e->getMessage());
+        }
+    }
+
+    public function update($EID = null) {
+        $input = $this->request->getJSON(true);
+
+        try {
+            if (!$EID || !ctype_digit((string) $EID)) {
+                return $this->failValidationErrors('EID is required.');
+            }
+            $input['EID'] = (int) $EID;
+            $this->model->update($EID, $input);
+            return $this->respond([
+                'status' => 'success',
+                'message' => 'data updated successfully',
+                'data' => $EID
+            ], 200);
+        } catch (\Throwable $e) {
+            return $this->failServerError('Something went wrong: ' . $e->getMessage());
+        }
+    }
+
+    public function delete() {
+        try {
+            $input = $this->request->getJSON(true);
+            $EID = $input['EID'];
+
+            if (!$EID) {
+                return $this->failValidationErrors('EID is required.');
+            }
+
+            $this->model->delete($EID);
+            return $this->respondDeleted([
+                'status' => 'success',
+                'message' => "{$EID} deleted successfully."
+            ]);
+        } catch (\Throwable $e) {
+            return $this->failServerError('Something went wrong: ' . $e->getMessage());
+        }
+    }
+}

app/Controllers/LocationController.php

@@ -0,0 +1,126 @@
+<?php
+namespace App\Controllers;
+
+use App\Traits\PatchValidationTrait;
+use App\Traits\ResponseTrait;
+use App\Controllers\BaseController;
+use App\Models\Location\LocationModel;
+
+class LocationController extends BaseController {
+    use ResponseTrait;
+    use PatchValidationTrait;
+
+    protected $model;
+    protected $rules;
+    protected $patchRules;
+
+    public function __construct() {
+        $this->model = new LocationModel();
+        $this->rules = [
+            'LocCode' => 'required|max_length[6]',
+            'LocFull' => 'required',
+        ];
+        $this->patchRules = [
+            'SiteID' => 'permit_empty|is_natural_no_zero',
+            'LocCode' => 'permit_empty|max_length[6]',
+            'Parent' => 'permit_empty|is_natural',
+            'LocFull' => 'permit_empty',
+            'Description' => 'permit_empty|max_length[255]',
+            'LocType' => 'permit_empty',
+            'Street1' => 'permit_empty|max_length[255]',
+            'Street2' => 'permit_empty|max_length[255]',
+            'City' => 'permit_empty|max_length[255]',
+            'Province' => 'permit_empty|max_length[255]',
+            'PostCode' => 'permit_empty|max_length[20]',
+            'GeoLocationSystem' => 'permit_empty|max_length[255]',
+            'GeoLocationData' => 'permit_empty|max_length[255]',
+            'Phone' => 'permit_empty|max_length[20]',
+            'Email' => 'permit_empty|valid_email|max_length[255]',
+        ];
+    }
+
+    public function index() {
+        $LocName = $this->request->getVar('LocName');
+        $LocCode = $this->request->getVar('LocCode');
+        $rows = $this->model->getLocations($LocCode,$LocName);
+        if (empty($rows)) {
+            return $this->respond([ 'status'  => 'success', 'message' => "no Data.", 'data' => [] ], 200);
+        }
+
+        return $this->respond([ 'status' => 'success', 'message'=> "fetch success", 'data' => $rows ], 200);
+    }
+        
+    public function show($LocationID = null) {
+        $row = $this->model->getLocation($LocationID);
+        if (empty($row)) {
+            return $this->respond([ 'status'  => 'success', 'message' => "no Data.", 'data' => null ], 200);
+        }
+
+        return $this->respond([ 'status' => 'success', 'message'=> "fetch success", 'data' => $row ], 200);
+    }
+
+    public function create() {
+        $input = $this->request->getJSON(true);
+        if (!$this->validateData($input, $this->rules)) { return $this->failValidationErrors($this->validator->getErrors()); }
+        try {
+            $result = $this->model->saveLocation($input);
+            return $this->respondCreated([ 'status'  => 'success', 'message' => 'data created successfully', 'data' => $result ], 201);
+        } catch (\Throwable $e) {
+            return $this->failServerError('Something went wrong: ' . $e->getMessage());
+        }
+    }
+
+    public function update($LocationID = null) {
+        $input = $this->requirePatchPayload($this->request->getJSON(true));
+        if ($input === null) {
+            return;
+        }
+
+        $id = $this->requirePatchId($LocationID, 'LocationID');
+        if ($id === null) {
+            return;
+        }
+
+        $existing = $this->model->find($id);
+        if (!$existing) {
+            return $this->respond([
+                'status' => 'failed',
+                'message' => 'Location not found',
+                'data' => []
+            ], 404);
+        }
+
+        $validationInput = array_intersect_key($input, $this->patchRules);
+        if ($validationInput === []) {
+            return $this->respond([
+                'status' => 'failed',
+                'message' => 'No valid fields provided for update.',
+                'data' => []
+            ], 422);
+        }
+
+        if (!$this->validateData($validationInput, $this->patchRules)) {
+            return $this->failValidationErrors($this->validator->getErrors());
+        }
+
+        $input['LocationID'] = $id;
+        try {
+            $result = $this->model->saveLocation($input);
+            return $this->respond([ 'status'  => 'success', 'message' => 'data updated successfully', 'data' => $result ], 200);
+        } catch (\Throwable $e) {
+            return $this->failServerError('Something went wrong: ' . $e->getMessage());
+        }
+    }
+
+    public function delete() {
+        $input = $this->request->getJSON(true);
+        try {
+            $LocationID = $input["LocationID"];
+            $this->model->deleteLocation($LocationID);
+            return $this->respondDeleted([ 'status' => 'success', 'message' => "Location with {$LocationID} deleted successfully." ]);
+        } catch (\Throwable $e) {
+            return $this->failServerError('Something went wrong: ' . $e->getMessage());
+        }
+    }
+
+}

app/Controllers/OrderTestController.php

@@ -0,0 +1,295 @@
+<?php
+namespace App\Controllers;
+
+use App\Traits\ResponseTrait;
+use CodeIgniter\Controller;
+use App\Libraries\ValueSet;
+use App\Models\OrderTest\OrderTestModel;
+use App\Models\Patient\PatientModel;
+use App\Models\PatVisit\PatVisitModel;
+
+class OrderTestController extends Controller {
+    use ResponseTrait;
+
+    protected $db;
+    protected $model;
+    protected $patientModel;
+    protected $visitModel;
+    protected $rules;
+
+    public function __construct() {
+        $this->db = \Config\Database::connect();
+        $this->model = new OrderTestModel();
+        $this->patientModel = new PatientModel();
+        $this->visitModel = new PatVisitModel();
+        $this->rules = [
+            'InternalPID' => 'required|is_natural'
+        ];
+    }
+
+    public function index() {
+        $internalPID = $this->request->getVar('InternalPID');
+        $includeDetails = $this->request->getVar('include') === 'details';
+
+        try {
+            if ($internalPID) {
+                $rows = $this->model->getOrdersByPatient($internalPID);
+            } else {
+                $rows = $this->db->table('ordertest')
+                    ->where('DelDate', null)
+                    ->orderBy('TrnDate', 'DESC')
+                    ->get()
+                    ->getResultArray();
+            }
+
+            $rows = ValueSet::transformLabels($rows, [
+                'Priority' => 'order_priority',
+                'OrderStatus' => 'order_status',
+            ]);
+
+            if ($includeDetails && !empty($rows)) {
+                foreach ($rows as &$row) {
+                    $row['Specimens'] = $this->getOrderSpecimens($row['InternalOID']);
+                    $row['Tests'] = $this->getOrderTests($row['InternalOID']);
+                }
+            }
+
+            return $this->respond([
+                'status' => 'success',
+                'message' => 'Data fetched successfully',
+                'data' => $rows
+            ], 200);
+        } catch (\Exception $e) {
+            return $this->failServerError('Something went wrong: ' . $e->getMessage());
+        }
+    }
+
+    public function show($orderID = null) {
+        try {
+            $row = $this->model->getOrder($orderID);
+            if (empty($row)) {
+                return $this->respond([
+                    'status' => 'success',
+                    'message' => 'Data not found.',
+                    'data' => null
+                ], 200);
+            }
+
+            $row = ValueSet::transformLabels([$row], [
+                'Priority' => 'order_priority',
+                'OrderStatus' => 'order_status',
+            ])[0];
+
+            // Include specimens and tests
+            $row['Specimens'] = $this->getOrderSpecimens($row['InternalOID']);
+            $row['Tests'] = $this->getOrderTests($row['InternalOID']);
+
+            return $this->respond([
+                'status' => 'success',
+                'message' => 'Data fetched successfully',
+                'data' => $row
+            ], 200);
+        } catch (\Exception $e) {
+            return $this->failServerError('Something went wrong: ' . $e->getMessage());
+        }
+    }
+
+    private function getOrderSpecimens($internalOID) {
+        $specimens = $this->db->table('specimen s')
+            ->select('s.*, cd.ConCode, cd.ConName')
+            ->join('containerdef cd', 'cd.ConDefID = s.ConDefID', 'left')
+            ->where('s.OrderID', $internalOID)
+            ->where('s.EndDate IS NULL')
+            ->get()
+            ->getResultArray();
+        
+        // Get status for each specimen
+        foreach ($specimens as &$specimen) {
+            $status = $this->db->table('specimenstatus')
+                ->where('SID', $specimen['SID'])
+                ->where('EndDate IS NULL')
+                ->orderBy('CreateDate', 'DESC')
+                ->get()
+                ->getRowArray();
+            $specimen['Status'] = $status['SpcStatus'] ?? 'PENDING';
+        }
+        
+        return $specimens;
+    }
+
+    private function getOrderTests($internalOID) {
+        $tests = $this->db->table('patres pr')
+            ->select('pr.*, tds.TestSiteCode, tds.TestSiteName, tds.TestType, tds.SeqScr AS TestSeqScr, tds.SeqRpt AS TestSeqRpt, tds.DisciplineID, d.DisciplineCode, d.DisciplineName, d.SeqScr AS DisciplineSeqScr, d.SeqRpt AS DisciplineSeqRpt')
+            ->join('testdefsite tds', 'tds.TestSiteID = pr.TestSiteID', 'left')
+            ->join('discipline d', 'd.DisciplineID = tds.DisciplineID', 'left')
+            ->where('pr.OrderID', $internalOID)
+            ->where('pr.DelDate IS NULL')
+            ->orderBy('COALESCE(d.SeqScr, 999999) ASC')
+            ->orderBy('COALESCE(d.SeqRpt, 999999) ASC')
+            ->orderBy('COALESCE(tds.SeqScr, 999999) ASC')
+            ->orderBy('COALESCE(tds.SeqRpt, 999999) ASC')
+            ->orderBy('pr.ResultID ASC')
+            ->get()
+            ->getResultArray();
+
+        foreach ($tests as &$test) {
+            $discipline = [
+                'DisciplineID' => $test['DisciplineID'] ?? null,
+                'DisciplineCode' => $test['DisciplineCode'] ?? null,
+                'DisciplineName' => $test['DisciplineName'] ?? null,
+                'SeqScr' => $test['DisciplineSeqScr'] ?? null,
+                'SeqRpt' => $test['DisciplineSeqRpt'] ?? null,
+            ];
+
+            $test['Discipline'] = $discipline;
+            $test['SeqScr'] = $test['TestSeqScr'] ?? null;
+            $test['SeqRpt'] = $test['TestSeqRpt'] ?? null;
+            $test['DisciplineID'] = $discipline['DisciplineID'];
+
+            unset($test['DisciplineCode'], $test['DisciplineName'], $test['DisciplineSeqScr'], $test['DisciplineSeqRpt'], $test['TestSeqScr'], $test['TestSeqRpt']);
+        }
+        unset($test);
+
+        return $tests;
+    }
+
+    public function create() {
+        $input = $this->request->getJSON(true);
+
+        if (!$this->validateData($input, $this->rules)) {
+            return $this->failValidationErrors($this->validator->getErrors());
+        }
+
+        try {
+            if (!$this->patientModel->find($input['InternalPID'])) {
+                return $this->failValidationErrors(['InternalPID' => 'Patient not found']);
+            }
+
+            if (!empty($input['PatVisitID'])) {
+                $visit = $this->visitModel->find($input['PatVisitID']);
+                if (!$visit) {
+                    return $this->failValidationErrors(['PatVisitID' => 'Visit not found']);
+                }
+            }
+
+            $orderID = $this->model->createOrder($input);
+             
+            // Fetch complete order details
+            $order = $this->model->getOrder($orderID);
+            $order['Specimens'] = $this->getOrderSpecimens($order['InternalOID']);
+            $order['Tests'] = $this->getOrderTests($order['InternalOID']);
+
+            // Rule engine triggers are fired at the test/result level (test_created, result_updated)
+
+            return $this->respondCreated([
+                'status' => 'success',
+                'message' => 'Order created successfully',
+                'data' => $order
+            ], 201);
+        } catch (\Exception $e) {
+            return $this->failServerError('Something went wrong: ' . $e->getMessage());
+        }
+    }
+
+    public function update($OrderID = null) {
+        $input = $this->request->getJSON(true);
+
+        if ($OrderID === null || $OrderID === '') {
+            return $this->failValidationErrors(['OrderID' => 'OrderID is required']);
+        }
+
+        if (isset($input['OrderID']) && (string) $input['OrderID'] !== (string) $OrderID) {
+            return $this->failValidationErrors(['OrderID' => 'OrderID in URL does not match body']);
+        }
+
+        try {
+            $input['OrderID'] = $OrderID;
+            $order = $this->model->getOrder($OrderID);
+            if (!$order) {
+                return $this->failNotFound('Order not found');
+            }
+
+            $updateData = [];
+            if (isset($input['Priority'])) $updateData['Priority'] = $input['Priority'];
+            if (isset($input['OrderStatus'])) $updateData['OrderStatus'] = $input['OrderStatus'];
+            if (isset($input['OrderingProvider'])) $updateData['OrderingProvider'] = $input['OrderingProvider'];
+            if (isset($input['DepartmentID'])) $updateData['DepartmentID'] = $input['DepartmentID'];
+            if (isset($input['WorkstationID'])) $updateData['WorkstationID'] = $input['WorkstationID'];
+
+            if (!empty($updateData)) {
+                $this->model->update($order['InternalOID'], $updateData);
+            }
+
+            $updatedOrder = $this->model->getOrder($OrderID);
+            $updatedOrder['Specimens'] = $this->getOrderSpecimens($updatedOrder['InternalOID']);
+            $updatedOrder['Tests'] = $this->getOrderTests($updatedOrder['InternalOID']);
+
+            return $this->respond([
+                'status' => 'success',
+                'message' => 'Order updated successfully',
+                'data' => $updatedOrder
+            ], 200);
+        } catch (\Exception $e) {
+            return $this->failServerError('Something went wrong: ' . $e->getMessage());
+        }
+    }
+
+    public function delete() {
+        $input = $this->request->getJSON(true);
+        $orderID = $input['OrderID'] ?? null;
+
+        if (empty($orderID)) {
+            return $this->failValidationErrors(['OrderID' => 'OrderID is required']);
+        }
+
+        try {
+            $order = $this->model->getOrder($orderID);
+            if (!$order) {
+                return $this->failNotFound('Order not found');
+            }
+
+            $this->model->softDelete($orderID);
+
+            return $this->respondDeleted([
+                'status' => 'success',
+                'message' => 'Order deleted successfully'
+            ]);
+        } catch (\Exception $e) {
+            return $this->failServerError('Something went wrong: ' . $e->getMessage());
+        }
+    }
+
+    public function updateStatus() {
+        $input = $this->request->getJSON(true);
+
+        if (empty($input['OrderID']) || empty($input['OrderStatus'])) {
+            return $this->failValidationErrors(['error' => 'OrderID and OrderStatus are required']);
+        }
+
+        $validStatuses = ['ORD', 'SCH', 'ANA', 'VER', 'REV', 'REP'];
+        if (!in_array($input['OrderStatus'], $validStatuses)) {
+            return $this->failValidationErrors(['OrderStatus' => 'Invalid status. Valid: ' . implode(', ', $validStatuses)]);
+        }
+
+        try {
+            $order = $this->model->getOrder($input['OrderID']);
+            if (!$order) {
+                return $this->failNotFound('Order not found');
+            }
+
+            $this->model->updateStatus($input['OrderID'], $input['OrderStatus']);
+
+            $updatedOrder = $this->model->getOrder($input['OrderID']);
+            $updatedOrder['Specimens'] = $this->getOrderSpecimens($updatedOrder['InternalOID']);
+            $updatedOrder['Tests'] = $this->getOrderTests($updatedOrder['InternalOID']);
+
+            return $this->respond([
+                'status' => 'success',
+                'message' => 'Order status updated successfully',
+                'data' => $updatedOrder
+            ], 200);
+        } catch (\Exception $e) {
+            return $this->failServerError('Something went wrong: ' . $e->getMessage());
+        }
+    }
+}

app/Controllers/Organization/AccountController.php

@@ -0,0 +1,117 @@
+<?php
+namespace App\Controllers\Organization;
+
+use App\Traits\PatchValidationTrait;
+use App\Traits\ResponseTrait;
+use App\Controllers\BaseController;
+
+use App\Models\Organization\AccountModel;
+
+class AccountController extends BaseController {
+    use ResponseTrait;
+    use PatchValidationTrait;
+
+    protected $db;
+    protected $model;
+
+    public function __construct() {
+        $this->db = \Config\Database::connect();
+        $this->model = new AccountModel();
+    }
+
+    public function index() {            
+			$filter = [
+				'Parent' => $this->request->getVar('Parent'),
+				'AccountName' => $this->request->getVar('AccountName'),
+			];
+
+			$rows = $this->model->getAccounts($filter);
+			
+			if (empty($rows)) {
+				return $this->respond([ 'status'  => 'success', 'message' => "no Data.", 'data' => [] ], 200);
+			}
+
+			return $this->respond([ 'status' => 'success', 'message'=> "fetch success", 'data' => $rows ], 200);
+    }
+
+    public function show($AccountID = null) {
+        //$rows = $this->model->where('AccountID', $AccountID)->findAll();
+        $row = $this->model->getAccount($AccountID);
+
+        if (empty($row)) {
+            return $this->respond([ 'status'  => 'success', 'message' => "no Data.", 'data' => null ], 200);
+        }
+
+        return $this->respond([ 'status' => 'success', 'message'=> "fetch success", 'data' => $row ], 200);
+    }
+
+    public function delete() {
+        try {
+            $input = $this->request->getJSON(true);
+            $id = $this->requirePatchId($input['AccountID'] ?? null, 'AccountID');
+            if ($id === null) {
+                return;
+            }
+            $this->model->delete($id);
+            return $this->respondDeleted([ 'status' => 'success', 'message' => "{$id} deleted successfully."]);
+        } catch (\Throwable $e) {
+            return $this->failServerError('Something went wrong: ' . $e->getMessage());
+        }
+    }
+
+    public function create() {
+        $input = $this->request->getJSON(true);
+
+        $validation = service('validation');
+        $validation->setRules([
+            'AccountName' => 'required|string|max_length[255]',
+            'Parent' => 'permit_empty|integer',
+        ]);
+
+        if (!$validation->run($input)) {
+            return $this->failValidationErrors($validation->getErrors());
+        }
+
+        try {
+            $id = $this->model->insert($input,true);
+            return $this->respondCreated([ 'status'  => 'success', 'message' => 'data created successfully', 'data' => $id ], 201);
+        } catch (\Throwable $e) {
+            return $this->failServerError('Something went wrong: ' . $e->getMessage());
+        }
+    }
+
+    public function update($AccountID = null) {
+        $input = $this->requirePatchPayload($this->request->getJSON(true));
+        if ($input === null) {
+            return;
+        }
+
+        $id = $this->requirePatchId($AccountID, 'AccountID');
+        if ($id === null) {
+            return;
+        }
+
+        $existing = $this->model->find($id);
+        if (!$existing) {
+            return $this->respond([ 'status' => 'failed', 'message' => 'Account not found', 'data' => [] ], 404);
+        }
+
+        $validation = service('validation');
+        $validation->setRules([
+            'AccountName' => 'permit_empty|string|max_length[255]',
+            'Parent' => 'permit_empty|integer',
+        ]);
+
+        if (!$validation->run($input)) {
+            return $this->failValidationErrors($validation->getErrors());
+        }
+
+        $input['AccountID'] = $id;
+        try {
+            $this->model->update($id, $input);
+            return $this->respond([ 'status'  => 'success', 'message' => 'data updated successfully', 'data' => $id ], 200);
+        } catch (\Throwable $e) {
+            return $this->failServerError('Something went wrong: ' . $e->getMessage());
+        }
+    }
+}

app/Controllers/Organization/CodingSysController.php

@@ -0,0 +1,112 @@
+<?php
+
+namespace App\Controllers\Organization;
+
+use App\Traits\PatchValidationTrait;
+use App\Traits\ResponseTrait;
+use App\Controllers\BaseController;
+use App\Models\Organization\CodingSysModel;
+
+class CodingSysController extends BaseController {
+    use ResponseTrait;
+    use PatchValidationTrait;
+
+    protected $db;
+    protected $model;
+
+    public function __construct() {
+        $this->db = \Config\Database::connect();
+        $this->model = new CodingSysModel();
+    }
+
+    public function index() {
+        $filter = [
+            'CodingSysAbb' => $this->request->getVar('CodingSysAbb'),
+            'FullText' => $this->request->getVar('FullText'),
+        ];
+
+        $builder = $this->model;
+
+        if (!empty($filter['CodingSysAbb'])) {
+            $builder->like('CodingSysAbb', $filter['CodingSysAbb'], 'both');
+        }
+        if (!empty($filter['FullText'])) {
+            $builder->like('FullText', $filter['FullText'], 'both');
+        }
+
+        $rows = $builder->findAll();
+
+        if (empty($rows)) {
+            return $this->respond(['status' => 'success', 'message' => 'no Data.', 'data' => []], 200);
+        }
+
+        return $this->respond(['status' => 'success', 'message' => 'fetch success', 'data' => $rows], 200);
+    }
+
+    public function show($CodingSysID = null) {
+        $row = $this->model->where('CodingSysID', $CodingSysID)->first();
+
+        if (empty($row)) {
+            return $this->respond(['status' => 'success', 'message' => 'no Data.', 'data' => null], 200);
+        }
+
+        return $this->respond(['status' => 'success', 'message' => 'fetch success', 'data' => $row], 200);
+    }
+
+    public function delete() {
+        try {
+            $input = $this->request->getJSON(true);
+            $id = $input['CodingSysID'] ?? null;
+
+            if (!$id) {
+                return $this->failValidationErrors('CodingSysID is required.');
+            }
+
+            $this->model->delete($id);
+            return $this->respondDeleted(['status' => 'success', 'message' => "{$id} deleted successfully."]);
+        } catch (\Throwable $e) {
+            return $this->failServerError('Something went wrong: ' . $e->getMessage());
+        }
+    }
+
+    public function create() {
+        $input = $this->request->getJSON(true);
+
+        try {
+            $id = $this->model->insert($input, true);
+            return $this->respondCreated(['status' => 'success', 'message' => 'data created successfully', 'data' => $id], 201);
+        } catch (\Throwable $e) {
+            return $this->failServerError('Something went wrong: ' . $e->getMessage());
+        }
+    }
+
+    public function update($CodingSysID = null) {
+        $input = $this->requirePatchPayload($this->request->getJSON(true));
+        if ($input === null) {
+            return;
+        }
+
+        $id = $this->requirePatchId($CodingSysID, 'CodingSysID');
+        if ($id === null) {
+            return;
+        }
+
+        $existing = $this->model->find($id);
+        if (!$existing) {
+            return $this->respond(['status' => 'failed', 'message' => 'CodingSys not found', 'data' => []], 404);
+        }
+
+        if (isset($input['CodingSysID']) && (string) $input['CodingSysID'] !== (string) $id) {
+            return $this->failValidationErrors('CodingSysID in URL does not match body.');
+        }
+
+        $input['CodingSysID'] = $id;
+
+        try {
+            $this->model->update($id, $input);
+            return $this->respondCreated(['status' => 'success', 'message' => 'data updated successfully', 'data' => $id], 201);
+        } catch (\Throwable $e) {
+            return $this->failServerError('Something went wrong: ' . $e->getMessage());
+        }
+    }
+}

app/Controllers/Organization/DepartmentController.php

@@ -0,0 +1,91 @@
+<?php
+namespace App\Controllers\Organization;
+
+use App\Traits\PatchValidationTrait;
+use App\Traits\ResponseTrait;
+use App\Controllers\BaseController;
+
+use App\Models\Organization\DepartmentModel;
+
+class DepartmentController extends BaseController {
+    use ResponseTrait;
+    use PatchValidationTrait;
+
+    protected $db;
+    protected $model;
+
+    public function __construct() {
+        $this->db = \Config\Database::connect();
+        $this->model = new DepartmentModel();
+    }
+
+    public function index() {
+        $filter = [
+			'DepartmentCode' => $this->request->getVar('DepartmentCode'),
+			'DepartmentName' => $this->request->getVar('DepartmentName'),
+		];
+        $rows = $this->model->getDepartments($filter);
+        
+        if (empty($rows)) {
+            return $this->respond([ 'status'  => 'success', 'message' => "no Data.", 'data' => [] ], 200);
+        }
+
+        return $this->respond([ 'status' => 'success', 'message'=> "fetch success", 'data' => $rows ], 200);
+    }
+
+    public function show($DepartmentID = null) {
+        $row = $this->model->getDepartment($DepartmentID);
+        if (empty($row)) {
+            return $this->respond([ 'status'  => 'success', 'message' => "no Data.", 'data' => null ], 200);
+        }
+
+        return $this->respond([ 'status' => 'success', 'message'=> "fetch success", 'data' => $row ], 200);
+    }
+
+    public function delete() {
+        try {
+            $input = $this->request->getJSON(true);
+            $id = $input["DepartmentID"];
+            if (!$id) { return $this->failValidationErrors('ID is required.'); }
+            $this->model->delete($id);
+            return $this->respondDeleted([ 'status' => 'success', 'message' => "{$id} deleted successfully."]);
+        } catch (\Throwable $e) {
+            return $this->failServerError('Something went wrong: ' . $e->getMessage());
+        }
+    }
+
+    public function create() {
+        $input = $this->request->getJSON(true);
+        try {
+            $id = $this->model->insert($input,true);
+            return $this->respondCreated([ 'status'  => 'success', 'message' => 'data created successfully', 'data' => $id ], 201);
+        } catch (\Throwable $e) {
+            return $this->failServerError('Something went wrong: ' . $e->getMessage());
+        }
+    }
+
+    public function update($DepartmentID = null) {
+        $input = $this->requirePatchPayload($this->request->getJSON(true));
+        if ($input === null) {
+            return;
+        }
+
+        $id = $this->requirePatchId($DepartmentID, 'DepartmentID');
+        if ($id === null) {
+            return;
+        }
+
+        $existing = $this->model->find($id);
+        if (!$existing) {
+            return $this->respond([ 'status' => 'failed', 'message' => 'Department not found', 'data' => [] ], 404);
+        }
+
+        $input['DepartmentID'] = $id;
+        try {
+            $this->model->update($id, $input);
+            return $this->respond([ 'status'  => 'success', 'message' => 'data updated successfully', 'data' => $id ], 200);
+        } catch (\Throwable $e) {
+            return $this->failServerError('Something went wrong: ' . $e->getMessage());
+        }
+    }
+}

app/Controllers/Organization/DisciplineController.php

@@ -0,0 +1,131 @@
+<?php
+namespace App\Controllers\Organization;
+
+use App\Traits\PatchValidationTrait;
+use App\Traits\ResponseTrait;
+use App\Controllers\BaseController;
+
+use App\Models\Organization\DisciplineModel;
+
+class DisciplineController extends BaseController {
+  use ResponseTrait;
+  use PatchValidationTrait;
+
+  protected $db;
+  protected $model;
+
+  public function __construct() {
+    $this->db = \Config\Database::connect();
+    $this->model = new DisciplineModel();
+  }
+
+  public function index() {
+    $filter = [
+			'DisciplineCode' => $this->request->getVar('DisciplineCode'),
+			'DisciplineName' => $this->request->getVar('DisciplineName'),
+		];
+		$rows = $this->model->getDisciplines($filter);
+    
+    if (empty($rows)) {
+      return $this->respond([ 'status'  => 'success', 'message' => "no Data.", 'data' => [] ], 200);
+    }
+
+    return $this->respond([ 'status' => 'success', 'message'=> "fetch success", 'data' => $rows ], 200);
+  }
+
+  public function show($DisciplineID = null) {
+    $row = $this->model->where('DisciplineID', $DisciplineID)->first();
+
+    if (empty($row)) {
+      return $this->respond([ 'status'  => 'success', 'message' => "no Data.", 'data' => null ], 200);
+    }
+
+    return $this->respond([ 'status' => 'success', 'message'=> "fetch success", 'data' => $row ], 200);
+  }
+
+  public function delete() {
+    try {
+      $input = $this->request->getJSON(true);
+      $id = $this->requirePatchId($input['DisciplineID'] ?? null, 'DisciplineID');
+      if ($id === null) {
+        return;
+      }
+      $this->model->delete($id);
+      return $this->respondDeleted([ 'status' => 'success', 'message' => "{$id} deleted successfully."]);
+    } catch (\Throwable $e) {
+      return $this->failServerError('Something went wrong: ' . $e->getMessage());
+    }
+  }
+
+  public function create() {
+    $input = $this->request->getJSON(true);
+
+    $validation = service('validation');
+    $validation->setRules([
+      'DisciplineCode' => 'required|string|max_length[50]',
+      'DisciplineName' => 'required|string|max_length[255]',
+      'Parent' => 'permit_empty|integer',
+      'SeqScr' => 'permit_empty|integer',
+      'SeqRpt' => 'permit_empty|integer',
+    ]);
+
+    if (!$validation->run($input)) {
+      return $this->failValidationErrors($validation->getErrors());
+    }
+
+    try {
+      $id = $this->model->insert($input,true);
+      return $this->respondCreated([ 'status'  => 'success', 'message' => 'data created successfully', 'data' => $id ], 201);
+    } catch (\Throwable $e) {
+      return $this->failServerError('Something went wrong: ' . $e->getMessage());
+    }
+  }
+
+  public function update($DisciplineID = null) {
+    $input = $this->requirePatchPayload($this->request->getJSON(true));
+    if ($input === null) {
+      return;
+    }
+
+    $id = $this->requirePatchId($DisciplineID, 'DisciplineID');
+    if ($id === null) {
+      return;
+    }
+
+    $existing = $this->model->find($id);
+    if (!$existing) {
+      return $this->respond([ 'status' => 'failed', 'message' => 'Discipline not found', 'data' => [] ], 404);
+    }
+
+    $validation = service('validation');
+    $validation->setRules([
+      'DisciplineCode' => 'permit_empty|string|max_length[50]',
+      'DisciplineName' => 'permit_empty|string|max_length[255]',
+      'Parent' => 'permit_empty|integer',
+      'SeqScr' => 'permit_empty|integer',
+      'SeqRpt' => 'permit_empty|integer',
+    ]);
+
+    if (!$validation->run($input)) {
+      return $this->failValidationErrors($validation->getErrors());
+    }
+
+    $input['DisciplineID'] = $id;
+    try {
+      $this->model->update($id, $input);
+      return $this->respond([ 'status'  => 'success', 'message' => 'data updated successfully', 'data' => $id ], 200);
+    } catch (\Throwable $e) {
+      return $this->failServerError('Something went wrong: ' . $e->getMessage());
+    }
+    /*
+    try {
+      $id = $input['DisciplineID'];
+      $this->model->where('DisciplineID', $id)->update();
+      echo $this->model->getLastQuery();
+      return $this->respondCreated([ 'status'  => 'success', 'message' => 'data updated successfully', 'data' => $id ], 201);
+    } catch (\Throwable $e) {
+      return $this->failServerError('Something went wrong: ' . $e->getMessage() );
+    }
+    */
+  }
+}

app/Controllers/Organization/HostAppController.php

@@ -0,0 +1,124 @@
+<?php
+
+namespace App\Controllers\Organization;
+
+use App\Traits\PatchValidationTrait;
+use App\Traits\ResponseTrait;
+use App\Controllers\BaseController;
+use App\Models\Organization\HostAppModel;
+
+class HostAppController extends BaseController {
+    use ResponseTrait;
+    use PatchValidationTrait;
+
+    protected $db;
+    protected $model;
+
+    public function __construct() {
+        $this->db = \Config\Database::connect();
+        $this->model = new HostAppModel();
+    }
+
+    public function index() {
+        $filter = [
+            'HostAppID' => $this->request->getVar('HostAppID'),
+            'HostAppName' => $this->request->getVar('HostAppName'),
+        ];
+
+        $builder = $this->model->select('hostapp.*, site.SiteName')
+            ->join('site', 'site.SiteID = hostapp.SiteID', 'left');
+
+        if (!empty($filter['HostAppID'])) {
+            if (!ctype_digit((string) $filter['HostAppID'])) {
+                return $this->failValidationErrors('HostAppID filter must be a valid integer.');
+            }
+            $builder->where('hostapp.HostAppID', (int) $filter['HostAppID']);
+        }
+        if (!empty($filter['HostAppName'])) {
+            $builder->like('hostapp.HostAppName', $filter['HostAppName'], 'both');
+        }
+
+        $rows = $builder->findAll();
+
+        if (empty($rows)) {
+            return $this->respond(['status' => 'success', 'message' => 'no Data.', 'data' => []], 200);
+        }
+
+        return $this->respond(['status' => 'success', 'message' => 'fetch success', 'data' => $rows], 200);
+    }
+
+    public function show($HostAppID = null) {
+        $id = $this->requirePatchId($HostAppID, 'HostAppID');
+        if ($id === null) {
+            return;
+        }
+
+        $row = $this->model->select('hostapp.*, site.SiteName')
+            ->join('site', 'site.SiteID = hostapp.SiteID', 'left')
+            ->where('hostapp.HostAppID', $id)
+            ->first();
+
+        if (empty($row)) {
+            return $this->respond(['status' => 'success', 'message' => 'no Data.', 'data' => null], 200);
+        }
+
+        return $this->respond(['status' => 'success', 'message' => 'fetch success', 'data' => $row], 200);
+    }
+
+    public function delete() {
+        try {
+            $input = $this->request->getJSON(true);
+            $id = $this->requirePatchId($input['HostAppID'] ?? null, 'HostAppID');
+            if ($id === null) {
+                return;
+            }
+
+            $this->model->delete($id);
+            return $this->respondDeleted(['status' => 'success', 'message' => "{$id} deleted successfully."]);
+        } catch (\Throwable $e) {
+            return $this->failServerError('Something went wrong: ' . $e->getMessage());
+        }
+    }
+
+    public function create() {
+        $input = $this->request->getJSON(true);
+
+        try {
+            unset($input['HostAppID']);
+            $id = $this->model->insert($input, true);
+            return $this->respondCreated(['status' => 'success', 'message' => 'data created successfully', 'data' => $id], 201);
+        } catch (\Throwable $e) {
+            return $this->failServerError('Something went wrong: ' . $e->getMessage());
+        }
+    }
+
+    public function update($HostAppID = null) {
+        $input = $this->requirePatchPayload($this->request->getJSON(true));
+        if ($input === null) {
+            return;
+        }
+
+        $id = $this->requirePatchId($HostAppID, 'HostAppID');
+        if ($id === null) {
+            return;
+        }
+
+        $existing = $this->model->find($id);
+        if (!$existing) {
+            return $this->respond(['status' => 'failed', 'message' => 'HostApp not found', 'data' => []], 404);
+        }
+
+        if (isset($input['HostAppID'])) {
+            if ((string) $input['HostAppID'] !== (string) $id) {
+                return $this->failValidationErrors('HostAppID in URL does not match body.');
+            }
+            unset($input['HostAppID']);
+        }
+        try {
+            $this->model->update($id, $input);
+            return $this->respond(['status' => 'success', 'message' => 'data updated successfully', 'data' => $id], 200);
+        } catch (\Throwable $e) {
+            return $this->failServerError('Something went wrong: ' . $e->getMessage());
+        }
+    }
+}

app/Controllers/Organization/HostComParaController.php

@@ -0,0 +1,135 @@
+<?php
+
+namespace App\Controllers\Organization;
+
+use App\Traits\PatchValidationTrait;
+use App\Traits\ResponseTrait;
+use App\Controllers\BaseController;
+use App\Models\Organization\HostComParaModel;
+
+class HostComParaController extends BaseController {
+    use ResponseTrait;
+    use PatchValidationTrait;
+
+    protected $db;
+    protected $model;
+
+    public function __construct() {
+        $this->db = \Config\Database::connect();
+        $this->model = new HostComParaModel();
+    }
+
+    public function index() {
+        $filter = [
+            'HostAppID' => $this->request->getVar('HostAppID'),
+            'HostIP' => $this->request->getVar('HostIP'),
+        ];
+
+        $builder = $this->model->select('hostcompara.*, hostapp.HostAppName')
+            ->join('hostapp', 'hostapp.HostAppID = hostcompara.HostAppID', 'left');
+
+        if (!empty($filter['HostAppID'])) {
+            if (!ctype_digit((string) $filter['HostAppID'])) {
+                return $this->failValidationErrors('HostAppID filter must be a valid integer.');
+            }
+            $builder->where('hostcompara.HostAppID', (int) $filter['HostAppID']);
+        }
+        if (!empty($filter['HostIP'])) {
+            $builder->like('hostcompara.HostIP', $filter['HostIP'], 'both');
+        }
+
+        $rows = $builder->findAll();
+
+        if (empty($rows)) {
+            return $this->respond(['status' => 'success', 'message' => 'no Data.', 'data' => []], 200);
+        }
+
+        return $this->respond(['status' => 'success', 'message' => 'fetch success', 'data' => $rows], 200);
+    }
+
+    public function show($HostAppID = null) {
+        $id = $this->requirePatchId($HostAppID, 'HostAppID');
+        if ($id === null) {
+            return;
+        }
+
+        $row = $this->model->select('hostcompara.*, hostapp.HostAppName')
+            ->join('hostapp', 'hostapp.HostAppID = hostcompara.HostAppID', 'left')
+            ->where('hostcompara.HostAppID', $id)
+            ->first();
+
+        if (empty($row)) {
+            return $this->respond(['status' => 'success', 'message' => 'no Data.', 'data' => null], 200);
+        }
+
+        return $this->respond(['status' => 'success', 'message' => 'fetch success', 'data' => $row], 200);
+    }
+
+    public function delete() {
+        try {
+            $input = $this->request->getJSON(true);
+            $id = $this->requirePatchId($input['HostAppID'] ?? null, 'HostAppID');
+            if ($id === null) {
+                return;
+            }
+
+            $this->model->delete($id);
+            return $this->respondDeleted(['status' => 'success', 'message' => "{$id} deleted successfully."]);
+        } catch (\Throwable $e) {
+            return $this->failServerError('Something went wrong: ' . $e->getMessage());
+        }
+    }
+
+    public function create() {
+        $input = $this->request->getJSON(true);
+
+        try {
+            $hostAppId = $input['HostAppID'] ?? null;
+            if ($hostAppId === null) {
+                return $this->failValidationErrors('HostAppID is required.');
+            }
+
+            if (!ctype_digit((string) $hostAppId)) {
+                return $this->failValidationErrors('HostAppID must be a valid integer.');
+            }
+
+            $input['HostAppID'] = (int) $hostAppId;
+
+            $id = $this->model->insert($input, true);
+            return $this->respondCreated(['status' => 'success', 'message' => 'data created successfully', 'data' => $id], 201);
+        } catch (\Throwable $e) {
+            return $this->failServerError('Something went wrong: ' . $e->getMessage());
+        }
+    }
+
+    public function update($HostAppID = null) {
+        $input = $this->requirePatchPayload($this->request->getJSON(true));
+        if ($input === null) {
+            return;
+        }
+
+        $id = $this->requirePatchId($HostAppID, 'HostAppID');
+        if ($id === null) {
+            return;
+        }
+
+        $existing = $this->model->find($id);
+        if (!$existing) {
+            return $this->respond(['status' => 'failed', 'message' => 'HostComPara not found', 'data' => []], 404);
+        }
+
+        if (isset($input['HostAppID'])) {
+            if ((string) $input['HostAppID'] !== (string) $id) {
+                return $this->failValidationErrors('HostAppID in URL does not match body.');
+            }
+            unset($input['HostAppID']);
+        }
+
+        try {
+            $this->model->update($id, $input);
+            return $this->respond(['status' => 'success', 'message' => 'data updated successfully', 'data' => $id], 200);
+        } catch (\Throwable $e) {
+            return $this->failServerError('Something went wrong: ' . $e->getMessage());
+        }
+    }
+}

app/Controllers/Organization/SiteController.php

@@ -0,0 +1,116 @@
+<?php
+namespace App\Controllers\Organization;
+
+use App\Traits\PatchValidationTrait;
+use App\Traits\ResponseTrait;
+use App\Controllers\BaseController;
+
+use App\Models\Organization\SiteModel;
+
+class SiteController extends BaseController {
+    use ResponseTrait;
+    use PatchValidationTrait;
+
+    protected $db;
+    protected $model;
+
+    public function __construct() {
+        $this->db = \Config\Database::connect();
+        $this->model = new SiteModel();
+    }
+
+		public function index() {            
+			$filter = [
+				'SiteCode' => $this->request->getVar('SiteCode'),
+				'SiteName' => $this->request->getVar('SiteName'),
+			];
+			$rows = $this->model->getSites($filter);
+			if (empty($rows)) {
+				return $this->respond([ 'status'  => 'success', 'message' => "no Data.", 'data' => [] ], 200);
+			}
+			return $this->respond([ 'status' => 'success', 'message'=> "fetch success", 'data' => $rows ], 200);
+    }
+
+    
+
+    public function show($SiteID = null) {
+        //$rows = $this->model->where('SiteID', $SiteID)->findAll();
+        $row = $this->model->getSite($SiteID);
+
+        if (empty($row)) {
+            return $this->respond([ 'status'  => 'success', 'message' => "no Data.", 'data' => null ], 200);
+        }
+
+        return $this->respond([ 'status' => 'success', 'message'=> "fetch success", 'data' => $row ], 200);
+    }
+
+    public function delete() {
+        try {
+            $input = $this->request->getJSON(true);
+            $id = $input["SiteID"];
+            if (!$id) { return $this->failValidationErrors('ID is required.'); }
+            $this->model->delete($id);
+            return $this->respondDeleted([ 'status' => 'success', 'message' => "{$id} deleted successfully."]);
+        } catch (\Throwable $e) {
+            return $this->failServerError('Something went wrong: ' . $e->getMessage());
+        }
+    }
+
+    public function create() {
+        $input = $this->request->getJSON(true);
+        
+        $validation = service('validation');
+        $validation->setRules([
+            'SiteCode' => 'required|regex_match[/^[A-Z0-9]{2,6}$/]',
+            'SiteName' => 'required',
+        ]);
+        
+        if (!$validation->run($input)) {
+            return $this->failValidationErrors($validation->getErrors());
+        }
+        
+        try {
+            $id = $this->model->insert($input,true);
+            return $this->respondCreated([ 'status'  => 'success', 'message' => 'data created successfully', 'data' => $id ], 201);
+        } catch (\Throwable $e) {
+            return $this->failServerError('Something went wrong: ' . $e->getMessage());
+        }
+    }
+
+    public function update($SiteID = null) {
+        $input = $this->requirePatchPayload($this->request->getJSON(true));
+        if ($input === null) {
+            return;
+        }
+
+        $id = $this->requirePatchId($SiteID, 'SiteID');
+        if ($id === null) {
+            return;
+        }
+
+        $existing = $this->model->find($id);
+        if (!$existing) {
+            return $this->respond([ 'status' => 'failed', 'message' => 'Site not found', 'data' => [] ], 404);
+        }
+
+        $input['SiteID'] = $id;
+        
+        if (!empty($input['SiteCode'])) {
+            $validation = service('validation');
+            $validation->setRules([
+                'SiteCode' => 'regex_match[/^[A-Z0-9]{2,6}$/]',
+            ]);
+            
+            if (!$validation->run($input)) {
+                return $this->failValidationErrors($validation->getErrors());
+            }
+        }
+        
+        try {
+            $this->model->update($id, $input);
+            return $this->respond([ 'status'  => 'success', 'message' => 'data updated successfully', 'data' => $id ], 200);
+        } catch (\Throwable $e) {
+            return $this->failServerError('Something went wrong: ' . $e->getMessage());
+        }
+    }
+}

app/Controllers/Organization/WorkstationController.php

@@ -0,0 +1,92 @@
+<?php
+namespace App\Controllers\Organization;
+
+use App\Traits\PatchValidationTrait;
+use App\Traits\ResponseTrait;
+use App\Controllers\BaseController;
+
+use App\Models\Organization\WorkstationModel;
+
+class WorkstationController extends BaseController {
+    use ResponseTrait;
+    use PatchValidationTrait;
+
+    protected $db;
+    protected $model;
+
+    public function __construct() {
+        $this->db = \Config\Database::connect();
+        $this->model = new WorkstationModel();
+    }
+
+    public function index() {
+        $filter = [
+			'WorkstationCode' => $this->request->getVar('WorkstationCode'),
+			'WorkstationName' => $this->request->getVar('WorkstationName'),
+		];
+        $rows = $this->model->getWorkstations($filter);
+        
+        if (empty($rows)) {
+            return $this->respond([ 'status'  => 'success', 'message' => "no Data.", 'data' => [] ], 200);
+        }
+
+        return $this->respond([ 'status' => 'success', 'message'=> "fetch success", 'data' => $rows ], 200);
+    }
+
+    public function show($WorkstationID = null) {
+        $row = $this->model->getWorkstation($WorkstationID);
+
+        if (empty($row)) {
+            return $this->respond([ 'status'  => 'success', 'message' => "no Data.", 'data' => null ], 200);
+        }
+
+        return $this->respond([ 'status' => 'success', 'message'=> "fetch success", 'data' => $row ], 200);
+    }
+
+    public function delete() {
+        try {
+            $input = $this->request->getJSON(true);
+            $id = $input["WorkstationID"];
+            if (!$id) { return $this->failValidationErrors('ID is required.'); }
+            $this->model->delete($id);
+            return $this->respondDeleted([ 'status' => 'success', 'message' => "{$id} deleted successfully."]);
+        } catch (\Throwable $e) {
+            return $this->failServerError('Something went wrong: ' . $e->getMessage());
+        }
+    }
+
+    public function create() {
+        $input = $this->request->getJSON(true);
+        try {
+            $id = $this->model->insert($input,true);
+            return $this->respondCreated([ 'status'  => 'success', 'message' => 'data created successfully', 'data' => $id ], 201);
+        } catch (\Throwable $e) {
+            return $this->failServerError('Something went wrong: ' . $e->getMessage());
+        }
+    }
+
+    public function update($WorkstationID = null) {
+        $input = $this->requirePatchPayload($this->request->getJSON(true));
+        if ($input === null) {
+            return;
+        }
+
+        $id = $this->requirePatchId($WorkstationID, 'WorkstationID');
+        if ($id === null) {
+            return;
+        }
+
+        $existing = $this->model->find($id);
+        if (!$existing) {
+            return $this->respond([ 'status' => 'failed', 'message' => 'Workstation not found', 'data' => [] ], 404);
+        }
+
+        $input['WorkstationID'] = $id;
+        try {
+            $this->model->update($id, $input);
+            return $this->respond([ 'status'  => 'success', 'message' => 'data updated successfully', 'data' => $id ], 200);
+        } catch (\Throwable $e) {
+            return $this->failServerError('Something went wrong: ' . $e->getMessage());
+        }
+    }
+}

app/Controllers/PagesController.php

@@ -0,0 +1,14 @@
+<?php
+
+namespace App\Controllers;
+
+/**
+ * PagesController - Serves view pages
+ * 
+ * This controller only returns views. No business logic.
+ * All data is fetched via API calls from the frontend.
+ */
+class PagesController extends BaseController
+{
+    // Add page methods here as needed
+}

app/Controllers/PatVisitController.php

@@ -0,0 +1,315 @@
+<?php
+namespace App\Controllers;
+
+use App\Traits\PatchValidationTrait;
+use App\Traits\ResponseTrait;
+use App\Controllers\BaseController;
+use App\Models\PatVisit\PatVisitModel;
+use App\Models\PatVisit\PatVisitADTModel;
+use App\Models\Patient\PatientModel;
+
+class PatVisitController extends BaseController {
+	use ResponseTrait;
+	use PatchValidationTrait;
+	
+	protected $model;
+
+	public function __construct() {	
+		$this->model = new PatVisitModel();
+	}
+
+	public function index() {
+		try {
+			$InternalPID = $this->request->getVar('InternalPID');
+			$PVID = $this->request->getVar('PVID');
+			$PatientID = $this->request->getVar('PatientID');
+			$PatientName = $this->request->getVar('PatientName');
+			$CreateDateFrom = $this->request->getVar('CreateDateFrom');
+			$CreateDateTo = $this->request->getVar('CreateDateTo');
+			
+			$builder = $this->model->select('patvisit.*, patient.NameFirst, patient.NameLast, patient.PatientID, location.LocFull as LastLocation')
+				->join('patient', 'patient.InternalPID=patvisit.InternalPID', 'left')
+				->join('(SELECT a1.*
+					FROM patvisitadt a1
+					INNER JOIN (
+						SELECT InternalPVID, MAX(PVADTID) AS MaxID
+						FROM patvisitadt
+						GROUP BY InternalPVID
+					) a2 ON a1.InternalPVID = a2.InternalPVID AND a1.PVADTID = a2.MaxID
+				) AS latest_patvisitadt', 'latest_patvisitadt.InternalPVID = patvisit.InternalPVID', 'left')
+				->join('location', 'location.LocationID = latest_patvisitadt.LocationID', 'left');
+			
+			if ($InternalPID) {
+				$builder->where('patvisit.InternalPID', $InternalPID);
+			}
+			if ($PVID) {
+				$builder->like('patvisit.PVID', $PVID, 'both');
+			}
+			if ($PatientID) {
+				$builder->like('patient.PatientID', $PatientID, 'both');
+			}
+			if ($PatientName) {
+				$builder->groupStart()
+					->like('patient.NameFirst', $PatientName, 'both')
+					->orLike('patient.NameLast', $PatientName, 'both')
+					->groupEnd();
+			}
+			if ($CreateDateFrom) {
+				$builder->where('patvisit.CreateDate >=', $CreateDateFrom);
+			}
+			if ($CreateDateTo) {
+				$builder->where('patvisit.CreateDate <=', $CreateDateTo);
+			}
+			
+			$rows = $builder->orderBy('patvisit.CreateDate', 'DESC')->findAll();
+			
+			if (empty($rows)) {
+				return $this->respond(['status' => 'success', 'message' => 'data not found', 'data' => []], 200);
+			}
+			
+			return $this->respond(['status' => 'success', 'message' => 'data found', 'data' => $rows], 200);
+		} catch (\Exception $e) {
+			return $this->failServerError('Something went wrong: ' . $e->getMessage());
+		}
+	}
+
+	public function show($PVID = null) {
+		try {
+			$row = $this->model->show($PVID);
+			if (empty($row)) { 
+				return $this->respond([ 'status' => 'success', 'message'=> "data not found", 'data' => [] ], 200); 
+			} 
+			return $this->respond([ 'status' => 'success', 'message'=> "data found", 'data' => $row ], 200);
+		} catch (\Exception $e) {
+			return $this->failServerError('Something went wrong '.$e->getMessage());
+		}
+	}
+
+	public function showByPatient($InternalPID = null) {
+		try {
+			$rows = $this->model->showByPatient($InternalPID);
+			if($rows == []) { $message = "data not found"; } 
+			else { $message = "data found"; }
+			return $this->respond(['status' => 'success', 'message'=> $message, 'data' => $rows ], 200);
+		} catch (\Exception $e) {
+			return $this->failServerError('Something went wrong '.$e->getMessage());
+		}
+	}
+
+	public function update($InternalPVID = null) {
+		$input = $this->requirePatchPayload($this->request->getJSON(true));
+		if ($input === null) {
+			return;
+		}
+
+		$id = $this->requirePatchId($InternalPVID, 'InternalPVID');
+		if ($id === null) {
+			return;
+		}
+
+		$visit = $this->model->find($id);
+		if (!$visit) {
+			return $this->respond(['status' => 'failed', 'message' => 'Visit not found', 'data' => []], 404);
+		}
+		$input['InternalPVID'] = $id;
+		try {
+			$data = $this->model->updatePatVisit($input);
+			return $this->respond(['status'  => 'success', 'message' => 'Data updated successfully', 'data' => $data], 200);
+		} catch (\Exception $e) {
+			return $this->failServerError('Something went wrong: ' . $e->getMessage());
+		}
+	}
+
+	public function create() {
+		$input = $this->request->getJSON(true);
+		try {
+			// Validate required fields
+			if (!isset($input['InternalPID']) || !is_numeric($input['InternalPID'])) {
+				return $this->respond(['status' => 'error', 'message' => 'InternalPID is required and must be numeric'], 400);
+			}
+			
+			// Check if patient exists
+			$patientModel = new PatientModel();
+			$patient = $patientModel->find($input['InternalPID']);
+			if (!$patient) {
+				return $this->respond(['status' => 'error', 'message' => 'Patient not found'], 404);
+			}
+			
+			$data = $this->model->createPatVisit($input);
+			return $this->respond(['status'  => 'success', 'message' => 'Data created successfully', 'data' => $data], 201);
+		} catch (\Exception $e) {
+			return $this->failServerError('Something went wrong: ' . $e->getMessage());
+		}
+	}
+
+	public function delete() {
+		$input = $this->request->getJSON(true);
+		try {
+			if (!isset($input["InternalPVID"]) || !is_numeric($input["InternalPVID"])) { 
+				return $this->respond(['status' => 'error', 'message' => 'Invalid or missing ID'], 400); 
+			}
+			
+			// Check if visit exists
+			$visit = $this->model->find($input["InternalPVID"]);
+			if (!$visit) {
+				return $this->respond(['status' => 'error', 'message' => 'Visit not found'], 404);
+			}
+			
+			// Soft delete using EndDate (configured in model)
+			$result = $this->model->delete($input["InternalPVID"]);
+			
+			if ($result) {
+				return $this->respond(['status' => 'success', 'message' => 'Data deleted successfully'], 200);
+			} else {
+				return $this->respond(['status' => 'error', 'message' => 'Failed to delete data'], 500);
+			}
+		} catch (\Exception $e) {
+			return $this->failServerError('Something went wrong: ' . $e->getMessage());
+		}
+	}
+
+	public function createADT() {
+		$input = $this->request->getJSON(true);
+		$internalPVID = $input['InternalPVID'] ?? $input['InternalPID'] ?? null;
+		if (!$internalPVID || !is_numeric($internalPVID)) {
+			return $this->respond(['status' => 'error', 'message' => 'Invalid or missing InternalPVID'], 400);
+		}
+		$input['InternalPVID'] = (int) $internalPVID;
+		$modelPVA = new PatVisitADTModel();
+		try {
+			$data = $modelPVA->insert($input, true);
+			$record = $modelPVA->find($data);
+			if ($record) {
+				$record['ADTID'] = $record['PVADTID'];
+			}
+			return $this->respond(['status'  => 'success', 'message' => 'Data created successfully', 'data' => $record ?? ['ADTID' => $data]], 201);
+		} catch (\Exception $e) {
+			return $this->failServerError('Something went wrong: ' . $e->getMessage());
+		}
+	}
+
+	public function updateADT($PVADTID = null) {
+		$input = $this->requirePatchPayload($this->request->getJSON(true));
+		if ($input === null) {
+			return;
+		}
+
+		$id = $this->requirePatchId($PVADTID, 'PVADTID');
+		if ($id === null) {
+			return;
+		}
+
+		$modelPVA = new PatVisitADTModel();
+		$adt = $modelPVA->find($id);
+		if (!$adt) {
+			return $this->respond(['status' => 'failed', 'message' => 'ADT record not found', 'data' => []], 404);
+		}
+
+		$internalPVID = null;
+		if (array_key_exists('InternalPVID', $adt) && !empty($adt['InternalPVID'])) {
+			$internalPVID = $adt['InternalPVID'];
+		} elseif (array_key_exists('InternalPID', $adt) && !empty($adt['InternalPID'])) {
+			$internalPVID = $adt['InternalPID'];
+		}
+
+		if ($internalPVID !== null && (!array_key_exists('InternalPVID', $input) || $input['InternalPVID'] === null || $input['InternalPVID'] === '')) {
+			$input['InternalPVID'] = $internalPVID;
+		}
+
+		$input['PVADTID'] = $id;
+		try {
+			$data = $modelPVA->update($id, $input);
+			return $this->respond(['status'  => 'success', 'message' => 'Data updated successfully', 'data' => $data], 200);
+		} catch (\Exception $e) {
+			return $this->failServerError('Something went wrong: ' . $e->getMessage());
+		}
+	}
+
+	public function getADTByVisit($InternalPVID = null) {
+		try {
+			if (!$InternalPVID || !is_numeric($InternalPVID)) {
+				return $this->respond(['status' => 'error', 'message' => 'Invalid or missing InternalPVID'], 400);
+			}
+
+			$modelPVA = new PatVisitADTModel();
+			$rows = $modelPVA->select('patvisitadt.*, location.LocFull as LocationName, 
+				attDoc.NameFirst as AttDocFirstName, attDoc.NameLast as AttDocLastName,
+				refDoc.NameFirst as RefDocFirstName, refDoc.NameLast as RefDocLastName,
+				admDoc.NameFirst as AdmDocFirstName, admDoc.NameLast as AdmDocLastName,
+				cnsDoc.NameFirst as CnsDocFirstName, cnsDoc.NameLast as CnsDocLastName')
+				->join('location', 'location.LocationID = patvisitadt.LocationID', 'left')
+				->join('contact attDoc', 'attDoc.ContactID = patvisitadt.AttDoc', 'left')
+				->join('contact refDoc', 'refDoc.ContactID = patvisitadt.RefDoc', 'left')
+				->join('contact admDoc', 'admDoc.ContactID = patvisitadt.AdmDoc', 'left')
+				->join('contact cnsDoc', 'cnsDoc.ContactID = patvisitadt.CnsDoc', 'left')
+				->where('patvisitadt.InternalPVID', $InternalPVID)
+				->where('patvisitadt.DelDate', null)
+				->orderBy('patvisitadt.CreateDate', 'ASC')
+				->findAll();
+
+			if (empty($rows)) {
+				return $this->respond(['status' => 'success', 'message' => 'No ADT history found', 'data' => []], 200);
+			}
+
+			return $this->respond(['status' => 'success', 'message' => 'ADT history retrieved', 'data' => $rows], 200);
+		} catch (\Exception $e) {
+			return $this->failServerError('Something went wrong: ' . $e->getMessage());
+		}
+	}
+
+	public function showADT($PVADTID = null) {
+		try {
+			if (!$PVADTID || !is_numeric($PVADTID)) {
+				return $this->respond(['status' => 'error', 'message' => 'Invalid or missing PVADTID'], 400);
+			}
+
+			$modelPVA = new PatVisitADTModel();
+			$row = $modelPVA->select('patvisitadt.*, location.LocFull as LocationName, 
+				attDoc.NameFirst as AttDocFirstName, attDoc.NameLast as AttDocLastName,
+				refDoc.NameFirst as RefDocFirstName, refDoc.NameLast as RefDocLastName,
+				admDoc.NameFirst as AdmDocFirstName, admDoc.NameLast as AdmDocLastName,
+				cnsDoc.NameFirst as CnsDocFirstName, cnsDoc.NameLast as CnsDocLastName')
+				->join('location', 'location.LocationID = patvisitadt.LocationID', 'left')
+				->join('contact attDoc', 'attDoc.ContactID = patvisitadt.AttDoc', 'left')
+				->join('contact refDoc', 'refDoc.ContactID = patvisitadt.RefDoc', 'left')
+				->join('contact admDoc', 'admDoc.ContactID = patvisitadt.AdmDoc', 'left')
+				->join('contact cnsDoc', 'cnsDoc.ContactID = patvisitadt.CnsDoc', 'left')
+				->where('patvisitadt.PVADTID', $PVADTID)
+				->where('patvisitadt.DelDate', null)
+				->first();
+
+			if (empty($row)) {
+				return $this->respond(['status' => 'success', 'message' => 'ADT record not found', 'data' => []], 200);
+			}
+
+			return $this->respond(['status' => 'success', 'message' => 'ADT record retrieved', 'data' => $row], 200);
+		} catch (\Exception $e) {
+			return $this->failServerError('Something went wrong: ' . $e->getMessage());
+		}
+	}
+
+public function deleteADT() {
+		$input = $this->request->getJSON(true);
+		try {
+			if (!isset($input["PVADTID"]) || !is_numeric($input["PVADTID"])) { 
+				return $this->respond(['status' => 'error', 'message' => 'Invalid or missing PVADTID'], 400); 
+			}
+			
+			$modelPVA = new PatVisitADTModel();
+			$adt = $modelPVA->find($input["PVADTID"]);
+			if (!$adt) {
+				return $this->respond(['status' => 'error', 'message' => 'ADT record not found'], 404);
+			}
+			
+			$result = $modelPVA->delete($input["PVADTID"]);
+			
+			if ($result) {
+				return $this->respond(['status' => 'success', 'message' => 'ADT record deleted successfully'], 200);
+			} else {
+				return $this->respond(['status' => 'error', 'message' => 'Failed to delete ADT record'], 500);
+			}
+		} catch (\Exception $e) {
+			return $this->failServerError('Something went wrong: ' . $e->getMessage());
+		}
+	}
+}

app/Controllers/Patient.php

@@ -1,340 +0,0 @@
-<?php
-namespace App\Controllers;
-
-use CodeIgniter\API\ResponseTrait;
-use CodeIgniter\Controller;
-use CodeIgniter\Database\RawSql;
-
-class Patient extends Controller {
-    use ResponseTrait;
-
-    public function __construct() {
-        $this->db = \Config\Database::connect();
-    }
-
-    // OK
-    public function index() {
-
-        try {
-            $pat_num = $this->request->getVar('pat_num');
-            $pat_altnum = $this->request->getVar('pat_altnum');
-            $pat_name = $this->request->getVar('pat_name');
-            $pat_dob = $this->request->getVar('pat_dob');
-            $start_date = $this->request->getVar('start_date');
-            $end_date = $this->request->getVar('end_date');
-
-            $builder = $this->db->table('patients');
-            
-            if ($pat_name !== null) { 
-                $sql    = "LOWER(CONCAT_WS(' ', IFNULL(prefix,''), IFNULL(name_first,''), IFNULL(name_middle,''), IFNULL(name_last,''), IFNULL(name_maiden,''), IFNULL(suffix,'')))";
-                $rawSql = new RawSql($sql);
-                $builder->like($rawSql, $pat_name, 'both');
-            }
-            if ($pat_num !== null) { $builder->where('pat_num', $pat_num); }
-            if ($pat_altnum !== null) { $builder->where('pat_altnum', $pat_altnum); }
-            if ($pat_dob !== null) { $builder->where('pat_dob', $pat_dob); }
-            if ($start_date !== null || $end_date !== null) { 
-                $builder->join('requests', 'pat_id=patients.pat_id','left');
-                if ($start_date !== null) { $builder->where('requests.req_date >=', $start_date . ' 00:00:00'); }
-                if ($end_date !== null) { $builder->where('requests.req_date <=', $end_date . ' 23:59:00'); }
-            }
-
-            $filteredPatients = $builder->get()->getResultArray();
-
-            // Data pasien tidak ada mengembalikan - success 200
-            if (empty($filteredPatients)) {
-                return $this->respond([
-                    'status' => 'success',
-                    'message' => 'No patient records found matching the criteria.',
-                    'data' => []
-                ], 200);
-            }
-
-            // Data pasien ditemukan dan mengembalikan - success 200 
-            return $this->respond([
-                        'status' => 'success',
-                        'message'=> "Patients fetched successfully",
-                        'data'   => $filteredPatients,
-                    ], 200);
-
-        } catch (\Exception $e) {
-            
-            // Error Server Mengembalikan 500
-            return $this->failServerError('Something went wrong');
-        }
-    }
-
-    // OK
-    public function show($id = null) {
-
-        try {
-
-            $builder = $this->db->table('patients');
-            $patient = $builder->where('pat_num', $id)->get()->getRowArray();
-
-            // Data pasien tidak ada mengembalikan - success 200
-            if (empty($patient)) {
-                return $this->respond([
-                    'status' => 'success',
-                    'message' => 'Patient with ID ' . $id . ' not found.',
-                    'data' => [],
-                ], 200);
-            }
-
-            // Data pasien ditemukan dan mengembalikan - success 200 
-            return $this->respond([
-                        'status' => 'success',
-                        'message'=> "Patient Show Successfully",
-                        'data'   => $patient,
-                    ], 200);
-
-        } catch (\Exception $e) {
-
-            // Error Server Mengembalikan 500
-            return $this->failServerError('Something went wrong');
-        }
-
-    }
-
-    // OK
-    public function create() {
-
-        try {
-            $input = $this->request->getJSON(true);
-
-            // $datas = [
-            //     'name_first' => $data['name_first'],
-            //     'name_last' => $data['name_last'],
-            //     'name_middle' => $data['name_middle'] ?? null,
-            //     'name_maiden' => $data['name_maiden'] ?? null,
-            //     'pat_num' => $data['pat_num'],
-            //     'prefix' => $data['prefix'] ?? null,
-            //     'suffix' => $data['suffix'] ?? null,
-            //     'birth_date' => $data['pat_dob'] ?? null,
-            //     'pat_altnum' => $data['pat_altnum'] ?? null,
-            //     'address_1' => $data['address_1'] ?? null,
-            //     'address_2' => $data['address_2'] ?? null,
-            //     'address_3' => $data['address_3'] ?? null,
-            //     'city' => $data['city'] ?? null,
-            //     'province' => $data['province'] ?? null,
-            //     'zip' => $data['zip'] ?? null,
-            //     'email_1' => $data['email_1'] ?? null,
-            //     'email_2' => $data['email_2'] ?? null,
-            //     'phone' => $data['phone'] ?? null,
-            //     'mobile_phone' => $data['mobile_phone'] ?? null,
-            //     'mother' => $data['mother'] ?? null,
-            //     'account_number' => $data['account_number'] ?? null,
-            //     'marital_status' => $data['marital_status'] ?? null,
-            //     'country_id' => $data['country_id'] ?? null,
-            //     'race_id' => $data['race_id'] ?? null,
-            //     'religion_id' => $data['religion_id'] ?? null,
-            //     'ethnic_id' => $data['ethnic_id'] ?? null,
-            //     'citizenship' => $data['citizenship'] ?? null,
-            //     'death' => $data['death'] ?? null,
-            //     'death_date' => $data['death_date'] ?? null,
-            //     'create_date' => date('Y-m-d H:i:s'),
-            // ];
-
-            $data = [
-                'name_first' => $input['firstName'], // Mengambil dari firstName
-                'name_last' => $input['lastName'],   // Mengambil dari lastName
-                'name_middle' => $input['middleName'] ?? null, // Mengambil dari middleName
-                'name_maiden' => $input['maindenName'] ?? null, // Mengambil dari maindenName
-                'pat_num' => $input['patientID'], // Mengambil dari patientID
-                'prefix' => $input['title'] ?? null, // Mengambil dari title
-                'suffix' => $input['suffixName'] ?? null, // Mengambil dari suffixName
-                'birth_date' => $input['birthdate'] ?? null, // Mengambil dari birthdate
-                'pat_altnum' => $input['alternateID'] ?? null, // Mengambil dari alternateID
-                'address_1' => $input['street1'] ?? null, // Mengambil dari street1
-                'address_2' => $input['street2'] ?? null, // Mengambil dari street2
-                'address_3' => $input['placeOfBirthdate'] ?? null, // Memetakan placeOfBirthdate ke address_3, jika diperlukan
-                'city' => $input['city'] ?? null, // Mengambil dari city
-                'province' => $input['province'] ?? null, // Mengambil dari province
-                'zip' => null, // Tidak ada padanan langsung di newPatientForm, bisa diisi manual atau dari input lain
-                'email_1' => $input['email1'] ?? null, // Mengambil dari email1
-                'email_2' => $input['email2'] ?? null, // Mengambil dari email2
-                'phone' => $input['phone'] ?? null, // Mengambil dari phone
-                'mobile_phone' => $input['mobile'] ?? null, // Mengambil dari mobile
-                'mother' => $input['motherName'] ?? null, // Mengambil dari motherName
-                'account_number' => null, // Tidak ada padanan langsung, bisa diisi manual atau dari input lain
-                'marital_status' => $input['maritalStatus'] ?? null, // Mengambil dari maritalStatus
-                'country_id' => null, // Tidak ada padanan langsung, perlu penyesuaian jika ada input negara
-                // 'race_id' => $data['race'] ?? null, // Mengambil dari race
-                // 'religion_id' => $data['religion'] ?? null, // Mengambil dari religion
-                // 'ethnic_id' => $data['ethnic'] ?? null, // Mengambil dari ethnic
-                'citizenship' => null, // Tidak ada padanan langsung, perlu penyesuaian jika ada input kewarganegaraan
-                'death' => $input['death'] ?? null,   // Mengambil dari death (asumsi 0/1 atau boolean)
-                'death_date' => $input['deathTime'] ?? null, // Mengambil dari deathTime
-                'create_date' => date('Y-m-d H:i:s'), // Ini adalah tanggal dan waktu saat ini di server PHP
-            ];
-
-            $rules = [
-                'pat_num' => 'required|is_unique[patients.pat_num]|max_length[50]',
-                'name_first' => 'required|min_length[3]|max_length[255]',
-                'name_middle' => 'permit_empty',
-                'name_maiden' => 'permit_empty',
-                'name_last' => 'permit_empty',
-                'birth_date' => 'permit_empty|valid_date[Y-m-d]',
-                'pat_altnum' => 'permit_empty|max_length[50]',
-                'address_1' => 'permit_empty',
-                'address_2' => 'permit_empty',
-                'address_3' => 'permit_empty',
-                'city' => 'permit_empty',
-            ];
-
-            // Request dari client tidak valid atau tidak bisa diproses oleh server - 400
-            if (!$this->validateData($data, $rules)) {
-                return $this->respond([
-                    'status' => 'error',
-                    'message' => 'Validation failed',
-                    'errors' => $this->validator->getErrors()
-                ], 400);
-            }
-
-            $this->db->table('patients')->insert($data);
-            $newPatientId = $this->db->insertID();
-
-            // Sukses & Insert = 201 - Kirim data patient ID
-            return $this->respondCreated([
-                'status' => 'success',
-                'message' => 'Patient created successfully',
-                'data'  => $newPatientId
-            ], 201);
-
-        } catch (\Exception $e) {
-
-            // Error Server = 500
-            return $this->failServerError('Something went wrong');
-        }
-    }
-
-    // OK
-    public function update($pat_id = null) {
-
-        try {
-            $input = $this->request->getJSON(true);
-
-            $data = [
-                'name_first' => $input['name_first'], // Mengambil dari firstName
-                'name_last' => $input['name_last'],   // Mengambil dari lastName
-                'name_middle' => $input['middleName'] ?? null, // Mengambil dari middleName
-                'name_maiden' => $input['maindenName'] ?? null, // Mengambil dari maindenName
-                'pat_num' => $input['pat_num'], // Mengambil dari patientID
-                'prefix' => $input['title'] ?? null, // Mengambil dari title
-                'suffix' => $input['suffixName'] ?? null, // Mengambil dari suffixName
-                'birth_date' => $input['birthdate'] ?? null, // Mengambil dari birthdate
-                'pat_altnum' => $input['alternateID'] ?? null, // Mengambil dari alternateID
-                'address_1' => $input['street1'] ?? null, // Mengambil dari street1
-                'address_2' => $input['street2'] ?? null, // Mengambil dari street2
-                'address_3' => $input['placeOfBirthdate'] ?? null, // Memetakan placeOfBirthdate ke address_3, jika diperlukan
-                'city' => $input['city'] ?? null, // Mengambil dari city
-                'province' => $input['province'] ?? null, // Mengambil dari province
-                'zip' => null, // Tidak ada padanan langsung di newPatientForm, bisa diisi manual atau dari input lain
-                'email_1' => $input['email1'] ?? null, // Mengambil dari email1
-                'email_2' => $input['email2'] ?? null, // Mengambil dari email2
-                'phone' => $input['phone'] ?? null, // Mengambil dari phone
-                'mobile_phone' => $input['mobile'] ?? null, // Mengambil dari mobile
-                'mother' => $input['motherName'] ?? null, // Mengambil dari motherName
-                'account_number' => null, // Tidak ada padanan langsung, bisa diisi manual atau dari input lain
-                'marital_status' => $input['maritalStatus'] ?? null, // Mengambil dari maritalStatus
-                'country_id' => null, // Tidak ada padanan langsung, perlu penyesuaian jika ada input negara
-                'citizenship' => null, // Tidak ada padanan langsung, perlu penyesuaian jika ada input kewarganegaraan
-                'death' => $input['death'] ?? null,   // Mengambil dari death (asumsi 0/1 atau boolean)
-                'death_date' => $input['deathTime'] ?? null, // Mengambil dari deathTime
-                'create_date' => date('Y-m-d H:i:s'), // Ini adalah tanggal dan waktu saat ini di server PHP
-            ];
-
-            // Apakah Pasien Ada
-            $existingPatient = $this->db->table('patients')->where('pat_id', $pat_id)->get()->getRowArray();
-            
-            // Mengembalikan 404
-            if (empty($existingPatient)) {
-                return $this->failNotFound('Patient with ID ' . $pat_id . ' not found.');
-            }
-
-            $rules = [
-                'pat_num' => 'required|max_length[50]',
-                'name_first' => 'required|min_length[3]|max_length[255]',
-                'name_middle' => 'permit_empty',
-                'name_maiden' => 'permit_empty',
-                'name_last' => 'permit_empty',
-                'birth_date' => 'permit_empty|valid_date[Y-m-d]',
-                'pat_altnum' => 'permit_empty|max_length[50]',
-                'address_1' => 'permit_empty',
-                'address_2' => 'permit_empty',
-                'address_3' => 'permit_empty',
-                'city' => 'permit_empty',
-            ];
-
-            // Request dari client tidak valid atau tidak bisa diproses oleh server - 400
-            if (!$this->validateData($data, $rules)) {
-                return $this->failValidationErrors($this->validator->getErrors());
-            }
-
-            $allowedUpdateFields = [
-                'name_first', 'name_last', 'name_middle', 
-                'pat_num', 'pat_altnum', 'birth_date', 'birth_place',
-                'address_1', 'address_2', 'address_3', 'city', 'province', 'zip',
-                'email_1', 'email_2', 'phone', 'mobile_phone', 'mother', 'account_number'
-            ];
-
-            $datas = [];
-            foreach ($allowedUpdateFields as $field) {
-                if (isset($data[$field])) {
-                    $datas[$field] = $data[$field];
-                }
-            }
-
-            if (empty($data)) {
-                return $this->failValidationError('No data provided for update.');
-            }
-
-            $this->db->table('patients')->where('pat_id', $pat_id)->update($data);
-
-            // Sukses & Insert = 201 - Kirim data patient ID
-            return $this->respondCreated([
-                'status' => 'success',
-                'message' => 'Patient updated successfully',
-                'data'  => $data
-            ], 201);
-
-        } catch (\Exception $e) {
-            // Error Server = 500
-            return $this->failServerError('Something went wrong '.$e);
-        } 
-    }
-
-    // OK
-    public function delete($pat_id = null) {
-
-        try {
-        
-            if (!$pat_id) {
-                return $this->failValidationError('Patient ID is required.');
-            }
-
-            // Cari data pasien
-            $patient = $this->db->table('patients')
-                                ->where('pat_id', $pat_id)
-                                ->get()
-                                ->getRow();
-
-            if (!$patient) {
-                return $this->failNotFound("Patient ID with {$pat_id} not found.");
-            }
-
-            // Hapus data pasien berdasarkan pat_num
-            $this->db->table('patients')->where('pat_id', $pat_id)->delete();
-
-            // Mengembalikan 200
-            return $this->respondDeleted([
-                'status' => 'success',
-                'message' => "Patient ID with {$pat_id} deleted successfully."
-            ]);
- 
-        } catch (\Exception $e) {
-            return $this->failServerError("Internal server error: " . $e->getMessage());
-        }
-    }
-
-}

app/Controllers/Patient/PatientController.php

@@ -0,0 +1,318 @@
+<?php
+namespace App\Controllers\Patient;
+
+use App\Traits\ResponseTrait;
+use CodeIgniter\Controller;
+use App\Libraries\ValueSet;
+use App\Models\Patient\PatientModel;
+
+class PatientController extends Controller {
+    use ResponseTrait;
+
+    protected $db;
+    protected $model;
+    protected $rules;
+
+    public function __construct() {
+        $this->db = \Config\Database::connect();
+        $this->model = new PatientModel();
+        $this->rules = [
+            'PatientID'         => 'required|regex_match[/^[A-Za-z0-9.-]+$/]|max_length[30]',
+            'AlternatePID'      => 'permit_empty|regex_match[/^[A-Za-z0-9.-]+$/]|max_length[30]',
+            'Prefix'            => 'permit_empty|regex_match[/^[A-Za-z\'\. ]+$/]|max_length[10]',
+            'Sex'             => 'required',
+
+            'NameFirst'         => 'required|regex_match[/^[A-Za-z\'\. ]+$/]|min_length[1]|max_length[60]',
+            'NameMiddle'        => 'permit_empty|regex_match[/^[A-Za-z\'\. ]+$/]|min_length[1]|max_length[60]',
+            'NameMaiden'        => 'permit_empty|regex_match[/^[A-Za-z\'\. ]+$/]|min_length[1]|max_length[60]',
+            'NameLast'          => 'permit_empty|regex_match[/^[A-Za-z\'\. ]+$/]|min_length[1]|max_length[60]',
+
+            'Suffix'            => 'permit_empty|regex_match[/^[A-Za-z\'\. ]+$/]|max_length[10]',
+            'PlaceOfBirth'      => 'permit_empty|regex_match[/^[A-Za-z\'\. ]+$/]|max_length[100]',
+            'Citizenship'       => 'permit_empty|regex_match[/^[A-Za-z\'\. ]+$/]|max_length[100]',
+
+            'Street_1'          => 'permit_empty|regex_match[/^[A-Za-z0-9\'.,\/\- ]+$/]|max_length[255]',
+            'Street_2'          => 'permit_empty|regex_match[/^[A-Za-z0-9\'.,\/\- ]+$/]|max_length[255]',
+            'Street_3'          => 'permit_empty|regex_match[/^[A-Za-z0-9\'.,\/\- ]+$/]|max_length[255]',
+
+            'EmailAddress1'     => 'permit_empty|valid_email|max_length[100]',
+            'EmailAddress2'     => 'permit_empty|valid_email|max_length[100]',
+            
+            'Birthdate'             => 'required',
+            'PatIdt.IdentifierType' => 'permit_empty',
+            'PatIdt.Identifier'     => 'permit_empty|max_length[255]',
+
+            'ZIP'               => 'permit_empty|is_natural|max_length[10]',
+            'Phone'             => 'permit_empty|regex_match[/^\\+?[0-9]{8,15}$/]',
+            'MobilePhone'       => 'permit_empty|regex_match[/^\\+?[0-9]{8,15}$/]'
+        ];
+    }
+
+    public function index() {
+        $filters = [
+            'InternalPID' => $this->request->getVar('InternalPID'),
+            'PatientID'   => $this->request->getVar('PatientID'),
+            'Name'        => $this->request->getVar('Name'),
+            'Birthdate'   => $this->request->getVar('Birthdate'),
+        ];
+
+        try {
+            $rows = $this->model->getPatients($filters);
+            
+            $rows = ValueSet::transformLabels($rows, [
+                'Sex' => 'sex',
+            ]);
+            
+            return $this->respond([ 'status' => 'success', 'message'=> "data fetched successfully", 'data'   => $rows ], 200);
+        } catch (\Exception $e) {
+            return $this->failServerError('Exception : '.$e->getMessage());
+        }
+    }
+
+    public function show($InternalPID = null) {
+        try {
+            $row = $this->model->getPatient($InternalPID);
+            if (empty($row)) { return $this->respond([ 'status'  => 'success', 'message' => "data not found.", 'data' => null ], 200); }
+            
+            $row = ValueSet::transformLabels([$row], [
+                'Sex' => 'sex',
+            ])[0];
+            
+            return $this->respond([ 'status'  => 'success', 'message' => "data fetched successfully", 'data' => $row ], 200);
+        } catch (\Exception $e) {
+            return $this->failServerError('Something went wrong: ' . $e->getMessage());
+        }
+    }
+
+    public function create() {
+        $input = $this->request->getJSON(true);
+
+        // Khusus untuk Override PATIDT
+        $type = $input['PatIdt']['IdentifierType'] ?? null;
+        $identifierRulesMap = $this->getPatIdtIdentifierRulesMap();
+        if ($type === null || $type === '' || !is_string($type)) {
+            $identifierRule = 'permit_empty|max_length[255]';
+            $this->rules['PatIdt.IdentifierType'] = 'permit_empty';
+            $this->rules['PatIdt.Identifier']     = $identifierRule;
+        } else {
+            $identifierRule = $identifierRulesMap[$type] ?? 'permit_empty|max_length[255]';
+            $this->rules['PatIdt.IdentifierType'] = 'required';
+            $this->rules['PatIdt.Identifier']     = $identifierRule;
+        }
+
+        if (!$this->validateData($input, $this->rules)) { return $this->failValidationErrors($this->validator->getErrors()); }
+        try {
+            $InternalPID = $this->model->createPatient($input);
+            return $this->respondCreated([ 'status'  => 'success', 'message' => "data $InternalPID created successfully" ]);
+        } catch (\Exception $e) {
+            return $this->failServerError('Something went wrong: ' . $e->getMessage());
+        }
+    }
+
+    public function update($InternalPID = null) {
+        $input = $this->request->getJSON(true) ?? [];
+
+        if (!$InternalPID || !ctype_digit((string) $InternalPID)) {
+            return $this->respond([
+                'status' => 'error',
+                'message' => 'InternalPID is required and must be a valid integer.'
+            ], 400);
+        }
+
+        if (!is_array($input) || $input === []) {
+            return $this->respond([
+                'status' => 'failed',
+                'message' => 'Patch payload is required.'
+            ], 400);
+        }
+
+        if (array_key_exists('PatIdt', $input) && $input['PatIdt'] !== null && !is_array($input['PatIdt'])) {
+            return $this->failValidationErrors([
+                'PatIdt' => 'PatIdt must be an object or null.'
+            ]);
+        }
+
+        $patchRules = $this->buildPatchRules($input);
+        if ($patchRules !== [] && !$this->validateData($input, $patchRules)) {
+            return $this->failValidationErrors($this->validator->getErrors());
+        }
+
+        try {
+            $updatedPid = $this->model->updatePatientPartial((int) $InternalPID, $input);
+            if ($updatedPid === null) {
+                return $this->respond([
+                    'status' => 'failed',
+                    'message' => "data $InternalPID not found"
+                ], 404);
+            }
+
+            return $this->respond([ 'status'  => 'success', 'message' => "data $updatedPid update successfully" ], 200);
+        } catch (\Exception $e) {
+            return $this->failServerError('Something went wrong: ' . $e->getMessage());
+        }
+    }
+
+    private function buildPatchRules(array $input): array
+    {
+        $rules = [];
+
+        $fieldRules = [
+            'PatientID' => 'permit_empty|regex_match[/^[A-Za-z0-9.-]+$/]|max_length[30]',
+            'AlternatePID' => 'permit_empty|regex_match[/^[A-Za-z0-9.-]+$/]|max_length[30]',
+            'Prefix' => 'permit_empty|regex_match[/^[A-Za-z\'\. ]+$/]|max_length[10]',
+            'Sex' => 'permit_empty',
+            'NameFirst' => 'required|regex_match[/^[A-Za-z\'\. ]+$/]|min_length[1]|max_length[60]',
+            'NameMiddle' => 'permit_empty|regex_match[/^[A-Za-z\'\. ]+$/]|min_length[1]|max_length[60]',
+            'NameMaiden' => 'permit_empty|regex_match[/^[A-Za-z\'\. ]+$/]|min_length[1]|max_length[60]',
+            'NameLast' => 'permit_empty|regex_match[/^[A-Za-z\'\. ]+$/]|min_length[1]|max_length[60]',
+            'Suffix' => 'permit_empty|regex_match[/^[A-Za-z\'\. ]+$/]|max_length[10]',
+            'PlaceOfBirth' => 'permit_empty|regex_match[/^[A-Za-z\'\. ]+$/]|max_length[100]',
+            'Citizenship' => 'permit_empty|regex_match[/^[A-Za-z\'\. ]+$/]|max_length[100]',
+            'Street_1' => 'permit_empty|regex_match[/^[A-Za-z0-9\'.,\/\- ]+$/]|max_length[255]',
+            'Street_2' => 'permit_empty|regex_match[/^[A-Za-z0-9\'.,\/\- ]+$/]|max_length[255]',
+            'Street_3' => 'permit_empty|regex_match[/^[A-Za-z0-9\'.,\/\- ]+$/]|max_length[255]',
+            'EmailAddress1' => 'permit_empty|valid_email|max_length[100]',
+            'EmailAddress2' => 'permit_empty|valid_email|max_length[100]',
+            'Birthdate' => 'permit_empty',
+            'ZIP' => 'permit_empty|is_natural|max_length[10]',
+            'Phone' => 'permit_empty|regex_match[/^\\+?[0-9]{8,15}$/]',
+            'MobilePhone' => 'permit_empty|regex_match[/^\\+?[0-9]{8,15}$/]',
+            'Country' => 'permit_empty|max_length[10]',
+            'Race' => 'permit_empty|max_length[100]',
+            'MaritalStatus' => 'permit_empty',
+            'Religion' => 'permit_empty|max_length[100]',
+            'Ethnic' => 'permit_empty|max_length[100]',
+            'isDead' => 'permit_empty',
+            'TimeOfDeath' => 'permit_empty',
+            'PatCom' => 'permit_empty|string',
+            'PatAtt' => 'permit_empty',
+            'LinkTo' => 'permit_empty',
+            'Custodian' => 'permit_empty',
+        ];
+
+        foreach ($fieldRules as $field => $rule) {
+            if (array_key_exists($field, $input) && $field !== 'PatIdt') {
+                $rules[$field] = $rule;
+            }
+        }
+
+        if (array_key_exists('PatIdt', $input) && $input['PatIdt'] !== null) {
+            $type = $input['PatIdt']['IdentifierType'] ?? null;
+            $identifierRulesMap = $this->getPatIdtIdentifierRulesMap();
+            $identifierRule = is_string($type)
+                ? ($identifierRulesMap[$type] ?? 'required|max_length[255]')
+                : 'required|max_length[255]';
+
+            $rules['PatIdt.IdentifierType'] = 'required';
+            $rules['PatIdt.Identifier'] = $identifierRule;
+        }
+
+        return $rules;
+    }
+
+    private function getPatIdtIdentifierRulesMap(): array
+    {
+        return [
+            'KTP'  => 'required|regex_match[/^[0-9]{16}$/]',
+            'PASS' => 'required|regex_match[/^[A-Za-z0-9]{1,9}$/]',
+            'SSN'  => 'required|regex_match[/^[0-9]{9}$/]',
+            'SIM'  => 'required|regex_match[/^[0-9]{19,20}$/]',
+            'KTAS' => 'required|regex_match[/^[0-9]{11}$/]',
+        ];
+    }
+    
+    public function delete() {
+        try {
+            $input = $this->request->getJSON(true);
+            $InternalPID = $input["InternalPID"];
+
+            // Mencegah Inputan 0, [], null, sql injection
+            if (empty($InternalPID) || !ctype_digit((string) $InternalPID)) {
+                return $this->respond([
+                    'status' => 'error',
+                    'message' => "Patient ID must be a valid integer."
+                ], 400);
+            }
+
+            $patient = $this->db->table('patient')->where('InternalPID', $InternalPID)->get()->getRow();
+
+            if (!$patient) {
+                return $this->failNotFound("Patient ID with {$InternalPID} not found.");
+            }
+
+            $this->db->table('patient')->where('InternalPID', $InternalPID)->update(['DelDate' => date('Y-m-d H:i:s')]);
+
+            return $this->respondDeleted([
+                'status' => 'success',
+                'message' => "Patient ID with {$InternalPID} deleted successfully."
+            ]);
+ 
+        } catch (\Exception $e) {
+            return $this->failServerError("Internal server error: " . $e->getMessage());
+        }
+    }
+
+    public function patientCheck() {
+        try {
+            $PatientID = $this->request->getVar('PatientID');
+            $EmailAddress = $this->request->getVar('EmailAddress');
+            $Phone = $this->request->getVar('Phone');
+
+            if (!empty($PatientID)){
+                if (!preg_match('/^[A-Za-z0-9.-]+$/', (string) $PatientID)) {
+                    return $this->respond([
+                        'status' => 'error',
+                        'message' => 'PatientID format is invalid.',
+                        'data' => null
+                    ], 400);
+                }
+
+                $patient = $this->db->table('patient')
+                    ->where('PatientID', $PatientID)
+                    ->get()
+                    ->getRowArray();
+            } elseif (!empty($EmailAddress)) {
+                $patient = $this->db->table('patient')
+                    ->groupStart()
+                        ->where('EmailAddress1', $EmailAddress)
+                        ->orWhere('EmailAddress2', $EmailAddress)
+                    ->groupEnd()
+                    ->get()
+                    ->getRowArray();
+            } elseif (!empty($Phone)){
+                $patient = $this->db->table('patient')
+                    ->groupStart()
+                        ->where('Phone', $Phone)
+                        ->orWhere('MobilePhone', $Phone)
+                    ->groupEnd()
+                    ->get()
+                    ->getRowArray();
+            } else {
+                return $this->respond([
+                    'status' => 'error',
+                    'message' => 'PatientID, EmailAddress, or Phone parameter is required.',
+                    'data' => null
+                ], 400); 
+            }
+
+            if (!$patient) {
+                return $this->respond([
+                    'status'  => 'success',
+                    'message' => !empty($PatientID) ? 'PatientID not found.' : (!empty($Phone) ? 'Phone not found.' : 'EmailAddress not found.'),
+                    'data'    => true,
+                ], 200);
+            }
+
+            return $this->respond([
+                'status'  => 'success',
+                'message' => !empty($PatientID) ? 'PatientID already exists.' : (!empty($Phone) ? 'Phone already exists.' : 'EmailAddress already exists.'),
+                'data'    => false,
+            ], 200);
+
+
+        } catch (\Exception $e) {
+            // Error Server Mengembalikan 500
+            return $this->failServerError('Something went wrong.'.$e->getMessage());
+        }
+    }
+}

app/Controllers/PatientRace.php

@@ -1,27 +0,0 @@
-<?php
-namespace App\Controllers;
-
-use CodeIgniter\API\ResponseTrait;
-use CodeIgniter\Controller;
-use CodeIgniter\Database\RawSql;
-
-class PatientRace extends Controller {
-    use ResponseTrait;
-
-    public function index() {
-        $data = [
-            [ 'patraceid'=>'1', 'patracecode'=> 'ASIA', 'full_text'=>'Asian' ],
-            [ 'patraceid'=>'2', 'patracecode'=> 'AMERICA', 'full_text'=>'American Indian or Alaska Native' ],
-            [ 'patraceid'=>'3', 'patracecode'=> 'AFRICA', 'full_text'=>'Black or African-American' ],
-            [ 'patraceid'=>'4', 'patracecode'=> 'LATIN', 'full_text'=>'Hispanic or Latino' ],
-            [ 'patraceid'=>'5', 'patracecode'=> 'HAWAI', 'full_text'=>'Native Hawaiian or Pacific Islander' ],
-            [ 'patraceid'=>'6', 'patracecode'=> 'WHITE', 'full_text'=>'White' ],
-            [ 'patraceid'=>'7', 'patracecode'=> 'UK', 'full_text'=>'Unknown' ]
-        ];
-        
-        return $this->respond([
-            'status' => 'success',
-            'data'   => $data,
-        ]);
-    }
-}

app/Controllers/PatientReligion.php

@@ -1,26 +0,0 @@
-<?php
-namespace App\Controllers;
-
-use CodeIgniter\API\ResponseTrait;
-use CodeIgniter\Controller;
-use CodeIgniter\Database\RawSql;
-
-class PatientReligion extends Controller {
-    use ResponseTrait;
-
-    public function index() {
-        $data = [
-            [ 'patreliid'=>'1', 'patrelicode'=> 'ISL', 'full_text'=>'Islam' ],
-            [ 'patreliid'=>'2', 'patrelicode'=> 'KAT', 'full_text'=>'Katolik' ],
-            [ 'patreliid'=>'3', 'patrelicode'=> 'PRO', 'full_text'=>'Protestan' ],
-            [ 'patreliid'=>'4', 'patrelicode'=> 'BUD', 'full_text'=>'Buddha' ],
-            [ 'patreliid'=>'5', 'patrelicode'=> 'HIN', 'full_text'=>'Hindu' ],
-            [ 'patreliid'=>'6', 'patrelicode'=> 'KON', 'full_text'=>'Kong Hu Chu' ],
-        ];
-        
-        return $this->respond([
-            'status' => 'success',
-            'data'   => $data,
-        ]);
-    }
-}

app/Controllers/ReportController.php

@@ -0,0 +1,75 @@
+<?php
+
+namespace App\Controllers;
+
+use App\Traits\ResponseTrait;
+use CodeIgniter\Controller;
+use App\Models\PatResultModel;
+use App\Models\OrderTest\OrderTestModel;
+use App\Models\Patient\PatientModel;
+
+class ReportController extends Controller {
+    use ResponseTrait;
+
+    protected $resultModel;
+    protected $orderModel;
+    protected $patientModel;
+
+    public function __construct() {
+        $this->resultModel = new PatResultModel();
+        $this->orderModel = new OrderTestModel();
+        $this->patientModel = new PatientModel();
+    }
+
+    /**
+     * Generate HTML lab report for an order
+     * GET /api/report/{orderID}
+     */
+    public function view($orderID) {
+        try {
+            // Get order details
+            $order = $this->orderModel->find((int)$orderID);
+            
+            if (!$order) {
+                return $this->respond([
+                    'status' => 'failed',
+                    'message' => 'Order not found',
+                    'data' => []
+                ], 404);
+            }
+
+            // Get patient details
+            $patient = $this->patientModel->find($order['InternalPID']);
+            
+            if (!$patient) {
+                return $this->respond([
+                    'status' => 'failed',
+                    'message' => 'Patient not found',
+                    'data' => []
+                ], 404);
+            }
+
+            // Get results for this order
+            $results = $this->resultModel->getByOrder((int)$orderID);
+
+            // Prepare data for the view
+            $data = [
+                'patient' => $patient,
+                'order' => $order,
+                'results' => $results,
+                'generatedAt' => date('Y-m-d H:i:s')
+            ];
+
+            // Return HTML view
+            return view('reports/lab_report', $data);
+
+        } catch (\Exception $e) {
+            log_message('error', 'ReportController::view error: ' . $e->getMessage());
+            return $this->respond([
+                'status' => 'failed',
+                'message' => 'Failed to generate report',
+                'data' => []
+            ], 500);
+        }
+    }
+}

app/Controllers/Result/ResultValueSetController.php

@@ -0,0 +1,144 @@
+<?php
+
+namespace App\Controllers\Result;
+
+use App\Models\ValueSet\ValueSetModel;
+use App\Traits\ResponseTrait;
+
+class ResultValueSetController extends \CodeIgniter\Controller
+{
+    use ResponseTrait;
+
+    protected $dbModel;
+
+    public function __construct()
+    {
+        $this->dbModel = new ValueSetModel();
+    }
+
+    public function index()
+    {
+        $search = $this->request->getGet('search') ?? $this->request->getGet('param') ?? null;
+        $VSetID = $this->request->getGet('VSetID') ?? null;
+
+        $rows = $this->dbModel->getValueSets($search, $VSetID);
+
+        return $this->respond([
+            'status' => 'success',
+            'data' => $rows
+        ], 200);
+    }
+
+    public function show($id = null)
+    {
+        $row = $this->dbModel->getValueSet($id);
+        if (!$row) {
+            return $this->failNotFound("ValueSet item not found: $id");
+        }
+
+        return $this->respond([
+            'status' => 'success',
+            'data' => $row
+        ], 200);
+    }
+
+    public function create()
+    {
+        $input = $this->request->getJSON(true);
+        if (!$input) {
+            return $this->failValidationErrors(['Invalid JSON input']);
+        }
+
+        $data = [
+            'SiteID' => $input['SiteID'] ?? 1,
+            'VSetID' => $input['VSetID'] ?? null,
+            'VOrder' => $input['VOrder'] ?? 0,
+            'VValue' => $input['VValue'] ?? '',
+            'VDesc' => $input['VDesc'] ?? '',
+            'VCategory' => $input['VCategory'] ?? null
+        ];
+
+        if ($data['VSetID'] === null) {
+            return $this->failValidationErrors(['VSetID is required']);
+        }
+
+        try {
+            $id = $this->dbModel->insert($data, true);
+            if (!$id) {
+                return $this->failValidationErrors($this->dbModel->errors());
+            }
+
+            $newRow = $this->dbModel->getValueSet($id);
+            return $this->respondCreated([
+                'status' => 'success',
+                'message' => 'ValueSet item created',
+                'data' => $newRow
+            ]);
+        } catch (\Exception $e) {
+            return $this->failServerError('Failed to create: ' . $e->getMessage());
+        }
+    }
+
+    public function update($id = null)
+    {
+        $input = $this->request->getJSON(true);
+        if (!$input) {
+            return $this->failValidationErrors(['Invalid JSON input']);
+        }
+
+        $existing = $this->dbModel->getValueSet($id);
+        if (!$existing) {
+            return $this->failNotFound("ValueSet item not found: $id");
+        }
+
+        $data = [];
+        if (isset($input['VSetID'])) $data['VSetID'] = $input['VSetID'];
+        if (isset($input['VOrder'])) $data['VOrder'] = $input['VOrder'];
+        if (isset($input['VValue'])) $data['VValue'] = $input['VValue'];
+        if (isset($input['VDesc'])) $data['VDesc'] = $input['VDesc'];
+        if (isset($input['SiteID'])) $data['SiteID'] = $input['SiteID'];
+        if (isset($input['VCategory'])) $data['VCategory'] = $input['VCategory'];
+
+        if (empty($data)) {
+            return $this->respond([
+                'status' => 'success',
+                'message' => 'No changes to update',
+                'data' => $existing
+            ], 200);
+        }
+
+        try {
+            $updated = $this->dbModel->update($id, $data);
+            if (!$updated) {
+                return $this->failValidationErrors($this->dbModel->errors());
+            }
+
+            $newRow = $this->dbModel->getValueSet($id);
+            return $this->respond([
+                'status' => 'success',
+                'message' => 'ValueSet item updated',
+                'data' => $newRow
+            ], 200);
+        } catch (\Exception $e) {
+            return $this->failServerError('Failed to update: ' . $e->getMessage());
+        }
+    }
+
+    public function delete($id = null)
+    {
+        $existing = $this->dbModel->getValueSet($id);
+        if (!$existing) {
+            return $this->failNotFound("ValueSet item not found: $id");
+        }
+
+        try {
+            $this->dbModel->delete($id);
+            return $this->respond([
+                'status' => 'success',
+                'message' => 'ValueSet item deleted'
+            ], 200);
+        } catch (\Exception $e) {
+            return $this->failServerError('Failed to delete: ' . $e->getMessage());
+        }
+    }
+}

app/Controllers/ResultController.php

@@ -0,0 +1,280 @@
+<?php
+
+namespace App\Controllers;
+
+use App\Traits\PatchValidationTrait;
+use App\Traits\ResponseTrait;
+use CodeIgniter\Controller;
+use App\Models\PatResultModel;
+use Config\Services;
+
+class ResultController extends Controller {
+    use ResponseTrait;
+    use PatchValidationTrait;
+
+    protected $model;
+
+    public function __construct() {
+        $this->model = new PatResultModel();
+    }
+
+    /**
+     * List results with optional filters
+     * GET /api/result
+     */
+    public function index() {
+        try {
+            $orderID = $this->request->getGet('order_id');
+            $patientID = $this->request->getGet('patient_id');
+
+            if ($orderID) {
+                $results = $this->model->getByOrder((int)$orderID);
+            } elseif ($patientID) {
+                $results = $this->model->getByPatient((int)$patientID);
+            } else {
+                // Get all results with pagination
+                $page = (int)($this->request->getGet('page') ?? 1);
+                $perPage = (int)($this->request->getGet('per_page') ?? 20);
+                
+                $results = $this->model
+                    ->where('DelDate', null)
+                    ->orderBy('ResultID', 'DESC')
+                    ->paginate($perPage, 'default', $page);
+            }
+
+            $results = is_array($results)
+                ? array_map([$this, 'hydrateResultPayload'], $results)
+                : $results;
+
+            return $this->respond([
+                'status' => 'success',
+                'message' => 'Results retrieved successfully',
+                'data' => $results
+            ], 200);
+
+        } catch (\Exception $e) {
+            log_message('error', 'ResultController::index error: ' . $e->getMessage());
+            return $this->respond([
+                'status' => 'failed',
+                'message' => 'Failed to retrieve results',
+                'data' => []
+            ], 500);
+        }
+    }
+
+    /**
+     * Get single result
+     * GET /api/result/{id}
+     */
+    public function show($id) {
+        try {
+            $result = $this->model->getWithRelations((int)$id);
+
+            if (!$result) {
+                return $this->respond([
+                    'status' => 'failed',
+                    'message' => 'Result not found',
+                    'data' => []
+                ], 404);
+            }
+
+            $result = $this->hydrateResultPayload($result);
+
+            return $this->respond([
+                'status' => 'success',
+                'message' => 'Result retrieved successfully',
+                'data' => $result
+            ], 200);
+
+        } catch (\Exception $e) {
+            log_message('error', 'ResultController::show error: ' . $e->getMessage());
+            return $this->respond([
+                'status' => 'failed',
+                'message' => 'Failed to retrieve result',
+                'data' => []
+            ], 500);
+        }
+    }
+
+    /**
+     * Create a new result entry
+     * POST /api/result
+     */
+    public function create() {
+        $payload = $this->request->getJSON(true);
+        if (!is_array($payload) || empty($payload)) {
+            return $this->respond([
+                'status' => 'failed',
+                'message' => 'No data provided',
+                'data' => []
+            ], 400);
+        }
+
+        if (isset($payload['ResultValue'])) {
+            $payload['Result'] = $payload['ResultValue'];
+        }
+
+        $dbPayload = $payload;
+        unset($dbPayload['ResultValue'], $dbPayload['ResultCode']);
+
+        try {
+            $resultId = $this->model->insert($dbPayload, true);
+
+            if (!$resultId) {
+                return $this->respond([
+                    'status' => 'failed',
+                    'message' => 'Failed to create result',
+                    'data' => []
+                ], 500);
+            }
+
+            $this->rememberResultCode($resultId, $payload['ResultCode'] ?? null);
+
+            return $this->respondCreated([
+                'status' => 'success',
+                'message' => 'Result created successfully',
+                'data' => [
+                    'ResultID' => $resultId,
+                    'ResultValue' => $payload['ResultValue'] ?? ($payload['Result'] ?? null),
+                    'ResultCode' => $payload['ResultCode'] ?? null,
+                ]
+            ], 201);
+        } catch (\Exception $e) {
+            log_message('error', 'ResultController::create error: ' . $e->getMessage());
+            return $this->respond([
+                'status' => 'failed',
+                'message' => 'Failed to create result',
+                'data' => []
+            ], 500);
+        }
+    }
+
+    /**
+     * Update result with validation
+     * PATCH /api/result/{id}
+     */
+    public function update($id) {
+        try {
+            $data = $this->requirePatchPayload($this->request->getJSON(true));
+            if ($data === null) {
+                return;
+            }
+
+            $validatedId = $this->requirePatchId($id, 'ResultID');
+            if ($validatedId === null) {
+                return;
+            }
+
+            $existing = $this->model->find($validatedId);
+            if (!$existing) {
+                return $this->respond([
+                    'status' => 'failed',
+                    'message' => 'Result not found',
+                    'data' => []
+                ], 404);
+            }
+
+		$resultCode = $data['ResultCode'] ?? null;
+		$hasResultValue = array_key_exists('ResultValue', $data);
+
+		if ($hasResultValue) {
+			$data['Result'] = $data['ResultValue'];
+		}
+
+		unset($data['ResultValue'], $data['ResultCode']);
+
+		$shouldUpdateModel = $hasResultValue || !empty($data);
+
+		if ($shouldUpdateModel) {
+			$result = $this->model->updateWithValidation($validatedId, $data);
+		} else {
+			$result = [
+				'success' => true,
+				'flag' => null,
+				'message' => 'Result updated successfully'
+			];
+		}
+
+		if (!$result['success']) {
+			return $this->respond([
+				'status' => 'failed',
+				'message' => $result['message'],
+				'data' => []
+			], 400);
+		}
+
+		if ($resultCode !== null) {
+			$this->rememberResultCode($validatedId, $resultCode);
+		}
+
+            // Get updated result with relations
+            $updatedResult = $this->model->getWithRelations($validatedId);
+
+            return $this->respond([
+                'status' => 'success',
+                'message' => $result['message'],
+                'data' => [
+                    'result' => $updatedResult ? $this->hydrateResultPayload($updatedResult) : [],
+                    'flag' => $result['flag']
+                ]
+            ], 200);
+
+        } catch (\Exception $e) {
+            log_message('error', 'ResultController::update error: ' . $e->getMessage());
+            return $this->respond([
+                'status' => 'failed',
+                'message' => 'Failed to update result',
+                'data' => []
+            ], 500);
+        }
+    }
+
+    /**
+     * Soft delete result
+     * DELETE /api/result/{id}
+     */
+    public function delete($id) {
+        try {
+            $result = $this->model->find((int)$id);
+
+            if (!$result) {
+                return $this->respond([
+                    'status' => 'failed',
+                    'message' => 'Result not found',
+                    'data' => []
+                ], 404);
+            }
+
+            $deleted = $this->model->softDelete((int)$id);
+
+            if (!$deleted) {
+                return $this->respond([
+                    'status' => 'failed',
+                    'message' => 'Failed to delete result',
+                    'data' => []
+                ], 500);
+            }
+
+            return $this->respond([
+                'status' => 'success',
+                'message' => 'Result deleted successfully',
+                'data' => []
+            ], 200);
+
+        } catch (\Exception $e) {
+            log_message('error', 'ResultController::delete error: ' . $e->getMessage());
+            return $this->respond([
+                'status' => 'failed',
+                'message' => 'Failed to delete result',
+                'data' => []
+            ], 500);
+        }
+    }
+
+    private function hydrateResultPayload(array $payload): array {
+        if (!array_key_exists('ResultValue', $payload) && array_key_exists('Result', $payload)) {
+            $payload['ResultValue'] = $payload['Result'];
+        }
+        return $payload;
+    }
+}

app/Controllers/Rule/RuleController.php

@@ -0,0 +1,372 @@
+<?php
+
+namespace App\Controllers\Rule;
+
+use App\Controllers\BaseController;
+use App\Models\Rule\RuleDefModel;
+use App\Models\Test\TestDefSiteModel;
+use App\Services\RuleExpressionService;
+use App\Traits\PatchValidationTrait;
+use App\Traits\ResponseTrait;
+
+class RuleController extends BaseController
+{
+    use ResponseTrait;
+    use PatchValidationTrait;
+
+    protected RuleDefModel $ruleDefModel;
+
+    public function __construct()
+    {
+        $this->ruleDefModel = new RuleDefModel();
+    }
+
+    public function index()
+    {
+        try {
+            $eventCode = $this->request->getGet('EventCode');
+            $testSiteID = $this->request->getGet('TestSiteID');
+            $search = $this->request->getGet('search');
+
+            $builder = $this->ruleDefModel->where('ruledef.EndDate', null);
+
+            if ($eventCode !== null && $eventCode !== '') {
+                $builder->where('ruledef.EventCode', $eventCode);
+            }
+            if ($search !== null && $search !== '') {
+                $builder->like('ruledef.RuleName', $search);
+            }
+
+            // Filter by TestSiteID - join with mapping table
+            if ($testSiteID !== null && $testSiteID !== '' && is_numeric($testSiteID)) {
+                $builder->join('testrule', 'testrule.RuleID = ruledef.RuleID', 'inner');
+                $builder->where('testrule.TestSiteID', (int) $testSiteID);
+                $builder->where('testrule.EndDate IS NULL');
+            }
+
+            $rows = $builder
+                ->orderBy('ruledef.RuleID', 'ASC')
+                ->findAll();
+
+            return $this->respond([
+                'status' => 'success',
+                'message' => 'fetch success',
+                'data' => $rows,
+            ], 200);
+        } catch (\Throwable $e) {
+            log_message('error', 'RuleController::index error: ' . $e->getMessage());
+            return $this->respond([
+                'status' => 'failed',
+                'message' => 'Failed to fetch rules',
+                'data' => [],
+            ], 500);
+        }
+    }
+
+    public function show($id = null)
+    {
+        try {
+            if (!$id || !is_numeric($id)) {
+                return $this->failValidationErrors('RuleID is required');
+            }
+
+            $rule = $this->ruleDefModel->where('EndDate', null)->find((int) $id);
+            if (!$rule) {
+                return $this->respond([
+                    'status' => 'failed',
+                    'message' => 'Rule not found',
+                    'data' => [],
+                ], 404);
+            }
+
+            $linkedTests = $this->ruleDefModel->getLinkedTests((int) $id);
+
+            $rule['linkedTests'] = $linkedTests;
+
+            return $this->respond([
+                'status' => 'success',
+                'message' => 'fetch success',
+                'data' => $rule,
+            ], 200);
+        } catch (\Throwable $e) {
+            log_message('error', 'RuleController::show error: ' . $e->getMessage());
+            return $this->respond([
+                'status' => 'failed',
+                'message' => 'Failed to fetch rule',
+                'data' => [],
+            ], 500);
+        }
+    }
+
+    public function create()
+    {
+        $input = $this->requirePatchPayload($this->request->getJSON(true) ?? []);
+        if ($input === null) {
+            return;
+        }
+
+        $validation = service('validation');
+        $validation->setRules([
+            'RuleCode' => 'required|max_length[50]',
+            'RuleName' => 'required|max_length[100]',
+            'EventCode' => 'required|max_length[50]',
+            'TestSiteIDs' => 'required',
+            'TestSiteIDs.*' => 'is_natural_no_zero',
+            'ConditionExpr' => 'permit_empty|max_length[1000]',
+        ]);
+
+        if (!$validation->run($input)) {
+            return $this->failValidationErrors($validation->getErrors());
+        }
+
+        $testSiteIDs = $input['TestSiteIDs'] ?? [];
+        if (!is_array($testSiteIDs) || empty($testSiteIDs)) {
+            return $this->failValidationErrors(['TestSiteIDs' => 'At least one TestSiteID is required']);
+        }
+
+        // Validate all TestSiteIDs exist
+        $testDef = new TestDefSiteModel();
+        foreach ($testSiteIDs as $testSiteID) {
+            $exists = $testDef->where('EndDate', null)->find((int) $testSiteID);
+            if (!$exists) {
+                return $this->failValidationErrors(['TestSiteIDs' => "TestSiteID {$testSiteID} not found"]);
+            }
+        }
+
+        $db = \Config\Database::connect();
+        $db->transStart();
+
+        try {
+            $ruleData = [
+                'RuleCode' => $input['RuleCode'],
+                'RuleName' => $input['RuleName'],
+                'Description' => $input['Description'] ?? null,
+                'EventCode' => $input['EventCode'],
+                'ConditionExpr' => $input['ConditionExpr'] ?? null,
+                'ConditionExprCompiled' => $input['ConditionExprCompiled'] ?? null,
+            ];
+
+            $ruleID = $this->ruleDefModel->insert($ruleData, true);
+            if (!$ruleID) {
+                throw new \Exception('Failed to create rule');
+            }
+
+            // Link rule to test sites
+            foreach ($testSiteIDs as $testSiteID) {
+                $this->ruleDefModel->linkTest($ruleID, (int) $testSiteID);
+            }
+
+            $db->transComplete();
+            if ($db->transStatus() === false) {
+                throw new \Exception('Transaction failed');
+            }
+
+            return $this->respondCreated([
+                'status' => 'success',
+                'message' => 'Rule created successfully',
+                'data' => ['RuleID' => $ruleID],
+            ], 201);
+        } catch (\Throwable $e) {
+            $db->transRollback();
+            log_message('error', 'RuleController::create error: ' . $e->getMessage());
+            return $this->failServerError('Something went wrong: ' . $e->getMessage());
+        }
+    }
+
+    public function update($id = null)
+    {
+        $input = $this->request->getJSON(true) ?? [];
+
+        if (!$id || !is_numeric($id)) {
+            $id = $input['RuleID'] ?? null;
+        }
+        if (!$id || !is_numeric($id)) {
+            return $this->failValidationErrors('RuleID is required');
+        }
+
+        $existing = $this->ruleDefModel->where('EndDate', null)->find((int) $id);
+        if (!$existing) {
+            return $this->respond([
+                'status' => 'failed',
+                'message' => 'Rule not found',
+                'data' => [],
+            ], 404);
+        }
+
+        $validation = service('validation');
+        $validation->setRules([
+            'RuleCode' => 'permit_empty|max_length[50]',
+            'RuleName' => 'permit_empty|max_length[100]',
+            'EventCode' => 'permit_empty|max_length[50]',
+            'TestSiteIDs' => 'permit_empty',
+            'TestSiteIDs.*' => 'is_natural_no_zero',
+            'ConditionExpr' => 'permit_empty|max_length[1000]',
+        ]);
+
+        if (!$validation->run($input)) {
+            return $this->failValidationErrors($validation->getErrors());
+        }
+
+        $db = \Config\Database::connect();
+        $db->transStart();
+
+        try {
+            $updateData = [];
+            foreach (['RuleCode', 'RuleName', 'Description', 'EventCode', 'ConditionExpr', 'ConditionExprCompiled'] as $field) {
+                if (array_key_exists($field, $input)) {
+                    $updateData[$field] = $input[$field];
+                }
+            }
+
+            if (!empty($updateData)) {
+                $this->ruleDefModel->update((int) $id, $updateData);
+            }
+
+            // Update test site mappings if provided
+            if (isset($input['TestSiteIDs']) && is_array($input['TestSiteIDs'])) {
+                $testSiteIDs = $input['TestSiteIDs'];
+                
+                // Validate all TestSiteIDs exist
+                $testDef = new TestDefSiteModel();
+                foreach ($testSiteIDs as $testSiteID) {
+                    $exists = $testDef->where('EndDate', null)->find((int) $testSiteID);
+                    if (!$exists) {
+                        throw new \Exception("TestSiteID {$testSiteID} not found");
+                    }
+                }
+
+                // Get current linked tests
+                $currentLinks = $this->ruleDefModel->getLinkedTests((int) $id);
+                
+                // Unlink tests that are no longer in the list
+                foreach ($currentLinks as $currentTestSiteID) {
+                    if (!in_array($currentTestSiteID, $testSiteIDs)) {
+                        $this->ruleDefModel->unlinkTest((int) $id, $currentTestSiteID);
+                    }
+                }
+                
+                // Link new tests
+                foreach ($testSiteIDs as $testSiteID) {
+                    if (!in_array($testSiteID, $currentLinks)) {
+                        $this->ruleDefModel->linkTest((int) $id, (int) $testSiteID);
+                    }
+                }
+            }
+
+            $db->transComplete();
+            if ($db->transStatus() === false) {
+                throw new \Exception('Transaction failed');
+            }
+
+            return $this->respond([
+                'status' => 'success',
+                'message' => 'Rule updated successfully',
+                'data' => ['RuleID' => (int) $id],
+            ], 200);
+        } catch (\Throwable $e) {
+            $db->transRollback();
+            log_message('error', 'RuleController::update error: ' . $e->getMessage());
+            return $this->failServerError('Something went wrong: ' . $e->getMessage());
+        }
+    }
+
+    public function delete($id = null)
+    {
+        try {
+            if (!$id || !is_numeric($id)) {
+                return $this->failValidationErrors('RuleID is required');
+            }
+
+            $existing = $this->ruleDefModel->where('EndDate', null)->find((int) $id);
+            if (!$existing) {
+                return $this->respond([
+                    'status' => 'failed',
+                    'message' => 'Rule not found',
+                    'data' => [],
+                ], 404);
+            }
+
+            $this->ruleDefModel->delete((int) $id);
+
+            return $this->respondDeleted([
+                'status' => 'success',
+                'message' => 'Rule deleted successfully',
+                'data' => ['RuleID' => (int) $id],
+            ]);
+        } catch (\Throwable $e) {
+            log_message('error', 'RuleController::delete error: ' . $e->getMessage());
+            return $this->failServerError('Something went wrong: ' . $e->getMessage());
+        }
+    }
+
+    public function validateExpr()
+    {
+        $input = $this->request->getJSON(true) ?? [];
+        $expr = $input['expr'] ?? '';
+        $context = $input['context'] ?? [];
+
+        if (!is_string($expr) || trim($expr) === '') {
+            return $this->failValidationErrors(['expr' => 'expr is required']);
+        }
+        if (!is_array($context)) {
+            return $this->failValidationErrors(['context' => 'context must be an object']);
+        }
+
+        try {
+            $svc = new RuleExpressionService();
+            $result = $svc->evaluate($expr, $context);
+
+            return $this->respond([
+                'status' => 'success',
+                'data' => [
+                    'valid' => true,
+                    'result' => $result,
+                ],
+            ], 200);
+        } catch (\Throwable $e) {
+            return $this->respond([
+                'status' => 'failed',
+                'data' => [
+                    'valid' => false,
+                    'error' => $e->getMessage(),
+                ],
+            ], 200);
+        }
+    }
+
+    /**
+     * Compile DSL expression to engine-compatible structure.
+     * Frontend calls this when user clicks "Compile" button.
+     */
+    public function compile()
+    {
+        $input = $this->request->getJSON(true) ?? [];
+        $expr = $input['expr'] ?? '';
+
+        if (!is_string($expr) || trim($expr) === '') {
+            return $this->failValidationErrors(['expr' => 'Expression is required']);
+        }
+
+        try {
+            $svc = new RuleExpressionService();
+            $compiled = $svc->compile($expr);
+
+            return $this->respond([
+                'status' => 'success',
+                'data' => [
+                    'raw' => $expr,
+                    'compiled' => $compiled,
+                    'conditionExprCompiled' => json_encode($compiled),
+                ],
+            ], 200);
+        } catch (\Throwable $e) {
+            return $this->respond([
+                'status' => 'failed',
+                'message' => 'Compilation failed',
+                'data' => [
+                    'error' => $e->getMessage(),
+                ],
+            ], 400);
+        }
+    }
+}

app/Controllers/SampleController.php

@@ -0,0 +1,34 @@
+<?php
+
+namespace App\Controllers;
+
+use App\Traits\ResponseTrait;
+use CodeIgniter\Controller;
+
+use Firebase\JWT\JWT;
+use Firebase\JWT\Key;
+use Firebase\JWT\ExpiredException;
+use Firebase\JWT\SignatureInvalidException;
+use Firebase\JWT\BeforeValidException;
+use CodeIgniter\Cookie\Cookie;
+
+class SampleController extends Controller {
+    use ResponseTrait;
+
+    public function index() {
+
+        $token = $this->request->getCookie('token');
+        $key   = getenv('JWT_SECRET');
+
+        // Decode Token dengan Key yg ada di .env
+        $decodedPayload = JWT::decode($token, new Key($key, 'HS256'));
+
+        return $this->respond([
+            'status'  => 'success',
+            'code'    => 200,
+            'message' => 'Authenticated',
+            'data'    => $decodedPayload
+        ], 200);
+    }
+    
+}

app/Controllers/Specimen/ContainerDefController.php

@@ -0,0 +1,113 @@
+<?php
+
+namespace App\Controllers\Specimen;
+
+use App\Traits\PatchValidationTrait;
+use App\Traits\ResponseTrait;
+use App\Controllers\BaseController;
+use App\Libraries\ValueSet;
+use App\Models\Specimen\ContainerDefModel;
+
+class ContainerDefController extends BaseController {
+  use ResponseTrait;
+  use PatchValidationTrait;
+
+  protected $db;
+  protected $model;
+  protected $rules;
+  protected $patchRules;
+
+  public function __construct() {
+    $this->db = \Config\Database::connect();
+    $this->model = new ContainerDefModel();
+    $this->rules = [
+      'ConCode' => 'required|max_length[50]',
+      'ConName' => 'required|max_length[50]'
+    ];
+    $this->patchRules = [
+      'ConCode' => 'permit_empty|max_length[50]',
+      'ConName' => 'permit_empty|max_length[50]'
+    ];
+  }
+
+  public function index() {
+    try {
+			$filter = [
+				'ConCode' => $this->request->getVar('ConCode'),
+				'ConName' => $this->request->getVar('ConName')
+			];
+      $rows = $this->model->getContainers($filter);
+
+      $rows = ValueSet::transformLabels($rows, [
+        'ConCategory' => 'container_class',
+        'CapColor' => 'container_cap_color',
+        'ConSize' => 'container_size',
+      ]);
+
+      return $this->respond([ 'status' => 'success', 'message'=> "data fetched successfully", 'data'   => $rows ], 200);
+    } catch (\Exception $e) {
+      return $this->failServerError('Exception : '.$e->getMessage());
+    }
+  }
+
+  public function show($ConDefID) {
+    try {
+      $row = $this->model->getContainer($ConDefID);
+      if (empty($row)) {
+        return $this->respond([ 'status' => 'success', 'message'=> "data not found", 'data' => null ], 200);
+      }
+
+      $row = ValueSet::transformLabels([$row], [
+        'ConCategory' => 'container_class',
+        'CapColor' => 'container_cap_color',
+        'ConSize' => 'container_size',
+      ])[0];
+
+      return $this->respond([ 'status' => 'success', 'message'=> "data fetched successfully", 'data'   => $row ], 200);
+    } catch (\Exception $e) {
+      return $this->failServerError('Exception : '.$e->getMessage());
+    }
+  }
+
+  public function create() {
+    $input = $this->request->getJSON(true);
+    if (!$this->validateData($input, $this->rules)) { return $this->failValidationErrors($this->validator->getErrors()); }
+    try {
+      $ConDefID = $this->model->insert($input);
+      return $this->respondCreated([ 'status'  => 'success', 'message' => "data $ConDefID created successfully", 'data' => $ConDefID ]);
+    } catch (\Exception $e) {
+      return $this->failServerError('Something went wrong: ' . $e->getMessage());
+    }
+  }
+
+  public function update($ConDefID = null) {
+    $input = $this->requirePatchPayload($this->request->getJSON(true));
+    if ($input === null) {
+      return;
+    }
+
+    $id = $this->requirePatchId($ConDefID, 'ConDefID');
+    if ($id === null) {
+      return;
+    }
+
+    $existing = $this->model->find($id);
+    if (!$existing) {
+      return $this->respond([ 'status' => 'failed', 'message' => 'Container definition not found', 'data' => [] ], 404);
+    }
+
+    $validationInput = array_intersect_key($input, $this->patchRules);
+    if (!empty($validationInput) && !$this->validateData($validationInput, $this->patchRules)) {
+      return $this->failValidationErrors($this->validator->getErrors());
+    }
+
+    $input['ConDefID'] = $id;
+    try {
+      $this->model->update($id, $input);
+      return $this->respondCreated([ 'status'  => 'success', 'message' => 'data updated successfully', 'data' => $id ], 201);
+    } catch (\Exception $e) {
+      return $this->failServerError('Something went wrong: ' . $e->getMessage());
+    }
+  }
+
+}

app/Controllers/Specimen/SpecimenCollectionController.php

@@ -0,0 +1,99 @@
+<?php
+
+namespace App\Controllers\Specimen;
+
+use App\Traits\PatchValidationTrait;
+use App\Traits\ResponseTrait;
+use App\Controllers\BaseController;
+use App\Libraries\ValueSet;
+use App\Models\Specimen\SpecimenCollectionModel;
+
+class SpecimenCollectionController extends BaseController {
+    use ResponseTrait;
+    use PatchValidationTrait;
+
+    protected $db;
+    protected $model;
+    protected $rules;
+
+    public function __construct() {
+        $this->db = \Config\Database::connect();
+        $this->model = new SpecimenCollectionModel();
+        $this->rules = [];
+    }
+
+    public function index() {
+        try {
+            $rows = $this->model->findAll();
+
+            $rows = ValueSet::transformLabels($rows, [
+                'CollectionMethod' => 'collection_method',
+                'Additive' => 'additive',
+                'SpecimenRole' => 'specimen_role',
+            ]);
+
+            return $this->respond([ 'status' => 'success', 'message'=> "data fetched successfully", 'data'   => $rows ], 200);
+        } catch (\Exception $e) {
+            return $this->failServerError('Exception : '.$e->getMessage());
+        }
+    }
+
+    public function show($id) {
+        try {
+            $row = $this->model->where('SpcColID', $id)->first();
+            if (empty($row)) {
+                return $this->respond([ 'status' => 'success', 'message'=> "data not found", 'data' => null ], 200);
+            }
+
+            $row = ValueSet::transformLabels([$row], [
+                'CollectionMethod' => 'collection_method',
+                'Additive' => 'additive',
+                'SpecimenRole' => 'specimen_role',
+            ])[0];
+
+            return $this->respond([ 'status' => 'success', 'message'=> "data fetched successfully", 'data'   => $row ], 200);
+        } catch (\Exception $e) {
+            return $this->failServerError('Exception : '.$e->getMessage());
+        }
+    }
+
+    public function create() {
+        $input = $this->request->getJSON(true);
+        if (!$this->validateData($input, $this->rules)) { return $this->failValidationErrors($this->validator->getErrors()); }
+        try {
+            $id = $this->model->insert($input);
+            return $this->respondCreated([ 'status'  => 'success', 'message' => "data $id created successfully" ]);
+        } catch (\Exception $e) {
+            return $this->failServerError('Something went wrong: ' . $e->getMessage());
+        }
+    }
+
+    public function update($SpcColID = null) {
+        $input = $this->requirePatchPayload($this->request->getJSON(true));
+        if ($input === null) {
+            return;
+        }
+
+        $id = $this->requirePatchId($SpcColID, 'SpcColID');
+        if ($id === null) {
+            return;
+        }
+
+        $existing = $this->model->where('SpcColID', $id)->first();
+        if (!$existing) {
+            return $this->respond([ 'status' => 'failed', 'message' => 'Specimen collection not found', 'data' => [] ], 404);
+        }
+
+        $input['SpcColID'] = $id;
+        if ($this->rules !== [] && !$this->validateData($input, $this->rules)) {
+            return $this->failValidationErrors($this->validator->getErrors());
+        }
+        try {
+            $this->model->update($id, $input);
+            return $this->respondCreated([ 'status'  => 'success', 'message' => 'data updated successfully', 'data' => $id ], 201);
+        } catch (\Exception $e) {
+            return $this->failServerError('Something went wrong: ' . $e->getMessage());
+        }
+    }
+
+}

app/Controllers/Specimen/SpecimenController.php

@@ -0,0 +1,143 @@
+<?php
+
+namespace App\Controllers\Specimen;
+
+use App\Traits\PatchValidationTrait;
+use App\Traits\ResponseTrait;
+use App\Controllers\BaseController;
+use App\Libraries\ValueSet;
+use App\Models\Specimen\SpecimenModel;
+
+class SpecimenController extends BaseController {
+    use ResponseTrait;
+    use PatchValidationTrait;
+
+    protected $db;
+    protected $model;
+    protected $rules;
+
+    public function __construct() {
+        $this->db = \Config\Database::connect();
+        $this->model = new SpecimenModel();
+        $this->rules = [];
+    }
+
+    public function index() {
+        try {
+            $rows = $this->model->findAll();
+
+            $rows = ValueSet::transformLabels($rows, [
+                'SpecimenType' => 'specimen_type',
+                'SpecimenStatus' => 'specimen_status',
+                'BodySite' => 'body_site',
+            ]);
+
+            return $this->respond([ 'status' => 'success', 'message'=> "data fetched successfully", 'data'   => $rows ], 200);
+        } catch (\Exception $e) {
+            return $this->failServerError('Exception : '.$e->getMessage());
+        }
+    }
+
+    public function show($id) {
+        try {
+            $row = $this->model->where('SID',$id)->first();
+            if (empty($row)) {
+                return $this->respond([ 'status' => 'success', 'message'=> "data not found", 'data' => null ], 200);
+            }
+
+            $row = ValueSet::transformLabels([$row], [
+                'SpecimenType' => 'specimen_type',
+                'SpecimenStatus' => 'specimen_status',
+                'BodySite' => 'body_site',
+            ])[0];
+
+            return $this->respond([ 'status' => 'success', 'message'=> "data fetched successfully", 'data'   => $row ], 200);
+        } catch (\Exception $e) {
+            return $this->failServerError('Exception : '.$e->getMessage());
+        }
+    }
+
+    public function create() {
+        $input = $this->request->getJSON(true);
+        if (!$this->validateData($input, $this->rules)) { return $this->failValidationErrors($this->validator->getErrors()); }
+        try {
+            $id = $this->model->insert($input);
+            return $this->respondCreated([ 'status'  => 'success', 'message' => "data $id created successfully" ]);
+        } catch (\Exception $e) {
+            return $this->failServerError('Something went wrong: ' . $e->getMessage());
+        }
+    }
+
+    public function update($SID = null) {
+        $input = $this->requirePatchPayload($this->request->getJSON(true));
+        if ($input === null) {
+            return;
+        }
+
+        $id = $this->requirePatchId($SID, 'SID');
+        if ($id === null) {
+            return;
+        }
+
+        $existing = $this->model->where('SID', $id)->first();
+        if (!$existing) {
+            return $this->respond([ 'status' => 'failed', 'message' => 'Specimen not found', 'data' => [] ], 404);
+        }
+
+        $input['SID'] = $id;
+        if (!$this->validateData($input, $this->rules)) { return $this->failValidationErrors($this->validator->getErrors()); }
+        try {
+            $this->model->update($id, $input);
+            return $this->respond([ 'status'  => 'success', 'message' => 'data updated successfully', 'data' => $id ], 200);
+        } catch (\Exception $e) {
+            return $this->failServerError('Something went wrong: ' . $e->getMessage());
+        }
+    }
+
+    /**
+     * Delete a specimen (soft delete)
+     * DELETE /api/specimen/(:num)
+     */
+    public function delete($id) {
+        try {
+            // Check if specimen exists
+            $specimen = $this->model->where('SID', $id)->first();
+            
+            if (empty($specimen)) {
+                return $this->respond([
+                    'status' => 'failed',
+                    'message' => 'Specimen not found',
+                    'data' => null
+                ], 404);
+            }
+            
+            // Perform soft delete (set DelDate)
+            $deleted = $this->model->update($id, [
+                'DelDate' => date('Y-m-d H:i:s')
+            ]);
+            
+            if (!$deleted) {
+                return $this->respond([
+                    'status' => 'failed',
+                    'message' => 'Failed to delete specimen',
+                    'data' => null
+                ], 500);
+            }
+            
+            return $this->respond([
+                'status' => 'success',
+                'message' => 'Specimen deleted successfully',
+                'data' => ['SID' => $id]
+            ], 200);
+            
+        } catch (\Exception $e) {
+            log_message('error', 'SpecimenController::delete error: ' . $e->getMessage());
+            return $this->respond([
+                'status' => 'failed',
+                'message' => 'Failed to delete specimen',
+                'data' => null
+            ], 500);
+        }
+    }
+
+}

app/Controllers/Specimen/SpecimenPrepController.php

@@ -0,0 +1,84 @@
+<?php
+
+namespace App\Controllers\Specimen;
+
+use App\Traits\PatchValidationTrait;
+use App\Traits\ResponseTrait;
+use App\Controllers\BaseController;
+use App\Models\Specimen\SpecimenPrepModel;
+
+class SpecimenPrepController extends BaseController {
+    use ResponseTrait;
+    use PatchValidationTrait;
+
+    protected $db;
+    protected $model;
+    protected $rules;
+
+    public function __construct() {
+        $this->db = \Config\Database::connect();
+        $this->model = new SpecimenPrepModel();
+        $this->rules = [];
+    }
+
+    public function index() {
+        try {
+            $rows = $this->model->findAll();
+            return $this->respond([ 'status' => 'success', 'message'=> "data fetched successfully", 'data'   => $rows ], 200);
+        } catch (\Exception $e) {
+            return $this->failServerError('Exception : '.$e->getMessage());
+        }
+    }
+
+    public function show($id) {
+        try {
+            $row = $this->model->where('SpcPrpID', $id)->first();
+            if (empty($row)) {
+                return $this->respond([ 'status' => 'success', 'message'=> "data not found", 'data' => null ], 200);
+            }
+            return $this->respond([ 'status' => 'success', 'message'=> "data fetched successfully", 'data'   => $row ], 200);
+        } catch (\Exception $e) {
+            return $this->failServerError('Exception : '.$e->getMessage());
+        }
+    }
+
+    public function create() {
+        $input = $this->request->getJSON(true);
+        if (!$this->validateData($input, $this->rules)) { return $this->failValidationErrors($this->validator->getErrors()); }
+        try {
+            $id = $this->model->insert($input);
+            return $this->respondCreated([ 'status'  => 'success', 'message' => "data $id created successfully" ]);
+        } catch (\Exception $e) {
+            return $this->failServerError('Something went wrong: ' . $e->getMessage());
+        }
+    }
+
+    public function update($SpcPrpID = null) {
+        $input = $this->requirePatchPayload($this->request->getJSON(true));
+        if ($input === null) {
+            return;
+        }
+
+        $id = $this->requirePatchId($SpcPrpID, 'SpcPrpID');
+        if ($id === null) {
+            return;
+        }
+
+        $existing = $this->model->where('SpcPrpID', $id)->first();
+        if (!$existing) {
+            return $this->respond([ 'status' => 'failed', 'message' => 'Specimen prep not found', 'data' => [] ], 404);
+        }
+
+        $input['SpcPrpID'] = $id;
+        if ($this->rules !== [] && !$this->validateData($input, $this->rules)) {
+            return $this->failValidationErrors($this->validator->getErrors());
+        }
+        try {
+            $this->model->update($id, $input);
+            return $this->respondCreated([ 'status'  => 'success', 'message' => 'data updated successfully', 'data' => $id ], 201);
+        } catch (\Exception $e) {
+            return $this->failServerError('Something went wrong: ' . $e->getMessage());
+        }
+    }
+
+}

app/Controllers/Specimen/SpecimenStatusController.php

@@ -0,0 +1,97 @@
+<?php
+
+namespace App\Controllers\Specimen;
+
+use App\Traits\PatchValidationTrait;
+use App\Traits\ResponseTrait;
+use App\Controllers\BaseController;
+use App\Libraries\ValueSet;
+use App\Models\Specimen\SpecimenStatusModel;
+
+class SpecimenStatusController extends BaseController {
+    use ResponseTrait;
+    use PatchValidationTrait;
+
+    protected $db;
+    protected $model;
+    protected $rules;
+
+    public function __construct() {
+        $this->db = \Config\Database::connect();
+        $this->model = new SpecimenStatusModel();
+        $this->rules = [];
+    }
+
+    public function index() {
+        try {
+            $rows = $this->model->findAll();
+
+            $rows = ValueSet::transformLabels($rows, [
+                'Status' => 'specimen_status',
+                'Activity' => 'specimen_activity',
+            ]);
+
+            return $this->respond([ 'status' => 'success', 'message'=> "data fetched successfully", 'data'   => $rows ], 200);
+        } catch (\Exception $e) {
+            return $this->failServerError('Exception : '.$e->getMessage());
+        }
+    }
+
+    public function show($id) {
+        try {
+            $row = $this->model->where('SpcStaID', $id)->first();
+            if (empty($row)) {
+                return $this->respond([ 'status' => 'success', 'message'=> "data not found", 'data' => null ], 200);
+            }
+
+            $row = ValueSet::transformLabels([$row], [
+                'Status' => 'specimen_status',
+                'Activity' => 'specimen_activity',
+            ])[0];
+
+            return $this->respond([ 'status' => 'success', 'message'=> "data fetched successfully", 'data'   => $row ], 200);
+        } catch (\Exception $e) {
+            return $this->failServerError('Exception : '.$e->getMessage());
+        }
+    }
+
+    public function create() {
+        $input = $this->request->getJSON(true);
+        if (!$this->validateData($input, $this->rules)) { return $this->failValidationErrors($this->validator->getErrors()); }
+        try {
+            $id = $this->model->insert($input);
+            return $this->respondCreated([ 'status'  => 'success', 'message' => "data $id created successfully" ]);
+        } catch (\Exception $e) {
+            return $this->failServerError('Something went wrong: ' . $e->getMessage());
+        }
+    }
+
+    public function update($SpcStaID = null) {
+        $input = $this->requirePatchPayload($this->request->getJSON(true));
+        if ($input === null) {
+            return;
+        }
+
+        $id = $this->requirePatchId($SpcStaID, 'SpcStaID');
+        if ($id === null) {
+            return;
+        }
+
+        $existing = $this->model->where('SpcStaID', $id)->first();
+        if (!$existing) {
+            return $this->respond([ 'status' => 'failed', 'message' => 'Specimen status not found', 'data' => [] ], 404);
+        }
+
+        $input['SpcStaID'] = $id;
+        if ($this->rules !== [] && !$this->validateData($input, $this->rules)) {
+            return $this->failValidationErrors($this->validator->getErrors());
+        }
+        try {
+            $this->model->update($id, $input);
+            return $this->respondCreated([ 'status'  => 'success', 'message' => 'data updated successfully', 'data' => $id ], 201);
+        } catch (\Exception $e) {
+            return $this->failServerError('Something went wrong: ' . $e->getMessage());
+        }
+    }
+
+}

app/Controllers/Test/DemoOrderController.php

@@ -0,0 +1,85 @@
+<?php
+namespace App\Controllers\Test;
+
+use App\Traits\ResponseTrait;
+use CodeIgniter\Controller;
+use App\Libraries\ValueSet;
+use App\Models\Patient\PatientModel;
+use App\Models\OrderTestModel;
+
+class DemoOrderController extends Controller {
+    use ResponseTrait;
+
+    protected $db;
+    protected $patientModel;
+    protected $orderModel;
+
+    public function __construct() {
+        $this->db = \Config\Database::connect();
+        $this->patientModel = new PatientModel();
+        $this->orderModel = new OrderTestModel();
+    }
+
+    public function createDemoOrder() {
+        $input = $this->request->getJSON(true);
+
+        $patientData = [
+            'PatientID' => $input['PatientID'] ?? 'DEMO' . time(),
+            'Gender' => $input['Gender'] ?? '1',
+            'NameFirst' => $input['NameFirst'] ?? 'Demo',
+            'NameLast' => $input['NameLast'] ?? 'Patient',
+            'Birthdate' => $input['Birthdate'] ?? '1990-01-01'
+        ];
+
+        $patient = $this->patientModel->where('PatientID', $patientData['PatientID'])->findAll();
+        if (empty($patient)) {
+            $internalPID = $this->patientModel->createPatient($patientData);
+        } else {
+            $internalPID = $patient[0]['InternalPID'];
+        }
+
+        $orderData = [
+            'InternalPID' => $internalPID,
+            'PatVisitID' => $input['PatVisitID'] ?? null,
+            'Priority' => $input['Priority'] ?? 'R',
+            'OrderingProvider' => $input['OrderingProvider'] ?? 'Dr. Demo',
+            'DepartmentID' => $input['DepartmentID'] ?? 1,
+            'Tests' => $input['Tests'] ?? []
+        ];
+
+        $orderID = $this->orderModel->createOrder($orderData);
+
+        return $this->respond([
+            'status' => 'success',
+            'message' => 'Demo order created successfully',
+            'data' => [
+                'PatientID' => $patientData['PatientID'],
+                'InternalPID' => $internalPID,
+                'OrderID' => $orderID,
+                'OrderStatus' => 'ORD'
+            ]
+        ], 201);
+    }
+
+    public function listDemoOrders() {
+        $orders = $this->db->table('ordertest ot')
+            ->select('ot.OrderID, ot.InternalPID, p.PatientID, ot.OrderDateTime, ot.Priority, ot.OrderStatus')
+            ->join('patient p', 'p.InternalPID = ot.InternalPID')
+            ->where('ot.DelDate', null)
+            ->orderBy('ot.OrderDateTime', 'DESC')
+            ->limit(50)
+            ->get()
+            ->getResultArray();
+
+        $orders = ValueSet::transformLabels($orders, [
+            'Priority' => 'order_priority',
+            'OrderStatus' => 'order_status',
+        ]);
+
+        return $this->respond([
+            'status' => 'success',
+            'message' => 'Data fetched successfully',
+            'data' => $orders
+        ], 200);
+    }
+}

app/Controllers/Test/TestMapController.php

@@ -0,0 +1,570 @@
+<?php
+namespace App\Controllers\Test;
+
+use App\Traits\PatchValidationTrait;
+use App\Traits\ResponseTrait;
+use App\Controllers\BaseController;
+use App\Libraries\ValueSet;
+use App\Models\Test\TestMapModel;
+use App\Models\Test\TestMapDetailModel;
+
+class TestMapController extends BaseController {
+    use ResponseTrait;
+    use PatchValidationTrait;
+
+    protected $db;
+    protected $rules;
+    protected $patchRules;
+    protected $model;
+    protected $modelDetail;
+    protected array $headerFields = ['HostType', 'HostID', 'ClientType', 'ClientID'];
+    protected array $detailFields = ['HostTestCode', 'HostTestName', 'ConDefID', 'ClientTestCode', 'ClientTestName'];
+    protected array $detailRules;
+    protected array $detailPatchRules;
+
+    public function __construct() {
+        $this->db = \Config\Database::connect();
+        $this->model = new TestMapModel;
+        $this->modelDetail = new TestMapDetailModel;
+        $this->rules = [
+            'HostID' => 'required|integer',
+            'ClientID' => 'required|integer',
+        ];
+        $this->patchRules = [
+            'HostID' => 'permit_empty|integer',
+            'ClientID' => 'permit_empty|integer',
+            'HostType' => 'permit_empty|string',
+            'ClientType' => 'permit_empty|string',
+        ];
+        $this->detailRules = [
+            'HostTestCode' => 'permit_empty|max_length[10]',
+            'HostTestName' => 'permit_empty|max_length[100]',
+            'ConDefID' => 'permit_empty|integer',
+            'ClientTestCode' => 'permit_empty|max_length[10]',
+            'ClientTestName' => 'permit_empty|max_length[100]',
+        ];
+        $this->detailPatchRules = $this->detailRules;
+    }
+
+    public function index() {
+        $rows = $this->model->getUniqueGroupings();
+        $rows = $this->applyIndexFilters($rows);
+        if (empty($rows)) { return $this->respond([ 'status'  => 'success', 'message' => "no Data.", 'data' => [] ], 200); }
+
+        $rows = ValueSet::transformLabels($rows, [
+            'HostType' => 'entity_type',
+            'ClientType' => 'entity_type',
+        ]);
+
+        $rows = array_map([$this, 'sanitizeTopLevelPayload'], $rows);
+
+        return $this->respond([ 'status' => 'success', 'message'=> "Data fetched successfully", 'data' => $rows ], 200);
+    }
+
+    public function show($id = null) {
+        $row = $this->model->getByIdWithNames($id);
+        if (empty($row)) { return $this->respond([ 'status'  => 'success', 'message' => "no Data.", 'data' => null ], 200); }
+
+        $row = ValueSet::transformLabels([$row], [
+            'HostType' => 'entity_type',
+            'ClientType' => 'entity_type',
+        ])[0];
+
+        $row = $this->sanitizeTopLevelPayload($row);
+
+        // Include testmapdetail records
+        $row['details'] = $this->modelDetail->getDetailsByTestMap($id);
+
+        return $this->respond([ 'status' => 'success', 'message'=> "Data fetched successfully", 'data' => $row ], 200);
+    }
+
+    public function create() {
+        $input = $this->request->getJSON(true);
+        $detailsPayload = null;
+        if (array_key_exists('details', $input)) {
+            $detailsPayload = $this->resolveDetailOperations($input['details']);
+            if ($detailsPayload === null) { return; }
+        }
+
+        $headerInput = array_intersect_key($input, array_flip($this->headerFields));
+        if (!$this->validateData($headerInput, $this->rules)) {
+            log_message('error', 'TestMap create validation failed: ' . json_encode($this->validator->getErrors()));
+            return $this->failValidationErrors($this->validator->getErrors());
+        }
+
+        $this->db->transStart();
+        try {
+            $id = $this->model->insert($headerInput);
+
+            if ($detailsPayload !== null && !empty($detailsPayload['created'])) {
+                if (!$this->insertDetailRows($id, $detailsPayload['created'])) {
+                    $this->db->transRollback();
+                    return;
+                }
+            }
+
+            $this->db->transComplete();
+            if ($this->db->transStatus() === false) {
+                return $this->failServerError('Something went wrong while saving the test map.');
+            }
+
+            return $this->respondCreated([ 'status'  => 'success', 'message' => "data created successfully", 'data' => $id ]);
+        } catch (\Exception $e) {
+            $this->db->transRollback();
+            return $this->failServerError('Something went wrong: ' . $e->getMessage());
+        }
+    }
+
+    public function update($TestMapID = null) {
+        $input = $this->requirePatchPayload($this->request->getJSON(true));
+        if ($input === null) {
+            return;
+        }
+
+        $detailsPayload = null;
+        if (array_key_exists('details', $input)) {
+            $detailsPayload = $this->resolveDetailOperations($input['details']);
+            if ($detailsPayload === null) {
+                return;
+            }
+        }
+
+        $id = $this->requirePatchId($TestMapID, 'TestMapID');
+        if ($id === null) {
+            return;
+        }
+
+        $existing = $this->model->where('TestMapID', $id)->where('EndDate', null)->first();
+        if (!$existing) {
+            return $this->respond([ 'status' => 'failed', 'message' => 'Test map not found', 'data' => [] ], 404);
+        }
+
+        if (isset($input['TestMapID']) && (string) $input['TestMapID'] !== (string) $id) {
+            return $this->failValidationErrors('TestMapID in URL does not match body.');
+        }
+
+        $validationInput = array_intersect_key($headerInput = array_intersect_key($input, array_flip($this->headerFields)), $this->patchRules);
+        if (!empty($validationInput) && !$this->validateData($validationInput, $this->patchRules)) {
+            return $this->failValidationErrors($this->validator->getErrors());
+        }
+
+        $input['TestMapID'] = $id;
+        $this->db->transStart();
+        try {
+            if (!empty($headerInput)) {
+                $this->model->update($id, $headerInput);
+            }
+
+            if ($detailsPayload !== null && !$this->applyDetailOperations($id, $detailsPayload)) {
+                $this->db->transRollback();
+                return;
+            }
+
+            $this->db->transComplete();
+            if ($this->db->transStatus() === false) {
+                return $this->failServerError('Something went wrong while updating the test map.');
+            }
+
+            return $this->respond([ 'status'  => 'success', 'message' => 'data updated successfully', 'data' => $id ], 200);
+        } catch (\Exception $e) {
+            $this->db->transRollback();
+            return $this->failServerError('Something went wrong: ' . $e->getMessage());
+        }
+    }
+
+    public function delete() {
+        $input = $this->request->getJSON(true);
+        $id = $input["TestMapID"] ?? null;
+        if (!$id) { return $this->failValidationErrors('TestMapID is required.'); }
+        
+        try {
+                $row = $this->model->where('TestMapID', $id)->where('EndDate', null)->first();
+            if (empty($row)) { return $this->respond([ 'status'  => 'failed', 'message' => "Data not found or already deleted.", 'data' => null ], 404); }
+            
+            $this->db->transStart();
+            $timestamp = date('Y-m-d H:i:s');
+            $this->model->update($id, ['EndDate' => $timestamp]);
+
+            $this->modelDetail->where('TestMapID', $id)
+                ->where('EndDate', null)
+                ->set('EndDate', $timestamp)
+                ->update();
+
+            $this->db->transComplete();
+
+            if ($this->db->transStatus() === false) {
+                return $this->failServerError('Something went wrong while deleting the test map.');
+            }
+
+            return $this->respond([ 'status'  => 'success', 'message' => "data deleted successfully", 'data' => $id ], 200);
+        } catch (\Exception $e) {
+            return $this->failServerError('Something went wrong: ' . $e->getMessage());
+        }
+    }
+
+    public function showByTestCode($testCode = null) {
+        if (!$testCode) { return $this->failValidationErrors('TestCode is required.'); }
+        
+        $rows = $this->model->getMappingsByTestCode($testCode);
+        if (empty($rows)) { return $this->respond([ 'status'  => 'success', 'message' => "no Data.", 'data' => [] ], 200); }
+
+        $rows = ValueSet::transformLabels($rows, [
+            'HostType' => 'entity_type',
+            'ClientType' => 'entity_type',
+        ]);
+
+        $rows = array_map([$this, 'sanitizeTopLevelPayload'], $rows);
+
+        return $this->respond([ 'status' => 'success', 'message'=> "Data fetched successfully", 'data' => $rows ], 200);
+    }
+
+    private function sanitizeTopLevelPayload(array $row): array
+    {
+        unset($row['TestCode'], $row['testcode']);
+        return $row;
+    }
+
+    private function applyIndexFilters(array $rows): array
+    {
+        $hostFilter = trim((string) $this->request->getGet('host'));
+        $clientFilter = trim((string) $this->request->getGet('client'));
+
+        if ($hostFilter === '' && $clientFilter === '') {
+            return $rows;
+        }
+
+        return array_values(array_filter($rows, function (array $row) use ($hostFilter, $clientFilter): bool {
+            if ($hostFilter !== '' && !$this->matchesSearch($row, 'Host', $hostFilter)) {
+                return false;
+            }
+
+            if ($clientFilter !== '' && !$this->matchesSearch($row, 'Client', $clientFilter)) {
+                return false;
+            }
+
+            return true;
+        }));
+    }
+
+    private function matchesSearch(array $row, string $prefix, string $filter): bool
+    {
+        $haystacks = [
+            (string) ($row[$prefix . 'Name'] ?? ''),
+            (string) ($row[$prefix . 'ID'] ?? ''),
+            (string) ($row[$prefix . 'Type'] ?? ''),
+        ];
+
+        $needle = strtolower($filter);
+
+        foreach ($haystacks as $value) {
+            if ($value !== '' && str_contains(strtolower($value), $needle)) {
+                return true;
+            }
+        }
+
+        return false;
+    }
+
+    private function resolveDetailOperations(mixed $detailsPayload): ?array
+    {
+        if ($detailsPayload === null) {
+            return null;
+        }
+
+        if (!is_array($detailsPayload)) {
+            $this->failValidationErrors('details must be an array or object.');
+            return null;
+        }
+
+        if ($this->isDetailOpsPayload($detailsPayload)) {
+            $createdItems = $this->normalizeDetailList($detailsPayload['created'] ?? [], 'details.created');
+            if ($createdItems === null) { return null; }
+            $editedItems = $this->normalizeDetailList($detailsPayload['edited'] ?? [], 'details.edited');
+            if ($editedItems === null) { return null; }
+            $deletedIds = $this->normalizeDetailIds($detailsPayload['deleted'] ?? []);
+            if ($deletedIds === null) { return null; }
+
+            return ['created' => $createdItems, 'edited' => $editedItems, 'deleted' => $deletedIds];
+        }
+
+        if ($this->isListPayload($detailsPayload)) {
+            $items = $this->normalizeDetailList($detailsPayload, 'details');
+            if ($items === null) { return null; }
+            return ['created' => $items, 'edited' => [], 'deleted' => []];
+        }
+
+        if ($this->isAssocArray($detailsPayload)) {
+            $items = $this->normalizeDetailList([$detailsPayload], 'details');
+            if ($items === null) { return null; }
+            return ['created' => $items, 'edited' => [], 'deleted' => []];
+        }
+
+        $this->failValidationErrors('details must be an array of objects or contain created/edited/deleted arrays.');
+        return null;
+    }
+
+    private function applyDetailOperations(int $testMapID, array $operations): bool
+    {
+        if (!empty($operations['edited']) && !$this->updateDetails($testMapID, $operations['edited'])) {
+            return false;
+        }
+
+        if (!empty($operations['deleted']) && !$this->softDeleteDetails($testMapID, $operations['deleted'])) {
+            return false;
+        }
+
+        if (!empty($operations['created']) && !$this->insertDetailRows($testMapID, $operations['created'])) {
+            return false;
+        }
+
+        return true;
+    }
+
+    private function insertDetailRows(int $testMapID, array $items): bool
+    {
+        if (empty($items)) {
+            return true;
+        }
+
+        $prepared = [];
+        foreach ($items as $index => $item) {
+            if (!$this->validateData($item, $this->detailRules)) {
+                $this->failValidationErrors(['details.created' => $this->validator->getErrors()]);
+                return false;
+            }
+            $prepared[] = array_merge(['TestMapID' => $testMapID], $item);
+        }
+
+        $this->modelDetail->insertBatch($prepared);
+        return true;
+    }
+
+    private function updateDetails(int $testMapID, array $items): bool
+    {
+        foreach ($items as $index => $detail) {
+            $detailID = $detail['TestMapDetailID'] ?? null;
+            if (!$detailID || !ctype_digit((string) $detailID)) {
+                $this->failValidationErrors("details.edited[{$index}].TestMapDetailID is required and must be an integer.");
+                return false;
+            }
+
+            if (array_key_exists('TestMapID', $detail) && (int) $detail['TestMapID'] !== $testMapID) {
+                $this->failValidationErrors("details.edited[{$index}] must belong to TestMap {$testMapID}.");
+                return false;
+            }
+
+            $existing = $this->modelDetail->where('TestMapDetailID', $detailID)
+                ->where('TestMapID', $testMapID)
+                ->where('EndDate', null)
+                ->first();
+
+            if (empty($existing)) {
+                $this->failValidationErrors("Detail record {$detailID} not found for this test map.");
+                return false;
+            }
+
+            $updateData = array_intersect_key($detail, array_flip($this->detailFields));
+            if ($updateData === []) {
+                continue;
+            }
+
+            if (!$this->validateData($updateData, $this->detailPatchRules)) {
+                $this->failValidationErrors($this->validator->getErrors());
+                return false;
+            }
+
+            $this->modelDetail->update($detailID, $updateData);
+        }
+
+        return true;
+    }
+
+    private function softDeleteDetails(int $testMapID, array $ids): bool
+    {
+        if (empty($ids)) {
+            return true;
+        }
+
+        $existing = $this->modelDetail->select('TestMapDetailID')
+            ->whereIn('TestMapDetailID', $ids)
+            ->where('TestMapID', $testMapID)
+            ->where('EndDate', null)
+            ->findAll();
+
+        $foundIds = array_column($existing, 'TestMapDetailID');
+        $missing = array_diff($ids, $foundIds);
+        if (!empty($missing)) {
+            $this->failValidationErrors('Some detail IDs do not exist or belong to another test map: ' . implode(', ', $missing));
+            return false;
+        }
+
+        $this->modelDetail->whereIn('TestMapDetailID', $ids)
+            ->where('TestMapID', $testMapID)
+            ->where('EndDate', null)
+            ->set('EndDate', date('Y-m-d H:i:s'))
+            ->update();
+
+        return true;
+    }
+
+    private function isDetailOpsPayload(array $payload): bool
+    {
+        return (bool) array_intersect(array_keys($payload), ['created', 'edited', 'deleted']);
+    }
+
+    private function isListPayload(array $payload): bool
+    {
+        if ($payload === []) {
+            return true;
+        }
+        return array_keys($payload) === range(0, count($payload) - 1);
+    }
+
+    private function isAssocArray(array $payload): bool
+    {
+        if ($payload === []) {
+            return false;
+        }
+        return array_keys($payload) !== range(0, count($payload) - 1);
+    }
+
+    private function normalizeDetailList(mixed $value, string $fieldPath): ?array
+    {
+        if ($value === null) {
+            return [];
+        }
+
+        if (!is_array($value)) {
+            $this->failValidationErrors("{$fieldPath} must be an array of objects.");
+            return null;
+        }
+
+        if ($value !== [] && $this->isAssocArray($value)) {
+            $value = [$value];
+        }
+
+        $results = [];
+        foreach ($value as $index => $item) {
+            if (!is_array($item)) {
+                $this->failValidationErrors("{$fieldPath}[{$index}] must be an object.");
+                return null;
+            }
+            $results[] = $item;
+        }
+
+        return $results;
+    }
+
+    private function normalizeDetailIds(mixed $value): ?array
+    {
+        if ($value === null) {
+            return [];
+        }
+
+        if (!is_array($value)) {
+            $value = [$value];
+        }
+
+        $results = [];
+        foreach ($value as $index => $item) {
+            if (!ctype_digit((string) $item)) {
+                $this->failValidationErrors("details.deleted[{$index}] must be an integer.");
+                return null;
+            }
+            $results[] = (int) $item;
+        }
+
+        return array_values(array_unique($results));
+    }
+
+    public function batchCreate() {
+        $items = $this->request->getJSON(true);
+        if (!is_array($items)) { return $this->failValidationErrors('Expected array of items'); }
+        
+        $results = ['success' => [], 'failed' => []];
+        $this->db->transStart();
+        
+        foreach ($items as $index => $item) {
+            if (!$this->validateData($item, $this->rules)) {
+                $results['failed'][] = ['index' => $index, 'errors' => $this->validator->getErrors()];
+                continue;
+            }
+            try {
+                $id = $this->model->insert($item);
+                $results['success'][] = ['index' => $index, 'TestMapID' => $id];
+            } catch (\Exception $e) {
+                $results['failed'][] = ['index' => $index, 'error' => $e->getMessage()];
+            }
+        }
+        
+        $this->db->transComplete();
+        return $this->respond([
+            'status' => empty($results['failed']) ? 'success' : 'partial',
+            'message' => 'Batch create completed',
+            'data' => $results
+        ], 200);
+    }
+
+    public function batchUpdate() {
+        $items = $this->request->getJSON(true);
+        if (!is_array($items)) { return $this->failValidationErrors('Expected array of items'); }
+        
+        $results = ['success' => [], 'failed' => []];
+        $this->db->transStart();
+        
+        foreach ($items as $index => $item) {
+            $id = $item['TestMapID'] ?? null;
+            if (!$id) {
+                $results['failed'][] = ['index' => $index, 'error' => 'TestMapID required'];
+                continue;
+            }
+            if (!$this->validateData($item, $this->rules)) {
+                $results['failed'][] = ['index' => $index, 'errors' => $this->validator->getErrors()];
+                continue;
+            }
+            try {
+                $this->model->update($id, $item);
+                $results['success'][] = ['index' => $index, 'TestMapID' => $id];
+            } catch (\Exception $e) {
+                $results['failed'][] = ['index' => $index, 'error' => $e->getMessage()];
+            }
+        }
+        
+        $this->db->transComplete();
+        return $this->respond([
+            'status' => empty($results['failed']) ? 'success' : 'partial',
+            'message' => 'Batch update completed',
+            'data' => $results
+        ], 200);
+    }
+
+    public function batchDelete() {
+        $ids = $this->request->getJSON(true);
+        if (!is_array($ids)) { return $this->failValidationErrors('Expected array of TestMapIDs'); }
+        
+        $results = ['success' => [], 'failed' => []];
+        $this->db->transStart();
+        
+        foreach ($ids as $id) {
+            try {
+            $row = $this->model->where('TestMapID', $id)->where('EndDate', null)->first();
+                if (empty($row)) {
+                    $results['failed'][] = ['TestMapID' => $id, 'error' => 'Not found or already deleted'];
+                    continue;
+                }
+                $this->model->update($id, ['EndDate' => date('Y-m-d H:i:s')]);
+                $results['success'][] = $id;
+            } catch (\Exception $e) {
+                $results['failed'][] = ['TestMapID' => $id, 'error' => $e->getMessage()];
+            }
+        }
+        
+        $this->db->transComplete();
+        return $this->respond([
+            'status' => empty($results['failed']) ? 'success' : 'partial',
+            'message' => 'Batch delete completed',
+            'data' => $results
+        ], 200);
+    }
+
+}

app/Controllers/Test/TestMapDetailController.php

@@ -0,0 +1,286 @@
+<?php
+
+namespace App\Controllers\Test;
+
+use App\Controllers\BaseController;
+use App\Traits\PatchValidationTrait;
+use App\Traits\ResponseTrait;
+use App\Models\Test\TestMapDetailModel;
+
+class TestMapDetailController extends BaseController {
+    use ResponseTrait;
+    use PatchValidationTrait;
+
+    protected $db;
+    protected $rules;
+    protected $patchRules;
+    protected $model;
+
+    public function __construct() {
+        $this->db = \Config\Database::connect();
+        $this->model = new TestMapDetailModel;
+        $this->rules = [
+            'TestMapID' => 'required|integer',
+            'HostTestCode' => 'permit_empty|max_length[10]',
+            'HostTestName' => 'permit_empty|max_length[100]',
+            'ConDefID' => 'permit_empty|integer',
+            'ClientTestCode' => 'permit_empty|max_length[10]',
+            'ClientTestName' => 'permit_empty|max_length[100]',
+        ];
+        $this->patchRules = [
+            'TestMapID' => 'permit_empty|integer',
+            'HostTestCode' => 'permit_empty|max_length[10]',
+            'HostTestName' => 'permit_empty|max_length[100]',
+            'ConDefID' => 'permit_empty|integer',
+            'ClientTestCode' => 'permit_empty|max_length[10]',
+            'ClientTestName' => 'permit_empty|max_length[100]',
+        ];
+    }
+
+    public function index() {
+        $testMapID = $this->request->getGet('TestMapID');
+        
+        if ($testMapID) {
+            $rows = $this->model->getDetailsByTestMap($testMapID);
+        } else {
+            $rows = $this->model->where('EndDate', null)->findAll();
+        }
+        
+        if (empty($rows)) { 
+            return $this->respond([ 'status'  => 'success', 'message' => "no Data.", 'data' => [] ], 200); 
+        }
+
+        return $this->respond([ 'status' => 'success', 'message'=> "Data fetched successfully", 'data' => $rows ], 200);
+    }
+
+    public function show($id = null) {
+        if (!$id) {
+            return $this->failValidationErrors('TestMapDetailID is required.');
+        }
+        
+                $row = $this->model->where('TestMapDetailID', $id)->where('EndDate', null)->first();
+        
+        if (empty($row)) { 
+            return $this->respond([ 'status'  => 'success', 'message' => "no Data.", 'data' => null ], 200); 
+        }
+
+        return $this->respond([ 'status' => 'success', 'message'=> "Data fetched successfully", 'data' => $row ], 200);
+    }
+
+    public function showByTestMap($testMapID = null) {
+        if (!$testMapID) { 
+            return $this->failValidationErrors('TestMapID is required.'); 
+        }
+        
+        $rows = $this->model->getDetailsByTestMap($testMapID);
+        
+        if (empty($rows)) { 
+            return $this->respond([ 'status'  => 'success', 'message' => "no Data.", 'data' => [] ], 200); 
+        }
+
+        return $this->respond([ 'status' => 'success', 'message'=> "Data fetched successfully", 'data' => $rows ], 200);
+    }
+
+    public function create() {
+        $input = $this->request->getJSON(true);
+        
+        if (!$this->validateData($input, $this->rules)) { 
+            return $this->failValidationErrors($this->validator->getErrors()); 
+        }
+        
+        try {
+            $id = $this->model->insert($input);
+            return $this->respondCreated([ 
+                'status'  => 'success', 
+                'message' => "data created successfully", 
+                'data' => $id 
+            ]);
+        } catch (\Exception $e) {
+            return $this->failServerError('Something went wrong: ' . $e->getMessage());
+        }
+    }
+
+    public function update($TestMapDetailID = null) {
+        $input = $this->requirePatchPayload($this->request->getJSON(true));
+        if ($input === null) {
+            return;
+        }
+
+        $id = $this->requirePatchId($TestMapDetailID, 'TestMapDetailID');
+        if ($id === null) {
+            return;
+        }
+
+        $existing = $this->model->where('TestMapDetailID', $id)->where('EndDate', null)->first();
+        if (!$existing) {
+            return $this->respond([ 'status' => 'failed', 'message' => 'Test map detail not found', 'data' => [] ], 404);
+        }
+
+        if (isset($input['TestMapDetailID']) && (string) $input['TestMapDetailID'] !== (string) $id) {
+            return $this->failValidationErrors('TestMapDetailID in URL does not match body.');
+        }
+
+        $input['TestMapDetailID'] = $id;
+        $validationInput = array_intersect_key($input, $this->patchRules);
+        if (!empty($validationInput) && !$this->validateData($validationInput, $this->patchRules)) { 
+            return $this->failValidationErrors($this->validator->getErrors()); 
+        }
+
+        try {
+            $this->model->update($id, $input);
+            return $this->respond([
+                'status'  => 'success', 
+                'message' => 'data updated successfully', 
+                'data' => $id 
+            ], 200);
+        } catch (\Exception $e) {
+            return $this->failServerError('Something went wrong: ' . $e->getMessage());
+        }
+    }
+
+    public function delete() {
+        $input = $this->request->getJSON(true);
+        $id = $input["TestMapDetailID"] ?? null;
+        
+        if (!$id) { 
+            return $this->failValidationErrors('TestMapDetailID is required.'); 
+        }
+        
+        try {
+            $row = $this->model->where('TestMapDetailID', $id)->where('EndDate', null)->first();
+            
+            if (empty($row)) { 
+                return $this->respond([ 
+                    'status'  => 'failed', 
+                    'message' => "Data not found or already deleted.", 
+                    'data' => null 
+                ], 404); 
+            }
+            
+            $this->model->update($id, ['EndDate' => date('Y-m-d H:i:s')]);
+            
+            return $this->respond([ 
+                'status'  => 'success', 
+                'message' => "data deleted successfully", 
+                'data' => $id 
+            ], 200);
+        } catch (\Exception $e) {
+            return $this->failServerError('Something went wrong: ' . $e->getMessage());
+        }
+    }
+
+    public function batchCreate() {
+        $items = $this->request->getJSON(true);
+        
+        if (!is_array($items)) { 
+            return $this->failValidationErrors('Expected array of items'); 
+        }
+        
+        $results = ['success' => [], 'failed' => []];
+        $this->db->transStart();
+        
+        foreach ($items as $index => $item) {
+            if (!$this->validateData($item, $this->rules)) {
+                $results['failed'][] = ['index' => $index, 'errors' => $this->validator->getErrors()];
+                continue;
+            }
+            try {
+                $id = $this->model->insert($item);
+                $results['success'][] = ['index' => $index, 'TestMapDetailID' => $id];
+            } catch (\Exception $e) {
+                $results['failed'][] = ['index' => $index, 'error' => $e->getMessage()];
+            }
+        }
+        
+        $this->db->transComplete();
+        
+        return $this->respond([
+            'status' => empty($results['failed']) ? 'success' : 'partial',
+            'message' => 'Batch create completed',
+            'data' => $results
+        ], 200);
+    }
+
+    public function batchUpdate() {
+        $items = $this->request->getJSON(true);
+        
+        if (!is_array($items)) { 
+            return $this->failValidationErrors('Expected array of items'); 
+        }
+        
+        $results = ['success' => [], 'failed' => []];
+        $this->db->transStart();
+        
+        foreach ($items as $index => $item) {
+            $id = $item['TestMapDetailID'] ?? null;
+            
+            if (!$id) {
+                $results['failed'][] = ['index' => $index, 'error' => 'TestMapDetailID required'];
+                continue;
+            }
+
+            $updateData = $item;
+            unset($updateData['TestMapDetailID']);
+
+            if ($updateData === []) {
+                $results['failed'][] = ['index' => $index, 'error' => 'No fields to update'];
+                continue;
+            }
+            
+            if (!$this->validateData($updateData, $this->patchRules)) {
+                $results['failed'][] = ['index' => $index, 'errors' => $this->validator->getErrors()];
+                continue;
+            }
+            
+            try {
+                $this->model->update($id, $updateData);
+                $results['success'][] = ['index' => $index, 'TestMapDetailID' => $id];
+            } catch (\Exception $e) {
+                $results['failed'][] = ['index' => $index, 'error' => $e->getMessage()];
+            }
+        }
+        
+        $this->db->transComplete();
+        
+        return $this->respond([
+            'status' => empty($results['failed']) ? 'success' : 'partial',
+            'message' => 'Batch update completed',
+            'data' => $results
+        ], 200);
+    }
+
+    public function batchDelete() {
+        $ids = $this->request->getJSON(true);
+        
+        if (!is_array($ids)) { 
+            return $this->failValidationErrors('Expected array of TestMapDetailIDs'); 
+        }
+        
+        $results = ['success' => [], 'failed' => []];
+        $this->db->transStart();
+        
+        foreach ($ids as $id) {
+            try {
+        $row = $this->model->where('TestMapDetailID', $id)->where('EndDate', null)->first();
+                
+                if (empty($row)) {
+                    $results['failed'][] = ['TestMapDetailID' => $id, 'error' => 'Not found or already deleted'];
+                    continue;
+                }
+                
+                $this->model->update($id, ['EndDate' => date('Y-m-d H:i:s')]);
+                $results['success'][] = $id;
+            } catch (\Exception $e) {
+                $results['failed'][] = ['TestMapDetailID' => $id, 'error' => $e->getMessage()];
+            }
+        }
+        
+        $this->db->transComplete();
+        
+        return $this->respond([
+            'status' => empty($results['failed']) ? 'success' : 'partial',
+            'message' => 'Batch delete completed',
+            'data' => $results
+        ], 200);
+    }
+}

app/Controllers/Test/TestsController.php

@@ -0,0 +1,735 @@
+<?php
+
+namespace App\Controllers\Test;
+
+use App\Controllers\BaseController;
+use App\Libraries\TestValidationService;
+use App\Libraries\ValueSet;
+use App\Traits\PatchValidationTrait;
+use App\Traits\ResponseTrait;
+
+class TestsController extends BaseController
+{
+    use ResponseTrait;
+    use PatchValidationTrait;
+
+    protected $model;
+    protected $modelCal;
+    protected $modelGrp;
+    protected $modelMap;
+    protected $modelMapDetail;
+    protected $modelRefNum;
+    protected $modelRefTxt;
+    protected $rules;
+
+    public function __construct()
+    {
+        $this->model = new \App\Models\Test\TestDefSiteModel;
+        $this->modelCal = new \App\Models\Test\TestDefCalModel;
+        $this->modelGrp = new \App\Models\Test\TestDefGrpModel;
+        $this->modelMap = new \App\Models\Test\TestMapModel;
+        $this->modelMapDetail = new \App\Models\Test\TestMapDetailModel;
+        $this->modelRefNum = new \App\Models\RefRange\RefNumModel;
+        $this->modelRefTxt = new \App\Models\RefRange\RefTxtModel;
+
+        $this->rules = [
+            'TestSiteCode' => 'required',
+            'TestSiteName' => 'required',
+            'TestType'     => 'required',
+        ];
+    }
+
+    public function index()
+    {
+        $search = $this->request->getGet('search');
+        
+        $filters = [
+            'SiteID' => $this->request->getGet('SiteID'),
+            'TestType' => $this->request->getGet('TestType'),
+            'isVisibleScr' => $this->request->getGet('isVisibleScr'),
+            'isVisibleRpt' => $this->request->getGet('isVisibleRpt'),
+            'TestSiteName' => $this->request->getGet('TestSiteName'),
+            'TestSiteCode' => $this->request->getGet('TestSiteCode'),
+            'search' => $search,
+        ];
+
+        $rows = $this->model->getTestsWithRelations($filters);
+
+        if (empty($rows)) {
+            return $this->respond([
+                'status'  => 'success',
+                'message' => 'No data.',
+                'data'    => [],
+            ], 200);
+        }
+
+        $rows = ValueSet::transformLabels($rows, [
+            'TestType' => 'test_type',
+        ]);
+
+        return $this->respond([
+            'status'  => 'success',
+            'message' => 'Data fetched successfully',
+            'data'    => $rows,
+        ], 200);
+    }
+
+    public function show($id = null)
+    {
+        if (!$id) {
+            return $this->failValidationErrors('TestSiteID is required');
+        }
+
+        $row = $this->model->getTestById($id);
+
+        if (!$row) {
+            return $this->respond([
+                'status'  => 'success',
+                'message' => 'No data.',
+                'data'    => null,
+            ], 200);
+        }
+
+        $typeCode = $row['TestType'] ?? '';
+
+        if ($typeCode === 'CALC') {
+            $row['testdefcal'] = $this->modelCal->getByTestSiteID($id);
+            $row['testdefgrp'] = [
+                'members' => $this->modelGrp->getGroupMembers($id),
+            ];
+        } elseif ($typeCode === 'GROUP') {
+            $row['testdefgrp'] = [
+                'members' => $this->modelGrp->getGroupMembers($id),
+            ];
+        } elseif ($typeCode !== 'TITLE') {
+            $refType = $row['RefType'] ?? '';
+            $resultType = $row['ResultType'] ?? '';
+
+            if (TestValidationService::usesRefNum($resultType, $refType)) {
+                $row['refnum'] = $this->modelRefNum->getFormattedByTestSiteID($id);
+            }
+
+            if (TestValidationService::usesRefTxt($resultType, $refType)) {
+                $row['reftxt'] = $this->modelRefTxt->getFormattedByTestSiteID($id);
+            }
+        }
+
+        // Keep /api/test payload focused on test definition fields.
+        unset($row['testmap']);
+
+        return $this->respond([
+            'status'  => 'success',
+            'message' => 'Data fetched successfully',
+            'data'    => $row,
+        ], 200);
+    }
+
+    public function create()
+    {
+        $input = $this->request->getJSON(true);
+
+        if (!$this->validateData($input, $this->rules)) {
+            return $this->failValidationErrors($this->validator->getErrors());
+        }
+
+        $testType = $input['TestType'] ?? '';
+        $details = $input['details'] ?? $input;
+        $resultType = $details['ResultType'] ?? '';
+        $refType = $details['RefType'] ?? '';
+
+        if (TestValidationService::isCalc($testType)) {
+            $resultType = 'NMRIC';
+            $refType = $refType ?: 'RANGE';
+        } elseif (TestValidationService::isGroup($testType) || TestValidationService::isTitle($testType)) {
+            $resultType = 'NORES';
+            $refType = 'NOREF';
+        }
+
+        if ($resultType && $refType) {
+            $validation = TestValidationService::validate($testType, $resultType, $refType);
+            if (!$validation['valid']) {
+                return $this->failValidationErrors(['type_validation' => $validation['error']]);
+            }
+        }
+
+        $db = \Config\Database::connect();
+        $db->transStart();
+
+        try {
+            $testSiteData = [
+                'SiteID'      => array_key_exists('SiteID', $input) ? $input['SiteID'] : null,
+                'TestSiteCode'=> $input['TestSiteCode'],
+                'TestSiteName'=> $input['TestSiteName'],
+                'TestType'    => $input['TestType'],
+                'Description' => $input['Description'] ?? null,
+                'SeqScr'      => array_key_exists('SeqScr', $input) ? $input['SeqScr'] : null,
+                'SeqRpt'      => array_key_exists('SeqRpt', $input) ? $input['SeqRpt'] : null,
+                'IndentLeft'  => $input['IndentLeft'] ?? 0,
+                'FontStyle'   => $input['FontStyle'] ?? null,
+                'isVisibleScr'  => $input['isVisibleScr'] ?? 1,
+                'isVisibleRpt'  => $input['isVisibleRpt'] ?? 1,
+                'isCountStat'   => $input['isCountStat'] ?? 1,
+                'isRequestable' => $input['isRequestable'] ?? 1,
+                'StartDate'   => $input['StartDate'] ?? date('Y-m-d H:i:s'),
+            ];
+
+            $id = $this->model->insert($testSiteData);
+            if (!$id) {
+                $dbError = $db->error();
+                log_message('error', 'Test insert failed: ' . json_encode($dbError, JSON_UNESCAPED_SLASHES));
+                $message = $dbError['message'] ?? 'Failed to insert main test definition';
+                throw new \Exception('Failed to insert main test definition: ' . $message);
+            }
+
+            $this->handleDetails($id, $input, 'insert');
+
+            $db->transComplete();
+
+            if ($db->transStatus() === false) {
+                $dbError = $db->error();
+                $lastQuery = $db->showLastQuery();
+                log_message('error', 'TestController transaction failed: ' . json_encode([
+                    'error' => $dbError,
+                    'last_query' => $lastQuery,
+                ], JSON_UNESCAPED_SLASHES));
+                return $this->failServerError('Transaction failed');
+            }
+
+            return $this->respondCreated([
+                'status'  => 'success',
+                'message' => 'Test created successfully',
+                'data'    => ['TestSiteId' => $id],
+            ]);
+        } catch (\Exception $e) {
+            $db->transRollback();
+
+            return $this->failServerError('Something went wrong: ' . $e->getMessage());
+        }
+    }
+
+    public function update($id = null)
+    {
+        $input = $this->requirePatchPayload($this->request->getJSON(true));
+        if ($input === null) {
+            return;
+        }
+
+        if (!$id && isset($input['TestSiteID'])) {
+            $id = $input['TestSiteID'];
+        }
+
+        $id = $this->requirePatchId($id, 'TestSiteID');
+        if ($id === null) {
+            return;
+        }
+
+        $existing = $this->model->find($id);
+        if (!$existing) {
+            return $this->respond([
+                'status' => 'failed',
+                'message' => 'Test not found',
+                'data' => []
+            ], 404);
+        }
+
+        $testType = $input['TestType'] ?? $existing['TestType'] ?? '';
+        $details = $input['details'] ?? $input;
+        $resultType = $details['ResultType'] ?? $existing['ResultType'] ?? '';
+        $refType = $details['RefType'] ?? $existing['RefType'] ?? '';
+
+        if (TestValidationService::isCalc($testType)) {
+            $resultType = 'NMRIC';
+            $refType = $refType ?: 'RANGE';
+        } elseif (TestValidationService::isGroup($testType) || TestValidationService::isTitle($testType)) {
+            $resultType = 'NORES';
+            $refType = 'NOREF';
+        }
+
+        if ($resultType && $refType) {
+            $validation = TestValidationService::validate($testType, $resultType, $refType);
+            if (!$validation['valid']) {
+                return $this->failValidationErrors(['type_validation' => $validation['error']]);
+            }
+        }
+
+        $db = \Config\Database::connect();
+        $db->transStart();
+
+        try {
+            $testSiteData = [];
+            $allowedUpdateFields = [
+                'TestSiteCode',
+                'TestSiteName',
+                'TestType',
+                'Description',
+                'SeqScr',
+                'SeqRpt',
+                'IndentLeft',
+                'FontStyle',
+            'isVisibleScr',
+            'isVisibleRpt',
+            'isCountStat',
+            'isRequestable',
+            'StartDate',
+        ];
+
+            foreach ($allowedUpdateFields as $field) {
+                if (array_key_exists($field, $input)) {
+                    $testSiteData[$field] = $input[$field];
+                }
+            }
+
+            if (!empty($testSiteData)) {
+                $this->model->update($id, $testSiteData);
+            }
+
+            $this->handleDetails($id, $input, 'update');
+
+            $db->transComplete();
+
+            if ($db->transStatus() === false) {
+                return $this->failServerError('Transaction failed');
+            }
+
+            return $this->respond([
+                'status'  => 'success',
+                'message' => 'Test updated successfully',
+                'data'    => ['TestSiteId' => $id],
+            ]);
+        } catch (\Exception $e) {
+            $db->transRollback();
+
+            return $this->failServerError('Something went wrong: ' . $e->getMessage());
+        }
+    }
+
+    public function delete($id = null)
+    {
+        $input = $this->request->getJSON(true);
+
+        if (!$id && isset($input['TestSiteID'])) {
+            $id = $input['TestSiteID'];
+        }
+        if (!$id) {
+            return $this->failValidationErrors('TestSiteID is required.');
+        }
+
+        $existing = $this->model->find($id);
+        if (!$existing) {
+            return $this->failNotFound('Test not found');
+        }
+
+        if (!empty($existing['EndDate'])) {
+            return $this->failValidationErrors('Test is already disabled');
+        }
+
+        $db = \Config\Database::connect();
+        $db->transStart();
+
+        try {
+            $now = date('Y-m-d H:i:s');
+
+            $this->model->update($id, ['EndDate' => $now]);
+
+            $testType = $existing['TestType'];
+            $typeCode = $testType;
+
+            if (TestValidationService::isCalc($typeCode)) {
+                $this->modelCal->disableByTestSiteID($id);
+                $this->modelGrp->disableByTestSiteID($id);
+            } elseif (TestValidationService::isGroup($typeCode)) {
+                $this->modelGrp->disableByTestSiteID($id);
+            } elseif (TestValidationService::isTechnicalTest($typeCode)) {
+                $this->modelRefNum->disableByTestSiteID($id);
+                $this->modelRefTxt->disableByTestSiteID($id);
+            }
+
+            // Disable testmap by test code
+            $testSiteCode = $existing['TestSiteCode'] ?? null;
+            if ($testSiteCode) {
+                $existingMaps = $this->modelMap->getMappingsByTestCode($testSiteCode);
+                foreach ($existingMaps as $existingMap) {
+                    $this->modelMapDetail->disableByTestMapID($existingMap['TestMapID']);
+                    $this->modelMap->update($existingMap['TestMapID'], ['EndDate' => $now]);
+                }
+            }
+
+            $db->transComplete();
+
+            if ($db->transStatus() === false) {
+                return $this->failServerError('Transaction failed');
+            }
+
+            return $this->respond([
+                'status'  => 'success',
+                'message' => 'Test disabled successfully',
+                'data'    => ['TestSiteId' => $id, 'EndDate' => $now],
+            ]);
+        } catch (\Exception $e) {
+            $db->transRollback();
+
+            return $this->failServerError('Something went wrong: ' . $e->getMessage());
+        }
+    }
+
+    private function handleDetails($testSiteID, $input, $action)
+    {
+        $testTypeID = $input['TestType'] ?? null;
+        $testSiteCode = null;
+
+        if (!$testTypeID && $action === 'update') {
+            $existing = $this->model->find($testSiteID);
+            $testTypeID = $existing['TestType'] ?? null;
+            $testSiteCode = $existing['TestSiteCode'] ?? null;
+        }
+
+        if (!$testTypeID) {
+            return;
+        }
+
+        $typeCode = $testTypeID;
+
+        $details = $input['details'] ?? $input;
+        $details['TestSiteID'] = $testSiteID;
+        $details['SiteID'] = array_key_exists('SiteID', $input) ? $input['SiteID'] : null;
+
+        switch ($typeCode) {
+            case 'CALC':
+                $this->saveCalcDetails($testSiteID, $details, $input, $action);
+
+                break;
+
+            case 'GROUP':
+                $this->saveGroupDetails($testSiteID, $details, $input, $action);
+
+                break;
+
+            case 'TITLE':
+                break;
+
+            case 'TEST':
+            case 'PARAM':
+            default:
+                $this->saveTechDetails($testSiteID, $details, $action, $typeCode);
+
+                if (in_array($typeCode, ['TEST', 'PARAM']) && isset($details['RefType'])) {
+                    $refType = (string) $details['RefType'];
+                    $resultType = $details['ResultType'] ?? '';
+
+                    if (TestValidationService::usesRefNum($resultType, $refType) && isset($input['refnum']) && is_array($input['refnum'])) {
+                        $this->saveRefNumRanges($testSiteID, $input['refnum'], $action, array_key_exists('SiteID', $input) ? $input['SiteID'] : null);
+                    }
+
+                    if (TestValidationService::usesRefTxt($resultType, $refType) && isset($input['reftxt']) && is_array($input['reftxt'])) {
+                        $this->saveRefTxtRanges($testSiteID, $input['reftxt'], $action, array_key_exists('SiteID', $input) ? $input['SiteID'] : null);
+                    }
+                }
+
+                break;
+        }
+
+    }
+
+    private function saveTechDetails($testSiteID, $data, $action, $typeCode)
+    {
+        $allowedFields = [
+            'DisciplineID',
+            'DepartmentID',
+            'ResultType',
+            'RefType',
+            'VSet',
+            'ReqQty',
+            'ReqQtyUnit',
+            'Unit1',
+            'Factor',
+            'Unit2',
+            'Decimal',
+            'CollReq',
+            'Method',
+            'ExpectedTAT',
+        ];
+
+        $techData = [];
+        foreach ($allowedFields as $field) {
+            if (array_key_exists($field, $data)) {
+                $techData[$field] = $data[$field];
+            }
+        }
+
+        if ($techData !== []) {
+            $this->model->update($testSiteID, $techData);
+        }
+    }
+
+    private function saveRefNumRanges($testSiteID, $ranges, $action, $siteID)
+    {
+        if ($action === 'update') {
+            $this->modelRefNum->disableByTestSiteID($testSiteID);
+        }
+
+        $this->modelRefNum->batchInsert($testSiteID, $siteID, $ranges);
+    }
+
+    private function saveRefTxtRanges($testSiteID, $ranges, $action, $siteID)
+    {
+        if ($action === 'update') {
+            $this->modelRefTxt->disableByTestSiteID($testSiteID);
+        }
+
+        $this->modelRefTxt->batchInsert($testSiteID, $siteID, $ranges);
+    }
+
+    private function saveCalcDetails($testSiteID, $data, $input, $action)
+    {
+        $calcData = [];
+        $fieldMap = [
+            'DisciplineID' => 'DisciplineID',
+            'DepartmentID' => 'DepartmentID',
+            'Factor' => 'Factor',
+            'Unit2' => 'Unit2',
+            'Decimal' => 'Decimal',
+            'Method' => 'Method',
+        ];
+
+        foreach ($fieldMap as $source => $target) {
+            if (array_key_exists($source, $data)) {
+                $calcData[$target] = $data[$source];
+            }
+        }
+
+        if (array_key_exists('FormulaCode', $data) || array_key_exists('Formula', $data)) {
+            $calcData['FormulaCode'] = $data['FormulaCode'] ?? $data['Formula'] ?? null;
+        }
+
+        if (array_key_exists('RefType', $data)) {
+            $calcData['RefType'] = $data['RefType'];
+        }
+
+        if (array_key_exists('Unit1', $data) || array_key_exists('ResultUnit', $data)) {
+            $calcData['Unit1'] = $data['Unit1'] ?? $data['ResultUnit'] ?? null;
+        }
+
+        $hasMemberPayload = isset($input['testdefgrp'])
+            && is_array($input['testdefgrp'])
+            && array_key_exists('members', $input['testdefgrp']);
+
+        if ($action === 'insert' && !array_key_exists('ResultType', $calcData)) {
+            $calcData['ResultType'] = 'NMRIC';
+        }
+
+        if ($action === 'insert' && !array_key_exists('RefType', $calcData)) {
+            $calcData['RefType'] = 'RANGE';
+        }
+
+        if ($calcData !== []) {
+            $calcData['TestSiteID'] = $testSiteID;
+            if ($action === 'update') {
+                $exists = $this->modelCal->existsByTestSiteID($testSiteID);
+
+                if ($exists) {
+                    unset($calcData['TestSiteID']);
+                    $this->modelCal->update($exists['TestCalID'], $calcData);
+                } else {
+                    if (!array_key_exists('ResultType', $calcData)) {
+                        $calcData['ResultType'] = 'NMRIC';
+                    }
+                    if (!array_key_exists('RefType', $calcData)) {
+                        $calcData['RefType'] = 'RANGE';
+                    }
+                    $this->modelCal->insert($calcData);
+                }
+            } else {
+                $this->modelCal->insert($calcData);
+            }
+        }
+
+        if ($action === 'update' && !$hasMemberPayload) {
+            return;
+        }
+
+        if ($action === 'update') {
+            $this->modelGrp->disableByTestSiteID($testSiteID);
+        }
+
+        $memberIDs = $this->resolveMemberIDs($input);
+
+        $validation = $this->validateMemberIDs($memberIDs);
+        if (!$validation['valid']) {
+            throw new \Exception('Invalid member TestSiteID(s): ' . implode(', ', $validation['invalid']) . '. Make sure to use TestSiteID, not SeqScr or other values.');
+        }
+
+        foreach ($memberIDs as $memberID) {
+            $this->modelGrp->insert([
+                'TestSiteID' => $testSiteID,
+                'Member'     => $memberID,
+            ]);
+        }
+    }
+
+    private function resolveMemberIDs(array $input): array
+    {
+        $memberIDs = [];
+
+        $rawMembers = $input['testdefgrp']['members'] ?? [];
+        if (is_array($rawMembers)) {
+            foreach ($rawMembers as $member) {
+                if (is_array($member)) {
+                    $rawID = $member['TestSiteID'] ?? null;
+                } else {
+                    $rawID = is_numeric($member) ? $member : null;
+                }
+
+                if ($rawID !== null && is_numeric($rawID)) {
+                    $memberIDs[] = (int) $rawID;
+                }
+            }
+        }
+
+        $memberIDs = array_values(array_unique(array_filter($memberIDs)));
+
+        return $memberIDs;
+    }
+
+    /**
+     * Validate that member IDs exist in testdefsite table
+     *
+     * @param array $memberIDs Array of TestSiteID values to validate
+     * @return array ['valid' => bool, 'invalid' => array]
+     */
+    private function validateMemberIDs(array $memberIDs): array
+    {
+        if (empty($memberIDs)) {
+            return ['valid' => true, 'invalid' => []];
+        }
+
+        $existing = $this->model->whereIn('TestSiteID', $memberIDs)
+                                ->where('EndDate IS NULL')
+                                ->findAll();
+
+        $existingIDs = array_column($existing, 'TestSiteID');
+        $invalidIDs = array_diff($memberIDs, $existingIDs);
+
+        return [
+            'valid' => empty($invalidIDs),
+            'invalid' => array_values($invalidIDs)
+        ];
+    }
+
+    private function saveGroupDetails($testSiteID, $data, $input, $action)
+    {
+        $hasMemberPayload = isset($input['testdefgrp'])
+            && is_array($input['testdefgrp'])
+            && array_key_exists('members', $input['testdefgrp']);
+
+        if ($action === 'update' && !$hasMemberPayload) {
+            return;
+        }
+
+        if ($action === 'update') {
+            $this->modelGrp->disableByTestSiteID($testSiteID);
+        }
+
+        $memberIDs = $this->resolveMemberIDs($input);
+
+        // Validate member IDs before insertion
+        $validation = $this->validateMemberIDs($memberIDs);
+        if (!$validation['valid']) {
+            throw new \Exception('Invalid member TestSiteID(s): ' . implode(', ', $validation['invalid']) . '. Make sure to use TestSiteID, not SeqScr or other values.');
+        }
+
+        foreach ($memberIDs as $memberID) {
+            $this->modelGrp->insert([
+                'TestSiteID' => $testSiteID,
+                'Member'     => $memberID,
+            ]);
+        }
+    }
+
+    private function saveTestMap($testSiteID, $testSiteCode, $mappings, $action)
+    {
+        if ($action === 'update' && $testSiteCode) {
+            // Find existing mappings by test code through testmapdetail
+            $existingMaps = $this->modelMap->getMappingsByTestCode($testSiteCode);
+
+            foreach ($existingMaps as $existingMap) {
+                $this->modelMapDetail->disableByTestMapID($existingMap['TestMapID']);
+            }
+
+            // Soft delete the testmap headers
+            foreach ($existingMaps as $existingMap) {
+                $this->modelMap->update($existingMap['TestMapID'], ['EndDate' => date('Y-m-d H:i:s')]);
+            }
+        }
+
+        foreach ($this->normalizeTestMapPayload($mappings) as $map) {
+            $mapData = [
+                'HostType'   => $map['HostType'] ?? null,
+                'HostID'     => $map['HostID'] ?? null,
+                'ClientType' => $map['ClientType'] ?? null,
+                'ClientID'   => $map['ClientID'] ?? null,
+            ];
+
+            $testMapID = $this->modelMap->insert($mapData);
+            if (!$testMapID) {
+                continue;
+            }
+
+            foreach ($this->extractTestMapDetails($map) as $detail) {
+                $detailData = [
+                    'TestMapID'      => $testMapID,
+                    'HostTestCode'   => $detail['HostTestCode'] ?? null,
+                    'HostTestName'   => $detail['HostTestName'] ?? null,
+                    'ConDefID'       => $detail['ConDefID'] ?? null,
+                    'ClientTestCode' => $detail['ClientTestCode'] ?? null,
+                    'ClientTestName' => $detail['ClientTestName'] ?? null,
+                ];
+                $this->modelMapDetail->insert($detailData);
+            }
+        }
+    }
+
+    private function normalizeTestMapPayload($mappings): array
+    {
+        if (!is_array($mappings)) {
+            return [];
+        }
+
+        if ($this->isAssoc($mappings)) {
+            return [$mappings];
+        }
+
+        return array_values(array_filter($mappings, static fn ($map) => is_array($map)));
+    }
+
+    private function extractTestMapDetails(array $map): array
+    {
+        if (isset($map['details']) && is_array($map['details'])) {
+            return array_values(array_filter($map['details'], static fn ($detail) => is_array($detail)));
+        }
+
+        $flatDetail = [
+            'HostTestCode'   => $map['HostTestCode'] ?? null,
+            'HostTestName'   => $map['HostTestName'] ?? null,
+            'ConDefID'       => $map['ConDefID'] ?? null,
+            'ClientTestCode' => $map['ClientTestCode'] ?? null,
+            'ClientTestName' => $map['ClientTestName'] ?? null,
+        ];
+
+        foreach ($flatDetail as $value) {
+            if ($value !== null && $value !== '') {
+                return [$flatDetail];
+            }
+        }
+
+        return [];
+    }
+
+    private function isAssoc(array $array): bool
+    {
+        if ($array === []) {
+            return false;
+        }
+
+        return array_keys($array) !== range(0, count($array) - 1);
+    }
+}