[Feature] Prediction settings list on User page (#276 )

I have added a list of other prediction settings to the User page and a way to change a setting to the default. <img width="500" alt="{4EFA1273-E53A-4333-948B-8AE3597821A8}.png" src="attachments/048fdc83-1c3e-41d2-a59b-44b0337a05bf"> Co-authored-by: Tim Lorsbach <tim@lorsba.ch> Reviewed-on: enviPath/enviPy#276 Reviewed-by: jebus <lorsbach@envipath.com> Co-authored-by: Liam Brydon <lbry121@aucklanduni.ac.nz> Co-committed-by: Liam Brydon <lbry121@aucklanduni.ac.nz>
[Feature] Threshold Warning + Cosmetics (#277 )
2025-12-20 03:19:31 +13:00 · 2025-12-20 02:11:47 +13:00 · 2025-12-20 01:26:25 +13:00 · 2025-12-20 00:26:23 +13:00 · 2025-12-19 23:03:02 +13:00 · 2025-12-17 23:06:58 +13:00
22797 changed files with 4752897 additions and 39 deletions
--- a/.env.local.example
+++ b/.env.local.example
@ -0,0 +1,35 @@
+# Django settings
+SECRET_KEY='a-secure-secret-key-for-development'
+DEBUG=True
+ALLOWED_HOSTS=*
+
+# Database settings (using PostgreSQL for local development)
+POSTGRES_USER=postgres
+POSTGRES_PASSWORD=postgres
+POSTGRES_DB=envipath
+POSTGRES_SERVICE_NAME=localhost
+POSTGRES_PORT=5432
+
+# Celery settings
+CELERY_BROKER_URL='redis://localhost:6379/0'
+CELERY_RESULT_BACKEND='redis://localhost:6379/0'
+FLAG_CELERY_PRESENT=False
+
+# Other settings
+LOG_LEVEL='INFO'
+SERVER_URL='http://localhost:8000'
+PLUGINS_ENABLED=True
+EP_DATA_DIR='data'
+EMAIL_HOST_USER='admin@envipath.com'
+EMAIL_HOST_PASSWORD='dummy-password'
+
+DEFAULT_FROM_EMAIL="test@test.com"
+SERVER_EMAIL='test@test.com'
+
+# Testing settings VScode
+DJANGO_SETTINGS_MODULE='envipath.settings'
+MANAGE_PY_PATH='./manage.py'
+
+APPLICABILITY_DOMAIN_ENABLED=True
+ENVIFORMER_PRESENT=True
+MODEL_BUILDING_ENABLED=True
--- a/.env.prod.example
+++ b/.env.prod.example
@ -0,0 +1,20 @@
+# settings.py
+EP_DATA_DIR=
+ALLOWED_HOSTS=
+DEBUG=
+LOG_LEVEL=
+ENVIFORMER_PRESENT=
+FLAG_CELERY_PRESENT=
+SERVER_URL=
+PLUGINS_ENABLED=
+# DB
+POSTGRES_SERVICE_NAME=
+POSTGRES_DB=
+POSTGRES_USER=
+POSTGRES_PASSWORD=
+POSTGRES_PORT=
+# MAIL
+EMAIL_HOST_USER=
+EMAIL_HOST_PASSWORD=
+# MATOMO
+MATOMO_SITE_ID
--- a/.gitea/actions/setup-envipy/action.yaml
+++ b/.gitea/actions/setup-envipy/action.yaml
@ -0,0 +1,72 @@
+name: 'Setup enviPy Environment'
+description: 'Shared setup for enviPy CI - installs dependencies and prepares environment'
+
+inputs:
+  skip-frontend:
+    description: 'Skip frontend build steps (pnpm, tailwind)'
+    required: false
+    default: 'false'
+  skip-playwright:
+    description: 'Skip Playwright installation'
+    required: false
+    default: 'false'
+  ssh-private-key:
+    description: 'SSH private key for git access'
+    required: true
+  run-migrations:
+    description: 'Run Django migrations after setup'
+    required: false
+    default: 'true'
+
+runs:
+  using: "composite"
+  steps:
+    - name: Setup ssh
+      shell: bash
+      run: |
+        mkdir -p ~/.ssh
+        echo "${{ inputs.ssh-private-key }}" > ~/.ssh/id_ed25519
+        chmod 600 ~/.ssh/id_ed25519
+        ssh-keyscan git.envipath.com >> ~/.ssh/known_hosts
+        eval $(ssh-agent -s)
+        ssh-add ~/.ssh/id_ed25519
+
+    - name: Setup Python venv
+      shell: bash
+      run: |
+        uv sync --locked --all-extras --dev
+
+    - name: Install Playwright
+      if: inputs.skip-playwright == 'false'
+      shell: bash
+      run: |
+        source .venv/bin/activate
+        playwright install --with-deps
+
+    - name: Build Frontend
+      if: inputs.skip-frontend == 'false'
+      shell: bash
+      run: |
+        uv run python scripts/pnpm_wrapper.py install
+        cat << 'EOF' > pnpm-workspace.yaml
+        onlyBuiltDependencies:
+          - '@parcel/watcher'
+          - '@tailwindcss/oxide'
+        EOF
+        uv run python scripts/pnpm_wrapper.py run build
+
+    - name: Wait for Postgres
+      shell: bash
+      run: |
+        until pg_isready -h postgres -U ${{ env.POSTGRES_USER }}; do
+          echo "Waiting for postgres..."
+          sleep 2
+        done
+        echo "Postgres is ready!"
+
+    - name: Run Django Migrations
+      if: inputs.run-migrations == 'true'
+      shell: bash
+      run: |
+        source .venv/bin/activate
+        python manage.py migrate --noinput
--- a/.gitea/docker/Dockerfile.ci
+++ b/.gitea/docker/Dockerfile.ci
@ -0,0 +1,53 @@
+# Custom CI Docker image for Gitea runners
+# Pre-installs Node.js 24, pnpm 10, uv, and system dependencies
+# to eliminate setup time in CI workflows
+
+FROM ubuntu:24.04
+
+# Prevent interactive prompts during package installation
+ENV DEBIAN_FRONTEND=noninteractive
+
+# Install system dependencies
+RUN apt-get update && \
+    apt-get install -y \
+      postgresql-client \
+      redis-tools \
+      openjdk-11-jre-headless \
+      curl \
+      ca-certificates \
+      gnupg \
+      lsb-release \
+      git \
+      ssh \
+      libxrender1 \
+      libxext6 \
+      libfontconfig1 \
+      libfreetype6 \
+      libcairo2 \
+      libglib2.0-0t64 \
+      && rm -rf /var/lib/apt/lists/*
+
+# Install Node.js 24 via NodeSource
+RUN curl -fsSL https://deb.nodesource.com/setup_24.x | bash - && \
+    apt-get install -y nodejs && \
+    rm -rf /var/lib/apt/lists/*
+
+# Enable corepack and install pnpm 10
+RUN corepack enable && \
+    corepack prepare pnpm@10 --activate
+
+# Install uv https://docs.astral.sh/uv/guides/integration/docker/#available-images
+COPY --from=ghcr.io/astral-sh/uv:latest /uv /uvx /bin/
+ENV PATH="/root/.cargo/bin:${PATH}"
+
+# Verify installations
+RUN node --version && \
+    npm --version && \
+    pnpm --version && \
+    uv --version && \
+    pg_isready --version && \
+    redis-cli --version && \
+    java -version
+
+# Set working directory
+WORKDIR /workspace
--- a/.gitea/workflows/api-ci.yaml
+++ b/.gitea/workflows/api-ci.yaml
@ -0,0 +1,86 @@
+name: API CI
+
+on:
+  pull_request:
+    branches:
+      - develop
+    paths:
+      - 'epapi/**'
+      - 'epdb/models.py'  # API depends on models
+      - 'epdb/logic.py'   # API depends on business logic
+      - 'tests/fixtures/**'  # API tests use fixtures
+  workflow_dispatch:
+
+jobs:
+  api-tests:
+    if: ${{ !contains(gitea.event.pull_request.title, 'WIP') }}
+    runs-on: ubuntu-latest
+    container:
+      image: git.envipath.com/envipath/envipy-ci:latest
+
+    services:
+      postgres:
+        image: postgres:16
+        env:
+          POSTGRES_USER: ${{ vars.POSTGRES_USER }}
+          POSTGRES_PASSWORD: ${{ secrets.POSTGRES_PASSWORD }}
+          POSTGRES_DB: ${{ vars.POSTGRES_DB }}
+        ports:
+          - ${{ vars.POSTGRES_PORT}}:5432
+        options: >-
+          --health-cmd="pg_isready -U postgres"
+          --health-interval=10s
+          --health-timeout=5s
+          --health-retries=5
+
+    env:
+      RUNNER_TOOL_CACHE: /toolcache
+      EP_DATA_DIR: /opt/enviPy/
+      ALLOWED_HOSTS: 127.0.0.1,localhost
+      DEBUG: True
+      LOG_LEVEL: INFO
+      MODEL_BUILDING_ENABLED: True
+      APPLICABILITY_DOMAIN_ENABLED: True
+      ENVIFORMER_PRESENT: True
+      ENVIFORMER_DEVICE: cpu
+      FLAG_CELERY_PRESENT: False
+      PLUGINS_ENABLED: True
+      SERVER_URL: http://localhost:8000
+      ADMIN_APPROVAL_REQUIRED: True
+      REGISTRATION_MANDATORY: True
+      LOG_DIR: ''
+      # DB
+      POSTGRES_SERVICE_NAME: postgres
+      POSTGRES_DB: ${{ vars.POSTGRES_DB }}
+      POSTGRES_USER: ${{ vars.POSTGRES_USER }}
+      POSTGRES_PASSWORD: ${{ secrets.POSTGRES_PASSWORD }}
+      POSTGRES_PORT: 5432
+      # SENTRY
+      SENTRY_ENABLED: False
+      # MS ENTRA
+      MS_ENTRA_ENABLED: False
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      # Use shared setup action - skips frontend builds for API-only tests
+      - name: Setup enviPy Environment
+        uses: ./.gitea/actions/setup-envipy
+        with:
+          skip-frontend: 'true'
+          skip-playwright: 'false'
+          ssh-private-key: ${{ secrets.ENVIPY_CI_PRIVATE_KEY }}
+          run-migrations: 'true'
+
+      - name: Run API tests
+        run: |
+          .venv/bin/python manage.py test epapi -v 2
+
+      - name: Test API endpoints availability
+        run: |
+          .venv/bin/python manage.py runserver 0.0.0.0:8000 &
+          SERVER_PID=$!
+          sleep 5
+          curl -f http://localhost:8000/api/v1/docs || echo "API docs not available"
+          kill $SERVER_PID
--- a/.gitea/workflows/build-ci-image.yaml
+++ b/.gitea/workflows/build-ci-image.yaml
@ -0,0 +1,48 @@
+name: Build CI Docker Image
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - develop
+      - main
+    paths:
+      - '.gitea/docker/Dockerfile.ci'
+      - '.gitea/workflows/build-ci-image.yaml'
+
+jobs:
+  build-and-push:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to container registry
+        uses: docker/login-action@v3
+        with:
+          registry: git.envipath.com
+          username: ${{ secrets.CI_REGISTRY_USER }}
+          password: ${{ secrets.CI_REGISTRY_PASSWORD }}
+
+      - name: Extract metadata
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: git.envipath.com/envipath/envipy-ci
+          tags: |
+            type=raw,value=latest
+            type=sha,prefix={{branch}}-
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: .gitea/docker/Dockerfile.ci
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=registry,ref=git.envipath.com/envipath/envipy-ci:latest
+          cache-to: type=inline
--- a/.gitea/workflows/ci.yaml
+++ b/.gitea/workflows/ci.yaml
@ -0,0 +1,87 @@
+name: CI
+
+on:
+  pull_request:
+    branches:
+      - develop
+  workflow_dispatch:
+
+jobs:
+  test:
+    if: ${{ !contains(gitea.event.pull_request.title, 'WIP') }}
+    runs-on: ubuntu-latest
+    container:
+      image: git.envipath.com/envipath/envipy-ci:latest
+
+    services:
+      postgres:
+        image: postgres:16
+        env:
+          POSTGRES_USER: ${{ vars.POSTGRES_USER }}
+          POSTGRES_PASSWORD: ${{ secrets.POSTGRES_PASSWORD }}
+          POSTGRES_DB: ${{ vars.POSTGRES_DB }}
+        ports:
+          - ${{ vars.POSTGRES_PORT}}:5432
+        options: >-
+          --health-cmd="pg_isready -U postgres"
+          --health-interval=10s
+          --health-timeout=5s
+          --health-retries=5
+
+      #redis:
+      #  image: redis:7
+      #  ports:
+      #    - 6379:6379
+      #  options: >-
+      #    --health-cmd "redis-cli ping"
+      #    --health-interval=10s
+      #    --health-timeout=5s
+      #    --health-retries=5
+
+    env:
+      RUNNER_TOOL_CACHE: /toolcache
+      EP_DATA_DIR: /opt/enviPy/
+      ALLOWED_HOSTS: 127.0.0.1,localhost
+      DEBUG: True
+      LOG_LEVEL: INFO
+      MODEL_BUILDING_ENABLED: True
+      APPLICABILITY_DOMAIN_ENABLED: True
+      ENVIFORMER_PRESENT: True
+      ENVIFORMER_DEVICE: cpu
+      FLAG_CELERY_PRESENT: False
+      PLUGINS_ENABLED: True
+      SERVER_URL: http://localhost:8000
+      ADMIN_APPROVAL_REQUIRED: True
+      REGISTRATION_MANDATORY: True
+      LOG_DIR: ''
+      # DB
+      POSTGRES_SERVICE_NAME: postgres
+      POSTGRES_DB: ${{ vars.POSTGRES_DB }}
+      POSTGRES_USER: ${{ vars.POSTGRES_USER }}
+      POSTGRES_PASSWORD: ${{ secrets.POSTGRES_PASSWORD }}
+      POSTGRES_PORT: 5432
+      # SENTRY
+      SENTRY_ENABLED: False
+      # MS ENTRA
+      MS_ENTRA_ENABLED: False
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      # Use shared setup action - includes all dependencies and migrations
+      - name: Setup enviPy Environment
+        uses: ./.gitea/actions/setup-envipy
+        with:
+          skip-frontend: 'false'
+          skip-playwright: 'false'
+          ssh-private-key: ${{ secrets.ENVIPY_CI_PRIVATE_KEY }}
+          run-migrations: 'true'
+
+      - name: Run frontend tests
+        run: |
+          .venv/bin/python manage.py test --tag frontend
+
+      - name: Run Django tests
+        run: |
+          .venv/bin/python manage.py test tests --exclude-tag slow --exclude-tag frontend
--- a/.gitignore
+++ b/.gitignore
@ -1,7 +1,11 @@
-# ---> Python
+
+
+
+### Python ###
+
 # Byte-compiled / optimized / DLL files
 __pycache__/
-*.py[cod]
+*.py[codz]
 *$py.class

 # C extensions
@ -47,7 +51,7 @@ htmlcov/
 nosetests.xml
 coverage.xml
 *.cover
-*.py,cover
+*.py.cover
 .hypothesis/
 .pytest_cache/
 cover/
@ -61,6 +65,8 @@ cover/
 local_settings.py
 db.sqlite3
 db.sqlite3-journal
+static/admin/
+static/django_extensions/

 # Flask stuff:
 instance/
@ -83,41 +89,23 @@ target/
 profile_default/
 ipython_config.py

-# pyenv
-#   For a library or package, you might want to ignore these files since the code is
-#   intended to run in multiple environments; otherwise, check them in:
-# .python-version
-
-# pipenv
-#   According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
-#   However, in case of collaboration, if having platform-specific dependencies or dependencies
-#   having no cross-platform support, pipenv may install dependencies that don't work, or not
-#   install all needed dependencies.
-#Pipfile.lock
-
-# UV
-#   Similar to Pipfile.lock, it is generally recommended to include uv.lock in version control.
-#   This is especially recommended for binary packages to ensure reproducibility, and is more
-#   commonly ignored for libraries.
-#uv.lock
-
-# poetry
-#   Similar to Pipfile.lock, it is generally recommended to include poetry.lock in version control.
-#   This is especially recommended for binary packages to ensure reproducibility, and is more
-#   commonly ignored for libraries.
-#   https://python-poetry.org/docs/basic-usage/#commit-your-poetrylock-file-to-version-control
-#poetry.lock

 # pdm
 #   Similar to Pipfile.lock, it is generally recommended to include pdm.lock in version control.
-#pdm.lock
-#   pdm stores project-wide configurations in .pdm.toml, but it is recommended to not include it
-#   in version control.
-#   https://pdm.fming.dev/latest/usage/project/#working-with-version-control
-.pdm.toml
+#   pdm recommends including project-wide configuration in pdm.toml, but excluding .pdm-python.
+#   https://pdm-project.org/en/latest/usage/project/#working-with-version-control
+# pdm.lock
+# pdm.toml
 .pdm-python
 .pdm-build/

+# pixi
+#   Similar to Pipfile.lock, it is generally recommended to include pixi.lock in version control.
+# pixi.lock
+#   Pixi creates a virtual environment in the .pixi directory, just like venv module creates one
+#   in the .venv directory. It is recommended not to include this directory in version control.
+.pixi
+
 # PEP 582; used by e.g. github.com/David-OConnor/pyflow and github.com/pdm-project/pdm
 __pypackages__/

@ -125,11 +113,25 @@ __pypackages__/
 celerybeat-schedule
 celerybeat.pid

+# Redis
+*.rdb
+*.aof
+*.pid
+
+# RabbitMQ
+mnesia/
+rabbitmq/
+rabbitmq-data/
+
+# ActiveMQ
+activemq-data/
+
 # SageMath parsed files
 *.sage.py

 # Environments
 .env
+.envrc
 .venv
 env/
 venv/
@ -166,11 +168,208 @@ cython_debug/
 #   be found at https://github.com/github/gitignore/blob/main/Global/JetBrains.gitignore
 #   and can be added to the global gitignore or merged into this file.  For a more nuclear
 #   option (not recommended) you can uncomment the following to ignore the entire idea folder.
-#.idea/
+.idea/
+
+# Abstra
+#   Abstra is an AI-powered process automation framework.
+#   Ignore directories containing user credentials, local state, and settings.
+#   Learn more at https://abstra.io/docs
+.abstra/
+
+# Visual Studio Code
+#   Visual Studio Code specific template is maintained in a separate VisualStudioCode.gitignore
+#   that can be found at https://github.com/github/gitignore/blob/main/Global/VisualStudioCode.gitignore
+#   and can be added to the global gitignore or merged into this file. However, if you prefer,
+#   you could uncomment the following to ignore the entire vscode folder
+.vscode/
+*.code-workspace

 # Ruff stuff:
 .ruff_cache/

+# UV cache
+.uv-cache/
+
 # PyPI configuration file
 .pypirc

+# Marimo
+marimo/_static/
+marimo/_lsp/
+__marimo__/
+
+# Streamlit
+.streamlit/secrets.toml
+
+### Agents ###
+.claude/
+.codex/
+.cursor/
+.github/prompts/
+.junie/
+.windsurf/
+
+AGENTS.md
+CLAUDE.md
+GEMINI.md
+.aider.*
+
+### Node.js ###
+
+# Logs
+logs
+*.log
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+lerna-debug.log*
+
+# Diagnostic reports (https://nodejs.org/api/report.html)
+report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json
+
+# Runtime data
+pids
+*.pid
+*.seed
+*.pid.lock
+
+# Directory for instrumented libs generated by jscoverage/JSCover
+lib-cov
+
+# Coverage directory used by tools like istanbul
+coverage
+*.lcov
+
+# nyc test coverage
+.nyc_output
+
+# Grunt intermediate storage (https://gruntjs.com/creating-plugins#storing-task-files)
+.grunt
+
+# Bower dependency directory (https://bower.io/)
+bower_components
+
+# node-waf configuration
+.lock-wscript
+
+# Compiled binary addons (https://nodejs.org/api/addons.html)
+build/Release
+
+# Dependency directories
+node_modules/
+jspm_packages/
+
+# Snowpack dependency directory (https://snowpack.dev/)
+web_modules/
+
+# TypeScript cache
+*.tsbuildinfo
+
+# Optional npm cache directory
+.npm
+
+# Optional eslint cache
+.eslintcache
+
+# Optional stylelint cache
+.stylelintcache
+
+# Optional REPL history
+.node_repl_history
+
+# Output of 'npm pack'
+*.tgz
+
+# Yarn Integrity file
+.yarn-integrity
+
+# dotenv environment variable files
+.env
+.env.*
+!.env.example
+
+# parcel-bundler cache (https://parceljs.org/)
+.cache
+.parcel-cache
+
+# Next.js build output
+.next
+out
+
+# Nuxt.js build / generate output
+.nuxt
+dist
+.output
+
+# Gatsby files
+.cache/
+# Comment in the public line in if your project uses Gatsby and not Next.js
+# https://nextjs.org/blog/next-9-1#public-directory-support
+# public
+
+# vuepress build output
+.vuepress/dist
+
+# vuepress v2.x temp and cache directory
+.temp
+.cache
+
+# Sveltekit cache directory
+.svelte-kit/
+
+# vitepress build output
+**/.vitepress/dist
+
+# vitepress cache directory
+**/.vitepress/cache
+
+# Docusaurus cache and generated files
+.docusaurus
+
+# Serverless directories
+.serverless/
+
+# FuseBox cache
+.fusebox/
+
+# DynamoDB Local files
+.dynamodb/
+
+# Firebase cache directory
+.firebase/
+
+# TernJS port file
+.tern-port
+
+# Stores VSCode versions used for testing VSCode extensions
+.vscode-test
+
+# yarn v3
+.pnp.*
+.yarn/*
+!.yarn/patches
+!.yarn/plugins
+!.yarn/releases
+!.yarn/sdks
+!.yarn/versions
+
+# Vite files
+vite.config.js.timestamp-*
+vite.config.ts.timestamp-*
+.vite/
+
+### Custom ###
+
+debug.log
+scratches/
+test-results/
+data/
+*.arff
+
+# Auto generated
+static/css/output.css
+
+# macOS system files
+.DS_Store
+.Trashes
+._*
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@ -0,0 +1,40 @@
+# See https://pre-commit.com for more information
+# See https://pre-commit.com/hooks.html for more hooks
+repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v3.2.0
+    hooks:
+      - id: trailing-whitespace
+      - id: end-of-file-fixer
+      - id: check-yaml
+      - id: check-added-large-files
+        exclude: ^static/images/
+
+  - repo: https://github.com/astral-sh/ruff-pre-commit
+    rev: v0.13.3
+    hooks:
+      # Run the linter.
+      - id: ruff-check
+        types_or: [python, pyi]
+        args: [--fix]
+      # Run the formatter.
+      - id: ruff-format
+        types_or: [python, pyi]
+
+  - repo: local
+    hooks:
+      - id: prettier-jinja-templates
+        name: Format Jinja templates with Prettier
+        entry: pnpm exec prettier --plugin=prettier-plugin-jinja-template --parser=jinja-template --write
+        language: system
+        types: [file]
+        files: ^templates/.*\.html$
+
+  # - repo: local
+  #   hooks:
+  #     - id: django-check
+  #       name: Run Django Check
+  #       entry: uv run python manage.py check
+  #       language: system
+  #       pass_filenames: false
+  #       types: [python]
--- a/.prettierrc.json
+++ b/.prettierrc.json
@ -0,0 +1,11 @@
+{
+  "plugins": ["prettier-plugin-jinja-template", "prettier-plugin-tailwindcss"],
+  "overrides": [
+    {
+      "files": "templates/**/*.html",
+      "options": {
+        "parser": "jinja-template"
+      }
+    }
+  ]
+}
--- a/.python-version
+++ b/.python-version
@ -0,0 +1 @@
+3.12
--- a/README.md
+++ b/README.md
@ -1,2 +1,103 @@
 # enviPy

+## Local Development Setup
+
+These instructions will guide you through setting up the project for local development.
+
+### Prerequisites
+
+- Python 3.11 or later
+- [uv](https://github.com/astral-sh/uv) - Python package manager
+- **Docker and Docker Compose** - Required for running PostgreSQL database
+- Git
+- Make
+
+> **Note:** This application requires PostgreSQL (uses `ArrayField`). Docker is the easiest way to run PostgreSQL locally.
+
+
+### 1. Install Dependencies
+
+This project uses `uv` to manage dependencies and `poe-the-poet` for task running. First, [install `uv` if you don't have it yet](https://docs.astral.sh/uv/guides/install-python/).
+
+Then, sync the project dependencies. This will create a virtual environment in `.venv` and install all necessary packages, including `poe-the-poet`.
+
+```bash
+uv sync --dev
+```
+
+Note on RDkit installation: if you have rdkit installed on your system globally with a different version of python, the installation will try to link against that and subsequent calls fail. Only option remove global rdkit and rerun sync.
+
+---
+
+The frontend requires `pnpm` to correctly display in development.
+[Install it here](https://pnpm.io/installation).
+
+### 2. Set Up Environment File
+
+Copy the example environment file for local setup:
+
+```bash
+cp .env.local.example .env
+```
+
+This file contains the necessary environment variables for local development.
+
+### 3. Quick Setup with Poe
+
+The easiest way to set up the development environment is by using the `poe` task runner, which is executed via `uv run`.
+
+```bash
+uv run poe setup
+```
+
+This single command will:
+
+1. Start the PostgreSQL database using Docker Compose.
+2. Run database migrations.
+3. Bootstrap initial data (anonymous user, default packages, models).
+
+After setup, start the development server:
+
+```bash
+uv run poe dev
+```
+
+This will start the css-watcher as well as the django-development server,
+The application will be available at `http://localhost:8000`.
+
+**Note:** The development server automatically starts a CSS watcher (`pnpm run dev`) alongside the Django server to rebuild CSS files when changes are detected. This ensures your styles are always up-to-date during development.
+
+#### Other useful Poe commands
+
+You can list all available commands by running `uv run poe --help`.
+
+```bash
+uv run poe db-up         # Start PostgreSQL only
+uv run poe db-down       # Stop PostgreSQL
+uv run poe migrate       # Run migrations only
+uv run poe bootstrap     # Bootstrap data only
+uv run poe shell         # Open the Django shell
+uv run poe build         # Build frontend assets and collect static files
+uv run poe clean         # Remove database volumes (WARNING: destroys all data)
+```
+
+### Troubleshooting
+
+*   **Docker Connection Error:** If you see an error like `open //./pipe/dockerDesktopLinuxEngine: The system cannot find the file specified` (on Windows), it likely means your Docker Desktop application is not running. Please start Docker Desktop and try the command again.
+
+*   **SSH Keys for Git Dependencies:** Some dependencies are installed from private git repositories and require SSH authentication. Ensure your SSH keys are configured correctly for Git.
+    *   For a general guide, see [GitHub's official documentation](https://docs.github.com/en/authentication/connecting-to-github-with-ssh/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent).
+    *   **Windows Users:** If `uv sync` hangs while fetching git dependencies, you may need to explicitly configure Git to use the Windows OpenSSH client and use the `ssh-agent` to manage your key's passphrase.
+
+        1.  **Point Git to the correct SSH executable:**
+            ```powershell
+            git config --global core.sshCommand "C:/Windows/System32/OpenSSH/ssh.exe"
+            ```
+        2.  **Enable and use the SSH agent:**
+            ```powershell
+            # Run these commands in an administrator PowerShell
+            Get-Service ssh-agent | Set-Service -StartupType Automatic -PassThru | Start-Service
+
+            # Add your key to the agent. It will prompt for the passphrase once.
+            ssh-add
+            ```
--- a/docker-compose.dev.yml
+++ b/docker-compose.dev.yml
@ -0,0 +1,20 @@
+services:
+  db:
+    image: postgres:15
+    container_name: envipath-postgres
+    environment:
+      POSTGRES_USER: postgres
+      POSTGRES_PASSWORD: postgres
+      POSTGRES_DB: envipath
+    ports:
+      - "5432:5432"
+    volumes:
+      - postgres_data:/var/lib/postgresql/data
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U postgres"]
+      interval: 5s
+      timeout: 5s
+      retries: 5
+
+volumes:
+  postgres_data:
--- a/envipath/init.py
+++ b/envipath/init.py
@ -0,0 +1,5 @@
+# This will make sure the app is always imported when
+# Django starts so that shared_task will use this app.
+from .celery import app as celery_app
+
+__all__ = ("celery_app",)
--- a/envipath/api.py
+++ b/envipath/api.py
@ -0,0 +1,12 @@
+from epapi.v1.router import router as v1_router  # Refactored API from epdb.api_v2
+from epdb.legacy_api import router as epdb_legacy_app_router
+from ninja import NinjaAPI
+
+api = NinjaAPI()
+
+api_v1 = NinjaAPI(title="API V1 Docs", urls_namespace="api-v1")
+api_legacy = NinjaAPI(title="Legacy API Docs", urls_namespace="api-legacy")
+
+# Add routers
+api_v1.add_router("/", v1_router)
+api_legacy.add_router("/", epdb_legacy_app_router)
--- a/envipath/asgi.py
+++ b/envipath/asgi.py
@ -0,0 +1,16 @@
+"""
+ASGI config for envipath project.
+
+It exposes the ASGI callable as a module-level variable named ``application``.
+
+For more information on this file, see
+https://docs.djangoproject.com/en/4.2/howto/deployment/asgi/
+"""
+
+import os
+
+from django.core.asgi import get_asgi_application
+
+os.environ.setdefault("DJANGO_SETTINGS_MODULE", "envipath.settings")
+
+application = get_asgi_application()
--- a/envipath/celery.py
+++ b/envipath/celery.py
@ -0,0 +1,27 @@
+import os
+
+from celery import Celery
+from celery.signals import setup_logging
+
+# Set the default Django settings module for the 'celery' program.
+os.environ.setdefault("DJANGO_SETTINGS_MODULE", "envipath.settings")
+
+app = Celery("envipath")
+
+# Using a string here means the worker doesn't have to serialize
+# the configuration object to child processes.
+# - namespace='CELERY' means all celery-related configuration keys
+#   should have a `CELERY_` prefix.
+app.config_from_object("django.conf:settings", namespace="CELERY")
+
+
+@setup_logging.connect
+def config_loggers(*args, **kwargs):
+    from logging.config import dictConfig
+    from django.conf import settings
+
+    dictConfig(settings.LOGGING)
+
+
+# Load task modules from all registered Django apps.
+app.autodiscover_tasks()
--- a/envipath/settings.py
+++ b/envipath/settings.py
@ -0,0 +1,396 @@
+"""
+Django settings for envipath project.
+
+Generated by 'django-admin startproject' using Django 4.2.17.
+
+For more information on this file, see
+https://docs.djangoproject.com/en/4.2/topics/settings/
+
+For the full list of settings and their values, see
+https://docs.djangoproject.com/en/4.2/ref/settings/
+"""
+
+import os
+from pathlib import Path
+
+from dotenv import load_dotenv
+from envipy_plugins import Classifier, Property, Descriptor
+from sklearn.ensemble import RandomForestClassifier
+from sklearn.tree import DecisionTreeClassifier
+
+# Build paths inside the project like this: BASE_DIR / 'subdir'.
+BASE_DIR = Path(__file__).resolve().parent.parent
+
+load_dotenv(BASE_DIR / ".env", override=False)
+
+# Quick-start development settings - unsuitable for production
+# See https://docs.djangoproject.com/en/4.2/howto/deployment/checklist/
+
+# SECURITY WARNING: keep the secret key used in production secret!
+SECRET_KEY = os.environ.get("SECRET_KEY", "secret-key")
+
+# SECURITY WARNING: don't run with debug turned on in production!
+DEBUG = os.environ.get("DEBUG", "False") == "True"
+
+ALLOWED_HOSTS = os.environ["ALLOWED_HOSTS"].split(",")
+
+
+# Application definition
+
+INSTALLED_APPS = [
+    "django.contrib.admin",
+    "django.contrib.auth",
+    "django.contrib.contenttypes",
+    "django.contrib.sessions",
+    "django.contrib.messages",
+    "django.contrib.staticfiles",
+    # 3rd party
+    "django_extensions",
+    "oauth2_provider",
+    # Custom
+    "epapi",  # API endpoints (v1, etc.)
+    "epdb",
+    # "migration",
+]
+
+TENANT = os.environ.get("TENANT", "public")
+
+if TENANT != "public":
+    INSTALLED_APPS.append(TENANT)
+
+EPDB_PACKAGE_MODEL = os.environ.get("EPDB_PACKAGE_MODEL", "epdb.Package")
+
+
+def GET_PACKAGE_MODEL():
+    from django.apps import apps
+
+    return apps.get_model(EPDB_PACKAGE_MODEL)
+
+
+AUTHENTICATION_BACKENDS = [
+    "django.contrib.auth.backends.ModelBackend",
+]
+
+MIDDLEWARE = [
+    "django.middleware.security.SecurityMiddleware",
+    "django.contrib.sessions.middleware.SessionMiddleware",
+    "django.middleware.common.CommonMiddleware",
+    "django.middleware.csrf.CsrfViewMiddleware",
+    "django.contrib.auth.middleware.AuthenticationMiddleware",
+    "django.contrib.messages.middleware.MessageMiddleware",
+    "django.middleware.clickjacking.XFrameOptionsMiddleware",
+    "oauth2_provider.middleware.OAuth2TokenMiddleware",
+]
+
+OAUTH2_PROVIDER = {
+    "PKCE_REQUIRED": False,  # Accept PKCE requests but dont require them
+}
+
+if os.environ.get("REGISTRATION_MANDATORY", False) == "True":
+    MIDDLEWARE.append("epdb.middleware.login_required_middleware.LoginRequiredMiddleware")
+
+ROOT_URLCONF = "envipath.urls"
+
+TEMPLATES = [
+    {
+        "BACKEND": "django.template.backends.django.DjangoTemplates",
+        "DIRS": (os.path.join(BASE_DIR, "templates"),),
+        "APP_DIRS": True,
+        "OPTIONS": {
+            "context_processors": [
+                "django.template.context_processors.debug",
+                "django.template.context_processors.request",
+                "django.contrib.auth.context_processors.auth",
+                "django.contrib.messages.context_processors.messages",
+                "epdb.context_processors.package_context",
+            ],
+        },
+    },
+]
+
+ALLOWED_HTML_TAGS = {"b", "i", "u", "br", "em", "mark", "p", "s", "strong"}
+
+WSGI_APPLICATION = "envipath.wsgi.application"
+
+# Database
+# https://docs.djangoproject.com/en/4.2/ref/settings/#databases
+
+DATABASES = {
+    "default": {
+        "ENGINE": "django.db.backends.postgresql",
+        "USER": os.environ["POSTGRES_USER"],
+        "NAME": os.environ["POSTGRES_DB"],
+        "PASSWORD": os.environ["POSTGRES_PASSWORD"],
+        "HOST": os.environ["POSTGRES_SERVICE_NAME"],
+        "PORT": os.environ["POSTGRES_PORT"],
+    }
+}
+
+# Password validation
+# https://docs.djangoproject.com/en/4.2/ref/settings/#auth-password-validators
+
+AUTH_PASSWORD_VALIDATORS = [
+    {"NAME": "django.contrib.auth.password_validation.UserAttributeSimilarityValidator"},
+    {"NAME": "django.contrib.auth.password_validation.MinimumLengthValidator"},
+    {"NAME": "django.contrib.auth.password_validation.CommonPasswordValidator"},
+    {"NAME": "django.contrib.auth.password_validation.NumericPasswordValidator"},
+]
+
+# Internationalization
+# https://docs.djangoproject.com/en/4.2/topics/i18n/
+
+LANGUAGE_CODE = "en-us"
+
+TIME_ZONE = "UTC"
+
+USE_I18N = True
+
+USE_TZ = True
+
+
+# Default primary key field type
+# https://docs.djangoproject.com/en/4.2/ref/settings/#default-auto-field
+
+DEFAULT_AUTO_FIELD = "django.db.models.BigAutoField"
+
+EMAIL_SUBJECT_PREFIX = "[enviPath] "
+if DEBUG:
+    EMAIL_BACKEND = "django.core.mail.backends.console.EmailBackend"
+else:
+    EMAIL_BACKEND = "django.core.mail.backends.smtp.EmailBackend"
+    EMAIL_USE_TLS = True
+    EMAIL_HOST = "mail.gandi.net"
+    EMAIL_HOST_USER = os.environ["EMAIL_HOST_USER"]
+    EMAIL_HOST_PASSWORD = os.environ["EMAIL_HOST_PASSWORD"]
+    EMAIL_PORT = 587
+    DEFAULT_FROM_EMAIL = os.environ["DEFAULT_FROM_EMAIL"]
+    SERVER_EMAIL = os.environ["SERVER_EMAIL"]
+
+AUTH_USER_MODEL = "epdb.User"
+ADMIN_APPROVAL_REQUIRED = os.environ.get("ADMIN_APPROVAL_REQUIRED", "False") == "True"
+
+# # SESAME
+# SESAME_MAX_AGE = 300
+# # TODO set to "home"
+# LOGIN_REDIRECT_URL = "/"
+LOGIN_URL = "/login/"
+
+SERVER_URL = os.environ.get("SERVER_URL", "http://localhost:8000")
+
+CSRF_TRUSTED_ORIGINS = [SERVER_URL]
+
+AMBIT_URL = "http://localhost:9001"
+DEFAULT_VALUES = {"description": "no description"}
+
+EP_DATA_DIR = os.environ["EP_DATA_DIR"]
+if not os.path.exists(EP_DATA_DIR):
+    os.mkdir(EP_DATA_DIR)
+
+MODEL_DIR = os.path.join(EP_DATA_DIR, "models")
+if not os.path.exists(MODEL_DIR):
+    os.mkdir(MODEL_DIR)
+
+STATIC_DIR = os.path.join(EP_DATA_DIR, "static")
+if not os.path.exists(STATIC_DIR):
+    os.mkdir(STATIC_DIR)
+
+LOG_DIR = os.path.join(EP_DATA_DIR, "log")
+if not os.path.exists(LOG_DIR):
+    os.mkdir(LOG_DIR)
+
+PLUGIN_DIR = os.path.join(EP_DATA_DIR, "plugins")
+
+API_PAGINATION_DEFAULT_PAGE_SIZE = int(os.environ.get("API_PAGINATION_DEFAULT_PAGE_SIZE", 50))
+PAGINATION_MAX_PER_PAGE_SIZE = int(
+    os.environ.get("API_PAGINATION_MAX_PAGE_SIZE", 100)
+)  # Ninja override
+
+if not os.path.exists(PLUGIN_DIR):
+    os.mkdir(PLUGIN_DIR)
+
+# Set this as our static root dir
+STATIC_ROOT = STATIC_DIR
+
+STATIC_URL = "/static/"
+
+# Where the sources are stored...
+STATICFILES_DIRS = (BASE_DIR / "static",)
+
+FIXTURE_DIRS = (BASE_DIR / "fixtures",)
+
+# Logging
+LOGGING = {
+    "version": 1,
+    "disable_existing_loggers": True,
+    "formatters": {
+        "simple": {
+            "format": "[%(asctime)s] %(levelname)s %(module)s - %(message)s",
+            "datefmt": "%Y-%m-%d %H:%M:%S",
+        },
+    },
+    "handlers": {
+        "console": {
+            "level": "INFO",
+            "class": "logging.StreamHandler",
+            "formatter": "simple",
+        },
+        "file": {
+            "level": "DEBUG",  # Or higher
+            "class": "logging.FileHandler",
+            "filename": os.path.join(LOG_DIR, "debug.log"),
+            "formatter": "simple",
+        },
+    },
+    "loggers": {
+        # For everything under epdb/ loaded via getlogger(__name__)
+        "epdb": {
+            "handlers": ["file"],  # "console",
+            "propagate": True,
+            "level": os.environ.get("LOG_LEVEL", "INFO"),
+        },
+        # For everything under envipath/ loaded via getlogger(__name__)
+        "envipath": {
+            "handlers": ["file", "console"],
+            "propagate": True,
+            "level": os.environ.get("LOG_LEVEL", "INFO"),
+        },
+        # For everything under utilities/ loaded via getlogger(__name__)
+        "utilities": {
+            "handlers": ["file", "console"],
+            "propagate": True,
+            "level": os.environ.get("LOG_LEVEL", "INFO"),
+        },
+    },
+}
+
+# Flags
+ENVIFORMER_PRESENT = os.environ.get("ENVIFORMER_PRESENT", "False") == "True"
+ENVIFORMER_DEVICE = os.environ.get("ENVIFORMER_DEVICE", "cpu")
+
+
+# If celery is not present set always eager to true which will cause delayed tasks to block until finished
+FLAG_CELERY_PRESENT = os.environ.get("FLAG_CELERY_PRESENT", "False") == "True"
+if not FLAG_CELERY_PRESENT:
+    CELERY_TASK_ALWAYS_EAGER = True
+
+# Celery Configuration Options
+CELERY_TIMEZONE = "Europe/Berlin"
+# Celery Configuration
+CELERY_BROKER_URL = "redis://localhost:6379/0"  # Use Redis as message broker
+CELERY_RESULT_BACKEND = "redis://localhost:6379/1"
+CELERY_ACCEPT_CONTENT = ["json"]
+CELERY_TASK_SERIALIZER = "json"
+
+MODEL_BUILDING_ENABLED = os.environ.get("MODEL_BUILDING_ENABLED", "False") == "True"
+APPLICABILITY_DOMAIN_ENABLED = os.environ.get("APPLICABILITY_DOMAIN_ENABLED", "False") == "True"
+DEFAULT_RF_MODEL_PARAMS = {
+    "base_clf": RandomForestClassifier(
+        n_estimators=100,
+        max_features="log2",
+        random_state=42,
+        criterion="entropy",
+        ccp_alpha=0.0,
+        max_depth=3,
+        min_samples_leaf=1,
+    ),
+    "num_chains": 10,
+}
+
+DEFAULT_MODEL_PARAMS = {
+    "base_clf": DecisionTreeClassifier(
+        criterion="entropy",
+        max_depth=3,
+        min_samples_split=5,
+        # min_samples_leaf=5,
+        max_features="sqrt",
+        # class_weight='balanced',
+        random_state=42,
+    ),
+    "num_chains": 10,
+}
+
+DEFAULT_MAX_NUMBER_OF_NODES = 30
+DEFAULT_MAX_DEPTH = 5
+DEFAULT_MODEL_THRESHOLD = 0.25
+
+# Loading Plugins
+PLUGINS_ENABLED = os.environ.get("PLUGINS_ENABLED", "False") == "True"
+if PLUGINS_ENABLED:
+    from utilities.plugin import discover_plugins
+
+    CLASSIFIER_PLUGINS = discover_plugins(_cls=Classifier)
+    PROPERTY_PLUGINS = discover_plugins(_cls=Property)
+    DESCRIPTOR_PLUGINS = discover_plugins(_cls=Descriptor)
+else:
+    CLASSIFIER_PLUGINS = {}
+    PROPERTY_PLUGINS = {}
+    DESCRIPTOR_PLUGINS = {}
+
+SENTRY_ENABLED = os.environ.get("SENTRY_ENABLED", "False") == "True"
+if SENTRY_ENABLED:
+    import sentry_sdk
+
+    def before_send(event, hint):
+        # Check if was a handled exception by one of our loggers
+        if event.get("logger"):
+            for log_path in LOGGING.get("loggers").keys():
+                if event["logger"].startswith(log_path):
+                    return None
+
+        return event
+
+    sentry_sdk.init(
+        dsn=os.environ.get("SENTRY_DSN"),
+        # Add data like request headers and IP for users,
+        # see https://docs.sentry.io/platforms/python/data-management/data-collected/ for more info
+        send_default_pii=True,
+        environment=os.environ.get("SENTRY_ENVIRONMENT", "development"),
+        before_send=before_send,
+    )
+
+# compile into digestible flags
+FLAGS = {
+    "MODEL_BUILDING": MODEL_BUILDING_ENABLED,
+    "CELERY": FLAG_CELERY_PRESENT,
+    "PLUGINS": PLUGINS_ENABLED,
+    "SENTRY": SENTRY_ENABLED,
+    "ENVIFORMER": ENVIFORMER_PRESENT,
+    "APPLICABILITY_DOMAIN": APPLICABILITY_DOMAIN_ENABLED,
+}
+
+# path of the URL are checked via "startswith"
+# -> /password_reset/done is covered as well
+LOGIN_EXEMPT_URLS = [
+    "/register",
+    "/api/v1/",  # Let API handle its own authentication
+    "/api/legacy/",
+    "/o/token/",
+    "/o/userinfo/",
+    "/password_reset/",
+    "/reset/",
+    "/microsoft/",
+    "/terms",
+    "/privacy",
+    "/cookie-policy",
+    "/about",
+    "/contact",
+    "/careers",
+    "/cite",
+    "/legal",
+]
+
+# MS AD/Entra
+MS_ENTRA_ENABLED = os.environ.get("MS_ENTRA_ENABLED", "False") == "True"
+if MS_ENTRA_ENABLED:
+    # Add app to installed apps
+    INSTALLED_APPS.append("epauth")
+    # Set vars required by app
+    MS_ENTRA_CLIENT_ID = os.environ["MS_CLIENT_ID"]
+    MS_ENTRA_CLIENT_SECRET = os.environ["MS_CLIENT_SECRET"]
+    MS_ENTRA_TENANT_ID = os.environ["MS_TENANT_ID"]
+    MS_ENTRA_AUTHORITY = f"https://login.microsoftonline.com/{MS_ENTRA_TENANT_ID}"
+    MS_ENTRA_REDIRECT_URI = os.environ["MS_REDIRECT_URI"]
+    MS_ENTRA_SCOPES = os.environ.get("MS_SCOPES", "").split(",")
+
+# Site ID 10 -> beta.envipath.org
+MATOMO_SITE_ID = os.environ.get("MATOMO_SITE_ID", "10")
--- a/envipath/urls.py
+++ b/envipath/urls.py
@ -0,0 +1,42 @@
+"""
+URL configuration for envipath project.
+
+The `urlpatterns` list routes URLs to views. For more information please see:
+    https://docs.djangoproject.com/en/4.2/topics/http/urls/
+Examples:
+Function views
+    1. Add an import:  from my_app import views
+    2. Add a URL to urlpatterns:  path('', views.home, name='home')
+Class-based views
+    1. Add an import:  from other_app.views import Home
+    2. Add a URL to urlpatterns:  path('', Home.as_view(), name='home')
+Including another URLconf
+    1. Import the include() function: from django.urls import include, path
+    2. Add a URL to urlpatterns:  path('blog/', include('blog.urls'))
+"""
+
+from django.conf import settings as s
+from django.contrib import admin
+from django.urls import include, path
+
+from .api import api_v1, api_legacy
+
+urlpatterns = [
+    path("", include("epdb.urls")),
+    path("admin/", admin.site.urls),
+    path("api/v1/", api_v1.urls),
+    path("api/legacy/", api_legacy.urls),
+    path("o/", include("oauth2_provider.urls", namespace="oauth2_provider")),
+]
+
+if "migration" in s.INSTALLED_APPS:
+    urlpatterns.append(path("", include("migration.urls")))
+
+if s.MS_ENTRA_ENABLED:
+    urlpatterns.append(path("", include("epauth.urls")))
+
+# Custom error handlers
+handler400 = "epdb.views.handler400"
+handler403 = "epdb.views.handler403"
+handler404 = "epdb.views.handler404"
+handler500 = "epdb.views.handler500"
--- a/envipath/wsgi.py
+++ b/envipath/wsgi.py
@ -0,0 +1,16 @@
+"""
+WSGI config for envipath project.
+
+It exposes the WSGI callable as a module-level variable named ``application``.
+
+For more information on this file, see
+https://docs.djangoproject.com/en/4.2/howto/deployment/wsgi/
+"""
+
+import os
+
+from django.core.wsgi import get_wsgi_application
+
+os.environ.setdefault("DJANGO_SETTINGS_MODULE", "envipath.settings")
+
+application = get_wsgi_application()
--- a/epapi/init.py
+++ b/epapi/init.py
--- a/epapi/apps.py
+++ b/epapi/apps.py
@ -0,0 +1,6 @@
+from django.apps import AppConfig
+
+
+class EpapiConfig(AppConfig):
+    default_auto_field = "django.db.models.BigAutoField"
+    name = "epapi"
--- a/epapi/migrations/init.py
+++ b/epapi/migrations/init.py
--- a/epapi/tests/init.py
+++ b/epapi/tests/init.py
@ -0,0 +1 @@
+# Tests for epapi app
--- a/epapi/tests/v1/init.py
+++ b/epapi/tests/v1/init.py
@ -0,0 +1 @@
+# Tests for epapi v1 API
--- a/epapi/tests/v1/test_api_permissions.py
+++ b/epapi/tests/v1/test_api_permissions.py
@ -0,0 +1,532 @@
+from django.test import TestCase, tag
+
+from epdb.logic import GroupManager, PackageManager, UserManager
+from epdb.models import (
+    Compound,
+    GroupPackagePermission,
+    Permission,
+    UserPackagePermission,
+)
+
+
+@tag("api", "end2end")
+class APIPermissionTestBase(TestCase):
+    """
+    Base class for API permission tests.
+
+    Sets up common test data:
+    - user1: Owner of packages
+    - user2: User with various permissions
+    - user3: User with no permissions
+    - reviewed_package: Public package (reviewed=True)
+    - unreviewed_package_owned: Unreviewed package owned by user1
+    - unreviewed_package_read: Unreviewed package with READ permission for user2
+    - unreviewed_package_write: Unreviewed package with WRITE permission for user2
+    - unreviewed_package_all: Unreviewed package with ALL permission for user2
+    - unreviewed_package_no_access: Unreviewed package with no permissions for user2/user3
+    - group_package: Unreviewed package accessible via group permission
+    - test_group: Group containing user2
+    """
+
+    @classmethod
+    def setUpTestData(cls):
+        # Create users
+        cls.user1 = UserManager.create_user(
+            "permission-user1",
+            "permission-user1@envipath.com",
+            "SuperSafe",
+            set_setting=False,
+            add_to_group=False,
+            is_active=True,
+        )
+        cls.user2 = UserManager.create_user(
+            "permission-user2",
+            "permission-user2@envipath.com",
+            "SuperSafe",
+            set_setting=False,
+            add_to_group=False,
+            is_active=True,
+        )
+        cls.user3 = UserManager.create_user(
+            "permission-user3",
+            "permission-user3@envipath.com",
+            "SuperSafe",
+            set_setting=False,
+            add_to_group=False,
+            is_active=True,
+        )
+
+        # Delete default packages to ensure clean test data
+        for user in [cls.user1, cls.user2, cls.user3]:
+            default_pkg = user.default_package
+            user.default_package = None
+            user.save()
+            if default_pkg:
+                default_pkg.delete()
+
+        # Create reviewed package (public)
+        cls.reviewed_package = PackageManager.create_package(
+            cls.user1, "Reviewed Package", "Public package"
+        )
+        cls.reviewed_package.reviewed = True
+        cls.reviewed_package.save()
+
+        # Create unreviewed packages with various permissions
+        cls.unreviewed_package_owned = PackageManager.create_package(
+            cls.user1, "User1 Owned Package", "Owned by user1"
+        )
+
+        cls.unreviewed_package_read = PackageManager.create_package(
+            cls.user1, "User2 Read Package", "User2 has READ permission"
+        )
+        UserPackagePermission.objects.create(
+            user=cls.user2, package=cls.unreviewed_package_read, permission=Permission.READ[0]
+        )
+
+        cls.unreviewed_package_write = PackageManager.create_package(
+            cls.user1, "User2 Write Package", "User2 has WRITE permission"
+        )
+        UserPackagePermission.objects.create(
+            user=cls.user2, package=cls.unreviewed_package_write, permission=Permission.WRITE[0]
+        )
+
+        cls.unreviewed_package_all = PackageManager.create_package(
+            cls.user1, "User2 All Package", "User2 has ALL permission"
+        )
+        UserPackagePermission.objects.create(
+            user=cls.user2, package=cls.unreviewed_package_all, permission=Permission.ALL[0]
+        )
+
+        cls.unreviewed_package_no_access = PackageManager.create_package(
+            cls.user1, "No Access Package", "No permissions for user2/user3"
+        )
+
+        # Create group and group package
+        cls.test_group = GroupManager.create_group(
+            cls.user1, "Test Group", "Group for permission testing"
+        )
+        cls.test_group.user_member.add(cls.user2)
+        cls.test_group.save()
+
+        cls.group_package = PackageManager.create_package(
+            cls.user1, "Group Package", "Accessible via group permission"
+        )
+        GroupPackagePermission.objects.create(
+            group=cls.test_group, package=cls.group_package, permission=Permission.READ[0]
+        )
+
+        # Create test compounds in each package
+        cls.reviewed_compound = Compound.create(
+            cls.reviewed_package, "C", "Reviewed Compound", "Test compound"
+        )
+        cls.owned_compound = Compound.create(
+            cls.unreviewed_package_owned, "CC", "Owned Compound", "Test compound"
+        )
+        cls.read_compound = Compound.create(
+            cls.unreviewed_package_read, "CCC", "Read Compound", "Test compound"
+        )
+        cls.write_compound = Compound.create(
+            cls.unreviewed_package_write, "CCCC", "Write Compound", "Test compound"
+        )
+        cls.all_compound = Compound.create(
+            cls.unreviewed_package_all, "CCCCC", "All Compound", "Test compound"
+        )
+        cls.no_access_compound = Compound.create(
+            cls.unreviewed_package_no_access, "CCCCCC", "No Access Compound", "Test compound"
+        )
+        cls.group_compound = Compound.create(
+            cls.group_package, "CCCCCCC", "Group Compound", "Test compound"
+        )
+
+
+@tag("api", "end2end")
+class PackageListPermissionTest(APIPermissionTestBase):
+    """
+    Test permissions for /api/v1/packages/ endpoint.
+
+    Special case: This endpoint allows anonymous access (auth=None)
+    """
+
+    ENDPOINT = "/api/v1/packages/"
+
+    def test_anonymous_user_sees_only_reviewed_packages(self):
+        """Anonymous users should only see reviewed packages."""
+        self.client.logout()
+        response = self.client.get(self.ENDPOINT)
+
+        self.assertEqual(response.status_code, 200)
+        payload = response.json()
+
+        # Should only see reviewed package
+        self.assertEqual(payload["total_items"], 1)
+        self.assertEqual(payload["items"][0]["uuid"], str(self.reviewed_package.uuid))
+        self.assertEqual(payload["items"][0]["review_status"], "reviewed")
+
+    def test_authenticated_user_sees_all_readable_packages(self):
+        """Authenticated users see reviewed + packages they have access to."""
+        self.client.force_login(self.user2)
+        response = self.client.get(self.ENDPOINT)
+
+        self.assertEqual(response.status_code, 200)
+        payload = response.json()
+
+        # user2 should see:
+        # - reviewed_package (public)
+        # - unreviewed_package_read (READ permission)
+        # - unreviewed_package_write (WRITE permission)
+        # - unreviewed_package_all (ALL permission)
+        # - group_package (via group membership)
+        # Total: 5 packages
+        self.assertEqual(payload["total_items"], 5)
+
+        visible_uuids = {item["uuid"] for item in payload["items"]}
+        expected_uuids = {
+            str(self.reviewed_package.uuid),
+            str(self.unreviewed_package_read.uuid),
+            str(self.unreviewed_package_write.uuid),
+            str(self.unreviewed_package_all.uuid),
+            str(self.group_package.uuid),
+        }
+        self.assertEqual(visible_uuids, expected_uuids)
+
+    def test_owner_sees_all_owned_packages(self):
+        """Package owner sees all packages they created."""
+        self.client.force_login(self.user1)
+        response = self.client.get(self.ENDPOINT)
+
+        self.assertEqual(response.status_code, 200)
+        payload = response.json()
+
+        # user1 owns all packages
+        # Total: 7 packages (all packages created in setUpTestData)
+        self.assertEqual(payload["total_items"], 7)
+
+    def test_filter_by_review_status_true(self):
+        """Filter to show only reviewed packages."""
+        self.client.force_login(self.user2)
+        response = self.client.get(self.ENDPOINT, {"review_status": True})
+
+        self.assertEqual(response.status_code, 200)
+        payload = response.json()
+
+        # Only reviewed_package
+        self.assertEqual(payload["total_items"], 1)
+        self.assertTrue(all(item["review_status"] == "reviewed" for item in payload["items"]))
+
+    def test_filter_by_review_status_false(self):
+        """Filter to show only unreviewed packages."""
+        self.client.force_login(self.user2)
+        response = self.client.get(self.ENDPOINT, {"review_status": False})
+
+        self.assertEqual(response.status_code, 200)
+        payload = response.json()
+
+        # user2's accessible unreviewed packages: 4
+        self.assertEqual(payload["total_items"], 4)
+        self.assertTrue(all(item["review_status"] == "unreviewed" for item in payload["items"]))
+
+    def test_anonymous_filter_unreviewed_returns_empty(self):
+        """Anonymous users get no results when filtering for unreviewed."""
+        self.client.logout()
+        response = self.client.get(self.ENDPOINT, {"review_status": False})
+
+        self.assertEqual(response.status_code, 200)
+        payload = response.json()
+
+        self.assertEqual(payload["total_items"], 0)
+
+
+@tag("api", "end2end")
+class GlobalCompoundListPermissionTest(APIPermissionTestBase):
+    """
+    Test permissions for /api/v1/compounds/ endpoint.
+
+    This endpoint requires authentication.
+    """
+
+    ENDPOINT = "/api/v1/compounds/"
+
+    def test_anonymous_user_cannot_access(self):
+        """Anonymous users should get 401 Unauthorized."""
+        self.client.logout()
+        response = self.client.get(self.ENDPOINT)
+
+        self.assertEqual(response.status_code, 401)
+
+    def test_authenticated_user_sees_compounds_from_readable_packages(self):
+        """Authenticated users see compounds from packages they can read."""
+        self.client.force_login(self.user2)
+        response = self.client.get(self.ENDPOINT)
+
+        self.assertEqual(response.status_code, 200)
+        payload = response.json()
+
+        # user2 should see compounds from:
+        # - reviewed_package (public)
+        # - unreviewed_package_read (READ permission)
+        # - unreviewed_package_write (WRITE permission)
+        # - unreviewed_package_all (ALL permission)
+        # - group_package (via group membership)
+        # Total: 5 compounds
+        self.assertEqual(payload["total_items"], 5)
+
+        visible_uuids = {item["uuid"] for item in payload["items"]}
+        expected_uuids = {
+            str(self.reviewed_compound.uuid),
+            str(self.read_compound.uuid),
+            str(self.write_compound.uuid),
+            str(self.all_compound.uuid),
+            str(self.group_compound.uuid),
+        }
+        self.assertEqual(visible_uuids, expected_uuids)
+
+    def test_user_without_permission_cannot_see_compound(self):
+        """User without permission to package cannot see its compounds."""
+        self.client.force_login(self.user3)
+        response = self.client.get(self.ENDPOINT)
+
+        self.assertEqual(response.status_code, 200)
+        payload = response.json()
+
+        # user3 should only see compounds from reviewed_package
+        self.assertEqual(payload["total_items"], 1)
+        self.assertEqual(payload["items"][0]["uuid"], str(self.reviewed_compound.uuid))
+
+    def test_owner_sees_all_compounds(self):
+        """Package owner sees all compounds they created."""
+        self.client.force_login(self.user1)
+        response = self.client.get(self.ENDPOINT)
+
+        self.assertEqual(response.status_code, 200)
+        payload = response.json()
+
+        # user1 owns all packages, so sees all compounds
+        self.assertEqual(payload["total_items"], 7)
+
+    def test_read_permission_allows_viewing(self):
+        """READ permission allows viewing compounds."""
+        self.client.force_login(self.user2)
+        response = self.client.get(self.ENDPOINT)
+
+        self.assertEqual(response.status_code, 200)
+        payload = response.json()
+
+        # Check that read_compound is included
+        uuids = [item["uuid"] for item in payload["items"]]
+        self.assertIn(str(self.read_compound.uuid), uuids)
+
+    def test_write_permission_allows_viewing(self):
+        """WRITE permission also allows viewing compounds."""
+        self.client.force_login(self.user2)
+        response = self.client.get(self.ENDPOINT)
+
+        self.assertEqual(response.status_code, 200)
+        payload = response.json()
+
+        # Check that write_compound is included
+        uuids = [item["uuid"] for item in payload["items"]]
+        self.assertIn(str(self.write_compound.uuid), uuids)
+
+    def test_all_permission_allows_viewing(self):
+        """ALL permission allows viewing compounds."""
+        self.client.force_login(self.user2)
+        response = self.client.get(self.ENDPOINT)
+
+        self.assertEqual(response.status_code, 200)
+        payload = response.json()
+
+        # Check that all_compound is included
+        uuids = [item["uuid"] for item in payload["items"]]
+        self.assertIn(str(self.all_compound.uuid), uuids)
+
+    def test_group_permission_allows_viewing(self):
+        """Group membership grants access to group-permitted packages."""
+        self.client.force_login(self.user2)
+        response = self.client.get(self.ENDPOINT)
+
+        self.assertEqual(response.status_code, 200)
+        payload = response.json()
+
+        # Check that group_compound is included
+        uuids = [item["uuid"] for item in payload["items"]]
+        self.assertIn(str(self.group_compound.uuid), uuids)
+
+
+@tag("api", "end2end")
+class PackageScopedCompoundListPermissionTest(APIPermissionTestBase):
+    """
+    Test permissions for /api/v1/package/{uuid}/compound/ endpoint.
+
+    This endpoint requires authentication AND package access.
+    """
+
+    def test_anonymous_user_cannot_access_reviewed_package(self):
+        """Anonymous users should get 401 even for reviewed packages."""
+        self.client.logout()
+        endpoint = f"/api/v1/package/{self.reviewed_package.uuid}/compound/"
+        response = self.client.get(endpoint)
+
+        self.assertEqual(response.status_code, 401)
+
+    def test_authenticated_user_can_access_reviewed_package(self):
+        """Authenticated users can access reviewed packages."""
+        self.client.force_login(self.user3)
+        endpoint = f"/api/v1/package/{self.reviewed_package.uuid}/compound/"
+        response = self.client.get(endpoint)
+
+        self.assertEqual(response.status_code, 200)
+        payload = response.json()
+
+        self.assertEqual(payload["total_items"], 1)
+        self.assertEqual(payload["items"][0]["uuid"], str(self.reviewed_compound.uuid))
+
+    def test_user_can_access_package_with_read_permission(self):
+        """User with READ permission can access package-scoped endpoint."""
+        self.client.force_login(self.user2)
+        endpoint = f"/api/v1/package/{self.unreviewed_package_read.uuid}/compound/"
+        response = self.client.get(endpoint)
+
+        self.assertEqual(response.status_code, 200)
+        payload = response.json()
+
+        self.assertEqual(payload["total_items"], 1)
+        self.assertEqual(payload["items"][0]["uuid"], str(self.read_compound.uuid))
+
+    def test_user_can_access_package_with_write_permission(self):
+        """User with WRITE permission can access package-scoped endpoint."""
+        self.client.force_login(self.user2)
+        endpoint = f"/api/v1/package/{self.unreviewed_package_write.uuid}/compound/"
+        response = self.client.get(endpoint)
+
+        self.assertEqual(response.status_code, 200)
+        payload = response.json()
+
+        self.assertEqual(payload["total_items"], 1)
+        self.assertEqual(payload["items"][0]["uuid"], str(self.write_compound.uuid))
+
+    def test_user_can_access_package_with_all_permission(self):
+        """User with ALL permission can access package-scoped endpoint."""
+        self.client.force_login(self.user2)
+        endpoint = f"/api/v1/package/{self.unreviewed_package_all.uuid}/compound/"
+        response = self.client.get(endpoint)
+
+        self.assertEqual(response.status_code, 200)
+        payload = response.json()
+
+        self.assertEqual(payload["total_items"], 1)
+        self.assertEqual(payload["items"][0]["uuid"], str(self.all_compound.uuid))
+
+    def test_user_cannot_access_package_without_permission(self):
+        """User without permission gets 403 Forbidden."""
+        self.client.force_login(self.user2)
+        endpoint = f"/api/v1/package/{self.unreviewed_package_no_access.uuid}/compound/"
+        response = self.client.get(endpoint)
+
+        self.assertEqual(response.status_code, 403)
+
+    def test_nonexistent_package_returns_404(self):
+        """Request for non-existent package returns 404."""
+        self.client.force_login(self.user2)
+        fake_uuid = "00000000-0000-0000-0000-000000000000"
+        endpoint = f"/api/v1/package/{fake_uuid}/compound/"
+        response = self.client.get(endpoint)
+
+        self.assertEqual(response.status_code, 404)
+
+    def test_owner_can_access_owned_package(self):
+        """Package owner can access their package."""
+        self.client.force_login(self.user1)
+        endpoint = f"/api/v1/package/{self.unreviewed_package_owned.uuid}/compound/"
+        response = self.client.get(endpoint)
+
+        self.assertEqual(response.status_code, 200)
+        payload = response.json()
+
+        self.assertEqual(payload["total_items"], 1)
+        self.assertEqual(payload["items"][0]["uuid"], str(self.owned_compound.uuid))
+
+    def test_group_member_can_access_group_package(self):
+        """Group member can access package via group permission."""
+        self.client.force_login(self.user2)
+        endpoint = f"/api/v1/package/{self.group_package.uuid}/compound/"
+        response = self.client.get(endpoint)
+
+        self.assertEqual(response.status_code, 200)
+        payload = response.json()
+
+        self.assertEqual(payload["total_items"], 1)
+        self.assertEqual(payload["items"][0]["uuid"], str(self.group_compound.uuid))
+
+    def test_non_group_member_cannot_access_group_package(self):
+        """Non-group member cannot access package with only group permission."""
+        self.client.force_login(self.user3)
+        endpoint = f"/api/v1/package/{self.group_package.uuid}/compound/"
+        response = self.client.get(endpoint)
+
+        self.assertEqual(response.status_code, 403)
+
+
+@tag("api", "end2end")
+class MultiResourcePermissionTest(APIPermissionTestBase):
+    """
+    Test that permission system works consistently across all resource types.
+
+    Tests a sample of other endpoints to ensure permission logic is consistent.
+    """
+
+    def test_rules_endpoint_respects_permissions(self):
+        """Rules endpoint uses same permission logic."""
+        from epdb.models import SimpleAmbitRule
+
+        # Create rule in no-access package
+        rule = SimpleAmbitRule.create(
+            self.unreviewed_package_no_access, "Test Rule", "Test", "[C:1]>>[C:1]O"
+        )
+
+        self.client.force_login(self.user2)
+        response = self.client.get("/api/v1/rules/")
+
+        self.assertEqual(response.status_code, 200)
+        payload = response.json()
+
+        # user2 should not see the rule from no_access_package
+        rule_uuids = [item["uuid"] for item in payload["items"]]
+        self.assertNotIn(str(rule.uuid), rule_uuids)
+
+    def test_reactions_endpoint_respects_permissions(self):
+        """Reactions endpoint uses same permission logic."""
+        from epdb.models import Reaction
+
+        # Create reaction in no-access package
+        reaction = Reaction.create(
+            self.unreviewed_package_no_access, "Test Reaction", "Test", ["C"], ["CO"]
+        )
+
+        self.client.force_login(self.user2)
+        response = self.client.get("/api/v1/reactions/")
+
+        self.assertEqual(response.status_code, 200)
+        payload = response.json()
+
+        # user2 should not see the reaction from no_access_package
+        reaction_uuids = [item["uuid"] for item in payload["items"]]
+        self.assertNotIn(str(reaction.uuid), reaction_uuids)
+
+    def test_pathways_endpoint_respects_permissions(self):
+        """Pathways endpoint uses same permission logic."""
+        from epdb.models import Pathway
+
+        # Create pathway in no-access package
+        pathway = Pathway.objects.create(
+            package=self.unreviewed_package_no_access, name="Test Pathway", description="Test"
+        )
+
+        self.client.force_login(self.user2)
+        response = self.client.get("/api/v1/pathways/")
+
+        self.assertEqual(response.status_code, 200)
+        payload = response.json()
+
+        # user2 should not see the pathway from no_access_package
+        pathway_uuids = [item["uuid"] for item in payload["items"]]
+        self.assertNotIn(str(pathway.uuid), pathway_uuids)
--- a/epapi/tests/v1/test_contract_get_entities.py
+++ b/epapi/tests/v1/test_contract_get_entities.py
@ -0,0 +1,477 @@
+from django.test import TestCase, tag
+
+from epdb.logic import PackageManager, UserManager
+from epdb.models import Compound, Reaction, Pathway, EPModel, SimpleAmbitRule, Scenario
+
+
+class BaseTestAPIGetPaginated:
+    """
+    Mixin class for API pagination tests.
+
+    Subclasses must inherit from both this class and TestCase, e.g.:
+        class MyTest(BaseTestAPIGetPaginated, TestCase):
+            ...
+
+    Subclasses must define:
+    - resource_name: Singular name (e.g., "compound")
+    - resource_name_plural: Plural name (e.g., "compounds")
+    - global_endpoint: Global listing endpoint (e.g., "/api/v1/compounds/")
+    - package_endpoint_template: Template for package-scoped endpoint or None
+    - total_reviewed: Number of reviewed items to create
+    - total_unreviewed: Number of unreviewed items to create
+    - create_reviewed_resource(cls, package, idx): Factory method
+    - create_unreviewed_resource(cls, package, idx): Factory method
+    """
+
+    # Configuration to be overridden by subclasses
+    resource_name = None
+    resource_name_plural = None
+    global_endpoint = None
+    package_endpoint_template = None
+    total_reviewed = 50
+    total_unreviewed = 20
+    default_page_size = 50
+    max_page_size = 100
+
+    @classmethod
+    def setUpTestData(cls):
+        # Create test user
+        cls.user = UserManager.create_user(
+            f"{cls.resource_name}-user",
+            f"{cls.resource_name}-user@envipath.com",
+            "SuperSafe",
+            set_setting=False,
+            add_to_group=False,
+            is_active=True,
+        )
+
+        # Delete the auto-created default package to ensure clean test data
+        default_pkg = cls.user.default_package
+        cls.user.default_package = None
+        cls.user.save()
+        default_pkg.delete()
+
+        # Create reviewed package
+        cls.reviewed_package = PackageManager.create_package(
+            cls.user, "Reviewed Package", f"Reviewed package for {cls.resource_name} tests"
+        )
+        cls.reviewed_package.reviewed = True
+        cls.reviewed_package.save()
+
+        # Create unreviewed package
+        cls.unreviewed_package = PackageManager.create_package(
+            cls.user, "Draft Package", f"Unreviewed package for {cls.resource_name} tests"
+        )
+
+        # Create reviewed resources
+        for idx in range(cls.total_reviewed):
+            cls.create_reviewed_resource(cls.reviewed_package, idx)
+
+        # Create unreviewed resources
+        for idx in range(cls.total_unreviewed):
+            cls.create_unreviewed_resource(cls.unreviewed_package, idx)
+
+        # Set up package-scoped endpoints if applicable
+        if cls.package_endpoint_template:
+            cls.reviewed_package_endpoint = cls.package_endpoint_template.format(
+                uuid=cls.reviewed_package.uuid
+            )
+            cls.unreviewed_package_endpoint = cls.package_endpoint_template.format(
+                uuid=cls.unreviewed_package.uuid
+            )
+
+    @classmethod
+    def create_reviewed_resource(cls, package, idx):
+        """
+        Create a single reviewed resource.
+        Must be implemented by subclass.
+
+        Args:
+            package: The package to create the resource in
+            idx: Index of the resource (0-based)
+        """
+        raise NotImplementedError(f"{cls.__name__} must implement create_reviewed_resource()")
+
+    @classmethod
+    def create_unreviewed_resource(cls, package, idx):
+        """
+        Create a single unreviewed resource.
+        Must be implemented by subclass.
+
+        Args:
+            package: The package to create the resource in
+            idx: Index of the resource (0-based)
+        """
+        raise NotImplementedError(f"{cls.__name__} must implement create_unreviewed_resource()")
+
+    def setUp(self):
+        self.client.force_login(self.user)
+
+    def test_requires_session_authentication(self):
+        """Test that the global endpoint requires authentication."""
+        self.client.logout()
+        response = self.client.get(self.global_endpoint)
+        self.assertEqual(response.status_code, 401)
+
+    def test_global_listing_uses_default_page_size(self):
+        """Test that the global endpoint uses default pagination settings."""
+        response = self.client.get(self.global_endpoint, {"review_status": True})
+        self.assertEqual(response.status_code, 200)
+
+        payload = response.json()
+        self.assertEqual(payload["page"], 1)
+        self.assertEqual(payload["page_size"], self.default_page_size)
+        self.assertEqual(payload["total_items"], self.total_reviewed)
+
+        # Verify only reviewed items are returned
+        self.assertTrue(all(item["review_status"] == "reviewed" for item in payload["items"]))
+
+    def test_can_request_later_page(self):
+        """Test that pagination works for later pages."""
+        if self.total_reviewed <= self.default_page_size:
+            self.skipTest(
+                f"Not enough items to test pagination "
+                f"({self.total_reviewed} <= {self.default_page_size})"
+            )
+
+        response = self.client.get(self.global_endpoint, {"page": 2})
+        self.assertEqual(response.status_code, 200)
+
+        payload = response.json()
+        self.assertEqual(payload["page"], 2)
+
+        # Calculate expected items on page 2
+        expected_items = min(self.default_page_size, self.total_reviewed - self.default_page_size)
+        self.assertEqual(len(payload["items"]), expected_items)
+
+        # Verify only reviewed items are returned
+        self.assertTrue(all(item["review_status"] == "reviewed" for item in payload["items"]))
+
+    def test_page_size_is_capped(self):
+        """Test that page size is capped at the maximum."""
+        if self.total_reviewed <= self.max_page_size:
+            self.skipTest(
+                f"Not enough items to test page size cap "
+                f"({self.total_reviewed} <= {self.max_page_size})"
+            )
+
+        response = self.client.get(self.global_endpoint, {"page_size": 150})
+        self.assertEqual(response.status_code, 200)
+
+        payload = response.json()
+        self.assertEqual(payload["page_size"], self.max_page_size)
+        self.assertEqual(len(payload["items"]), self.max_page_size)
+
+    def test_package_endpoint_for_reviewed_package(self):
+        """Test the package-scoped endpoint for reviewed packages."""
+        if not self.package_endpoint_template:
+            self.skipTest("No package endpoint for this resource")
+
+        response = self.client.get(self.reviewed_package_endpoint)
+        self.assertEqual(response.status_code, 200)
+
+        payload = response.json()
+        self.assertEqual(payload["total_items"], self.total_reviewed)
+
+        # Verify only reviewed items are returned
+        self.assertTrue(all(item["review_status"] == "reviewed" for item in payload["items"]))
+
+    def test_package_endpoint_for_unreviewed_package(self):
+        """Test the package-scoped endpoint for unreviewed packages."""
+        if not self.package_endpoint_template:
+            self.skipTest("No package endpoint for this resource")
+
+        response = self.client.get(self.unreviewed_package_endpoint)
+        self.assertEqual(response.status_code, 200)
+
+        payload = response.json()
+        self.assertEqual(payload["total_items"], self.total_unreviewed)
+
+        # Verify only unreviewed items are returned
+        self.assertTrue(all(item["review_status"] == "unreviewed" for item in payload["items"]))
+
+
+@tag("api", "end2end")
+class PackagePaginationAPITest(TestCase):
+    ENDPOINT = "/api/v1/packages/"
+
+    @classmethod
+    def setUpTestData(cls):
+        cls.user = UserManager.create_user(
+            "package-user",
+            "package-user@envipath.com",
+            "SuperSafe",
+            set_setting=False,
+            add_to_group=False,
+            is_active=True,
+        )
+
+        # Delete the auto-created default package to ensure clean test data
+        default_pkg = cls.user.default_package
+        cls.user.default_package = None
+        cls.user.save()
+        default_pkg.delete()
+
+        # Create reviewed packages
+        cls.total_reviewed = 25
+        for idx in range(cls.total_reviewed):
+            package = PackageManager.create_package(
+                cls.user, f"Reviewed Package {idx:03d}", "Reviewed package for tests"
+            )
+            package.reviewed = True
+            package.save()
+
+        # Create unreviewed packages
+        cls.total_unreviewed = 15
+        for idx in range(cls.total_unreviewed):
+            PackageManager.create_package(
+                cls.user, f"Draft Package {idx:03d}", "Unreviewed package for tests"
+            )
+
+    def setUp(self):
+        self.client.force_login(self.user)
+
+    def test_anonymous_can_access_reviewed_packages(self):
+        self.client.logout()
+        response = self.client.get(self.ENDPOINT)
+        self.assertEqual(response.status_code, 200)
+
+        payload = response.json()
+        # Anonymous users can only see reviewed packages
+        self.assertEqual(payload["total_items"], self.total_reviewed)
+        self.assertTrue(all(item["review_status"] == "reviewed" for item in payload["items"]))
+
+    def test_listing_uses_default_page_size(self):
+        response = self.client.get(self.ENDPOINT)
+        self.assertEqual(response.status_code, 200)
+
+        payload = response.json()
+        self.assertEqual(payload["page"], 1)
+        self.assertEqual(payload["page_size"], 50)
+        self.assertEqual(payload["total_items"], self.total_reviewed + self.total_unreviewed)
+
+    def test_reviewed_filter_true(self):
+        response = self.client.get(self.ENDPOINT, {"review_status": True})
+        self.assertEqual(response.status_code, 200)
+
+        payload = response.json()
+        self.assertEqual(payload["total_items"], self.total_reviewed)
+        self.assertTrue(all(item["review_status"] == "reviewed" for item in payload["items"]))
+
+    def test_reviewed_filter_false(self):
+        response = self.client.get(self.ENDPOINT, {"review_status": False})
+        self.assertEqual(response.status_code, 200)
+
+        payload = response.json()
+        self.assertEqual(payload["total_items"], self.total_unreviewed)
+        self.assertTrue(all(item["review_status"] == "unreviewed" for item in payload["items"]))
+
+    def test_reviewed_filter_false_anonymous(self):
+        self.client.logout()
+        response = self.client.get(self.ENDPOINT, {"review_status": False})
+        self.assertEqual(response.status_code, 200)
+
+        payload = response.json()
+        # Anonymous users cannot access unreviewed packages
+        self.assertEqual(payload["total_items"], 0)
+
+
+@tag("api", "end2end")
+class CompoundPaginationAPITest(BaseTestAPIGetPaginated, TestCase):
+    """Compound pagination tests using base class."""
+
+    resource_name = "compound"
+    resource_name_plural = "compounds"
+    global_endpoint = "/api/v1/compounds/"
+    package_endpoint_template = "/api/v1/package/{uuid}/compound/"
+    total_reviewed = 125
+    total_unreviewed = 35
+
+    @classmethod
+    def create_reviewed_resource(cls, package, idx):
+        simple_smiles = ["C", "CC", "CCC", "CCCC", "CCCCC"]
+        smiles = simple_smiles[idx % len(simple_smiles)] + ("O" * (idx // len(simple_smiles)))
+        return Compound.create(
+            package,
+            smiles,
+            f"Reviewed Compound {idx:03d}",
+            "Compound for pagination tests",
+        )
+
+    @classmethod
+    def create_unreviewed_resource(cls, package, idx):
+        simple_smiles = ["C", "CC", "CCC", "CCCC", "CCCCC"]
+        smiles = simple_smiles[idx % len(simple_smiles)] + ("N" * (idx // len(simple_smiles)))
+        return Compound.create(
+            package,
+            smiles,
+            f"Draft Compound {idx:03d}",
+            "Compound for pagination tests",
+        )
+
+
+@tag("api", "end2end")
+class RulePaginationAPITest(BaseTestAPIGetPaginated, TestCase):
+    """Rule pagination tests using base class."""
+
+    resource_name = "rule"
+    resource_name_plural = "rules"
+    global_endpoint = "/api/v1/rules/"
+    package_endpoint_template = "/api/v1/package/{uuid}/rule/"
+    total_reviewed = 125
+    total_unreviewed = 35
+
+    @classmethod
+    def create_reviewed_resource(cls, package, idx):
+        # Create unique SMIRKS by combining chain length and functional group variations
+        # This ensures each idx gets a truly unique SMIRKS pattern
+        carbon_chain = "C" * (idx + 1)  # C, CC, CCC, ... (grows with idx)
+        smirks = f"[{carbon_chain}:1]>>[{carbon_chain}:1]O"
+        return SimpleAmbitRule.create(
+            package,
+            f"Reviewed Rule {idx:03d}",
+            f"Rule {idx} for pagination tests",
+            smirks,
+        )
+
+    @classmethod
+    def create_unreviewed_resource(cls, package, idx):
+        # Create unique SMIRKS by varying the carbon chain length
+        carbon_chain = "C" * (idx + 1)  # C, CC, CCC, ... (grows with idx)
+        smirks = f"[{carbon_chain}:1]>>[{carbon_chain}:1]N"
+        return SimpleAmbitRule.create(
+            package,
+            f"Draft Rule {idx:03d}",
+            f"Rule {idx} for pagination tests",
+            smirks,
+        )
+
+
+@tag("api", "end2end")
+class ReactionPaginationAPITest(BaseTestAPIGetPaginated, TestCase):
+    """Reaction pagination tests using base class."""
+
+    resource_name = "reaction"
+    resource_name_plural = "reactions"
+    global_endpoint = "/api/v1/reactions/"
+    package_endpoint_template = "/api/v1/package/{uuid}/reaction/"
+    total_reviewed = 125
+    total_unreviewed = 35
+
+    @classmethod
+    def create_reviewed_resource(cls, package, idx):
+        # Generate unique SMILES with growing chain lengths to avoid duplicates
+        # Each idx gets a unique chain length
+        educt_smiles = "C" * (idx + 1)  # C, CC, CCC, ... (grows with idx)
+        product_smiles = educt_smiles + "O"
+        return Reaction.create(
+            package=package,
+            name=f"Reviewed Reaction {idx:03d}",
+            description="Reaction for pagination tests",
+            educts=[educt_smiles],
+            products=[product_smiles],
+        )
+
+    @classmethod
+    def create_unreviewed_resource(cls, package, idx):
+        # Generate unique SMILES with growing chain lengths to avoid duplicates
+        # Each idx gets a unique chain length
+        educt_smiles = "C" * (idx + 1)  # C, CC, CCC, ... (grows with idx)
+        product_smiles = educt_smiles + "N"
+        return Reaction.create(
+            package=package,
+            name=f"Draft Reaction {idx:03d}",
+            description="Reaction for pagination tests",
+            educts=[educt_smiles],
+            products=[product_smiles],
+        )
+
+
+@tag("api", "end2end")
+class PathwayPaginationAPITest(BaseTestAPIGetPaginated, TestCase):
+    """Pathway pagination tests using base class."""
+
+    resource_name = "pathway"
+    resource_name_plural = "pathways"
+    global_endpoint = "/api/v1/pathways/"
+    package_endpoint_template = "/api/v1/package/{uuid}/pathway/"
+    total_reviewed = 125
+    total_unreviewed = 35
+
+    @classmethod
+    def create_reviewed_resource(cls, package, idx):
+        return Pathway.objects.create(
+            package=package,
+            name=f"Reviewed Pathway {idx:03d}",
+            description="Pathway for pagination tests",
+        )
+
+    @classmethod
+    def create_unreviewed_resource(cls, package, idx):
+        return Pathway.objects.create(
+            package=package,
+            name=f"Draft Pathway {idx:03d}",
+            description="Pathway for pagination tests",
+        )
+
+
+@tag("api", "end2end")
+class ModelPaginationAPITest(BaseTestAPIGetPaginated, TestCase):
+    """Model pagination tests using base class."""
+
+    resource_name = "model"
+    resource_name_plural = "models"
+    global_endpoint = "/api/v1/models/"
+    package_endpoint_template = "/api/v1/package/{uuid}/model/"
+    total_reviewed = 125
+    total_unreviewed = 35
+
+    @classmethod
+    def create_reviewed_resource(cls, package, idx):
+        return EPModel.objects.create(
+            package=package,
+            name=f"Reviewed Model {idx:03d}",
+            description="Model for pagination tests",
+        )
+
+    @classmethod
+    def create_unreviewed_resource(cls, package, idx):
+        return EPModel.objects.create(
+            package=package,
+            name=f"Draft Model {idx:03d}",
+            description="Model for pagination tests",
+        )
+
+
+@tag("api", "end2end")
+class ScenarioPaginationAPITest(BaseTestAPIGetPaginated, TestCase):
+    """Scenario pagination tests using base class."""
+
+    resource_name = "scenario"
+    resource_name_plural = "scenarios"
+    global_endpoint = "/api/v1/scenarios/"
+    package_endpoint_template = "/api/v1/package/{uuid}/scenario/"
+    total_reviewed = 125
+    total_unreviewed = 35
+
+    @classmethod
+    def create_reviewed_resource(cls, package, idx):
+        return Scenario.create(
+            package,
+            f"Reviewed Scenario {idx:03d}",
+            "Scenario for pagination tests",
+            "2025-01-01",
+            "lab",
+            [],
+        )
+
+    @classmethod
+    def create_unreviewed_resource(cls, package, idx):
+        return Scenario.create(
+            package,
+            f"Draft Scenario {idx:03d}",
+            "Scenario for pagination tests",
+            "2025-01-01",
+            "field",
+            [],
+        )
--- a/epapi/v1/init.py
+++ b/epapi/v1/init.py
--- a/epapi/v1/auth.py
+++ b/epapi/v1/auth.py
@ -0,0 +1,8 @@
+from ninja.security import HttpBearer
+from ninja.errors import HttpError
+
+
+class BearerTokenAuth(HttpBearer):
+    def authenticate(self, request, token):
+        # FIXME: placeholder; implement it in O(1) time
+        raise HttpError(401, "Invalid or expired token")
--- a/epapi/v1/dal.py
+++ b/epapi/v1/dal.py
@ -0,0 +1,95 @@
+from django.db.models import Model
+from epdb.logic import PackageManager
+from epdb.models import CompoundStructure, User, Package, Compound
+from uuid import UUID
+
+from .errors import EPAPINotFoundError, EPAPIPermissionDeniedError
+
+
+def get_compound_or_error(user, compound_uuid: UUID):
+    """
+    Get compound by UUID with permission check.
+    """
+    try:
+        compound = Compound.objects.get(uuid=compound_uuid)
+        package = compound.package
+    except Compound.DoesNotExist:
+        raise EPAPINotFoundError(f"Compound with UUID {compound_uuid} not found")
+
+    # FIXME: optimize package manager to exclusively work with UUIDs
+    if not user or user.is_anonymous or not PackageManager.readable(user, package):
+        raise EPAPIPermissionDeniedError("Insufficient permissions to access this compound.")
+
+    return compound
+
+
+def get_package_or_error(user, package_uuid: UUID):
+    """
+    Get package by UUID with permission check.
+    """
+
+    # FIXME: update package manager with custom exceptions to avoid manual checks here
+    try:
+        package = Package.objects.get(uuid=package_uuid)
+    except Package.DoesNotExist:
+        raise EPAPINotFoundError(f"Package with UUID {package_uuid} not found")
+
+    # FIXME: optimize package manager to exclusively work with UUIDs
+    if not user or user.is_anonymous or not PackageManager.readable(user, package):
+        raise EPAPIPermissionDeniedError("Insufficient permissions to access this package.")
+
+    return package
+
+
+def get_user_packages_qs(user: User | None):
+    """Get all packages readable by the user."""
+    if not user or user.is_anonymous:
+        return PackageManager.get_reviewed_packages()
+    return PackageManager.get_all_readable_packages(user, include_reviewed=True)
+
+
+def get_user_entities_qs(model_class: Model, user: User | None):
+    """Build queryset for reviewed package entities."""
+
+    if not user or user.is_anonymous:
+        return model_class.objects.filter(package__reviewed=True).select_related("package")
+
+    qs = model_class.objects.filter(
+        package__in=PackageManager.get_all_readable_packages(user, include_reviewed=True)
+    ).select_related("package")
+    return qs
+
+
+def get_package_scoped_entities_qs(
+    model_class: Model, package_uuid: UUID, user: User | None = None
+):
+    """Build queryset for specific package entities."""
+    package = get_package_or_error(user, package_uuid)
+    qs = model_class.objects.filter(package=package).select_related("package")
+    return qs
+
+
+def get_user_structures_qs(user: User | None):
+    """Build queryset for structures accessible to the user (via compound->package)."""
+
+    if not user or user.is_anonymous:
+        return CompoundStructure.objects.filter(compound__package__reviewed=True).select_related(
+            "compound__package"
+        )
+
+    qs = CompoundStructure.objects.filter(
+        compound__package__in=PackageManager.get_all_readable_packages(user, include_reviewed=True)
+    ).select_related("compound__package")
+    return qs
+
+
+def get_package_compound_scoped_structure_qs(
+    package_uuid: UUID, compound_uuid: UUID, user: User | None = None
+):
+    """Build queryset for specific package compound structures."""
+
+    get_package_or_error(user, package_uuid)
+    compound = get_compound_or_error(user, compound_uuid)
+
+    qs = CompoundStructure.objects.filter(compound=compound).select_related("compound__package")
+    return qs
--- a/epapi/v1/endpoints/init.py
+++ b/epapi/v1/endpoints/init.py
--- a/epapi/v1/endpoints/compounds.py
+++ b/epapi/v1/endpoints/compounds.py
@ -0,0 +1,41 @@
+from django.conf import settings as s
+from ninja import Router
+from ninja_extra.pagination import paginate
+from uuid import UUID
+
+from epdb.models import Compound
+from ..pagination import EnhancedPageNumberPagination
+from ..schemas import CompoundOutSchema, ReviewStatusFilter
+from ..dal import get_user_entities_qs, get_package_scoped_entities_qs
+
+router = Router()
+
+
+@router.get("/compounds/", response=EnhancedPageNumberPagination.Output[CompoundOutSchema])
+@paginate(
+    EnhancedPageNumberPagination,
+    page_size=s.API_PAGINATION_DEFAULT_PAGE_SIZE,
+    filter_schema=ReviewStatusFilter,
+)
+def list_all_compounds(request):
+    """
+    List all compounds from reviewed packages.
+    """
+    return get_user_entities_qs(Compound, request.user).order_by("name").all()
+
+
+@router.get(
+    "/package/{uuid:package_uuid}/compound/",
+    response=EnhancedPageNumberPagination.Output[CompoundOutSchema],
+)
+@paginate(
+    EnhancedPageNumberPagination,
+    page_size=s.API_PAGINATION_DEFAULT_PAGE_SIZE,
+    filter_schema=ReviewStatusFilter,
+)
+def list_package_compounds(request, package_uuid: UUID):
+    """
+    List all compounds for a specific package.
+    """
+    user = request.user
+    return get_package_scoped_entities_qs(Compound, package_uuid, user).order_by("name").all()
--- a/epapi/v1/endpoints/models.py
+++ b/epapi/v1/endpoints/models.py
@ -0,0 +1,41 @@
+from django.conf import settings as s
+from ninja import Router
+from ninja_extra.pagination import paginate
+from uuid import UUID
+
+from epdb.models import EPModel
+from ..pagination import EnhancedPageNumberPagination
+from ..schemas import ModelOutSchema, ReviewStatusFilter
+from ..dal import get_user_entities_qs, get_package_scoped_entities_qs
+
+router = Router()
+
+
+@router.get("/models/", response=EnhancedPageNumberPagination.Output[ModelOutSchema])
+@paginate(
+    EnhancedPageNumberPagination,
+    page_size=s.API_PAGINATION_DEFAULT_PAGE_SIZE,
+    filter_schema=ReviewStatusFilter,
+)
+def list_all_models(request):
+    """
+    List all models from reviewed packages.
+    """
+    return get_user_entities_qs(EPModel, request.user).order_by("name").all()
+
+
+@router.get(
+    "/package/{uuid:package_uuid}/model/",
+    response=EnhancedPageNumberPagination.Output[ModelOutSchema],
+)
+@paginate(
+    EnhancedPageNumberPagination,
+    page_size=s.API_PAGINATION_DEFAULT_PAGE_SIZE,
+    filter_schema=ReviewStatusFilter,
+)
+def list_package_models(request, package_uuid: UUID):
+    """
+    List all models for a specific package.
+    """
+    user = request.user
+    return get_package_scoped_entities_qs(EPModel, package_uuid, user).order_by("name").all()
--- a/epapi/v1/endpoints/packages.py
+++ b/epapi/v1/endpoints/packages.py
@ -0,0 +1,27 @@
+from django.conf import settings as s
+from ninja import Router
+from ninja_extra.pagination import paginate
+import logging
+
+from ..dal import get_user_packages_qs
+from ..pagination import EnhancedPageNumberPagination
+from ..schemas import PackageOutSchema, SelfReviewStatusFilter
+
+router = Router()
+logger = logging.getLogger(__name__)
+
+
+@router.get("/packages/", response=EnhancedPageNumberPagination.Output[PackageOutSchema], auth=None)
+@paginate(
+    EnhancedPageNumberPagination,
+    page_size=s.API_PAGINATION_DEFAULT_PAGE_SIZE,
+    filter_schema=SelfReviewStatusFilter,
+)
+def list_all_packages(request):
+    """
+    List packages accessible to the user.
+
+    """
+    user = request.user
+    qs = get_user_packages_qs(user)
+    return qs.order_by("name").all()
--- a/epapi/v1/endpoints/pathways.py
+++ b/epapi/v1/endpoints/pathways.py
@ -0,0 +1,42 @@
+from django.conf import settings as s
+from ninja import Router
+from ninja_extra.pagination import paginate
+from uuid import UUID
+
+from epdb.models import Pathway
+from ..pagination import EnhancedPageNumberPagination
+from ..schemas import PathwayOutSchema, ReviewStatusFilter
+from ..dal import get_user_entities_qs, get_package_scoped_entities_qs
+
+router = Router()
+
+
+@router.get("/pathways/", response=EnhancedPageNumberPagination.Output[PathwayOutSchema])
+@paginate(
+    EnhancedPageNumberPagination,
+    page_size=s.API_PAGINATION_DEFAULT_PAGE_SIZE,
+    filter_schema=ReviewStatusFilter,
+)
+def list_all_pathways(request):
+    """
+    List all pathways from reviewed packages.
+    """
+    user = request.user
+    return get_user_entities_qs(Pathway, user).order_by("name").all()
+
+
+@router.get(
+    "/package/{uuid:package_uuid}/pathway/",
+    response=EnhancedPageNumberPagination.Output[PathwayOutSchema],
+)
+@paginate(
+    EnhancedPageNumberPagination,
+    page_size=s.API_PAGINATION_DEFAULT_PAGE_SIZE,
+    filter_schema=ReviewStatusFilter,
+)
+def list_package_pathways(request, package_uuid: UUID):
+    """
+    List all pathways for a specific package.
+    """
+    user = request.user
+    return get_package_scoped_entities_qs(Pathway, package_uuid, user).order_by("name").all()
--- a/epapi/v1/endpoints/reactions.py
+++ b/epapi/v1/endpoints/reactions.py
@ -0,0 +1,42 @@
+from django.conf import settings as s
+from ninja import Router
+from ninja_extra.pagination import paginate
+from uuid import UUID
+
+from epdb.models import Reaction
+from ..pagination import EnhancedPageNumberPagination
+from ..schemas import ReactionOutSchema, ReviewStatusFilter
+from ..dal import get_user_entities_qs, get_package_scoped_entities_qs
+
+router = Router()
+
+
+@router.get("/reactions/", response=EnhancedPageNumberPagination.Output[ReactionOutSchema])
+@paginate(
+    EnhancedPageNumberPagination,
+    page_size=s.API_PAGINATION_DEFAULT_PAGE_SIZE,
+    filter_schema=ReviewStatusFilter,
+)
+def list_all_reactions(request):
+    """
+    List all reactions from reviewed packages.
+    """
+    user = request.user
+    return get_user_entities_qs(Reaction, user).order_by("name").all()
+
+
+@router.get(
+    "/package/{uuid:package_uuid}/reaction/",
+    response=EnhancedPageNumberPagination.Output[ReactionOutSchema],
+)
+@paginate(
+    EnhancedPageNumberPagination,
+    page_size=s.API_PAGINATION_DEFAULT_PAGE_SIZE,
+    filter_schema=ReviewStatusFilter,
+)
+def list_package_reactions(request, package_uuid: UUID):
+    """
+    List all reactions for a specific package.
+    """
+    user = request.user
+    return get_package_scoped_entities_qs(Reaction, package_uuid, user).order_by("name").all()
--- a/epapi/v1/endpoints/rules.py
+++ b/epapi/v1/endpoints/rules.py
@ -0,0 +1,42 @@
+from django.conf import settings as s
+from ninja import Router
+from ninja_extra.pagination import paginate
+from uuid import UUID
+
+from epdb.models import Rule
+from ..pagination import EnhancedPageNumberPagination
+from ..schemas import ReviewStatusFilter, RuleOutSchema
+from ..dal import get_user_entities_qs, get_package_scoped_entities_qs
+
+router = Router()
+
+
+@router.get("/rules/", response=EnhancedPageNumberPagination.Output[RuleOutSchema])
+@paginate(
+    EnhancedPageNumberPagination,
+    page_size=s.API_PAGINATION_DEFAULT_PAGE_SIZE,
+    filter_schema=ReviewStatusFilter,
+)
+def list_all_rules(request):
+    """
+    List all rules from reviewed packages.
+    """
+    user = request.user
+    return get_user_entities_qs(Rule, user).order_by("name").all()
+
+
+@router.get(
+    "/package/{uuid:package_uuid}/rule/",
+    response=EnhancedPageNumberPagination.Output[RuleOutSchema],
+)
+@paginate(
+    EnhancedPageNumberPagination,
+    page_size=s.API_PAGINATION_DEFAULT_PAGE_SIZE,
+    filter_schema=ReviewStatusFilter,
+)
+def list_package_rules(request, package_uuid: UUID):
+    """
+    List all rules for a specific package.
+    """
+    user = request.user
+    return get_package_scoped_entities_qs(Rule, package_uuid, user).order_by("name").all()
--- a/epapi/v1/endpoints/scenarios.py
+++ b/epapi/v1/endpoints/scenarios.py
@ -0,0 +1,36 @@
+from django.conf import settings as s
+from ninja import Router
+from ninja_extra.pagination import paginate
+from uuid import UUID
+
+from epdb.models import Scenario
+from ..pagination import EnhancedPageNumberPagination
+from ..schemas import ReviewStatusFilter, ScenarioOutSchema
+from ..dal import get_user_entities_qs, get_package_scoped_entities_qs
+
+router = Router()
+
+
+@router.get("/scenarios/", response=EnhancedPageNumberPagination.Output[ScenarioOutSchema])
+@paginate(
+    EnhancedPageNumberPagination,
+    page_size=s.API_PAGINATION_DEFAULT_PAGE_SIZE,
+    filter_schema=ReviewStatusFilter,
+)
+def list_all_scenarios(request):
+    user = request.user
+    return get_user_entities_qs(Scenario, user).order_by("name").all()
+
+
+@router.get(
+    "/package/{uuid:package_uuid}/scenario/",
+    response=EnhancedPageNumberPagination.Output[ScenarioOutSchema],
+)
+@paginate(
+    EnhancedPageNumberPagination,
+    page_size=s.API_PAGINATION_DEFAULT_PAGE_SIZE,
+    filter_schema=ReviewStatusFilter,
+)
+def list_package_scenarios(request, package_uuid: UUID):
+    user = request.user
+    return get_package_scoped_entities_qs(Scenario, package_uuid, user).order_by("name").all()
--- a/epapi/v1/endpoints/structure.py
+++ b/epapi/v1/endpoints/structure.py
@ -0,0 +1,50 @@
+from django.conf import settings as s
+from ninja import Router
+from ninja_extra.pagination import paginate
+from uuid import UUID
+
+from ..pagination import EnhancedPageNumberPagination
+from ..schemas import CompoundStructureOutSchema, StructureReviewStatusFilter
+from ..dal import (
+    get_user_structures_qs,
+    get_package_compound_scoped_structure_qs,
+)
+
+router = Router()
+
+
+@router.get(
+    "/structures/", response=EnhancedPageNumberPagination.Output[CompoundStructureOutSchema]
+)
+@paginate(
+    EnhancedPageNumberPagination,
+    page_size=s.API_PAGINATION_DEFAULT_PAGE_SIZE,
+    filter_schema=StructureReviewStatusFilter,
+)
+def list_all_structures(request):
+    """
+    List all structures from all packages.
+    """
+    user = request.user
+    return get_user_structures_qs(user).order_by("name").all()
+
+
+@router.get(
+    "/package/{uuid:package_uuid}/compound/{uuid:compound_uuid}/structure/",
+    response=EnhancedPageNumberPagination.Output[CompoundStructureOutSchema],
+)
+@paginate(
+    EnhancedPageNumberPagination,
+    page_size=s.API_PAGINATION_DEFAULT_PAGE_SIZE,
+    filter_schema=StructureReviewStatusFilter,
+)
+def list_package_structures(request, package_uuid: UUID, compound_uuid: UUID):
+    """
+    List all structures for a specific package and compound.
+    """
+    user = request.user
+    return (
+        get_package_compound_scoped_structure_qs(package_uuid, compound_uuid, user)
+        .order_by("name")
+        .all()
+    )
--- a/epapi/v1/errors.py
+++ b/epapi/v1/errors.py
@ -0,0 +1,28 @@
+from ninja.errors import HttpError
+
+
+class EPAPIError(HttpError):
+    status_code: int = 500
+
+    def __init__(self, message: str) -> None:
+        super().__init__(status_code=self.status_code, message=message)
+
+    @classmethod
+    def from_exception(cls, exc: Exception):
+        return cls(message=str(exc))
+
+
+class EPAPIUnauthorizedError(EPAPIError):
+    status_code = 401
+
+
+class EPAPIPermissionDeniedError(EPAPIError):
+    status_code = 403
+
+
+class EPAPINotFoundError(EPAPIError):
+    status_code = 404
+
+
+class EPAPIValidationError(EPAPIError):
+    status_code = 422
--- a/epapi/v1/pagination.py
+++ b/epapi/v1/pagination.py
@ -0,0 +1,60 @@
+import math
+from typing import Any, Generic, List, TypeVar
+
+from django.db.models import QuerySet
+from ninja import Schema
+from ninja.pagination import PageNumberPagination
+
+T = TypeVar("T")
+
+
+class EnhancedPageNumberPagination(PageNumberPagination):
+    class Output(Schema, Generic[T]):
+        items: List[T]
+        page: int
+        page_size: int
+        total_items: int
+        total_pages: int
+
+    def paginate_queryset(
+        self,
+        queryset: QuerySet,
+        pagination: PageNumberPagination.Input,
+        **params: Any,
+    ) -> Any:
+        page_size = self._get_page_size(pagination.page_size)
+        offset = (pagination.page - 1) * page_size
+        total_items = self._items_count(queryset)
+        total_pages = math.ceil(total_items / page_size) if page_size > 0 else 0
+
+        return {
+            "items": queryset[offset : offset + page_size],
+            "page": pagination.page,
+            "page_size": page_size,
+            "total_items": total_items,
+            "total_pages": total_pages,
+        }
+
+    async def apaginate_queryset(
+        self,
+        queryset: QuerySet,
+        pagination: PageNumberPagination.Input,
+        **params: Any,
+    ) -> Any:
+        page_size = self._get_page_size(pagination.page_size)
+        offset = (pagination.page - 1) * page_size
+        total_items = await self._aitems_count(queryset)
+        total_pages = math.ceil(total_items / page_size) if page_size > 0 else 0
+
+        if isinstance(queryset, QuerySet):
+            items = [obj async for obj in queryset[offset : offset + page_size]]
+        else:
+            items = queryset[offset : offset + page_size]
+
+        return {
+            "items": items,
+            "page": pagination.page,
+            "page_size": page_size,
+            "total_items": total_items,
+            "total_pages": total_pages,
+        }
--- a/epapi/v1/router.py
+++ b/epapi/v1/router.py
@ -0,0 +1,22 @@
+from ninja import Router
+from ninja.security import SessionAuth
+from .auth import BearerTokenAuth
+from .endpoints import packages, scenarios, compounds, rules, reactions, pathways, models, structure
+
+# Main router with authentication
+router = Router(
+    auth=[
+        SessionAuth(),
+        BearerTokenAuth(),
+    ]
+)
+
+# Include all endpoint routers
+router.add_router("", packages.router)
+router.add_router("", scenarios.router)
+router.add_router("", compounds.router)
+router.add_router("", rules.router)
+router.add_router("", reactions.router)
+router.add_router("", pathways.router)
+router.add_router("", models.router)
+router.add_router("", structure.router)
--- a/epapi/v1/schemas.py
+++ b/epapi/v1/schemas.py
@ -0,0 +1,104 @@
+from ninja import FilterSchema, FilterLookup, Schema
+from typing import Annotated, Optional
+from uuid import UUID
+
+
+# Filter schema for query parameters
+class ReviewStatusFilter(FilterSchema):
+    """Filter schema for review_status query parameter."""
+
+    review_status: Annotated[Optional[bool], FilterLookup("package__reviewed")] = None
+
+
+class SelfReviewStatusFilter(FilterSchema):
+    """Filter schema for review_status query parameter on self-reviewed entities."""
+
+    review_status: Annotated[Optional[bool], FilterLookup("reviewed")] = None
+
+
+class StructureReviewStatusFilter(FilterSchema):
+    """Filter schema for review_status on structures (via compound->package)."""
+
+    review_status: Annotated[Optional[bool], FilterLookup("compound__package__reviewed")] = None
+
+
+# Base schema for all package-scoped entities
+class PackageEntityOutSchema(Schema):
+    """Base schema for entities belonging to a package."""
+
+    uuid: UUID
+    url: str = ""
+    name: str
+    description: str
+    review_status: str = ""
+    package: str = ""
+
+    @staticmethod
+    def resolve_url(obj):
+        return obj.url
+
+    @staticmethod
+    def resolve_package(obj):
+        return obj.package.url
+
+    @staticmethod
+    def resolve_review_status(obj):
+        return "reviewed" if obj.package.reviewed else "unreviewed"
+
+
+# All package-scoped entities inherit from base
+class ScenarioOutSchema(PackageEntityOutSchema):
+    pass
+
+
+class CompoundOutSchema(PackageEntityOutSchema):
+    pass
+
+
+class RuleOutSchema(PackageEntityOutSchema):
+    pass
+
+
+class ReactionOutSchema(PackageEntityOutSchema):
+    pass
+
+
+class PathwayOutSchema(PackageEntityOutSchema):
+    pass
+
+
+class ModelOutSchema(PackageEntityOutSchema):
+    pass
+
+
+class CompoundStructureOutSchema(PackageEntityOutSchema):
+    compound: str = ""
+
+    @staticmethod
+    def resolve_compound(obj):
+        return obj.compound.url
+
+    @staticmethod
+    def resolve_package(obj):
+        return obj.compound.package.url
+
+    @staticmethod
+    def resolve_review_status(obj):
+        return "reviewed" if obj.compound.package.reviewed else "unreviewed"
+
+
+# Package is special (no package FK)
+class PackageOutSchema(Schema):
+    uuid: UUID
+    url: str = ""
+    name: str
+    description: str
+    review_status: str = ""
+
+    @staticmethod
+    def resolve_url(obj):
+        return obj.url
+
+    @staticmethod
+    def resolve_review_status(obj):
+        return "reviewed" if obj.reviewed else "unreviewed"
--- a/epauth/init.py
+++ b/epauth/init.py
--- a/epauth/admin.py
+++ b/epauth/admin.py
@ -0,0 +1,3 @@
+from django.contrib import admin
+
+# Register your models here.
--- a/epauth/apps.py
+++ b/epauth/apps.py
@ -0,0 +1,6 @@
+from django.apps import AppConfig
+
+
+class EpauthConfig(AppConfig):
+    default_auto_field = 'django.db.models.BigAutoField'
+    name = 'epauth'
--- a/epauth/migrations/init.py
+++ b/epauth/migrations/init.py
--- a/epauth/models.py
+++ b/epauth/models.py
@ -0,0 +1,3 @@
+from django.db import models
+
+# Create your models here.
--- a/epauth/tests.py
+++ b/epauth/tests.py
@ -0,0 +1,3 @@
+from django.test import TestCase
+
+# Create your tests here.
--- a/epauth/urls.py
+++ b/epauth/urls.py
@ -0,0 +1,8 @@
+from django.urls import path
+
+from . import views
+
+urlpatterns = [
+    path("microsoft/login/", views.microsoft_login, name="microsoft_login"),
+    path("microsoft/callback/", views.microsoft_callback, name="microsoft_callback"),
+]
--- a/epauth/views.py
+++ b/epauth/views.py
@ -0,0 +1,66 @@
+import msal
+from django.conf import settings as s
+from django.contrib.auth import login
+from django.shortcuts import redirect
+from django.contrib.auth import get_user_model
+
+from epdb.logic import UserManager
+
+
+def microsoft_login(request):
+    msal_app = msal.ConfidentialClientApplication(
+        client_id=s.MS_ENTRA_CLIENT_ID,
+        client_credential=s.MS_ENTRA_CLIENT_SECRET,
+        authority=s.MS_ENTRA_AUTHORITY
+    )
+
+    flow = msal_app.initiate_auth_code_flow(
+        scopes=s.MS_ENTRA_SCOPES,
+        redirect_uri=s.MS_ENTRA_REDIRECT_URI
+    )
+
+    request.session["msal_auth_flow"] = flow
+    return redirect(flow["auth_uri"])
+
+
+def microsoft_callback(request):
+    msal_app = msal.ConfidentialClientApplication(
+        client_id=s.MS_ENTRA_CLIENT_ID,
+        client_credential=s.MS_ENTRA_CLIENT_SECRET,
+        authority=s.MS_ENTRA_AUTHORITY
+    )
+
+    flow = request.session.pop("msal_auth_flow", None)
+    if not flow:
+        return redirect("/")
+
+    # Acquire token using the flow and callback request
+    result = msal_app.acquire_token_by_auth_code_flow(flow, request.GET)
+
+    if "access_token" in result:
+        # Optional: Fetch user info from Microsoft Graph
+        import requests
+        resp = requests.get(
+            "https://graph.microsoft.com/v1.0/me",
+            headers={"Authorization": f"Bearer {result['access_token']}"}
+        )
+        user_info = resp.json()
+
+        user_name = user_info["displayName"]
+        user_email = user_info["mail"]
+        user_oid = user_info["id"]
+
+        # Get implementing class
+        User = get_user_model()
+
+        if User.objects.filter(uuid=user_oid).exists():
+            login(request, User.objects.get(uuid=user_oid))
+        else:
+            u = UserManager.create_user(user_name, user_email, None, uuid=user_oid, is_active=True)
+            login(request, u)
+
+        # TODO Group Sync
+
+        return redirect("/")
+
+    return redirect("/")  # Handle errors
--- a/epdb/init.py
+++ b/epdb/init.py
--- a/epdb/admin.py
+++ b/epdb/admin.py
@ -0,0 +1,140 @@
+from django.conf import settings as s
+from django.contrib import admin
+
+from .models import (
+    Compound,
+    CompoundStructure,
+    Edge,
+    EnviFormer,
+    ExternalDatabase,
+    ExternalIdentifier,
+    Group,
+    GroupPackagePermission,
+    JobLog,
+    License,
+    MLRelativeReasoning,
+    Node,
+    ParallelRule,
+    Pathway,
+    Reaction,
+    Scenario,
+    Setting,
+    SimpleAmbitRule,
+    User,
+    UserPackagePermission,
+)
+
+Package = s.GET_PACKAGE_MODEL()
+
+
+class UserAdmin(admin.ModelAdmin):
+    list_display = ["username", "email", "is_active"]
+
+
+class UserPackagePermissionAdmin(admin.ModelAdmin):
+    pass
+
+
+class GroupAdmin(admin.ModelAdmin):
+    pass
+
+
+class GroupPackagePermissionAdmin(admin.ModelAdmin):
+    pass
+
+
+class JobLogAdmin(admin.ModelAdmin):
+    pass
+
+
+class EPAdmin(admin.ModelAdmin):
+    search_fields = ["name", "description"]
+    list_display = ["name", "url", "created"]
+    ordering = ["-created"]
+
+
+class PackageAdmin(EPAdmin):
+    pass
+
+
+class MLRelativeReasoningAdmin(EPAdmin):
+    pass
+
+
+class EnviFormerAdmin(EPAdmin):
+    pass
+
+
+class LicenseAdmin(admin.ModelAdmin):
+    list_display = ["cc_string", "link", "image_link"]
+
+
+class CompoundAdmin(EPAdmin):
+    pass
+
+
+class CompoundStructureAdmin(EPAdmin):
+    pass
+
+
+class SimpleAmbitRuleAdmin(EPAdmin):
+    pass
+
+
+class ParallelRuleAdmin(EPAdmin):
+    pass
+
+
+class ReactionAdmin(EPAdmin):
+    pass
+
+
+class PathwayAdmin(EPAdmin):
+    pass
+
+
+class NodeAdmin(EPAdmin):
+    pass
+
+
+class EdgeAdmin(EPAdmin):
+    pass
+
+
+class ScenarioAdmin(EPAdmin):
+    pass
+
+
+class SettingAdmin(EPAdmin):
+    pass
+
+
+class ExternalDatabaseAdmin(admin.ModelAdmin):
+    pass
+
+
+class ExternalIdentifierAdmin(admin.ModelAdmin):
+    pass
+
+
+admin.site.register(User, UserAdmin)
+admin.site.register(UserPackagePermission, UserPackagePermissionAdmin)
+admin.site.register(Group, GroupAdmin)
+admin.site.register(GroupPackagePermission, GroupPackagePermissionAdmin)
+admin.site.register(JobLog, JobLogAdmin)
+admin.site.register(Package, PackageAdmin)
+admin.site.register(MLRelativeReasoning, MLRelativeReasoningAdmin)
+admin.site.register(EnviFormer, EnviFormerAdmin)
+admin.site.register(License, LicenseAdmin)
+admin.site.register(Compound, CompoundAdmin)
+admin.site.register(CompoundStructure, CompoundStructureAdmin)
+admin.site.register(SimpleAmbitRule, SimpleAmbitRuleAdmin)
+admin.site.register(ParallelRule, ParallelRuleAdmin)
+admin.site.register(Reaction, ReactionAdmin)
+admin.site.register(Pathway, PathwayAdmin)
+admin.site.register(Node, NodeAdmin)
+admin.site.register(Edge, EdgeAdmin)
+admin.site.register(Setting, SettingAdmin)
+admin.site.register(Scenario, ScenarioAdmin)
+admin.site.register(ExternalDatabase, ExternalDatabaseAdmin)
+admin.site.register(ExternalIdentifier, ExternalIdentifierAdmin)
--- a/epdb/api.py
+++ b/epdb/api.py
@ -0,0 +1,113 @@
+from typing import List
+
+from django.contrib.auth import get_user_model
+from ninja import Router, Schema, Field
+from ninja.errors import HttpError
+from ninja.pagination import paginate
+from ninja.security import HttpBearer
+
+from .logic import PackageManager
+from .models import User, Compound, APIToken
+
+
+class BearerTokenAuth(HttpBearer):
+    def authenticate(self, request, token):
+        for token_obj in APIToken.objects.select_related("user").all():
+            if token_obj.check_token(token) and token_obj.is_valid():
+                return token_obj.user
+        raise HttpError(401, "Invalid or expired token")
+
+
+def _anonymous_or_real(request):
+    if request.user.is_authenticated and not request.user.is_anonymous:
+        return request.user
+    return get_user_model().objects.get(username="anonymous")
+
+
+router = Router(auth=BearerTokenAuth())
+
+
+class UserSchema(Schema):
+    email: str
+    username: str
+    id: str = Field(None, alias="url")
+
+
+class PackageIn(Schema):
+    name: str
+    description: str
+
+
+class PackageOut(Schema):
+    id: str = Field(None, alias="url")
+    name: str
+    reviewed: bool
+    compound_links: str = None
+
+    @staticmethod
+    def resolve_compound_links(obj):
+        return f"{obj.url}/compound"
+
+
+class Error(Schema):
+    message: str
+
+
+class CompoundSchema(Schema):
+    name: str = Field(None, alias="name")
+    id: str = Field(None, alias="url")
+    smiles: str = Field(None, alias="default_structure.smiles")
+    reviewed: bool = Field(None, alias="package.reviewed")
+
+
+@router.get("/user", response={200: List[UserSchema], 403: Error})
+def get_users(request):
+    return User.objects.all()
+
+
+@router.get("/package", response={200: List[PackageOut], 403: Error})
+def get_packages(request):
+    return PackageManager.get_all_readable_packages(request.user, include_reviewed=True)
+
+
+@router.post("/package", response=PackageOut)
+def create_package(request, package: PackageIn):
+    user = request.auth
+    name = package.name.strip()
+    description = package.description.strip()
+
+    p = PackageManager.create_package(user, name, description=description)
+    return p
+
+
+@router.get("/package/{uuid:package_uuid}", response={200: PackageOut, 403: Error})
+def get_package(request, package_uuid):
+    try:
+        return PackageManager.get_package_by_id(request.auth, package_id=package_uuid)
+    except ValueError:
+        return 403, {
+            "message": f"Getting Package with id {package_uuid} failed due to insufficient rights!"
+        }
+
+
+@router.get("/compound", response={200: List[CompoundSchema], 403: Error})
+@paginate
+def get_compounds(request):
+    qs = Compound.objects.none()
+    for p in PackageManager.get_reviewed_packages():
+        qs |= Compound.objects.filter(package=p)
+    return qs
+
+
+@router.get(
+    "/package/{uuid:package_uuid}/compound", response={200: List[CompoundSchema], 403: Error}
+)
+@paginate
+def get_package_compounds(request, package_uuid):
+    try:
+        p = PackageManager.get_package_by_id(request.auth, package_uuid)
+        return Compound.objects.filter(package=p)
+    except ValueError:
+        return 403, {
+            "message": f"Getting Compounds for Package with id {package_uuid} failed due to insufficient rights!"
+        }
--- a/epdb/apps.py
+++ b/epdb/apps.py
@ -0,0 +1,17 @@
+import logging
+
+from django.apps import AppConfig
+from django.conf import settings
+
+logger = logging.getLogger(__name__)
+
+
+class EPDBConfig(AppConfig):
+    default_auto_field = "django.db.models.BigAutoField"
+    name = "epdb"
+
+    def ready(self):
+        import epdb.signals  # noqa: F401
+
+        model_name = getattr(settings, "EPDB_PACKAGE_MODEL", "epdb.Package")
+        logger.info(f"Using Package model: {model_name}")
--- a/epdb/context_processors.py
+++ b/epdb/context_processors.py
@ -0,0 +1,32 @@
+"""
+Context processors for enviPy application.
+
+Context processors automatically make variables available to all templates.
+"""
+
+from .logic import PackageManager
+from django.conf import settings as s
+
+
+def package_context(request):
+    """
+    Provides package data for the search modal which is included globally
+    in framework_modern.html.
+
+    Returns:
+        dict: Context dictionary with reviewed and unreviewed packages
+    """
+    current_user = request.user
+
+    reviewed_package_qs = PackageManager.get_reviewed_packages()
+
+    unreviewed_package_qs = s.GET_PACKAGE_MODEL().objects.none()
+
+    # Only get user-specific packages if user is authenticated
+    if current_user.is_authenticated:
+        unreviewed_package_qs = PackageManager.get_all_readable_packages(current_user)
+
+    return {
+        "reviewed_packages": reviewed_package_qs,
+        "unreviewed_packages": unreviewed_package_qs,
+    }
--- a/epdb/legacy_api.py
+++ b/epdb/legacy_api.py
--- a/epdb/logic.py
+++ b/epdb/logic.py
--- a/epdb/management/init.py
+++ b/epdb/management/init.py
--- a/epdb/management/commands/init.py
+++ b/epdb/management/commands/init.py
--- a/epdb/management/commands/bootstrap.py
+++ b/epdb/management/commands/bootstrap.py
@ -0,0 +1,245 @@
+import json
+
+from django.conf import settings as s
+from django.core.management.base import BaseCommand
+from django.db import transaction
+
+from epdb.logic import UserManager, GroupManager, PackageManager, SettingManager
+from epdb.models import (
+    UserSettingPermission,
+    MLRelativeReasoning,
+    EnviFormer,
+    Permission,
+    User,
+    ExternalDatabase,
+    License,
+)
+
+
+class Command(BaseCommand):
+    def add_arguments(self, parser):
+        parser.add_argument(
+            "-ol", "--only-licenses", action="store_true", help="Only create licenses."
+        )
+
+    def create_users(self):
+        # Anonymous User
+        if not User.objects.filter(email="anon@envipath.com").exists():
+            anon = UserManager.create_user(
+                "anonymous",
+                "anon@envipath.com",
+                "SuperSafe",
+                is_active=True,
+                add_to_group=False,
+                set_setting=False,
+            )
+        else:
+            anon = User.objects.get(email="anon@envipath.com")
+
+        # Admin User
+        if not User.objects.filter(email="admin@envipath.com").exists():
+            admin = UserManager.create_user(
+                "admin",
+                "admin@envipath.com",
+                "SuperSafe",
+                is_active=True,
+                add_to_group=False,
+                set_setting=False,
+            )
+            admin.is_staff = True
+            admin.is_superuser = True
+            admin.save()
+        else:
+            admin = User.objects.get(email="admin@envipath.com")
+
+        # System Group
+        g = GroupManager.create_group(admin, "enviPath Users", "All enviPath Users")
+        g.public = True
+        g.save()
+
+        g.user_member.add(anon)
+        g.save()
+
+        anon.default_group = g
+        anon.save()
+
+        admin.default_group = g
+        admin.save()
+
+        if not User.objects.filter(email="user0@envipath.com").exists():
+            user0 = UserManager.create_user(
+                "user0",
+                "user0@envipath.com",
+                "SuperSafe",
+                is_active=True,
+                add_to_group=False,
+                set_setting=False,
+            )
+            user0.is_staff = True
+            user0.is_superuser = True
+            user0.save()
+        else:
+            user0 = User.objects.get(email="user0@envipath.com")
+
+        g.user_member.add(user0)
+        g.save()
+
+        user0.default_group = g
+        user0.save()
+
+        return anon, admin, g, user0
+
+    def create_licenses(self):
+        """Create the six default licenses supported by enviPath"""
+        cc_strings = ["by", "by-nc", "by-nc-nd", "by-nc-sa", "by-nd", "by-sa"]
+        for cc_string in cc_strings:
+            if not License.objects.filter(cc_string=cc_string).exists():
+                new_license = License()
+                new_license.cc_string = cc_string
+                new_license.link = f"https://creativecommons.org/licenses/{cc_string}/4.0/"
+                new_license.image_link = f"https://licensebuttons.net/l/{cc_string}/4.0/88x31.png"
+                new_license.save()
+
+    def import_package(self, data, owner):
+        return PackageManager.import_legacy_package(
+            data, owner, keep_ids=True, add_import_timestamp=False, trust_reviewed=True
+        )
+
+    def create_default_setting(self, owner, packages):
+        s = SettingManager.create_setting(
+            owner,
+            name="Global Default Setting",
+            description="Global Default Setting containing BBD Rules and Max 30 Nodes and Max Depth of 8",
+            max_nodes=30,
+            max_depth=5,
+            rule_packages=packages,
+            model=None,
+            model_threshold=None,
+        )
+
+        return s
+
+    def populate_common_external_databases(self):
+        """
+        Helper function to populate common external databases.
+        This can be called from a Django management command.
+        """
+        databases = [
+            {
+                "name": "PubChem Compound",
+                "full_name": "PubChem Compound Database",
+                "description": "Chemical database of small organic molecules",
+                "base_url": "https://pubchem.ncbi.nlm.nih.gov",
+                "url_pattern": "https://pubchem.ncbi.nlm.nih.gov/compound/{id}",
+            },
+            {
+                "name": "PubChem Substance",
+                "full_name": "PubChem Substance Database",
+                "description": "Database of chemical substances",
+                "base_url": "https://pubchem.ncbi.nlm.nih.gov",
+                "url_pattern": "https://pubchem.ncbi.nlm.nih.gov/substance/{id}",
+            },
+            {
+                "name": "ChEBI",
+                "full_name": "Chemical Entities of Biological Interest",
+                "description": "Dictionary of molecular entities",
+                "base_url": "https://www.ebi.ac.uk/chebi",
+                "url_pattern": "https://www.ebi.ac.uk/chebi/searchId.do?chebiId=CHEBI:{id}",
+            },
+            {
+                "name": "RHEA",
+                "full_name": "RHEA Reaction Database",
+                "description": "Comprehensive resource of biochemical reactions",
+                "base_url": "https://www.rhea-db.org",
+                "url_pattern": "https://www.rhea-db.org/rhea/{id}",
+            },
+            {
+                "name": "KEGG Reaction",
+                "full_name": "KEGG Reaction Database",
+                "description": "Database of biochemical reactions",
+                "base_url": "https://www.genome.jp",
+                "url_pattern": "https://www.genome.jp/entry/{id}",
+            },
+            {
+                "name": "UniProt",
+                "full_name": "MetaCyc Metabolic Pathway Database",
+                "description": "UniProt is a freely accessible database of protein sequence and functional information",
+                "base_url": "https://www.uniprot.org",
+                "url_pattern": 'https://www.uniprot.org/uniprotkb?query="{id}"',
+            },
+        ]
+
+        for db_info in databases:
+            ExternalDatabase.objects.get_or_create(name=db_info["name"], defaults=db_info)
+
+    @transaction.atomic
+    def handle(self, *args, **options):
+        # Create licenses
+        self.create_licenses()
+        if options.get("only_licenses", False):
+            return
+        # Create users
+        anon, admin, g, user0 = self.create_users()
+
+        self.populate_common_external_databases()
+
+        # Import Packages
+        packages = [
+            "EAWAG-BBD.json",
+            "EAWAG-SOIL.json",
+            "EAWAG-SLUDGE.json",
+            "EAWAG-SEDIMENT.json",
+        ]
+
+        mapping = {}
+        for p in packages:
+            print(f"Importing {p}...")
+            package_data = json.loads(
+                open(
+                    s.BASE_DIR / "fixtures" / "packages" / "2025-07-18" / p, encoding="utf-8"
+                ).read()
+            )
+            imported_package = self.import_package(package_data, admin)
+            mapping[p.replace(".json", "")] = imported_package
+
+        setting = self.create_default_setting(admin, [mapping["EAWAG-BBD"]])
+        setting.public = True
+        setting.save()
+        setting.make_global_default()
+
+        for u in [anon, user0]:
+            u.default_setting = setting
+            u.save()
+
+            usp = UserSettingPermission()
+            usp.user = u
+            usp.setting = setting
+            usp.permission = Permission.READ[0]
+            usp.save()
+
+        # Create Model Package
+        pack = PackageManager.create_package(
+            admin,
+            "Public Prediction Models",
+            "Package to make Prediction Models publicly available",
+        )
+        pack.reviewed = True
+        pack.save()
+
+        # Create RR
+        ml_model = MLRelativeReasoning.create(
+            package=pack,
+            rule_packages=[mapping["EAWAG-BBD"]],
+            data_packages=[mapping["EAWAG-BBD"]],
+            eval_packages=[],
+            threshold=0.5,
+            name="ECC - BBD - T0.5",
+            description="ML Relative Reasoning",
+        )
+
+        ml_model.build_dataset()
+        ml_model.build_model()
+
+        # If available, create EnviFormerModel
+        if s.ENVIFORMER_PRESENT:
+            EnviFormer.create(pack, "EnviFormer - T0.5", "EnviFormer Model with Threshold 0.5", 0.5)
--- a/epdb/management/commands/create_ml_models.py
+++ b/epdb/management/commands/create_ml_models.py
@ -0,0 +1,121 @@
+from django.conf import settings as s
+from django.core.management.base import BaseCommand
+from django.db import transaction
+
+from epdb.models import EnviFormer, MLRelativeReasoning
+
+Package = s.GET_PACKAGE_MODEL()
+
+
+class Command(BaseCommand):
+    """This command can be run with
+    `python manage.py create_ml_models [model_names] -d [data_packages] FOR MLRR ONLY: -r [rule_packages]
+                                        OPTIONAL: -e [eval_packages] -t threshold`
+    For example, to train both EnviFormer and MLRelativeReasoning on BBD and SOIL and evaluate them on SLUDGE with a
+    threshold of 0.6, the below command would be used:
+    `python manage.py create_ml_models enviformer mlrr -d bbd soil -e sludge -t 0.6
+    """
+
+    def add_arguments(self, parser):
+        parser.add_argument(
+            "model_names",
+            nargs="+",
+            type=str,
+            help="The names of models to train. Options are: enviformer, mlrr",
+        )
+        parser.add_argument(
+            "-d", "--data-packages", nargs="+", type=str, help="Packages for training"
+        )
+        parser.add_argument(
+            "-e", "--eval-packages", nargs="*", type=str, help="Packages for evaluation", default=[]
+        )
+        parser.add_argument(
+            "-r",
+            "--rule-packages",
+            nargs="*",
+            type=str,
+            help="Rule Packages mandatory for MLRR",
+            default=[],
+        )
+        parser.add_argument(
+            "-t",
+            "--threshold",
+            type=float,
+            help="Model prediction threshold",
+            default=0.5,
+        )
+
+    @transaction.atomic
+    def handle(self, *args, **options):
+        # Find Public Prediction Models package to add new models to
+        try:
+            pack = Package.objects.filter(name="Public Prediction Models")[0]
+            bbd = Package.objects.filter(name="EAWAG-BBD")[0]
+            soil = Package.objects.filter(name="EAWAG-SOIL")[0]
+            sludge = Package.objects.filter(name="EAWAG-SLUDGE")[0]
+            sediment = Package.objects.filter(name="EAWAG-SEDIMENT")[0]
+        except IndexError:
+            raise IndexError(
+                "Can't find correct packages. They should be created with the bootstrap command"
+            )
+
+        def decode_packages(package_list):
+            """Decode package strings into their respective packages"""
+            packages = []
+            for p in package_list:
+                p = p.lower()
+                if p == "bbd":
+                    packages.append(bbd)
+                elif p == "soil":
+                    packages.append(soil)
+                elif p == "sludge":
+                    packages.append(sludge)
+                elif p == "sediment":
+                    packages.append(sediment)
+                else:
+                    raise ValueError(f"Unknown package {p}")
+            return packages
+
+        # Iteratively create models in options["model_names"]
+        print(
+            f"Creating models: {options['model_names']}\n"
+            f"Data packages: {options['data_packages']}\n"
+            f"Rule Packages (only for MLRR): {options['rule_packages']}\n"
+            f"Eval Packages: {options['eval_packages']}\n"
+            f"Threshold: {options['threshold']:.2f}"
+        )
+        data_packages = decode_packages(options["data_packages"])
+        eval_packages = decode_packages(options["eval_packages"])
+        rule_packages = decode_packages(options["rule_packages"])
+        for model_name in options["model_names"]:
+            model_name = model_name.lower()
+            if model_name == "enviformer" and s.ENVIFORMER_PRESENT:
+                model = EnviFormer.create(
+                    pack,
+                    data_packages=data_packages,
+                    threshold=options["threshold"],
+                    name=f"EnviFormer - {', '.join(options['data_packages'])} - T{options['threshold']:.2f}",
+                    description=f"EnviFormer transformer trained on {options['data_packages']} "
+                    f"evaluated on {options['eval_packages']}.",
+                )
+            elif model_name == "mlrr":
+                model = MLRelativeReasoning.create(
+                    package=pack,
+                    rule_packages=rule_packages,
+                    data_packages=data_packages,
+                    threshold=options["threshold"],
+                    name=f"ECC - {', '.join(options['data_packages'])} - T{options['threshold']:.2f}",
+                    description=f"ML Relative Reasoning trained on {options['data_packages']} with rules from "
+                    f"{options['rule_packages']} and evaluated on {options['eval_packages']}.",
+                )
+            else:
+                raise ValueError(f"Cannot create model of type {model_name}, unknown model type")
+            # Build the dataset for the model, train it, evaluate it and save it
+            print(f"Building dataset for {model_name}")
+            model.build_dataset()
+            print(f"Training {model_name}")
+            model.build_model()
+            print(f"Evaluating {model_name}")
+            model.evaluate_model(False, eval_packages=eval_packages)
+            print(f"Saving {model_name}")
+            model.save()
--- a/epdb/management/commands/dump_enviformer.py
+++ b/epdb/management/commands/dump_enviformer.py
@ -0,0 +1,59 @@
+import json
+import os
+import tarfile
+from tempfile import TemporaryDirectory
+
+from django.conf import settings as s
+from django.core.management.base import BaseCommand
+from django.db import transaction
+
+from epdb.models import EnviFormer
+
+
+class Command(BaseCommand):
+    def add_arguments(self, parser):
+        parser.add_argument(
+            "model",
+            type=str,
+            help="Model UUID of the Model to Dump",
+        )
+        parser.add_argument("--output", type=str)
+
+    def package_dict_and_folder(self, dict_data, folder_path, output_path):
+        with TemporaryDirectory() as tmpdir:
+            dict_filename = os.path.join(tmpdir, "data.json")
+
+            with open(dict_filename, "w", encoding="utf-8") as f:
+                json.dump(dict_data, f, indent=2)
+
+            with tarfile.open(output_path, "w:gz") as tar:
+                tar.add(dict_filename, arcname="data.json")
+                tar.add(folder_path, arcname=os.path.basename(folder_path))
+
+            os.remove(dict_filename)
+
+    @transaction.atomic
+    def handle(self, *args, **options):
+        output = options["output"]
+
+        if os.path.exists(output):
+            raise ValueError(f"Output file {output} already exists")
+
+        model = EnviFormer.objects.get(uuid=options["model"])
+
+        data = {
+            "uuid": str(model.uuid),
+            "name": model.name,
+            "description": model.description,
+            "kv": model.kv,
+            "data_packages_uuids": [str(p.uuid) for p in model.data_packages.all()],
+            "eval_packages_uuids": [str(p.uuid) for p in model.data_packages.all()],
+            "threshold": model.threshold,
+            "eval_results": model.eval_results,
+            "multigen_eval": model.multigen_eval,
+            "model_status": model.model_status,
+        }
+
+        model_folder = os.path.join(s.MODEL_DIR, "enviformer", str(model.uuid))
+
+        self.package_dict_and_folder(data, model_folder, output)
--- a/epdb/management/commands/import_external_identifiers.py
+++ b/epdb/management/commands/import_external_identifiers.py
@ -0,0 +1,58 @@
+from csv import DictReader
+
+from django.core.management.base import BaseCommand
+from django.db import transaction
+
+from epdb.models import Compound, CompoundStructure, Reaction, ExternalDatabase, ExternalIdentifier
+
+
+class Command(BaseCommand):
+    STR_TO_MODEL = {
+        "Compound": Compound,
+        "CompoundStructure": CompoundStructure,
+        "Reaction": Reaction,
+    }
+
+    STR_TO_DATABASE = {
+        "ChEBI": ExternalDatabase.objects.get(name="ChEBI"),
+        "RHEA": ExternalDatabase.objects.get(name="RHEA"),
+        "KEGG Reaction": ExternalDatabase.objects.get(name="KEGG Reaction"),
+        "PubChem Compound": ExternalDatabase.objects.get(name="PubChem Compound"),
+        "PubChem Substance": ExternalDatabase.objects.get(name="PubChem Substance"),
+    }
+
+    def add_arguments(self, parser):
+        parser.add_argument(
+            "--data",
+            type=str,
+            help="Path of the ID Mapping file.",
+            required=True,
+        )
+
+        parser.add_argument(
+            "--replace-host",
+            type=str,
+            help="Replace https://envipath.org/ with this host, e.g. http://localhost:8000/",
+        )
+
+    @transaction.atomic
+    def handle(self, *args, **options):
+        with open(options["data"]) as fh:
+            reader = DictReader(fh)
+            for row in reader:
+                clz = self.STR_TO_MODEL[row["model"]]
+
+                url = row["url"]
+                if options["replace_host"]:
+                    url = url.replace("https://envipath.org/", options["replace_host"])
+
+                instance = clz.objects.get(url=url)
+                db = self.STR_TO_DATABASE[row["identifier_type"]]
+
+                ExternalIdentifier.objects.create(
+                    content_object=instance,
+                    database=db,
+                    identifier_value=row["identifier_value"],
+                    url=db.url_pattern.format(id=row["identifier_value"]),
+                    is_primary=False,
+                )
--- a/epdb/management/commands/import_legacy_package.py
+++ b/epdb/management/commands/import_legacy_package.py
@ -0,0 +1,29 @@
+import json
+
+from django.core.management.base import BaseCommand
+from django.db import transaction
+
+from epdb.logic import PackageManager
+from epdb.models import User
+
+
+class Command(BaseCommand):
+    def add_arguments(self, parser):
+        parser.add_argument(
+            "--data",
+            type=str,
+            help="Path of the Package to import.",
+            required=True,
+        )
+        parser.add_argument(
+            "--owner",
+            type=str,
+            help="Username of the desired Owner.",
+            required=True,
+        )
+
+    @transaction.atomic
+    def handle(self, *args, **options):
+        owner = User.objects.get(username=options["owner"])
+        package_data = json.load(open(options["data"]))
+        PackageManager.import_legacy_package(package_data, owner)
--- a/epdb/management/commands/load_enviformer.py
+++ b/epdb/management/commands/load_enviformer.py
@ -0,0 +1,83 @@
+import json
+import os
+import shutil
+import tarfile
+from tempfile import TemporaryDirectory
+
+from django.conf import settings as s
+from django.core.management.base import BaseCommand
+from django.db import transaction
+
+from epdb.models import EnviFormer
+
+Package = s.GET_PACKAGE_MODEL()
+
+
+class Command(BaseCommand):
+    def add_arguments(self, parser):
+        parser.add_argument(
+            "input",
+            type=str,
+            help=".tar.gz file containing the Model dump.",
+        )
+        parser.add_argument(
+            "package",
+            type=str,
+            help="Package UUID where the Model should be loaded to.",
+        )
+
+    def read_dict_and_folder_from_archive(self, archive_path, extract_to="extracted_folder"):
+        with tarfile.open(archive_path, "r:gz") as tar:
+            tar.extractall(extract_to)
+
+            dict_path = os.path.join(extract_to, "data.json")
+
+            if not os.path.exists(dict_path):
+                raise FileNotFoundError("data.json not found in the archive.")
+
+            with open(dict_path, "r", encoding="utf-8") as f:
+                data_dict = json.load(f)
+
+            extracted_items = os.listdir(extract_to)
+            folders = [item for item in extracted_items if item != "data.json"]
+            folder_path = os.path.join(extract_to, folders[0]) if folders else None
+
+        return data_dict, folder_path
+
+    @transaction.atomic
+    def handle(self, *args, **options):
+        if not os.path.exists(options["input"]):
+            raise ValueError(f"Input file {options['input']} does not exist.")
+
+        target_package = Package.objects.get(uuid=options["package"])
+
+        with TemporaryDirectory() as tmpdir:
+            data, folder = self.read_dict_and_folder_from_archive(options["input"], tmpdir)
+
+            model = EnviFormer()
+            model.package = target_package
+            # model.uuid = data["uuid"]
+            model.name = data["name"]
+            model.description = data["description"]
+            model.kv = data["kv"]
+            model.threshold = float(data["threshold"])
+            model.eval_results = data["eval_results"]
+            model.multigen_eval = data["multigen_eval"]
+            model.model_status = data["model_status"]
+            model.save()
+
+            for p_uuid in data["data_packages_uuids"]:
+                p = Package.objects.get(uuid=p_uuid)
+                model.data_packages.add(p)
+
+            for p_uuid in data["eval_packages_uuids"]:
+                p = Package.objects.get(uuid=p_uuid)
+                model.eval_packages.add(p)
+
+            target_folder = os.path.join(s.MODEL_DIR, "enviformer", str(model.uuid))
+
+            shutil.copytree(folder, target_folder)
+            os.rename(
+                os.path.join(s.MODEL_DIR, "enviformer", str(model.uuid), f"{data['uuid']}.ckpt"),
+                os.path.join(s.MODEL_DIR, "enviformer", str(model.uuid), f"{model.uuid}.ckpt"),
+            )
--- a/epdb/management/commands/localize_urls.py
+++ b/epdb/management/commands/localize_urls.py
@ -0,0 +1,65 @@
+from django.apps import apps
+from django.conf import settings as s
+from django.core.management.base import BaseCommand
+from django.db.models import F, JSONField, TextField, Value
+from django.db.models.functions import Cast, Replace
+
+from epdb.models import EnviPathModel
+
+
+class Command(BaseCommand):
+    def add_arguments(self, parser):
+        parser.add_argument(
+            "--old",
+            type=str,
+            help="Old Host, most likely https://envipath.org/",
+            required=True,
+        )
+        parser.add_argument(
+            "--new",
+            type=str,
+            help="New Host, most likely http://localhost:8000/",
+            required=True,
+        )
+
+    def handle(self, *args, **options):
+        Package = s.GET_PACKAGE_MODEL()
+        Package.objects.update(url=Replace(F("url"), Value(options["old"]), Value(options["new"])))
+
+        MODELS = [
+            "User",
+            "Group",
+            "Compound",
+            "CompoundStructure",
+            "Pathway",
+            "Edge",
+            "Node",
+            "Reaction",
+            "SimpleAmbitRule",
+            "SimpleRDKitRule",
+            "ParallelRule",
+            "SequentialRule",
+            "Scenario",
+            "Setting",
+            "MLRelativeReasoning",
+            "RuleBasedRelativeReasoning",
+            "EnviFormer",
+            "ApplicabilityDomain",
+            "EnzymeLink",
+        ]
+        for model in MODELS:
+            obj_cls = apps.get_model("epdb", model)
+            obj_cls.objects.update(
+                url=Replace(F("url"), Value(options["old"]), Value(options["new"]))
+            )
+            if issubclass(obj_cls, EnviPathModel):
+                obj_cls.objects.update(
+                    kv=Cast(
+                        Replace(
+                            Cast(F("kv"), output_field=TextField()),
+                            Value(options["old"]),
+                            Value(options["new"]),
+                        ),
+                        output_field=JSONField(),
+                    )
+                )
--- a/epdb/management/commands/update_job_logs.py
+++ b/epdb/management/commands/update_job_logs.py
@ -0,0 +1,38 @@
+from datetime import date, timedelta
+
+from django.core.management.base import BaseCommand
+from django.db import transaction
+
+from epdb.models import JobLog
+
+
+class Command(BaseCommand):
+    def add_arguments(self, parser):
+        parser.add_argument(
+            "--cleanup",
+            type=int,
+            default=None,
+            help="Remove all logs older than this number of days. Default is None, which does not remove any logs.",
+        )
+
+    @transaction.atomic
+    def handle(self, *args, **options):
+        if options["cleanup"] is not None:
+            cleanup_dt = date.today() - timedelta(days=options["cleanup"])
+            print(JobLog.objects.filter(created__lt=cleanup_dt).delete())
+
+        logs = JobLog.objects.filter(status="INITIAL")
+        print(f"Found {logs.count()} logs to update")
+        updated = 0
+        for log in logs:
+            res = log.check_for_update()
+            if res:
+                updated += 1
+
+        print(f"Updated {updated} logs")
+
+        from django.db.models import Count
+
+        qs = JobLog.objects.values("status").annotate(total=Count("status"))
+        for r in qs:
+            print(r["status"], r["total"])
--- a/epdb/middleware/init.py
+++ b/epdb/middleware/init.py
--- a/epdb/middleware/login_required_middleware.py
+++ b/epdb/middleware/login_required_middleware.py
@ -0,0 +1,27 @@
+from django.conf import settings
+from django.shortcuts import redirect
+from django.urls import reverse
+from urllib.parse import quote
+
+
+class LoginRequiredMiddleware:
+    def __init__(self, get_response):
+        self.get_response = get_response
+        self.exempt_urls = [
+            reverse("login"),
+            reverse("logout"),
+            reverse("admin:login"),
+            reverse("admin:index"),
+        ] + getattr(settings, "LOGIN_EXEMPT_URLS", [])
+
+    def __call__(self, request):
+        if not request.user.is_authenticated:
+            path = request.path_info
+            if not any(path.startswith(url) for url in self.exempt_urls):
+                if request.method == "GET":
+                    if request.get_full_path() and request.get_full_path() != "/":
+                        return redirect(
+                            f"{settings.LOGIN_URL}?next={quote(request.get_full_path())}"
+                        )
+                return redirect(settings.LOGIN_URL)
+        return self.get_response(request)
--- a/epdb/migrations/0001_initial.py
+++ b/epdb/migrations/0001_initial.py
@ -0,0 +1,594 @@
+# Generated by Django 5.2.1 on 2025-07-22 20:58
+
+import datetime
+import django.contrib.auth.models
+import django.contrib.auth.validators
+import django.contrib.postgres.fields
+import django.db.models.deletion
+import django.utils.timezone
+import model_utils.fields
+import uuid
+from django.conf import settings
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    initial = True
+
+    dependencies = [
+        ('auth', '0012_alter_user_first_name_max_length'),
+        ('contenttypes', '0002_remove_content_type_name'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='Compound',
+            fields=[
+                ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('created', model_utils.fields.AutoCreatedField(default=django.utils.timezone.now, editable=False, verbose_name='created')),
+                ('modified', model_utils.fields.AutoLastModifiedField(default=django.utils.timezone.now, editable=False, verbose_name='modified')),
+                ('uuid', models.UUIDField(default=uuid.uuid4, unique=True, verbose_name='UUID of this object')),
+                ('name', models.TextField(default='no name', verbose_name='Name')),
+                ('description', models.TextField(default='no description', verbose_name='Descriptions')),
+                ('kv', models.JSONField(blank=True, default=dict, null=True)),
+                ('aliases', django.contrib.postgres.fields.ArrayField(base_field=models.TextField(), default=list, size=None, verbose_name='Aliases')),
+            ],
+        ),
+        migrations.CreateModel(
+            name='EPModel',
+            fields=[
+                ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('created', model_utils.fields.AutoCreatedField(default=django.utils.timezone.now, editable=False, verbose_name='created')),
+                ('modified', model_utils.fields.AutoLastModifiedField(default=django.utils.timezone.now, editable=False, verbose_name='modified')),
+                ('uuid', models.UUIDField(default=uuid.uuid4, unique=True, verbose_name='UUID of this object')),
+                ('name', models.TextField(default='no name', verbose_name='Name')),
+                ('description', models.TextField(default='no description', verbose_name='Descriptions')),
+                ('kv', models.JSONField(blank=True, default=dict, null=True)),
+                ('polymorphic_ctype', models.ForeignKey(editable=False, null=True, on_delete=django.db.models.deletion.CASCADE, related_name='polymorphic_%(app_label)s.%(class)s_set+', to='contenttypes.contenttype')),
+            ],
+            options={
+                'abstract': False,
+                'base_manager_name': 'objects',
+            },
+        ),
+        migrations.CreateModel(
+            name='Permission',
+            fields=[
+                ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('created', model_utils.fields.AutoCreatedField(default=django.utils.timezone.now, editable=False, verbose_name='created')),
+                ('modified', model_utils.fields.AutoLastModifiedField(default=django.utils.timezone.now, editable=False, verbose_name='modified')),
+                ('permission', models.CharField(choices=[('read', 'Read'), ('write', 'Write'), ('all', 'All')], max_length=32)),
+            ],
+        ),
+        migrations.CreateModel(
+            name='License',
+            fields=[
+                ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('link', models.URLField(verbose_name='link')),
+                ('image_link', models.URLField(verbose_name='Image link')),
+            ],
+        ),
+        migrations.CreateModel(
+            name='Rule',
+            fields=[
+                ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('created', model_utils.fields.AutoCreatedField(default=django.utils.timezone.now, editable=False, verbose_name='created')),
+                ('modified', model_utils.fields.AutoLastModifiedField(default=django.utils.timezone.now, editable=False, verbose_name='modified')),
+                ('uuid', models.UUIDField(default=uuid.uuid4, unique=True, verbose_name='UUID of this object')),
+                ('name', models.TextField(default='no name', verbose_name='Name')),
+                ('description', models.TextField(default='no description', verbose_name='Descriptions')),
+                ('kv', models.JSONField(blank=True, default=dict, null=True)),
+                ('aliases', django.contrib.postgres.fields.ArrayField(base_field=models.TextField(), default=list, size=None, verbose_name='Aliases')),
+            ],
+            options={
+                'abstract': False,
+                'base_manager_name': 'objects',
+            },
+        ),
+        migrations.CreateModel(
+            name='User',
+            fields=[
+                ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('password', models.CharField(max_length=128, verbose_name='password')),
+                ('last_login', models.DateTimeField(blank=True, null=True, verbose_name='last login')),
+                ('is_superuser', models.BooleanField(default=False, help_text='Designates that this user has all permissions without explicitly assigning them.', verbose_name='superuser status')),
+                ('username', models.CharField(error_messages={'unique': 'A user with that username already exists.'}, help_text='Required. 150 characters or fewer. Letters, digits and @/./+/-/_ only.', max_length=150, unique=True, validators=[django.contrib.auth.validators.UnicodeUsernameValidator()], verbose_name='username')),
+                ('first_name', models.CharField(blank=True, max_length=150, verbose_name='first name')),
+                ('last_name', models.CharField(blank=True, max_length=150, verbose_name='last name')),
+                ('is_staff', models.BooleanField(default=False, help_text='Designates whether the user can log into this admin site.', verbose_name='staff status')),
+                ('is_active', models.BooleanField(default=True, help_text='Designates whether this user should be treated as active. Unselect this instead of deleting accounts.', verbose_name='active')),
+                ('date_joined', models.DateTimeField(default=django.utils.timezone.now, verbose_name='date joined')),
+                ('email', models.EmailField(max_length=254, unique=True)),
+                ('uuid', models.UUIDField(default=uuid.uuid4, unique=True, verbose_name='UUID of this object')),
+                ('groups', models.ManyToManyField(blank=True, help_text='The groups this user belongs to. A user will get all permissions granted to each of their groups.', related_name='user_set', related_query_name='user', to='auth.group', verbose_name='groups')),
+                ('user_permissions', models.ManyToManyField(blank=True, help_text='Specific permissions for this user.', related_name='user_set', related_query_name='user', to='auth.permission', verbose_name='user permissions')),
+            ],
+            options={
+                'verbose_name': 'user',
+                'verbose_name_plural': 'users',
+                'abstract': False,
+            },
+            managers=[
+                ('objects', django.contrib.auth.models.UserManager()),
+            ],
+        ),
+        migrations.CreateModel(
+            name='APIToken',
+            fields=[
+                ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('hashed_key', models.CharField(max_length=128, unique=True)),
+                ('created', models.DateTimeField(auto_now_add=True)),
+                ('expires_at', models.DateTimeField(blank=True, default=datetime.datetime(2025, 10, 20, 20, 58, 48, 351675, tzinfo=datetime.timezone.utc), null=True)),
+                ('name', models.CharField(blank=True, help_text='Optional name for the token', max_length=100)),
+                ('user', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to=settings.AUTH_USER_MODEL)),
+            ],
+        ),
+        migrations.CreateModel(
+            name='CompoundStructure',
+            fields=[
+                ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('created', model_utils.fields.AutoCreatedField(default=django.utils.timezone.now, editable=False, verbose_name='created')),
+                ('modified', model_utils.fields.AutoLastModifiedField(default=django.utils.timezone.now, editable=False, verbose_name='modified')),
+                ('uuid', models.UUIDField(default=uuid.uuid4, unique=True, verbose_name='UUID of this object')),
+                ('name', models.TextField(default='no name', verbose_name='Name')),
+                ('description', models.TextField(default='no description', verbose_name='Descriptions')),
+                ('kv', models.JSONField(blank=True, default=dict, null=True)),
+                ('aliases', django.contrib.postgres.fields.ArrayField(base_field=models.TextField(), default=list, size=None, verbose_name='Aliases')),
+                ('smiles', models.TextField(verbose_name='SMILES')),
+                ('canonical_smiles', models.TextField(verbose_name='Canonical SMILES')),
+                ('inchikey', models.TextField(max_length=27, verbose_name='InChIKey')),
+                ('normalized_structure', models.BooleanField(default=False)),
+                ('compound', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to='epdb.compound')),
+            ],
+            options={
+                'abstract': False,
+            },
+        ),
+        migrations.AddField(
+            model_name='compound',
+            name='default_structure',
+            field=models.ForeignKey(null=True, on_delete=django.db.models.deletion.CASCADE, related_name='compound_default_structure', to='epdb.compoundstructure', verbose_name='Default Structure'),
+        ),
+        migrations.CreateModel(
+            name='Edge',
+            fields=[
+                ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('created', model_utils.fields.AutoCreatedField(default=django.utils.timezone.now, editable=False, verbose_name='created')),
+                ('modified', model_utils.fields.AutoLastModifiedField(default=django.utils.timezone.now, editable=False, verbose_name='modified')),
+                ('uuid', models.UUIDField(default=uuid.uuid4, unique=True, verbose_name='UUID of this object')),
+                ('name', models.TextField(default='no name', verbose_name='Name')),
+                ('description', models.TextField(default='no description', verbose_name='Descriptions')),
+                ('kv', models.JSONField(blank=True, default=dict, null=True)),
+                ('aliases', django.contrib.postgres.fields.ArrayField(base_field=models.TextField(), default=list, size=None, verbose_name='Aliases')),
+                ('polymorphic_ctype', models.ForeignKey(editable=False, null=True, on_delete=django.db.models.deletion.CASCADE, related_name='polymorphic_%(app_label)s.%(class)s_set+', to='contenttypes.contenttype')),
+            ],
+            options={
+                'abstract': False,
+                'base_manager_name': 'objects',
+            },
+        ),
+        migrations.CreateModel(
+            name='EnviFormer',
+            fields=[
+                ('epmodel_ptr', models.OneToOneField(auto_created=True, on_delete=django.db.models.deletion.CASCADE, parent_link=True, primary_key=True, serialize=False, to='epdb.epmodel')),
+                ('threshold', models.FloatField(default=0.5)),
+            ],
+            options={
+                'abstract': False,
+                'base_manager_name': 'objects',
+            },
+            bases=('epdb.epmodel',),
+        ),
+        migrations.CreateModel(
+            name='PluginModel',
+            fields=[
+                ('epmodel_ptr', models.OneToOneField(auto_created=True, on_delete=django.db.models.deletion.CASCADE, parent_link=True, primary_key=True, serialize=False, to='epdb.epmodel')),
+            ],
+            options={
+                'abstract': False,
+                'base_manager_name': 'objects',
+            },
+            bases=('epdb.epmodel',),
+        ),
+        migrations.CreateModel(
+            name='RuleBaseRelativeReasoning',
+            fields=[
+                ('epmodel_ptr', models.OneToOneField(auto_created=True, on_delete=django.db.models.deletion.CASCADE, parent_link=True, primary_key=True, serialize=False, to='epdb.epmodel')),
+            ],
+            options={
+                'abstract': False,
+                'base_manager_name': 'objects',
+            },
+            bases=('epdb.epmodel',),
+        ),
+        migrations.CreateModel(
+            name='Group',
+            fields=[
+                ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('created', model_utils.fields.AutoCreatedField(default=django.utils.timezone.now, editable=False, verbose_name='created')),
+                ('modified', model_utils.fields.AutoLastModifiedField(default=django.utils.timezone.now, editable=False, verbose_name='modified')),
+                ('uuid', models.UUIDField(default=uuid.uuid4, unique=True, verbose_name='UUID of this object')),
+                ('name', models.TextField(verbose_name='Group name')),
+                ('public', models.BooleanField(default=False, verbose_name='Public Group')),
+                ('description', models.TextField(default='no description', verbose_name='Descriptions')),
+                ('group_member', models.ManyToManyField(related_name='groups_in_group', to='epdb.group', verbose_name='Group member')),
+                ('owner', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to=settings.AUTH_USER_MODEL, verbose_name='Group Owner')),
+                ('user_member', models.ManyToManyField(related_name='users_in_group', to=settings.AUTH_USER_MODEL, verbose_name='User members')),
+            ],
+            options={
+                'abstract': False,
+            },
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='default_group',
+            field=models.ForeignKey(null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='default_group', to='epdb.group', verbose_name='Default Group'),
+        ),
+        migrations.CreateModel(
+            name='Node',
+            fields=[
+                ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('created', model_utils.fields.AutoCreatedField(default=django.utils.timezone.now, editable=False, verbose_name='created')),
+                ('modified', model_utils.fields.AutoLastModifiedField(default=django.utils.timezone.now, editable=False, verbose_name='modified')),
+                ('uuid', models.UUIDField(default=uuid.uuid4, unique=True, verbose_name='UUID of this object')),
+                ('name', models.TextField(default='no name', verbose_name='Name')),
+                ('description', models.TextField(default='no description', verbose_name='Descriptions')),
+                ('kv', models.JSONField(blank=True, default=dict, null=True)),
+                ('aliases', django.contrib.postgres.fields.ArrayField(base_field=models.TextField(), default=list, size=None, verbose_name='Aliases')),
+                ('depth', models.IntegerField(verbose_name='Node depth')),
+                ('default_node_label', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='default_node_structure', to='epdb.compoundstructure', verbose_name='Default Node Label')),
+                ('node_labels', models.ManyToManyField(related_name='node_structures', to='epdb.compoundstructure', verbose_name='All Node Labels')),
+                ('out_edges', models.ManyToManyField(to='epdb.edge', verbose_name='Outgoing Edges')),
+            ],
+            options={
+                'abstract': False,
+            },
+        ),
+        migrations.AddField(
+            model_name='edge',
+            name='end_nodes',
+            field=models.ManyToManyField(related_name='edge_products', to='epdb.node', verbose_name='End Nodes'),
+        ),
+        migrations.AddField(
+            model_name='edge',
+            name='start_nodes',
+            field=models.ManyToManyField(related_name='edge_educts', to='epdb.node', verbose_name='Start Nodes'),
+        ),
+        migrations.CreateModel(
+            name='Package',
+            fields=[
+                ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('created', model_utils.fields.AutoCreatedField(default=django.utils.timezone.now, editable=False, verbose_name='created')),
+                ('modified', model_utils.fields.AutoLastModifiedField(default=django.utils.timezone.now, editable=False, verbose_name='modified')),
+                ('uuid', models.UUIDField(default=uuid.uuid4, unique=True, verbose_name='UUID of this object')),
+                ('name', models.TextField(default='no name', verbose_name='Name')),
+                ('description', models.TextField(default='no description', verbose_name='Descriptions')),
+                ('kv', models.JSONField(blank=True, default=dict, null=True)),
+                ('reviewed', models.BooleanField(default=False, verbose_name='Reviewstatus')),
+                ('license', models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.SET_NULL, to='epdb.license', verbose_name='License')),
+            ],
+            options={
+                'abstract': False,
+            },
+        ),
+        migrations.AddField(
+            model_name='epmodel',
+            name='package',
+            field=models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to='epdb.package', verbose_name='Package'),
+        ),
+        migrations.AddField(
+            model_name='compound',
+            name='package',
+            field=models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to='epdb.package', verbose_name='Package'),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='default_package',
+            field=models.ForeignKey(null=True, on_delete=django.db.models.deletion.SET_NULL, to='epdb.package', verbose_name='Default Package'),
+        ),
+        migrations.CreateModel(
+            name='SequentialRule',
+            fields=[
+                ('rule_ptr', models.OneToOneField(auto_created=True, on_delete=django.db.models.deletion.CASCADE, parent_link=True, primary_key=True, serialize=False, to='epdb.rule')),
+            ],
+            options={
+                'abstract': False,
+                'base_manager_name': 'objects',
+            },
+            bases=('epdb.rule',),
+        ),
+        migrations.CreateModel(
+            name='SimpleRule',
+            fields=[
+                ('rule_ptr', models.OneToOneField(auto_created=True, on_delete=django.db.models.deletion.CASCADE, parent_link=True, primary_key=True, serialize=False, to='epdb.rule')),
+            ],
+            options={
+                'abstract': False,
+                'base_manager_name': 'objects',
+            },
+            bases=('epdb.rule',),
+        ),
+        migrations.AddField(
+            model_name='rule',
+            name='package',
+            field=models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to='epdb.package', verbose_name='Package'),
+        ),
+        migrations.AddField(
+            model_name='rule',
+            name='polymorphic_ctype',
+            field=models.ForeignKey(editable=False, null=True, on_delete=django.db.models.deletion.CASCADE, related_name='polymorphic_%(app_label)s.%(class)s_set+', to='contenttypes.contenttype'),
+        ),
+        migrations.CreateModel(
+            name='Pathway',
+            fields=[
+                ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('created', model_utils.fields.AutoCreatedField(default=django.utils.timezone.now, editable=False, verbose_name='created')),
+                ('modified', model_utils.fields.AutoLastModifiedField(default=django.utils.timezone.now, editable=False, verbose_name='modified')),
+                ('uuid', models.UUIDField(default=uuid.uuid4, unique=True, verbose_name='UUID of this object')),
+                ('name', models.TextField(default='no name', verbose_name='Name')),
+                ('description', models.TextField(default='no description', verbose_name='Descriptions')),
+                ('kv', models.JSONField(blank=True, default=dict, null=True)),
+                ('aliases', django.contrib.postgres.fields.ArrayField(base_field=models.TextField(), default=list, size=None, verbose_name='Aliases')),
+                ('package', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to='epdb.package', verbose_name='Package')),
+            ],
+            options={
+                'abstract': False,
+            },
+        ),
+        migrations.AddField(
+            model_name='node',
+            name='pathway',
+            field=models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to='epdb.pathway', verbose_name='belongs to'),
+        ),
+        migrations.AddField(
+            model_name='edge',
+            name='pathway',
+            field=models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to='epdb.pathway', verbose_name='belongs to'),
+        ),
+        migrations.CreateModel(
+            name='Reaction',
+            fields=[
+                ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('created', model_utils.fields.AutoCreatedField(default=django.utils.timezone.now, editable=False, verbose_name='created')),
+                ('modified', model_utils.fields.AutoLastModifiedField(default=django.utils.timezone.now, editable=False, verbose_name='modified')),
+                ('uuid', models.UUIDField(default=uuid.uuid4, unique=True, verbose_name='UUID of this object')),
+                ('name', models.TextField(default='no name', verbose_name='Name')),
+                ('description', models.TextField(default='no description', verbose_name='Descriptions')),
+                ('kv', models.JSONField(blank=True, default=dict, null=True)),
+                ('aliases', django.contrib.postgres.fields.ArrayField(base_field=models.TextField(), default=list, size=None, verbose_name='Aliases')),
+                ('multi_step', models.BooleanField(verbose_name='Multistep Reaction')),
+                ('medline_references', django.contrib.postgres.fields.ArrayField(base_field=models.TextField(), null=True, size=None, verbose_name='Medline References')),
+                ('educts', models.ManyToManyField(related_name='reaction_educts', to='epdb.compoundstructure', verbose_name='Educts')),
+                ('package', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to='epdb.package', verbose_name='Package')),
+                ('products', models.ManyToManyField(related_name='reaction_products', to='epdb.compoundstructure', verbose_name='Products')),
+                ('rules', models.ManyToManyField(related_name='reaction_rule', to='epdb.rule', verbose_name='Rule')),
+            ],
+            options={
+                'abstract': False,
+            },
+        ),
+        migrations.AddField(
+            model_name='edge',
+            name='edge_label',
+            field=models.ForeignKey(null=True, on_delete=django.db.models.deletion.SET_NULL, to='epdb.reaction', verbose_name='Edge label'),
+        ),
+        migrations.CreateModel(
+            name='Scenario',
+            fields=[
+                ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('created', model_utils.fields.AutoCreatedField(default=django.utils.timezone.now, editable=False, verbose_name='created')),
+                ('modified', model_utils.fields.AutoLastModifiedField(default=django.utils.timezone.now, editable=False, verbose_name='modified')),
+                ('uuid', models.UUIDField(default=uuid.uuid4, unique=True, verbose_name='UUID of this object')),
+                ('name', models.TextField(default='no name', verbose_name='Name')),
+                ('description', models.TextField(default='no description', verbose_name='Descriptions')),
+                ('kv', models.JSONField(blank=True, default=dict, null=True)),
+                ('scenario_date', models.CharField(default='No date', max_length=256)),
+                ('scenario_type', models.CharField(default='Not specified', max_length=256)),
+                ('additional_information', models.JSONField(verbose_name='Additional Information')),
+                ('package', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to='epdb.package', verbose_name='Package')),
+                ('parent', models.ForeignKey(default=None, null=True, on_delete=django.db.models.deletion.CASCADE, to='epdb.scenario')),
+            ],
+            options={
+                'abstract': False,
+            },
+        ),
+        migrations.AddField(
+            model_name='rule',
+            name='scenarios',
+            field=models.ManyToManyField(to='epdb.scenario', verbose_name='Attached Scenarios'),
+        ),
+        migrations.AddField(
+            model_name='reaction',
+            name='scenarios',
+            field=models.ManyToManyField(to='epdb.scenario', verbose_name='Attached Scenarios'),
+        ),
+        migrations.AddField(
+            model_name='pathway',
+            name='scenarios',
+            field=models.ManyToManyField(to='epdb.scenario', verbose_name='Attached Scenarios'),
+        ),
+        migrations.AddField(
+            model_name='node',
+            name='scenarios',
+            field=models.ManyToManyField(to='epdb.scenario', verbose_name='Attached Scenarios'),
+        ),
+        migrations.AddField(
+            model_name='edge',
+            name='scenarios',
+            field=models.ManyToManyField(to='epdb.scenario', verbose_name='Attached Scenarios'),
+        ),
+        migrations.AddField(
+            model_name='compoundstructure',
+            name='scenarios',
+            field=models.ManyToManyField(to='epdb.scenario', verbose_name='Attached Scenarios'),
+        ),
+        migrations.AddField(
+            model_name='compound',
+            name='scenarios',
+            field=models.ManyToManyField(to='epdb.scenario', verbose_name='Attached Scenarios'),
+        ),
+        migrations.CreateModel(
+            name='Setting',
+            fields=[
+                ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('created', model_utils.fields.AutoCreatedField(default=django.utils.timezone.now, editable=False, verbose_name='created')),
+                ('modified', model_utils.fields.AutoLastModifiedField(default=django.utils.timezone.now, editable=False, verbose_name='modified')),
+                ('uuid', models.UUIDField(default=uuid.uuid4, unique=True, verbose_name='UUID of this object')),
+                ('name', models.TextField(default='no name', verbose_name='Name')),
+                ('description', models.TextField(default='no description', verbose_name='Descriptions')),
+                ('kv', models.JSONField(blank=True, default=dict, null=True)),
+                ('public', models.BooleanField(default=False)),
+                ('global_default', models.BooleanField(default=False)),
+                ('max_depth', models.IntegerField(default=5, verbose_name='Setting Max Depth')),
+                ('max_nodes', models.IntegerField(default=30, verbose_name='Setting Max Number of Nodes')),
+                ('model_threshold', models.FloatField(blank=True, default=0.25, null=True, verbose_name='Setting Model Threshold')),
+                ('model', models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.SET_NULL, to='epdb.epmodel', verbose_name='Setting EPModel')),
+                ('rule_packages', models.ManyToManyField(blank=True, related_name='setting_rule_packages', to='epdb.package', verbose_name='Setting Rule Packages')),
+            ],
+            options={
+                'abstract': False,
+            },
+        ),
+        migrations.AddField(
+            model_name='pathway',
+            name='setting',
+            field=models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.CASCADE, to='epdb.setting', verbose_name='Setting'),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='default_setting',
+            field=models.ForeignKey(null=True, on_delete=django.db.models.deletion.SET_NULL, to='epdb.setting', verbose_name='The users default settings'),
+        ),
+        migrations.CreateModel(
+            name='MLRelativeReasoning',
+            fields=[
+                ('epmodel_ptr', models.OneToOneField(auto_created=True, on_delete=django.db.models.deletion.CASCADE, parent_link=True, primary_key=True, serialize=False, to='epdb.epmodel')),
+                ('threshold', models.FloatField(default=0.5)),
+                ('model_status', models.CharField(choices=[('INITIAL', 'Initial'), ('INITIALIZING', 'Model is initializing.'), ('BUILDING', 'Model is building.'), ('BUILT_NOT_EVALUATED', 'Model is built and can be used for predictions, Model is not evaluated yet.'), ('EVALUATING', 'Model is evaluating'), ('FINISHED', 'Model has finished building and evaluation.'), ('ERROR', 'Model has failed.')], default='INITIAL')),
+                ('eval_results', models.JSONField(blank=True, default=dict, null=True)),
+                ('data_packages', models.ManyToManyField(related_name='data_packages', to='epdb.package', verbose_name='Data Packages')),
+                ('eval_packages', models.ManyToManyField(related_name='eval_packages', to='epdb.package', verbose_name='Evaluation Packages')),
+                ('rule_packages', models.ManyToManyField(related_name='rule_packages', to='epdb.package', verbose_name='Rule Packages')),
+            ],
+            options={
+                'abstract': False,
+                'base_manager_name': 'objects',
+            },
+            bases=('epdb.epmodel',),
+        ),
+        migrations.CreateModel(
+            name='ApplicabilityDomain',
+            fields=[
+                ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('created', model_utils.fields.AutoCreatedField(default=django.utils.timezone.now, editable=False, verbose_name='created')),
+                ('modified', model_utils.fields.AutoLastModifiedField(default=django.utils.timezone.now, editable=False, verbose_name='modified')),
+                ('uuid', models.UUIDField(default=uuid.uuid4, unique=True, verbose_name='UUID of this object')),
+                ('name', models.TextField(default='no name', verbose_name='Name')),
+                ('description', models.TextField(default='no description', verbose_name='Descriptions')),
+                ('kv', models.JSONField(blank=True, default=dict, null=True)),
+                ('num_neighbours', models.FloatField(default=5)),
+                ('reliability_threshold', models.FloatField(default=0.5)),
+                ('local_compatibilty_threshold', models.FloatField(default=0.5)),
+                ('model', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to='epdb.mlrelativereasoning')),
+            ],
+            options={
+                'abstract': False,
+            },
+        ),
+        migrations.CreateModel(
+            name='SimpleAmbitRule',
+            fields=[
+                ('simplerule_ptr', models.OneToOneField(auto_created=True, on_delete=django.db.models.deletion.CASCADE, parent_link=True, primary_key=True, serialize=False, to='epdb.simplerule')),
+                ('smirks', models.TextField(verbose_name='SMIRKS')),
+                ('reactant_filter_smarts', models.TextField(null=True, verbose_name='Reactant Filter SMARTS')),
+                ('product_filter_smarts', models.TextField(null=True, verbose_name='Product Filter SMARTS')),
+            ],
+            options={
+                'abstract': False,
+                'base_manager_name': 'objects',
+            },
+            bases=('epdb.simplerule',),
+        ),
+        migrations.CreateModel(
+            name='SimpleRDKitRule',
+            fields=[
+                ('simplerule_ptr', models.OneToOneField(auto_created=True, on_delete=django.db.models.deletion.CASCADE, parent_link=True, primary_key=True, serialize=False, to='epdb.simplerule')),
+                ('reaction_smarts', models.TextField(verbose_name='SMIRKS')),
+            ],
+            options={
+                'abstract': False,
+                'base_manager_name': 'objects',
+            },
+            bases=('epdb.simplerule',),
+        ),
+        migrations.CreateModel(
+            name='SequentialRuleOrdering',
+            fields=[
+                ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('order_index', models.IntegerField()),
+                ('sequential_rule', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to='epdb.sequentialrule')),
+                ('simple_rule', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to='epdb.simplerule')),
+            ],
+        ),
+        migrations.AddField(
+            model_name='sequentialrule',
+            name='simple_rules',
+            field=models.ManyToManyField(through='epdb.SequentialRuleOrdering', to='epdb.simplerule', verbose_name='Simple rules'),
+        ),
+        migrations.CreateModel(
+            name='ParallelRule',
+            fields=[
+                ('rule_ptr', models.OneToOneField(auto_created=True, on_delete=django.db.models.deletion.CASCADE, parent_link=True, primary_key=True, serialize=False, to='epdb.rule')),
+                ('simple_rules', models.ManyToManyField(to='epdb.simplerule', verbose_name='Simple rules')),
+            ],
+            options={
+                'abstract': False,
+                'base_manager_name': 'objects',
+            },
+            bases=('epdb.rule',),
+        ),
+        migrations.AlterUniqueTogether(
+            name='compound',
+            unique_together={('uuid', 'package')},
+        ),
+        migrations.CreateModel(
+            name='GroupPackagePermission',
+            fields=[
+                ('permission_ptr', models.OneToOneField(auto_created=True, on_delete=django.db.models.deletion.CASCADE, parent_link=True, to='epdb.permission')),
+                ('uuid', models.UUIDField(default=uuid.uuid4, primary_key=True, serialize=False, verbose_name='UUID of this object')),
+                ('group', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to='epdb.group', verbose_name='Permission to')),
+                ('package', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to='epdb.package', verbose_name='Permission on')),
+            ],
+            options={
+                'unique_together': {('package', 'group')},
+            },
+            bases=('epdb.permission',),
+        ),
+        migrations.CreateModel(
+            name='UserPackagePermission',
+            fields=[
+                ('permission_ptr', models.OneToOneField(auto_created=True, on_delete=django.db.models.deletion.CASCADE, parent_link=True, to='epdb.permission')),
+                ('uuid', models.UUIDField(default=uuid.uuid4, primary_key=True, serialize=False, verbose_name='UUID of this object')),
+                ('package', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to='epdb.package', verbose_name='Permission on')),
+                ('user', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to=settings.AUTH_USER_MODEL, verbose_name='Permission to')),
+            ],
+            options={
+                'unique_together': {('package', 'user')},
+            },
+            bases=('epdb.permission',),
+        ),
+        migrations.CreateModel(
+            name='UserSettingPermission',
+            fields=[
+                ('permission_ptr', models.OneToOneField(auto_created=True, on_delete=django.db.models.deletion.CASCADE, parent_link=True, to='epdb.permission')),
+                ('uuid', models.UUIDField(default=uuid.uuid4, primary_key=True, serialize=False, verbose_name='UUID of this object')),
+                ('setting', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to='epdb.setting', verbose_name='Permission on')),
+                ('user', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to=settings.AUTH_USER_MODEL, verbose_name='Permission to')),
+            ],
+            options={
+                'unique_together': {('setting', 'user')},
+            },
+            bases=('epdb.permission',),
+        ),
+    ]
--- a/epdb/migrations/0001_squashed_0003_applicabilitydomain_url_compound_url_and_more.py
+++ b/epdb/migrations/0001_squashed_0003_applicabilitydomain_url_compound_url_and_more.py
--- a/epdb/migrations/0002_externaldatabase_alter_apitoken_options_and_more.py
+++ b/epdb/migrations/0002_externaldatabase_alter_apitoken_options_and_more.py
@ -0,0 +1,128 @@
+# Generated by Django 5.2.1 on 2025-08-25 18:07
+
+import django.db.models.deletion
+import django.utils.timezone
+import model_utils.fields
+import uuid
+from django.conf import settings
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('contenttypes', '0002_remove_content_type_name'),
+        ('epdb', '0001_initial'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='ExternalDatabase',
+            fields=[
+                ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('created', model_utils.fields.AutoCreatedField(default=django.utils.timezone.now, editable=False, verbose_name='created')),
+                ('modified', model_utils.fields.AutoLastModifiedField(default=django.utils.timezone.now, editable=False, verbose_name='modified')),
+                ('uuid', models.UUIDField(default=uuid.uuid4, editable=False, unique=True)),
+                ('name', models.CharField(max_length=100, unique=True, verbose_name='Database Name')),
+                ('full_name', models.CharField(blank=True, max_length=255, verbose_name='Full Database Name')),
+                ('description', models.TextField(blank=True, verbose_name='Description')),
+                ('base_url', models.URLField(blank=True, null=True, verbose_name='Base URL')),
+                ('url_pattern', models.CharField(blank=True, help_text="URL pattern with {id} placeholder, e.g., 'https://pubchem.ncbi.nlm.nih.gov/compound/{id}'", max_length=500, verbose_name='URL Pattern')),
+                ('is_active', models.BooleanField(default=True, verbose_name='Is Active')),
+            ],
+            options={
+                'verbose_name': 'External Database',
+                'verbose_name_plural': 'External Databases',
+                'db_table': 'epdb_external_database',
+                'ordering': ['name'],
+            },
+        ),
+        migrations.AlterModelOptions(
+            name='apitoken',
+            options={'ordering': ['-created'], 'verbose_name': 'API Token', 'verbose_name_plural': 'API Tokens'},
+        ),
+        migrations.AlterModelOptions(
+            name='edge',
+            options={},
+        ),
+        migrations.RemoveField(
+            model_name='edge',
+            name='polymorphic_ctype',
+        ),
+        migrations.AddField(
+            model_name='apitoken',
+            name='is_active',
+            field=models.BooleanField(default=True, help_text='Whether this token is active'),
+        ),
+        migrations.AddField(
+            model_name='apitoken',
+            name='modified',
+            field=model_utils.fields.AutoLastModifiedField(default=django.utils.timezone.now, editable=False, verbose_name='modified'),
+        ),
+        migrations.AddField(
+            model_name='applicabilitydomain',
+            name='functional_groups',
+            field=models.JSONField(blank=True, default=dict, null=True),
+        ),
+        migrations.AddField(
+            model_name='mlrelativereasoning',
+            name='app_domain',
+            field=models.ForeignKey(blank=True, default=None, null=True, on_delete=django.db.models.deletion.SET_NULL, to='epdb.applicabilitydomain'),
+        ),
+        migrations.AlterField(
+            model_name='apitoken',
+            name='created',
+            field=model_utils.fields.AutoCreatedField(default=django.utils.timezone.now, editable=False, verbose_name='created'),
+        ),
+        migrations.AlterField(
+            model_name='apitoken',
+            name='expires_at',
+            field=models.DateTimeField(blank=True, help_text='Token expiration time (null for no expiration)', null=True),
+        ),
+        migrations.AlterField(
+            model_name='apitoken',
+            name='hashed_key',
+            field=models.CharField(help_text='SHA-256 hash of the token key', max_length=128, unique=True),
+        ),
+        migrations.AlterField(
+            model_name='apitoken',
+            name='name',
+            field=models.CharField(help_text='Descriptive name for this token', max_length=100),
+        ),
+        migrations.AlterField(
+            model_name='apitoken',
+            name='user',
+            field=models.ForeignKey(help_text='User who owns this token', on_delete=django.db.models.deletion.CASCADE, related_name='api_tokens', to=settings.AUTH_USER_MODEL),
+        ),
+        migrations.AlterField(
+            model_name='applicabilitydomain',
+            name='num_neighbours',
+            field=models.IntegerField(default=5),
+        ),
+        migrations.AlterModelTable(
+            name='apitoken',
+            table='epdb_api_token',
+        ),
+        migrations.CreateModel(
+            name='ExternalIdentifier',
+            fields=[
+                ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('created', model_utils.fields.AutoCreatedField(default=django.utils.timezone.now, editable=False, verbose_name='created')),
+                ('modified', model_utils.fields.AutoLastModifiedField(default=django.utils.timezone.now, editable=False, verbose_name='modified')),
+                ('uuid', models.UUIDField(default=uuid.uuid4, editable=False, unique=True)),
+                ('object_id', models.IntegerField()),
+                ('identifier_value', models.CharField(max_length=255, verbose_name='Identifier Value')),
+                ('url', models.URLField(blank=True, null=True, verbose_name='Direct URL')),
+                ('is_primary', models.BooleanField(default=False, help_text='Mark this as the primary identifier for this database', verbose_name='Is Primary')),
+                ('content_type', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to='contenttypes.contenttype')),
+                ('database', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to='epdb.externaldatabase', verbose_name='External Database')),
+            ],
+            options={
+                'verbose_name': 'External Identifier',
+                'verbose_name_plural': 'External Identifiers',
+                'db_table': 'epdb_external_identifier',
+                'indexes': [models.Index(fields=['content_type', 'object_id'], name='epdb_extern_content_b76813_idx'), models.Index(fields=['database', 'identifier_value'], name='epdb_extern_databas_486422_idx')],
+                'unique_together': {('content_type', 'object_id', 'database', 'identifier_value')},
+            },
+        ),
+    ]
--- a/epdb/migrations/0003_applicabilitydomain_url_compound_url_and_more.py
+++ b/epdb/migrations/0003_applicabilitydomain_url_compound_url_and_more.py
@ -0,0 +1,228 @@
+# Generated by Django 5.2.1 on 2025-08-26 17:05
+
+from django.db import migrations, models
+
+
+def populate_url(apps, schema_editor):
+    MODELS = [
+        'User',
+        'Group',
+        'Package',
+        'Compound',
+        'CompoundStructure',
+        'Pathway',
+        'Edge',
+        'Node',
+        'Reaction',
+        'SimpleAmbitRule',
+        'SimpleRDKitRule',
+        'ParallelRule',
+        'SequentialRule',
+        'Scenario',
+        'Setting',
+        'MLRelativeReasoning',
+        'EnviFormer',
+        'ApplicabilityDomain',
+    ]
+    for model in MODELS:
+        obj_cls = apps.get_model("epdb", model)
+        for obj in obj_cls.objects.all():
+            obj.url = assemble_url(obj)
+            if obj.url is None:
+                raise ValueError(f"Could not assemble url for {obj}")
+            obj.save()
+
+
+def assemble_url(obj):
+    from django.conf import settings as s
+    match obj.__class__.__name__:
+        case 'User':
+            return '{}/user/{}'.format(s.SERVER_URL, obj.uuid)
+        case 'Group':
+            return '{}/group/{}'.format(s.SERVER_URL, obj.uuid)
+        case 'Package':
+            return '{}/package/{}'.format(s.SERVER_URL, obj.uuid)
+        case 'Compound':
+            return '{}/compound/{}'.format(obj.package.url, obj.uuid)
+        case 'CompoundStructure':
+            return '{}/structure/{}'.format(obj.compound.url, obj.uuid)
+        case 'SimpleAmbitRule':
+            return '{}/simple-ambit-rule/{}'.format(obj.package.url, obj.uuid)
+        case 'SimpleRDKitRule':
+            return '{}/simple-rdkit-rule/{}'.format(obj.package.url, obj.uuid)
+        case 'ParallelRule':
+            return '{}/parallel-rule/{}'.format(obj.package.url, obj.uuid)
+        case 'SequentialRule':
+            return '{}/sequential-rule/{}'.format(obj.compound.url, obj.uuid)
+        case 'Reaction':
+            return '{}/reaction/{}'.format(obj.package.url, obj.uuid)
+        case 'Pathway':
+            return '{}/pathway/{}'.format(obj.package.url, obj.uuid)
+        case 'Node':
+            return '{}/node/{}'.format(obj.pathway.url, obj.uuid)
+        case 'Edge':
+            return '{}/edge/{}'.format(obj.pathway.url, obj.uuid)
+        case 'MLRelativeReasoning':
+            return '{}/model/{}'.format(obj.package.url, obj.uuid)
+        case 'EnviFormer':
+            return '{}/model/{}'.format(obj.package.url, obj.uuid)
+        case 'ApplicabilityDomain':
+            return '{}/model/{}/applicability-domain/{}'.format(obj.model.package.url, obj.model.uuid, obj.uuid)
+        case 'Scenario':
+            return '{}/scenario/{}'.format(obj.package.url, obj.uuid)
+        case 'Setting':
+            return '{}/setting/{}'.format(s.SERVER_URL, obj.uuid)
+        case _:
+            raise ValueError(f"Unknown model {obj.__class__.__name__}")
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ('epdb', '0002_externaldatabase_alter_apitoken_options_and_more'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='applicabilitydomain',
+            name='url',
+            field=models.TextField(null=True, unique=False, verbose_name='URL'),
+        ),
+        migrations.AddField(
+            model_name='compound',
+            name='url',
+            field=models.TextField(null=True, unique=False, verbose_name='URL'),
+        ),
+        migrations.AddField(
+            model_name='compoundstructure',
+            name='url',
+            field=models.TextField(null=True, unique=False, verbose_name='URL'),
+        ),
+        migrations.AddField(
+            model_name='edge',
+            name='url',
+            field=models.TextField(null=True, unique=False, verbose_name='URL'),
+        ),
+        migrations.AddField(
+            model_name='epmodel',
+            name='url',
+            field=models.TextField(null=True, unique=False, verbose_name='URL'),
+        ),
+        migrations.AddField(
+            model_name='group',
+            name='url',
+            field=models.TextField(null=True, unique=False, verbose_name='URL'),
+        ),
+        migrations.AddField(
+            model_name='node',
+            name='url',
+            field=models.TextField(null=True, unique=False, verbose_name='URL'),
+        ),
+        migrations.AddField(
+            model_name='package',
+            name='url',
+            field=models.TextField(null=True, unique=False, verbose_name='URL'),
+        ),
+        migrations.AddField(
+            model_name='pathway',
+            name='url',
+            field=models.TextField(null=True, unique=False, verbose_name='URL'),
+        ),
+        migrations.AddField(
+            model_name='reaction',
+            name='url',
+            field=models.TextField(null=True, unique=False, verbose_name='URL'),
+        ),
+        migrations.AddField(
+            model_name='rule',
+            name='url',
+            field=models.TextField(null=True, unique=False, verbose_name='URL'),
+        ),
+        migrations.AddField(
+            model_name='scenario',
+            name='url',
+            field=models.TextField(null=True, unique=False, verbose_name='URL'),
+        ),
+        migrations.AddField(
+            model_name='setting',
+            name='url',
+            field=models.TextField(null=True, unique=False, verbose_name='URL'),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='url',
+            field=models.TextField(null=True, unique=False, verbose_name='URL'),
+        ),
+
+        migrations.RunPython(populate_url, reverse_code=migrations.RunPython.noop),
+
+        migrations.AlterField(
+            model_name='applicabilitydomain',
+            name='url',
+            field=models.TextField(null=True, unique=True, verbose_name='URL'),
+        ),
+        migrations.AlterField(
+            model_name='compound',
+            name='url',
+            field=models.TextField(null=True, unique=True, verbose_name='URL'),
+        ),
+        migrations.AlterField(
+            model_name='compoundstructure',
+            name='url',
+            field=models.TextField(null=True, unique=True, verbose_name='URL'),
+        ),
+        migrations.AlterField(
+            model_name='edge',
+            name='url',
+            field=models.TextField(null=True, unique=True, verbose_name='URL'),
+        ),
+        migrations.AlterField(
+            model_name='epmodel',
+            name='url',
+            field=models.TextField(null=True, unique=True, verbose_name='URL'),
+        ),
+        migrations.AlterField(
+            model_name='group',
+            name='url',
+            field=models.TextField(null=True, unique=True, verbose_name='URL'),
+        ),
+        migrations.AlterField(
+            model_name='node',
+            name='url',
+            field=models.TextField(null=True, unique=True, verbose_name='URL'),
+        ),
+        migrations.AlterField(
+            model_name='package',
+            name='url',
+            field=models.TextField(null=True, unique=True, verbose_name='URL'),
+        ),
+        migrations.AlterField(
+            model_name='pathway',
+            name='url',
+            field=models.TextField(null=True, unique=True, verbose_name='URL'),
+        ),
+        migrations.AlterField(
+            model_name='reaction',
+            name='url',
+            field=models.TextField(null=True, unique=True, verbose_name='URL'),
+        ),
+        migrations.AlterField(
+            model_name='rule',
+            name='url',
+            field=models.TextField(null=True, unique=True, verbose_name='URL'),
+        ),
+        migrations.AlterField(
+            model_name='scenario',
+            name='url',
+            field=models.TextField(null=True, unique=True, verbose_name='URL'),
+        ),
+        migrations.AlterField(
+            model_name='setting',
+            name='url',
+            field=models.TextField(null=True, unique=True, verbose_name='URL'),
+        ),
+        migrations.AlterField(
+            model_name='user',
+            name='url',
+            field=models.TextField(null=True, unique=True, verbose_name='URL'),
+        ),
+    ]
--- a/epdb/migrations/0004_alter_mlrelativereasoning_options_and_more.py
+++ b/epdb/migrations/0004_alter_mlrelativereasoning_options_and_more.py
@ -0,0 +1,55 @@
+# Generated by Django 5.2.1 on 2025-09-09 09:21
+
+import django.db.models.deletion
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('epdb', '0001_squashed_0003_applicabilitydomain_url_compound_url_and_more'),
+    ]
+
+    operations = [
+        migrations.AlterModelOptions(
+            name='mlrelativereasoning',
+            options={},
+        ),
+        migrations.AlterField(
+            model_name='mlrelativereasoning',
+            name='data_packages',
+            field=models.ManyToManyField(related_name='%(app_label)s_%(class)s_data_packages', to='epdb.package', verbose_name='Data Packages'),
+        ),
+        migrations.AlterField(
+            model_name='mlrelativereasoning',
+            name='eval_packages',
+            field=models.ManyToManyField(related_name='%(app_label)s_%(class)s_eval_packages', to='epdb.package', verbose_name='Evaluation Packages'),
+        ),
+        migrations.AlterField(
+            model_name='mlrelativereasoning',
+            name='rule_packages',
+            field=models.ManyToManyField(related_name='%(app_label)s_%(class)s_rule_packages', to='epdb.package', verbose_name='Rule Packages'),
+        ),
+        migrations.CreateModel(
+            name='RuleBasedRelativeReasoning',
+            fields=[
+                ('epmodel_ptr', models.OneToOneField(auto_created=True, on_delete=django.db.models.deletion.CASCADE, parent_link=True, primary_key=True, serialize=False, to='epdb.epmodel')),
+                ('threshold', models.FloatField(default=0.5)),
+                ('eval_results', models.JSONField(blank=True, default=dict, null=True)),
+                ('model_status', models.CharField(choices=[('INITIAL', 'Initial'), ('INITIALIZING', 'Model is initializing.'), ('BUILDING', 'Model is building.'), ('BUILT_NOT_EVALUATED', 'Model is built and can be used for predictions, Model is not evaluated yet.'), ('EVALUATING', 'Model is evaluating'), ('FINISHED', 'Model has finished building and evaluation.'), ('ERROR', 'Model has failed.')], default='INITIAL')),
+                ('min_count', models.IntegerField(default=10)),
+                ('max_count', models.IntegerField(default=0)),
+                ('app_domain', models.ForeignKey(blank=True, default=None, null=True, on_delete=django.db.models.deletion.SET_NULL, to='epdb.applicabilitydomain')),
+                ('data_packages', models.ManyToManyField(related_name='%(app_label)s_%(class)s_data_packages', to='epdb.package', verbose_name='Data Packages')),
+                ('eval_packages', models.ManyToManyField(related_name='%(app_label)s_%(class)s_eval_packages', to='epdb.package', verbose_name='Evaluation Packages')),
+                ('rule_packages', models.ManyToManyField(related_name='%(app_label)s_%(class)s_rule_packages', to='epdb.package', verbose_name='Rule Packages')),
+            ],
+            options={
+                'abstract': False,
+            },
+            bases=('epdb.epmodel',),
+        ),
+        migrations.DeleteModel(
+            name='RuleBaseRelativeReasoning',
+        ),
+    ]
--- a/epdb/migrations/0005_alter_group_group_member.py
+++ b/epdb/migrations/0005_alter_group_group_member.py
@ -0,0 +1,18 @@
+# Generated by Django 5.2.1 on 2025-09-11 06:21
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('epdb', '0004_alter_mlrelativereasoning_options_and_more'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='group',
+            name='group_member',
+            field=models.ManyToManyField(blank=True, related_name='groups_in_group', to='epdb.group', verbose_name='Group member'),
+        ),
+    ]
--- a/epdb/migrations/0006_mlrelativereasoning_multigen_eval_and_more.py
+++ b/epdb/migrations/0006_mlrelativereasoning_multigen_eval_and_more.py
@ -0,0 +1,23 @@
+# Generated by Django 5.2.1 on 2025-09-18 06:42
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('epdb', '0005_alter_group_group_member'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='mlrelativereasoning',
+            name='multigen_eval',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='rulebasedrelativereasoning',
+            name='multigen_eval',
+            field=models.BooleanField(default=False),
+        ),
+    ]
--- a/epdb/migrations/0007_alter_enviformer_options_enviformer_app_domain_and_more.py
+++ b/epdb/migrations/0007_alter_enviformer_options_enviformer_app_domain_and_more.py
@ -0,0 +1,53 @@
+# Generated by Django 5.2.1 on 2025-10-07 08:19
+
+import django.db.models.deletion
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('epdb', '0006_mlrelativereasoning_multigen_eval_and_more'),
+    ]
+
+    operations = [
+        migrations.AlterModelOptions(
+            name='enviformer',
+            options={},
+        ),
+        migrations.AddField(
+            model_name='enviformer',
+            name='app_domain',
+            field=models.ForeignKey(blank=True, default=None, null=True, on_delete=django.db.models.deletion.SET_NULL, to='epdb.applicabilitydomain'),
+        ),
+        migrations.AddField(
+            model_name='enviformer',
+            name='data_packages',
+            field=models.ManyToManyField(related_name='%(app_label)s_%(class)s_data_packages', to='epdb.package', verbose_name='Data Packages'),
+        ),
+        migrations.AddField(
+            model_name='enviformer',
+            name='eval_packages',
+            field=models.ManyToManyField(related_name='%(app_label)s_%(class)s_eval_packages', to='epdb.package', verbose_name='Evaluation Packages'),
+        ),
+        migrations.AddField(
+            model_name='enviformer',
+            name='eval_results',
+            field=models.JSONField(blank=True, default=dict, null=True),
+        ),
+        migrations.AddField(
+            model_name='enviformer',
+            name='model_status',
+            field=models.CharField(choices=[('INITIAL', 'Initial'), ('INITIALIZING', 'Model is initializing.'), ('BUILDING', 'Model is building.'), ('BUILT_NOT_EVALUATED', 'Model is built and can be used for predictions, Model is not evaluated yet.'), ('EVALUATING', 'Model is evaluating'), ('FINISHED', 'Model has finished building and evaluation.'), ('ERROR', 'Model has failed.')], default='INITIAL'),
+        ),
+        migrations.AddField(
+            model_name='enviformer',
+            name='multigen_eval',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='enviformer',
+            name='rule_packages',
+            field=models.ManyToManyField(related_name='%(app_label)s_%(class)s_rule_packages', to='epdb.package', verbose_name='Rule Packages'),
+        ),
+    ]
--- a/epdb/migrations/0008_enzymelink.py
+++ b/epdb/migrations/0008_enzymelink.py
@ -0,0 +1,64 @@
+# Generated by Django 5.2.7 on 2025-10-10 06:58
+
+import django.db.models.deletion
+import django.utils.timezone
+import model_utils.fields
+import uuid
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("epdb", "0007_alter_enviformer_options_enviformer_app_domain_and_more"),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name="EnzymeLink",
+            fields=[
+                (
+                    "id",
+                    models.BigAutoField(
+                        auto_created=True, primary_key=True, serialize=False, verbose_name="ID"
+                    ),
+                ),
+                (
+                    "created",
+                    model_utils.fields.AutoCreatedField(
+                        default=django.utils.timezone.now, editable=False, verbose_name="created"
+                    ),
+                ),
+                (
+                    "modified",
+                    model_utils.fields.AutoLastModifiedField(
+                        default=django.utils.timezone.now, editable=False, verbose_name="modified"
+                    ),
+                ),
+                (
+                    "uuid",
+                    models.UUIDField(
+                        default=uuid.uuid4, unique=True, verbose_name="UUID of this object"
+                    ),
+                ),
+                ("name", models.TextField(default="no name", verbose_name="Name")),
+                (
+                    "description",
+                    models.TextField(default="no description", verbose_name="Descriptions"),
+                ),
+                ("url", models.TextField(null=True, unique=True, verbose_name="URL")),
+                ("kv", models.JSONField(blank=True, default=dict, null=True)),
+                ("ec_number", models.TextField(verbose_name="EC Number")),
+                ("classification_level", models.IntegerField(verbose_name="Classification Level")),
+                ("linking_method", models.TextField(verbose_name="Linking Method")),
+                ("edge_evidence", models.ManyToManyField(to="epdb.edge")),
+                ("reaction_evidence", models.ManyToManyField(to="epdb.reaction")),
+                (
+                    "rule",
+                    models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to="epdb.rule"),
+                ),
+            ],
+            options={
+                "abstract": False,
+            },
+        ),
+    ]
--- a/epdb/migrations/0009_joblog.py
+++ b/epdb/migrations/0009_joblog.py
@ -0,0 +1,66 @@
+# Generated by Django 5.2.7 on 2025-10-27 09:39
+
+import django.db.models.deletion
+import django.utils.timezone
+import model_utils.fields
+from django.conf import settings
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("epdb", "0008_enzymelink"),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name="JobLog",
+            fields=[
+                (
+                    "id",
+                    models.BigAutoField(
+                        auto_created=True, primary_key=True, serialize=False, verbose_name="ID"
+                    ),
+                ),
+                (
+                    "created",
+                    model_utils.fields.AutoCreatedField(
+                        default=django.utils.timezone.now, editable=False, verbose_name="created"
+                    ),
+                ),
+                (
+                    "modified",
+                    model_utils.fields.AutoLastModifiedField(
+                        default=django.utils.timezone.now, editable=False, verbose_name="modified"
+                    ),
+                ),
+                ("task_id", models.UUIDField(unique=True)),
+                ("job_name", models.TextField()),
+                (
+                    "status",
+                    models.CharField(
+                        choices=[
+                            ("INITIAL", "Initial"),
+                            ("SUCCESS", "Success"),
+                            ("FAILURE", "Failure"),
+                            ("REVOKED", "Revoked"),
+                            ("IGNORED", "Ignored"),
+                        ],
+                        default="INITIAL",
+                        max_length=20,
+                    ),
+                ),
+                ("done_at", models.DateTimeField(blank=True, default=None, null=True)),
+                ("task_result", models.TextField(blank=True, default=None, null=True)),
+                (
+                    "user",
+                    models.ForeignKey(
+                        on_delete=django.db.models.deletion.CASCADE, to=settings.AUTH_USER_MODEL
+                    ),
+                ),
+            ],
+            options={
+                "abstract": False,
+            },
+        ),
+    ]
--- a/epdb/migrations/0010_license_cc_string.py
+++ b/epdb/migrations/0010_license_cc_string.py
@ -0,0 +1,18 @@
+# Generated by Django 5.2.7 on 2025-11-11 14:11
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("epdb", "0009_joblog"),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name="license",
+            name="cc_string",
+            field=models.TextField(default="by-nc-sa", verbose_name="CC string"),
+            preserve_default=False,
+        ),
+    ]
--- a/epdb/migrations/0011_auto_20251111_1413.py
+++ b/epdb/migrations/0011_auto_20251111_1413.py
@ -0,0 +1,59 @@
+# Generated by Django 5.2.7 on 2025-11-11 14:13
+
+import re
+
+from django.contrib.postgres.aggregates import ArrayAgg
+from django.db import migrations
+from django.db.models import Min
+
+
+def set_cc(apps, schema_editor):
+    License = apps.get_model("epdb", "License")
+
+    # For all existing licenses extract cc_string from link
+    for license in License.objects.all():
+        pattern = r"/licenses/([^/]+)/4\.0"
+        match = re.search(pattern, license.link)
+        if match:
+            license.cc_string = match.group(1)
+            license.save()
+        else:
+            raise ValueError(f"Could not find license for {license.link}")
+
+    # Ensure we have all licenses
+    cc_strings = ["by", "by-nc", "by-nc-nd", "by-nc-sa", "by-nd", "by-sa"]
+    for cc_string in cc_strings:
+        if not License.objects.filter(cc_string=cc_string).exists():
+            new_license = License()
+            new_license.cc_string = cc_string
+            new_license.link = f"https://creativecommons.org/licenses/{cc_string}/4.0/"
+            new_license.image_link = f"https://licensebuttons.net/l/{cc_string}/4.0/88x31.png"
+            new_license.save()
+
+    # As we might have existing Licenses representing the same License,
+    # get min pk and all pks as a list
+    license_lookup_qs = License.objects.values("cc_string").annotate(
+        lowest_pk=Min("id"), all_pks=ArrayAgg("id", order_by=("id",))
+    )
+
+    license_lookup = {
+        row["cc_string"]: (row["lowest_pk"], row["all_pks"]) for row in license_lookup_qs
+    }
+
+    Packages = apps.get_model("epdb", "Package")
+
+    for k, v in license_lookup.items():
+        # Set min pk to all packages pointing to any of the duplicates
+        Packages.objects.filter(pk__in=v[1]).update(license_id=v[0])
+        # remove the min pk from "other" pks as we use them for deletion
+        v[1].remove(v[0])
+        # Delete redundant License objects
+        License.objects.filter(pk__in=v[1]).delete()
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("epdb", "0010_license_cc_string"),
+    ]
+
+    operations = [migrations.RunPython(set_cc)]
--- a/epdb/migrations/0012_node_stereo_removed_pathway_predicted.py
+++ b/epdb/migrations/0012_node_stereo_removed_pathway_predicted.py
@ -0,0 +1,22 @@
+# Generated by Django 5.2.7 on 2025-12-02 13:09
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("epdb", "0011_auto_20251111_1413"),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name="node",
+            name="stereo_removed",
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name="pathway",
+            name="predicted",
+            field=models.BooleanField(default=False),
+        ),
+    ]
--- a/epdb/migrations/0013_setting_expansion_schema.py
+++ b/epdb/migrations/0013_setting_expansion_schema.py
@ -0,0 +1,25 @@
+# Generated by Django 5.2.7 on 2025-12-14 11:30
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("epdb", "0012_node_stereo_removed_pathway_predicted"),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name="setting",
+            name="expansion_schema",
+            field=models.CharField(
+                choices=[
+                    ("BFS", "Breadth First Search"),
+                    ("DFS", "Depth First Search"),
+                    ("GREEDY", "Greedy"),
+                ],
+                default="BFS",
+                max_length=20,
+            ),
+        ),
+    ]
--- a/epdb/migrations/0014_rename_expansion_schema_setting_expansion_scheme.py
+++ b/epdb/migrations/0014_rename_expansion_schema_setting_expansion_scheme.py
@ -0,0 +1,17 @@
+# Generated by Django 5.2.7 on 2025-12-14 16:02
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("epdb", "0013_setting_expansion_schema"),
+    ]
+
+    operations = [
+        migrations.RenameField(
+            model_name="setting",
+            old_name="expansion_schema",
+            new_name="expansion_scheme",
+        ),
+    ]
--- a/epdb/migrations/init.py
+++ b/epdb/migrations/init.py
--- a/epdb/models.py
+++ b/epdb/models.py
--- a/epdb/signals.py
+++ b/epdb/signals.py
@ -0,0 +1,37 @@
+import logging
+import os
+
+from django.conf import settings as s
+from django.db import transaction
+from django.db.models.signals import pre_delete, post_delete
+from django.dispatch import receiver
+
+from epdb.models import Node, Edge, EPModel
+
+logger = logging.getLogger(__name__)
+
+
+@receiver(pre_delete, sender=Node)
+@transaction.atomic
+def delete_orphan_edges(sender, instance, **kwargs):
+    # check if the node that is about to be deleted is the only start node
+    for edge in Edge.objects.filter(start_nodes=instance):
+        if edge.start_nodes.count() == 1:
+            edge.delete()
+
+    # same for end_nodes
+    for edge in Edge.objects.filter(end_nodes=instance):
+        # check if the node that is about to be deleted is the only start node
+        if edge.end_nodes.count() == 1:
+            edge.delete()
+
+
+@receiver(post_delete, sender=EPModel)
+def delete_epmodel_files(sender, instance, **kwargs):
+    # Delete the files on disk for the deleted model
+    mod_uuid = str(instance.uuid)
+
+    for f in os.listdir(s.MODEL_DIR):
+        if f.startswith(mod_uuid):
+            logger.info(f"Deleting {os.path.join(s.MODEL_DIR, f)}")
+            os.remove(os.path.join(s.MODEL_DIR, f))
--- a/epdb/tasks.py
+++ b/epdb/tasks.py
@ -0,0 +1,441 @@
+import csv
+import io
+import logging
+from typing import Any, Callable, List, Optional
+from uuid import uuid4
+
+from celery import shared_task
+from celery.utils.functional import LRUCache
+from django.conf import settings as s
+from django.utils import timezone
+
+from epdb.logic import SPathway
+from epdb.models import Edge, EPModel, JobLog, Node, Pathway, Rule, Setting, User
+from utilities.chem import FormatConverter
+
+logger = logging.getLogger(__name__)
+ML_CACHE = LRUCache(3)  # Cache the three most recent ML models to reduce load times.
+
+Package = s.GET_PACKAGE_MODEL()
+
+
+def get_ml_model(model_pk: int):
+    if model_pk not in ML_CACHE:
+        ML_CACHE[model_pk] = EPModel.objects.get(id=model_pk)
+    return ML_CACHE[model_pk]
+
+
+def dispatch_eager(user: "User", job: Callable, *args, **kwargs):
+    try:
+        x = job(*args, **kwargs)
+        log = JobLog()
+        log.user = user
+        log.task_id = uuid4()
+        log.job_name = job.__name__
+        log.status = "SUCCESS"
+        log.done_at = timezone.now()
+        log.task_result = str(x) if x else None
+        log.save()
+
+        return log, x
+    except Exception as e:
+        logger.exception(e)
+        raise e
+
+
+def dispatch(user: "User", job: Callable, *args, **kwargs):
+    try:
+        x = job.delay(*args, **kwargs)
+        log = JobLog()
+        log.user = user
+        log.task_id = x.task_id
+        log.job_name = job.__name__
+        log.status = "INITIAL"
+        log.save()
+
+        return log
+    except Exception as e:
+        logger.exception(e)
+        raise e
+
+
+@shared_task(queue="background")
+def mul(a, b):
+    return a * b
+
+
+@shared_task(queue="predict")
+def predict_simple(model_pk: int, smiles: str):
+    mod = get_ml_model(model_pk)
+    res = mod.predict(smiles)
+    return res
+
+
+@shared_task(queue="background")
+def send_registration_mail(user_pk: int):
+    pass
+
+
+@shared_task(bind=True, queue="model")
+def build_model(self, model_pk: int):
+    mod = EPModel.objects.get(id=model_pk)
+
+    if JobLog.objects.filter(task_id=self.request.id).exists():
+        JobLog.objects.filter(task_id=self.request.id).update(status="RUNNING", task_result=mod.url)
+
+    try:
+        mod.build_dataset()
+        mod.build_model()
+    except Exception as e:
+        if JobLog.objects.filter(task_id=self.request.id).exists():
+            JobLog.objects.filter(task_id=self.request.id).update(
+                status="FAILED", task_result=mod.url
+            )
+
+        raise e
+
+    if JobLog.objects.filter(task_id=self.request.id).exists():
+        JobLog.objects.filter(task_id=self.request.id).update(status="SUCCESS", task_result=mod.url)
+
+    return mod.url
+
+
+@shared_task(bind=True, queue="model")
+def evaluate_model(self, model_pk: int, multigen: bool, package_pks: Optional[list] = None):
+    packages = None
+
+    if package_pks:
+        packages = Package.objects.filter(pk__in=package_pks)
+
+    mod = EPModel.objects.get(id=model_pk)
+    if JobLog.objects.filter(task_id=self.request.id).exists():
+        JobLog.objects.filter(task_id=self.request.id).update(status="RUNNING", task_result=mod.url)
+
+    try:
+        mod.evaluate_model(multigen, eval_packages=packages)
+    except Exception as e:
+        if JobLog.objects.filter(task_id=self.request.id).exists():
+            JobLog.objects.filter(task_id=self.request.id).update(
+                status="FAILED", task_result=mod.url
+            )
+
+        raise e
+
+    if JobLog.objects.filter(task_id=self.request.id).exists():
+        JobLog.objects.filter(task_id=self.request.id).update(status="SUCCESS", task_result=mod.url)
+
+    return mod.url
+
+
+@shared_task(queue="model")
+def retrain(model_pk: int):
+    mod = EPModel.objects.get(id=model_pk)
+    mod.retrain()
+
+
+@shared_task(bind=True, queue="predict")
+def predict(
+    self,
+    pw_pk: int,
+    pred_setting_pk: int,
+    limit: Optional[int] = None,
+    node_pk: Optional[int] = None,
+    setting_overrides: Optional[dict] = None,
+) -> Pathway:
+    pw = Pathway.objects.get(id=pw_pk)
+    setting = Setting.objects.get(id=pred_setting_pk)
+
+    if setting_overrides:
+        for k, v in setting_overrides.items():
+            setattr(setting, k, v)
+
+    # If the setting has a model add/restore it from the cache
+    if setting.model is not None:
+        setting.model = get_ml_model(setting.model.pk)
+
+    kv = {"status": "running"}
+
+    if setting_overrides:
+        kv["setting_overrides"] = setting_overrides
+
+    pw.kv.update(**kv)
+    pw.save()
+
+    if JobLog.objects.filter(task_id=self.request.id).exists():
+        JobLog.objects.filter(task_id=self.request.id).update(status="RUNNING", task_result=pw.url)
+
+    try:
+        # regular prediction
+        if limit is not None:
+            spw = SPathway(prediction_setting=setting, persist=pw)
+            level = 0
+            while not spw.done:
+                spw.predict_step(from_depth=level)
+                level += 1
+
+                # break in case we are in incremental mode
+                if limit != -1:
+                    if level >= limit:
+                        break
+
+        elif node_pk is not None:
+            n = Node.objects.get(id=node_pk, pathway=pw)
+            spw = SPathway.from_pathway(pw)
+            spw.predict_step(from_node=n)
+        else:
+            spw = SPathway(prediction_setting=setting, persist=pw)
+            spw.predict()
+
+    except Exception as e:
+        pw.kv.update({"status": "failed"})
+        pw.kv.update(**{"error": str(e)})
+        pw.save()
+
+        if JobLog.objects.filter(task_id=self.request.id).exists():
+            JobLog.objects.filter(task_id=self.request.id).update(
+                status="FAILED", task_result=pw.url
+            )
+
+        raise e
+
+    pw.kv.update(**{"status": "completed"})
+    pw.save()
+
+    if JobLog.objects.filter(task_id=self.request.id).exists():
+        JobLog.objects.filter(task_id=self.request.id).update(status="SUCCESS", task_result=pw.url)
+
+    return pw.url
+
+
+@shared_task(bind=True, queue="background")
+def identify_missing_rules(
+    self,
+    pw_pks: List[int],
+    rule_package_pk: int,
+):
+    from utilities.misc import PathwayUtils
+
+    rules = Package.objects.get(pk=rule_package_pk).get_applicable_rules()
+
+    rows: List[Any] = []
+    header = [
+        "Package Name",
+        "Pathway Name",
+        "Educt Name",
+        "Educt SMILES",
+        "Reaction Name",
+        "Reaction SMIRKS",
+        "Triggered Rules",
+        "Reactant SMARTS",
+        "Product SMARTS",
+        "Product Names",
+        "Product SMILES",
+    ]
+
+    rows.append(header)
+
+    for pw in Pathway.objects.filter(pk__in=pw_pks):
+        pu = PathwayUtils(pw)
+
+        missing_rules = pu.find_missing_rules(rules)
+
+        package_name = pw.package.name
+        pathway_name = pw.name
+
+        for edge_url, rule_chain in missing_rules.items():
+            row: List[Any] = [package_name, pathway_name]
+            edge = Edge.objects.get(url=edge_url)
+            educts = edge.start_nodes.all()
+
+            for educt in educts:
+                row.append(educt.default_node_label.name)
+                row.append(educt.default_node_label.smiles)
+
+            row.append(edge.edge_label.name)
+            row.append(edge.edge_label.smirks())
+
+            rule_names = []
+            reactant_smarts = []
+            product_smarts = []
+
+            for r in rule_chain:
+                r = Rule.objects.get(url=r[0])
+                rule_names.append(r.name)
+
+                rs = r.reactants_smarts
+                if isinstance(rs, set):
+                    rs = list(rs)
+
+                ps = r.products_smarts
+                if isinstance(ps, set):
+                    ps = list(ps)
+
+                reactant_smarts.append(rs)
+                product_smarts.append(ps)
+
+            row.append(rule_names)
+            row.append(reactant_smarts)
+            row.append(product_smarts)
+
+            products = edge.end_nodes.all()
+            product_names = []
+            product_smiles = []
+
+            for product in products:
+                product_names.append(product.default_node_label.name)
+                product_smiles.append(product.default_node_label.smiles)
+
+            row.append(product_names)
+            row.append(product_smiles)
+
+            rows.append(row)
+
+    buffer = io.StringIO()
+
+    writer = csv.writer(buffer)
+    writer.writerows(rows)
+
+    buffer.seek(0)
+
+    return buffer.getvalue()
+
+
+@shared_task(bind=True, queue="background")
+def engineer_pathways(self, pw_pks: List[int], setting_pk: int, target_package_pk: int):
+    from utilities.misc import PathwayUtils
+
+    setting = Setting.objects.get(pk=setting_pk)
+    # Temporarily set model_threshold to 0.0 to keep all tps
+    setting.model_threshold = 0.0
+
+    target = Package.objects.get(pk=target_package_pk)
+
+    intermediate_pathways = []
+    predicted_pathways = []
+
+    for pw in Pathway.objects.filter(pk__in=pw_pks):
+        pu = PathwayUtils(pw)
+
+        eng_pw, node_to_snode_mapping, intermediates = pu.engineer(setting)
+
+        # If we've found intermediates, do the following
+        # - Get a copy of the original pathway and add intermediates
+        # - Store the predicted pathway for further investigation
+        if len(intermediates):
+            copy_mapping = {}
+            copied_pw = pw.copy(target, copy_mapping)
+            copied_pw.name = f"{copied_pw.name} (Engineered)"
+            copied_pw.description = f"The original Pathway can be found here: {pw.url}"
+            copied_pw.save()
+
+            for inter in intermediates:
+                start = copy_mapping[inter[0]]
+                end = copy_mapping[inter[1]]
+                start_snode = inter[2]
+                end_snode = inter[3]
+                for idx, intermediate_edge in enumerate(inter[4]):
+                    smiles_to_node = {}
+
+                    snodes_to_create = list(
+                        set(intermediate_edge.educts + intermediate_edge.products)
+                    )
+
+                    for snode in snodes_to_create:
+                        if snode == start_snode or snode == end_snode:
+                            smiles_to_node[snode.smiles] = start if snode == start_snode else end
+                            continue
+
+                        if snode.smiles not in smiles_to_node:
+                            n = Node.create(copied_pw, smiles=snode.smiles, depth=snode.depth)
+                            # Used in viz to highlight intermediates
+                            n.kv.update({"is_engineered_intermediate": True})
+                            n.save()
+                            smiles_to_node[snode.smiles] = n
+
+                    Edge.create(
+                        copied_pw,
+                        [smiles_to_node[educt.smiles] for educt in intermediate_edge.educts],
+                        [smiles_to_node[product.smiles] for product in intermediate_edge.products],
+                        rule=intermediate_edge.rule,
+                    )
+
+            # Persist the predicted pathway
+            pred_pw = pu.spathway_to_pathway(target, eng_pw, name=f"{pw.name} (Predicted)")
+
+            intermediate_pathways.append(copied_pw.url)
+            predicted_pathways.append(pred_pw.url)
+
+    return intermediate_pathways, predicted_pathways
+
+
+@shared_task(bind=True, queue="background")
+def batch_predict(
+    self,
+    substrates: List[str] | List[List[str]],
+    prediction_setting_pk: int,
+    target_package_pk: int,
+    num_tps: int = 50,
+):
+    target_package = Package.objects.get(pk=target_package_pk)
+    prediction_setting = Setting.objects.get(pk=prediction_setting_pk)
+
+    if len(substrates) == 0:
+        raise ValueError("No substrates given!")
+
+    is_pair = isinstance(substrates[0], list)
+
+    substrate_and_names = []
+    if not is_pair:
+        for sub in substrates:
+            substrate_and_names.append([sub, None])
+    else:
+        substrate_and_names = substrates
+
+    # Check prerequisite that we can standardize all substrates
+    standardized_substrates_and_smiles = []
+    for substrate in substrate_and_names:
+        try:
+            stand_smiles = FormatConverter.standardize(substrate[0])
+            standardized_substrates_and_smiles.append([stand_smiles, substrate[1]])
+        except ValueError:
+            raise ValueError(
+                f'Pathway prediction failed as standardization of SMILES "{substrate}" failed!'
+            )
+
+    pathways = []
+
+    for pair in standardized_substrates_and_smiles:
+        pw = Pathway.create(
+            target_package,
+            pair[0],
+            name=pair[1],
+            predicted=True,
+        )
+
+        # set mode and setting
+        pw.setting = prediction_setting
+        pw.kv.update({"mode": "predict"})
+        pw.save()
+
+        predict(
+            pw.pk,
+            prediction_setting.pk,
+            limit=None,
+            setting_overrides={
+                "max_nodes": num_tps,
+                "max_depth": num_tps,
+                "model_threshold": 0.001,
+            },
+        )
+
+        pathways.append(pw)
+
+    buffer = io.StringIO()
+
+    for idx, pw in enumerate(pathways):
+        # Carry out header only for the first pathway
+        buffer.write(pw.to_csv(include_header=idx == 0, include_pathway_url=True))
+
+    buffer.seek(0)
+
+    return buffer.getvalue()
--- a/epdb/templatetags/init.py
+++ b/epdb/templatetags/init.py
--- a/epdb/templatetags/envipytags.py
+++ b/epdb/templatetags/envipytags.py
@ -0,0 +1,21 @@
+from django import template
+from pydantic import AnyHttpUrl, ValidationError
+from pydantic.type_adapter import TypeAdapter
+
+register = template.Library()
+
+url_adapter = TypeAdapter(AnyHttpUrl)
+
+
+@register.filter
+def classname(obj):
+    return obj.__class__.__name__
+
+
+@register.filter
+def is_url(value):
+    try:
+        url_adapter.validate_python(value)
+        return True
+    except ValidationError:
+        return False
--- a/epdb/urls.py
+++ b/epdb/urls.py
@ -0,0 +1,213 @@
+from django.contrib.auth import views as auth_views
+from django.urls import path, re_path
+
+from . import views as v
+
+UUID = "[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}"
+
+urlpatterns = [
+    # Home
+    re_path(r"^$", v.index, name="index"),
+    # Login
+    re_path(r"^login", v.login, name="login"),
+    re_path(r"^logout", v.logout, name="logout"),
+    re_path(r"^register", v.register, name="register"),
+    # Built-In views
+    path(
+        "password_reset/",
+        auth_views.PasswordResetView.as_view(template_name="static/password_reset_form.html"),
+        name="password_reset",
+    ),
+    path(
+        "password_reset/done/",
+        auth_views.PasswordResetDoneView.as_view(template_name="static/password_reset_done.html"),
+        name="password_reset_done",
+    ),
+    path(
+        "reset/<uidb64>/<token>/",
+        auth_views.PasswordResetConfirmView.as_view(
+            template_name="static/password_reset_confirm.html"
+        ),
+        name="password_reset_confirm",
+    ),
+    path(
+        "reset/done/",
+        auth_views.PasswordResetCompleteView.as_view(
+            template_name="static/password_reset_complete.html"
+        ),
+        name="password_reset_complete",
+    ),
+    # Top level urls
+    re_path(r"^package$", v.packages, name="packages"),
+    re_path(r"^compound$", v.compounds, name="compounds"),
+    re_path(r"^rule$", v.rules, name="rules"),
+    re_path(r"^reaction$", v.reactions, name="reactions"),
+    re_path(r"^pathway$", v.pathways, name="pathways"),
+    re_path(r"^scenario$", v.scenarios, name="scenarios"),
+    re_path(r"^model$", v.models, name="model"),
+    re_path(r"^user$", v.users, name="users"),
+    re_path(r"^group$", v.groups, name="groups"),
+    re_path(r"^search$", v.search, name="search"),
+    re_path(r"^predict$", v.predict_pathway, name="predict_pathway"),
+    re_path(r"^batch-predict$", v.batch_predict_pathway, name="batch_predict_pathway"),
+    # User Detail
+    re_path(rf"^user/(?P<user_uuid>{UUID})", v.user, name="user"),
+    # Group Detail
+    re_path(rf"^group/(?P<group_uuid>{UUID})$", v.group, name="group detail"),
+    # "in package" urls
+    re_path(rf"^package/(?P<package_uuid>{UUID})$", v.package, name="package detail"),
+    # Compound
+    re_path(
+        rf"^package/(?P<package_uuid>{UUID})/compound$",
+        v.package_compounds,
+        name="package compound list",
+    ),
+    re_path(
+        rf"^package/(?P<package_uuid>{UUID})/compound/(?P<compound_uuid>{UUID})$",
+        v.package_compound,
+        name="package compound detail",
+    ),
+    # Compound Structure
+    re_path(
+        rf"^package/(?P<package_uuid>{UUID})/compound/(?P<compound_uuid>{UUID})/structure$",
+        v.package_compound_structures,
+        name="package compound structure list",
+    ),
+    re_path(
+        rf"^package/(?P<package_uuid>{UUID})/compound/(?P<compound_uuid>{UUID})/structure/(?P<structure_uuid>{UUID})$",
+        v.package_compound_structure,
+        name="package compound structure detail",
+    ),
+    # Rule
+    re_path(rf"^package/(?P<package_uuid>{UUID})/rule$", v.package_rules, name="package rule list"),
+    re_path(
+        rf"^package/(?P<package_uuid>{UUID})/rule/(?P<rule_uuid>{UUID})$",
+        v.package_rule,
+        name="package rule detail",
+    ),
+    re_path(
+        rf"^package/(?P<package_uuid>{UUID})/simple-ambit-rule/(?P<rule_uuid>{UUID})$",
+        v.package_rule,
+        name="package rule detail",
+    ),
+    # re_path(
+    #     rf"^package/(?P<package_uuid>{UUID})/simple-rdkit-rule/(?P<rule_uuid>{UUID})$",
+    #     v.package_rule,
+    #     name="package rule detail",
+    # ),
+    re_path(
+        rf"^package/(?P<package_uuid>{UUID})/parallel-rule/(?P<rule_uuid>{UUID})$",
+        v.package_rule,
+        name="package rule detail",
+    ),
+    # re_path(
+    #     rf"^package/(?P<package_uuid>{UUID})/sequential-rule/(?P<rule_uuid>{UUID})$",
+    #     v.package_rule,
+    #     name="package rule detail",
+    # ),
+    # EnzymeLinks
+    re_path(
+        rf"^package/(?P<package_uuid>{UUID})/rule/(?P<rule_uuid>{UUID})/enzymelink/(?P<enzymelink_uuid>{UUID})$",
+        v.package_rule_enzymelink,
+        name="package rule enzymelink detail",
+    ),
+    re_path(
+        rf"^package/(?P<package_uuid>{UUID})/simple-ambit-rule/(?P<rule_uuid>{UUID})/enzymelink/(?P<enzymelink_uuid>{UUID})$",
+        v.package_rule_enzymelink,
+        name="package rule enzymelink detail",
+    ),
+    re_path(
+        rf"^package/(?P<package_uuid>{UUID})/parallel-rule/(?P<rule_uuid>{UUID})/enzymelink/(?P<enzymelink_uuid>{UUID})$",
+        v.package_rule_enzymelink,
+        name="package rule enzymelink detail",
+    ),
+    # Reaction
+    re_path(
+        rf"^package/(?P<package_uuid>{UUID})/reaction$",
+        v.package_reactions,
+        name="package reaction list",
+    ),
+    re_path(
+        rf"^package/(?P<package_uuid>{UUID})/reaction/(?P<reaction_uuid>{UUID})$",
+        v.package_reaction,
+        name="package reaction detail",
+    ),
+    # # Pathway
+    re_path(
+        rf"^package/(?P<package_uuid>{UUID})/pathway$",
+        v.package_pathways,
+        name="package pathway list",
+    ),
+    re_path(
+        rf"^package/(?P<package_uuid>{UUID})/pathway/(?P<pathway_uuid>{UUID})$",
+        v.package_pathway,
+        name="package pathway detail",
+    ),
+    re_path(
+        rf"^package/(?P<package_uuid>{UUID})/predict$",
+        v.package_predict_pathway,
+        name="package predict pathway",
+    ),
+    # Pathway Nodes
+    re_path(
+        rf"^package/(?P<package_uuid>{UUID})/pathway/(?P<pathway_uuid>{UUID})/node$",
+        v.package_pathway_nodes,
+        name="package pathway node list",
+    ),
+    re_path(
+        rf"^package/(?P<package_uuid>{UUID})/pathway/(?P<pathway_uuid>{UUID})/node/(?P<node_uuid>{UUID})$",
+        v.package_pathway_node,
+        name="package pathway node detail",
+    ),
+    # Pathway Edges
+    re_path(
+        rf"^package/(?P<package_uuid>{UUID})/pathway/(?P<pathway_uuid>{UUID})/edge$",
+        v.package_pathway_edges,
+        name="package pathway edge list",
+    ),
+    re_path(
+        rf"^package/(?P<package_uuid>{UUID})/pathway/(?P<pathway_uuid>{UUID})/edge/(?P<edge_uuid>{UUID})$",
+        v.package_pathway_edge,
+        name="package pathway edge detail",
+    ),
+    # Scenario
+    re_path(
+        rf"^package/(?P<package_uuid>{UUID})/scenario$",
+        v.package_scenarios,
+        name="package scenario list",
+    ),
+    re_path(
+        rf"^package/(?P<package_uuid>{UUID})/scenario/(?P<scenario_uuid>{UUID})$",
+        v.package_scenario,
+        name="package scenario detail",
+    ),
+    # Model
+    re_path(
+        rf"^package/(?P<package_uuid>{UUID})/model$", v.package_models, name="package model list"
+    ),
+    re_path(
+        rf"^package/(?P<package_uuid>{UUID})/model/(?P<model_uuid>{UUID})$",
+        v.package_model,
+        name="package model detail",
+    ),
+    re_path(r"^setting$", v.settings, name="settings"),
+    re_path(rf"^setting/(?P<setting_uuid>{UUID})", v.setting, name="setting"),
+    re_path(r"^indigo/info$", v.indigo, name="indigo_info"),
+    re_path(r"^indigo/aromatize$", v.aromatize, name="indigo_aromatize"),
+    re_path(r"^indigo/dearomatize$", v.dearomatize, name="indigo_dearomatize"),
+    re_path(r"^indigo/layout$", v.layout, name="indigo_layout"),
+    re_path(r"^depict$", v.depict, name="depict"),
+    path("jobs", v.jobs, name="jobs"),
+    path("jobs/<uuid:job_uuid>", v.job, name="job detail"),
+    # OAuth Stuff
+    path("o/userinfo/", v.userinfo, name="oauth_userinfo"),
+    # Static Pages
+    re_path(r"^terms$", v.static_terms_of_use, name="terms_of_use"),
+    re_path(r"^privacy$", v.static_privacy_policy, name="privacy_policy"),
+    re_path(r"^cookie-policy$", v.static_cookie_policy, name="cookie_policy"),
+    re_path(r"^about$", v.static_about_us, name="about_us"),
+    re_path(r"^contact$", v.static_contact_support, name="contact_support"),
+    re_path(r"^careers$", v.static_careers, name="careers"),
+    re_path(r"^cite$", v.static_cite, name="cite"),
+    re_path(r"^legal$", v.static_legal, name="legal"),
+]
--- a/epdb/views.py
+++ b/epdb/views.py
--- a/fixtures/Fixture_Package.json
+++ b/fixtures/Fixture_Package.json
--- a/fixtures/ambit_rules.json.gz
+++ b/fixtures/ambit_rules.json.gz
--- a/fixtures/migration_status_per_rule.json
+++ b/fixtures/migration_status_per_rule.json
--- a/fixtures/models/2750eaca-bc13-4018-81c2-f7f9d94bc435_ds.pkl
+++ b/fixtures/models/2750eaca-bc13-4018-81c2-f7f9d94bc435_ds.pkl
--- a/fixtures/models/2750eaca-bc13-4018-81c2-f7f9d94bc435_mod.pkl
+++ b/fixtures/models/2750eaca-bc13-4018-81c2-f7f9d94bc435_mod.pkl
--- a/fixtures/packages/2025-07-18/EAWAG-BBD-SOIL-combined-rules-only-080221
+++ b/fixtures/packages/2025-07-18/EAWAG-BBD-SOIL-combined-rules-only-080221
--- a/fixtures/packages/2025-07-18/EAWAG-BBD.json
+++ b/fixtures/packages/2025-07-18/EAWAG-BBD.json
--- a/Show More
+++ b/Show More