the beginning of the idiots

qwen/python/merchants_of_hope/api/v1/applications.py

@@ -0,0 +1,135 @@
+"""
+Applications API routes
+"""
+from fastapi import APIRouter, Depends, HTTPException, status
+from typing import List
+from pydantic import BaseModel
+from sqlalchemy.orm import Session
+
+from ..database import SessionLocal
+from ..models import Application, ApplicationStatus, User, JobPosting, Resume
+from ..config.settings import settings
+
+router = APIRouter()
+
+# Pydantic models for applications
+class ApplicationCreate(BaseModel):
+    job_posting_id: int
+    resume_id: int
+    cover_letter: str = None
+
+class ApplicationUpdate(BaseModel):
+    status: ApplicationStatus = None
+    cover_letter: str = None
+
+class ApplicationResponse(BaseModel):
+    id: int
+    user_id: int
+    job_posting_id: int
+    resume_id: int
+    cover_letter: str
+    status: str
+    created_at: str
+
+    class Config:
+        from_attributes = True
+
+@router.get("/", response_model=List[ApplicationResponse])
+async def get_applications(skip: int = 0, limit: int = 100):
+    """Get all applications"""
+    db = SessionLocal()
+    try:
+        applications = db.query(Application).offset(skip).limit(limit).all()
+        return applications
+    finally:
+        db.close()
+
+@router.get("/{application_id}", response_model=ApplicationResponse)
+async def get_application(application_id: int):
+    """Get a specific application"""
+    db = SessionLocal()
+    try:
+        application = db.query(Application).filter(Application.id == application_id).first()
+        if not application:
+            raise HTTPException(status_code=404, detail="Application not found")
+        return application
+    finally:
+        db.close()
+
+@router.post("/", response_model=ApplicationResponse)
+async def create_application(application: ApplicationCreate, user_id: int = 1):  # In real app, get from auth context
+    """Create a new job application"""
+    db = SessionLocal()
+    try:
+        # Verify user exists and has permission to apply
+        user = db.query(User).filter(User.id == user_id).first()
+        if not user or user.role != "job_seeker":
+            raise HTTPException(
+                status_code=status.HTTP_403_FORBIDDEN,
+                detail="Only job seekers can apply for jobs"
+            )
+        
+        # Verify job posting exists and is active
+        job_posting = db.query(JobPosting).filter(
+            JobPosting.id == application.job_posting_id,
+            JobPosting.is_active == True
+        ).first()
+        if not job_posting:
+            raise HTTPException(status_code=404, detail="Job posting not found or inactive")
+        
+        # Verify resume exists and belongs to user
+        resume = db.query(Resume).filter(
+            Resume.id == application.resume_id,
+            Resume.user_id == user_id
+        ).first()
+        if not resume:
+            raise HTTPException(status_code=404, detail="Resume not found")
+        
+        db_application = Application(
+            user_id=user_id,
+            job_posting_id=application.job_posting_id,
+            resume_id=application.resume_id,
+            cover_letter=application.cover_letter
+        )
+        db.add(db_application)
+        db.commit()
+        db.refresh(db_application)
+        return db_application
+    finally:
+        db.close()
+
+@router.put("/{application_id}", response_model=ApplicationResponse)
+async def update_application(application_id: int, app_update: ApplicationUpdate):
+    """Update an application"""
+    db = SessionLocal()
+    try:
+        db_application = db.query(Application).filter(Application.id == application_id).first()
+        if not db_application:
+            raise HTTPException(status_code=404, detail="Application not found")
+        
+        # Update fields if provided
+        if app_update.status is not None:
+            db_application.status = app_update.status.value
+        if app_update.cover_letter is not None:
+            db_application.cover_letter = app_update.cover_letter
+        
+        db.commit()
+        db.refresh(db_application)
+        return db_application
+    finally:
+        db.close()
+
+@router.delete("/{application_id}")
+async def delete_application(application_id: int):
+    """Delete an application"""
+    db = SessionLocal()
+    try:
+        db_application = db.query(Application).filter(Application.id == application_id).first()
+        if not db_application:
+            raise HTTPException(status_code=404, detail="Application not found")
+        
+        db.delete(db_application)
+        db.commit()
+        return {"message": "Application deleted successfully"}
+    finally:
+        db.close()

qwen/python/merchants_of_hope/api/v1/auth.py

@@ -0,0 +1,73 @@
+"""
+Authentication API routes
+"""
+from fastapi import APIRouter, Depends, HTTPException, status
+from fastapi.security import HTTPBearer
+from datetime import datetime, timedelta
+from typing import Optional
+import jwt
+from pydantic import BaseModel
+from sqlalchemy.orm import Session
+
+from ..config.settings import settings
+from ..database import SessionLocal
+from ..models import User
+
+router = APIRouter()
+security = HTTPBearer()
+
+# Pydantic models for auth
+class Token(BaseModel):
+    access_token: str
+    token_type: str
+
+class TokenData(BaseModel):
+    username: Optional[str] = None
+    tenant_id: Optional[str] = None
+
+class UserLogin(BaseModel):
+    username: str
+    password: str
+
+def create_access_token(data: dict, expires_delta: Optional[timedelta] = None):
+    to_encode = data.copy()
+    if expires_delta:
+        expire = datetime.utcnow() + expires_delta
+    else:
+        expire = datetime.utcnow() + timedelta(minutes=15)
+    to_encode.update({"exp": expire})
+    encoded_jwt = jwt.encode(to_encode, settings.SECRET_KEY, algorithm=settings.ALGORITHM)
+    return encoded_jwt
+
+@router.post("/token", response_model=Token)
+async def login_for_access_token(form_data: UserLogin, db: Session = Depends(SessionLocal)):
+    # This is a simplified version - in a real app, you'd hash passwords
+    user = db.query(User).filter(User.username == form_data.username).first()
+    if not user or user.hashed_password != form_data.password:  # Simplified check
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="Incorrect username or password",
+            headers={"WWW-Authenticate": "Bearer"},
+        )
+    if not user.is_active:
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="Inactive user",
+            headers={"WWW-Authenticate": "Bearer"},
+        )
+    
+    access_token_expires = timedelta(minutes=settings.ACCESS_TOKEN_EXPIRE_MINUTES)
+    access_token = create_access_token(
+        data={"sub": user.username, "tenant_id": user.tenant_id},
+        expires_delta=access_token_expires
+    )
+    return {"access_token": access_token, "token_type": "bearer"}
+
+@router.get("/oidc-config")
+async def get_oidc_config():
+    """Get OIDC configuration"""
+    return {
+        "issuer": settings.OIDC_ISSUER,
+        "client_id": settings.OIDC_CLIENT_ID,
+        "redirect_uri": settings.OIDC_REDIRECT_URI
+    }

qwen/python/merchants_of_hope/api/v1/jobs.py

@@ -0,0 +1,121 @@
+"""
+Jobs API routes
+"""
+from fastapi import APIRouter, Depends, HTTPException, status
+from typing import List
+from pydantic import BaseModel
+from sqlalchemy.orm import Session
+
+from ..database import SessionLocal
+from ..models import JobPosting, User
+from ..config.settings import settings
+
+router = APIRouter()
+
+# Pydantic models for jobs
+class JobCreate(BaseModel):
+    title: str
+    description: str
+    requirements: str
+    location: str = None
+    salary_min: int = None
+    salary_max: int = None
+    is_remote: bool = False
+
+class JobUpdate(BaseModel):
+    title: str = None
+    description: str = None
+    requirements: str = None
+    location: str = None
+    salary_min: int = None
+    salary_max: int = None
+    is_active: bool = None
+    is_remote: bool = None
+
+class JobResponse(BaseModel):
+    id: int
+    title: str
+    description: str
+    requirements: str
+    location: str
+    salary_min: int
+    salary_max: int
+    is_active: bool
+    is_remote: bool
+    tenant_id: int
+    created_by_user_id: int
+
+    class Config:
+        from_attributes = True
+
+@router.get("/", response_model=List[JobResponse])
+async def get_jobs(skip: int = 0, limit: int = 100, is_active: bool = True, db: Session = Depends(SessionLocal)):
+    """Get all jobs"""
+    query = db.query(JobPosting)
+    if is_active is not None:
+        query = query.filter(JobPosting.is_active == is_active)
+    jobs = query.offset(skip).limit(limit).all()
+    return jobs
+
+@router.get("/{job_id}", response_model=JobResponse)
+async def get_job(job_id: int, db: Session = Depends(SessionLocal)):
+    """Get a specific job"""
+    job = db.query(JobPosting).filter(JobPosting.id == job_id).first()
+    if not job:
+        raise HTTPException(status_code=404, detail="Job not found")
+    if not job.is_active:
+        raise HTTPException(status_code=404, detail="Job not found")
+    return job
+
+@router.post("/", response_model=JobResponse)
+async def create_job(job: JobCreate, db: Session = Depends(SessionLocal), user_id: int = 1):  # In real app, get from auth context
+    """Create a new job posting"""
+    # Verify user exists and has permission to create job postings
+    user = db.query(User).filter(User.id == user_id).first()
+    if not user or user.role not in ["job_provider", "admin"]:
+        raise HTTPException(
+            status_code=status.HTTP_403_FORBIDDEN,
+            detail="Not authorized to create job postings"
+        )
+    
+    db_job = JobPosting(
+        title=job.title,
+        description=job.description,
+        requirements=job.requirements,
+        location=job.location,
+        salary_min=job.salary_min,
+        salary_max=job.salary_max,
+        is_remote=job.is_remote,
+        tenant_id=user.tenant_id,  # Use user's tenant
+        created_by_user_id=user_id
+    )
+    db.add(db_job)
+    db.commit()
+    db.refresh(db_job)
+    return db_job
+
+@router.put("/{job_id}", response_model=JobResponse)
+async def update_job(job_id: int, job_update: JobUpdate, db: Session = Depends(SessionLocal)):
+    """Update a job posting"""
+    db_job = db.query(JobPosting).filter(JobPosting.id == job_id).first()
+    if not db_job:
+        raise HTTPException(status_code=404, detail="Job not found")
+    
+    # Update fields if provided
+    for field, value in job_update.model_dump(exclude_unset=True).items():
+        setattr(db_job, field, value)
+    
+    db.commit()
+    db.refresh(db_job)
+    return db_job
+
+@router.delete("/{job_id}")
+async def delete_job(job_id: int, db: Session = Depends(SessionLocal)):
+    """Delete a job posting (soft delete by setting is_active to False)"""
+    db_job = db.query(JobPosting).filter(JobPosting.id == job_id).first()
+    if not db_job:
+        raise HTTPException(status_code=404, detail="Job not found")
+    
+    db_job.is_active = False
+    db.commit()
+    return {"message": "Job deactivated successfully"}

qwen/python/merchants_of_hope/api/v1/router.py

@@ -0,0 +1,18 @@
+"""
+API v1 router
+"""
+from fastapi import APIRouter
+from .auth import router as auth_router
+from .tenants import router as tenants_router
+from .users import router as users_router
+from .jobs import router as jobs_router
+from .applications import router as applications_router
+
+api_router = APIRouter()
+
+# Include all API routes
+api_router.include_router(auth_router, prefix="/auth", tags=["Authentication"])
+api_router.include_router(tenants_router, prefix="/tenants", tags=["Tenants"])
+api_router.include_router(users_router, prefix="/users", tags=["Users"])
+api_router.include_router(jobs_router, prefix="/jobs", tags=["Jobs"])
+api_router.include_router(applications_router, prefix="/applications", tags=["Applications"])

qwen/python/merchants_of_hope/api/v1/tenants.py

@@ -0,0 +1,53 @@
+"""
+Tenants API routes
+"""
+from fastapi import APIRouter, Depends, HTTPException, status
+from typing import List
+from pydantic import BaseModel
+from sqlalchemy.orm import Session
+
+from ..database import SessionLocal
+from ..models import Tenant
+from ..config.settings import settings
+
+router = APIRouter()
+
+# Pydantic models for tenants
+class TenantCreate(BaseModel):
+    name: str
+    subdomain: str
+
+class TenantResponse(BaseModel):
+    id: int
+    name: str
+    subdomain: str
+    is_active: bool
+
+    class Config:
+        from_attributes = True
+
+@router.get("/", response_model=List[TenantResponse])
+async def get_tenants(skip: int = 0, limit: int = 100, db: Session = Depends(SessionLocal)):
+    """Get all tenants"""
+    tenants = db.query(Tenant).offset(skip).limit(limit).all()
+    return tenants
+
+@router.get("/{tenant_id}", response_model=TenantResponse)
+async def get_tenant(tenant_id: int, db: Session = Depends(SessionLocal)):
+    """Get a specific tenant"""
+    tenant = db.query(Tenant).filter(Tenant.id == tenant_id).first()
+    if not tenant:
+        raise HTTPException(status_code=404, detail="Tenant not found")
+    return tenant
+
+@router.post("/", response_model=TenantResponse)
+async def create_tenant(tenant: TenantCreate, db: Session = Depends(SessionLocal)):
+    """Create a new tenant"""
+    if not settings.MULTI_TENANT_ENABLED:
+        raise HTTPException(status_code=400, detail="Multi-tenant is not enabled")
+    
+    db_tenant = Tenant(**tenant.model_dump())
+    db.add(db_tenant)
+    db.commit()
+    db.refresh(db_tenant)
+    return db_tenant

qwen/python/merchants_of_hope/api/v1/users.py

@@ -0,0 +1,111 @@
+"""
+Users API routes
+"""
+from fastapi import APIRouter, Depends, HTTPException, status
+from typing import List
+from pydantic import BaseModel
+import hashlib
+from sqlalchemy.orm import Session
+
+from ..database import SessionLocal
+from ..models import User, UserRole
+from ..config.settings import settings
+
+router = APIRouter()
+
+# Pydantic models for users
+class UserCreate(BaseModel):
+    email: str
+    username: str
+    password: str
+    role: UserRole
+
+class UserUpdate(BaseModel):
+    email: str = None
+    username: str = None
+    is_active: bool = None
+
+class UserResponse(BaseModel):
+    id: int
+    email: str
+    username: str
+    role: str
+    is_active: bool
+    is_verified: bool
+    tenant_id: int
+
+    class Config:
+        from_attributes = True
+
+def hash_password(password: str) -> str:
+    """Hash password using SHA256 (in production, use bcrypt)"""
+    return hashlib.sha256(password.encode()).hexdigest()
+
+@router.get("/", response_model=List[UserResponse])
+async def get_users(skip: int = 0, limit: int = 100, db: Session = Depends(SessionLocal)):
+    """Get all users"""
+    users = db.query(User).offset(skip).limit(limit).all()
+    return users
+
+@router.get("/{user_id}", response_model=UserResponse)
+async def get_user(user_id: int, db: Session = Depends(SessionLocal)):
+    """Get a specific user"""
+    user = db.query(User).filter(User.id == user_id).first()
+    if not user:
+        raise HTTPException(status_code=404, detail="User not found")
+    return user
+
+@router.post("/", response_model=UserResponse)
+async def create_user(user: UserCreate, db: Session = Depends(SessionLocal)):
+    """Create a new user"""
+    # Check if user already exists
+    existing_user = db.query(User).filter(
+        (User.email == user.email) | (User.username == user.username)
+    ).first()
+    
+    if existing_user:
+        raise HTTPException(status_code=400, detail="Email or username already registered")
+    
+    # Create new user
+    hashed_pwd = hash_password(user.password)
+    db_user = User(
+        email=user.email,
+        username=user.username,
+        hashed_password=hashed_pwd,
+        role=user.role.value,
+        tenant_id=1  # Default tenant, in real app would come from context
+    )
+    db.add(db_user)
+    db.commit()
+    db.refresh(db_user)
+    return db_user
+
+@router.put("/{user_id}", response_model=UserResponse)
+async def update_user(user_id: int, user_update: UserUpdate, db: Session = Depends(SessionLocal)):
+    """Update a user"""
+    db_user = db.query(User).filter(User.id == user_id).first()
+    if not db_user:
+        raise HTTPException(status_code=404, detail="User not found")
+    
+    # Update fields if provided
+    if user_update.email is not None:
+        db_user.email = user_update.email
+    if user_update.username is not None:
+        db_user.username = user_update.username
+    if user_update.is_active is not None:
+        db_user.is_active = user_update.is_active
+    
+    db.commit()
+    db.refresh(db_user)
+    return db_user
+
+@router.delete("/{user_id}")
+async def delete_user(user_id: int, db: Session = Depends(SessionLocal)):
+    """Delete a user"""
+    db_user = db.query(User).filter(User.id == user_id).first()
+    if not db_user:
+        raise HTTPException(status_code=404, detail="User not found")
+    
+    db.delete(db_user)
+    db.commit()
+    return {"message": "User deleted successfully"}

qwen/python/merchants_of_hope/config/settings.py

@@ -0,0 +1,42 @@
+"""
+Application settings and configuration
+"""
+import os
+from typing import Optional
+
+class Settings:
+    """Application settings class"""
+    
+    # Application settings
+    APP_NAME: str = "MerchantsOfHope"
+    APP_VERSION: str = "1.0.0"
+    DEBUG: bool = os.getenv("DEBUG", "False").lower() == "true"
+    
+    # Database settings
+    DATABASE_URL: str = os.getenv("DATABASE_URL", "sqlite:///./merchants_of_hope.db")
+    
+    # Multi-tenant settings
+    MULTI_TENANT_ENABLED: bool = True
+    TENANT_ID_HEADER: str = "X-Tenant-ID"
+    
+    # Authentication settings
+    SECRET_KEY: str = os.getenv("SECRET_KEY", "dev-secret-key-change-in-production")
+    ALGORITHM: str = "HS256"
+    ACCESS_TOKEN_EXPIRE_MINUTES: int = 30
+    
+    # OIDC settings
+    OIDC_ISSUER: Optional[str] = os.getenv("OIDC_ISSUER")
+    OIDC_CLIENT_ID: Optional[str] = os.getenv("OIDC_CLIENT_ID")
+    OIDC_CLIENT_SECRET: Optional[str] = os.getenv("OIDC_CLIENT_SECRET")
+    OIDC_REDIRECT_URI: Optional[str] = os.getenv("OIDC_REDIRECT_URI")
+    
+    # Security settings
+    ALLOWED_HOSTS: list = ["*"]  # Should be configured properly in production
+    
+    # Compliance settings
+    PCI_ENABLED: bool = True
+    GDPR_ENABLED: bool = True
+    SOC_ENABLED: bool = True
+    FEDRAMP_ENABLED: bool = True
+
+settings = Settings()

qwen/python/merchants_of_hope/database.py

@@ -0,0 +1,23 @@
+"""
+Database initialization and session management
+"""
+from sqlalchemy import create_engine
+from sqlalchemy.ext.declarative import declarative_base
+from sqlalchemy.orm import sessionmaker
+from .config.settings import settings
+
+# Create database engine
+engine = create_engine(
+    settings.DATABASE_URL,
+    connect_args={"check_same_thread": False} if settings.DATABASE_URL.startswith("sqlite") else {}
+)
+
+# Create session factory
+SessionLocal = sessionmaker(autocommit=False, autoflush=False, bind=engine)
+
+# Base class for models
+Base = declarative_base()
+
+def init_db():
+    """Initialize the database with all tables"""
+    Base.metadata.create_all(bind=engine)

qwen/python/merchants_of_hope/main.py

@@ -0,0 +1,78 @@
+"""
+Main FastAPI application
+"""
+from fastapi import FastAPI, Depends, HTTPException, status
+from fastapi.middleware.cors import CORSMiddleware
+from fastapi.security import HTTPBearer
+from contextlib import asynccontextmanager
+import logging
+
+from .config.settings import settings
+from .database import init_db, SessionLocal
+from .api.v1.router import api_router
+from .middleware.tenant import TenantMiddleware
+
+# Set up logging
+logging.basicConfig(level=logging.INFO)
+logger = logging.getLogger(__name__)
+
+@asynccontextmanager
+async def lifespan(app: FastAPI):
+    """Application lifespan events"""
+    # Startup
+    logger.info("Initializing database...")
+    init_db()
+    logger.info("Database initialized successfully")
+    
+    yield
+    
+    # Shutdown
+    logger.info("Application shutting down...")
+
+# Create FastAPI app
+app = FastAPI(
+    title=settings.APP_NAME,
+    version=settings.APP_VERSION,
+    description="MerchantsOfHope - Recruiting Platform for TSYS Group",
+    lifespan=lifespan
+)
+
+# Add middleware
+app.add_middleware(
+    CORSMiddleware,
+    allow_origins=settings.ALLOWED_HOSTS,
+    allow_credentials=True,
+    allow_methods=["*"],
+    allow_headers=["*"],
+)
+
+# Add tenant middleware for multi-tenancy
+app.add_middleware(TenantMiddleware)
+
+# Add authentication scheme
+security = HTTPBearer()
+
+# Include API routers
+app.include_router(api_router, prefix="/api/v1")
+
+@app.get("/")
+async def root():
+    """Root endpoint"""
+    return {
+        "message": f"Welcome to {settings.APP_NAME} v{settings.APP_VERSION}",
+        "tenant_support": settings.MULTI_TENANT_ENABLED
+    }
+
+def get_db():
+    """Database session dependency"""
+    db = SessionLocal()
+    try:
+        yield db
+    finally:
+        db.close()
+
+
+@app.get("/health")
+async def health_check():
+    """Health check endpoint"""
+    return {"status": "healthy", "version": settings.APP_VERSION}

qwen/python/merchants_of_hope/middleware/tenant.py

@@ -0,0 +1,40 @@
+"""
+Tenant middleware for handling multi-tenant requests
+"""
+import uuid
+from typing import Optional
+from fastapi import Request, HTTPException, status
+from starlette.middleware.base import BaseHTTPMiddleware
+from .config.settings import settings
+from .models import Tenant
+
+class TenantMiddleware(BaseHTTPMiddleware):
+    async def dispatch(self, request: Request, call_next):
+        # Get tenant ID from header or subdomain
+        tenant_id = request.headers.get(settings.TENANT_ID_HEADER)
+        
+        if not tenant_id:
+            # Try to extract tenant from subdomain
+            host = request.headers.get("host", "")
+            tenant_id = self.extract_tenant_from_host(host)
+        
+        if not tenant_id and settings.MULTI_TENANT_ENABLED:
+            raise HTTPException(
+                status_code=status.HTTP_400_BAD_REQUEST,
+                detail="Tenant ID is required"
+            )
+        
+        # Attach tenant info to request
+        request.state.tenant_id = tenant_id
+        
+        response = await call_next(request)
+        return response
+
+    def extract_tenant_from_host(self, host: str) -> Optional[str]:
+        """
+        Extract tenant from host (subdomain.tenant.com)
+        """
+        # For now, return a default tenant or None
+        # In a real implementation, you would parse the subdomain
+        # and look up the corresponding tenant in the database
+        return "default"

qwen/python/merchants_of_hope/models/__init__.py

@@ -0,0 +1,123 @@
+"""
+Database models for the application
+"""
+from sqlalchemy import Column, Integer, String, DateTime, Boolean, Text, ForeignKey
+from sqlalchemy.ext.declarative import declarative_base
+from sqlalchemy.orm import relationship
+from sqlalchemy.sql import func
+import enum
+
+Base = declarative_base()
+
+class Tenant(Base):
+    """Tenant model for multi-tenant support"""
+    __tablename__ = "tenants"
+    
+    id = Column(Integer, primary_key=True, index=True)
+    name = Column(String(255), unique=True, index=True, nullable=False)
+    subdomain = Column(String(255), unique=True, index=True, nullable=False)
+    is_active = Column(Boolean, default=True)
+    created_at = Column(DateTime(timezone=True), server_default=func.now())
+    updated_at = Column(DateTime(timezone=True), onupdate=func.now())
+    
+    # Relationships
+    users = relationship("User", back_populates="tenant")
+    job_postings = relationship("JobPosting", back_populates="tenant")
+
+
+class UserRole(enum.Enum):
+    """User roles in the system"""
+    JOB_SEEKER = "job_seeker"
+    JOB_PROVIDER = "job_provider"
+    ADMIN = "admin"
+    MODERATOR = "moderator"
+
+
+class User(Base):
+    """User model"""
+    __tablename__ = "users"
+    
+    id = Column(Integer, primary_key=True, index=True)
+    email = Column(String(255), unique=True, index=True, nullable=False)
+    username = Column(String(255), unique=True, index=True, nullable=False)
+    hashed_password = Column(String(255), nullable=False)
+    role = Column(String(50), nullable=False)  # job_seeker, job_provider, admin, moderator
+    is_active = Column(Boolean, default=True)
+    is_verified = Column(Boolean, default=False)
+    tenant_id = Column(Integer, ForeignKey("tenants.id"), nullable=False)
+    created_at = Column(DateTime(timezone=True), server_default=func.now())
+    updated_at = Column(DateTime(timezone=True), onupdate=func.now())
+    
+    # Relationships
+    tenant = relationship("Tenant", back_populates="users")
+    resumes = relationship("Resume", back_populates="user")
+    applications = relationship("Application", back_populates="user")
+    job_postings = relationship("JobPosting", back_populates="created_by_user")
+
+
+class Resume(Base):
+    """Resume model for job seekers"""
+    __tablename__ = "resumes"
+    
+    id = Column(Integer, primary_key=True, index=True)
+    user_id = Column(Integer, ForeignKey("users.id"), nullable=False)
+    title = Column(String(255), nullable=False)
+    content = Column(Text, nullable=False)  # JSON or structured text
+    is_active = Column(Boolean, default=True)
+    created_at = Column(DateTime(timezone=True), server_default=func.now())
+    updated_at = Column(DateTime(timezone=True), onupdate=func.now())
+    
+    # Relationships
+    user = relationship("User", back_populates="resumes")
+
+
+class JobPosting(Base):
+    """Job posting model for job providers"""
+    __tablename__ = "job_postings"
+    
+    id = Column(Integer, primary_key=True, index=True)
+    tenant_id = Column(Integer, ForeignKey("tenants.id"), nullable=False)
+    created_by_user_id = Column(Integer, ForeignKey("users.id"), nullable=False)
+    title = Column(String(255), nullable=False)
+    description = Column(Text, nullable=False)
+    requirements = Column(Text, nullable=False)
+    location = Column(String(255))
+    salary_min = Column(Integer)  # in cents
+    salary_max = Column(Integer)  # in cents
+    is_active = Column(Boolean, default=True)
+    is_remote = Column(Boolean, default=False)
+    created_at = Column(DateTime(timezone=True), server_default=func.now())
+    updated_at = Column(DateTime(timezone=True), onupdate=func.now())
+    
+    # Relationships
+    tenant = relationship("Tenant", back_populates="job_postings")
+    created_by_user = relationship("User", back_populates="job_postings")
+    applications = relationship("Application", back_populates="job_posting")
+
+
+class ApplicationStatus(enum.Enum):
+    """Status of job applications"""
+    SUBMITTED = "submitted"
+    REVIEWED = "reviewed"
+    INTERVIEW = "interview"
+    OFFER = "offer"
+    REJECTED = "rejected"
+
+
+class Application(Base):
+    """Job application model"""
+    __tablename__ = "applications"
+    
+    id = Column(Integer, primary_key=True, index=True)
+    user_id = Column(Integer, ForeignKey("users.id"), nullable=False)
+    job_posting_id = Column(Integer, ForeignKey("job_postings.id"), nullable=False)
+    resume_id = Column(Integer, ForeignKey("resumes.id"), nullable=False)
+    cover_letter = Column(Text)
+    status = Column(String(50), default=ApplicationStatus.SUBMITTED.value)
+    created_at = Column(DateTime(timezone=True), server_default=func.now())
+    updated_at = Column(DateTime(timezone=True), onupdate=func.now())
+    
+    # Relationships
+    user = relationship("User", back_populates="applications")
+    job_posting = relationship("JobPosting", back_populates="applications")
+    resume = relationship("Resume", back_populates="application")

qwen/python/merchants_of_hope/tests/conftest.py

@@ -0,0 +1,59 @@
+"""
+Test configuration and fixtures
+"""
+import pytest
+from fastapi.testclient import TestClient
+from sqlalchemy import create_engine
+from sqlalchemy.orm import sessionmaker
+from sqlalchemy.pool import StaticPool
+
+from merchants_of_hope.main import app
+from merchants_of_hope.database import Base, get_db
+from merchants_of_hope.models import User, Tenant
+
+
+# Create test database
+SQLALCHEMY_DATABASE_URL = "sqlite:///./test.db"
+
+engine = create_engine(
+    SQLALCHEMY_DATABASE_URL,
+    connect_args={"check_same_thread": False},
+    poolclass=StaticPool,
+)
+TestingSessionLocal = sessionmaker(autocommit=False, autoflush=False, bind=engine)
+
+
+@pytest.fixture(scope="module")
+def test_db():
+    """Create test database"""
+    Base.metadata.create_all(bind=engine)
+    yield engine
+    Base.metadata.drop_all(bind=engine)
+
+
+@pytest.fixture(scope="function")
+def db_session(test_db):
+    """Create test database session"""
+    connection = test_db.connect()
+    transaction = connection.begin()
+    session = TestingSessionLocal(bind=connection)
+    
+    yield session
+    
+    session.close()
+    transaction.rollback()
+    connection.close()
+
+
+@pytest.fixture(scope="module")
+def client(db_session):
+    """Create test client"""
+    def override_get_db():
+        try:
+            yield db_session
+        finally:
+            pass
+    
+    app.dependency_overrides[get_db] = override_get_db
+    with TestClient(app) as test_client:
+        yield test_client

qwen/python/merchants_of_hope/tests/test_api.py

@@ -0,0 +1,22 @@
+"""
+Tests for API endpoints
+"""
+import pytest
+from fastapi.testclient import TestClient
+
+def test_root_endpoint(client):
+    """Test root endpoint"""
+    response = client.get("/")
+    assert response.status_code == 200
+    data = response.json()
+    assert "message" in data
+    assert "Welcome to MerchantsOfHope" in data["message"]
+
+
+def test_health_endpoint(client):
+    """Test health check endpoint"""
+    response = client.get("/health")
+    assert response.status_code == 200
+    data = response.json()
+    assert data["status"] == "healthy"
+    assert "version" in data

qwen/python/merchants_of_hope/tests/test_tenants.py

@@ -0,0 +1,38 @@
+"""
+Tests for tenant functionality
+"""
+import pytest
+from fastapi.testclient import TestClient
+from merchants_of_hope.models import Tenant
+
+
+def test_create_tenant(client, db_session):
+    """Test creating a tenant"""
+    tenant_data = {
+        "name": "Test Tenant",
+        "subdomain": "test"
+    }
+    response = client.post("/api/v1/tenants/", json=tenant_data)
+    assert response.status_code == 200
+    data = response.json()
+    assert data["name"] == tenant_data["name"]
+    assert data["subdomain"] == tenant_data["subdomain"]
+    assert data["is_active"] is True
+
+
+def test_get_tenant(client, db_session):
+    """Test getting a tenant"""
+    # First create a tenant
+    tenant_data = {
+        "name": "Test Tenant 2",
+        "subdomain": "test2"
+    }
+    create_response = client.post("/api/v1/tenants/", json=tenant_data)
+    assert create_response.status_code == 200
+    created_tenant = create_response.json()
+    
+    # Then get the tenant
+    response = client.get(f"/api/v1/tenants/{created_tenant['id']}")
+    assert response.status_code == 200
+    data = response.json()
+    assert data["name"] == tenant_data["name"]

qwen/python/merchants_of_hope/tests/test_users.py

@@ -0,0 +1,42 @@
+"""
+Tests for user functionality
+"""
+import pytest
+from fastapi.testclient import TestClient
+from merchants_of_hope.models import User, UserRole
+
+
+def test_create_user(client, db_session):
+    """Test creating a user"""
+    user_data = {
+        "email": "test@example.com",
+        "username": "testuser",
+        "password": "testpassword",
+        "role": "job_seeker"
+    }
+    response = client.post("/api/v1/users/", json=user_data)
+    assert response.status_code == 200
+    data = response.json()
+    assert data["email"] == user_data["email"]
+    assert data["username"] == user_data["username"]
+    assert data["role"] == user_data["role"]
+
+
+def test_get_user(client, db_session):
+    """Test getting a user"""
+    # First create a user
+    user_data = {
+        "email": "test2@example.com",
+        "username": "testuser2",
+        "password": "testpassword",
+        "role": "job_provider"
+    }
+    create_response = client.post("/api/v1/users/", json=user_data)
+    assert create_response.status_code == 200
+    created_user = create_response.json()
+    
+    # Then get the user
+    response = client.get(f"/api/v1/users/{created_user['id']}")
+    assert response.status_code == 200
+    data = response.json()
+    assert data["email"] == user_data["email"]