[Feature] Server pagination implementation (#243)

## Major Changes - Implement a REST style API app in epapi - Currently implements a GET method for all entity types in the browse menu (both package level and global) - Provides paginated results per default with query style filtering for reviewed vs unreviewed. - Provides new paginated templates with thin wrappers per entity types for easier maintainability - Implements e2e tests for the API ## Minor changes - Added more comprehensive gitignore to cover coverage reports and other test/node.js etc. data. - Add additional CI file for API tests that only gets triggered on API relevant changes. ## ⚠️ Currently only works with session-based authentication. Token based will be added in new PR. Co-authored-by: Tim Lorsbach <tim@lorsba.ch> Co-authored-by: jebus <lorsbach@envipath.com> Reviewed-on: enviPath/enviPy#243 Co-authored-by: Tobias O <tobias.olenyi@envipath.com> Co-committed-by: Tobias O <tobias.olenyi@envipath.com>
2025-12-15 11:34:53 +13:00
parent d2d475b990
commit 8adb93012a
59 changed files with 3101 additions and 620 deletions
--- a/.gitea/actions/setup-envipy/action.yaml
+++ b/.gitea/actions/setup-envipy/action.yaml
@ -0,0 +1,94 @@
+name: 'Setup enviPy Environment'
+description: 'Shared setup for enviPy CI - installs dependencies and prepares environment'
+
+inputs:
+  skip-frontend:
+    description: 'Skip frontend build steps (pnpm, tailwind)'
+    required: false
+    default: 'false'
+  skip-playwright:
+    description: 'Skip Playwright installation'
+    required: false
+    default: 'false'
+  ssh-private-key:
+    description: 'SSH private key for git access'
+    required: true
+  run-migrations:
+    description: 'Run Django migrations after setup'
+    required: false
+    default: 'true'
+
+runs:
+  using: "composite"
+  steps:
+    - name: Install system tools via apt
+      shell: bash
+      run: |
+        sudo apt-get update
+        sudo apt-get install -y postgresql-client openjdk-11-jre-headless
+
+    - name: Setup ssh
+      shell: bash
+      run: |
+        mkdir -p ~/.ssh
+        echo "${{ inputs.ssh-private-key }}" > ~/.ssh/id_ed25519
+        chmod 600 ~/.ssh/id_ed25519
+        ssh-keyscan git.envipath.com >> ~/.ssh/known_hosts
+        eval $(ssh-agent -s)
+        ssh-add ~/.ssh/id_ed25519
+
+    - name: Install pnpm
+      uses: pnpm/action-setup@v4
+      with:
+        version: 10
+
+    - name: Use Node.js
+      uses: actions/setup-node@v4
+      with:
+        node-version: 20
+        cache: "pnpm"
+
+    - name: Install uv
+      uses: astral-sh/setup-uv@v6
+      with:
+        enable-cache: true
+
+    - name: Setup Python venv
+      shell: bash
+      run: |
+        uv sync --locked --all-extras --dev
+
+    - name: Install Playwright
+      if: inputs.skip-playwright == 'false'
+      shell: bash
+      run: |
+        source .venv/bin/activate
+        playwright install --with-deps
+
+    - name: Build Frontend
+      if: inputs.skip-frontend == 'false'
+      shell: bash
+      run: |
+        uv run python scripts/pnpm_wrapper.py install
+        cat << 'EOF' > pnpm-workspace.yaml
+        onlyBuiltDependencies:
+          - '@parcel/watcher'
+          - '@tailwindcss/oxide'
+        EOF
+        uv run python scripts/pnpm_wrapper.py run build
+
+    - name: Wait for Postgres
+      shell: bash
+      run: |
+        until pg_isready -h postgres -U ${{ env.POSTGRES_USER }}; do
+          echo "Waiting for postgres..."
+          sleep 2
+        done
+        echo "Postgres is ready!"
+
+    - name: Run Django Migrations
+      if: inputs.run-migrations == 'true'
+      shell: bash
+      run: |
+        source .venv/bin/activate
+        python manage.py migrate --noinput
--- a/.gitea/workflows/api-ci.yaml
+++ b/.gitea/workflows/api-ci.yaml
@ -0,0 +1,86 @@
+name: API CI
+
+on:
+  pull_request:
+    branches:
+      - develop
+    paths:
+      - 'epapi/**'
+      - 'epdb/models.py'  # API depends on models
+      - 'epdb/logic.py'   # API depends on business logic
+      - 'tests/fixtures/**'  # API tests use fixtures
+  workflow_dispatch:
+
+jobs:
+  api-tests:
+    if: ${{ !contains(gitea.event.pull_request.title, 'WIP') }}
+    runs-on: ubuntu-latest
+
+    services:
+      postgres:
+        image: postgres:16
+        env:
+          POSTGRES_USER: ${{ vars.POSTGRES_USER }}
+          POSTGRES_PASSWORD: ${{ secrets.POSTGRES_PASSWORD }}
+          POSTGRES_DB: ${{ vars.POSTGRES_DB }}
+        ports:
+          - ${{ vars.POSTGRES_PORT}}:5432
+        options: >-
+          --health-cmd="pg_isready -U postgres"
+          --health-interval=10s
+          --health-timeout=5s
+          --health-retries=5
+
+    env:
+      RUNNER_TOOL_CACHE: /toolcache
+      EP_DATA_DIR: /opt/enviPy/
+      ALLOWED_HOSTS: 127.0.0.1,localhost
+      DEBUG: True
+      LOG_LEVEL: INFO
+      MODEL_BUILDING_ENABLED: True
+      APPLICABILITY_DOMAIN_ENABLED: True
+      ENVIFORMER_PRESENT: True
+      ENVIFORMER_DEVICE: cpu
+      FLAG_CELERY_PRESENT: False
+      PLUGINS_ENABLED: True
+      SERVER_URL: http://localhost:8000
+      ADMIN_APPROVAL_REQUIRED: True
+      REGISTRATION_MANDATORY: True
+      LOG_DIR: ''
+      # DB
+      POSTGRES_SERVICE_NAME: postgres
+      POSTGRES_DB: ${{ vars.POSTGRES_DB }}
+      POSTGRES_USER: ${{ vars.POSTGRES_USER }}
+      POSTGRES_PASSWORD: ${{ secrets.POSTGRES_PASSWORD }}
+      POSTGRES_PORT: 5432
+      # SENTRY
+      SENTRY_ENABLED: False
+      # MS ENTRA
+      MS_ENTRA_ENABLED: False
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      # Use shared setup action - skips frontend builds for API-only tests
+      - name: Setup enviPy Environment
+        uses: ./.gitea/actions/setup-envipy
+        with:
+          skip-frontend: 'true'
+          skip-playwright: 'true'
+          ssh-private-key: ${{ secrets.ENVIPY_CI_PRIVATE_KEY }}
+          run-migrations: 'true'
+
+      - name: Run API tests
+        run: |
+          source .venv/bin/activate
+          python manage.py test epapi -v 2
+
+      - name: Test API endpoints availability
+        run: |
+          source .venv/bin/activate
+          python manage.py runserver 0.0.0.0:8000 &
+          SERVER_PID=$!
+          sleep 5
+          curl -f http://localhost:8000/api/v1/docs || echo "API docs not available"
+          kill $SERVER_PID
--- a/.gitea/workflows/ci.yaml
+++ b/.gitea/workflows/ci.yaml
@ -64,64 +64,17 @@ jobs:
      MS_ENTRA_ENABLED: False

    steps:
-
      - name: Checkout repository
        uses: actions/checkout@v4

-      - name: Install system tools via apt
-        run: |
-          sudo apt-get update
-          sudo apt-get install -y postgresql-client redis-tools openjdk-11-jre-headless
-
-      - name: Setup ssh
-        run: |
-          echo "${{ secrets.ENVIPY_CI_PRIVATE_KEY }}" > ~/.ssh/id_ed25519
-          chmod 600 ~/.ssh/id_ed25519
-          ssh-keyscan git.envipath.com >> ~/.ssh/known_hosts
-          eval $(ssh-agent -s)
-          ssh-add ~/.ssh/id_ed25519
-
-      - name: Install pnpm
-        uses: pnpm/action-setup@v4
+      # Use shared setup action - includes all dependencies and migrations
+      - name: Setup enviPy Environment
+        uses: ./.gitea/actions/setup-envipy
        with:
-          version: 10
-
-      - name: Use Node.js
-        uses: actions/setup-node@v4
-        with:
-          node-version: 20
-          cache: "pnpm"
-
-      - name: Install uv
-        uses: astral-sh/setup-uv@v6
-        with:
-          enable-cache: true
-
-      - name: Setup venv
-        run: |
-          uv sync --locked --all-extras --dev
-          source .venv/bin/activate
-          playwright install --with-deps
-
-      - name: Run PNPM Commands
-        run: |
-          uv run python scripts/pnpm_wrapper.py install
-          cat << 'EOF' > pnpm-workspace.yaml
-          onlyBuiltDependencies:
-            - '@parcel/watcher'
-            - '@tailwindcss/oxide'
-          EOF
-          uv run python scripts/pnpm_wrapper.py run build
-
-      - name: Wait for services
-        run: |
-          until pg_isready -h postgres -U postgres; do sleep 2; done
-          # until redis-cli -h redis ping; do sleep 2; done
-
-      - name: Run Django Migrations
-        run: |
-          source .venv/bin/activate
-          python manage.py migrate --noinput
+          skip-frontend: 'false'
+          skip-playwright: 'false'
+          ssh-private-key: ${{ secrets.ENVIPY_CI_PRIVATE_KEY }}
+          run-migrations: 'true'

      - name: Run frontend tests
        run: |
--- a/.gitignore
+++ b/.gitignore
@ -1,20 +1,375 @@
-*.pyc
+
+
+
+### Python ###
+
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.py[codz]
+*$py.class
+
+# C extensions
+*.so
+
+# Distribution / packaging
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+share/python-wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+MANIFEST
+
+# PyInstaller
+#   Usually these files are written by a python script from a template
+#   before PyInstaller builds the exe, so as to inject date/other infos into it.
+*.manifest
+*.spec
+
+# Installer logs
+pip-log.txt
+pip-delete-this-directory.txt
+
+# Unit test / coverage reports
+htmlcov/
+.tox/
+.nox/
+.coverage
+.coverage.*
+.cache
+nosetests.xml
+coverage.xml
+*.cover
+*.py.cover
+.hypothesis/
+.pytest_cache/
+cover/
+
+# Translations
+*.mo
+*.pot
+
+# Django stuff:
+*.log
+local_settings.py
 db.sqlite3
-.idea/
+db.sqlite3-journal
 static/admin/
 static/django_extensions/
+
+# Flask stuff:
+instance/
+.webassets-cache
+
+# Scrapy stuff:
+.scrapy
+
+# Sphinx documentation
+docs/_build/
+
+# PyBuilder
+.pybuilder/
+target/
+
+# Jupyter Notebook
+.ipynb_checkpoints
+
+# IPython
+profile_default/
+ipython_config.py
+
+
+# pdm
+#   Similar to Pipfile.lock, it is generally recommended to include pdm.lock in version control.
+#   pdm recommends including project-wide configuration in pdm.toml, but excluding .pdm-python.
+#   https://pdm-project.org/en/latest/usage/project/#working-with-version-control
+# pdm.lock
+# pdm.toml
+.pdm-python
+.pdm-build/
+
+# pixi
+#   Similar to Pipfile.lock, it is generally recommended to include pixi.lock in version control.
+# pixi.lock
+#   Pixi creates a virtual environment in the .pixi directory, just like venv module creates one
+#   in the .venv directory. It is recommended not to include this directory in version control.
+.pixi
+
+# PEP 582; used by e.g. github.com/David-OConnor/pyflow and github.com/pdm-project/pdm
+__pypackages__/
+
+# Celery stuff
+celerybeat-schedule
+celerybeat.pid
+
+# Redis
+*.rdb
+*.aof
+*.pid
+
+# RabbitMQ
+mnesia/
+rabbitmq/
+rabbitmq-data/
+
+# ActiveMQ
+activemq-data/
+
+# SageMath parsed files
+*.sage.py
+
+# Environments
 .env
+.envrc
+.venv
+env/
+venv/
+ENV/
+env.bak/
+venv.bak/
+
+# Spyder project settings
+.spyderproject
+.spyproject
+
+# Rope project settings
+.ropeproject
+
+# mkdocs documentation
+/site
+
+# mypy
+.mypy_cache/
+.dmypy.json
+dmypy.json
+
+# Pyre type checker
+.pyre/
+
+# pytype static type analyzer
+.pytype/
+
+# Cython debug symbols
+cython_debug/
+
+# PyCharm
+#   JetBrains specific template is maintained in a separate JetBrains.gitignore that can
+#   be found at https://github.com/github/gitignore/blob/main/Global/JetBrains.gitignore
+#   and can be added to the global gitignore or merged into this file.  For a more nuclear
+#   option (not recommended) you can uncomment the following to ignore the entire idea folder.
+.idea/
+
+# Abstra
+#   Abstra is an AI-powered process automation framework.
+#   Ignore directories containing user credentials, local state, and settings.
+#   Learn more at https://abstra.io/docs
+.abstra/
+
+# Visual Studio Code
+#   Visual Studio Code specific template is maintained in a separate VisualStudioCode.gitignore
+#   that can be found at https://github.com/github/gitignore/blob/main/Global/VisualStudioCode.gitignore
+#   and can be added to the global gitignore or merged into this file. However, if you prefer,
+#   you could uncomment the following to ignore the entire vscode folder
+.vscode/
+*.code-workspace
+
+# Ruff stuff:
+.ruff_cache/
+
+# UV cache
+.uv-cache/
+
+# PyPI configuration file
+.pypirc
+
+# Marimo
+marimo/_static/
+marimo/_lsp/
+__marimo__/
+
+# Streamlit
+.streamlit/secrets.toml
+
+### Agents ###
+.claude/
+.codex/
+.cursor/
+.github/prompts/
+.junie/
+.windsurf/
+
+AGENTS.md
+CLAUDE.md
+GEMINI.md
+.aider.*
+
+### Node.js ###
+
+# Logs
+logs
+*.log
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+lerna-debug.log*
+
+# Diagnostic reports (https://nodejs.org/api/report.html)
+report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json
+
+# Runtime data
+pids
+*.pid
+*.seed
+*.pid.lock
+
+# Directory for instrumented libs generated by jscoverage/JSCover
+lib-cov
+
+# Coverage directory used by tools like istanbul
+coverage
+*.lcov
+
+# nyc test coverage
+.nyc_output
+
+# Grunt intermediate storage (https://gruntjs.com/creating-plugins#storing-task-files)
+.grunt
+
+# Bower dependency directory (https://bower.io/)
+bower_components
+
+# node-waf configuration
+.lock-wscript
+
+# Compiled binary addons (https://nodejs.org/api/addons.html)
+build/Release
+
+# Dependency directories
+node_modules/
+jspm_packages/
+
+# Snowpack dependency directory (https://snowpack.dev/)
+web_modules/
+
+# TypeScript cache
+*.tsbuildinfo
+
+# Optional npm cache directory
+.npm
+
+# Optional eslint cache
+.eslintcache
+
+# Optional stylelint cache
+.stylelintcache
+
+# Optional REPL history
+.node_repl_history
+
+# Output of 'npm pack'
+*.tgz
+
+# Yarn Integrity file
+.yarn-integrity
+
+# dotenv environment variable files
+.env
+.env.*
+!.env.example
+
+# parcel-bundler cache (https://parceljs.org/)
+.cache
+.parcel-cache
+
+# Next.js build output
+.next
+out
+
+# Nuxt.js build / generate output
+.nuxt
+dist
+.output
+
+# Gatsby files
+.cache/
+# Comment in the public line in if your project uses Gatsby and not Next.js
+# https://nextjs.org/blog/next-9-1#public-directory-support
+# public
+
+# vuepress build output
+.vuepress/dist
+
+# vuepress v2.x temp and cache directory
+.temp
+.cache
+
+# Sveltekit cache directory
+.svelte-kit/
+
+# vitepress build output
+**/.vitepress/dist
+
+# vitepress cache directory
+**/.vitepress/cache
+
+# Docusaurus cache and generated files
+.docusaurus
+
+# Serverless directories
+.serverless/
+
+# FuseBox cache
+.fusebox/
+
+# DynamoDB Local files
+.dynamodb/
+
+# Firebase cache directory
+.firebase/
+
+# TernJS port file
+.tern-port
+
+# Stores VSCode versions used for testing VSCode extensions
+.vscode-test
+
+# yarn v3
+.pnp.*
+.yarn/*
+!.yarn/patches
+!.yarn/plugins
+!.yarn/releases
+!.yarn/sdks
+!.yarn/versions
+
+# Vite files
+vite.config.js.timestamp-*
+vite.config.ts.timestamp-*
+.vite/
+
+### Custom ###
+
 debug.log
 scratches/
 test-results/
-
 data/
+*.arff

-.DS_Store
-
-node_modules/
+# Auto generated
 static/css/output.css

-*.code-workspace
-.vscode/
-/pnpm-workspace.yaml
+# macOS system files
+.DS_Store
+.Trashes
+._*
--- a/envipath/api.py
+++ b/envipath/api.py
@ -1,4 +1,4 @@
-from epdb.api import router as epdb_app_router
+from epapi.v1.router import router as v1_router  # Refactored API from epdb.api_v2
 from epdb.legacy_api import router as epdb_legacy_app_router
 from ninja import NinjaAPI

@ -8,5 +8,5 @@ api_v1 = NinjaAPI(title="API V1 Docs", urls_namespace="api-v1")
 api_legacy = NinjaAPI(title="Legacy API Docs", urls_namespace="api-legacy")

 # Add routers
-api_v1.add_router("/", epdb_app_router)
+api_v1.add_router("/", v1_router)
 api_legacy.add_router("/", epdb_legacy_app_router)
--- a/envipath/settings.py
+++ b/envipath/settings.py
@ -48,6 +48,7 @@ INSTALLED_APPS = [
    "django_extensions",
    "oauth2_provider",
    # Custom
+    "epapi",  # API endpoints (v1, etc.)
    "epdb",
    # "migration",
 ]
@ -198,6 +199,12 @@ if not os.path.exists(LOG_DIR):
    os.mkdir(LOG_DIR)

 PLUGIN_DIR = os.path.join(EP_DATA_DIR, "plugins")
+
+API_PAGINATION_DEFAULT_PAGE_SIZE = int(os.environ.get("API_PAGINATION_DEFAULT_PAGE_SIZE", 50))
+PAGINATION_MAX_PER_PAGE_SIZE = int(
+    os.environ.get("API_PAGINATION_MAX_PAGE_SIZE", 100)
+)  # Ninja override
+
 if not os.path.exists(PLUGIN_DIR):
    os.mkdir(PLUGIN_DIR)

@ -355,6 +362,7 @@ FLAGS = {
 # -> /password_reset/done is covered as well
 LOGIN_EXEMPT_URLS = [
    "/register",
+    "/api/v1/",  # Let API handle its own authentication
    "/api/legacy/",
    "/o/token/",
    "/o/userinfo/",
--- a/epapi/init.py
+++ b/epapi/init.py
--- a/epapi/apps.py
+++ b/epapi/apps.py
@ -0,0 +1,6 @@
+from django.apps import AppConfig
+
+
+class EpapiConfig(AppConfig):
+    default_auto_field = "django.db.models.BigAutoField"
+    name = "epapi"
--- a/epapi/migrations/init.py
+++ b/epapi/migrations/init.py
--- a/epapi/tests/init.py
+++ b/epapi/tests/init.py
@ -0,0 +1 @@
+# Tests for epapi app
--- a/epapi/tests/v1/init.py
+++ b/epapi/tests/v1/init.py
@ -0,0 +1 @@
+# Tests for epapi v1 API
--- a/epapi/tests/v1/test_api_permissions.py
+++ b/epapi/tests/v1/test_api_permissions.py
@ -0,0 +1,532 @@
+from django.test import TestCase, tag
+
+from epdb.logic import GroupManager, PackageManager, UserManager
+from epdb.models import (
+    Compound,
+    GroupPackagePermission,
+    Permission,
+    UserPackagePermission,
+)
+
+
+@tag("api", "end2end")
+class APIPermissionTestBase(TestCase):
+    """
+    Base class for API permission tests.
+
+    Sets up common test data:
+    - user1: Owner of packages
+    - user2: User with various permissions
+    - user3: User with no permissions
+    - reviewed_package: Public package (reviewed=True)
+    - unreviewed_package_owned: Unreviewed package owned by user1
+    - unreviewed_package_read: Unreviewed package with READ permission for user2
+    - unreviewed_package_write: Unreviewed package with WRITE permission for user2
+    - unreviewed_package_all: Unreviewed package with ALL permission for user2
+    - unreviewed_package_no_access: Unreviewed package with no permissions for user2/user3
+    - group_package: Unreviewed package accessible via group permission
+    - test_group: Group containing user2
+    """
+
+    @classmethod
+    def setUpTestData(cls):
+        # Create users
+        cls.user1 = UserManager.create_user(
+            "permission-user1",
+            "permission-user1@envipath.com",
+            "SuperSafe",
+            set_setting=False,
+            add_to_group=False,
+            is_active=True,
+        )
+        cls.user2 = UserManager.create_user(
+            "permission-user2",
+            "permission-user2@envipath.com",
+            "SuperSafe",
+            set_setting=False,
+            add_to_group=False,
+            is_active=True,
+        )
+        cls.user3 = UserManager.create_user(
+            "permission-user3",
+            "permission-user3@envipath.com",
+            "SuperSafe",
+            set_setting=False,
+            add_to_group=False,
+            is_active=True,
+        )
+
+        # Delete default packages to ensure clean test data
+        for user in [cls.user1, cls.user2, cls.user3]:
+            default_pkg = user.default_package
+            user.default_package = None
+            user.save()
+            if default_pkg:
+                default_pkg.delete()
+
+        # Create reviewed package (public)
+        cls.reviewed_package = PackageManager.create_package(
+            cls.user1, "Reviewed Package", "Public package"
+        )
+        cls.reviewed_package.reviewed = True
+        cls.reviewed_package.save()
+
+        # Create unreviewed packages with various permissions
+        cls.unreviewed_package_owned = PackageManager.create_package(
+            cls.user1, "User1 Owned Package", "Owned by user1"
+        )
+
+        cls.unreviewed_package_read = PackageManager.create_package(
+            cls.user1, "User2 Read Package", "User2 has READ permission"
+        )
+        UserPackagePermission.objects.create(
+            user=cls.user2, package=cls.unreviewed_package_read, permission=Permission.READ[0]
+        )
+
+        cls.unreviewed_package_write = PackageManager.create_package(
+            cls.user1, "User2 Write Package", "User2 has WRITE permission"
+        )
+        UserPackagePermission.objects.create(
+            user=cls.user2, package=cls.unreviewed_package_write, permission=Permission.WRITE[0]
+        )
+
+        cls.unreviewed_package_all = PackageManager.create_package(
+            cls.user1, "User2 All Package", "User2 has ALL permission"
+        )
+        UserPackagePermission.objects.create(
+            user=cls.user2, package=cls.unreviewed_package_all, permission=Permission.ALL[0]
+        )
+
+        cls.unreviewed_package_no_access = PackageManager.create_package(
+            cls.user1, "No Access Package", "No permissions for user2/user3"
+        )
+
+        # Create group and group package
+        cls.test_group = GroupManager.create_group(
+            cls.user1, "Test Group", "Group for permission testing"
+        )
+        cls.test_group.user_member.add(cls.user2)
+        cls.test_group.save()
+
+        cls.group_package = PackageManager.create_package(
+            cls.user1, "Group Package", "Accessible via group permission"
+        )
+        GroupPackagePermission.objects.create(
+            group=cls.test_group, package=cls.group_package, permission=Permission.READ[0]
+        )
+
+        # Create test compounds in each package
+        cls.reviewed_compound = Compound.create(
+            cls.reviewed_package, "C", "Reviewed Compound", "Test compound"
+        )
+        cls.owned_compound = Compound.create(
+            cls.unreviewed_package_owned, "CC", "Owned Compound", "Test compound"
+        )
+        cls.read_compound = Compound.create(
+            cls.unreviewed_package_read, "CCC", "Read Compound", "Test compound"
+        )
+        cls.write_compound = Compound.create(
+            cls.unreviewed_package_write, "CCCC", "Write Compound", "Test compound"
+        )
+        cls.all_compound = Compound.create(
+            cls.unreviewed_package_all, "CCCCC", "All Compound", "Test compound"
+        )
+        cls.no_access_compound = Compound.create(
+            cls.unreviewed_package_no_access, "CCCCCC", "No Access Compound", "Test compound"
+        )
+        cls.group_compound = Compound.create(
+            cls.group_package, "CCCCCCC", "Group Compound", "Test compound"
+        )
+
+
+@tag("api", "end2end")
+class PackageListPermissionTest(APIPermissionTestBase):
+    """
+    Test permissions for /api/v1/packages/ endpoint.
+
+    Special case: This endpoint allows anonymous access (auth=None)
+    """
+
+    ENDPOINT = "/api/v1/packages/"
+
+    def test_anonymous_user_sees_only_reviewed_packages(self):
+        """Anonymous users should only see reviewed packages."""
+        self.client.logout()
+        response = self.client.get(self.ENDPOINT)
+
+        self.assertEqual(response.status_code, 200)
+        payload = response.json()
+
+        # Should only see reviewed package
+        self.assertEqual(payload["total_items"], 1)
+        self.assertEqual(payload["items"][0]["uuid"], str(self.reviewed_package.uuid))
+        self.assertEqual(payload["items"][0]["review_status"], "reviewed")
+
+    def test_authenticated_user_sees_all_readable_packages(self):
+        """Authenticated users see reviewed + packages they have access to."""
+        self.client.force_login(self.user2)
+        response = self.client.get(self.ENDPOINT)
+
+        self.assertEqual(response.status_code, 200)
+        payload = response.json()
+
+        # user2 should see:
+        # - reviewed_package (public)
+        # - unreviewed_package_read (READ permission)
+        # - unreviewed_package_write (WRITE permission)
+        # - unreviewed_package_all (ALL permission)
+        # - group_package (via group membership)
+        # Total: 5 packages
+        self.assertEqual(payload["total_items"], 5)
+
+        visible_uuids = {item["uuid"] for item in payload["items"]}
+        expected_uuids = {
+            str(self.reviewed_package.uuid),
+            str(self.unreviewed_package_read.uuid),
+            str(self.unreviewed_package_write.uuid),
+            str(self.unreviewed_package_all.uuid),
+            str(self.group_package.uuid),
+        }
+        self.assertEqual(visible_uuids, expected_uuids)
+
+    def test_owner_sees_all_owned_packages(self):
+        """Package owner sees all packages they created."""
+        self.client.force_login(self.user1)
+        response = self.client.get(self.ENDPOINT)
+
+        self.assertEqual(response.status_code, 200)
+        payload = response.json()
+
+        # user1 owns all packages
+        # Total: 7 packages (all packages created in setUpTestData)
+        self.assertEqual(payload["total_items"], 7)
+
+    def test_filter_by_review_status_true(self):
+        """Filter to show only reviewed packages."""
+        self.client.force_login(self.user2)
+        response = self.client.get(self.ENDPOINT, {"review_status": True})
+
+        self.assertEqual(response.status_code, 200)
+        payload = response.json()
+
+        # Only reviewed_package
+        self.assertEqual(payload["total_items"], 1)
+        self.assertTrue(all(item["review_status"] == "reviewed" for item in payload["items"]))
+
+    def test_filter_by_review_status_false(self):
+        """Filter to show only unreviewed packages."""
+        self.client.force_login(self.user2)
+        response = self.client.get(self.ENDPOINT, {"review_status": False})
+
+        self.assertEqual(response.status_code, 200)
+        payload = response.json()
+
+        # user2's accessible unreviewed packages: 4
+        self.assertEqual(payload["total_items"], 4)
+        self.assertTrue(all(item["review_status"] == "unreviewed" for item in payload["items"]))
+
+    def test_anonymous_filter_unreviewed_returns_empty(self):
+        """Anonymous users get no results when filtering for unreviewed."""
+        self.client.logout()
+        response = self.client.get(self.ENDPOINT, {"review_status": False})
+
+        self.assertEqual(response.status_code, 200)
+        payload = response.json()
+
+        self.assertEqual(payload["total_items"], 0)
+
+
+@tag("api", "end2end")
+class GlobalCompoundListPermissionTest(APIPermissionTestBase):
+    """
+    Test permissions for /api/v1/compounds/ endpoint.
+
+    This endpoint requires authentication.
+    """
+
+    ENDPOINT = "/api/v1/compounds/"
+
+    def test_anonymous_user_cannot_access(self):
+        """Anonymous users should get 401 Unauthorized."""
+        self.client.logout()
+        response = self.client.get(self.ENDPOINT)
+
+        self.assertEqual(response.status_code, 401)
+
+    def test_authenticated_user_sees_compounds_from_readable_packages(self):
+        """Authenticated users see compounds from packages they can read."""
+        self.client.force_login(self.user2)
+        response = self.client.get(self.ENDPOINT)
+
+        self.assertEqual(response.status_code, 200)
+        payload = response.json()
+
+        # user2 should see compounds from:
+        # - reviewed_package (public)
+        # - unreviewed_package_read (READ permission)
+        # - unreviewed_package_write (WRITE permission)
+        # - unreviewed_package_all (ALL permission)
+        # - group_package (via group membership)
+        # Total: 5 compounds
+        self.assertEqual(payload["total_items"], 5)
+
+        visible_uuids = {item["uuid"] for item in payload["items"]}
+        expected_uuids = {
+            str(self.reviewed_compound.uuid),
+            str(self.read_compound.uuid),
+            str(self.write_compound.uuid),
+            str(self.all_compound.uuid),
+            str(self.group_compound.uuid),
+        }
+        self.assertEqual(visible_uuids, expected_uuids)
+
+    def test_user_without_permission_cannot_see_compound(self):
+        """User without permission to package cannot see its compounds."""
+        self.client.force_login(self.user3)
+        response = self.client.get(self.ENDPOINT)
+
+        self.assertEqual(response.status_code, 200)
+        payload = response.json()
+
+        # user3 should only see compounds from reviewed_package
+        self.assertEqual(payload["total_items"], 1)
+        self.assertEqual(payload["items"][0]["uuid"], str(self.reviewed_compound.uuid))
+
+    def test_owner_sees_all_compounds(self):
+        """Package owner sees all compounds they created."""
+        self.client.force_login(self.user1)
+        response = self.client.get(self.ENDPOINT)
+
+        self.assertEqual(response.status_code, 200)
+        payload = response.json()
+
+        # user1 owns all packages, so sees all compounds
+        self.assertEqual(payload["total_items"], 7)
+
+    def test_read_permission_allows_viewing(self):
+        """READ permission allows viewing compounds."""
+        self.client.force_login(self.user2)
+        response = self.client.get(self.ENDPOINT)
+
+        self.assertEqual(response.status_code, 200)
+        payload = response.json()
+
+        # Check that read_compound is included
+        uuids = [item["uuid"] for item in payload["items"]]
+        self.assertIn(str(self.read_compound.uuid), uuids)
+
+    def test_write_permission_allows_viewing(self):
+        """WRITE permission also allows viewing compounds."""
+        self.client.force_login(self.user2)
+        response = self.client.get(self.ENDPOINT)
+
+        self.assertEqual(response.status_code, 200)
+        payload = response.json()
+
+        # Check that write_compound is included
+        uuids = [item["uuid"] for item in payload["items"]]
+        self.assertIn(str(self.write_compound.uuid), uuids)
+
+    def test_all_permission_allows_viewing(self):
+        """ALL permission allows viewing compounds."""
+        self.client.force_login(self.user2)
+        response = self.client.get(self.ENDPOINT)
+
+        self.assertEqual(response.status_code, 200)
+        payload = response.json()
+
+        # Check that all_compound is included
+        uuids = [item["uuid"] for item in payload["items"]]
+        self.assertIn(str(self.all_compound.uuid), uuids)
+
+    def test_group_permission_allows_viewing(self):
+        """Group membership grants access to group-permitted packages."""
+        self.client.force_login(self.user2)
+        response = self.client.get(self.ENDPOINT)
+
+        self.assertEqual(response.status_code, 200)
+        payload = response.json()
+
+        # Check that group_compound is included
+        uuids = [item["uuid"] for item in payload["items"]]
+        self.assertIn(str(self.group_compound.uuid), uuids)
+
+
+@tag("api", "end2end")
+class PackageScopedCompoundListPermissionTest(APIPermissionTestBase):
+    """
+    Test permissions for /api/v1/package/{uuid}/compound/ endpoint.
+
+    This endpoint requires authentication AND package access.
+    """
+
+    def test_anonymous_user_cannot_access_reviewed_package(self):
+        """Anonymous users should get 401 even for reviewed packages."""
+        self.client.logout()
+        endpoint = f"/api/v1/package/{self.reviewed_package.uuid}/compound/"
+        response = self.client.get(endpoint)
+
+        self.assertEqual(response.status_code, 401)
+
+    def test_authenticated_user_can_access_reviewed_package(self):
+        """Authenticated users can access reviewed packages."""
+        self.client.force_login(self.user3)
+        endpoint = f"/api/v1/package/{self.reviewed_package.uuid}/compound/"
+        response = self.client.get(endpoint)
+
+        self.assertEqual(response.status_code, 200)
+        payload = response.json()
+
+        self.assertEqual(payload["total_items"], 1)
+        self.assertEqual(payload["items"][0]["uuid"], str(self.reviewed_compound.uuid))
+
+    def test_user_can_access_package_with_read_permission(self):
+        """User with READ permission can access package-scoped endpoint."""
+        self.client.force_login(self.user2)
+        endpoint = f"/api/v1/package/{self.unreviewed_package_read.uuid}/compound/"
+        response = self.client.get(endpoint)
+
+        self.assertEqual(response.status_code, 200)
+        payload = response.json()
+
+        self.assertEqual(payload["total_items"], 1)
+        self.assertEqual(payload["items"][0]["uuid"], str(self.read_compound.uuid))
+
+    def test_user_can_access_package_with_write_permission(self):
+        """User with WRITE permission can access package-scoped endpoint."""
+        self.client.force_login(self.user2)
+        endpoint = f"/api/v1/package/{self.unreviewed_package_write.uuid}/compound/"
+        response = self.client.get(endpoint)
+
+        self.assertEqual(response.status_code, 200)
+        payload = response.json()
+
+        self.assertEqual(payload["total_items"], 1)
+        self.assertEqual(payload["items"][0]["uuid"], str(self.write_compound.uuid))
+
+    def test_user_can_access_package_with_all_permission(self):
+        """User with ALL permission can access package-scoped endpoint."""
+        self.client.force_login(self.user2)
+        endpoint = f"/api/v1/package/{self.unreviewed_package_all.uuid}/compound/"
+        response = self.client.get(endpoint)
+
+        self.assertEqual(response.status_code, 200)
+        payload = response.json()
+
+        self.assertEqual(payload["total_items"], 1)
+        self.assertEqual(payload["items"][0]["uuid"], str(self.all_compound.uuid))
+
+    def test_user_cannot_access_package_without_permission(self):
+        """User without permission gets 403 Forbidden."""
+        self.client.force_login(self.user2)
+        endpoint = f"/api/v1/package/{self.unreviewed_package_no_access.uuid}/compound/"
+        response = self.client.get(endpoint)
+
+        self.assertEqual(response.status_code, 403)
+
+    def test_nonexistent_package_returns_404(self):
+        """Request for non-existent package returns 404."""
+        self.client.force_login(self.user2)
+        fake_uuid = "00000000-0000-0000-0000-000000000000"
+        endpoint = f"/api/v1/package/{fake_uuid}/compound/"
+        response = self.client.get(endpoint)
+
+        self.assertEqual(response.status_code, 404)
+
+    def test_owner_can_access_owned_package(self):
+        """Package owner can access their package."""
+        self.client.force_login(self.user1)
+        endpoint = f"/api/v1/package/{self.unreviewed_package_owned.uuid}/compound/"
+        response = self.client.get(endpoint)
+
+        self.assertEqual(response.status_code, 200)
+        payload = response.json()
+
+        self.assertEqual(payload["total_items"], 1)
+        self.assertEqual(payload["items"][0]["uuid"], str(self.owned_compound.uuid))
+
+    def test_group_member_can_access_group_package(self):
+        """Group member can access package via group permission."""
+        self.client.force_login(self.user2)
+        endpoint = f"/api/v1/package/{self.group_package.uuid}/compound/"
+        response = self.client.get(endpoint)
+
+        self.assertEqual(response.status_code, 200)
+        payload = response.json()
+
+        self.assertEqual(payload["total_items"], 1)
+        self.assertEqual(payload["items"][0]["uuid"], str(self.group_compound.uuid))
+
+    def test_non_group_member_cannot_access_group_package(self):
+        """Non-group member cannot access package with only group permission."""
+        self.client.force_login(self.user3)
+        endpoint = f"/api/v1/package/{self.group_package.uuid}/compound/"
+        response = self.client.get(endpoint)
+
+        self.assertEqual(response.status_code, 403)
+
+
+@tag("api", "end2end")
+class MultiResourcePermissionTest(APIPermissionTestBase):
+    """
+    Test that permission system works consistently across all resource types.
+
+    Tests a sample of other endpoints to ensure permission logic is consistent.
+    """
+
+    def test_rules_endpoint_respects_permissions(self):
+        """Rules endpoint uses same permission logic."""
+        from epdb.models import SimpleAmbitRule
+
+        # Create rule in no-access package
+        rule = SimpleAmbitRule.create(
+            self.unreviewed_package_no_access, "Test Rule", "Test", "[C:1]>>[C:1]O"
+        )
+
+        self.client.force_login(self.user2)
+        response = self.client.get("/api/v1/rules/")
+
+        self.assertEqual(response.status_code, 200)
+        payload = response.json()
+
+        # user2 should not see the rule from no_access_package
+        rule_uuids = [item["uuid"] for item in payload["items"]]
+        self.assertNotIn(str(rule.uuid), rule_uuids)
+
+    def test_reactions_endpoint_respects_permissions(self):
+        """Reactions endpoint uses same permission logic."""
+        from epdb.models import Reaction
+
+        # Create reaction in no-access package
+        reaction = Reaction.create(
+            self.unreviewed_package_no_access, "Test Reaction", "Test", ["C"], ["CO"]
+        )
+
+        self.client.force_login(self.user2)
+        response = self.client.get("/api/v1/reactions/")
+
+        self.assertEqual(response.status_code, 200)
+        payload = response.json()
+
+        # user2 should not see the reaction from no_access_package
+        reaction_uuids = [item["uuid"] for item in payload["items"]]
+        self.assertNotIn(str(reaction.uuid), reaction_uuids)
+
+    def test_pathways_endpoint_respects_permissions(self):
+        """Pathways endpoint uses same permission logic."""
+        from epdb.models import Pathway
+
+        # Create pathway in no-access package
+        pathway = Pathway.objects.create(
+            package=self.unreviewed_package_no_access, name="Test Pathway", description="Test"
+        )
+
+        self.client.force_login(self.user2)
+        response = self.client.get("/api/v1/pathways/")
+
+        self.assertEqual(response.status_code, 200)
+        payload = response.json()
+
+        # user2 should not see the pathway from no_access_package
+        pathway_uuids = [item["uuid"] for item in payload["items"]]
+        self.assertNotIn(str(pathway.uuid), pathway_uuids)
--- a/epapi/tests/v1/test_contract_get_entities.py
+++ b/epapi/tests/v1/test_contract_get_entities.py
@ -0,0 +1,477 @@
+from django.test import TestCase, tag
+
+from epdb.logic import PackageManager, UserManager
+from epdb.models import Compound, Reaction, Pathway, EPModel, SimpleAmbitRule, Scenario
+
+
+class BaseTestAPIGetPaginated:
+    """
+    Mixin class for API pagination tests.
+
+    Subclasses must inherit from both this class and TestCase, e.g.:
+        class MyTest(BaseTestAPIGetPaginated, TestCase):
+            ...
+
+    Subclasses must define:
+    - resource_name: Singular name (e.g., "compound")
+    - resource_name_plural: Plural name (e.g., "compounds")
+    - global_endpoint: Global listing endpoint (e.g., "/api/v1/compounds/")
+    - package_endpoint_template: Template for package-scoped endpoint or None
+    - total_reviewed: Number of reviewed items to create
+    - total_unreviewed: Number of unreviewed items to create
+    - create_reviewed_resource(cls, package, idx): Factory method
+    - create_unreviewed_resource(cls, package, idx): Factory method
+    """
+
+    # Configuration to be overridden by subclasses
+    resource_name = None
+    resource_name_plural = None
+    global_endpoint = None
+    package_endpoint_template = None
+    total_reviewed = 50
+    total_unreviewed = 20
+    default_page_size = 50
+    max_page_size = 100
+
+    @classmethod
+    def setUpTestData(cls):
+        # Create test user
+        cls.user = UserManager.create_user(
+            f"{cls.resource_name}-user",
+            f"{cls.resource_name}-user@envipath.com",
+            "SuperSafe",
+            set_setting=False,
+            add_to_group=False,
+            is_active=True,
+        )
+
+        # Delete the auto-created default package to ensure clean test data
+        default_pkg = cls.user.default_package
+        cls.user.default_package = None
+        cls.user.save()
+        default_pkg.delete()
+
+        # Create reviewed package
+        cls.reviewed_package = PackageManager.create_package(
+            cls.user, "Reviewed Package", f"Reviewed package for {cls.resource_name} tests"
+        )
+        cls.reviewed_package.reviewed = True
+        cls.reviewed_package.save()
+
+        # Create unreviewed package
+        cls.unreviewed_package = PackageManager.create_package(
+            cls.user, "Draft Package", f"Unreviewed package for {cls.resource_name} tests"
+        )
+
+        # Create reviewed resources
+        for idx in range(cls.total_reviewed):
+            cls.create_reviewed_resource(cls.reviewed_package, idx)
+
+        # Create unreviewed resources
+        for idx in range(cls.total_unreviewed):
+            cls.create_unreviewed_resource(cls.unreviewed_package, idx)
+
+        # Set up package-scoped endpoints if applicable
+        if cls.package_endpoint_template:
+            cls.reviewed_package_endpoint = cls.package_endpoint_template.format(
+                uuid=cls.reviewed_package.uuid
+            )
+            cls.unreviewed_package_endpoint = cls.package_endpoint_template.format(
+                uuid=cls.unreviewed_package.uuid
+            )
+
+    @classmethod
+    def create_reviewed_resource(cls, package, idx):
+        """
+        Create a single reviewed resource.
+        Must be implemented by subclass.
+
+        Args:
+            package: The package to create the resource in
+            idx: Index of the resource (0-based)
+        """
+        raise NotImplementedError(f"{cls.__name__} must implement create_reviewed_resource()")
+
+    @classmethod
+    def create_unreviewed_resource(cls, package, idx):
+        """
+        Create a single unreviewed resource.
+        Must be implemented by subclass.
+
+        Args:
+            package: The package to create the resource in
+            idx: Index of the resource (0-based)
+        """
+        raise NotImplementedError(f"{cls.__name__} must implement create_unreviewed_resource()")
+
+    def setUp(self):
+        self.client.force_login(self.user)
+
+    def test_requires_session_authentication(self):
+        """Test that the global endpoint requires authentication."""
+        self.client.logout()
+        response = self.client.get(self.global_endpoint)
+        self.assertEqual(response.status_code, 401)
+
+    def test_global_listing_uses_default_page_size(self):
+        """Test that the global endpoint uses default pagination settings."""
+        response = self.client.get(self.global_endpoint, {"review_status": True})
+        self.assertEqual(response.status_code, 200)
+
+        payload = response.json()
+        self.assertEqual(payload["page"], 1)
+        self.assertEqual(payload["page_size"], self.default_page_size)
+        self.assertEqual(payload["total_items"], self.total_reviewed)
+
+        # Verify only reviewed items are returned
+        self.assertTrue(all(item["review_status"] == "reviewed" for item in payload["items"]))
+
+    def test_can_request_later_page(self):
+        """Test that pagination works for later pages."""
+        if self.total_reviewed <= self.default_page_size:
+            self.skipTest(
+                f"Not enough items to test pagination "
+                f"({self.total_reviewed} <= {self.default_page_size})"
+            )
+
+        response = self.client.get(self.global_endpoint, {"page": 2})
+        self.assertEqual(response.status_code, 200)
+
+        payload = response.json()
+        self.assertEqual(payload["page"], 2)
+
+        # Calculate expected items on page 2
+        expected_items = min(self.default_page_size, self.total_reviewed - self.default_page_size)
+        self.assertEqual(len(payload["items"]), expected_items)
+
+        # Verify only reviewed items are returned
+        self.assertTrue(all(item["review_status"] == "reviewed" for item in payload["items"]))
+
+    def test_page_size_is_capped(self):
+        """Test that page size is capped at the maximum."""
+        if self.total_reviewed <= self.max_page_size:
+            self.skipTest(
+                f"Not enough items to test page size cap "
+                f"({self.total_reviewed} <= {self.max_page_size})"
+            )
+
+        response = self.client.get(self.global_endpoint, {"page_size": 150})
+        self.assertEqual(response.status_code, 200)
+
+        payload = response.json()
+        self.assertEqual(payload["page_size"], self.max_page_size)
+        self.assertEqual(len(payload["items"]), self.max_page_size)
+
+    def test_package_endpoint_for_reviewed_package(self):
+        """Test the package-scoped endpoint for reviewed packages."""
+        if not self.package_endpoint_template:
+            self.skipTest("No package endpoint for this resource")
+
+        response = self.client.get(self.reviewed_package_endpoint)
+        self.assertEqual(response.status_code, 200)
+
+        payload = response.json()
+        self.assertEqual(payload["total_items"], self.total_reviewed)
+
+        # Verify only reviewed items are returned
+        self.assertTrue(all(item["review_status"] == "reviewed" for item in payload["items"]))
+
+    def test_package_endpoint_for_unreviewed_package(self):
+        """Test the package-scoped endpoint for unreviewed packages."""
+        if not self.package_endpoint_template:
+            self.skipTest("No package endpoint for this resource")
+
+        response = self.client.get(self.unreviewed_package_endpoint)
+        self.assertEqual(response.status_code, 200)
+
+        payload = response.json()
+        self.assertEqual(payload["total_items"], self.total_unreviewed)
+
+        # Verify only unreviewed items are returned
+        self.assertTrue(all(item["review_status"] == "unreviewed" for item in payload["items"]))
+
+
+@tag("api", "end2end")
+class PackagePaginationAPITest(TestCase):
+    ENDPOINT = "/api/v1/packages/"
+
+    @classmethod
+    def setUpTestData(cls):
+        cls.user = UserManager.create_user(
+            "package-user",
+            "package-user@envipath.com",
+            "SuperSafe",
+            set_setting=False,
+            add_to_group=False,
+            is_active=True,
+        )
+
+        # Delete the auto-created default package to ensure clean test data
+        default_pkg = cls.user.default_package
+        cls.user.default_package = None
+        cls.user.save()
+        default_pkg.delete()
+
+        # Create reviewed packages
+        cls.total_reviewed = 25
+        for idx in range(cls.total_reviewed):
+            package = PackageManager.create_package(
+                cls.user, f"Reviewed Package {idx:03d}", "Reviewed package for tests"
+            )
+            package.reviewed = True
+            package.save()
+
+        # Create unreviewed packages
+        cls.total_unreviewed = 15
+        for idx in range(cls.total_unreviewed):
+            PackageManager.create_package(
+                cls.user, f"Draft Package {idx:03d}", "Unreviewed package for tests"
+            )
+
+    def setUp(self):
+        self.client.force_login(self.user)
+
+    def test_anonymous_can_access_reviewed_packages(self):
+        self.client.logout()
+        response = self.client.get(self.ENDPOINT)
+        self.assertEqual(response.status_code, 200)
+
+        payload = response.json()
+        # Anonymous users can only see reviewed packages
+        self.assertEqual(payload["total_items"], self.total_reviewed)
+        self.assertTrue(all(item["review_status"] == "reviewed" for item in payload["items"]))
+
+    def test_listing_uses_default_page_size(self):
+        response = self.client.get(self.ENDPOINT)
+        self.assertEqual(response.status_code, 200)
+
+        payload = response.json()
+        self.assertEqual(payload["page"], 1)
+        self.assertEqual(payload["page_size"], 50)
+        self.assertEqual(payload["total_items"], self.total_reviewed + self.total_unreviewed)
+
+    def test_reviewed_filter_true(self):
+        response = self.client.get(self.ENDPOINT, {"review_status": True})
+        self.assertEqual(response.status_code, 200)
+
+        payload = response.json()
+        self.assertEqual(payload["total_items"], self.total_reviewed)
+        self.assertTrue(all(item["review_status"] == "reviewed" for item in payload["items"]))
+
+    def test_reviewed_filter_false(self):
+        response = self.client.get(self.ENDPOINT, {"review_status": False})
+        self.assertEqual(response.status_code, 200)
+
+        payload = response.json()
+        self.assertEqual(payload["total_items"], self.total_unreviewed)
+        self.assertTrue(all(item["review_status"] == "unreviewed" for item in payload["items"]))
+
+    def test_reviewed_filter_false_anonymous(self):
+        self.client.logout()
+        response = self.client.get(self.ENDPOINT, {"review_status": False})
+        self.assertEqual(response.status_code, 200)
+
+        payload = response.json()
+        # Anonymous users cannot access unreviewed packages
+        self.assertEqual(payload["total_items"], 0)
+
+
+@tag("api", "end2end")
+class CompoundPaginationAPITest(BaseTestAPIGetPaginated, TestCase):
+    """Compound pagination tests using base class."""
+
+    resource_name = "compound"
+    resource_name_plural = "compounds"
+    global_endpoint = "/api/v1/compounds/"
+    package_endpoint_template = "/api/v1/package/{uuid}/compound/"
+    total_reviewed = 125
+    total_unreviewed = 35
+
+    @classmethod
+    def create_reviewed_resource(cls, package, idx):
+        simple_smiles = ["C", "CC", "CCC", "CCCC", "CCCCC"]
+        smiles = simple_smiles[idx % len(simple_smiles)] + ("O" * (idx // len(simple_smiles)))
+        return Compound.create(
+            package,
+            smiles,
+            f"Reviewed Compound {idx:03d}",
+            "Compound for pagination tests",
+        )
+
+    @classmethod
+    def create_unreviewed_resource(cls, package, idx):
+        simple_smiles = ["C", "CC", "CCC", "CCCC", "CCCCC"]
+        smiles = simple_smiles[idx % len(simple_smiles)] + ("N" * (idx // len(simple_smiles)))
+        return Compound.create(
+            package,
+            smiles,
+            f"Draft Compound {idx:03d}",
+            "Compound for pagination tests",
+        )
+
+
+@tag("api", "end2end")
+class RulePaginationAPITest(BaseTestAPIGetPaginated, TestCase):
+    """Rule pagination tests using base class."""
+
+    resource_name = "rule"
+    resource_name_plural = "rules"
+    global_endpoint = "/api/v1/rules/"
+    package_endpoint_template = "/api/v1/package/{uuid}/rule/"
+    total_reviewed = 125
+    total_unreviewed = 35
+
+    @classmethod
+    def create_reviewed_resource(cls, package, idx):
+        # Create unique SMIRKS by combining chain length and functional group variations
+        # This ensures each idx gets a truly unique SMIRKS pattern
+        carbon_chain = "C" * (idx + 1)  # C, CC, CCC, ... (grows with idx)
+        smirks = f"[{carbon_chain}:1]>>[{carbon_chain}:1]O"
+        return SimpleAmbitRule.create(
+            package,
+            f"Reviewed Rule {idx:03d}",
+            f"Rule {idx} for pagination tests",
+            smirks,
+        )
+
+    @classmethod
+    def create_unreviewed_resource(cls, package, idx):
+        # Create unique SMIRKS by varying the carbon chain length
+        carbon_chain = "C" * (idx + 1)  # C, CC, CCC, ... (grows with idx)
+        smirks = f"[{carbon_chain}:1]>>[{carbon_chain}:1]N"
+        return SimpleAmbitRule.create(
+            package,
+            f"Draft Rule {idx:03d}",
+            f"Rule {idx} for pagination tests",
+            smirks,
+        )
+
+
+@tag("api", "end2end")
+class ReactionPaginationAPITest(BaseTestAPIGetPaginated, TestCase):
+    """Reaction pagination tests using base class."""
+
+    resource_name = "reaction"
+    resource_name_plural = "reactions"
+    global_endpoint = "/api/v1/reactions/"
+    package_endpoint_template = "/api/v1/package/{uuid}/reaction/"
+    total_reviewed = 125
+    total_unreviewed = 35
+
+    @classmethod
+    def create_reviewed_resource(cls, package, idx):
+        # Generate unique SMILES with growing chain lengths to avoid duplicates
+        # Each idx gets a unique chain length
+        educt_smiles = "C" * (idx + 1)  # C, CC, CCC, ... (grows with idx)
+        product_smiles = educt_smiles + "O"
+        return Reaction.create(
+            package=package,
+            name=f"Reviewed Reaction {idx:03d}",
+            description="Reaction for pagination tests",
+            educts=[educt_smiles],
+            products=[product_smiles],
+        )
+
+    @classmethod
+    def create_unreviewed_resource(cls, package, idx):
+        # Generate unique SMILES with growing chain lengths to avoid duplicates
+        # Each idx gets a unique chain length
+        educt_smiles = "C" * (idx + 1)  # C, CC, CCC, ... (grows with idx)
+        product_smiles = educt_smiles + "N"
+        return Reaction.create(
+            package=package,
+            name=f"Draft Reaction {idx:03d}",
+            description="Reaction for pagination tests",
+            educts=[educt_smiles],
+            products=[product_smiles],
+        )
+
+
+@tag("api", "end2end")
+class PathwayPaginationAPITest(BaseTestAPIGetPaginated, TestCase):
+    """Pathway pagination tests using base class."""
+
+    resource_name = "pathway"
+    resource_name_plural = "pathways"
+    global_endpoint = "/api/v1/pathways/"
+    package_endpoint_template = "/api/v1/package/{uuid}/pathway/"
+    total_reviewed = 125
+    total_unreviewed = 35
+
+    @classmethod
+    def create_reviewed_resource(cls, package, idx):
+        return Pathway.objects.create(
+            package=package,
+            name=f"Reviewed Pathway {idx:03d}",
+            description="Pathway for pagination tests",
+        )
+
+    @classmethod
+    def create_unreviewed_resource(cls, package, idx):
+        return Pathway.objects.create(
+            package=package,
+            name=f"Draft Pathway {idx:03d}",
+            description="Pathway for pagination tests",
+        )
+
+
+@tag("api", "end2end")
+class ModelPaginationAPITest(BaseTestAPIGetPaginated, TestCase):
+    """Model pagination tests using base class."""
+
+    resource_name = "model"
+    resource_name_plural = "models"
+    global_endpoint = "/api/v1/models/"
+    package_endpoint_template = "/api/v1/package/{uuid}/model/"
+    total_reviewed = 125
+    total_unreviewed = 35
+
+    @classmethod
+    def create_reviewed_resource(cls, package, idx):
+        return EPModel.objects.create(
+            package=package,
+            name=f"Reviewed Model {idx:03d}",
+            description="Model for pagination tests",
+        )
+
+    @classmethod
+    def create_unreviewed_resource(cls, package, idx):
+        return EPModel.objects.create(
+            package=package,
+            name=f"Draft Model {idx:03d}",
+            description="Model for pagination tests",
+        )
+
+
+@tag("api", "end2end")
+class ScenarioPaginationAPITest(BaseTestAPIGetPaginated, TestCase):
+    """Scenario pagination tests using base class."""
+
+    resource_name = "scenario"
+    resource_name_plural = "scenarios"
+    global_endpoint = "/api/v1/scenarios/"
+    package_endpoint_template = "/api/v1/package/{uuid}/scenario/"
+    total_reviewed = 125
+    total_unreviewed = 35
+
+    @classmethod
+    def create_reviewed_resource(cls, package, idx):
+        return Scenario.create(
+            package,
+            f"Reviewed Scenario {idx:03d}",
+            "Scenario for pagination tests",
+            "2025-01-01",
+            "lab",
+            [],
+        )
+
+    @classmethod
+    def create_unreviewed_resource(cls, package, idx):
+        return Scenario.create(
+            package,
+            f"Draft Scenario {idx:03d}",
+            "Scenario for pagination tests",
+            "2025-01-01",
+            "field",
+            [],
+        )
--- a/epapi/v1/init.py
+++ b/epapi/v1/init.py
--- a/epapi/v1/auth.py
+++ b/epapi/v1/auth.py
@ -0,0 +1,8 @@
+from ninja.security import HttpBearer
+from ninja.errors import HttpError
+
+
+class BearerTokenAuth(HttpBearer):
+    def authenticate(self, request, token):
+        # FIXME: placeholder; implement it in O(1) time
+        raise HttpError(401, "Invalid or expired token")
--- a/epapi/v1/dal.py
+++ b/epapi/v1/dal.py
@ -0,0 +1,95 @@
+from django.db.models import Model
+from epdb.logic import PackageManager
+from epdb.models import CompoundStructure, User, Package, Compound
+from uuid import UUID
+
+from .errors import EPAPINotFoundError, EPAPIPermissionDeniedError
+
+
+def get_compound_or_error(user, compound_uuid: UUID):
+    """
+    Get compound by UUID with permission check.
+    """
+    try:
+        compound = Compound.objects.get(uuid=compound_uuid)
+        package = compound.package
+    except Compound.DoesNotExist:
+        raise EPAPINotFoundError(f"Compound with UUID {compound_uuid} not found")
+
+    # FIXME: optimize package manager to exclusively work with UUIDs
+    if not user or user.is_anonymous or not PackageManager.readable(user, package):
+        raise EPAPIPermissionDeniedError("Insufficient permissions to access this compound.")
+
+    return compound
+
+
+def get_package_or_error(user, package_uuid: UUID):
+    """
+    Get package by UUID with permission check.
+    """
+
+    # FIXME: update package manager with custom exceptions to avoid manual checks here
+    try:
+        package = Package.objects.get(uuid=package_uuid)
+    except Package.DoesNotExist:
+        raise EPAPINotFoundError(f"Package with UUID {package_uuid} not found")
+
+    # FIXME: optimize package manager to exclusively work with UUIDs
+    if not user or user.is_anonymous or not PackageManager.readable(user, package):
+        raise EPAPIPermissionDeniedError("Insufficient permissions to access this package.")
+
+    return package
+
+
+def get_user_packages_qs(user: User | None):
+    """Get all packages readable by the user."""
+    if not user or user.is_anonymous:
+        return PackageManager.get_reviewed_packages()
+    return PackageManager.get_all_readable_packages(user, include_reviewed=True)
+
+
+def get_user_entities_qs(model_class: Model, user: User | None):
+    """Build queryset for reviewed package entities."""
+
+    if not user or user.is_anonymous:
+        return model_class.objects.filter(package__reviewed=True).select_related("package")
+
+    qs = model_class.objects.filter(
+        package__in=PackageManager.get_all_readable_packages(user, include_reviewed=True)
+    ).select_related("package")
+    return qs
+
+
+def get_package_scoped_entities_qs(
+    model_class: Model, package_uuid: UUID, user: User | None = None
+):
+    """Build queryset for specific package entities."""
+    package = get_package_or_error(user, package_uuid)
+    qs = model_class.objects.filter(package=package).select_related("package")
+    return qs
+
+
+def get_user_structures_qs(user: User | None):
+    """Build queryset for structures accessible to the user (via compound->package)."""
+
+    if not user or user.is_anonymous:
+        return CompoundStructure.objects.filter(compound__package__reviewed=True).select_related(
+            "compound__package"
+        )
+
+    qs = CompoundStructure.objects.filter(
+        compound__package__in=PackageManager.get_all_readable_packages(user, include_reviewed=True)
+    ).select_related("compound__package")
+    return qs
+
+
+def get_package_compound_scoped_structure_qs(
+    package_uuid: UUID, compound_uuid: UUID, user: User | None = None
+):
+    """Build queryset for specific package compound structures."""
+
+    get_package_or_error(user, package_uuid)
+    compound = get_compound_or_error(user, compound_uuid)
+
+    qs = CompoundStructure.objects.filter(compound=compound).select_related("compound__package")
+    return qs
--- a/epapi/v1/endpoints/init.py
+++ b/epapi/v1/endpoints/init.py
--- a/epapi/v1/endpoints/compounds.py
+++ b/epapi/v1/endpoints/compounds.py
@ -0,0 +1,41 @@
+from django.conf import settings as s
+from ninja import Router
+from ninja_extra.pagination import paginate
+from uuid import UUID
+
+from epdb.models import Compound
+from ..pagination import EnhancedPageNumberPagination
+from ..schemas import CompoundOutSchema, ReviewStatusFilter
+from ..dal import get_user_entities_qs, get_package_scoped_entities_qs
+
+router = Router()
+
+
+@router.get("/compounds/", response=EnhancedPageNumberPagination.Output[CompoundOutSchema])
+@paginate(
+    EnhancedPageNumberPagination,
+    page_size=s.API_PAGINATION_DEFAULT_PAGE_SIZE,
+    filter_schema=ReviewStatusFilter,
+)
+def list_all_compounds(request):
+    """
+    List all compounds from reviewed packages.
+    """
+    return get_user_entities_qs(Compound, request.user).order_by("name").all()
+
+
+@router.get(
+    "/package/{uuid:package_uuid}/compound/",
+    response=EnhancedPageNumberPagination.Output[CompoundOutSchema],
+)
+@paginate(
+    EnhancedPageNumberPagination,
+    page_size=s.API_PAGINATION_DEFAULT_PAGE_SIZE,
+    filter_schema=ReviewStatusFilter,
+)
+def list_package_compounds(request, package_uuid: UUID):
+    """
+    List all compounds for a specific package.
+    """
+    user = request.user
+    return get_package_scoped_entities_qs(Compound, package_uuid, user).order_by("name").all()
--- a/epapi/v1/endpoints/models.py
+++ b/epapi/v1/endpoints/models.py
@ -0,0 +1,41 @@
+from django.conf import settings as s
+from ninja import Router
+from ninja_extra.pagination import paginate
+from uuid import UUID
+
+from epdb.models import EPModel
+from ..pagination import EnhancedPageNumberPagination
+from ..schemas import ModelOutSchema, ReviewStatusFilter
+from ..dal import get_user_entities_qs, get_package_scoped_entities_qs
+
+router = Router()
+
+
+@router.get("/models/", response=EnhancedPageNumberPagination.Output[ModelOutSchema])
+@paginate(
+    EnhancedPageNumberPagination,
+    page_size=s.API_PAGINATION_DEFAULT_PAGE_SIZE,
+    filter_schema=ReviewStatusFilter,
+)
+def list_all_models(request):
+    """
+    List all models from reviewed packages.
+    """
+    return get_user_entities_qs(EPModel, request.user).order_by("name").all()
+
+
+@router.get(
+    "/package/{uuid:package_uuid}/model/",
+    response=EnhancedPageNumberPagination.Output[ModelOutSchema],
+)
+@paginate(
+    EnhancedPageNumberPagination,
+    page_size=s.API_PAGINATION_DEFAULT_PAGE_SIZE,
+    filter_schema=ReviewStatusFilter,
+)
+def list_package_models(request, package_uuid: UUID):
+    """
+    List all models for a specific package.
+    """
+    user = request.user
+    return get_package_scoped_entities_qs(EPModel, package_uuid, user).order_by("name").all()
--- a/epapi/v1/endpoints/packages.py
+++ b/epapi/v1/endpoints/packages.py
@ -0,0 +1,27 @@
+from django.conf import settings as s
+from ninja import Router
+from ninja_extra.pagination import paginate
+import logging
+
+from ..dal import get_user_packages_qs
+from ..pagination import EnhancedPageNumberPagination
+from ..schemas import PackageOutSchema, SelfReviewStatusFilter
+
+router = Router()
+logger = logging.getLogger(__name__)
+
+
+@router.get("/packages/", response=EnhancedPageNumberPagination.Output[PackageOutSchema], auth=None)
+@paginate(
+    EnhancedPageNumberPagination,
+    page_size=s.API_PAGINATION_DEFAULT_PAGE_SIZE,
+    filter_schema=SelfReviewStatusFilter,
+)
+def list_all_packages(request):
+    """
+    List packages accessible to the user.
+
+    """
+    user = request.user
+    qs = get_user_packages_qs(user)
+    return qs.order_by("name").all()
--- a/epapi/v1/endpoints/pathways.py
+++ b/epapi/v1/endpoints/pathways.py
@ -0,0 +1,42 @@
+from django.conf import settings as s
+from ninja import Router
+from ninja_extra.pagination import paginate
+from uuid import UUID
+
+from epdb.models import Pathway
+from ..pagination import EnhancedPageNumberPagination
+from ..schemas import PathwayOutSchema, ReviewStatusFilter
+from ..dal import get_user_entities_qs, get_package_scoped_entities_qs
+
+router = Router()
+
+
+@router.get("/pathways/", response=EnhancedPageNumberPagination.Output[PathwayOutSchema])
+@paginate(
+    EnhancedPageNumberPagination,
+    page_size=s.API_PAGINATION_DEFAULT_PAGE_SIZE,
+    filter_schema=ReviewStatusFilter,
+)
+def list_all_pathways(request):
+    """
+    List all pathways from reviewed packages.
+    """
+    user = request.user
+    return get_user_entities_qs(Pathway, user).order_by("name").all()
+
+
+@router.get(
+    "/package/{uuid:package_uuid}/pathway/",
+    response=EnhancedPageNumberPagination.Output[PathwayOutSchema],
+)
+@paginate(
+    EnhancedPageNumberPagination,
+    page_size=s.API_PAGINATION_DEFAULT_PAGE_SIZE,
+    filter_schema=ReviewStatusFilter,
+)
+def list_package_pathways(request, package_uuid: UUID):
+    """
+    List all pathways for a specific package.
+    """
+    user = request.user
+    return get_package_scoped_entities_qs(Pathway, package_uuid, user).order_by("name").all()
--- a/epapi/v1/endpoints/reactions.py
+++ b/epapi/v1/endpoints/reactions.py
@ -0,0 +1,42 @@
+from django.conf import settings as s
+from ninja import Router
+from ninja_extra.pagination import paginate
+from uuid import UUID
+
+from epdb.models import Reaction
+from ..pagination import EnhancedPageNumberPagination
+from ..schemas import ReactionOutSchema, ReviewStatusFilter
+from ..dal import get_user_entities_qs, get_package_scoped_entities_qs
+
+router = Router()
+
+
+@router.get("/reactions/", response=EnhancedPageNumberPagination.Output[ReactionOutSchema])
+@paginate(
+    EnhancedPageNumberPagination,
+    page_size=s.API_PAGINATION_DEFAULT_PAGE_SIZE,
+    filter_schema=ReviewStatusFilter,
+)
+def list_all_reactions(request):
+    """
+    List all reactions from reviewed packages.
+    """
+    user = request.user
+    return get_user_entities_qs(Reaction, user).order_by("name").all()
+
+
+@router.get(
+    "/package/{uuid:package_uuid}/reaction/",
+    response=EnhancedPageNumberPagination.Output[ReactionOutSchema],
+)
+@paginate(
+    EnhancedPageNumberPagination,
+    page_size=s.API_PAGINATION_DEFAULT_PAGE_SIZE,
+    filter_schema=ReviewStatusFilter,
+)
+def list_package_reactions(request, package_uuid: UUID):
+    """
+    List all reactions for a specific package.
+    """
+    user = request.user
+    return get_package_scoped_entities_qs(Reaction, package_uuid, user).order_by("name").all()
--- a/epapi/v1/endpoints/rules.py
+++ b/epapi/v1/endpoints/rules.py
@ -0,0 +1,42 @@
+from django.conf import settings as s
+from ninja import Router
+from ninja_extra.pagination import paginate
+from uuid import UUID
+
+from epdb.models import Rule
+from ..pagination import EnhancedPageNumberPagination
+from ..schemas import ReviewStatusFilter, RuleOutSchema
+from ..dal import get_user_entities_qs, get_package_scoped_entities_qs
+
+router = Router()
+
+
+@router.get("/rules/", response=EnhancedPageNumberPagination.Output[RuleOutSchema])
+@paginate(
+    EnhancedPageNumberPagination,
+    page_size=s.API_PAGINATION_DEFAULT_PAGE_SIZE,
+    filter_schema=ReviewStatusFilter,
+)
+def list_all_rules(request):
+    """
+    List all rules from reviewed packages.
+    """
+    user = request.user
+    return get_user_entities_qs(Rule, user).order_by("name").all()
+
+
+@router.get(
+    "/package/{uuid:package_uuid}/rule/",
+    response=EnhancedPageNumberPagination.Output[RuleOutSchema],
+)
+@paginate(
+    EnhancedPageNumberPagination,
+    page_size=s.API_PAGINATION_DEFAULT_PAGE_SIZE,
+    filter_schema=ReviewStatusFilter,
+)
+def list_package_rules(request, package_uuid: UUID):
+    """
+    List all rules for a specific package.
+    """
+    user = request.user
+    return get_package_scoped_entities_qs(Rule, package_uuid, user).order_by("name").all()
--- a/epapi/v1/endpoints/scenarios.py
+++ b/epapi/v1/endpoints/scenarios.py
@ -0,0 +1,36 @@
+from django.conf import settings as s
+from ninja import Router
+from ninja_extra.pagination import paginate
+from uuid import UUID
+
+from epdb.models import Scenario
+from ..pagination import EnhancedPageNumberPagination
+from ..schemas import ReviewStatusFilter, ScenarioOutSchema
+from ..dal import get_user_entities_qs, get_package_scoped_entities_qs
+
+router = Router()
+
+
+@router.get("/scenarios/", response=EnhancedPageNumberPagination.Output[ScenarioOutSchema])
+@paginate(
+    EnhancedPageNumberPagination,
+    page_size=s.API_PAGINATION_DEFAULT_PAGE_SIZE,
+    filter_schema=ReviewStatusFilter,
+)
+def list_all_scenarios(request):
+    user = request.user
+    return get_user_entities_qs(Scenario, user).order_by("name").all()
+
+
+@router.get(
+    "/package/{uuid:package_uuid}/scenario/",
+    response=EnhancedPageNumberPagination.Output[ScenarioOutSchema],
+)
+@paginate(
+    EnhancedPageNumberPagination,
+    page_size=s.API_PAGINATION_DEFAULT_PAGE_SIZE,
+    filter_schema=ReviewStatusFilter,
+)
+def list_package_scenarios(request, package_uuid: UUID):
+    user = request.user
+    return get_package_scoped_entities_qs(Scenario, package_uuid, user).order_by("name").all()
--- a/epapi/v1/endpoints/structure.py
+++ b/epapi/v1/endpoints/structure.py
@ -0,0 +1,50 @@
+from django.conf import settings as s
+from ninja import Router
+from ninja_extra.pagination import paginate
+from uuid import UUID
+
+from ..pagination import EnhancedPageNumberPagination
+from ..schemas import CompoundStructureOutSchema, StructureReviewStatusFilter
+from ..dal import (
+    get_user_structures_qs,
+    get_package_compound_scoped_structure_qs,
+)
+
+router = Router()
+
+
+@router.get(
+    "/structures/", response=EnhancedPageNumberPagination.Output[CompoundStructureOutSchema]
+)
+@paginate(
+    EnhancedPageNumberPagination,
+    page_size=s.API_PAGINATION_DEFAULT_PAGE_SIZE,
+    filter_schema=StructureReviewStatusFilter,
+)
+def list_all_structures(request):
+    """
+    List all structures from all packages.
+    """
+    user = request.user
+    return get_user_structures_qs(user).order_by("name").all()
+
+
+@router.get(
+    "/package/{uuid:package_uuid}/compound/{uuid:compound_uuid}/structure/",
+    response=EnhancedPageNumberPagination.Output[CompoundStructureOutSchema],
+)
+@paginate(
+    EnhancedPageNumberPagination,
+    page_size=s.API_PAGINATION_DEFAULT_PAGE_SIZE,
+    filter_schema=StructureReviewStatusFilter,
+)
+def list_package_structures(request, package_uuid: UUID, compound_uuid: UUID):
+    """
+    List all structures for a specific package and compound.
+    """
+    user = request.user
+    return (
+        get_package_compound_scoped_structure_qs(package_uuid, compound_uuid, user)
+        .order_by("name")
+        .all()
+    )
--- a/epapi/v1/errors.py
+++ b/epapi/v1/errors.py
@ -0,0 +1,28 @@
+from ninja.errors import HttpError
+
+
+class EPAPIError(HttpError):
+    status_code: int = 500
+
+    def __init__(self, message: str) -> None:
+        super().__init__(status_code=self.status_code, message=message)
+
+    @classmethod
+    def from_exception(cls, exc: Exception):
+        return cls(message=str(exc))
+
+
+class EPAPIUnauthorizedError(EPAPIError):
+    status_code = 401
+
+
+class EPAPIPermissionDeniedError(EPAPIError):
+    status_code = 403
+
+
+class EPAPINotFoundError(EPAPIError):
+    status_code = 404
+
+
+class EPAPIValidationError(EPAPIError):
+    status_code = 422
--- a/epapi/v1/pagination.py
+++ b/epapi/v1/pagination.py
@ -0,0 +1,60 @@
+import math
+from typing import Any, Generic, List, TypeVar
+
+from django.db.models import QuerySet
+from ninja import Schema
+from ninja.pagination import PageNumberPagination
+
+T = TypeVar("T")
+
+
+class EnhancedPageNumberPagination(PageNumberPagination):
+    class Output(Schema, Generic[T]):
+        items: List[T]
+        page: int
+        page_size: int
+        total_items: int
+        total_pages: int
+
+    def paginate_queryset(
+        self,
+        queryset: QuerySet,
+        pagination: PageNumberPagination.Input,
+        **params: Any,
+    ) -> Any:
+        page_size = self._get_page_size(pagination.page_size)
+        offset = (pagination.page - 1) * page_size
+        total_items = self._items_count(queryset)
+        total_pages = math.ceil(total_items / page_size) if page_size > 0 else 0
+
+        return {
+            "items": queryset[offset : offset + page_size],
+            "page": pagination.page,
+            "page_size": page_size,
+            "total_items": total_items,
+            "total_pages": total_pages,
+        }
+
+    async def apaginate_queryset(
+        self,
+        queryset: QuerySet,
+        pagination: PageNumberPagination.Input,
+        **params: Any,
+    ) -> Any:
+        page_size = self._get_page_size(pagination.page_size)
+        offset = (pagination.page - 1) * page_size
+        total_items = await self._aitems_count(queryset)
+        total_pages = math.ceil(total_items / page_size) if page_size > 0 else 0
+
+        if isinstance(queryset, QuerySet):
+            items = [obj async for obj in queryset[offset : offset + page_size]]
+        else:
+            items = queryset[offset : offset + page_size]
+
+        return {
+            "items": items,
+            "page": pagination.page,
+            "page_size": page_size,
+            "total_items": total_items,
+            "total_pages": total_pages,
+        }
--- a/epapi/v1/router.py
+++ b/epapi/v1/router.py
@ -0,0 +1,22 @@
+from ninja import Router
+from ninja.security import SessionAuth
+from .auth import BearerTokenAuth
+from .endpoints import packages, scenarios, compounds, rules, reactions, pathways, models, structure
+
+# Main router with authentication
+router = Router(
+    auth=[
+        SessionAuth(),
+        BearerTokenAuth(),
+    ]
+)
+
+# Include all endpoint routers
+router.add_router("", packages.router)
+router.add_router("", scenarios.router)
+router.add_router("", compounds.router)
+router.add_router("", rules.router)
+router.add_router("", reactions.router)
+router.add_router("", pathways.router)
+router.add_router("", models.router)
+router.add_router("", structure.router)
--- a/epapi/v1/schemas.py
+++ b/epapi/v1/schemas.py
@ -0,0 +1,104 @@
+from ninja import FilterSchema, FilterLookup, Schema
+from typing import Annotated, Optional
+from uuid import UUID
+
+
+# Filter schema for query parameters
+class ReviewStatusFilter(FilterSchema):
+    """Filter schema for review_status query parameter."""
+
+    review_status: Annotated[Optional[bool], FilterLookup("package__reviewed")] = None
+
+
+class SelfReviewStatusFilter(FilterSchema):
+    """Filter schema for review_status query parameter on self-reviewed entities."""
+
+    review_status: Annotated[Optional[bool], FilterLookup("reviewed")] = None
+
+
+class StructureReviewStatusFilter(FilterSchema):
+    """Filter schema for review_status on structures (via compound->package)."""
+
+    review_status: Annotated[Optional[bool], FilterLookup("compound__package__reviewed")] = None
+
+
+# Base schema for all package-scoped entities
+class PackageEntityOutSchema(Schema):
+    """Base schema for entities belonging to a package."""
+
+    uuid: UUID
+    url: str = ""
+    name: str
+    description: str
+    review_status: str = ""
+    package: str = ""
+
+    @staticmethod
+    def resolve_url(obj):
+        return obj.url
+
+    @staticmethod
+    def resolve_package(obj):
+        return obj.package.url
+
+    @staticmethod
+    def resolve_review_status(obj):
+        return "reviewed" if obj.package.reviewed else "unreviewed"
+
+
+# All package-scoped entities inherit from base
+class ScenarioOutSchema(PackageEntityOutSchema):
+    pass
+
+
+class CompoundOutSchema(PackageEntityOutSchema):
+    pass
+
+
+class RuleOutSchema(PackageEntityOutSchema):
+    pass
+
+
+class ReactionOutSchema(PackageEntityOutSchema):
+    pass
+
+
+class PathwayOutSchema(PackageEntityOutSchema):
+    pass
+
+
+class ModelOutSchema(PackageEntityOutSchema):
+    pass
+
+
+class CompoundStructureOutSchema(PackageEntityOutSchema):
+    compound: str = ""
+
+    @staticmethod
+    def resolve_compound(obj):
+        return obj.compound.url
+
+    @staticmethod
+    def resolve_package(obj):
+        return obj.compound.package.url
+
+    @staticmethod
+    def resolve_review_status(obj):
+        return "reviewed" if obj.compound.package.reviewed else "unreviewed"
+
+
+# Package is special (no package FK)
+class PackageOutSchema(Schema):
+    uuid: UUID
+    url: str = ""
+    name: str
+    description: str
+    review_status: str = ""
+
+    @staticmethod
+    def resolve_url(obj):
+        return obj.url
+
+    @staticmethod
+    def resolve_review_status(obj):
+        return "reviewed" if obj.reviewed else "unreviewed"
--- a/epdb/logic.py
+++ b/epdb/logic.py
@ -444,6 +444,7 @@ class PackageManager(object):
            if PackageManager.readable(user, p):
                return p
            else:
+                # FIXME: use custom exception to be translatable to 403 in API
                raise ValueError(
                    "Insufficient permissions to access Package with ID {}".format(package_id)
                )
--- a/epdb/views.py
+++ b/epdb/views.py
@ -474,20 +474,15 @@ def packages(request):
    if request.method == "GET":
        context = get_base_context(request)
        context["title"] = "enviPath - Packages"
-
-        context["object_type"] = "package"
        context["meta"]["current_package"] = context["meta"]["user"].default_package
-        context["meta"]["can_edit"] = True

-        reviewed_package_qs = Package.objects.filter(reviewed=True).order_by("created")
-        unreviewed_package_qs = PackageManager.get_all_readable_packages(current_user).order_by(
-            "name"
-        )
+        # Context for paginated template
+        context["entity_type"] = "package"
+        context["api_endpoint"] = "/api/v1/packages/"
+        context["per_page"] = s.API_PAGINATION_DEFAULT_PAGE_SIZE
+        context["list_title"] = "packages"

-        context["reviewed_objects"] = reviewed_package_qs
-        context["unreviewed_objects"] = unreviewed_package_qs
-
-        return render(request, "collections/objects_list.html", context)
+        return render(request, "collections/packages_paginated.html", context)

    elif request.method == "POST":
        if hidden := request.POST.get("hidden", None):
@ -533,29 +528,16 @@ def compounds(request):
    if request.method == "GET":
        context = get_base_context(request)
        context["title"] = "enviPath - Compounds"
-
-        context["object_type"] = "compound"
        context["meta"]["current_package"] = context["meta"]["user"].default_package

-        reviewed_compound_qs = Compound.objects.none()
+        # Context for paginated template
+        context["entity_type"] = "compound"
+        context["api_endpoint"] = "/api/v1/compounds/"
+        context["per_page"] = s.API_PAGINATION_DEFAULT_PAGE_SIZE
+        context["list_mode"] = "tabbed"
+        context["list_title"] = "compounds"

-        for p in PackageManager.get_reviewed_packages():
-            reviewed_compound_qs |= Compound.objects.filter(package=p)
-
-        reviewed_compound_qs = reviewed_compound_qs.order_by("name")
-
-        if request.GET.get("all"):
-            return JsonResponse(
-                {
-                    "objects": [
-                        {"name": pw.name, "url": pw.url, "reviewed": True}
-                        for pw in reviewed_compound_qs
-                    ]
-                }
-            )
-
-        context["reviewed_objects"] = reviewed_compound_qs
-        return render(request, "collections/objects_list.html", context)
+        return render(request, "collections/compounds_paginated.html", context)

    elif request.method == "POST":
        # delegate to default package
@ -571,32 +553,19 @@ def rules(request):
    if request.method == "GET":
        context = get_base_context(request)
        context["title"] = "enviPath - Rules"
-
-        context["object_type"] = "rule"
        context["meta"]["current_package"] = context["meta"]["user"].default_package
        context["breadcrumbs"] = [
            {"Home": s.SERVER_URL},
            {"Rule": s.SERVER_URL + "/rule"},
        ]
-        reviewed_rule_qs = Rule.objects.none()

-        for p in PackageManager.get_reviewed_packages():
-            reviewed_rule_qs |= Rule.objects.filter(package=p)
+        # Context for paginated template
+        context["entity_type"] = "rule"
+        context["api_endpoint"] = "/api/v1/rules/"
+        context["per_page"] = s.API_PAGINATION_DEFAULT_PAGE_SIZE
+        context["list_title"] = "rules"

-        reviewed_rule_qs = reviewed_rule_qs.order_by("name")
-
-        if request.GET.get("all"):
-            return JsonResponse(
-                {
-                    "objects": [
-                        {"name": pw.name, "url": pw.url, "reviewed": True}
-                        for pw in reviewed_rule_qs
-                    ]
-                }
-            )
-
-        context["reviewed_objects"] = reviewed_rule_qs
-        return render(request, "collections/objects_list.html", context)
+        return render(request, "collections/rules_paginated.html", context)

    elif request.method == "POST":
        # delegate to default package
@ -612,32 +581,19 @@ def reactions(request):
    if request.method == "GET":
        context = get_base_context(request)
        context["title"] = "enviPath - Reactions"
-
-        context["object_type"] = "reaction"
        context["meta"]["current_package"] = context["meta"]["user"].default_package
        context["breadcrumbs"] = [
            {"Home": s.SERVER_URL},
            {"Reaction": s.SERVER_URL + "/reaction"},
        ]
-        reviewed_reaction_qs = Reaction.objects.none()

-        for p in PackageManager.get_reviewed_packages():
-            reviewed_reaction_qs |= Reaction.objects.filter(package=p).order_by("name")
+        # Context for paginated template
+        context["entity_type"] = "reaction"
+        context["api_endpoint"] = "/api/v1/reactions/"
+        context["per_page"] = s.API_PAGINATION_DEFAULT_PAGE_SIZE
+        context["list_title"] = "reactions"

-        reviewed_reaction_qs = reviewed_reaction_qs.order_by("name")
-
-        if request.GET.get("all"):
-            return JsonResponse(
-                {
-                    "objects": [
-                        {"name": pw.name, "url": pw.url, "reviewed": True}
-                        for pw in reviewed_reaction_qs
-                    ]
-                }
-            )
-
-        context["reviewed_objects"] = reviewed_reaction_qs
-        return render(request, "collections/objects_list.html", context)
+        return render(request, "collections/reactions_paginated.html", context)

    elif request.method == "POST":
        # delegate to default package
@ -653,33 +609,19 @@ def pathways(request):
    if request.method == "GET":
        context = get_base_context(request)
        context["title"] = "enviPath - Pathways"
-
-        context["object_type"] = "pathway"
        context["meta"]["current_package"] = context["meta"]["user"].default_package
        context["breadcrumbs"] = [
            {"Home": s.SERVER_URL},
            {"Pathway": s.SERVER_URL + "/pathway"},
        ]

-        reviewed_pathway_qs = Pathway.objects.none()
+        # Context for paginated template
+        context["entity_type"] = "pathway"
+        context["api_endpoint"] = "/api/v1/pathways/"
+        context["per_page"] = s.API_PAGINATION_DEFAULT_PAGE_SIZE
+        context["list_title"] = "pathways"

-        for p in PackageManager.get_reviewed_packages():
-            reviewed_pathway_qs |= Pathway.objects.filter(package=p).order_by("name")
-
-        reviewed_pathway_qs = reviewed_pathway_qs.order_by("name")
-
-        if request.GET.get("all"):
-            return JsonResponse(
-                {
-                    "objects": [
-                        {"name": pw.name, "url": pw.url, "reviewed": True}
-                        for pw in reviewed_pathway_qs
-                    ]
-                }
-            )
-
-        context["reviewed_objects"] = reviewed_pathway_qs
-        return render(request, "collections/objects_list.html", context)
+        return render(request, "collections/pathways_paginated.html", context)

    elif request.method == "POST":
        # delegate to default package
@ -703,25 +645,13 @@ def scenarios(request):
            {"Scenario": s.SERVER_URL + "/scenario"},
        ]

-        reviewed_scenario_qs = Scenario.objects.none()
+        # Context for paginated template
+        context["entity_type"] = "scenario"
+        context["api_endpoint"] = "/api/v1/scenarios/"
+        context["per_page"] = s.API_PAGINATION_DEFAULT_PAGE_SIZE
+        context["list_title"] = "scenarios"

-        for p in PackageManager.get_reviewed_packages():
-            reviewed_scenario_qs |= Scenario.objects.filter(package=p).order_by("name")
-
-        reviewed_scenario_qs = reviewed_scenario_qs.order_by("name")
-
-        if request.GET.get("all"):
-            return JsonResponse(
-                {
-                    "objects": [
-                        {"name": s.name, "url": s.url, "reviewed": True}
-                        for s in reviewed_scenario_qs
-                    ]
-                }
-            )
-
-        context["reviewed_objects"] = reviewed_scenario_qs
-        return render(request, "collections/objects_list.html", context)
+        return render(request, "collections/scenarios_paginated.html", context)

    elif request.method == "POST":
        # delegate to default package
@ -736,42 +666,28 @@ def models(request):
    if request.method == "GET":
        context = get_base_context(request)
        context["title"] = "enviPath - Models"
-
-        context["object_type"] = "model"
        context["meta"]["current_package"] = context["meta"]["user"].default_package
        context["breadcrumbs"] = [
            {"Home": s.SERVER_URL},
            {"Model": s.SERVER_URL + "/model"},
        ]

+        # Keep model_types for potential modal/action use
        context["model_types"] = {
            "ML Relative Reasoning": "ml-relative-reasoning",
            "Rule Based Relative Reasoning": "rule-based-relative-reasoning",
            "EnviFormer": "enviformer",
        }
-
        for k, v in s.CLASSIFIER_PLUGINS.items():
            context["model_types"][v.display()] = k

-        reviewed_model_qs = EPModel.objects.none()
+        # Context for paginated template
+        context["entity_type"] = "model"
+        context["api_endpoint"] = "/api/v1/models/"
+        context["per_page"] = s.API_PAGINATION_DEFAULT_PAGE_SIZE
+        context["list_title"] = "models"

-        for p in PackageManager.get_reviewed_packages():
-            reviewed_model_qs |= EPModel.objects.filter(package=p).order_by("name")
-
-        reviewed_model_qs = reviewed_model_qs.order_by("name")
-
-        if request.GET.get("all"):
-            return JsonResponse(
-                {
-                    "objects": [
-                        {"name": pw.name, "url": pw.url, "reviewed": True}
-                        for pw in reviewed_model_qs
-                    ]
-                }
-            )
-
-        context["reviewed_objects"] = reviewed_model_qs
-        return render(request, "collections/objects_list.html", context)
+        return render(request, "collections/models_paginated.html", context)

    elif request.method == "POST":
        current_user = _anonymous_or_real(request)
@ -848,6 +764,10 @@ def package_models(request, package_uuid):
        context["meta"]["current_package"] = current_package
        context["object_type"] = "model"
        context["breadcrumbs"] = breadcrumbs(current_package, "model")
+        context["entity_type"] = "model"
+        context["api_endpoint"] = f"/api/v1/package/{current_package.uuid}/model/"
+        context["per_page"] = s.API_PAGINATION_DEFAULT_PAGE_SIZE
+        context["list_title"] = "models"

        reviewed_model_qs = EPModel.objects.none()
        unreviewed_model_qs = EPModel.objects.none()
@ -869,9 +789,6 @@ def package_models(request, package_uuid):
                }
            )

-        context["reviewed_objects"] = reviewed_model_qs
-        context["unreviewed_objects"] = unreviewed_model_qs
-
        context["model_types"] = {
            "ML Relative Reasoning": "mlrr",
            "Rule Based Relative Reasoning": "rbrr",
@ -884,7 +801,7 @@ def package_models(request, package_uuid):
            for k, v in s.CLASSIFIER_PLUGINS.items():
                context["model_types"][v.display()] = k

-        return render(request, "collections/objects_list.html", context)
+        return render(request, "collections/models_paginated.html", context)

    elif request.method == "POST":
        log_post_params(request)
@ -1242,6 +1159,11 @@ def package_compounds(request, package_uuid):
        context["meta"]["current_package"] = current_package
        context["object_type"] = "compound"
        context["breadcrumbs"] = breadcrumbs(current_package, "compound")
+        context["entity_type"] = "compound"
+        context["api_endpoint"] = f"/api/v1/package/{current_package.uuid}/compound/"
+        context["per_page"] = s.API_PAGINATION_DEFAULT_PAGE_SIZE
+        context["list_mode"] = "tabbed"
+        context["list_title"] = "compounds"

        reviewed_compound_qs = Compound.objects.none()
        unreviewed_compound_qs = Compound.objects.none()
@ -1267,10 +1189,7 @@ def package_compounds(request, package_uuid):
                }
            )

-        context["reviewed_objects"] = reviewed_compound_qs
-        context["unreviewed_objects"] = unreviewed_compound_qs
-
-        return render(request, "collections/objects_list.html", context)
+        return render(request, "collections/compounds_paginated.html", context)

    elif request.method == "POST":
        compound_name = request.POST.get("compound-name")
@ -1389,19 +1308,17 @@ def package_compound_structures(request, package_uuid, compound_uuid):
        context["breadcrumbs"] = breadcrumbs(
            current_package, "compound", current_compound, "structure"
        )
+        context["entity_type"] = "structure"
+        context["page_title"] = f"{current_compound.name} - Structures"
+        context["api_endpoint"] = (
+            f"/api/v1/package/{current_package.uuid}/compound/{current_compound.uuid}/structure/"
+        )
+        context["per_page"] = s.API_PAGINATION_DEFAULT_PAGE_SIZE
+        context["compound"] = current_compound
+        context["list_mode"] = "combined"
+        context["list_title"] = "structures"

-        reviewed_compound_structure_qs = CompoundStructure.objects.none()
-        unreviewed_compound_structure_qs = CompoundStructure.objects.none()
-
-        if current_package.reviewed:
-            reviewed_compound_structure_qs = current_compound.structures.order_by("name")
-        else:
-            unreviewed_compound_structure_qs = current_compound.structures.order_by("name")
-
-        context["reviewed_objects"] = reviewed_compound_structure_qs
-        context["unreviewed_objects"] = unreviewed_compound_structure_qs
-
-        return render(request, "collections/objects_list.html", context)
+        return render(request, "collections/structures_paginated.html", context)

    elif request.method == "POST":
        structure_name = request.POST.get("structure-name")
@ -1548,6 +1465,10 @@ def package_rules(request, package_uuid):
        context["meta"]["current_package"] = current_package
        context["object_type"] = "rule"
        context["breadcrumbs"] = breadcrumbs(current_package, "rule")
+        context["entity_type"] = "rule"
+        context["api_endpoint"] = f"/api/v1/package/{current_package.uuid}/rule/"
+        context["per_page"] = s.API_PAGINATION_DEFAULT_PAGE_SIZE
+        context["list_title"] = "rules"

        reviewed_rule_qs = Rule.objects.none()
        unreviewed_rule_qs = Rule.objects.none()
@ -1569,10 +1490,7 @@ def package_rules(request, package_uuid):
                }
            )

-        context["reviewed_objects"] = reviewed_rule_qs
-        context["unreviewed_objects"] = unreviewed_rule_qs
-
-        return render(request, "collections/objects_list.html", context)
+        return render(request, "collections/rules_paginated.html", context)

    elif request.method == "POST":
        log_post_params(request)
@ -1750,11 +1668,15 @@ def package_reactions(request, package_uuid):

    if request.method == "GET":
        context = get_base_context(request)
-        context["title"] = f"enviPath - {current_package.name} - {current_package.name} - Reactions"
+        context["title"] = f"enviPath - {current_package.name} - Reactions"

        context["meta"]["current_package"] = current_package
        context["object_type"] = "reaction"
        context["breadcrumbs"] = breadcrumbs(current_package, "reaction")
+        context["entity_type"] = "reaction"
+        context["api_endpoint"] = f"/api/v1/package/{current_package.uuid}/reaction/"
+        context["per_page"] = s.API_PAGINATION_DEFAULT_PAGE_SIZE
+        context["list_title"] = "reactions"

        reviewed_reaction_qs = Reaction.objects.none()
        unreviewed_reaction_qs = Reaction.objects.none()
@ -1780,10 +1702,7 @@ def package_reactions(request, package_uuid):
                }
            )

-        context["reviewed_objects"] = reviewed_reaction_qs
-        context["unreviewed_objects"] = unreviewed_reaction_qs
-
-        return render(request, "collections/objects_list.html", context)
+        return render(request, "collections/reactions_paginated.html", context)

    elif request.method == "POST":
        reaction_name = request.POST.get("reaction-name")
@ -1902,6 +1821,10 @@ def package_pathways(request, package_uuid):
        context["meta"]["current_package"] = current_package
        context["object_type"] = "pathway"
        context["breadcrumbs"] = breadcrumbs(current_package, "pathway")
+        context["entity_type"] = "pathway"
+        context["api_endpoint"] = f"/api/v1/package/{current_package.uuid}/pathway/"
+        context["per_page"] = s.API_PAGINATION_DEFAULT_PAGE_SIZE
+        context["list_title"] = "pathways"

        reviewed_pathway_qs = Pathway.objects.none()
        unreviewed_pathway_qs = Pathway.objects.none()
@ -1925,10 +1848,7 @@ def package_pathways(request, package_uuid):
                }
            )

-        context["reviewed_objects"] = reviewed_pathway_qs
-        context["unreviewed_objects"] = unreviewed_pathway_qs
-
-        return render(request, "collections/objects_list.html", context)
+        return render(request, "collections/pathways_paginated.html", context)

    elif request.method == "POST":
        log_post_params(request)
@ -2465,6 +2385,10 @@ def package_scenarios(request, package_uuid):
        context["meta"]["current_package"] = current_package
        context["object_type"] = "scenario"
        context["breadcrumbs"] = breadcrumbs(current_package, "scenario")
+        context["entity_type"] = "scenario"
+        context["api_endpoint"] = f"/api/v1/package/{current_package.uuid}/scenario/"
+        context["per_page"] = s.API_PAGINATION_DEFAULT_PAGE_SIZE
+        context["list_title"] = "scenarios"

        reviewed_scenario_qs = Scenario.objects.none()
        unreviewed_scenario_qs = Scenario.objects.none()
@ -2490,9 +2414,6 @@ def package_scenarios(request, package_uuid):
                }
            )

-        context["reviewed_objects"] = reviewed_scenario_qs
-        context["unreviewed_objects"] = unreviewed_scenario_qs
-
        from envipy_additional_information import (
            SEDIMENT_ADDITIONAL_INFORMATION,
            SLUDGE_ADDITIONAL_INFORMATION,
@ -2527,7 +2448,7 @@ def package_scenarios(request, package_uuid):
        context["soil_additional_information"] = SOIL_ADDITIONAL_INFORMATION
        context["sediment_additional_information"] = SEDIMENT_ADDITIONAL_INFORMATION

-        return render(request, "collections/objects_list.html", context)
+        return render(request, "collections/scenarios_paginated.html", context)
    elif request.method == "POST":
        log_post_params(request)

--- a/pyproject.toml
+++ b/pyproject.toml
@ -9,7 +9,8 @@ dependencies = [
    "django>=5.2.1",
    "django-extensions>=4.1",
    "django-model-utils>=5.0.0",
-    "django-ninja>=1.4.1",
+    "django-ninja>=1.4.5",
+    "django-ninja-extra>=0.30.6",
    "django-oauth-toolkit>=3.0.1",
    "django-polymorphic>=4.1.0",
    "enviformer",
@ -47,6 +48,7 @@ dev = [
    "ruff>=0.13.3",
    "pytest-playwright>=0.7.1",
    "pytest-django>=4.11.1",
+    "pytest-cov>=7.0.0",
 ]

 [tool.ruff]
@ -121,3 +123,22 @@ collectstatic = { cmd = "uv run python manage.py collectstatic --noinput", help
 ] }

 frontend-test-setup = { cmd = "playwright install", help = "Install the browsers required for frontend testing" }
+
+[tool.pytest.ini_options]
+addopts = "--verbose --capture=no --durations=10"
+testpaths = ["tests", "*/tests"]
+pythonpath = ["."]
+norecursedirs = [
+    "env",
+    "venv",
+    "envipy-plugins",
+    "envipy-additional-information",
+    "envipy-ambit",
+    "enviformer",
+]
+markers = [
+    "api: API tests",
+    "frontend: Frontend tests",
+    "end2end: End-to-end tests",
+    "slow: Slow tests",
+]
--- a/static/css/input.css
+++ b/static/css/input.css
@ -36,24 +36,17 @@
@import "./daisyui-theme.css";

 /* Loading Spinner - Benzene Ring */
-.loading-spinner {
+.benzene-spinner {
  display: flex;
  justify-content: center;
  align-items: center;
  padding: 2rem;
 }

-.loading-spinner svg {
+.benzene-spinner svg {
  width: 48px;
  height: 48px;
-  animation: spin 2s linear infinite;
-}
-
-.loading-spinner .hexagon,
-.loading-spinner .double-bonds {
-  fill: none;
-  stroke: currentColor;
-  stroke-width: 2;
+  animation: spin 3s linear infinite;
 }

@keyframes spin {
--- a/static/js/alpine/pagination.js
+++ b/static/js/alpine/pagination.js
@ -5,31 +5,26 @@
 */

 document.addEventListener('alpine:init', () => {
-  Alpine.data('paginatedList', (initialItems = [], options = {}) => ({
-    allItems: initialItems,
-    filteredItems: [],
+  Alpine.data('remotePaginatedList', (options = {}) => ({
+    items: [],
    currentPage: 1,
+    totalPages: 0,
+    totalItems: 0,
    perPage: options.perPage || 50,
-    searchQuery: '',
+    endpoint: options.endpoint || '',
    isReviewed: options.isReviewed || false,
    instanceId: options.instanceId || Math.random().toString(36).substring(2, 9),
+    isLoading: false,
+    error: null,

    init() {
-      this.filteredItems = this.allItems;
-    },
-
-    get totalPages() {
-      return Math.ceil(this.filteredItems.length / this.perPage);
+      if (this.endpoint) {
+        this.fetchPage(1);
+      }
    },

    get paginatedItems() {
-      const start = (this.currentPage - 1) * this.perPage;
-      const end = start + this.perPage;
-      return this.filteredItems.slice(start, end);
-    },
-
-    get totalItems() {
-      return this.filteredItems.length;
+      return this.items;
    },

    get showingStart() {
@ -38,36 +33,65 @@ document.addEventListener('alpine:init', () => {
    },

    get showingEnd() {
-      return Math.min(this.currentPage * this.perPage, this.totalItems);
+      if (this.totalItems === 0) return 0;
+      return Math.min((this.currentPage - 1) * this.perPage + this.items.length, this.totalItems);
    },

-    search(query) {
-      this.searchQuery = query.toLowerCase();
-      if (this.searchQuery === '') {
-        this.filteredItems = this.allItems;
-      } else {
-        this.filteredItems = this.allItems.filter(item =>
-          item.name.toLowerCase().includes(this.searchQuery)
-        );
+    async fetchPage(page) {
+      if (!this.endpoint) {
+        return;
+      }
+
+      this.isLoading = true;
+      this.error = null;
+
+      try {
+        const url = new URL(this.endpoint, window.location.origin);
+        // Preserve existing query parameters and add pagination params
+        url.searchParams.set('page', page.toString());
+        url.searchParams.set('page_size', this.perPage.toString());
+
+        const response = await fetch(url.toString(), {
+          headers: { Accept: 'application/json' },
+          credentials: 'same-origin'
+        });
+
+        if (!response.ok) {
+          throw new Error(`Failed to load ${this.endpoint} (status ${response.status})`);
+        }
+
+        const data = await response.json();
+        this.items = data.items || [];
+        this.totalItems = data.total_items || 0;
+        this.totalPages = data.total_pages || 0;
+        this.currentPage = data.page || page;
+        this.perPage = data.page_size || this.perPage;
+
+        // Dispatch event for parent components (e.g., tab count updates)
+        this.$dispatch('items-loaded', { totalItems: this.totalItems });
+      } catch (err) {
+        console.error(err);
+        this.error = `Unable to load ${this.endpoint}. Please try again.`;
+      } finally {
+        this.isLoading = false;
      }
-      this.currentPage = 1;
    },

    nextPage() {
      if (this.currentPage < this.totalPages) {
-        this.currentPage++;
+        this.fetchPage(this.currentPage + 1);
      }
    },

    prevPage() {
      if (this.currentPage > 1) {
-        this.currentPage--;
+        this.fetchPage(this.currentPage - 1);
      }
    },

    goToPage(page) {
      if (page >= 1 && page <= this.totalPages) {
-        this.currentPage = page;
+        this.fetchPage(page);
      }
    },

@ -76,54 +100,43 @@ document.addEventListener('alpine:init', () => {
      const total = this.totalPages;
      const current = this.currentPage;

-      // Handle empty case
      if (total === 0) {
        return pages;
      }

      if (total <= 7) {
-        // Show all pages if 7 or fewer
        for (let i = 1; i <= total; i++) {
          pages.push({ page: i, isEllipsis: false, key: `${this.instanceId}-page-${i}` });
        }
      } else {
-        // More than 7 pages - show first, last, and sliding window around current
-        // Always show first page
        pages.push({ page: 1, isEllipsis: false, key: `${this.instanceId}-page-1` });

-        // Determine the start and end of the middle range
-        let rangeStart, rangeEnd;
+        let rangeStart;
+        let rangeEnd;

        if (current <= 4) {
-          // Near the beginning: show pages 2-5
          rangeStart = 2;
          rangeEnd = 5;
        } else if (current >= total - 3) {
-          // Near the end: show last 4 pages before the last page
          rangeStart = total - 4;
          rangeEnd = total - 1;
        } else {
-          // In the middle: show current page and one on each side
          rangeStart = current - 1;
          rangeEnd = current + 1;
        }

-        // Add ellipsis before range if there's a gap
        if (rangeStart > 2) {
          pages.push({ page: '...', isEllipsis: true, key: `${this.instanceId}-ellipsis-start` });
        }

-        // Add pages in the range
        for (let i = rangeStart; i <= rangeEnd; i++) {
          pages.push({ page: i, isEllipsis: false, key: `${this.instanceId}-page-${i}` });
        }

-        // Add ellipsis after range if there's a gap
        if (rangeEnd < total - 1) {
          pages.push({ page: '...', isEllipsis: true, key: `${this.instanceId}-ellipsis-end` });
        }

-        // Always show last page
        pages.push({ page: total, isEllipsis: false, key: `${this.instanceId}-page-${total}` });
      }

--- a/templates/actions/collections/compound.html
+++ b/templates/actions/collections/compound.html
@ -1,10 +0,0 @@
-{% if meta.can_edit %}
-  <li>
-    <a
-      role="button"
-      onclick="document.getElementById('new_compound_modal').showModal(); return false;"
-    >
-      <span class="glyphicon glyphicon-plus"></span> New Compound</a
-    >
-  </li>
-{% endif %}
--- a/templates/actions/collections/compound_structure.html
+++ b/templates/actions/collections/compound_structure.html
@ -1,10 +0,0 @@
-{% if meta.can_edit %}
-  <li>
-    <a
-      role="button"
-      onclick="document.getElementById('new_compound_structure_modal').showModal(); return false;"
-    >
-      <span class="glyphicon glyphicon-plus"></span> New Compound Structure</a
-    >
-  </li>
-{% endif %}
--- a/templates/actions/collections/model.html
+++ b/templates/actions/collections/model.html
@ -1,10 +0,0 @@
-{% if meta.can_edit and meta.enabled_features.MODEL_BUILDING %}
-  <li>
-    <a
-      role="button"
-      onclick="document.getElementById('new_model_modal').showModal(); return false;"
-    >
-      <span class="glyphicon glyphicon-plus"></span> New Model</a
-    >
-  </li>
-{% endif %}
--- a/templates/actions/collections/package.html
+++ b/templates/actions/collections/package.html
@ -1,25 +0,0 @@
-<li>
-  <a
-    role="button"
-    onclick="document.getElementById('new_package_modal').showModal(); return false;"
-  >
-    <span class="glyphicon glyphicon-plus"></span> New Package</a
-  >
-</li>
-<li>
-  <a
-    role="button"
-    onclick="document.getElementById('import_package_modal').showModal(); return false;"
-  >
-    <span class="glyphicon glyphicon-import"></span> Import Package from JSON</a
-  >
-</li>
-<li>
-  <a
-    role="button"
-    onclick="document.getElementById('import_legacy_package_modal').showModal(); return false;"
-  >
-    <span class="glyphicon glyphicon-import"></span> Import Package from legacy
-    JSON</a
-  >
-</li>
--- a/templates/actions/collections/pathway.html
+++ b/templates/actions/collections/pathway.html
@ -1,9 +0,0 @@
-{% if meta.can_edit %}
-  <li>
-    <a
-      href="{% if meta.current_package %}{{ meta.current_package.url }}/predict{% else %}{{ meta.server_url }}/predict{% endif %}"
-    >
-      <span class="glyphicon glyphicon-plus"></span> New Pathway</a
-    >
-  </li>
-{% endif %}
--- a/templates/actions/collections/reaction.html
+++ b/templates/actions/collections/reaction.html
@ -1,10 +0,0 @@
-{% if meta.can_edit %}
-  <li>
-    <a
-      role="button"
-      onclick="document.getElementById('new_reaction_modal').showModal(); return false;"
-    >
-      <span class="glyphicon glyphicon-plus"></span> New Reaction</a
-    >
-  </li>
-{% endif %}
--- a/templates/actions/collections/rule.html
+++ b/templates/actions/collections/rule.html
@ -1,10 +0,0 @@
-{% if meta.can_edit %}
-  <li>
-    <a
-      role="button"
-      onclick="document.getElementById('new_rule_modal').showModal(); return false;"
-    >
-      <span class="glyphicon glyphicon-plus"></span> New Rule</a
-    >
-  </li>
-{% endif %}
--- a/templates/actions/collections/scenario.html
+++ b/templates/actions/collections/scenario.html
@ -1,10 +0,0 @@
-{% if meta.can_edit %}
-  <li>
-    <a
-      role="button"
-      onclick="document.getElementById('new_scenario_modal').showModal(); return false;"
-    >
-      <span class="glyphicon glyphicon-plus"></span> New Scenario</a
-    >
-  </li>
-{% endif %}
--- a/templates/collections/_paginated_list_partial.html
+++ b/templates/collections/_paginated_list_partial.html
@ -0,0 +1,98 @@
+{# Partial for paginated list content - expects to be inside a remotePaginatedList Alpine.js context #}
+{# Variables: empty_text (string), show_review_badge (bool), always_show_badge (bool) #}
+
+{# Loading state #}
+<div x-show="isLoading">{% include "components/loading-spinner.html" %}</div>
+
+{# Error state #}
+<div
+  x-show="!isLoading && error"
+  class="alert alert-error/50 text-sm"
+  x-text="error"
+></div>
+
+{# Content #}
+<template x-if="!isLoading && !error">
+  <div>
+    {# Empty state #}
+    <div
+      x-show="totalItems === 0"
+      class="text-base-content/70 py-8 text-center"
+    >
+      <p>No {{ empty_text|default:"items" }} found.</p>
+    </div>
+
+    {# Items list #}
+    <ul class="menu bg-base-100 rounded-box w-full" x-show="totalItems > 0">
+      <template x-for="obj in paginatedItems" :key="obj.url">
+        <li>
+          <a :href="obj.url" class="hover:bg-base-200">
+            <span x-text="obj.name"></span>
+            {% if show_review_badge %}
+              <span
+                class="tooltip tooltip-left ml-auto"
+                data-tip="Reviewed"
+                {% if not always_show_badge %}
+                  x-show="obj.review_status === 'reviewed'"
+                {% endif %}
+              >
+                <svg
+                  xmlns="http://www.w3.org/2000/svg"
+                  width="24"
+                  height="24"
+                  viewBox="0 0 24 24"
+                  fill="none"
+                  stroke="currentColor"
+                  stroke-width="2"
+                  stroke-linecap="round"
+                  stroke-linejoin="round"
+                  class="lucide lucide-check-icon lucide-check"
+                >
+                  <path d="M20 6 9 17l-5-5" />
+                </svg>
+              </span>
+            {% endif %}
+          </a>
+        </li>
+      </template>
+    </ul>
+
+    {# Pagination controls #}
+    <div
+      x-show="totalPages > 1"
+      class="mt-4 flex items-center justify-between px-2"
+    >
+      <span class="text-base-content/70 text-sm">
+        Showing <span x-text="showingStart"></span>-<span
+          x-text="showingEnd"
+        ></span>
+        of <span x-text="totalItems"></span>
+      </span>
+      <div class="join">
+        <button
+          class="join-item btn btn-sm"
+          :disabled="currentPage === 1"
+          @click="prevPage()"
+        >
+          «
+        </button>
+        <template x-for="item in pageNumbers" :key="item.key">
+          <button
+            class="join-item btn btn-sm"
+            :class="{ 'btn-active': item.page === currentPage }"
+            :disabled="item.isEllipsis"
+            @click="!item.isEllipsis && goToPage(item.page)"
+            x-text="item.page"
+          ></button>
+        </template>
+        <button
+          class="join-item btn btn-sm"
+          :disabled="currentPage === totalPages"
+          @click="nextPage()"
+        >
+          »
+        </button>
+      </div>
+    </div>
+  </div>
+</template>
--- a/templates/collections/compounds_paginated.html
+++ b/templates/collections/compounds_paginated.html
@ -0,0 +1,33 @@
+{% extends "collections/paginated_base.html" %}
+
+{% block page_title %}Compounds{% endblock %}
+
+{% block action_button %}
+  {% if meta.can_edit %}
+    <button
+      type="button"
+      class="btn btn-primary btn-sm"
+      onclick="document.getElementById('new_compound_modal').showModal(); return false;"
+    >
+      New Compound
+    </button>
+  {% endif %}
+{% endblock action_button %}
+
+{% block action_modals %}
+  {% include "modals/collections/new_compound_modal.html" %}
+{% endblock action_modals %}
+
+{% block description %}
+  <p>
+    A compound stores the structure of a molecule and can include
+    meta-information.
+  </p>
+  <a
+    target="_blank"
+    href="https://wiki.envipath.org/index.php/compounds"
+    class="link link-primary"
+  >
+    Learn more &gt;&gt;
+  </a>
+{% endblock description %}
--- a/templates/collections/models_paginated.html
+++ b/templates/collections/models_paginated.html
@ -0,0 +1,32 @@
+{% extends "collections/paginated_base.html" %}
+
+{% block page_title %}Models{% endblock %}
+
+{% block action_button %}
+  {% if meta.can_edit and meta.enabled_features.MODEL_BUILDING %}
+    <button
+      type="button"
+      class="btn btn-primary btn-sm"
+      onclick="document.getElementById('new_model_modal').showModal(); return false;"
+    >
+      New Model
+    </button>
+  {% endif %}
+{% endblock action_button %}
+
+{% block action_modals %}
+  {% if meta.enabled_features.MODEL_BUILDING %}
+    {% include "modals/collections/new_model_modal.html" %}
+  {% endif %}
+{% endblock action_modals %}
+
+{% block description %}
+  <p>A model applies machine learning to limit the combinatorial explosion.</p>
+  <a
+    target="_blank"
+    href="https://wiki.envipath.org/index.php/relative_reasoning"
+    class="link link-primary"
+  >
+    Learn more &gt;&gt;
+  </a>
+{% endblock description %}
--- a/templates/collections/objects_list.html
+++ b/templates/collections/objects_list.html
@ -5,6 +5,7 @@
  {# Serialize objects data for Alpine pagination #}
  {# prettier-ignore-start #}
 {# FIXME: This is a hack to get the objects data into the JavaScript code. #}
+{% if object_type != 'scenario' %}
  <script>
    window.reviewedObjects = [
      {% for obj in reviewed_objects %}
@ -17,9 +18,9 @@
      {% endfor %}
    ];
  </script>
+{% endif %}
 {# prettier-ignore-end #}

-  {% if object_type != 'package' %}
  <div class="px-8 py-4">
    <input
      type="text"
@ -28,35 +29,12 @@
      placeholder="Search by name"
    />
  </div>
-  {% endif %}

  {% block action_modals %}
-    {% if object_type == 'package' %}
-      {% include "modals/collections/new_package_modal.html" %}
-      {% include "modals/collections/import_package_modal.html" %}
-      {% include "modals/collections/import_legacy_package_modal.html" %}
-    {% elif object_type == 'compound' %}
-      {% include "modals/collections/new_compound_modal.html" %}
-    {% elif object_type == 'rule' %}
-      {% include "modals/collections/new_rule_modal.html" %}
-    {% elif object_type == 'reaction' %}
-      {% include "modals/collections/new_reaction_modal.html" %}
-    {% elif object_type == 'pathway' %}
-      {# {% include "modals/collections/new_pathway_modal.html" %} #}
-    {% elif object_type == 'node' %}
+    {% if object_type == 'node' %}
      {% include "modals/collections/new_node_modal.html" %}
    {% elif object_type == 'edge' %}
      {% include "modals/collections/new_edge_modal.html" %}
-    {% elif object_type == 'scenario' %}
-      {% include "modals/collections/new_scenario_modal.html" %}
-    {% elif object_type == 'model' %}
-      {% include "modals/collections/new_model_modal.html" %}
-    {% elif object_type == 'setting' %}
-      {#{% include "modals/collections/new_setting_modal.html" %}#}
-    {% elif object_type == 'user' %}
-      <div></div>
-    {% elif object_type == 'group' %}
-      {% include "modals/collections/new_group_modal.html" %}
    {% endif %}
  {% endblock action_modals %}

@ -66,32 +44,10 @@
      <div class="card-body px-0 py-4">
        <div class="flex items-center justify-between">
          <h2 class="card-title text-2xl">
-            {% if object_type == 'package' %}
-              Packages
-            {% elif object_type == 'compound' %}
-              Compounds
-            {% elif object_type == 'structure' %}
-              Compound structures
-            {% elif object_type == 'rule' %}
-              Rules
-            {% elif object_type == 'reaction' %}
-              Reactions
-            {% elif object_type == 'pathway' %}
-              Pathways
-            {% elif object_type == 'node' %}
+            {% if object_type == 'node' %}
              Nodes
            {% elif object_type == 'edge' %}
              Edges
-            {% elif object_type == 'scenario' %}
-              Scenarios
-            {% elif object_type == 'model' %}
-              Model
-            {% elif object_type == 'setting' %}
-              Settings
-            {% elif object_type == 'user' %}
-              Users
-            {% elif object_type == 'group' %}
-              Groups
            {% endif %}
          </h2>
          <div id="actionsButton" class="dropdown dropdown-end hidden">
@ -119,103 +75,17 @@
              class="dropdown-content menu bg-base-100 rounded-box z-50 w-52 p-2"
            >
              {% block actions %}
-                {% if object_type == 'package' %}
-                  {% include "actions/collections/package.html" %}
-                {% elif object_type == 'compound' %}
-                  {% include "actions/collections/compound.html" %}
-                {% elif object_type == 'structure' %}
-                  {% include "actions/collections/compound_structure.html" %}
-                {% elif object_type == 'rule' %}
-                  {% include "actions/collections/rule.html" %}
-                {% elif object_type == 'reaction' %}
-                  {% include "actions/collections/reaction.html" %}
-                {% elif object_type == 'setting' %}
-                  {% include "actions/collections/setting.html" %}
-                {% elif object_type == 'scenario' %}
-                  {% include "actions/collections/scenario.html" %}
-                {% elif object_type == 'model' %}
-                  {% include "actions/collections/model.html" %}
-                {% elif object_type == 'pathway' %}
-                  {% include "actions/collections/pathway.html" %}
-                {% elif object_type == 'node' %}
+                {% if object_type == 'node' %}
                  {% include "actions/collections/node.html" %}
                {% elif object_type == 'edge' %}
                  {% include "actions/collections/edge.html" %}
-                {% elif object_type == 'group' %}
-                  {% include "actions/collections/group.html" %}
                {% endif %}
              {% endblock %}
            </ul>
          </div>
        </div>
        <div class="mt-2">
-          <!-- Set Text above links -->
-          {% if object_type == 'package' %}
-            <p>
-              A package contains pathways, rules, etc. and can reflect specific
-              experimental conditions.
-              <a
-                target="_blank"
-                href="https://wiki.envipath.org/index.php/packages"
-                class="link link-primary"
-                >Learn more &gt;&gt;</a
-              >
-            </p>
-          {% elif object_type == 'compound' %}
-            <p>
-              A compound stores the structure of a molecule and can include
-              meta-information.
-              <a
-                target="_blank"
-                href="https://wiki.envipath.org/index.php/compounds"
-                class="link link-primary"
-                >Learn more &gt;&gt;</a
-              >
-            </p>
-          {% elif object_type == 'structure' %}
-            <p>
-              The structures stored in this compound
-              <a
-                target="_blank"
-                href="https://wiki.envipath.org/index.php/compounds"
-                class="link link-primary"
-                >Learn more &gt;&gt;</a
-              >
-            </p>
-          {% elif object_type == 'rule' %}
-            <p>
-              A rule describes a biotransformation reaction template that is
-              defined as SMIRKS.
-              <a
-                target="_blank"
-                href="https://wiki.envipath.org/index.php/Rules"
-                class="link link-primary"
-                >Learn more &gt;&gt;</a
-              >
-            </p>
-          {% elif object_type == 'reaction' %}
-            <p>
-              A reaction is a specific biotransformation from educt compounds to
-              product compounds.
-              <a
-                target="_blank"
-                href="https://wiki.envipath.org/index.php/reactions"
-                class="link link-primary"
-                >Learn more &gt;&gt;</a
-              >
-            </p>
-          {% elif object_type == 'pathway' %}
-            <p>
-              A pathway displays the (predicted) biodegradation of a compound as
-              graph.
-              <a
-                target="_blank"
-                href="https://wiki.envipath.org/index.php/pathways"
-                class="link link-primary"
-                >Learn more &gt;&gt;</a
-              >
-            </p>
-          {% elif object_type == 'node' %}
+          {% if object_type == 'node' %}
            <p>
              Nodes represent the (predicted) compounds in a graph.
              <a
@ -227,7 +97,7 @@
            </p>
          {% elif object_type == 'edge' %}
            <p>
-              Edges represent the links between Nodes in a graph
+              Edges represent the links between nodes in a graph.
              <a
                target="_blank"
                href="https://wiki.envipath.org/index.php/edges"
@ -235,70 +105,15 @@
                >Learn more &gt;&gt;</a
              >
            </p>
-          {% elif object_type == 'scenario' %}
-            <p>
-              A scenario contains meta-information that can be attached to other
-              data (compounds, rules, ..).
-              <a
-                target="_blank"
-                href="https://wiki.envipath.org/index.php/scenarios"
-                class="link link-primary"
-                >Learn more &gt;&gt;</a
-              >
-            </p>
-          {% elif object_type == 'model' %}
-            <p>
-              A model applies machine learning to limit the combinatorial
-              explosion.
-              <a
-                target="_blank"
-                href="https://wiki.envipath.org/index.php/relative_reasoning"
-                class="link link-primary"
-                >Learn more &gt;&gt;</a
-              >
-            </p>
-          {% elif object_type == 'setting' %}
-            <p>
-              A setting includes configuration parameters for pathway
-              predictions.
-              <a
-                target="_blank"
-                href="https://wiki.envipath.org/index.php/settings"
-                class="link link-primary"
-                >Learn more &gt;&gt;</a
-              >
-            </p>
-          {% elif object_type == 'user' %}
-            <p>
-              Register now to create own packages and to submit and manage your
-              data.
-              <a
-                target="_blank"
-                href="https://wiki.envipath.org/index.php/users"
-                class="link link-primary"
-                >Learn more &gt;&gt;</a
-              >
-            </p>
-          {% elif object_type == 'group' %}
-            <p>
-              Users can team up in groups to share packages.
-              <a
-                target="_blank"
-                href="https://wiki.envipath.org/index.php/groups"
-                class="link link-primary"
-                >Learn more &gt;&gt;</a
-              >
-            </p>
          {% endif %}

-          <!-- If theres nothing to show extend the text above -->
          {% if reviewed_objects and unreviewed_objects %}
            {% if reviewed_objects|length == 0 and unreviewed_objects|length == 0 %}
              <p class="mt-4">
-                Nothing found. There are two possible reasons: <br /><br />1.
-                There is no content yet.<br />2. You have no reading
-                permissions.<br /><br />Please be sure you have at least reading
-                permissions.
+                Nothing found. There are two possible reasons:<br /><br />
+                1. There is no content yet.<br />
+                2. You have no reading permissions.<br /><br />
+                Please ensure you have at least reading permissions.
              </p>
            {% endif %}
          {% endif %}
@ -306,7 +121,7 @@
      </div>
    </div>

-    <!-- Lists Container - Full Width with Reviewed on Right -->
+    <!-- Lists Container -->
    <div class="w-full">
      {% if reviewed_objects %}
        {% if reviewed_objects|length > 0 %}
@ -404,7 +219,7 @@
        >
          <input
            type="checkbox"
-            {% if reviewed_objects|length == 0 or object_type == 'package' %}checked{% endif %}
+            {% if reviewed_objects|length == 0 %}checked{% endif %}
          />
          <div class="collapse-title text-xl font-medium">
            Unreviewed
@ -466,31 +281,6 @@
        </div>
      {% endif %}
    </div>
-
-    {% if objects %}
-      <!-- Unreviewable objects such as User / Group / Setting -->
-      <div class="card bg-base-100">
-        <div class="card-body">
-          <ul class="menu bg-base-200 rounded-box w-full">
-            {% for obj in objects %}
-              {% if object_type == 'user' %}
-                <li>
-                  <a href="{{ obj.url }}" class="hover:bg-base-300"
-                    >{{ obj.username }}</a
-                  >
-                </li>
-              {% else %}
-                <li>
-                  <a href="{{ obj.url }}" class="hover:bg-base-300"
-                    >{{ obj.name }}</a
-                  >
-                </li>
-              {% endif %}
-            {% endfor %}
-          </ul>
-        </div>
-      </div>
-    {% endif %}
  </div>

  <script>
--- a/templates/collections/packages_paginated.html
+++ b/templates/collections/packages_paginated.html
@ -0,0 +1,95 @@
+{% extends "collections/paginated_base.html" %}
+
+{% block page_title %}Packages{% endblock %}
+
+{% block action_button %}
+  {% if meta.can_edit %}
+    <div class="flex items-center gap-2">
+      <button
+        type="button"
+        class="btn btn-primary btn-sm"
+        id="new-package-button"
+        onclick="document.getElementById('new_package_modal').showModal(); return false;"
+      >
+        <svg
+          xmlns="http://www.w3.org/2000/svg"
+          width="24"
+          height="24"
+          viewBox="0 0 24 24"
+          fill="none"
+          stroke="currentColor"
+          stroke-width="2"
+          stroke-linecap="round"
+          stroke-linejoin="round"
+          class="lucide lucide-folder-plus-icon lucide-folder-plus"
+        >
+          <path d="M12 10v6" />
+          <path d="M9 13h6" />
+          <path
+            d="M20 20a2 2 0 0 0 2-2V8a2 2 0 0 0-2-2h-7.9a2 2 0 0 1-1.69-.9L9.6 3.9A2 2 0 0 0 7.93 3H4a2 2 0 0 0-2 2v13a2 2 0 0 0 2 2Z"
+          />
+        </svg>
+      </button>
+      <div class="dropdown dropdown-end">
+        <div tabindex="0" role="button" class="btn btn-sm">
+          Import
+          <svg
+            xmlns="http://www.w3.org/2000/svg"
+            width="16"
+            height="16"
+            viewBox="0 0 24 24"
+            fill="none"
+            stroke="currentColor"
+            stroke-width="2"
+            stroke-linecap="round"
+            stroke-linejoin="round"
+            class="lucide lucide-chevron-down ml-1"
+          >
+            <path d="m6 9 6 6 6-6" />
+          </svg>
+        </div>
+        <ul
+          tabindex="-1"
+          class="dropdown-content menu bg-base-100 rounded-box z-50 w-56 p-2"
+        >
+          <li>
+            <a
+              role="button"
+              onclick="document.getElementById('import_package_modal').showModal(); return false;"
+            >
+              Import Package from JSON
+            </a>
+          </li>
+          <li>
+            <a
+              role="button"
+              onclick="document.getElementById('import_legacy_package_modal').showModal(); return false;"
+            >
+              Import Package from legacy JSON
+            </a>
+          </li>
+        </ul>
+      </div>
+    </div>
+  {% endif %}
+{% endblock action_button %}
+
+{% block action_modals %}
+  {% include "modals/collections/new_package_modal.html" %}
+  {% include "modals/collections/import_package_modal.html" %}
+  {% include "modals/collections/import_legacy_package_modal.html" %}
+{% endblock action_modals %}
+
+{% block description %}
+  <p>
+    A package contains pathways, rules, etc. and can reflect specific
+    experimental conditions.
+  </p>
+  <a
+    target="_blank"
+    href="https://wiki.envipath.org/index.php/packages"
+    class="link link-primary"
+  >
+    Learn more &gt;&gt;
+  </a>
+{% endblock description %}
--- a/templates/collections/paginated_base.html
+++ b/templates/collections/paginated_base.html
@ -0,0 +1,134 @@
+{% extends "framework_modern.html" %}
+{% load static %}
+
+{# List title for empty text - defaults to "items", should be overridden by child templates #}
+{% block list_title %}items{% endblock %}
+
+{% block content %}
+  {% block action_modals %}
+  {% endblock action_modals %}
+
+  <div class="px-8 py-4">
+    <!-- Header Section -->
+    <div class="card bg-base-100">
+      <div class="card-body px-0 py-4">
+        <div class="flex items-center justify-between">
+          <h2 class="card-title text-2xl">
+            {% block page_title %}{{ page_title|default:"Items" }}{% endblock %}
+          </h2>
+          {% block action_button %}
+            {# Can be overridden by including action buttons for entity type #}
+          {% endblock %}
+        </div>
+        <div class="mt-2">
+          {% block description %}
+          {% endblock %}
+        </div>
+      </div>
+    </div>
+
+    {% if list_mode == "combined" %}
+      {# ===== COMBINED MODE: Single list without tabs ===== #}
+      <div
+        class="mt-6 w-full"
+        x-data="remotePaginatedList({
+            endpoint: '{{ api_endpoint }}',
+            instanceId: '{{ entity_type }}_combined',
+            perPage: {{ per_page|default:50 }}
+          })"
+      >
+        {% include "collections/_paginated_list_partial.html" with empty_text=list_title|default:"items" show_review_badge=True %}
+      </div>
+    {% else %}
+      {# ===== TABBED MODE: Reviewed/Unreviewed tabs (default) ===== #}
+      <div
+        class="mt-6 w-full"
+        x-data="{
+          activeTab: 'reviewed',
+          reviewedCount: 0,
+          unreviewedCount: 0,
+          reviewedLoaded: false,
+          unreviewedLoaded: false,
+          updateTabSelection() {
+            // Only auto-select unreviewed tab if both have loaded and there are no reviewed items
+            if (this.reviewedLoaded && this.unreviewedLoaded && this.reviewedCount === 0 && this.unreviewedCount > 0) {
+              this.activeTab = 'unreviewed';
+            }
+          }
+        }"
+      >
+        {# No items found message #}
+        <div
+          x-show="reviewedCount === 0 && unreviewedCount === 0"
+          class="text-base-content/70 py-8 text-center"
+        >
+          <p>No items found.</p>
+        </div>
+
+        {# Tabs Navigation #}
+        <div
+          role="tablist"
+          class="tabs tabs-border"
+          x-show="reviewedCount > 0 || unreviewedCount > 0"
+        >
+          <button
+            role="tab"
+            class="tab"
+            :class="{ 'tab-active': activeTab === 'reviewed' }"
+            @click="activeTab = 'reviewed'"
+            x-show="reviewedCount > 0"
+          >
+            Reviewed
+            <span
+              class="badge badge-xs badge-dash badge-info mb-2 ml-2"
+              x-text="reviewedCount"
+            ></span>
+          </button>
+          <button
+            role="tab"
+            class="tab"
+            :class="{ 'tab-active': activeTab === 'unreviewed' }"
+            @click="activeTab = 'unreviewed'"
+            x-show="unreviewedCount > 0"
+          >
+            Unreviewed
+            <span
+              class="badge badge-xs badge-dash badge-info mb-2 ml-2"
+              x-text="unreviewedCount"
+            ></span>
+          </button>
+        </div>
+
+        {# Reviewed Tab Content #}
+        <div
+          class="mt-6"
+          x-show="activeTab === 'reviewed' && (reviewedCount > 0 || unreviewedCount > 0)"
+          x-data="remotePaginatedList({
+              endpoint: '{{ api_endpoint }}?review_status=true',
+              instanceId: '{{ entity_type }}_reviewed',
+              isReviewed: true,
+              perPage: {{ per_page|default:50 }}
+            })"
+          @items-loaded="reviewedCount = totalItems; reviewedLoaded = true; updateTabSelection()"
+        >
+          {% include "collections/_paginated_list_partial.html" with empty_text="reviewed "|add:list_title|default:"items" show_review_badge=True always_show_badge=True %}
+        </div>
+
+        {# Unreviewed Tab Content #}
+        <div
+          class="mt-6"
+          x-show="activeTab === 'unreviewed' && (reviewedCount > 0 || unreviewedCount > 0)"
+          x-data="remotePaginatedList({
+              endpoint: '{{ api_endpoint }}?review_status=false',
+              instanceId: '{{ entity_type }}_unreviewed',
+              isReviewed: false,
+              perPage: {{ per_page|default:50 }}
+            })"
+          @items-loaded="unreviewedCount = totalItems; unreviewedLoaded = true; updateTabSelection()"
+        >
+          {% include "collections/_paginated_list_partial.html" with empty_text="unreviewed "|add:list_title|default:"items" %}
+        </div>
+      </div>
+    {% endif %}
+  </div>
+{% endblock content %}
--- a/templates/collections/pathways_paginated.html
+++ b/templates/collections/pathways_paginated.html
@ -0,0 +1,29 @@
+{% extends "collections/paginated_base.html" %}
+
+{% block page_title %}Pathways{% endblock %}
+
+{% block action_button %}
+  {% if meta.can_edit %}
+    <div class="flex items-center gap-2">
+      <a
+        class="btn btn-primary btn-sm"
+        href="{% if meta.current_package %}{{ meta.current_package.url }}/predict{% else %}/predict{% endif %}"
+      >
+        New Pathway
+      </a>
+    </div>
+  {% endif %}
+{% endblock action_button %}
+
+{% block description %}
+  <p>
+    A pathway displays the (predicted) biodegradation of a compound as graph.
+  </p>
+  <a
+    target="_blank"
+    href="https://wiki.envipath.org/index.php/pathways"
+    class="link link-primary"
+  >
+    Learn more &gt;&gt;
+  </a>
+{% endblock description %}
--- a/templates/collections/reactions_paginated.html
+++ b/templates/collections/reactions_paginated.html
@ -0,0 +1,33 @@
+{% extends "collections/paginated_base.html" %}
+
+{% block page_title %}Reactions{% endblock %}
+
+{% block action_button %}
+  {% if meta.can_edit %}
+    <button
+      type="button"
+      class="btn btn-primary btn-sm"
+      onclick="document.getElementById('new_reaction_modal').showModal(); return false;"
+    >
+      New Reaction
+    </button>
+  {% endif %}
+{% endblock action_button %}
+
+{% block action_modals %}
+  {% include "modals/collections/new_reaction_modal.html" %}
+{% endblock action_modals %}
+
+{% block description %}
+  <p>
+    A reaction is a specific biotransformation from educt compounds to product
+    compounds.
+  </p>
+  <a
+    target="_blank"
+    href="https://wiki.envipath.org/index.php/reactions"
+    class="link link-primary"
+  >
+    Learn more &gt;&gt;
+  </a>
+{% endblock description %}
--- a/templates/collections/rules_paginated.html
+++ b/templates/collections/rules_paginated.html
@ -0,0 +1,33 @@
+{% extends "collections/paginated_base.html" %}
+
+{% block page_title %}Rules{% endblock %}
+
+{% block action_button %}
+  {% if meta.can_edit %}
+    <button
+      type="button"
+      class="btn btn-primary btn-sm"
+      onclick="document.getElementById('new_rule_modal').showModal(); return false;"
+    >
+      New Rule
+    </button>
+  {% endif %}
+{% endblock action_button %}
+
+{% block action_modals %}
+  {% include "modals/collections/new_rule_modal.html" %}
+{% endblock action_modals %}
+
+{% block description %}
+  <p>
+    A rule describes a biotransformation reaction template that is defined as
+    SMIRKS.
+  </p>
+  <a
+    target="_blank"
+    href="https://wiki.envipath.org/index.php/Rules"
+    class="link link-primary"
+  >
+    Learn more &gt;&gt;
+  </a>
+{% endblock description %}
--- a/templates/collections/scenarios_paginated.html
+++ b/templates/collections/scenarios_paginated.html
@ -0,0 +1,33 @@
+{% extends "collections/paginated_base.html" %}
+
+{% block page_title %}Scenarios{% endblock %}
+
+{% block action_button %}
+  {% if meta.can_edit %}
+    <button
+      type="button"
+      class="btn btn-primary btn-sm"
+      onclick="document.getElementById('new_scenario_modal').showModal(); return false;"
+    >
+      New Scenario
+    </button>
+  {% endif %}
+{% endblock action_button %}
+
+{% block action_modals %}
+  {% include "modals/collections/new_scenario_modal.html" %}
+{% endblock action_modals %}
+
+{% block description %}
+  <p>
+    A scenario contains meta-information that can be attached to other data
+    (compounds, rules, ..).
+  </p>
+  <a
+    target="_blank"
+    href="https://wiki.envipath.org/index.php/scenarios"
+    class="link link-primary"
+  >
+    Learn more &gt;&gt;
+  </a>
+{% endblock description %}
--- a/templates/collections/structures_paginated.html
+++ b/templates/collections/structures_paginated.html
@ -0,0 +1,30 @@
+{% extends "collections/paginated_base.html" %}
+
+{% block page_title %}{{ page_title|default:"Structures" }}{% endblock %}
+
+{% block action_button %}
+  {% if meta.can_edit %}
+    <button
+      type="button"
+      class="btn btn-primary btn-sm"
+      onclick="document.getElementById('new_compound_structure_modal').showModal(); return false;"
+    >
+      New Structure
+    </button>
+  {% endif %}
+{% endblock action_button %}
+
+{% block action_modals %}
+  {# FIXME: New Compound Structure Modal #}
+{% endblock action_modals %}
+
+{% block description %}
+  <p>The structures stored in this compound.</p>
+  <a
+    target="_blank"
+    href="https://wiki.envipath.org/index.php/compounds"
+    class="link link-primary"
+  >
+    Learn more &gt;&gt;
+  </a>
+{% endblock description %}
--- a/templates/components/footer.html
+++ b/templates/components/footer.html
--- a/templates/components/loading-spinner.html
+++ b/templates/components/loading-spinner.html
@ -0,0 +1,11 @@
+<div class="benzene-spinner">
+  <svg viewBox="0 0 1000 1000" xmlns="http://www.w3.org/2000/svg">
+    <path
+      class="hexagon"
+      d="m 758.78924,684.71562 0.65313,-363.85 33.725,0.066 -0.65313,363.85001 z M 201.52187,362.53368 512.50834,173.66181 530.01077,202.48506 219.03091,391.35694 z M 510.83924,841.63056 199.3448,653.59653 216.77465,624.72049 528.2691,812.76111 z M 500,975 85.905556,742.30278 l 0,-474.94722 L 500,24.999998 914.09445,257.64444 l 0,475.00001 z M 124.90833,722.45834 500,936.15556 880.26389,713.69722 l 0,-436.15555 L 500,63.949998 124.90833,286.40833 z"
+      fill="black"
+      stroke="black"
+      stroke-width="2"
+    />
+  </svg>
+</div>
--- a/templates/components/navbar.html
+++ b/templates/components/navbar.html
--- a/templates/framework_modern.html
+++ b/templates/framework_modern.html
@ -68,7 +68,7 @@
    {% endif %}
  </head>
  <body class="bg-base-300 min-h-screen">
-    {% include "includes/navbar.html" %}
+    {% include "components/navbar.html" %}

    {# Main Content Area #}
    <main class="w-full">
@ -128,7 +128,7 @@
      {% endblock main_content %}
    </main>

-    {% include "includes/footer.html" %}
+    {% include "components/footer.html" %}

    {# Floating Help Tab #}
    {% if not public_mode %}
--- a/tests/frontend/test_packagepage.py
+++ b/tests/frontend/test_packagepage.py
@ -37,7 +37,6 @@ class TestPackagePage(EnviPyStaticLiveServerTestCase):
        # Find number of current pathways by extracting it from pathway button
        num_pathways = int(re.search(r"Pathways \((\d+)\)", pathway_button.inner_text()).group(1))
        pathway_button.click()
-        page.get_by_role("button", name="Actions").click()
        page.get_by_role("link", name="New Pathway").click()
        # Check that the predict page 'in [package_name]' text shows the current package
        expect(page.get_by_role("strong").get_by_text("test package")).to_be_visible()
@ -59,8 +58,7 @@ class TestPackagePage(EnviPyStaticLiveServerTestCase):
        """Make a new empty package with name 'test package'"""
        page.get_by_role("button", name="Browse").click()
        page.get_by_role("link", name="Package", exact=True).click()
-        page.get_by_role("button", name="Actions").click()
-        page.get_by_role("button", name="New Package").click()
+        page.locator("#new-package-button").click()
        page.get_by_role("textbox", name="Name").click()
        page.get_by_role("textbox", name="Name").fill("test package")
        page.get_by_role("textbox", name="Description").click()
--- a/uv.lock
+++ b/uv.lock
@ -1,5 +1,5 @@
 version = 1
-revision = 2
+revision = 3
 requires-python = ">=3.12"
 resolution-markers = [
    "sys_platform == 'linux' or sys_platform == 'win32'",
@ -368,6 +368,89 @@ wheels = [
    { url = "https://files.pythonhosted.org/packages/d1/d6/3965ed04c63042e047cb6a3e6ed1a63a35087b6a609aa3a15ed8ac56c221/colorama-0.4.6-py2.py3-none-any.whl", hash = "sha256:4f1d9991f5acc0ca119f9d443620b77f9d6b33703e51011c16baf57afb285fc6", size = 25335, upload-time = "2022-10-25T02:36:20.889Z" },
 ]

+[[package]]
+name = "contextlib2"
+version = "21.6.0"
+source = { registry = "https://pypi.org/simple" }
+sdist = { url = "https://files.pythonhosted.org/packages/c7/13/37ea7805ae3057992e96ecb1cffa2fa35c2ef4498543b846f90dd2348d8f/contextlib2-21.6.0.tar.gz", hash = "sha256:ab1e2bfe1d01d968e1b7e8d9023bc51ef3509bba217bb730cee3827e1ee82869", size = 43795, upload-time = "2021-06-27T06:54:40.841Z" }
+wheels = [
+    { url = "https://files.pythonhosted.org/packages/76/56/6d6872f79d14c0cb02f1646cbb4592eef935857c0951a105874b7b62a0c3/contextlib2-21.6.0-py2.py3-none-any.whl", hash = "sha256:3fbdb64466afd23abaf6c977627b75b6139a5a3e8ce38405c5b413aed7a0471f", size = 13277, upload-time = "2021-06-27T06:54:20.972Z" },
+]
+
+[[package]]
+name = "coverage"
+version = "7.12.0"
+source = { registry = "https://pypi.org/simple" }
+sdist = { url = "https://files.pythonhosted.org/packages/89/26/4a96807b193b011588099c3b5c89fbb05294e5b90e71018e065465f34eb6/coverage-7.12.0.tar.gz", hash = "sha256:fc11e0a4e372cb5f282f16ef90d4a585034050ccda536451901abfb19a57f40c", size = 819341, upload-time = "2025-11-18T13:34:20.766Z" }
+wheels = [
+    { url = "https://files.pythonhosted.org/packages/02/bf/638c0427c0f0d47638242e2438127f3c8ee3cfc06c7fdeb16778ed47f836/coverage-7.12.0-cp312-cp312-macosx_10_13_x86_64.whl", hash = "sha256:29644c928772c78512b48e14156b81255000dcfd4817574ff69def189bcb3647", size = 217704, upload-time = "2025-11-18T13:32:28.906Z" },
+    { url = "https://files.pythonhosted.org/packages/08/e1/706fae6692a66c2d6b871a608bbde0da6281903fa0e9f53a39ed441da36a/coverage-7.12.0-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:8638cbb002eaa5d7c8d04da667813ce1067080b9a91099801a0053086e52b736", size = 218064, upload-time = "2025-11-18T13:32:30.161Z" },
+    { url = "https://files.pythonhosted.org/packages/a9/8b/eb0231d0540f8af3ffda39720ff43cb91926489d01524e68f60e961366e4/coverage-7.12.0-cp312-cp312-manylinux1_i686.manylinux_2_28_i686.manylinux_2_5_i686.whl", hash = "sha256:083631eeff5eb9992c923e14b810a179798bb598e6a0dd60586819fc23be6e60", size = 249560, upload-time = "2025-11-18T13:32:31.835Z" },
+    { url = "https://files.pythonhosted.org/packages/e9/a1/67fb52af642e974d159b5b379e4d4c59d0ebe1288677fbd04bbffe665a82/coverage-7.12.0-cp312-cp312-manylinux1_x86_64.manylinux_2_28_x86_64.manylinux_2_5_x86_64.whl", hash = "sha256:99d5415c73ca12d558e07776bd957c4222c687b9f1d26fa0e1b57e3598bdcde8", size = 252318, upload-time = "2025-11-18T13:32:33.178Z" },
+    { url = "https://files.pythonhosted.org/packages/41/e5/38228f31b2c7665ebf9bdfdddd7a184d56450755c7e43ac721c11a4b8dab/coverage-7.12.0-cp312-cp312-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:e949ebf60c717c3df63adb4a1a366c096c8d7fd8472608cd09359e1bd48ef59f", size = 253403, upload-time = "2025-11-18T13:32:34.45Z" },
+    { url = "https://files.pythonhosted.org/packages/ec/4b/df78e4c8188f9960684267c5a4897836f3f0f20a20c51606ee778a1d9749/coverage-7.12.0-cp312-cp312-manylinux_2_31_riscv64.manylinux_2_39_riscv64.whl", hash = "sha256:6d907ddccbca819afa2cd014bc69983b146cca2735a0b1e6259b2a6c10be1e70", size = 249984, upload-time = "2025-11-18T13:32:35.747Z" },
+    { url = "https://files.pythonhosted.org/packages/ba/51/bb163933d195a345c6f63eab9e55743413d064c291b6220df754075c2769/coverage-7.12.0-cp312-cp312-musllinux_1_2_aarch64.whl", hash = "sha256:b1518ecbad4e6173f4c6e6c4a46e49555ea5679bf3feda5edb1b935c7c44e8a0", size = 251339, upload-time = "2025-11-18T13:32:37.352Z" },
+    { url = "https://files.pythonhosted.org/packages/15/40/c9b29cdb8412c837cdcbc2cfa054547dd83affe6cbbd4ce4fdb92b6ba7d1/coverage-7.12.0-cp312-cp312-musllinux_1_2_i686.whl", hash = "sha256:51777647a749abdf6f6fd8c7cffab12de68ab93aab15efc72fbbb83036c2a068", size = 249489, upload-time = "2025-11-18T13:32:39.212Z" },
+    { url = "https://files.pythonhosted.org/packages/c8/da/b3131e20ba07a0de4437a50ef3b47840dfabf9293675b0cd5c2c7f66dd61/coverage-7.12.0-cp312-cp312-musllinux_1_2_riscv64.whl", hash = "sha256:42435d46d6461a3b305cdfcad7cdd3248787771f53fe18305548cba474e6523b", size = 249070, upload-time = "2025-11-18T13:32:40.598Z" },
+    { url = "https://files.pythonhosted.org/packages/70/81/b653329b5f6302c08d683ceff6785bc60a34be9ae92a5c7b63ee7ee7acec/coverage-7.12.0-cp312-cp312-musllinux_1_2_x86_64.whl", hash = "sha256:5bcead88c8423e1855e64b8057d0544e33e4080b95b240c2a355334bb7ced937", size = 250929, upload-time = "2025-11-18T13:32:42.915Z" },
+    { url = "https://files.pythonhosted.org/packages/a3/00/250ac3bca9f252a5fb1338b5ad01331ebb7b40223f72bef5b1b2cb03aa64/coverage-7.12.0-cp312-cp312-win32.whl", hash = "sha256:dcbb630ab034e86d2a0f79aefd2be07e583202f41e037602d438c80044957baa", size = 220241, upload-time = "2025-11-18T13:32:44.665Z" },
+    { url = "https://files.pythonhosted.org/packages/64/1c/77e79e76d37ce83302f6c21980b45e09f8aa4551965213a10e62d71ce0ab/coverage-7.12.0-cp312-cp312-win_amd64.whl", hash = "sha256:2fd8354ed5d69775ac42986a691fbf68b4084278710cee9d7c3eaa0c28fa982a", size = 221051, upload-time = "2025-11-18T13:32:46.008Z" },
+    { url = "https://files.pythonhosted.org/packages/31/f5/641b8a25baae564f9e52cac0e2667b123de961985709a004e287ee7663cc/coverage-7.12.0-cp312-cp312-win_arm64.whl", hash = "sha256:737c3814903be30695b2de20d22bcc5428fdae305c61ba44cdc8b3252984c49c", size = 219692, upload-time = "2025-11-18T13:32:47.372Z" },
+    { url = "https://files.pythonhosted.org/packages/b8/14/771700b4048774e48d2c54ed0c674273702713c9ee7acdfede40c2666747/coverage-7.12.0-cp313-cp313-macosx_10_13_x86_64.whl", hash = "sha256:47324fffca8d8eae7e185b5bb20c14645f23350f870c1649003618ea91a78941", size = 217725, upload-time = "2025-11-18T13:32:49.22Z" },
+    { url = "https://files.pythonhosted.org/packages/17/a7/3aa4144d3bcb719bf67b22d2d51c2d577bf801498c13cb08f64173e80497/coverage-7.12.0-cp313-cp313-macosx_11_0_arm64.whl", hash = "sha256:ccf3b2ede91decd2fb53ec73c1f949c3e034129d1e0b07798ff1d02ea0c8fa4a", size = 218098, upload-time = "2025-11-18T13:32:50.78Z" },
+    { url = "https://files.pythonhosted.org/packages/fc/9c/b846bbc774ff81091a12a10203e70562c91ae71badda00c5ae5b613527b1/coverage-7.12.0-cp313-cp313-manylinux1_i686.manylinux_2_28_i686.manylinux_2_5_i686.whl", hash = "sha256:b365adc70a6936c6b0582dc38746b33b2454148c02349345412c6e743efb646d", size = 249093, upload-time = "2025-11-18T13:32:52.554Z" },
+    { url = "https://files.pythonhosted.org/packages/76/b6/67d7c0e1f400b32c883e9342de4a8c2ae7c1a0b57c5de87622b7262e2309/coverage-7.12.0-cp313-cp313-manylinux1_x86_64.manylinux_2_28_x86_64.manylinux_2_5_x86_64.whl", hash = "sha256:bc13baf85cd8a4cfcf4a35c7bc9d795837ad809775f782f697bf630b7e200211", size = 251686, upload-time = "2025-11-18T13:32:54.862Z" },
+    { url = "https://files.pythonhosted.org/packages/cc/75/b095bd4b39d49c3be4bffbb3135fea18a99a431c52dd7513637c0762fecb/coverage-7.12.0-cp313-cp313-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:099d11698385d572ceafb3288a5b80fe1fc58bf665b3f9d362389de488361d3d", size = 252930, upload-time = "2025-11-18T13:32:56.417Z" },
+    { url = "https://files.pythonhosted.org/packages/6e/f3/466f63015c7c80550bead3093aacabf5380c1220a2a93c35d374cae8f762/coverage-7.12.0-cp313-cp313-manylinux_2_31_riscv64.manylinux_2_39_riscv64.whl", hash = "sha256:473dc45d69694069adb7680c405fb1e81f60b2aff42c81e2f2c3feaf544d878c", size = 249296, upload-time = "2025-11-18T13:32:58.074Z" },
+    { url = "https://files.pythonhosted.org/packages/27/86/eba2209bf2b7e28c68698fc13437519a295b2d228ba9e0ec91673e09fa92/coverage-7.12.0-cp313-cp313-musllinux_1_2_aarch64.whl", hash = "sha256:583f9adbefd278e9de33c33d6846aa8f5d164fa49b47144180a0e037f0688bb9", size = 251068, upload-time = "2025-11-18T13:32:59.646Z" },
+    { url = "https://files.pythonhosted.org/packages/ec/55/ca8ae7dbba962a3351f18940b359b94c6bafdd7757945fdc79ec9e452dc7/coverage-7.12.0-cp313-cp313-musllinux_1_2_i686.whl", hash = "sha256:b2089cc445f2dc0af6f801f0d1355c025b76c24481935303cf1af28f636688f0", size = 249034, upload-time = "2025-11-18T13:33:01.481Z" },
+    { url = "https://files.pythonhosted.org/packages/7a/d7/39136149325cad92d420b023b5fd900dabdd1c3a0d1d5f148ef4a8cedef5/coverage-7.12.0-cp313-cp313-musllinux_1_2_riscv64.whl", hash = "sha256:950411f1eb5d579999c5f66c62a40961f126fc71e5e14419f004471957b51508", size = 248853, upload-time = "2025-11-18T13:33:02.935Z" },
+    { url = "https://files.pythonhosted.org/packages/fe/b6/76e1add8b87ef60e00643b0b7f8f7bb73d4bf5249a3be19ebefc5793dd25/coverage-7.12.0-cp313-cp313-musllinux_1_2_x86_64.whl", hash = "sha256:b1aab7302a87bafebfe76b12af681b56ff446dc6f32ed178ff9c092ca776e6bc", size = 250619, upload-time = "2025-11-18T13:33:04.336Z" },
+    { url = "https://files.pythonhosted.org/packages/95/87/924c6dc64f9203f7a3c1832a6a0eee5a8335dbe5f1bdadcc278d6f1b4d74/coverage-7.12.0-cp313-cp313-win32.whl", hash = "sha256:d7e0d0303c13b54db495eb636bc2465b2fb8475d4c8bcec8fe4b5ca454dfbae8", size = 220261, upload-time = "2025-11-18T13:33:06.493Z" },
+    { url = "https://files.pythonhosted.org/packages/91/77/dd4aff9af16ff776bf355a24d87eeb48fc6acde54c907cc1ea89b14a8804/coverage-7.12.0-cp313-cp313-win_amd64.whl", hash = "sha256:ce61969812d6a98a981d147d9ac583a36ac7db7766f2e64a9d4d059c2fe29d07", size = 221072, upload-time = "2025-11-18T13:33:07.926Z" },
+    { url = "https://files.pythonhosted.org/packages/70/49/5c9dc46205fef31b1b226a6e16513193715290584317fd4df91cdaf28b22/coverage-7.12.0-cp313-cp313-win_arm64.whl", hash = "sha256:bcec6f47e4cb8a4c2dc91ce507f6eefc6a1b10f58df32cdc61dff65455031dfc", size = 219702, upload-time = "2025-11-18T13:33:09.631Z" },
+    { url = "https://files.pythonhosted.org/packages/9b/62/f87922641c7198667994dd472a91e1d9b829c95d6c29529ceb52132436ad/coverage-7.12.0-cp313-cp313t-macosx_10_13_x86_64.whl", hash = "sha256:459443346509476170d553035e4a3eed7b860f4fe5242f02de1010501956ce87", size = 218420, upload-time = "2025-11-18T13:33:11.153Z" },
+    { url = "https://files.pythonhosted.org/packages/85/dd/1cc13b2395ef15dbb27d7370a2509b4aee77890a464fb35d72d428f84871/coverage-7.12.0-cp313-cp313t-macosx_11_0_arm64.whl", hash = "sha256:04a79245ab2b7a61688958f7a855275997134bc84f4a03bc240cf64ff132abf6", size = 218773, upload-time = "2025-11-18T13:33:12.569Z" },
+    { url = "https://files.pythonhosted.org/packages/74/40/35773cc4bb1e9d4658d4fb669eb4195b3151bef3bbd6f866aba5cd5dac82/coverage-7.12.0-cp313-cp313t-manylinux1_i686.manylinux_2_28_i686.manylinux_2_5_i686.whl", hash = "sha256:09a86acaaa8455f13d6a99221d9654df249b33937b4e212b4e5a822065f12aa7", size = 260078, upload-time = "2025-11-18T13:33:14.037Z" },
+    { url = "https://files.pythonhosted.org/packages/ec/ee/231bb1a6ffc2905e396557585ebc6bdc559e7c66708376d245a1f1d330fc/coverage-7.12.0-cp313-cp313t-manylinux1_x86_64.manylinux_2_28_x86_64.manylinux_2_5_x86_64.whl", hash = "sha256:907e0df1b71ba77463687a74149c6122c3f6aac56c2510a5d906b2f368208560", size = 262144, upload-time = "2025-11-18T13:33:15.601Z" },
+    { url = "https://files.pythonhosted.org/packages/28/be/32f4aa9f3bf0b56f3971001b56508352c7753915345d45fab4296a986f01/coverage-7.12.0-cp313-cp313t-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:9b57e2d0ddd5f0582bae5437c04ee71c46cd908e7bc5d4d0391f9a41e812dd12", size = 264574, upload-time = "2025-11-18T13:33:17.354Z" },
+    { url = "https://files.pythonhosted.org/packages/68/7c/00489fcbc2245d13ab12189b977e0cf06ff3351cb98bc6beba8bd68c5902/coverage-7.12.0-cp313-cp313t-manylinux_2_31_riscv64.manylinux_2_39_riscv64.whl", hash = "sha256:58c1c6aa677f3a1411fe6fb28ec3a942e4f665df036a3608816e0847fad23296", size = 259298, upload-time = "2025-11-18T13:33:18.958Z" },
+    { url = "https://files.pythonhosted.org/packages/96/b4/f0760d65d56c3bea95b449e02570d4abd2549dc784bf39a2d4721a2d8ceb/coverage-7.12.0-cp313-cp313t-musllinux_1_2_aarch64.whl", hash = "sha256:4c589361263ab2953e3c4cd2a94db94c4ad4a8e572776ecfbad2389c626e4507", size = 262150, upload-time = "2025-11-18T13:33:20.644Z" },
+    { url = "https://files.pythonhosted.org/packages/c5/71/9a9314df00f9326d78c1e5a910f520d599205907432d90d1c1b7a97aa4b1/coverage-7.12.0-cp313-cp313t-musllinux_1_2_i686.whl", hash = "sha256:91b810a163ccad2e43b1faa11d70d3cf4b6f3d83f9fd5f2df82a32d47b648e0d", size = 259763, upload-time = "2025-11-18T13:33:22.189Z" },
+    { url = "https://files.pythonhosted.org/packages/10/34/01a0aceed13fbdf925876b9a15d50862eb8845454301fe3cdd1df08b2182/coverage-7.12.0-cp313-cp313t-musllinux_1_2_riscv64.whl", hash = "sha256:40c867af715f22592e0d0fb533a33a71ec9e0f73a6945f722a0c85c8c1cbe3a2", size = 258653, upload-time = "2025-11-18T13:33:24.239Z" },
+    { url = "https://files.pythonhosted.org/packages/8d/04/81d8fd64928acf1574bbb0181f66901c6c1c6279c8ccf5f84259d2c68ae9/coverage-7.12.0-cp313-cp313t-musllinux_1_2_x86_64.whl", hash = "sha256:68b0d0a2d84f333de875666259dadf28cc67858bc8fd8b3f1eae84d3c2bec455", size = 260856, upload-time = "2025-11-18T13:33:26.365Z" },
+    { url = "https://files.pythonhosted.org/packages/f2/76/fa2a37bfaeaf1f766a2d2360a25a5297d4fb567098112f6517475eee120b/coverage-7.12.0-cp313-cp313t-win32.whl", hash = "sha256:73f9e7fbd51a221818fd11b7090eaa835a353ddd59c236c57b2199486b116c6d", size = 220936, upload-time = "2025-11-18T13:33:28.165Z" },
+    { url = "https://files.pythonhosted.org/packages/f9/52/60f64d932d555102611c366afb0eb434b34266b1d9266fc2fe18ab641c47/coverage-7.12.0-cp313-cp313t-win_amd64.whl", hash = "sha256:24cff9d1f5743f67db7ba46ff284018a6e9aeb649b67aa1e70c396aa1b7cb23c", size = 222001, upload-time = "2025-11-18T13:33:29.656Z" },
+    { url = "https://files.pythonhosted.org/packages/77/df/c303164154a5a3aea7472bf323b7c857fed93b26618ed9fc5c2955566bb0/coverage-7.12.0-cp313-cp313t-win_arm64.whl", hash = "sha256:c87395744f5c77c866d0f5a43d97cc39e17c7f1cb0115e54a2fe67ca75c5d14d", size = 220273, upload-time = "2025-11-18T13:33:31.415Z" },
+    { url = "https://files.pythonhosted.org/packages/bf/2e/fc12db0883478d6e12bbd62d481210f0c8daf036102aa11434a0c5755825/coverage-7.12.0-cp314-cp314-macosx_10_15_x86_64.whl", hash = "sha256:a1c59b7dc169809a88b21a936eccf71c3895a78f5592051b1af8f4d59c2b4f92", size = 217777, upload-time = "2025-11-18T13:33:32.86Z" },
+    { url = "https://files.pythonhosted.org/packages/1f/c1/ce3e525d223350c6ec16b9be8a057623f54226ef7f4c2fee361ebb6a02b8/coverage-7.12.0-cp314-cp314-macosx_11_0_arm64.whl", hash = "sha256:8787b0f982e020adb732b9f051f3e49dd5054cebbc3f3432061278512a2b1360", size = 218100, upload-time = "2025-11-18T13:33:34.532Z" },
+    { url = "https://files.pythonhosted.org/packages/15/87/113757441504aee3808cb422990ed7c8bcc2d53a6779c66c5adef0942939/coverage-7.12.0-cp314-cp314-manylinux1_i686.manylinux_2_28_i686.manylinux_2_5_i686.whl", hash = "sha256:5ea5a9f7dc8877455b13dd1effd3202e0bca72f6f3ab09f9036b1bcf728f69ac", size = 249151, upload-time = "2025-11-18T13:33:36.135Z" },
+    { url = "https://files.pythonhosted.org/packages/d9/1d/9529d9bd44049b6b05bb319c03a3a7e4b0a8a802d28fa348ad407e10706d/coverage-7.12.0-cp314-cp314-manylinux1_x86_64.manylinux_2_28_x86_64.manylinux_2_5_x86_64.whl", hash = "sha256:fdba9f15849534594f60b47c9a30bc70409b54947319a7c4fd0e8e3d8d2f355d", size = 251667, upload-time = "2025-11-18T13:33:37.996Z" },
+    { url = "https://files.pythonhosted.org/packages/11/bb/567e751c41e9c03dc29d3ce74b8c89a1e3396313e34f255a2a2e8b9ebb56/coverage-7.12.0-cp314-cp314-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:a00594770eb715854fb1c57e0dea08cce6720cfbc531accdb9850d7c7770396c", size = 253003, upload-time = "2025-11-18T13:33:39.553Z" },
+    { url = "https://files.pythonhosted.org/packages/e4/b3/c2cce2d8526a02fb9e9ca14a263ca6fc074449b33a6afa4892838c903528/coverage-7.12.0-cp314-cp314-manylinux_2_31_riscv64.manylinux_2_39_riscv64.whl", hash = "sha256:5560c7e0d82b42eb1951e4f68f071f8017c824ebfd5a6ebe42c60ac16c6c2434", size = 249185, upload-time = "2025-11-18T13:33:42.086Z" },
+    { url = "https://files.pythonhosted.org/packages/0e/a7/967f93bb66e82c9113c66a8d0b65ecf72fc865adfba5a145f50c7af7e58d/coverage-7.12.0-cp314-cp314-musllinux_1_2_aarch64.whl", hash = "sha256:d6c2e26b481c9159c2773a37947a9718cfdc58893029cdfb177531793e375cfc", size = 251025, upload-time = "2025-11-18T13:33:43.634Z" },
+    { url = "https://files.pythonhosted.org/packages/b9/b2/f2f6f56337bc1af465d5b2dc1ee7ee2141b8b9272f3bf6213fcbc309a836/coverage-7.12.0-cp314-cp314-musllinux_1_2_i686.whl", hash = "sha256:6e1a8c066dabcde56d5d9fed6a66bc19a2883a3fe051f0c397a41fc42aedd4cc", size = 248979, upload-time = "2025-11-18T13:33:46.04Z" },
+    { url = "https://files.pythonhosted.org/packages/f4/7a/bf4209f45a4aec09d10a01a57313a46c0e0e8f4c55ff2965467d41a92036/coverage-7.12.0-cp314-cp314-musllinux_1_2_riscv64.whl", hash = "sha256:f7ba9da4726e446d8dd8aae5a6cd872511184a5d861de80a86ef970b5dacce3e", size = 248800, upload-time = "2025-11-18T13:33:47.546Z" },
+    { url = "https://files.pythonhosted.org/packages/b8/b7/1e01b8696fb0521810f60c5bbebf699100d6754183e6cc0679bf2ed76531/coverage-7.12.0-cp314-cp314-musllinux_1_2_x86_64.whl", hash = "sha256:e0f483ab4f749039894abaf80c2f9e7ed77bbf3c737517fb88c8e8e305896a17", size = 250460, upload-time = "2025-11-18T13:33:49.537Z" },
+    { url = "https://files.pythonhosted.org/packages/71/ae/84324fb9cb46c024760e706353d9b771a81b398d117d8c1fe010391c186f/coverage-7.12.0-cp314-cp314-win32.whl", hash = "sha256:76336c19a9ef4a94b2f8dc79f8ac2da3f193f625bb5d6f51a328cd19bfc19933", size = 220533, upload-time = "2025-11-18T13:33:51.16Z" },
+    { url = "https://files.pythonhosted.org/packages/e2/71/1033629deb8460a8f97f83e6ac4ca3b93952e2b6f826056684df8275e015/coverage-7.12.0-cp314-cp314-win_amd64.whl", hash = "sha256:7c1059b600aec6ef090721f8f633f60ed70afaffe8ecab85b59df748f24b31fe", size = 221348, upload-time = "2025-11-18T13:33:52.776Z" },
+    { url = "https://files.pythonhosted.org/packages/0a/5f/ac8107a902f623b0c251abdb749be282dc2ab61854a8a4fcf49e276fce2f/coverage-7.12.0-cp314-cp314-win_arm64.whl", hash = "sha256:172cf3a34bfef42611963e2b661302a8931f44df31629e5b1050567d6b90287d", size = 219922, upload-time = "2025-11-18T13:33:54.316Z" },
+    { url = "https://files.pythonhosted.org/packages/79/6e/f27af2d4da367f16077d21ef6fe796c874408219fa6dd3f3efe7751bd910/coverage-7.12.0-cp314-cp314t-macosx_10_15_x86_64.whl", hash = "sha256:aa7d48520a32cb21c7a9b31f81799e8eaec7239db36c3b670be0fa2403828d1d", size = 218511, upload-time = "2025-11-18T13:33:56.343Z" },
+    { url = "https://files.pythonhosted.org/packages/67/dd/65fd874aa460c30da78f9d259400d8e6a4ef457d61ab052fd248f0050558/coverage-7.12.0-cp314-cp314t-macosx_11_0_arm64.whl", hash = "sha256:90d58ac63bc85e0fb919f14d09d6caa63f35a5512a2205284b7816cafd21bb03", size = 218771, upload-time = "2025-11-18T13:33:57.966Z" },
+    { url = "https://files.pythonhosted.org/packages/55/e0/7c6b71d327d8068cb79c05f8f45bf1b6145f7a0de23bbebe63578fe5240a/coverage-7.12.0-cp314-cp314t-manylinux1_i686.manylinux_2_28_i686.manylinux_2_5_i686.whl", hash = "sha256:ca8ecfa283764fdda3eae1bdb6afe58bf78c2c3ec2b2edcb05a671f0bba7b3f9", size = 260151, upload-time = "2025-11-18T13:33:59.597Z" },
+    { url = "https://files.pythonhosted.org/packages/49/ce/4697457d58285b7200de6b46d606ea71066c6e674571a946a6ea908fb588/coverage-7.12.0-cp314-cp314t-manylinux1_x86_64.manylinux_2_28_x86_64.manylinux_2_5_x86_64.whl", hash = "sha256:874fe69a0785d96bd066059cd4368022cebbec1a8958f224f0016979183916e6", size = 262257, upload-time = "2025-11-18T13:34:01.166Z" },
+    { url = "https://files.pythonhosted.org/packages/2f/33/acbc6e447aee4ceba88c15528dbe04a35fb4d67b59d393d2e0d6f1e242c1/coverage-7.12.0-cp314-cp314t-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:5b3c889c0b8b283a24d721a9eabc8ccafcfc3aebf167e4cd0d0e23bf8ec4e339", size = 264671, upload-time = "2025-11-18T13:34:02.795Z" },
+    { url = "https://files.pythonhosted.org/packages/87/ec/e2822a795c1ed44d569980097be839c5e734d4c0c1119ef8e0a073496a30/coverage-7.12.0-cp314-cp314t-manylinux_2_31_riscv64.manylinux_2_39_riscv64.whl", hash = "sha256:8bb5b894b3ec09dcd6d3743229dc7f2c42ef7787dc40596ae04c0edda487371e", size = 259231, upload-time = "2025-11-18T13:34:04.397Z" },
+    { url = "https://files.pythonhosted.org/packages/72/c5/a7ec5395bb4a49c9b7ad97e63f0c92f6bf4a9e006b1393555a02dae75f16/coverage-7.12.0-cp314-cp314t-musllinux_1_2_aarch64.whl", hash = "sha256:79a44421cd5fba96aa57b5e3b5a4d3274c449d4c622e8f76882d76635501fd13", size = 262137, upload-time = "2025-11-18T13:34:06.068Z" },
+    { url = "https://files.pythonhosted.org/packages/67/0c/02c08858b764129f4ecb8e316684272972e60777ae986f3865b10940bdd6/coverage-7.12.0-cp314-cp314t-musllinux_1_2_i686.whl", hash = "sha256:33baadc0efd5c7294f436a632566ccc1f72c867f82833eb59820ee37dc811c6f", size = 259745, upload-time = "2025-11-18T13:34:08.04Z" },
+    { url = "https://files.pythonhosted.org/packages/5a/04/4fd32b7084505f3829a8fe45c1a74a7a728cb251aaadbe3bec04abcef06d/coverage-7.12.0-cp314-cp314t-musllinux_1_2_riscv64.whl", hash = "sha256:c406a71f544800ef7e9e0000af706b88465f3573ae8b8de37e5f96c59f689ad1", size = 258570, upload-time = "2025-11-18T13:34:09.676Z" },
+    { url = "https://files.pythonhosted.org/packages/48/35/2365e37c90df4f5342c4fa202223744119fe31264ee2924f09f074ea9b6d/coverage-7.12.0-cp314-cp314t-musllinux_1_2_x86_64.whl", hash = "sha256:e71bba6a40883b00c6d571599b4627f50c360b3d0d02bfc658168936be74027b", size = 260899, upload-time = "2025-11-18T13:34:11.259Z" },
+    { url = "https://files.pythonhosted.org/packages/05/56/26ab0464ca733fa325e8e71455c58c1c374ce30f7c04cebb88eabb037b18/coverage-7.12.0-cp314-cp314t-win32.whl", hash = "sha256:9157a5e233c40ce6613dead4c131a006adfda70e557b6856b97aceed01b0e27a", size = 221313, upload-time = "2025-11-18T13:34:12.863Z" },
+    { url = "https://files.pythonhosted.org/packages/da/1c/017a3e1113ed34d998b27d2c6dba08a9e7cb97d362f0ec988fcd873dcf81/coverage-7.12.0-cp314-cp314t-win_amd64.whl", hash = "sha256:e84da3a0fd233aeec797b981c51af1cabac74f9bd67be42458365b30d11b5291", size = 222423, upload-time = "2025-11-18T13:34:15.14Z" },
+    { url = "https://files.pythonhosted.org/packages/4c/36/bcc504fdd5169301b52568802bb1b9cdde2e27a01d39fbb3b4b508ab7c2c/coverage-7.12.0-cp314-cp314t-win_arm64.whl", hash = "sha256:01d24af36fedda51c2b1aca56e4330a3710f83b02a5ff3743a6b015ffa7c9384", size = 220459, upload-time = "2025-11-18T13:34:17.222Z" },
+    { url = "https://files.pythonhosted.org/packages/ce/a3/43b749004e3c09452e39bb56347a008f0a0668aad37324a99b5c8ca91d9e/coverage-7.12.0-py3-none-any.whl", hash = "sha256:159d50c0b12e060b15ed3d39f87ed43d4f7f7ad40b8a534f4dd331adbb51104a", size = 209503, upload-time = "2025-11-18T13:34:18.892Z" },
+]
+
 [[package]]
 name = "cryptography"
 version = "46.0.2"
@ -473,15 +556,31 @@ wheels = [

 [[package]]
 name = "django-ninja"
-version = "1.4.3"
+version = "1.5.0"
 source = { registry = "https://pypi.org/simple" }
 dependencies = [
    { name = "django" },
    { name = "pydantic" },
 ]
-sdist = { url = "https://files.pythonhosted.org/packages/cd/1a/f0d051f54375cfd2310f803925993fdc4172e41e627d63ece48194b07892/django_ninja-1.4.3.tar.gz", hash = "sha256:e46d477ca60c228d2a5eb3cc912094928ea830d364501f966661eeada67cb038", size = 3709571, upload-time = "2025-06-04T15:11:13.408Z" }
+sdist = { url = "https://files.pythonhosted.org/packages/cc/12/4f3d739994b15a5af7da9b028ddad6bbb2f6634b5b1f0fc19e6e29ccacad/django_ninja-1.5.0.tar.gz", hash = "sha256:181bc8266a684be8c4cdd8f555d8ccbbc72e9fad86a5928ddccdd13faf73a1c5", size = 3725725, upload-time = "2025-11-13T17:58:02.502Z" }
 wheels = [
-    { url = "https://files.pythonhosted.org/packages/08/ec/0cfa9b817f048cdec354354ae0569d7c0fd63907e5b1f927a7ee04a18635/django_ninja-1.4.3-py3-none-any.whl", hash = "sha256:f3204137a059437b95677049474220611f1cf9efedba9213556474b75168fa01", size = 2426185, upload-time = "2025-06-04T15:11:11.314Z" },
+    { url = "https://files.pythonhosted.org/packages/e6/51/86968a38f074a56a675d72d470dce9405c9ddb53856c1686ca5e2ba44f81/django_ninja-1.5.0-py3-none-any.whl", hash = "sha256:e305fc42588406a202d4479263b501813ec863a3a4e11cb091fb905ecdf9bc62", size = 2428939, upload-time = "2025-11-13T17:57:59.967Z" },
+]
+
+[[package]]
+name = "django-ninja-extra"
+version = "0.30.6"
+source = { registry = "https://pypi.org/simple" }
+dependencies = [
+    { name = "asgiref" },
+    { name = "contextlib2" },
+    { name = "django" },
+    { name = "django-ninja" },
+    { name = "injector" },
+]
+sdist = { url = "https://files.pythonhosted.org/packages/28/2c/a387efc591ec80b7ad001162211952cb73c5f07bb50bc80716fa25a28437/django_ninja_extra-0.30.6.tar.gz", hash = "sha256:d16b10c84b9ff11f71a58878fe944ef03e9d8c436001b11b65e07d5183815f70", size = 56846, upload-time = "2025-11-22T11:16:30.5Z" }
+wheels = [
+    { url = "https://files.pythonhosted.org/packages/e5/22/f62c4fe6239e6a0abda3e04d9c2d8ba2320bcfdbb56011e425fcb03db521/django_ninja_extra-0.30.6-py3-none-any.whl", hash = "sha256:0b581e301909a06777144c14a5d520b594d042d358a9c918c3d0a608bb270bfa", size = 76596, upload-time = "2025-11-22T11:16:29.102Z" },
 ]

 [[package]]
@ -562,6 +661,7 @@ dependencies = [
    { name = "django-extensions" },
    { name = "django-model-utils" },
    { name = "django-ninja" },
+    { name = "django-ninja-extra" },
    { name = "django-oauth-toolkit" },
    { name = "django-polymorphic" },
    { name = "enviformer" },
@ -589,6 +689,7 @@ dev = [
    { name = "django-stubs" },
    { name = "poethepoet" },
    { name = "pre-commit" },
+    { name = "pytest-cov" },
    { name = "pytest-django" },
    { name = "pytest-playwright" },
    { name = "ruff" },
@ -604,7 +705,8 @@ requires-dist = [
    { name = "django", specifier = ">=5.2.1" },
    { name = "django-extensions", specifier = ">=4.1" },
    { name = "django-model-utils", specifier = ">=5.0.0" },
-    { name = "django-ninja", specifier = ">=1.4.1" },
+    { name = "django-ninja", specifier = ">=1.4.5" },
+    { name = "django-ninja-extra", specifier = ">=0.30.6" },
    { name = "django-oauth-toolkit", specifier = ">=3.0.1" },
    { name = "django-polymorphic", specifier = ">=4.1.0" },
    { name = "django-stubs", marker = "extra == 'dev'", specifier = ">=5.2.4" },
@ -621,6 +723,7 @@ requires-dist = [
    { name = "polars", specifier = "==1.35.1" },
    { name = "pre-commit", marker = "extra == 'dev'", specifier = ">=4.3.0" },
    { name = "psycopg2-binary", specifier = ">=2.9.10" },
+    { name = "pytest-cov", marker = "extra == 'dev'", specifier = ">=7.0.0" },
    { name = "pytest-django", marker = "extra == 'dev'", specifier = ">=4.11.1" },
    { name = "pytest-playwright", marker = "extra == 'dev'", specifier = ">=0.7.1" },
    { name = "python-dotenv", specifier = ">=1.1.0" },
@ -858,6 +961,15 @@ wheels = [
    { url = "https://files.pythonhosted.org/packages/cb/b1/3846dd7f199d53cb17f49cba7e651e9ce294d8497c8c150530ed11865bb8/iniconfig-2.3.0-py3-none-any.whl", hash = "sha256:f631c04d2c48c52b84d0d0549c99ff3859c98df65b3101406327ecc7d53fbf12", size = 7484, upload-time = "2025-10-18T21:55:41.639Z" },
 ]

+[[package]]
+name = "injector"
+version = "0.23.0"
+source = { registry = "https://pypi.org/simple" }
+sdist = { url = "https://files.pythonhosted.org/packages/1f/f5/060088d45fd57db2e2164ae289a96066d3e48320c0c99bba5e50eb245d22/injector-0.23.0.tar.gz", hash = "sha256:7e59db84faa5358474c8ee05abca6ab6bd02519fbefcf175e0b230ee7d2d4bac", size = 55720, upload-time = "2025-12-01T15:16:31.037Z" }
+wheels = [
+    { url = "https://files.pythonhosted.org/packages/54/52/2e771b1acc010f0351e703d524702db72b80ad8b375dccac8488ccc02a61/injector-0.23.0-py2.py3-none-any.whl", hash = "sha256:86ab389805b4aaabfe235b2b2b85ff515af4d0209faccf1d60de2872c92c1fa0", size = 21483, upload-time = "2025-12-01T15:16:29.664Z" },
+]
+
 [[package]]
 name = "jinja2"
 version = "3.1.6"
@ -1904,6 +2016,20 @@ wheels = [
    { url = "https://files.pythonhosted.org/packages/98/1c/b00940ab9eb8ede7897443b771987f2f4a76f06be02f1b3f01eb7567e24a/pytest_base_url-2.1.0-py3-none-any.whl", hash = "sha256:3ad15611778764d451927b2a53240c1a7a591b521ea44cebfe45849d2d2812e6", size = 5302, upload-time = "2024-01-31T22:42:58.897Z" },
 ]

+[[package]]
+name = "pytest-cov"
+version = "7.0.0"
+source = { registry = "https://pypi.org/simple" }
+dependencies = [
+    { name = "coverage" },
+    { name = "pluggy" },
+    { name = "pytest" },
+]
+sdist = { url = "https://files.pythonhosted.org/packages/5e/f7/c933acc76f5208b3b00089573cf6a2bc26dc80a8aece8f52bb7d6b1855ca/pytest_cov-7.0.0.tar.gz", hash = "sha256:33c97eda2e049a0c5298e91f519302a1334c26ac65c1a483d6206fd458361af1", size = 54328, upload-time = "2025-09-09T10:57:02.113Z" }
+wheels = [
+    { url = "https://files.pythonhosted.org/packages/ee/49/1377b49de7d0c1ce41292161ea0f721913fa8722c19fb9c1e3aa0367eecb/pytest_cov-7.0.0-py3-none-any.whl", hash = "sha256:3b8e9558b16cc1479da72058bdecf8073661c7f57f7d3c5f22a1c23507f2d861", size = 22424, upload-time = "2025-09-09T10:57:00.695Z" },
+]
+
 [[package]]
 name = "pytest-django"
 version = "4.11.1"