diff --git a/CLAUDE.md b/CLAUDE.md
index 579de0e2..8c98d998 100644
--- a/CLAUDE.md
+++ b/CLAUDE.md
@@ -1,1316 +1,213 @@
-## Claude Guidelines for this Project
-
----
+# Claude Guidelines for CannaiQ
 
 ## PERMANENT RULES (NEVER VIOLATE)
 
-### 1. NO DELETION OF DATA — EVER
+### 1. NO DELETE
+Never delete data, files, images, logs, or database rows. CannaiQ is a historical analytics system.
 
-CannaiQ is a **historical analytics system**. Data retention is **permanent by design**.
+### 2. NO KILL
+Never run `pkill`, `kill`, `killall`, or similar. Say "Please run `./stop-local.sh`" instead.
 
-**NEVER delete:**
-- Product records
-- Crawled snapshots
-- Images
-- Directories
-- Logs
-- Orchestrator traces
-- Profiles
-- Selector configs
-- Crawl outcomes
-- Store data
-- Brand data
+### 3. NO MANUAL STARTUP
+Never start servers manually. Say "Please run `./setup-local.sh`" instead.
 
-**NEVER automate cleanup:**
-- No cron or scheduled job may `rm`, `unlink`, `delete`, `purge`, `prune`, `clean`, or `reset` any storage directory or DB row
-- No migration may DELETE data — only add/update/alter columns
-- If cleanup is required, ONLY the user may issue a manual command
+### 4. DEPLOYMENT AUTH REQUIRED
+Never deploy unless user explicitly says: "CLAUDE — DEPLOYMENT IS NOW AUTHORIZED."
 
-**Code enforcement:**
-- `local-storage.ts` must only: write files, create directories, read files
-- No `deleteImage`, `deleteProductImages`, or similar functions
-
-### 2. NO PROCESS KILLING — EVER
-
-**Claude must NEVER run process-killing commands:**
-- No `pkill`
-- No `kill -9`
-- No `xargs kill`
-- No `lsof | kill`
-- No `killall`
-- No `fuser -k`
-
-**Claude must NOT manage host processes.** Only user scripts manage the local environment.
-
-**Correct behavior:**
-- If backend is running on port 3010 → say: "Backend already running"
-- If backend is NOT running → say: "Please run `./setup-local.sh`"
-
-**Process management is done ONLY by user scripts:**
-```bash
-./setup-local.sh   # Start local environment
-./stop-local.sh    # Stop local environment
-```
-
-### 3. NO MANUAL SERVER STARTUP — EVER
-
-**Claude must NEVER start the backend manually:**
-- No `npx tsx src/index.ts`
-- No `node dist/index.js`
-- No `npm run dev` with custom env vars
-- No `DATABASE_URL=... npx tsx ...`
-
-**Claude must NEVER set DATABASE_URL in shell commands:**
-- DB connection uses `CANNAIQ_DB_*` env vars or `CANNAIQ_DB_URL` from the user's environment
-- Never hardcode connection strings in bash commands
-- Never override env vars to bypass the user's DB setup
-
-**If backend is not running:**
-- Say: "Please run `./setup-local.sh`"
-- Do NOT attempt to start it yourself
-
-**If a dependency is missing:**
-- Add it to `package.json`
-- Say: "Please run `cd backend && npm install`"
-- Do NOT try to solve it by starting a custom dev server
-
-**The ONLY way to start local services:**
-```bash
-cd backend
-./setup-local.sh
-```
-
-### 4. DEPLOYMENT AUTHORIZATION REQUIRED
-
-**NEVER deploy to production unless the user explicitly says:**
-> "CLAUDE — DEPLOYMENT IS NOW AUTHORIZED."
-
-Until then:
-- All work is LOCAL ONLY
-- No `kubectl apply`, `docker push`, or remote operations
-- No port-forwarding to production
-- No connecting to Kubernetes clusters
-
-### 5. DATABASE CONNECTION ARCHITECTURE
-
-**Migration code is CLI-only. Runtime code must NOT import `src/db/migrate.ts`.**
-
-| Module | Purpose | Import From |
-|--------|---------|-------------|
-| `src/db/migrate.ts` | CLI migrations only | **NEVER import at runtime** |
-| `src/db/pool.ts` | Runtime database pool | `import { pool } from '../db/pool'` |
-| `src/dutchie-az/db/connection.ts` | Canonical connection helper | Alternative for runtime |
-
-**Runtime gets DB connections ONLY via:**
-```typescript
-import { pool } from '../db/pool';
-// or
-import { getPool } from '../dutchie-az/db/connection';
-```
-
-**To run migrations:**
-```bash
-cd backend
-npx tsx src/db/migrate.ts
-```
-
-**Why this matters:**
-- `migrate.ts` validates env vars strictly and throws at module load time
-- Importing it at runtime causes startup crashes if env vars aren't perfect
-- `pool.ts` uses lazy initialization - only validates when first query is made
-
-### 6. ALL API ROUTES REQUIRE AUTHENTICATION — NO EXCEPTIONS
-
-**Every API router MUST apply `authMiddleware` at the router level.**
-
-```typescript
-import { authMiddleware } from '../auth/middleware';
-
-const router = Router();
-router.use(authMiddleware);  // REQUIRED - first line after router creation
-```
-
-**Authentication flow (see `src/auth/middleware.ts`):**
-1. Check Bearer token (JWT or API token) → grant access if valid
-2. Check trusted origins (cannaiq.co, findadispo.com, localhost, etc.) → grant access
-3. Check trusted IPs (127.0.0.1, ::1, internal pod IPs) → grant access
-4. **Return 401 Unauthorized** if none of the above
-
-**NEVER create API routes without auth middleware:**
-- No "public" endpoints that bypass authentication
-- No "read-only" exceptions
-- No "analytics-only" exceptions
-- If an endpoint exists under `/api/*`, it MUST be protected
-
-**When creating new route files:**
-1. Import `authMiddleware` from `../auth/middleware`
-2. Add `router.use(authMiddleware)` immediately after creating the router
-3. Document security requirements in file header comments
-
-**Trusted origins (defined in middleware):**
-- `https://cannaiq.co`
-- `https://findadispo.com`
-- `https://findagram.co`
-- `*.cannabrands.app` domains
-- `localhost:*` for development
-
-### 7. LOCAL DEVELOPMENT BY DEFAULT
-
-**Quick Start:**
-```bash
-./setup-local.sh
-```
-
-**Services (all started by setup-local.sh):**
-| Service | URL | Purpose |
-|---------|-----|---------|
-| PostgreSQL | localhost:54320 | cannaiq-postgres container |
-| Backend API | http://localhost:3010 | Express API server |
-| CannaiQ Admin | http://localhost:8080/admin | B2B admin dashboard |
-| FindADispo | http://localhost:3001 | Consumer dispensary finder |
-| Findagram | http://localhost:3002 | Consumer delivery marketplace |
-
-**In local mode:**
-- Use `docker-compose.local.yml` (NO MinIO)
-- Use local filesystem storage at `./storage`
-- Connect to `cannaiq-postgres` at `localhost:54320`
-- Backend runs at `localhost:3010`
-- All three frontends run on separate ports (8080, 3001, 3002)
-- NO remote connections, NO Kubernetes, NO MinIO
-
-**Environment:**
-- All DB config is in `backend/.env`
-- STORAGE_DRIVER=local
-- STORAGE_BASE_PATH=./storage
-
-**Local Admin Bootstrap:**
-```bash
-cd backend
-npx tsx src/scripts/bootstrap-local-admin.ts
-```
-
-Creates/resets a deterministic local admin user:
-| Field | Value |
-|-------|-------|
-| Email | `admin@local.test` |
-| Password | `admin123` |
-| Role | `superadmin` |
-
-This is a LOCAL-DEV helper only. Never use these credentials in production.
-
-**Manual startup (if not using setup-local.sh):**
-```bash
-# Terminal 1: Start PostgreSQL
-docker-compose -f docker-compose.local.yml up -d
-
-# Terminal 2: Start Backend
-cd backend && npm run dev
-
-# Terminal 3: Start Frontend
-cd cannaiq && npm run dev:admin
-```
-
-**Stop services:**
-```bash
-./stop-local.sh
-```
+### 5. DB POOL ONLY
+Never import `src/db/migrate.ts` at runtime. Use `src/db/pool.ts` for DB access.
 
 ---
 
-## DATABASE MODEL (CRITICAL)
+## Quick Reference
 
-### Database Architecture
+### Database Tables
+| USE THIS | NOT THIS |
+|----------|----------|
+| `dispensaries` | `stores` (empty) |
+| `store_products` | `products` (empty) |
+| `store_product_snapshots` | `dutchie_product_snapshots` |
 
-CannaiQ has **TWO databases** with distinct purposes:
+### Key Files
+| Purpose | File |
+|---------|------|
+| Dutchie client | `src/platforms/dutchie/client.ts` |
+| DB pool | `src/db/pool.ts` |
+| Payload fetch | `src/tasks/handlers/payload-fetch.ts` |
+| Product refresh | `src/tasks/handlers/product-refresh.ts` |
 
-| Database | Purpose | Access |
-|----------|---------|--------|
-| `dutchie_menus` | **Canonical CannaiQ database** - All schema, migrations, and application data | READ/WRITE |
-| `dutchie_legacy` | **Legacy read-only archive** - Historical data from old system | READ-ONLY |
+### Dutchie GraphQL
+- **Endpoint**: `https://dutchie.com/api-3/graphql`
+- **Hash (FilteredProducts)**: `ee29c060826dc41c527e470e9ae502c9b2c169720faa0a9f5d25e1b9a530a4a0`
+- **CRITICAL**: Use `Status: 'Active'` (not `null`)
 
-### Store vs Dispensary Terminology
-
-**"Store" and "Dispensary" are SYNONYMS in CannaiQ.**
-
-| Term | Usage | DB Table |
-|------|-------|----------|
-| Store | API routes (`/api/stores`) | `dispensaries` |
-| Dispensary | DB table, internal code | `dispensaries` |
-
-- `/api/stores` and `/api/dispensaries` both query the `dispensaries` table
-- There is NO `stores` table in use - it's a legacy empty table
-- Use these terms interchangeably in code and documentation
-
-### Canonical vs Legacy Tables
-
-**CANONICAL TABLES (USE THESE):**
-
-| Table | Purpose | Row Count |
-|-------|---------|-----------|
-| `dispensaries` | Store/dispensary records | ~188+ rows |
-| `store_products` | Product catalog | ~37,000+ rows |
-| `store_product_snapshots` | Price/stock history | ~millions |
-
-**LEGACY TABLES (EMPTY - DO NOT USE):**
-
-| Table | Status | Action |
-|-------|--------|--------|
-| `stores` | EMPTY (0 rows) | Use `dispensaries` instead |
-| `products` | EMPTY (0 rows) | Use `store_products` instead |
-| `dutchie_products` | LEGACY (0 rows) | Use `store_products` instead |
-| `dutchie_product_snapshots` | LEGACY (0 rows) | Use `store_product_snapshots` instead |
-| `categories` | EMPTY (0 rows) | Categories stored in product records |
-
-**Code must NEVER:**
-- Query the `stores` table (use `dispensaries`)
-- Query the `products` table (use `store_products`)
-- Query the `dutchie_products` table (use `store_products`)
-- Query the `categories` table (categories are in product records)
-
-**CRITICAL RULES:**
-- **Migrations ONLY run on `dutchie_menus`** - NEVER on `dutchie_legacy`
-- **Application code connects ONLY to `dutchie_menus`**
-- **ETL scripts READ from `dutchie_legacy`, WRITE to `dutchie_menus`**
-- `dutchie_legacy` is frozen - NO writes, NO schema changes, NO migrations
-
-### Environment Variables
-
-**CannaiQ Database (dutchie_menus) - PRIMARY:**
-```bash
-# All application/migration DB access uses these env vars:
-CANNAIQ_DB_HOST=localhost       # Database host
-CANNAIQ_DB_PORT=54320           # Database port
-CANNAIQ_DB_NAME=dutchie_menus   # MUST be dutchie_menus
-CANNAIQ_DB_USER=dutchie         # Database user
-CANNAIQ_DB_PASS=<password>      # Database password
-
-# OR use a full connection string:
-CANNAIQ_DB_URL=postgresql://user:pass@host:port/dutchie_menus
-```
-
-**Legacy Database (dutchie_legacy) - ETL ONLY:**
-```bash
-# Only used by ETL scripts for reading legacy data:
-LEGACY_DB_HOST=localhost
-LEGACY_DB_PORT=54320
-LEGACY_DB_NAME=dutchie_legacy   # READ-ONLY - never migrated
-LEGACY_DB_USER=dutchie
-LEGACY_DB_PASS=<password>
-
-# OR use a full connection string:
-LEGACY_DB_URL=postgresql://user:pass@host:port/dutchie_legacy
-```
-
-**Key Rules:**
-- `CANNAIQ_DB_NAME` MUST be `dutchie_menus` for application/migrations
-- `LEGACY_DB_NAME` is `dutchie_legacy` - READ-ONLY for ETL only
-- ALL application code MUST use `CANNAIQ_DB_*` environment variables
-- No hardcoded database names anywhere in the codebase
-- `backend/.env` controls all database access for local development
-
-**State Modeling:**
-- States (AZ, MI, CA, NV, etc.) are modeled via `states` table + `state_id` on dispensaries
-- NO separate databases per state
-- Use `state_code` or `state_id` columns for filtering
-
-### Migration and ETL Procedure
-
-**Step 1: Run schema migration (on dutchie_menus ONLY):**
-```bash
-cd backend
-psql "postgresql://dutchie:dutchie_local_pass@localhost:54320/dutchie_menus" \
-  -f migrations/041_cannaiq_canonical_schema.sql
-```
-
-**Step 2: Run ETL to copy legacy data:**
-```bash
-cd backend
-npx tsx src/scripts/etl/042_legacy_import.ts
-# Reads from dutchie_legacy, writes to dutchie_menus
-```
-
-### Database Access Rules
-
-**Claude MUST NOT:**
-- Connect to any database besides the canonical CannaiQ database
-- Use raw connection strings in shell commands
-- Run `psql` commands directly
-- Construct database URLs manually
-- Create or rename databases automatically
-- Run `npm run migrate` without explicit user authorization
-- Patch schema at runtime (no ALTER TABLE from scripts)
-
-**All data access MUST go through:**
-- LOCAL CannaiQ backend HTTP API endpoints
-- Internal CannaiQ application code (using canonical connection pool)
-- Ask user to run SQL manually if absolutely needed
-
-**Local service management:**
-- User starts services via `./setup-local.sh` (ONLY the user runs this)
-- If port 3010 responds, assume backend is running
-- If port 3010 does NOT respond, tell user: "Backend is not running; please run `./setup-local.sh`"
-- Claude may only access the app via HTTP: `http://localhost:3010` (API), `http://localhost:8080/admin` (UI)
-- Never restart, kill, or manage local processes — that is the user's responsibility
-
-### Migrations
-
-**Rules:**
-- Migrations may be WRITTEN but only the USER runs them after review
-- Never execute migrations automatically
-- Only additive migrations (no DROP/DELETE)
-- Write schema-tolerant code that handles missing optional columns
-
-**If schema changes are needed:**
-1. Generate a proper migration file in `backend/migrations/*.sql`
-2. Show the migration to the user
-3. Wait for explicit authorization before running
-4. Never run migrations automatically - only the user runs them after review
-
-**Schema tolerance:**
-- If a column is missing at runtime, prefer making the code tolerant (treat field as optional) instead of auto-creating the column
-- Queries should gracefully handle missing columns by omitting them or using NULL defaults
-
-### Canonical Schema Migration (041/042)
-
-**Migration 041** (`backend/migrations/041_cannaiq_canonical_schema.sql`):
-- Creates canonical CannaiQ tables: `states`, `chains`, `brands`, `store_products`, `store_product_snapshots`, `crawl_runs`
-- Adds `state_id` and `chain_id` columns to `dispensaries`
-- Adds status columns to `dispensary_crawler_profiles`
-- SCHEMA ONLY - no data inserts from legacy tables
-
-**ETL Script 042** (`backend/src/scripts/etl/042_legacy_import.ts`):
-- Copies data from legacy `dutchie_legacy.dutchie_products` → `store_products`
-- Copies data from legacy `dutchie_legacy.dutchie_product_snapshots` → `store_product_snapshots`
-- Extracts brands from product data into `brands` table
-- Links dispensaries to chains and states
-- INSERT-ONLY and IDEMPOTENT (uses ON CONFLICT DO NOTHING)
-- Run manually: `cd backend && npx tsx src/scripts/etl/042_legacy_import.ts`
-
-**Tables touched by ETL:**
-| Source Table (dutchie_legacy) | Target Table (dutchie_menus) |
-|-------------------------------|------------------------------|
-| `dutchie_products` | `store_products` |
-| `dutchie_product_snapshots` | `store_product_snapshots` |
-| (brand names extracted) | `brands` |
-| (state codes mapped) | `dispensaries.state_id` |
-| (chain names matched) | `dispensaries.chain_id` |
-
-**Note:** The legacy `dutchie_products` and `dutchie_product_snapshots` tables in `dutchie_legacy` are read-only sources. All new crawl data goes directly to `store_products` and `store_product_snapshots`.
-
-**Migration 045** (`backend/migrations/045_add_image_columns.sql`):
-- Adds `thumbnail_url` to `store_products` and `store_product_snapshots`
-- `image_url` already exists from migration 041
-- ETL 042 populates `image_url` from legacy `primary_image_url` where present
-- `thumbnail_url` is NULL for legacy data - future crawls can populate it
-
-### Deprecated Connection Module
-
-The custom connection module at `src/dutchie-az/db/connection` is **DEPRECATED**.
-
-**All code using `getClient` from this module must be refactored to:**
-- Use the CannaiQ API endpoints instead
-- Use the orchestrator through the API
-- Use the canonical DB pool from the main application
+### Frontends
+| Folder | Domain | Build |
+|--------|--------|-------|
+| `cannaiq/` | cannaiq.co | Vite |
+| `findadispo/` | findadispo.com | CRA |
+| `findagram/` | findagram.co | CRA |
+| `frontend/` | DEPRECATED | - |
 
 ---
 
-## PERFORMANCE REQUIREMENTS
+## Deprecated Code
 
-**Database Queries:**
-- NEVER write N+1 queries - always batch fetch related data before iterating
-- NEVER run queries inside loops - batch them before the loop
-- Avoid multiple queries when one JOIN or subquery works
-- Dashboard/index pages should use MAX 5-10 queries total, not 50+
-- Mentally trace query count - if a page would run 20+ queries, refactor
-- Cache expensive aggregations (in-memory or Redis, 5-min TTL) instead of recalculating every request
-- Use query logging during development to verify query count
+**DO NOT USE** anything in `src/_deprecated/`:
+- `hydration/` - Use `src/tasks/handlers/`
+- `scraper-v2/` - Use `src/platforms/dutchie/`
+- `canonical-hydration/` - Merged into tasks
 
-**Before submitting route/controller code, verify:**
-1. No queries inside `forEach`/`map`/`for` loops
-2. All related data fetched in batches before iteration
-3. Aggregations done in SQL (`COUNT`, `SUM`, `AVG`, `GROUP BY`), not in JS
-4. **Would this cause a 503 under load? If unsure, simplify.**
-
-**Examples of BAD patterns:**
-```typescript
-// BAD: N+1 query - runs a query for each store
-const stores = await getStores();
-for (const store of stores) {
-  store.products = await getProductsByStoreId(store.id); // N queries!
-}
-
-// BAD: Query inside map
-const results = await Promise.all(
-  storeIds.map(id => pool.query('SELECT * FROM products WHERE store_id = $1', [id]))
-);
-```
-
-**Examples of GOOD patterns:**
-```typescript
-// GOOD: Batch fetch all products, then group in JS
-const stores = await getStores();
-const storeIds = stores.map(s => s.id);
-const allProducts = await pool.query(
-  'SELECT * FROM products WHERE store_id = ANY($1)', [storeIds]
-);
-const productsByStore = groupBy(allProducts.rows, 'store_id');
-stores.forEach(s => s.products = productsByStore[s.id] || []);
-
-// GOOD: Single query with JOIN
-const result = await pool.query(`
-  SELECT s.*, COUNT(p.id) as product_count
-  FROM stores s
-  LEFT JOIN products p ON p.store_id = s.id
-  GROUP BY s.id
-`);
-```
+**DO NOT USE** `src/dutchie-az/db/connection.ts` - Use `src/db/pool.ts`
 
 ---
 
-## FORBIDDEN ACTIONS
+## Local Development
 
-1. **Deleting any data** (products, snapshots, images, logs, traces)
-2. **Deploying without explicit authorization**
-3. **Connecting to Kubernetes** without authorization
-4. **Port-forwarding to production** without authorization
-5. **Starting MinIO** in local development
-6. **Using S3/MinIO SDKs** when `STORAGE_DRIVER=local`
-7. **Automating cleanup** of any kind
-8. **Dropping database tables or columns**
-9. **Overwriting historical records** (always append snapshots)
-10. **Runtime schema patching** (ALTER TABLE from scripts)
-11. **Using `getClient` from deprecated connection module**
-12. **Creating ad-hoc database connections** outside the canonical pool
-13. **Auto-adding missing columns** at runtime
-14. **Killing local processes** (`pkill`, `kill`, `kill -9`, etc.)
-15. **Starting backend/frontend directly** with custom env vars
-16. **Running `lsof -ti:PORT | xargs kill`** or similar process-killing commands
-17. **Using hardcoded database names** in code or comments
-18. **Creating or connecting to a second database**
-19. **Creating API routes without authMiddleware** (all `/api/*` routes MUST be protected)
-
----
-
-## STORAGE BEHAVIOR
-
-### Local Storage Structure
-
-```
-/storage/images/products/{state}/{store}/{brand}/{product}/
-  image-{hash}.webp
-
-/storage/images/brands/{brand}/
-  logo-{hash}.webp
-```
-
-### Image Proxy API (On-Demand Resizing)
-
-Images are stored at full resolution and resized on-demand via the `/img` endpoint.
-
-**Endpoint:** `GET /img/<path>?<params>`
-
-**Parameters:**
-| Param | Description | Example |
-|-------|-------------|---------|
-| `w` | Width in pixels (max 4000) | `?w=200` |
-| `h` | Height in pixels (max 4000) | `?h=200` |
-| `q` | Quality 1-100 (default 80) | `?q=70` |
-| `fit` | Resize mode: cover, contain, fill, inside, outside | `?fit=cover` |
-| `blur` | Blur sigma 0.3-1000 | `?blur=5` |
-| `gray` | Grayscale (1 = enabled) | `?gray=1` |
-| `format` | Output: webp, jpeg, png, avif (default webp) | `?format=jpeg` |
-
-**Examples:**
 ```bash
-# Thumbnail (50px)
-GET /img/products/az/store/brand/product/image-abc123.webp?w=50
-
-# Card image (200px, cover fit)
-GET /img/products/az/store/brand/product/image-abc123.webp?w=200&h=200&fit=cover
-
-# JPEG at 70% quality
-GET /img/products/az/store/brand/product/image-abc123.webp?w=400&format=jpeg&q=70
-
-# Grayscale blur
-GET /img/products/az/store/brand/product/image-abc123.webp?w=200&gray=1&blur=3
+./setup-local.sh   # Start all services
+./stop-local.sh    # Stop all services
 ```
 
-**Frontend Usage:**
-```typescript
-import { getImageUrl, ImageSizes } from '../lib/images';
+| Service | URL |
+|---------|-----|
+| API | http://localhost:3010 |
+| Admin | http://localhost:8080/admin |
+| PostgreSQL | localhost:54320 |
 
-// Returns /img/products/.../image.webp?w=50 for local images
-// Returns original URL for remote images (CDN, etc.)
-const thumbUrl = getImageUrl(product.image_url, ImageSizes.thumb);
-const cardUrl = getImageUrl(product.image_url, ImageSizes.medium);
-const detailUrl = getImageUrl(product.image_url, ImageSizes.detail);
-```
+---
 
-**Size Presets:**
-| Preset | Width | Use Case |
-|--------|-------|----------|
-| `thumb` | 50px | Table thumbnails |
-| `small` | 100px | Small cards |
-| `medium` | 200px | Grid cards |
-| `large` | 400px | Large cards |
-| `detail` | 600px | Product detail |
-| `full` | - | No resize |
-
-### Storage Adapter
-
-```typescript
-import { saveImage, getImageUrl } from '../utils/storage-adapter';
-
-// Automatically uses local storage when STORAGE_DRIVER=local
-```
-
-### Files
+## WordPress Plugin (ACTIVE)
 
+### Plugin Files
 | File | Purpose |
 |------|---------|
-| `backend/src/utils/image-storage.ts` | Image download and storage |
-| `backend/src/routes/image-proxy.ts` | On-demand image resizing endpoint |
-| `cannaiq/src/lib/images.ts` | Frontend image URL helper |
-| `docker-compose.local.yml` | Local stack without MinIO |
-| `start-local.sh` | Convenience startup script |
+| `wordpress-plugin/cannaiq-menus.php` | Main plugin (CannaIQ brand) |
+| `wordpress-plugin/crawlsy-menus.php` | Legacy plugin (Crawlsy brand) |
+| `wordpress-plugin/VERSION` | Version tracking |
+
+### API Routes (Backend)
+- `GET /api/v1/wordpress/dispensaries` - List dispensaries
+- `GET /api/v1/wordpress/dispensary/:id/menu` - Get menu data
+- Route file: `backend/src/routes/wordpress.ts`
+
+### Versioning
+Bump `wordpress-plugin/VERSION` on changes:
+- Minor (x.x.N): bug fixes
+- Middle (x.N.0): new features
+- Major (N.0.0): breaking changes (user must request)
 
 ---
 
-## UI ANONYMIZATION RULES
+## Puppeteer Scraping (Browser-Based)
 
-- No vendor names in forward-facing URLs
-- No "dutchie", "treez", "jane", "weedmaps", "leafly" visible in consumer UIs
-- Internal admin tools may show provider names for debugging
+### Age Gate Bypass
 
----
+Most dispensary sites require age verification. The browser scraper handles this automatically:
 
-## DUTCHIE DISCOVERY PIPELINE (Added 2025-01)
+**Utility File**: `src/utils/age-gate.ts`
 
-### Overview
-Automated discovery of Dutchie-powered dispensaries across all US states.
+**Key Functions**:
+- `setAgeGateCookies(page, url, state)` - Set cookies BEFORE navigation to prevent gate
+- `hasAgeGate(page)` - Detect if page shows age verification
+- `bypassAgeGate(page, state)` - Click through age gate if displayed
+- `detectStateFromUrl(url)` - Extract state from URL (e.g., `-az-` → Arizona)
 
-### Flow
-```
-1. getAllCitiesByState GraphQL → Get all cities for a state
-2. ConsumerDispensaries GraphQL → Get stores for each city
-3. Upsert to dutchie_discovery_locations (keyed by platform_location_id)
-4. AUTO-VALIDATE: Check required fields
-5. AUTO-PROMOTE: Create/update dispensaries with crawl_enabled=true
-6. Log all actions to dutchie_promotion_log
-```
+**Cookie Names Set**:
+- `age_gate_passed: 'true'`
+- `selected_state: '<state>'`
+- `age_verified: 'true'`
 
-### Tables
-| Table | Purpose |
-|-------|---------|
-| `dutchie_discovery_cities` | Cities known to have dispensaries |
-| `dutchie_discovery_locations` | Raw discovered store data |
-| `dispensaries` | Canonical stores (promoted from discovery) |
-| `dutchie_promotion_log` | Audit trail for validation/promotion |
+**Bypass Methods** (tried in order):
+1. Custom dropdown (shadcn/radix style) - Curaleaf pattern
+2. Standard `<select>` dropdown
+3. State button/card click
+4. Direct "Yes"/"Enter" button
 
-### Files
-| File | Purpose |
-|------|---------|
-| `src/discovery/discovery-crawler.ts` | Main orchestrator |
-| `src/discovery/location-discovery.ts` | GraphQL fetching |
-| `src/discovery/promotion.ts` | Validation & promotion logic |
-| `src/scripts/run-discovery.ts` | CLI interface |
-| `migrations/067_promotion_log.sql` | Audit log table |
-
-### GraphQL Hashes (in `src/platforms/dutchie/client.ts`)
-| Query | Hash |
-|-------|------|
-| `GetAllCitiesByState` | `ae547a0466ace5a48f91e55bf6699eacd87e3a42841560f0c0eabed5a0a920e6` |
-| `ConsumerDispensaries` | `0a5bfa6ca1d64ae47bcccb7c8077c87147cbc4e6982c17ceec97a2a4948b311b` |
-
-### Usage
-```bash
-# Discover all stores in a state
-npx tsx src/scripts/run-discovery.ts discover:state AZ
-npx tsx src/scripts/run-discovery.ts discover:state CA
-
-# Check stats
-npx tsx src/scripts/run-discovery.ts stats
-```
-
-### Validation Rules
-A discovery location must have:
-- `platform_location_id` (MongoDB ObjectId, 24 hex chars)
-- `name`
-- `city`
-- `state_code`
-- `platform_menu_url`
-
-Invalid records are marked `status='rejected'` with errors logged.
-
-### Key Design Decisions
-- `platform_location_id` MUST be MongoDB ObjectId (not slug)
-- Old geo-based discovery stored slugs → deleted as garbage data
-- Rate limit: 2 seconds between city requests to avoid API throttling
-- Promotion is idempotent via `ON CONFLICT (platform_dispensary_id)`
-
----
-
-## FUTURE TODO / PENDING FEATURES
-
-- [ ] Orchestrator observability dashboard
-- [ ] Crawl profile management UI
-- [ ] State machine sandbox (disabled until authorized)
-- [ ] Multi-state expansion beyond AZ
-
----
-
-### Multi-Site Architecture (CRITICAL)
-
-This project has **4 active locations** (plus 1 deprecated) - always clarify which one before making changes:
-
-| Folder | Domain | Type | Purpose |
-|--------|--------|------|---------|
-| `backend/` | (shared) | Express API | Single backend serving all frontends |
-| `frontend/` | (DEPRECATED) | React SPA (Vite) | DEPRECATED - was dispos.crawlsy.com, now removed |
-| `cannaiq/` | cannaiq.co | React SPA + PWA | Admin dashboard / B2B analytics |
-| `findadispo/` | findadispo.com | React SPA + PWA | Consumer dispensary finder |
-| `findagram/` | findagram.co | React SPA + PWA | Consumer delivery marketplace |
-
-**NOTE: `frontend/` folder is DEPRECATED:**
-- `frontend/` = OLD/legacy dashboard - NO LONGER DEPLOYED (removed from k8s)
-- `cannaiq/` = Primary admin dashboard, deployed to `cannaiq.co`
-- Do NOT use or modify `frontend/` folder - it will be archived/removed
-
-**Before any frontend work, ASK: "Which site? cannaiq, findadispo, or findagram?"**
-
-All three active frontends share:
-- Same backend API (port 3010)
-- Same PostgreSQL database
-- Same Kubernetes deployment for backend
-
-Each frontend has:
-- Its own folder, package.json, Dockerfile
-- Its own domain and branding
-- Its own PWA manifest and service worker (cannaiq, findadispo, findagram)
-- Separate Docker containers in production
-
----
-
-### Multi-Domain Hosting Architecture
-
-All three frontends are served from the **same IP** using **host-based routing**:
-
-**Kubernetes Ingress (Production):**
-```yaml
-# Each domain routes to its own frontend service
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: multi-site-ingress
-spec:
-  rules:
-  - host: cannaiq.co
-    http:
-      paths:
-      - path: /
-        backend:
-          service:
-            name: cannaiq-frontend
-            port: 80
-      - path: /api
-        backend:
-          service:
-            name: scraper  # shared backend
-            port: 3010
-  - host: findadispo.com
-    http:
-      paths:
-      - path: /
-        backend:
-          service:
-            name: findadispo-frontend
-            port: 80
-      - path: /api
-        backend:
-          service:
-            name: scraper
-            port: 3010
-  - host: findagram.co
-    http:
-      paths:
-      - path: /
-        backend:
-          service:
-            name: findagram-frontend
-            port: 80
-      - path: /api
-        backend:
-          service:
-            name: scraper
-            port: 3010
-```
-
-**Key Points:**
-- DNS A records for all 3 domains point to same IP
-- Ingress controller routes based on `Host` header
-- Each frontend is a separate Docker container (nginx serving static files)
-- All frontends share the same backend API at `/api/*`
-- SSL/TLS handled at ingress level (cert-manager)
-
----
-
-### PWA Setup Requirements
-
-Each frontend is a **Progressive Web App (PWA)**. Required files in each `public/` folder:
-
-1. **manifest.json** - App metadata, icons, theme colors
-2. **service-worker.js** - Offline caching, background sync
-3. **Icons** - 192x192 and 512x512 PNG icons
-
-**Vite PWA Plugin Setup** (in each frontend's vite.config.ts):
+**Usage Pattern**:
 ```typescript
-import { VitePWA } from 'vite-plugin-pwa'
+import { setAgeGateCookies, bypassAgeGate } from '../utils/age-gate';
 
-export default defineConfig({
-  plugins: [
-    react(),
-    VitePWA({
-      registerType: 'autoUpdate',
-      manifest: {
-        name: 'Site Name',
-        short_name: 'Short',
-        theme_color: '#10b981',
-        icons: [
-          { src: '/icon-192.png', sizes: '192x192', type: 'image/png' },
-          { src: '/icon-512.png', sizes: '512x512', type: 'image/png' }
-        ]
-      },
-      workbox: {
-        globPatterns: ['**/*.{js,css,html,ico,png,svg,woff2}']
-      }
-    })
-  ]
-})
+// Set cookies BEFORE navigation
+await setAgeGateCookies(page, menuUrl, 'Arizona');
+await page.goto(menuUrl);
+
+// If gate still appears, bypass it
+await bypassAgeGate(page, 'Arizona');
 ```
 
----
+**Note**: Deeply-Rooted (AZ) does NOT use age gate - good for preflight testing.
 
-### Core Rules Summary
+### Dual-Transport Preflight
 
-- **DB**: Use the single CannaiQ database via `CANNAIQ_DB_*` env vars. No hardcoded names.
-- **Images**: No MinIO. Save to local /images/products/<disp>/<prod>-<hash>.webp (and brands); preserve original URL; serve via backend static.
-- **Dutchie GraphQL**: Endpoint https://dutchie.com/api-3/graphql. Variables must use productsFilter.dispensaryId (platform_dispensary_id). **CRITICAL: Use `Status: 'Active'`, NOT `null`** (null returns 0 products).
-- **cName/slug**: Derive cName from each store's menu_url (/embedded-menu/<cName> or /dispensary/<slug>). No hardcoded defaults.
-- **Batch DB writes**: Chunk products/snapshots/missing (100–200) to avoid OOM.
-- **API/Frontend**: Use `/api/stores`, `/api/products`, `/api/workers`, `/api/pipeline` endpoints.
-- **Scheduling**: Crawl only menu_type='dutchie' AND platform_dispensary_id IS NOT NULL. 4-hour crawl with jitter.
-- **THC/CBD values**: Clamp to ≤100 - some products report milligrams as percentages.
-- **Column names**: Use `name_raw`, `brand_name_raw`, `category_raw`, `subcategory_raw` (NOT `name`, `brand_name`, etc.)
+Workers run BOTH preflight checks on startup:
 
-- **Monitor**: `/api/workers` shows active/recent jobs from job queue.
-- **No slug guessing**: Never use defaults. Always derive per store from menu_url and resolve platform IDs per location.
+| Transport | Test Method | Use Case |
+|-----------|-------------|----------|
+| `curl` | axios + proxy → httpbin.org | Fast API requests |
+| `http` | Puppeteer + proxy + StealthPlugin | Anti-detect, browser fingerprint |
 
-**📖 Full Documentation: See `docs/DUTCHIE_CRAWL_WORKFLOW.md` for complete pipeline documentation.**
+**HTTP Preflight Steps**:
+1. Get proxy from pool (CrawlRotator)
+2. Visit fingerprint.com demo (or amiunique.org fallback) to verify IP and anti-detect
+3. Visit Dutchie embedded menu to establish session
+4. Make GraphQL request from browser context
+
+**Files**:
+- `src/services/curl-preflight.ts`
+- `src/services/puppeteer-preflight.ts`
+- `migrations/084_dual_transport_preflight.sql`
+
+**Task Method Column**: Tasks have `method` column ('curl' | 'http' | null):
+- `null` = any worker can claim
+- `'curl'` = only workers with passed curl preflight
+- `'http'` = only workers with passed http preflight
+
+Currently ALL crawl tasks require `method = 'http'`.
+
+### Anti-Detect Fingerprint Distribution
+
+Browser fingerprints are randomized using realistic market share distributions:
+
+**Files**:
+- `src/services/crawl-rotator.ts` - Device/browser selection
+- `src/services/http-fingerprint.ts` - HTTP header fingerprinting
+
+**Device Weights** (matches real traffic patterns):
+| Device | Weight | Percentage |
+|--------|--------|------------|
+| Mobile | 62 | 62% |
+| Desktop | 36 | 36% |
+| Tablet | 2 | 2% |
+
+**Allowed Browsers** (only realistic ones):
+- Chrome (67% market share)
+- Safari (20% market share)
+- Edge (6% market share)
+- Firefox (3% market share)
+
+All other browsers are filtered out. Uses `intoli/user-agents` library for realistic UA generation.
+
+**HTTP Header Fingerprinting**:
+- DNT (Do Not Track): 30% probability of sending
+- Accept headers: Browser-specific variations
+- Header ordering: Matches real browser behavior (Chrome, Firefox, Safari, Edge each have unique order)
+
+**curl-impersonate Binaries** (for curl transport):
+| Browser | Binary |
+|---------|--------|
+| Chrome | `curl_chrome131` |
+| Edge | `curl_chrome131` |
+| Firefox | `curl_ff133` |
+| Safari | `curl_safari17` |
+
+These binaries mimic real browser TLS fingerprints to avoid detection.
 
 ---
 
-### Detailed Rules
+## Documentation
 
-1) **Dispensary = Store (SAME THING)**
-   - "Dispensary" and "store" are synonyms in CannaiQ. Use interchangeably.
-   - **API endpoint**: `/api/stores` (NOT `/api/dispensaries`)
-   - **DB table**: `dispensaries`
-   - When you need to create/query stores via API, use `/api/stores`
-   - Use the record's `menu_url` and `platform_dispensary_id`.
-
-2) **API Authentication**
-   - **Trusted Origins (no auth needed)**:
-     - IPs: `127.0.0.1`, `::1`, `::ffff:127.0.0.1`
-     - Origins: `https://cannaiq.co`, `https://findadispo.com`, `https://findagram.co`
-     - Also: `http://localhost:3010`, `http://localhost:8080`, `http://localhost:5173`
-   - Requests from trusted IPs/origins get automatic admin access (`role: 'internal'`)
-   - **Remote (non-trusted)**: Use Bearer token (JWT or API token). NO username/password auth.
-   - Never try to login with username/password via API - use tokens only.
-   - See `src/auth/middleware.ts` for `TRUSTED_ORIGINS` and `TRUSTED_IPS` lists.
-
-3) **Menu detection and platform IDs**
-   - Set `menu_type` from `menu_url` detection; resolve `platform_dispensary_id` for `menu_type='dutchie'`.
-   - Admin should have "refresh detection" and "resolve ID" actions; schedule/crawl only when `menu_type='dutchie'` AND `platform_dispensary_id` is set.
-
-4) **Queries and mapping**
-   - The DB returns snake_case; code expects camelCase. Always alias/map:
-     - `platform_dispensary_id AS "platformDispensaryId"`
-     - Map via `mapDbRowToDispensary` when loading dispensaries (scheduler, crawler, admin crawl).
-   - Avoid `SELECT *`; explicitly select and/or map fields.
-
-4) **Scheduling**
-   - `/scraper-schedule` should accept filters/search (All vs AZ-only, name).
-   - "Run Now"/scheduler must skip or warn if `menu_type!='dutchie'` or `platform_dispensary_id` missing.
-   - Use `dispensary_crawl_status` view; show reason when not crawlable.
-
-5) **Crawling**
-   - Trigger dutchie crawls by dispensary ID (e.g., `POST /api/admin/crawl/:id`).
-   - Update existing products (by stable product ID), append snapshots for history (every 4h cadence), download images locally (`/images/...`), store local URLs.
-   - Use dutchie GraphQL pipeline only for `menu_type='dutchie'`.
-
-6) **Frontend**
-   - Forward-facing URLs should not contain vendor names.
-   - `/scraper-schedule`: add filters/search, keep as master view for all schedules; reflect platform ID/menu_type status and controls.
-
-7) **No slug guessing**
-   - Do not guess slugs; use the DB record's `menu_url` and ID. Resolve platform ID from the URL/cName; if set, crawl directly by ID.
-
-8) **Image storage (no MinIO)**
-    - Save images to local filesystem only. Do not create or use MinIO in Docker.
-    - Product images: `/images/products/<dispensary_id>/<product_id>-<hash>.webp` (+medium/+thumb).
-    - Brand images: `/images/brands/<brand_slug_or_sku>-<hash>.webp`.
-    - Store local URLs in DB fields (keep original URLs as fallback only).
-    - Serve `/images` via backend static middleware.
-
-9) **Dutchie GraphQL fetch rules**
-    - **Endpoint**: `https://dutchie.com/api-3/graphql`
-    - **Variables**: Use `productsFilter.dispensaryId` = `platform_dispensary_id` (MongoDB ObjectId).
-    - **Mode A**: `Status: "Active"` - returns active products with pricing
-    - **Mode B**: `Status: null` / `activeOnly: false` - returns all products including OOS/inactive
-    - **Headers** (server-side axios only): Chrome UA, `Origin: https://dutchie.com`, `Referer: https://dutchie.com/embedded-menu/<cName>`.
-
-10) **Batch DB writes to avoid OOM**
-    - Do NOT build one giant upsert/insert payload for products/snapshots/missing marks.
-    - Chunk arrays (e.g., 100–200 items) and upsert/insert in a loop; drop references after each chunk.
-
-11) **Use dual-mode crawls by default**
-    - Always run with `useBothModes:true` to combine Mode A (pricing) + Mode B (full coverage).
-    - Union/dedupe by product ID so you keep full coverage and pricing in one run.
-
-12) **Capture OOS and missing items**
-    - GraphQL variables must include inactive/OOS (Status: All / activeOnly:false).
-    - After unioning Mode A/B, upsert products and insert snapshots with stock_status from the feed.
-    - If an existing product is absent from both modes, insert a snapshot with is_present_in_feed=false and stock_status='missing_from_feed'.
-
-13) **Preserve all stock statuses (including unknown)**
-    - Do not filter or drop stock_status values in API/UI; pass through whatever is stored.
-    - Expected values: in_stock, out_of_stock, missing_from_feed, unknown.
-
-14) **Never delete or overwrite historical data**
-    - Do not delete products/snapshots or overwrite historical records.
-    - Always append snapshots for changes (price/stock/qty), and mark missing_from_feed instead of removing records.
-
-15) **Per-location cName and platform_dispensary_id resolution**
-    - For each dispensary, menu_url and cName must be valid for that exact location.
-    - Derive cName from menu_url per store: `/embedded-menu/<cName>` or `/dispensary/<cName>`.
-    - Resolve platform_dispensary_id from that cName using GraphQL GetAddressBasedDispensaryData.
-    - If the slug is invalid/missing, mark the store not crawlable and log it.
-
-16) **API Route Semantics**
-
-    **Route Groups (as registered in `src/index.ts`):**
-    - `/api/stores` = Store/dispensary CRUD and listing
-    - `/api/products` = Product listing and details
-    - `/api/workers` = Job queue monitoring (replaces legacy `/api/dutchie-az/...`)
-    - `/api/pipeline` = Crawl pipeline triggers
-    - `/api/admin/orchestrator` = Orchestrator admin actions
-    - `/api/discovery` = Platform discovery (Dutchie, etc.)
-    - `/api/v1/...` = Public API for external consumers (WordPress, etc.)
-
-    **Crawl Trigger:**
-    Check `/api/pipeline` or `/api/admin/orchestrator` routes for crawl triggers.
-    The legacy `POST /api/admin/crawl/:dispensaryId` does NOT exist.
-
-17) **Monitoring and logging**
-    - `/api/workers` shows active/recent jobs from job queue
-    - Auto-refresh every 30 seconds
-    - System Logs page should show real log data, not just startup messages
-
-18) **Dashboard Architecture**
-    - **Frontend**: Rebuild the frontend with `VITE_API_URL` pointing to the correct backend and redeploy.
-    - **Backend**: `/api/dashboard/stats` MUST use the canonical DB pool. Use the correct tables: `store_products`, `dispensaries`, and views like `v_dashboard_stats`, `v_latest_snapshots`.
-
-19) **Deployment (Gitea + Kubernetes)**
-    - **Registry**: Gitea at `code.cannabrands.app/creationshop/dispensary-scraper`
-    - **Build and push** (from backend directory):
-      ```bash
-      docker login code.cannabrands.app
-      cd backend
-      docker build -t code.cannabrands.app/creationshop/dispensary-scraper:latest .
-      docker push code.cannabrands.app/creationshop/dispensary-scraper:latest
-      ```
-    - **Deploy to Kubernetes**:
-      ```bash
-      kubectl rollout restart deployment/scraper -n dispensary-scraper
-      kubectl rollout restart deployment/scraper-worker -n dispensary-scraper
-      kubectl rollout status deployment/scraper -n dispensary-scraper
-      ```
-    - K8s manifests are in `/k8s/` folder (scraper.yaml, scraper-worker.yaml, etc.)
-
-20) **Crawler Architecture**
-    - **Scraper pod (1 replica)**: Runs the Express API server + scheduler.
-    - **Scraper-worker pods (25 replicas)**: Each runs `dist/tasks/task-worker.js`, polling the job queue.
-    - **Worker naming**: Pods use fantasy names (Aethelgard, Xylos, Kryll, Coriolis, etc.) - see `k8s/scraper-worker.yaml` ConfigMap. Worker IDs: `{PodName}-worker-{n}`
-    - **Job types**: `menu_detection`, `menu_detection_single`, `dutchie_product_crawl`
-    - **Job schedules** (managed in `job_schedules` table):
-      - `dutchie_az_menu_detection`: Runs daily with 60-min jitter
-      - `dutchie_az_product_crawl`: Runs every 4 hours with 30-min jitter
-    - **Monitor jobs**: `GET /api/workers`
-    - **Trigger crawls**: Check `/api/pipeline` routes
-
-21) **Frontend Architecture - AVOID OVER-ENGINEERING**
-
-    **Key Principles:**
-    - **ONE BACKEND** serves ALL domains (cannaiq.co, findadispo.com, findagram.co)
-    - Do NOT create separate backend services for each domain
-
-    **Frontend Build Differences:**
-    - `cannaiq/` uses **Vite** (outputs to `dist/`, uses `VITE_` env vars) → cannaiq.co
-    - `findadispo/` uses **Create React App** (outputs to `build/`, uses `REACT_APP_` env vars) → findadispo.com
-    - `findagram/` uses **Create React App** (outputs to `build/`, uses `REACT_APP_` env vars) → findagram.co
-
-    **CRA vs Vite Dockerfile Differences:**
-    ```dockerfile
-    # Vite (cannaiq)
-    ENV VITE_API_URL=https://api.domain.com
-    RUN npm run build
-    COPY --from=builder /app/dist /usr/share/nginx/html
-
-    # CRA (findadispo, findagram)
-    ENV REACT_APP_API_URL=https://api.domain.com
-    RUN npm run build
-    COPY --from=builder /app/build /usr/share/nginx/html
-    ```
-
-    **Common Mistakes to AVOID:**
-    - Creating a FastAPI/Express backend just for findagram or findadispo
-    - Creating separate Docker images per domain when one would work
-    - Using `npm ci` in Dockerfiles when package-lock.json doesn't exist (use `npm install`)
-
----
-
-## Admin UI Integration (Dutchie Discovery System)
-
-The admin frontend includes a dedicated Discovery page located at:
-
-    cannaiq/src/pages/Discovery.tsx
-
-This page is the operational interface that administrators use for
-managing the Dutchie discovery pipeline. While it does not define API
-features itself, it is the primary consumer of the Dutchie Discovery API.
-
-### Responsibilities of the Discovery UI
-
-The UI enables administrators to:
-
-- View all discovered Dutchie locations
-- Filter by status:
-    - discovered
-    - verified
-    - merged (linked to an existing dispensary)
-    - rejected
-- Inspect individual location details (metadata, raw address, menu URL)
-- Verify & create a new canonical dispensary
-- Verify & link to an existing canonical dispensary
-- Reject or unreject discovered locations
-- Promote verified/merged locations into full crawlers via the orchestrator
-
-### API Endpoints Consumed by the Discovery UI
-
-The Discovery UI uses platform-agnostic routes with neutral slugs (see `docs/platform-slug-mapping.md`):
-
-**Platform Slug**: `dt` = Dutchie (trademark-safe URL)
-
-- `GET /api/discovery/platforms/dt/locations`
-- `GET /api/discovery/platforms/dt/locations/:id`
-- `POST /api/discovery/platforms/dt/locations/:id/verify-create`
-- `POST /api/discovery/platforms/dt/locations/:id/verify-link`
-- `POST /api/discovery/platforms/dt/locations/:id/reject`
-- `POST /api/discovery/platforms/dt/locations/:id/unreject`
-- `GET /api/discovery/platforms/dt/locations/:id/match-candidates`
-- `GET /api/discovery/platforms/dt/cities`
-- `GET /api/discovery/platforms/dt/summary`
-- `POST /api/orchestrator/platforms/dt/promote/:id`
-
-These endpoints are defined in:
-- `backend/src/dutchie-az/discovery/routes.ts`
-- `backend/src/dutchie-az/discovery/promoteDiscoveryLocation.ts`
-
-### Frontend API Helper
-
-The file:
-
-    cannaiq/src/lib/api.ts
-
-implements the client-side wrappers for calling these endpoints:
-
-- `getPlatformDiscoverySummary(platformSlug)`
-- `getPlatformDiscoveryLocations(platformSlug, params)`
-- `getPlatformDiscoveryLocation(platformSlug, id)`
-- `verifyCreatePlatformLocation(platformSlug, id, verifiedBy)`
-- `verifyLinkPlatformLocation(platformSlug, id, dispensaryId, verifiedBy)`
-- `rejectPlatformLocation(platformSlug, id, reason, verifiedBy)`
-- `unrejectPlatformLocation(platformSlug, id)`
-- `getPlatformLocationMatchCandidates(platformSlug, id)`
-- `getPlatformDiscoveryCities(platformSlug, params)`
-- `promotePlatformDiscoveryLocation(platformSlug, id)`
-
-Where `platformSlug` is a neutral two-letter slug (e.g., `'dt'` for Dutchie).
-These helpers must be kept synchronized with backend routes.
-
-### UI/Backend Contract
-
-The Discovery UI must always:
-- Treat discovery data as **non-canonical** until verified.
-- Not assume a discovery location is crawl-ready.
-- Initiate promotion only after verification steps.
-- Handle all statuses safely: discovered, verified, merged, rejected.
-
-The backend must always:
-- Preserve discovery data even if rejected.
-- Never automatically merge or promote a location.
-- Allow idempotent verification and linking actions.
-- Expose complete metadata to help operators make verification decisions.
-
-# Coordinate Capture (Platform Discovery)
-
-The DtLocationDiscoveryService captures geographic coordinates (latitude, longitude) whenever a platform's store payload provides them.
-
-## Behavior:
-
-- On INSERT:
-  - If the Dutchie API/GraphQL payload includes coordinates, they are saved into:
-      - dutchie_discovery_locations.latitude
-      - dutchie_discovery_locations.longitude
-
-- On UPDATE:
-  - Coordinates are only filled if the existing row has NULL values.
-  - Coordinates are never overwritten once set (prevents pollution if later payloads omit or degrade coordinate accuracy).
-
-- Logging:
-  - When coordinates are detected and captured:
-        "Extracted coordinates for <slug>: <lat>, <lng>"
-
-- Summary Statistics:
-  - The discovery runner reports a count of:
-        - locations with coordinates
-        - locations without coordinates
-
-## Purpose:
-
-Coordinate capture enables:
-- City/state validation (cross-checking submitted address vs lat/lng)
-- Distance-based duplicate detection
-- Location clustering for analytics
-- Mapping/front-end visualization
-- Future multi-platform reconciliation
-- Improved dispensary matching during verify-link flow
-
-Coordinate capture is part of the discovery phase only.
-Canonical `dispensaries` entries may later be enriched with verified coordinates during promotion.
-
-# CannaiQ — Analytics V2 Examples & API Structure Extension
-
-This section contains examples from `backend/docs/ANALYTICS_V2_EXAMPLES.md` and extends the Analytics V2 API definition to include:
-
-- response payload formats
-- time window semantics
-- rec/med segmentation usage
-- SQL/TS pseudo-code examples
-- endpoint expectations
-
----
-
-# Analytics V2: Supported Endpoints
-
-Base URL prefix: /api/analytics/v2
-
-All endpoints accept `?window=7d|30d|90d` unless noted otherwise.
-
-## 1. Price Analytics
-
-### GET /api/analytics/v2/price/product/:storeProductId
-Returns price history for a canonical store product.
-
-Example response:
-{
-  "storeProductId": 123,
-  "window": "30d",
-  "points": [
-    { "date": "2025-02-01", "price": 32, "in_stock": true },
-    { "date": "2025-02-02", "price": 30, "in_stock": true }
-  ]
-}
-
-### GET /api/analytics/v2/price/rec-vs-med?categoryId=XYZ
-Compares category pricing between recreational and medical-only states.
-
-Example response:
-{
-  "categoryId": "flower",
-  "rec": { "avg": 29.44, "median": 28.00, "states": ["CO", "WA", ...] },
-  "med": { "avg": 33.10, "median": 31.00, "states": ["FL", "PA", ...] }
-}
-
----
-
-## 2. Brand Analytics
-
-### GET /api/analytics/v2/brand/:name/penetration
-Returns penetration across states.
-
-{
-  "brand": "Wyld",
-  "window": "90d",
-  "penetration": [
-    { "state": "AZ", "stores": 28 },
-    { "state": "MI", "stores": 34 }
-  ]
-}
-
-### GET /api/analytics/v2/brand/:name/rec-vs-med
-Returns penetration split by rec vs med segmentation.
-
----
-
-## 3. Category Analytics
-
-### GET /api/analytics/v2/category/:name/growth
-7d/30d/90d snapshot comparison:
-
-{
-  "category": "vape",
-  "window": "30d",
-  "growth": {
-    "current_sku_count": 420,
-    "previous_sku_count": 380,
-    "delta": 40
-  }
-}
-
-### GET /api/analytics/v2/category/rec-vs-med
-Category-level comparisons.
-
----
-
-## 4. Store Analytics
-
-### GET /api/analytics/v2/store/:storeId/changes
-Product-level changes:
-
-{
-  "storeId": 88,
-  "window": "30d",
-  "added": [...],
-  "removed": [...],
-  "price_changes": [...],
-  "restocks": [...],
-  "oos_events": [...]
-}
-
-### GET /api/analytics/v2/store/:storeId/summary
-
----
-
-## 5. State Analytics
-
-### GET /api/analytics/v2/state/legal-breakdown
-State rec/med/no-program segmentation summary.
-
-### GET /api/analytics/v2/state/rec-vs-med-pricing
-State-level pricing comparison.
-
-### GET /api/analytics/v2/state/recreational
-List rec-legal state codes.
-
-### GET /api/analytics/v2/state/medical-only
-List med-only state codes.
-
----
-
-# Windowing Semantics
-
-Definition: window is applied to canonical snapshots.
-Equivalent to:
-
-WHERE snapshot_at >= NOW() - INTERVAL '<window>'
-
----
-
-# Rec/Med Segmentation Rules
-
-rec_states:
-  states.recreational_legal = TRUE
-
-med_only_states:
-  states.medical_legal = TRUE AND states.recreational_legal = FALSE
-
-no_program:
-  both flags FALSE or NULL
-
-Analytics must use this segmentation consistently.
-
----
-
-# Response Structure Requirements
-
-Every analytics v2 endpoint must:
-
-- include the window used
-- include segmentation if relevant
-- include state codes when state-level grouping is used
-- return safe empty arrays if no data
-- NEVER throw on missing data
-- be versionable (v2 must not break previous analytics APIs)
-
----
-
-# Service Responsibilities Summary
-
-### PriceAnalyticsService
-- compute time-series price trends
-- compute average/median price by state
-- compute rec-vs-med price comparisons
-
-### BrandPenetrationService
-- compute presence across stores and states
-- rec-vs-med brand footprint
-- detect expansion / contraction
-
-### CategoryAnalyticsService
-- compute SKU count changes
-- category pricing
-- rec-vs-med category dynamics
-
-### StoreAnalyticsService
-- detect SKU additions/drops
-- price changes
-- restocks & OOS events
-
-### StateAnalyticsService
-- legal breakdown
-- coverage gaps
-- rec-vs-med scoring
-
----
-
-# END Analytics V2 spec extension
-
----
-
-## WordPress Plugin Versioning
-
-The WordPress plugin version is tracked in `wordpress-plugin/VERSION`.
-
-**Current version:** Check `wordpress-plugin/VERSION` for the latest version.
-
-**Versioning rules:**
-- **Minor bumps (x.x.N)**: Bug fixes, small improvements - default for most changes
-- **Middle bumps (x.N.0)**: New features, significant improvements
-- **Major bumps (N.0.0)**: Breaking changes, major rewrites - only when user explicitly requests
-
-**When making WP plugin changes:**
-1. Read `wordpress-plugin/VERSION` to get current version
-2. Bump the version number (minor by default)
-3. Update both files:
-   - `wordpress-plugin/VERSION`
-   - Plugin header `Version:` in `cannaiq-menus.php` and/or `crawlsy-menus.php`
-   - The `define('..._VERSION', '...')` constant in each plugin file
-
-**Plugin files:**
-| File | Brand | API URL |
-|------|-------|---------|
-| `cannaiq-menus.php` | CannaIQ | `https://cannaiq.co/api/v1` |
-| `crawlsy-menus.php` | Crawlsy (legacy) | `https://cannaiq.co/api/v1` |
-
-Both plugins use the same API endpoint. The Crawlsy version exists for backward compatibility with existing installations.
+| Doc | Purpose |
+|-----|---------|
+| `backend/docs/CODEBASE_MAP.md` | Current files/directories |
+| `backend/docs/_archive/` | Historical docs (may be outdated) |
diff --git a/backend/docs/CODEBASE_MAP.md b/backend/docs/CODEBASE_MAP.md
new file mode 100644
index 00000000..f1cbfef6
--- /dev/null
+++ b/backend/docs/CODEBASE_MAP.md
@@ -0,0 +1,218 @@
+# CannaiQ Backend Codebase Map
+
+**Last Updated:** 2025-12-12
+**Purpose:** Help Claude and developers understand which code is current vs deprecated
+
+---
+
+## Quick Reference: What to Use
+
+### For Crawling/Scraping
+| Task | Use This | NOT This |
+|------|----------|----------|
+| Fetch products | `src/tasks/handlers/payload-fetch.ts` | `src/hydration/*` |
+| Process products | `src/tasks/handlers/product-refresh.ts` | `src/scraper-v2/*` |
+| GraphQL client | `src/platforms/dutchie/client.ts` | `src/dutchie-az/services/graphql-client.ts` |
+| Worker system | `src/tasks/task-worker.ts` | `src/dutchie-az/services/worker.ts` |
+
+### For Database
+| Task | Use This | NOT This |
+|------|----------|----------|
+| Get DB pool | `src/db/pool.ts` | `src/dutchie-az/db/connection.ts` |
+| Run migrations | `src/db/migrate.ts` (CLI only) | Never import at runtime |
+| Query products | `store_products` table | `products`, `dutchie_products` |
+| Query stores | `dispensaries` table | `stores` table |
+
+### For Discovery
+| Task | Use This |
+|------|----------|
+| Discover stores | `src/discovery/*.ts` |
+| Run discovery | `npx tsx src/scripts/run-discovery.ts` |
+
+---
+
+## Directory Status
+
+### ACTIVE DIRECTORIES (Use These)
+
+```
+src/
+├── auth/               # JWT/session auth, middleware
+├── db/                 # Database pool, migrations
+├── discovery/          # Dutchie store discovery pipeline
+├── middleware/         # Express middleware
+├── multi-state/        # Multi-state query support
+├── platforms/          # Platform-specific clients (Dutchie, Jane, etc)
+│   └── dutchie/        # THE Dutchie client - use this one
+├── routes/             # Express API routes
+├── services/           # Core services (logger, scheduler, etc)
+├── tasks/              # Task system (workers, handlers, scheduler)
+│   └── handlers/       # Task handlers (payload_fetch, product_refresh, etc)
+├── types/              # TypeScript types
+└── utils/              # Utilities (storage, image processing)
+```
+
+### DEPRECATED DIRECTORIES (DO NOT USE)
+
+```
+src/
+├── hydration/          # DEPRECATED - Old pipeline approach
+├── scraper-v2/         # DEPRECATED - Old scraper engine
+├── canonical-hydration/# DEPRECATED - Merged into tasks/handlers
+├── dutchie-az/         # PARTIAL - Some parts deprecated, some active
+│   ├── db/             # DEPRECATED - Use src/db/pool.ts
+│   └── services/       # PARTIAL - worker.ts still runs, graphql-client.ts deprecated
+├── portals/            # FUTURE - Not yet implemented
+├── seo/                # PARTIAL - Settings work, templates WIP
+└── system/             # DEPRECATED - Old orchestration system
+```
+
+### DEPRECATED FILES (DO NOT USE)
+
+```
+src/dutchie-az/db/connection.ts      # Use src/db/pool.ts instead
+src/dutchie-az/services/graphql-client.ts  # Use src/platforms/dutchie/client.ts
+src/hydration/*.ts                   # Entire directory deprecated
+src/scraper-v2/*.ts                  # Entire directory deprecated
+```
+
+---
+
+## Key Files Reference
+
+### Entry Points
+| File | Purpose | Status |
+|------|---------|--------|
+| `src/index.ts` | Main Express server | ACTIVE |
+| `src/dutchie-az/services/worker.ts` | Worker process entry | ACTIVE |
+| `src/tasks/task-worker.ts` | Task worker (new system) | ACTIVE |
+
+### Dutchie Integration
+| File | Purpose | Status |
+|------|---------|--------|
+| `src/platforms/dutchie/client.ts` | GraphQL client, hashes, curl | **PRIMARY** |
+| `src/platforms/dutchie/queries.ts` | High-level query functions | ACTIVE |
+| `src/platforms/dutchie/index.ts` | Re-exports | ACTIVE |
+
+### Task Handlers
+| File | Purpose | Status |
+|------|---------|--------|
+| `src/tasks/handlers/payload-fetch.ts` | Fetch products from Dutchie | **PRIMARY** |
+| `src/tasks/handlers/product-refresh.ts` | Process payload into DB | **PRIMARY** |
+| `src/tasks/handlers/menu-detection.ts` | Detect menu type | ACTIVE |
+| `src/tasks/handlers/id-resolution.ts` | Resolve platform IDs | ACTIVE |
+| `src/tasks/handlers/image-download.ts` | Download product images | ACTIVE |
+
+### Database
+| File | Purpose | Status |
+|------|---------|--------|
+| `src/db/pool.ts` | Canonical DB pool | **PRIMARY** |
+| `src/db/migrate.ts` | Migration runner (CLI only) | CLI ONLY |
+| `src/db/auto-migrate.ts` | Auto-run migrations on startup | ACTIVE |
+
+### Configuration
+| File | Purpose | Status |
+|------|---------|--------|
+| `.env` | Environment variables | ACTIVE |
+| `package.json` | Dependencies | ACTIVE |
+| `tsconfig.json` | TypeScript config | ACTIVE |
+
+---
+
+## GraphQL Hashes (CRITICAL)
+
+The correct hashes are in `src/platforms/dutchie/client.ts`:
+
+```typescript
+export const GRAPHQL_HASHES = {
+  FilteredProducts: 'ee29c060826dc41c527e470e9ae502c9b2c169720faa0a9f5d25e1b9a530a4a0',
+  GetAddressBasedDispensaryData: '13461f73abf7268770dfd05fe7e10c523084b2bb916a929c08efe3d87531977b',
+  ConsumerDispensaries: '0a5bfa6ca1d64ae47bcccb7c8077c87147cbc4e6982c17ceec97a2a4948b311b',
+  GetAllCitiesByState: 'ae547a0466ace5a48f91e55bf6699eacd87e3a42841560f0c0eabed5a0a920e6',
+};
+```
+
+**ALWAYS** use `Status: 'Active'` for FilteredProducts (not `null` or `'All'`).
+
+---
+
+## Scripts Reference
+
+### Useful Scripts (in `src/scripts/`)
+| Script | Purpose |
+|--------|---------|
+| `run-discovery.ts` | Run Dutchie discovery |
+| `crawl-single-store.ts` | Test crawl a single store |
+| `test-dutchie-graphql.ts` | Test GraphQL queries |
+
+### One-Off Scripts (probably don't need)
+| Script | Purpose |
+|--------|---------|
+| `harmonize-az-dispensaries.ts` | One-time data cleanup |
+| `bootstrap-stores-for-dispensaries.ts` | One-time migration |
+| `backfill-*.ts` | Historical backfill scripts |
+
+---
+
+## API Routes
+
+### Active Routes (in `src/routes/`)
+| Route File | Mount Point | Purpose |
+|------------|-------------|---------|
+| `auth.ts` | `/api/auth` | Login/logout/session |
+| `stores.ts` | `/api/stores` | Store CRUD |
+| `dashboard.ts` | `/api/dashboard` | Dashboard stats |
+| `workers.ts` | `/api/workers` | Worker monitoring |
+| `pipeline.ts` | `/api/pipeline` | Crawl triggers |
+| `discovery.ts` | `/api/discovery` | Discovery management |
+| `analytics.ts` | `/api/analytics` | Analytics queries |
+| `wordpress.ts` | `/api/v1/wordpress` | WordPress plugin API |
+
+---
+
+## Documentation Files
+
+### Current Docs (in `backend/docs/`)
+| Doc | Purpose | Currency |
+|-----|---------|----------|
+| `TASK_WORKFLOW_2024-12-10.md` | Task system architecture | CURRENT |
+| `WORKER_TASK_ARCHITECTURE.md` | Worker/task design | CURRENT |
+| `CRAWL_PIPELINE.md` | Crawl pipeline overview | CURRENT |
+| `ORGANIC_SCRAPING_GUIDE.md` | Browser-based scraping | CURRENT |
+| `CODEBASE_MAP.md` | This file | CURRENT |
+| `ANALYTICS_V2_EXAMPLES.md` | Analytics API examples | CURRENT |
+| `BRAND_INTELLIGENCE_API.md` | Brand API docs | CURRENT |
+
+### Root Docs
+| Doc | Purpose | Currency |
+|-----|---------|----------|
+| `CLAUDE.md` | Claude instructions | **PRIMARY** |
+| `README.md` | Project overview | NEEDS UPDATE |
+
+---
+
+## Common Mistakes to Avoid
+
+1. **Don't use `src/hydration/`** - It's an old approach that was superseded by the task system
+
+2. **Don't use `src/dutchie-az/db/connection.ts`** - Use `src/db/pool.ts` instead
+
+3. **Don't import `src/db/migrate.ts` at runtime** - It will crash. Only use for CLI migrations.
+
+4. **Don't query `stores` table** - It's empty. Use `dispensaries`.
+
+5. **Don't query `products` table** - It's empty. Use `store_products`.
+
+6. **Don't use wrong GraphQL hash** - Always get hash from `GRAPHQL_HASHES` in client.ts
+
+7. **Don't use `Status: null`** - It returns 0 products. Use `Status: 'Active'`.
+
+---
+
+## When in Doubt
+
+1. Check if the file is imported in `src/index.ts` - if not, it may be deprecated
+2. Check the last modified date - older files may be stale
+3. Look for `DEPRECATED` comments in the code
+4. Ask: "Is there a newer version of this in `src/tasks/` or `src/platforms/`?"
+5. Read the relevant doc in `docs/` before modifying code
diff --git a/backend/docs/ANALYTICS_RUNBOOK.md b/backend/docs/_archive/ANALYTICS_RUNBOOK.md
similarity index 100%
rename from backend/docs/ANALYTICS_RUNBOOK.md
rename to backend/docs/_archive/ANALYTICS_RUNBOOK.md
diff --git a/backend/docs/ANALYTICS_V2_EXAMPLES.md b/backend/docs/_archive/ANALYTICS_V2_EXAMPLES.md
similarity index 100%
rename from backend/docs/ANALYTICS_V2_EXAMPLES.md
rename to backend/docs/_archive/ANALYTICS_V2_EXAMPLES.md
diff --git a/backend/docs/BRAND_INTELLIGENCE_API.md b/backend/docs/_archive/BRAND_INTELLIGENCE_API.md
similarity index 100%
rename from backend/docs/BRAND_INTELLIGENCE_API.md
rename to backend/docs/_archive/BRAND_INTELLIGENCE_API.md
diff --git a/backend/docs/CRAWL_PIPELINE.md b/backend/docs/_archive/CRAWL_PIPELINE.md
similarity index 100%
rename from backend/docs/CRAWL_PIPELINE.md
rename to backend/docs/_archive/CRAWL_PIPELINE.md
diff --git a/backend/docs/_archive/ORGANIC_SCRAPING_GUIDE.md b/backend/docs/_archive/ORGANIC_SCRAPING_GUIDE.md
new file mode 100644
index 00000000..cc89140b
--- /dev/null
+++ b/backend/docs/_archive/ORGANIC_SCRAPING_GUIDE.md
@@ -0,0 +1,297 @@
+# Organic Browser-Based Scraping Guide
+
+**Last Updated:** 2025-12-12
+**Status:** Production-ready proof of concept
+
+---
+
+## Overview
+
+This document describes the "organic" browser-based approach to scraping Dutchie dispensary menus. Unlike direct curl/axios requests, this method uses a real browser session to make API calls, making requests appear natural and reducing detection risk.
+
+---
+
+## Why Organic Scraping?
+
+| Approach | Detection Risk | Speed | Complexity |
+|----------|---------------|-------|------------|
+| Direct curl | Higher | Fast | Low |
+| curl-impersonate | Medium | Fast | Medium |
+| **Browser-based (organic)** | **Lowest** | Slower | Higher |
+
+Direct curl requests can be fingerprinted via:
+- TLS fingerprint (cipher suites, extensions)
+- Header order and values
+- Missing cookies/session data
+- Request patterns
+
+Browser-based requests inherit:
+- Real Chrome TLS fingerprint
+- Session cookies from page visit
+- Natural header order
+- JavaScript execution environment
+
+---
+
+## Implementation
+
+### Dependencies
+
+```bash
+npm install puppeteer puppeteer-extra puppeteer-extra-plugin-stealth
+```
+
+### Core Script: `test-intercept.js`
+
+Located at: `backend/test-intercept.js`
+
+```javascript
+const puppeteer = require('puppeteer-extra');
+const StealthPlugin = require('puppeteer-extra-plugin-stealth');
+const fs = require('fs');
+
+puppeteer.use(StealthPlugin());
+
+async function capturePayload(config) {
+  const { dispensaryId, platformId, cName, outputPath } = config;
+
+  const browser = await puppeteer.launch({
+    headless: 'new',
+    args: ['--no-sandbox', '--disable-setuid-sandbox']
+  });
+
+  const page = await browser.newPage();
+
+  // STEP 1: Establish session by visiting the menu
+  const embedUrl = `https://dutchie.com/embedded-menu/${cName}?menuType=rec`;
+  await page.goto(embedUrl, { waitUntil: 'networkidle2', timeout: 60000 });
+
+  // STEP 2: Fetch ALL products using GraphQL from browser context
+  const result = await page.evaluate(async (platformId) => {
+    const allProducts = [];
+    let pageNum = 0;
+    const perPage = 100;
+    let totalCount = 0;
+    const sessionId = 'browser-session-' + Date.now();
+
+    while (pageNum < 30) {
+      const variables = {
+        includeEnterpriseSpecials: false,
+        productsFilter: {
+          dispensaryId: platformId,
+          pricingType: 'rec',
+          Status: 'Active',  // CRITICAL: Must be 'Active', not null
+          types: [],
+          useCache: true,
+          isDefaultSort: true,
+          sortBy: 'popularSortIdx',
+          sortDirection: 1,
+          bypassOnlineThresholds: true,
+          isKioskMenu: false,
+          removeProductsBelowOptionThresholds: false,
+        },
+        page: pageNum,
+        perPage: perPage,
+      };
+
+      const extensions = {
+        persistedQuery: {
+          version: 1,
+          sha256Hash: 'ee29c060826dc41c527e470e9ae502c9b2c169720faa0a9f5d25e1b9a530a4a0'
+        }
+      };
+
+      const qs = new URLSearchParams({
+        operationName: 'FilteredProducts',
+        variables: JSON.stringify(variables),
+        extensions: JSON.stringify(extensions)
+      });
+
+      const response = await fetch(`https://dutchie.com/api-3/graphql?${qs}`, {
+        method: 'GET',
+        headers: {
+          'Accept': 'application/json',
+          'content-type': 'application/json',
+          'x-dutchie-session': sessionId,
+          'apollographql-client-name': 'Marketplace (production)',
+        },
+        credentials: 'include'
+      });
+
+      const json = await response.json();
+      const data = json?.data?.filteredProducts;
+      if (!data?.products) break;
+
+      allProducts.push(...data.products);
+      if (pageNum === 0) totalCount = data.queryInfo?.totalCount || 0;
+      if (allProducts.length >= totalCount) break;
+
+      pageNum++;
+      await new Promise(r => setTimeout(r, 200)); // Polite delay
+    }
+
+    return { products: allProducts, totalCount };
+  }, platformId);
+
+  await browser.close();
+
+  // STEP 3: Save payload
+  const payload = {
+    dispensaryId,
+    platformId,
+    cName,
+    fetchedAt: new Date().toISOString(),
+    productCount: result.products.length,
+    products: result.products,
+  };
+
+  fs.writeFileSync(outputPath, JSON.stringify(payload, null, 2));
+  return payload;
+}
+```
+
+---
+
+## Critical Parameters
+
+### GraphQL Hash (FilteredProducts)
+
+```
+ee29c060826dc41c527e470e9ae502c9b2c169720faa0a9f5d25e1b9a530a4a0
+```
+
+**WARNING:** Using the wrong hash returns HTTP 400.
+
+### Status Parameter
+
+| Value | Result |
+|-------|--------|
+| `'Active'` | Returns in-stock products (1019 in test) |
+| `null` | Returns 0 products |
+| `'All'` | Returns HTTP 400 |
+
+**ALWAYS use `Status: 'Active'`**
+
+### Required Headers
+
+```javascript
+{
+  'Accept': 'application/json',
+  'content-type': 'application/json',
+  'x-dutchie-session': 'unique-session-id',
+  'apollographql-client-name': 'Marketplace (production)',
+}
+```
+
+### Endpoint
+
+```
+https://dutchie.com/api-3/graphql
+```
+
+---
+
+## Performance Benchmarks
+
+Test store: AZ-Deeply-Rooted (1019 products)
+
+| Metric | Value |
+|--------|-------|
+| Total products | 1019 |
+| Time | 18.5 seconds |
+| Payload size | 11.8 MB |
+| Pages fetched | 11 (100 per page) |
+| Success rate | 100% |
+
+---
+
+## Payload Format
+
+The output matches the existing `payload-fetch.ts` handler format:
+
+```json
+{
+  "dispensaryId": 123,
+  "platformId": "6405ef617056e8014d79101b",
+  "cName": "AZ-Deeply-Rooted",
+  "fetchedAt": "2025-12-12T05:05:19.837Z",
+  "productCount": 1019,
+  "products": [
+    {
+      "id": "6927508db4851262f629a869",
+      "Name": "Product Name",
+      "brand": { "name": "Brand Name", ... },
+      "type": "Flower",
+      "THC": "25%",
+      "Prices": [...],
+      "Options": [...],
+      ...
+    }
+  ]
+}
+```
+
+---
+
+## Integration Points
+
+### As a Task Handler
+
+The organic approach can be integrated as an alternative to curl-based fetching:
+
+```typescript
+// In src/tasks/handlers/organic-payload-fetch.ts
+export async function handleOrganicPayloadFetch(ctx: TaskContext): Promise<TaskResult> {
+  // Use puppeteer-based capture
+  // Save to same payload storage
+  // Queue product_refresh task
+}
+```
+
+### Worker Configuration
+
+Add to job_schedules:
+```sql
+INSERT INTO job_schedules (name, role, cron_expression)
+VALUES ('organic_product_crawl', 'organic_payload_fetch', '0 */6 * * *');
+```
+
+---
+
+## Troubleshooting
+
+### HTTP 400 Bad Request
+- Check hash is correct: `ee29c060...`
+- Verify Status is `'Active'` (string, not null)
+
+### 0 Products Returned
+- Status was likely `null` or `'All'` - use `'Active'`
+- Check platformId is valid MongoDB ObjectId
+
+### Session Not Established
+- Increase timeout on initial page.goto()
+- Check cName is valid (matches embedded-menu URL)
+
+### Detection/Blocking
+- StealthPlugin should handle most cases
+- Add random delays between pages
+- Use headless: 'new' (not true/false)
+
+---
+
+## Files Reference
+
+| File | Purpose |
+|------|---------|
+| `backend/test-intercept.js` | Proof of concept script |
+| `backend/src/platforms/dutchie/client.ts` | GraphQL hashes, curl implementation |
+| `backend/src/tasks/handlers/payload-fetch.ts` | Current curl-based handler |
+| `backend/src/utils/payload-storage.ts` | Payload save/load utilities |
+
+---
+
+## See Also
+
+- `DUTCHIE_CRAWL_WORKFLOW.md` - Full crawl pipeline documentation
+- `TASK_WORKFLOW_2024-12-10.md` - Task system architecture
+- `CLAUDE.md` - Project rules and constraints
diff --git a/backend/docs/_archive/README.md b/backend/docs/_archive/README.md
new file mode 100644
index 00000000..bbe3eb16
--- /dev/null
+++ b/backend/docs/_archive/README.md
@@ -0,0 +1,25 @@
+# ARCHIVED DOCUMENTATION
+
+**WARNING: These docs may be outdated or inaccurate.**
+
+The code has evolved significantly. These docs are kept for historical reference only.
+
+## What to Use Instead
+
+**The single source of truth is:**
+- `CLAUDE.md` (root) - Essential rules and quick reference
+- `docs/CODEBASE_MAP.md` - Current file/directory reference
+
+## Why Archive?
+
+These docs were written during development iterations and may reference:
+- Old file paths that no longer exist
+- Deprecated approaches (hydration, scraper-v2)
+- APIs that have changed
+- Database schemas that evolved
+
+## If You Need Details
+
+1. First check CODEBASE_MAP.md for current file locations
+2. Then read the actual source code
+3. Only use archive docs as a last resort for historical context
diff --git a/backend/docs/TASK_WORKFLOW_2024-12-10.md b/backend/docs/_archive/TASK_WORKFLOW_2024-12-10.md
similarity index 100%
rename from backend/docs/TASK_WORKFLOW_2024-12-10.md
rename to backend/docs/_archive/TASK_WORKFLOW_2024-12-10.md
diff --git a/backend/docs/WORKER_TASK_ARCHITECTURE.md b/backend/docs/_archive/WORKER_TASK_ARCHITECTURE.md
similarity index 100%
rename from backend/docs/WORKER_TASK_ARCHITECTURE.md
rename to backend/docs/_archive/WORKER_TASK_ARCHITECTURE.md
diff --git a/backend/migrations/084_dual_transport_preflight.sql b/backend/migrations/084_dual_transport_preflight.sql
new file mode 100644
index 00000000..26854b36
--- /dev/null
+++ b/backend/migrations/084_dual_transport_preflight.sql
@@ -0,0 +1,253 @@
+-- Migration 084: Dual Transport Preflight System
+-- Workers run both curl and http (Puppeteer) preflights on startup
+-- Tasks can require a specific transport method
+
+-- ===================================================================
+-- PART 1: Add preflight columns to worker_registry
+-- ===================================================================
+
+-- Preflight status for curl/axios transport (proxy-based)
+ALTER TABLE worker_registry
+ADD COLUMN IF NOT EXISTS preflight_curl_status VARCHAR(20) DEFAULT 'pending';
+
+-- Preflight status for http/Puppeteer transport (browser-based)
+ALTER TABLE worker_registry
+ADD COLUMN IF NOT EXISTS preflight_http_status VARCHAR(20) DEFAULT 'pending';
+
+-- Timestamps for when each preflight completed
+ALTER TABLE worker_registry
+ADD COLUMN IF NOT EXISTS preflight_curl_at TIMESTAMPTZ;
+
+ALTER TABLE worker_registry
+ADD COLUMN IF NOT EXISTS preflight_http_at TIMESTAMPTZ;
+
+-- Error messages for failed preflights
+ALTER TABLE worker_registry
+ADD COLUMN IF NOT EXISTS preflight_curl_error TEXT;
+
+ALTER TABLE worker_registry
+ADD COLUMN IF NOT EXISTS preflight_http_error TEXT;
+
+-- Response time for successful preflights (ms)
+ALTER TABLE worker_registry
+ADD COLUMN IF NOT EXISTS preflight_curl_ms INTEGER;
+
+ALTER TABLE worker_registry
+ADD COLUMN IF NOT EXISTS preflight_http_ms INTEGER;
+
+-- Constraints for preflight status values
+ALTER TABLE worker_registry
+DROP CONSTRAINT IF EXISTS valid_preflight_curl_status;
+
+ALTER TABLE worker_registry
+ADD CONSTRAINT valid_preflight_curl_status
+CHECK (preflight_curl_status IN ('pending', 'passed', 'failed', 'skipped'));
+
+ALTER TABLE worker_registry
+DROP CONSTRAINT IF EXISTS valid_preflight_http_status;
+
+ALTER TABLE worker_registry
+ADD CONSTRAINT valid_preflight_http_status
+CHECK (preflight_http_status IN ('pending', 'passed', 'failed', 'skipped'));
+
+-- ===================================================================
+-- PART 2: Add method column to worker_tasks
+-- ===================================================================
+
+-- Transport method requirement for the task
+-- NULL = no preference (any worker can claim)
+-- 'curl' = requires curl/axios transport (proxy-based, fast)
+-- 'http' = requires http/Puppeteer transport (browser-based, anti-detect)
+ALTER TABLE worker_tasks
+ADD COLUMN IF NOT EXISTS method VARCHAR(10);
+
+-- Constraint for valid method values
+ALTER TABLE worker_tasks
+DROP CONSTRAINT IF EXISTS valid_task_method;
+
+ALTER TABLE worker_tasks
+ADD CONSTRAINT valid_task_method
+CHECK (method IS NULL OR method IN ('curl', 'http'));
+
+-- Index for method-based task claiming
+CREATE INDEX IF NOT EXISTS idx_worker_tasks_method
+  ON worker_tasks(method)
+  WHERE status = 'pending';
+
+-- Set default method for all existing pending tasks to 'http'
+-- ALL current tasks require Puppeteer/browser-based transport
+UPDATE worker_tasks
+SET method = 'http'
+WHERE method IS NULL;
+
+-- ===================================================================
+-- PART 3: Update claim_task function for method compatibility
+-- ===================================================================
+
+CREATE OR REPLACE FUNCTION claim_task(
+  p_role VARCHAR(50),
+  p_worker_id VARCHAR(100),
+  p_curl_passed BOOLEAN DEFAULT TRUE,
+  p_http_passed BOOLEAN DEFAULT FALSE
+) RETURNS worker_tasks AS $$
+DECLARE
+  claimed_task worker_tasks;
+BEGIN
+  UPDATE worker_tasks
+  SET
+    status = 'claimed',
+    worker_id = p_worker_id,
+    claimed_at = NOW(),
+    updated_at = NOW()
+  WHERE id = (
+    SELECT id FROM worker_tasks
+    WHERE role = p_role
+      AND status = 'pending'
+      AND (scheduled_for IS NULL OR scheduled_for <= NOW())
+      -- Method compatibility: worker must have passed the required preflight
+      AND (
+        method IS NULL  -- No preference, any worker can claim
+        OR (method = 'curl' AND p_curl_passed = TRUE)
+        OR (method = 'http' AND p_http_passed = TRUE)
+      )
+      -- Exclude stores that already have an active task
+      AND (dispensary_id IS NULL OR dispensary_id NOT IN (
+        SELECT dispensary_id FROM worker_tasks
+        WHERE status IN ('claimed', 'running')
+        AND dispensary_id IS NOT NULL
+      ))
+    ORDER BY priority DESC, created_at ASC
+    LIMIT 1
+    FOR UPDATE SKIP LOCKED
+  )
+  RETURNING * INTO claimed_task;
+
+  RETURN claimed_task;
+END;
+$$ LANGUAGE plpgsql;
+
+-- ===================================================================
+-- PART 4: Update v_active_workers view
+-- ===================================================================
+
+DROP VIEW IF EXISTS v_active_workers;
+
+CREATE VIEW v_active_workers AS
+SELECT
+  wr.id,
+  wr.worker_id,
+  wr.friendly_name,
+  wr.role,
+  wr.status,
+  wr.pod_name,
+  wr.hostname,
+  wr.started_at,
+  wr.last_heartbeat_at,
+  wr.last_task_at,
+  wr.tasks_completed,
+  wr.tasks_failed,
+  wr.current_task_id,
+  -- Preflight status
+  wr.preflight_curl_status,
+  wr.preflight_http_status,
+  wr.preflight_curl_at,
+  wr.preflight_http_at,
+  wr.preflight_curl_error,
+  wr.preflight_http_error,
+  wr.preflight_curl_ms,
+  wr.preflight_http_ms,
+  -- Computed fields
+  EXTRACT(EPOCH FROM (NOW() - wr.last_heartbeat_at)) as seconds_since_heartbeat,
+  CASE
+    WHEN wr.status = 'offline' THEN 'offline'
+    WHEN wr.last_heartbeat_at < NOW() - INTERVAL '2 minutes' THEN 'stale'
+    WHEN wr.current_task_id IS NOT NULL THEN 'busy'
+    ELSE 'ready'
+  END as health_status,
+  -- Capability flags (can this worker handle curl/http tasks?)
+  (wr.preflight_curl_status = 'passed') as can_curl,
+  (wr.preflight_http_status = 'passed') as can_http
+FROM worker_registry wr
+WHERE wr.status != 'terminated'
+ORDER BY wr.status = 'active' DESC, wr.last_heartbeat_at DESC;
+
+-- ===================================================================
+-- PART 5: View for task queue with method info
+-- ===================================================================
+
+DROP VIEW IF EXISTS v_task_history;
+
+CREATE VIEW v_task_history AS
+SELECT
+  t.id,
+  t.role,
+  t.dispensary_id,
+  d.name as dispensary_name,
+  t.platform,
+  t.status,
+  t.priority,
+  t.method,
+  t.worker_id,
+  t.scheduled_for,
+  t.claimed_at,
+  t.started_at,
+  t.completed_at,
+  t.error_message,
+  t.retry_count,
+  t.created_at,
+  EXTRACT(EPOCH FROM (t.completed_at - t.started_at)) as duration_sec
+FROM worker_tasks t
+LEFT JOIN dispensaries d ON d.id = t.dispensary_id
+ORDER BY t.created_at DESC;
+
+-- ===================================================================
+-- PART 6: Helper function to update worker preflight status
+-- ===================================================================
+
+CREATE OR REPLACE FUNCTION update_worker_preflight(
+  p_worker_id VARCHAR(100),
+  p_transport VARCHAR(10),  -- 'curl' or 'http'
+  p_status VARCHAR(20),     -- 'passed', 'failed', 'skipped'
+  p_response_ms INTEGER DEFAULT NULL,
+  p_error TEXT DEFAULT NULL
+) RETURNS VOID AS $$
+BEGIN
+  IF p_transport = 'curl' THEN
+    UPDATE worker_registry
+    SET
+      preflight_curl_status = p_status,
+      preflight_curl_at = NOW(),
+      preflight_curl_ms = p_response_ms,
+      preflight_curl_error = p_error,
+      updated_at = NOW()
+    WHERE worker_id = p_worker_id;
+  ELSIF p_transport = 'http' THEN
+    UPDATE worker_registry
+    SET
+      preflight_http_status = p_status,
+      preflight_http_at = NOW(),
+      preflight_http_ms = p_response_ms,
+      preflight_http_error = p_error,
+      updated_at = NOW()
+    WHERE worker_id = p_worker_id;
+  END IF;
+END;
+$$ LANGUAGE plpgsql;
+
+-- ===================================================================
+-- Comments
+-- ===================================================================
+
+COMMENT ON COLUMN worker_registry.preflight_curl_status IS 'Status of curl/axios preflight: pending, passed, failed, skipped';
+COMMENT ON COLUMN worker_registry.preflight_http_status IS 'Status of http/Puppeteer preflight: pending, passed, failed, skipped';
+COMMENT ON COLUMN worker_registry.preflight_curl_at IS 'When curl preflight completed';
+COMMENT ON COLUMN worker_registry.preflight_http_at IS 'When http preflight completed';
+COMMENT ON COLUMN worker_registry.preflight_curl_error IS 'Error message if curl preflight failed';
+COMMENT ON COLUMN worker_registry.preflight_http_error IS 'Error message if http preflight failed';
+COMMENT ON COLUMN worker_registry.preflight_curl_ms IS 'Response time of successful curl preflight (ms)';
+COMMENT ON COLUMN worker_registry.preflight_http_ms IS 'Response time of successful http preflight (ms)';
+
+COMMENT ON COLUMN worker_tasks.method IS 'Transport method required: NULL=any, curl=proxy-based, http=browser-based';
+
+COMMENT ON FUNCTION claim_task IS 'Atomically claim a task, respecting method requirements and per-store locking';
+COMMENT ON FUNCTION update_worker_preflight IS 'Update a workers preflight status for a given transport';
diff --git a/backend/src/_deprecated/DONT_USE.md b/backend/src/_deprecated/DONT_USE.md
new file mode 100644
index 00000000..be669347
--- /dev/null
+++ b/backend/src/_deprecated/DONT_USE.md
@@ -0,0 +1,46 @@
+# DEPRECATED CODE - DO NOT USE
+
+**These directories contain OLD, ABANDONED code.**
+
+## What's Here
+
+| Directory | What It Was | Why Deprecated |
+|-----------|-------------|----------------|
+| `hydration/` | Old pipeline for processing crawl data | Replaced by `src/tasks/handlers/` |
+| `scraper-v2/` | Old Puppeteer-based scraper engine | Replaced by curl-based `src/platforms/dutchie/client.ts` |
+| `canonical-hydration/` | Intermediate step toward canonical schema | Merged into task handlers |
+
+## What to Use Instead
+
+| Old (DONT USE) | New (USE THIS) |
+|----------------|----------------|
+| `hydration/normalizers/dutchie.ts` | `src/tasks/handlers/product-refresh.ts` |
+| `hydration/producer.ts` | `src/tasks/handlers/payload-fetch.ts` |
+| `scraper-v2/engine.ts` | `src/platforms/dutchie/client.ts` |
+| `scraper-v2/scheduler.ts` | `src/services/task-scheduler.ts` |
+
+## Why Keep This Code?
+
+- Historical reference only
+- Some patterns may be useful for debugging
+- Will be deleted once confirmed not needed
+
+## Claude Instructions
+
+**IF YOU ARE CLAUDE:**
+
+1. NEVER import from `src/_deprecated/`
+2. NEVER reference these files as examples
+3. NEVER try to "fix" or "update" code in here
+4. If you see imports from these directories, suggest replacing them
+
+**Correct imports:**
+```typescript
+// GOOD
+import { executeGraphQL } from '../platforms/dutchie/client';
+import { pool } from '../db/pool';
+
+// BAD - DO NOT USE
+import { something } from '../_deprecated/hydration/...';
+import { something } from '../_deprecated/scraper-v2/...';
+```
diff --git a/backend/src/canonical-hydration/RUNBOOK.md b/backend/src/_deprecated/canonical-hydration/RUNBOOK.md
similarity index 100%
rename from backend/src/canonical-hydration/RUNBOOK.md
rename to backend/src/_deprecated/canonical-hydration/RUNBOOK.md
diff --git a/backend/src/canonical-hydration/cli/backfill.ts b/backend/src/_deprecated/canonical-hydration/cli/backfill.ts
similarity index 100%
rename from backend/src/canonical-hydration/cli/backfill.ts
rename to backend/src/_deprecated/canonical-hydration/cli/backfill.ts
diff --git a/backend/src/canonical-hydration/cli/incremental.ts b/backend/src/_deprecated/canonical-hydration/cli/incremental.ts
similarity index 100%
rename from backend/src/canonical-hydration/cli/incremental.ts
rename to backend/src/_deprecated/canonical-hydration/cli/incremental.ts
diff --git a/backend/src/canonical-hydration/cli/products-only.ts b/backend/src/_deprecated/canonical-hydration/cli/products-only.ts
similarity index 100%
rename from backend/src/canonical-hydration/cli/products-only.ts
rename to backend/src/_deprecated/canonical-hydration/cli/products-only.ts
diff --git a/backend/src/canonical-hydration/crawl-run-recorder.ts b/backend/src/_deprecated/canonical-hydration/crawl-run-recorder.ts
similarity index 100%
rename from backend/src/canonical-hydration/crawl-run-recorder.ts
rename to backend/src/_deprecated/canonical-hydration/crawl-run-recorder.ts
diff --git a/backend/src/canonical-hydration/hydration-service.ts b/backend/src/_deprecated/canonical-hydration/hydration-service.ts
similarity index 100%
rename from backend/src/canonical-hydration/hydration-service.ts
rename to backend/src/_deprecated/canonical-hydration/hydration-service.ts
diff --git a/backend/src/canonical-hydration/index.ts b/backend/src/_deprecated/canonical-hydration/index.ts
similarity index 100%
rename from backend/src/canonical-hydration/index.ts
rename to backend/src/_deprecated/canonical-hydration/index.ts
diff --git a/backend/src/canonical-hydration/snapshot-writer.ts b/backend/src/_deprecated/canonical-hydration/snapshot-writer.ts
similarity index 100%
rename from backend/src/canonical-hydration/snapshot-writer.ts
rename to backend/src/_deprecated/canonical-hydration/snapshot-writer.ts
diff --git a/backend/src/canonical-hydration/store-product-normalizer.ts b/backend/src/_deprecated/canonical-hydration/store-product-normalizer.ts
similarity index 100%
rename from backend/src/canonical-hydration/store-product-normalizer.ts
rename to backend/src/_deprecated/canonical-hydration/store-product-normalizer.ts
diff --git a/backend/src/canonical-hydration/types.ts b/backend/src/_deprecated/canonical-hydration/types.ts
similarity index 100%
rename from backend/src/canonical-hydration/types.ts
rename to backend/src/_deprecated/canonical-hydration/types.ts
diff --git a/backend/src/routes/crawler-sandbox.ts b/backend/src/_deprecated/routes/crawler-sandbox.ts
similarity index 100%
rename from backend/src/routes/crawler-sandbox.ts
rename to backend/src/_deprecated/routes/crawler-sandbox.ts
diff --git a/backend/src/scraper-v2/README.md b/backend/src/_deprecated/scraper-v2/README.md
similarity index 100%
rename from backend/src/scraper-v2/README.md
rename to backend/src/_deprecated/scraper-v2/README.md
diff --git a/backend/src/scraper-v2/canonical-pipeline.ts b/backend/src/_deprecated/scraper-v2/canonical-pipeline.ts
similarity index 100%
rename from backend/src/scraper-v2/canonical-pipeline.ts
rename to backend/src/_deprecated/scraper-v2/canonical-pipeline.ts
diff --git a/backend/src/scraper-v2/downloader.ts b/backend/src/_deprecated/scraper-v2/downloader.ts
similarity index 100%
rename from backend/src/scraper-v2/downloader.ts
rename to backend/src/_deprecated/scraper-v2/downloader.ts
diff --git a/backend/src/scraper-v2/engine.ts b/backend/src/_deprecated/scraper-v2/engine.ts
similarity index 100%
rename from backend/src/scraper-v2/engine.ts
rename to backend/src/_deprecated/scraper-v2/engine.ts
diff --git a/backend/src/scraper-v2/index.ts b/backend/src/_deprecated/scraper-v2/index.ts
similarity index 100%
rename from backend/src/scraper-v2/index.ts
rename to backend/src/_deprecated/scraper-v2/index.ts
diff --git a/backend/src/scraper-v2/middlewares.ts b/backend/src/_deprecated/scraper-v2/middlewares.ts
similarity index 100%
rename from backend/src/scraper-v2/middlewares.ts
rename to backend/src/_deprecated/scraper-v2/middlewares.ts
diff --git a/backend/src/scraper-v2/navigation.ts b/backend/src/_deprecated/scraper-v2/navigation.ts
similarity index 100%
rename from backend/src/scraper-v2/navigation.ts
rename to backend/src/_deprecated/scraper-v2/navigation.ts
diff --git a/backend/src/scraper-v2/pipelines.ts b/backend/src/_deprecated/scraper-v2/pipelines.ts
similarity index 100%
rename from backend/src/scraper-v2/pipelines.ts
rename to backend/src/_deprecated/scraper-v2/pipelines.ts
diff --git a/backend/src/scraper-v2/scheduler.ts b/backend/src/_deprecated/scraper-v2/scheduler.ts
similarity index 100%
rename from backend/src/scraper-v2/scheduler.ts
rename to backend/src/_deprecated/scraper-v2/scheduler.ts
diff --git a/backend/src/scraper-v2/types.ts b/backend/src/_deprecated/scraper-v2/types.ts
similarity index 100%
rename from backend/src/scraper-v2/types.ts
rename to backend/src/_deprecated/scraper-v2/types.ts
diff --git a/backend/src/scripts/queue-dispensaries.ts b/backend/src/_deprecated/scripts/queue-dispensaries.ts
similarity index 100%
rename from backend/src/scripts/queue-dispensaries.ts
rename to backend/src/_deprecated/scripts/queue-dispensaries.ts
diff --git a/backend/src/scripts/run-backfill.ts b/backend/src/_deprecated/scripts/run-backfill.ts
similarity index 100%
rename from backend/src/scripts/run-backfill.ts
rename to backend/src/_deprecated/scripts/run-backfill.ts
diff --git a/backend/src/scripts/run-hydration.ts b/backend/src/_deprecated/scripts/run-hydration.ts
similarity index 100%
rename from backend/src/scripts/run-hydration.ts
rename to backend/src/_deprecated/scripts/run-hydration.ts
diff --git a/backend/src/scripts/test-crawl-to-canonical.ts b/backend/src/_deprecated/scripts/test-crawl-to-canonical.ts
similarity index 100%
rename from backend/src/scripts/test-crawl-to-canonical.ts
rename to backend/src/_deprecated/scripts/test-crawl-to-canonical.ts
diff --git a/backend/src/services/DiscoveryGeoService.ts b/backend/src/_deprecated/services/DiscoveryGeoService.ts
similarity index 100%
rename from backend/src/services/DiscoveryGeoService.ts
rename to backend/src/_deprecated/services/DiscoveryGeoService.ts
diff --git a/backend/src/services/GeoValidationService.ts b/backend/src/_deprecated/services/GeoValidationService.ts
similarity index 100%
rename from backend/src/services/GeoValidationService.ts
rename to backend/src/_deprecated/services/GeoValidationService.ts
diff --git a/backend/src/services/availability.ts b/backend/src/_deprecated/services/availability.ts
similarity index 100%
rename from backend/src/services/availability.ts
rename to backend/src/_deprecated/services/availability.ts
diff --git a/backend/src/services/crawler-jobs.ts b/backend/src/_deprecated/services/crawler-jobs.ts
similarity index 100%
rename from backend/src/services/crawler-jobs.ts
rename to backend/src/_deprecated/services/crawler-jobs.ts
diff --git a/backend/src/services/crawler-logger.ts b/backend/src/_deprecated/services/crawler-logger.ts
similarity index 100%
rename from backend/src/services/crawler-logger.ts
rename to backend/src/_deprecated/services/crawler-logger.ts
diff --git a/backend/src/services/crawler-profiles.ts b/backend/src/_deprecated/services/crawler-profiles.ts
similarity index 100%
rename from backend/src/services/crawler-profiles.ts
rename to backend/src/_deprecated/services/crawler-profiles.ts
diff --git a/backend/src/services/intelligence-detector.ts b/backend/src/_deprecated/services/intelligence-detector.ts
similarity index 100%
rename from backend/src/services/intelligence-detector.ts
rename to backend/src/_deprecated/services/intelligence-detector.ts
diff --git a/backend/src/services/menu-provider-detector.ts b/backend/src/_deprecated/services/menu-provider-detector.ts
similarity index 100%
rename from backend/src/services/menu-provider-detector.ts
rename to backend/src/_deprecated/services/menu-provider-detector.ts
diff --git a/backend/src/services/scraper-debug.ts b/backend/src/_deprecated/services/scraper-debug.ts
similarity index 100%
rename from backend/src/services/scraper-debug.ts
rename to backend/src/_deprecated/services/scraper-debug.ts
diff --git a/backend/src/services/scraper.ts b/backend/src/_deprecated/services/scraper.ts
similarity index 100%
rename from backend/src/services/scraper.ts
rename to backend/src/_deprecated/services/scraper.ts
diff --git a/backend/src/_deprecated/system/routes/index.ts b/backend/src/_deprecated/system/routes/index.ts
new file mode 100644
index 00000000..c920c4ad
--- /dev/null
+++ b/backend/src/_deprecated/system/routes/index.ts
@@ -0,0 +1,584 @@
+/**
+ * System API Routes
+ *
+ * Provides REST API endpoints for system monitoring and control:
+ * - /api/system/sync/* - Sync orchestrator
+ * - /api/system/dlq/* - Dead-letter queue
+ * - /api/system/integrity/* - Integrity checks
+ * - /api/system/fix/* - Auto-fix routines
+ * - /api/system/alerts/* - System alerts
+ * - /metrics - Prometheus metrics
+ *
+ * Phase 5: Full Production Sync + Monitoring
+ */
+
+import { Router, Request, Response } from 'express';
+import { Pool } from 'pg';
+import {
+  SyncOrchestrator,
+  MetricsService,
+  DLQService,
+  AlertService,
+  IntegrityService,
+  AutoFixService,
+} from '../services';
+
+export function createSystemRouter(pool: Pool): Router {
+  const router = Router();
+
+  // Initialize services
+  const metrics = new MetricsService(pool);
+  const dlq = new DLQService(pool);
+  const alerts = new AlertService(pool);
+  const integrity = new IntegrityService(pool, alerts);
+  const autoFix = new AutoFixService(pool, alerts);
+  const orchestrator = new SyncOrchestrator(pool, metrics, dlq, alerts);
+
+  // ============================================================
+  // SYNC ORCHESTRATOR ENDPOINTS
+  // ============================================================
+
+  /**
+   * GET /api/system/sync/status
+   * Get current sync status
+   */
+  router.get('/sync/status', async (_req: Request, res: Response) => {
+    try {
+      const status = await orchestrator.getStatus();
+      res.json(status);
+    } catch (error) {
+      console.error('[System] Sync status error:', error);
+      res.status(500).json({ error: 'Failed to get sync status' });
+    }
+  });
+
+  /**
+   * POST /api/system/sync/run
+   * Trigger a sync run
+   */
+  router.post('/sync/run', async (req: Request, res: Response) => {
+    try {
+      const triggeredBy = req.body.triggeredBy || 'api';
+      const result = await orchestrator.runSync();
+      res.json({
+        success: true,
+        triggeredBy,
+        metrics: result,
+      });
+    } catch (error) {
+      console.error('[System] Sync run error:', error);
+      res.status(500).json({
+        success: false,
+        error: error instanceof Error ? error.message : 'Sync run failed',
+      });
+    }
+  });
+
+  /**
+   * GET /api/system/sync/queue-depth
+   * Get queue depth information
+   */
+  router.get('/sync/queue-depth', async (_req: Request, res: Response) => {
+    try {
+      const depth = await orchestrator.getQueueDepth();
+      res.json(depth);
+    } catch (error) {
+      console.error('[System] Queue depth error:', error);
+      res.status(500).json({ error: 'Failed to get queue depth' });
+    }
+  });
+
+  /**
+   * GET /api/system/sync/health
+   * Get sync health status
+   */
+  router.get('/sync/health', async (_req: Request, res: Response) => {
+    try {
+      const health = await orchestrator.getHealth();
+      res.status(health.healthy ? 200 : 503).json(health);
+    } catch (error) {
+      console.error('[System] Health check error:', error);
+      res.status(500).json({ healthy: false, error: 'Health check failed' });
+    }
+  });
+
+  /**
+   * POST /api/system/sync/pause
+   * Pause the orchestrator
+   */
+  router.post('/sync/pause', async (req: Request, res: Response) => {
+    try {
+      const reason = req.body.reason || 'Manual pause';
+      await orchestrator.pause(reason);
+      res.json({ success: true, message: 'Orchestrator paused' });
+    } catch (error) {
+      console.error('[System] Pause error:', error);
+      res.status(500).json({ error: 'Failed to pause orchestrator' });
+    }
+  });
+
+  /**
+   * POST /api/system/sync/resume
+   * Resume the orchestrator
+   */
+  router.post('/sync/resume', async (_req: Request, res: Response) => {
+    try {
+      await orchestrator.resume();
+      res.json({ success: true, message: 'Orchestrator resumed' });
+    } catch (error) {
+      console.error('[System] Resume error:', error);
+      res.status(500).json({ error: 'Failed to resume orchestrator' });
+    }
+  });
+
+  // ============================================================
+  // DLQ ENDPOINTS
+  // ============================================================
+
+  /**
+   * GET /api/system/dlq
+   * List DLQ payloads
+   */
+  router.get('/dlq', async (req: Request, res: Response) => {
+    try {
+      const options = {
+        status: req.query.status as string,
+        errorType: req.query.errorType as string,
+        dispensaryId: req.query.dispensaryId ? parseInt(req.query.dispensaryId as string) : undefined,
+        limit: req.query.limit ? parseInt(req.query.limit as string) : 50,
+        offset: req.query.offset ? parseInt(req.query.offset as string) : 0,
+      };
+
+      const result = await dlq.listPayloads(options);
+      res.json(result);
+    } catch (error) {
+      console.error('[System] DLQ list error:', error);
+      res.status(500).json({ error: 'Failed to list DLQ payloads' });
+    }
+  });
+
+  /**
+   * GET /api/system/dlq/stats
+   * Get DLQ statistics
+   */
+  router.get('/dlq/stats', async (_req: Request, res: Response) => {
+    try {
+      const stats = await dlq.getStats();
+      res.json(stats);
+    } catch (error) {
+      console.error('[System] DLQ stats error:', error);
+      res.status(500).json({ error: 'Failed to get DLQ stats' });
+    }
+  });
+
+  /**
+   * GET /api/system/dlq/summary
+   * Get DLQ summary by error type
+   */
+  router.get('/dlq/summary', async (_req: Request, res: Response) => {
+    try {
+      const summary = await dlq.getSummary();
+      res.json(summary);
+    } catch (error) {
+      console.error('[System] DLQ summary error:', error);
+      res.status(500).json({ error: 'Failed to get DLQ summary' });
+    }
+  });
+
+  /**
+   * GET /api/system/dlq/:id
+   * Get a specific DLQ payload
+   */
+  router.get('/dlq/:id', async (req: Request, res: Response) => {
+    try {
+      const payload = await dlq.getPayload(req.params.id);
+      if (!payload) {
+        return res.status(404).json({ error: 'Payload not found' });
+      }
+      res.json(payload);
+    } catch (error) {
+      console.error('[System] DLQ get error:', error);
+      res.status(500).json({ error: 'Failed to get DLQ payload' });
+    }
+  });
+
+  /**
+   * POST /api/system/dlq/:id/retry
+   * Retry a DLQ payload
+   */
+  router.post('/dlq/:id/retry', async (req: Request, res: Response) => {
+    try {
+      const result = await dlq.retryPayload(req.params.id);
+      if (result.success) {
+        res.json(result);
+      } else {
+        res.status(400).json(result);
+      }
+    } catch (error) {
+      console.error('[System] DLQ retry error:', error);
+      res.status(500).json({ error: 'Failed to retry payload' });
+    }
+  });
+
+  /**
+   * POST /api/system/dlq/:id/abandon
+   * Abandon a DLQ payload
+   */
+  router.post('/dlq/:id/abandon', async (req: Request, res: Response) => {
+    try {
+      const reason = req.body.reason || 'Manually abandoned';
+      const abandonedBy = req.body.abandonedBy || 'api';
+      const success = await dlq.abandonPayload(req.params.id, reason, abandonedBy);
+      res.json({ success });
+    } catch (error) {
+      console.error('[System] DLQ abandon error:', error);
+      res.status(500).json({ error: 'Failed to abandon payload' });
+    }
+  });
+
+  /**
+   * POST /api/system/dlq/bulk-retry
+   * Bulk retry payloads by error type
+   */
+  router.post('/dlq/bulk-retry', async (req: Request, res: Response) => {
+    try {
+      const { errorType } = req.body;
+      if (!errorType) {
+        return res.status(400).json({ error: 'errorType is required' });
+      }
+      const result = await dlq.bulkRetryByErrorType(errorType);
+      res.json(result);
+    } catch (error) {
+      console.error('[System] DLQ bulk retry error:', error);
+      res.status(500).json({ error: 'Failed to bulk retry' });
+    }
+  });
+
+  // ============================================================
+  // INTEGRITY CHECK ENDPOINTS
+  // ============================================================
+
+  /**
+   * POST /api/system/integrity/run
+   * Run all integrity checks
+   */
+  router.post('/integrity/run', async (req: Request, res: Response) => {
+    try {
+      const triggeredBy = req.body.triggeredBy || 'api';
+      const result = await integrity.runAllChecks(triggeredBy);
+      res.json(result);
+    } catch (error) {
+      console.error('[System] Integrity run error:', error);
+      res.status(500).json({ error: 'Failed to run integrity checks' });
+    }
+  });
+
+  /**
+   * GET /api/system/integrity/runs
+   * Get recent integrity check runs
+   */
+  router.get('/integrity/runs', async (req: Request, res: Response) => {
+    try {
+      const limit = req.query.limit ? parseInt(req.query.limit as string) : 10;
+      const runs = await integrity.getRecentRuns(limit);
+      res.json(runs);
+    } catch (error) {
+      console.error('[System] Integrity runs error:', error);
+      res.status(500).json({ error: 'Failed to get integrity runs' });
+    }
+  });
+
+  /**
+   * GET /api/system/integrity/runs/:runId
+   * Get results for a specific integrity run
+   */
+  router.get('/integrity/runs/:runId', async (req: Request, res: Response) => {
+    try {
+      const results = await integrity.getRunResults(req.params.runId);
+      res.json(results);
+    } catch (error) {
+      console.error('[System] Integrity run results error:', error);
+      res.status(500).json({ error: 'Failed to get run results' });
+    }
+  });
+
+  // ============================================================
+  // AUTO-FIX ENDPOINTS
+  // ============================================================
+
+  /**
+   * GET /api/system/fix/routines
+   * Get available fix routines
+   */
+  router.get('/fix/routines', (_req: Request, res: Response) => {
+    try {
+      const routines = autoFix.getAvailableRoutines();
+      res.json(routines);
+    } catch (error) {
+      console.error('[System] Get routines error:', error);
+      res.status(500).json({ error: 'Failed to get routines' });
+    }
+  });
+
+  /**
+   * POST /api/system/fix/:routine
+   * Run a fix routine
+   */
+  router.post('/fix/:routine', async (req: Request, res: Response) => {
+    try {
+      const routineName = req.params.routine;
+      const dryRun = req.body.dryRun === true;
+      const triggeredBy = req.body.triggeredBy || 'api';
+
+      const result = await autoFix.runRoutine(routineName as any, triggeredBy, { dryRun });
+      res.json(result);
+    } catch (error) {
+      console.error('[System] Fix routine error:', error);
+      res.status(500).json({ error: 'Failed to run fix routine' });
+    }
+  });
+
+  /**
+   * GET /api/system/fix/runs
+   * Get recent fix runs
+   */
+  router.get('/fix/runs', async (req: Request, res: Response) => {
+    try {
+      const limit = req.query.limit ? parseInt(req.query.limit as string) : 20;
+      const runs = await autoFix.getRecentRuns(limit);
+      res.json(runs);
+    } catch (error) {
+      console.error('[System] Fix runs error:', error);
+      res.status(500).json({ error: 'Failed to get fix runs' });
+    }
+  });
+
+  // ============================================================
+  // ALERTS ENDPOINTS
+  // ============================================================
+
+  /**
+   * GET /api/system/alerts
+   * List alerts
+   */
+  router.get('/alerts', async (req: Request, res: Response) => {
+    try {
+      const options = {
+        status: req.query.status as any,
+        severity: req.query.severity as any,
+        type: req.query.type as string,
+        limit: req.query.limit ? parseInt(req.query.limit as string) : 50,
+        offset: req.query.offset ? parseInt(req.query.offset as string) : 0,
+      };
+
+      const result = await alerts.listAlerts(options);
+      res.json(result);
+    } catch (error) {
+      console.error('[System] Alerts list error:', error);
+      res.status(500).json({ error: 'Failed to list alerts' });
+    }
+  });
+
+  /**
+   * GET /api/system/alerts/active
+   * Get active alerts
+   */
+  router.get('/alerts/active', async (_req: Request, res: Response) => {
+    try {
+      const activeAlerts = await alerts.getActiveAlerts();
+      res.json(activeAlerts);
+    } catch (error) {
+      console.error('[System] Active alerts error:', error);
+      res.status(500).json({ error: 'Failed to get active alerts' });
+    }
+  });
+
+  /**
+   * GET /api/system/alerts/summary
+   * Get alert summary
+   */
+  router.get('/alerts/summary', async (_req: Request, res: Response) => {
+    try {
+      const summary = await alerts.getSummary();
+      res.json(summary);
+    } catch (error) {
+      console.error('[System] Alerts summary error:', error);
+      res.status(500).json({ error: 'Failed to get alerts summary' });
+    }
+  });
+
+  /**
+   * POST /api/system/alerts/:id/acknowledge
+   * Acknowledge an alert
+   */
+  router.post('/alerts/:id/acknowledge', async (req: Request, res: Response) => {
+    try {
+      const alertId = parseInt(req.params.id);
+      const acknowledgedBy = req.body.acknowledgedBy || 'api';
+      const success = await alerts.acknowledgeAlert(alertId, acknowledgedBy);
+      res.json({ success });
+    } catch (error) {
+      console.error('[System] Acknowledge alert error:', error);
+      res.status(500).json({ error: 'Failed to acknowledge alert' });
+    }
+  });
+
+  /**
+   * POST /api/system/alerts/:id/resolve
+   * Resolve an alert
+   */
+  router.post('/alerts/:id/resolve', async (req: Request, res: Response) => {
+    try {
+      const alertId = parseInt(req.params.id);
+      const resolvedBy = req.body.resolvedBy || 'api';
+      const success = await alerts.resolveAlert(alertId, resolvedBy);
+      res.json({ success });
+    } catch (error) {
+      console.error('[System] Resolve alert error:', error);
+      res.status(500).json({ error: 'Failed to resolve alert' });
+    }
+  });
+
+  /**
+   * POST /api/system/alerts/bulk-acknowledge
+   * Bulk acknowledge alerts
+   */
+  router.post('/alerts/bulk-acknowledge', async (req: Request, res: Response) => {
+    try {
+      const { ids, acknowledgedBy } = req.body;
+      if (!ids || !Array.isArray(ids)) {
+        return res.status(400).json({ error: 'ids array is required' });
+      }
+      const count = await alerts.bulkAcknowledge(ids, acknowledgedBy || 'api');
+      res.json({ acknowledged: count });
+    } catch (error) {
+      console.error('[System] Bulk acknowledge error:', error);
+      res.status(500).json({ error: 'Failed to bulk acknowledge' });
+    }
+  });
+
+  // ============================================================
+  // METRICS ENDPOINTS
+  // ============================================================
+
+  /**
+   * GET /api/system/metrics
+   * Get all current metrics
+   */
+  router.get('/metrics', async (_req: Request, res: Response) => {
+    try {
+      const allMetrics = await metrics.getAllMetrics();
+      res.json(allMetrics);
+    } catch (error) {
+      console.error('[System] Metrics error:', error);
+      res.status(500).json({ error: 'Failed to get metrics' });
+    }
+  });
+
+  /**
+   * GET /api/system/metrics/:name
+   * Get a specific metric
+   */
+  router.get('/metrics/:name', async (req: Request, res: Response) => {
+    try {
+      const metric = await metrics.getMetric(req.params.name);
+      if (!metric) {
+        return res.status(404).json({ error: 'Metric not found' });
+      }
+      res.json(metric);
+    } catch (error) {
+      console.error('[System] Metric error:', error);
+      res.status(500).json({ error: 'Failed to get metric' });
+    }
+  });
+
+  /**
+   * GET /api/system/metrics/:name/history
+   * Get metric time series
+   */
+  router.get('/metrics/:name/history', async (req: Request, res: Response) => {
+    try {
+      const hours = req.query.hours ? parseInt(req.query.hours as string) : 24;
+      const history = await metrics.getMetricHistory(req.params.name, hours);
+      res.json(history);
+    } catch (error) {
+      console.error('[System] Metric history error:', error);
+      res.status(500).json({ error: 'Failed to get metric history' });
+    }
+  });
+
+  /**
+   * GET /api/system/errors
+   * Get error summary
+   */
+  router.get('/errors', async (_req: Request, res: Response) => {
+    try {
+      const summary = await metrics.getErrorSummary();
+      res.json(summary);
+    } catch (error) {
+      console.error('[System] Error summary error:', error);
+      res.status(500).json({ error: 'Failed to get error summary' });
+    }
+  });
+
+  /**
+   * GET /api/system/errors/recent
+   * Get recent errors
+   */
+  router.get('/errors/recent', async (req: Request, res: Response) => {
+    try {
+      const limit = req.query.limit ? parseInt(req.query.limit as string) : 50;
+      const errorType = req.query.type as string;
+      const errors = await metrics.getRecentErrors(limit, errorType);
+      res.json(errors);
+    } catch (error) {
+      console.error('[System] Recent errors error:', error);
+      res.status(500).json({ error: 'Failed to get recent errors' });
+    }
+  });
+
+  /**
+   * POST /api/system/errors/acknowledge
+   * Acknowledge errors
+   */
+  router.post('/errors/acknowledge', async (req: Request, res: Response) => {
+    try {
+      const { ids, acknowledgedBy } = req.body;
+      if (!ids || !Array.isArray(ids)) {
+        return res.status(400).json({ error: 'ids array is required' });
+      }
+      const count = await metrics.acknowledgeErrors(ids, acknowledgedBy || 'api');
+      res.json({ acknowledged: count });
+    } catch (error) {
+      console.error('[System] Acknowledge errors error:', error);
+      res.status(500).json({ error: 'Failed to acknowledge errors' });
+    }
+  });
+
+  return router;
+}
+
+/**
+ * Create Prometheus metrics endpoint (standalone)
+ */
+export function createPrometheusRouter(pool: Pool): Router {
+  const router = Router();
+  const metrics = new MetricsService(pool);
+
+  /**
+   * GET /metrics
+   * Prometheus-compatible metrics endpoint
+   */
+  router.get('/', async (_req: Request, res: Response) => {
+    try {
+      const prometheusOutput = await metrics.getPrometheusMetrics();
+      res.set('Content-Type', 'text/plain; version=0.0.4');
+      res.send(prometheusOutput);
+    } catch (error) {
+      console.error('[Prometheus] Metrics error:', error);
+      res.status(500).send('# Error generating metrics');
+    }
+  });
+
+  return router;
+}
diff --git a/backend/src/system/services/sync-orchestrator.ts b/backend/src/_deprecated/system/services/sync-orchestrator.ts
similarity index 100%
rename from backend/src/system/services/sync-orchestrator.ts
rename to backend/src/_deprecated/system/services/sync-orchestrator.ts
diff --git a/backend/src/utils/HomepageValidator.ts b/backend/src/_deprecated/utils/HomepageValidator.ts
similarity index 100%
rename from backend/src/utils/HomepageValidator.ts
rename to backend/src/_deprecated/utils/HomepageValidator.ts
diff --git a/backend/src/utils/age-gate-playwright.ts b/backend/src/_deprecated/utils/age-gate-playwright.ts
similarity index 100%
rename from backend/src/utils/age-gate-playwright.ts
rename to backend/src/_deprecated/utils/age-gate-playwright.ts
diff --git a/backend/src/utils/stealthBrowser.ts b/backend/src/_deprecated/utils/stealthBrowser.ts
similarity index 100%
rename from backend/src/utils/stealthBrowser.ts
rename to backend/src/_deprecated/utils/stealthBrowser.ts
diff --git a/backend/src/index.ts b/backend/src/index.ts
index 178c3a65..1d38c2fe 100755
--- a/backend/src/index.ts
+++ b/backend/src/index.ts
@@ -109,7 +109,7 @@ import scraperMonitorRoutes from './routes/scraper-monitor';
 import apiTokensRoutes from './routes/api-tokens';
 import apiPermissionsRoutes from './routes/api-permissions';
 import parallelScrapeRoutes from './routes/parallel-scrape';
-import crawlerSandboxRoutes from './routes/crawler-sandbox';
+// crawler-sandbox moved to _deprecated
 import versionRoutes from './routes/version';
 import deployStatusRoutes from './routes/deploy-status';
 import publicApiRoutes from './routes/public-api';
@@ -187,7 +187,7 @@ app.use('/api/scraper-monitor', scraperMonitorRoutes);
 app.use('/api/api-tokens', apiTokensRoutes);
 app.use('/api/api-permissions', apiPermissionsRoutes);
 app.use('/api/parallel-scrape', parallelScrapeRoutes);
-app.use('/api/crawler-sandbox', crawlerSandboxRoutes);
+// crawler-sandbox moved to _deprecated
 app.use('/api/version', versionRoutes);
 app.use('/api/admin/deploy-status', deployStatusRoutes);
 console.log('[DeployStatus] Routes registered at /api/admin/deploy-status');
diff --git a/backend/src/routes/proxies.ts b/backend/src/routes/proxies.ts
index dd1797a1..6ff1214a 100755
--- a/backend/src/routes/proxies.ts
+++ b/backend/src/routes/proxies.ts
@@ -278,7 +278,7 @@ router.post('/update-locations', requireRole('superadmin', 'admin'), async (req,
 
     // Run in background
     updateAllProxyLocations().catch(err => {
-      console.error('❌ Location update failed:', err);
+      console.error('Location update failed:', err);
     });
 
     res.json({ message: 'Location update job started' });
diff --git a/backend/src/services/curl-preflight.ts b/backend/src/services/curl-preflight.ts
new file mode 100644
index 00000000..7ace92f8
--- /dev/null
+++ b/backend/src/services/curl-preflight.ts
@@ -0,0 +1,100 @@
+/**
+ * Curl Preflight - Verify curl/axios transport works through proxy
+ *
+ * Tests:
+ * 1. Proxy is available and active
+ * 2. HTTP request through proxy succeeds
+ * 3. Anti-detect headers are properly set
+ *
+ * Use case: Fast, simple API requests that don't need browser fingerprint
+ */
+
+import axios from 'axios';
+import { HttpsProxyAgent } from 'https-proxy-agent';
+import { CrawlRotator, PreflightResult } from './crawl-rotator';
+
+export interface CurlPreflightResult extends PreflightResult {
+  method: 'curl';
+}
+
+/**
+ * Run curl preflight check
+ * Tests proxy connectivity using axios/curl through the proxy
+ */
+export async function runCurlPreflight(
+  crawlRotator: CrawlRotator
+): Promise<CurlPreflightResult> {
+  const result: CurlPreflightResult = {
+    method: 'curl',
+    passed: false,
+    proxyAvailable: false,
+    proxyConnected: false,
+    antidetectReady: false,
+    proxyIp: null,
+    fingerprint: null,
+    error: null,
+    responseTimeMs: null,
+  };
+
+  // Step 1: Check proxy is available
+  const currentProxy = crawlRotator.proxy.getCurrent();
+  if (!currentProxy) {
+    result.error = 'No proxy available';
+    console.log('[CurlPreflight] FAILED - No proxy available');
+    return result;
+  }
+  result.proxyAvailable = true;
+  result.proxyIp = currentProxy.host;
+
+  // Step 2: Check fingerprint/anti-detect is ready
+  const fingerprint = crawlRotator.userAgent.getCurrent();
+  if (!fingerprint || !fingerprint.userAgent) {
+    result.error = 'Anti-detect fingerprint not initialized';
+    console.log('[CurlPreflight] FAILED - No fingerprint');
+    return result;
+  }
+  result.antidetectReady = true;
+  result.fingerprint = {
+    userAgent: fingerprint.userAgent,
+    browserName: fingerprint.browserName,
+    deviceCategory: fingerprint.deviceCategory,
+  };
+
+  // Step 3: Test proxy connectivity with an actual HTTP request
+  const proxyUrl = crawlRotator.proxy.getProxyUrl(currentProxy);
+  const testUrl = 'https://httpbin.org/ip';
+
+  try {
+    const agent = new HttpsProxyAgent(proxyUrl);
+    const startTime = Date.now();
+
+    const response = await axios.get(testUrl, {
+      httpsAgent: agent,
+      timeout: 15000, // 15 second timeout
+      headers: {
+        'User-Agent': fingerprint.userAgent,
+        'Accept-Language': fingerprint.acceptLanguage,
+        ...(fingerprint.secChUa && { 'sec-ch-ua': fingerprint.secChUa }),
+        ...(fingerprint.secChUaPlatform && { 'sec-ch-ua-platform': fingerprint.secChUaPlatform }),
+        ...(fingerprint.secChUaMobile && { 'sec-ch-ua-mobile': fingerprint.secChUaMobile }),
+      },
+    });
+
+    result.responseTimeMs = Date.now() - startTime;
+    result.proxyConnected = true;
+    result.passed = true;
+
+    // Mark success on proxy stats
+    await crawlRotator.proxy.markSuccess(currentProxy.id, result.responseTimeMs);
+
+    console.log(`[CurlPreflight] PASSED - Proxy ${currentProxy.host} connected (${result.responseTimeMs}ms), UA: ${fingerprint.browserName}/${fingerprint.deviceCategory}`);
+  } catch (err: any) {
+    result.error = `Proxy connection failed: ${err.message || 'Unknown error'}`;
+    console.log(`[CurlPreflight] FAILED - Proxy connection error: ${err.message}`);
+
+    // Mark failure on proxy stats
+    await crawlRotator.proxy.markFailed(currentProxy.id, err.message);
+  }
+
+  return result;
+}
diff --git a/backend/src/services/puppeteer-preflight.ts b/backend/src/services/puppeteer-preflight.ts
new file mode 100644
index 00000000..56538c20
--- /dev/null
+++ b/backend/src/services/puppeteer-preflight.ts
@@ -0,0 +1,399 @@
+/**
+ * Puppeteer Preflight - Verify browser-based transport works with anti-detect
+ *
+ * Uses Puppeteer + StealthPlugin to:
+ * 1. Launch headless browser with stealth mode + PROXY
+ * 2. Visit fingerprint.com demo to verify anti-detect and confirm proxy IP
+ * 3. Establish session by visiting Dutchie embedded menu
+ * 4. Make GraphQL request from browser context
+ * 5. Verify we get a valid response (not blocked)
+ *
+ * Use case: Anti-detect scraping that needs real browser fingerprint through proxy
+ *
+ * Based on test-intercept.js which successfully captures 1000+ products
+ */
+
+import { PreflightResult, CrawlRotator } from './crawl-rotator';
+
+// GraphQL hash for FilteredProducts query - MUST match CLAUDE.md
+const FILTERED_PRODUCTS_HASH = 'ee29c060826dc41c527e470e9ae502c9b2c169720faa0a9f5d25e1b9a530a4a0';
+
+// Test dispensary - AZ-Deeply-Rooted (known working)
+const TEST_CNAME = 'AZ-Deeply-Rooted';
+const TEST_PLATFORM_ID = '6405ef617056e8014d79101b';
+
+// Anti-detect verification sites (primary + fallback)
+const FINGERPRINT_DEMO_URL = 'https://demo.fingerprint.com/';
+const AMIUNIQUE_URL = 'https://amiunique.org/fingerprint';
+
+export interface PuppeteerPreflightResult extends PreflightResult {
+  method: 'http';
+  /** Number of products returned (proves API access) */
+  productsReturned?: number;
+  /** Browser user agent used */
+  browserUserAgent?: string;
+  /** Bot detection result from fingerprint.com */
+  botDetection?: {
+    detected: boolean;
+    probability?: number;
+    type?: string;
+  };
+  /** Expected proxy IP (from pool) */
+  expectedProxyIp?: string;
+  /** Whether IP verification passed (detected IP matches proxy) */
+  ipVerified?: boolean;
+}
+
+/**
+ * Run Puppeteer preflight check with proxy
+ * Tests browser-based access with anti-detect verification via fingerprint.com
+ *
+ * @param crawlRotator - CrawlRotator instance to get proxy from pool
+ */
+export async function runPuppeteerPreflight(
+  crawlRotator?: CrawlRotator
+): Promise<PuppeteerPreflightResult> {
+  const result: PuppeteerPreflightResult = {
+    method: 'http',
+    passed: false,
+    proxyAvailable: false,
+    proxyConnected: false,
+    antidetectReady: false,
+    proxyIp: null,
+    fingerprint: null,
+    error: null,
+    responseTimeMs: null,
+    productsReturned: 0,
+    ipVerified: false,
+  };
+
+  let browser: any = null;
+
+  try {
+    // Step 0: Get a proxy from the pool
+    let proxyUrl: string | null = null;
+    let expectedProxyHost: string | null = null;
+
+    if (crawlRotator) {
+      const currentProxy = crawlRotator.proxy.getCurrent();
+      if (currentProxy) {
+        result.proxyAvailable = true;
+        proxyUrl = crawlRotator.proxy.getProxyUrl(currentProxy);
+        expectedProxyHost = currentProxy.host;
+        result.expectedProxyIp = expectedProxyHost;
+        console.log(`[PuppeteerPreflight] Using proxy: ${currentProxy.host}:${currentProxy.port}`);
+      } else {
+        result.error = 'No proxy available from pool';
+        console.log(`[PuppeteerPreflight] FAILED - No proxy available`);
+        return result;
+      }
+    } else {
+      console.log(`[PuppeteerPreflight] WARNING: No CrawlRotator provided - using direct connection`);
+      result.proxyAvailable = true; // No proxy needed for direct
+    }
+
+    // Dynamic imports to avoid loading Puppeteer unless needed
+    const puppeteer = require('puppeteer-extra');
+    const StealthPlugin = require('puppeteer-extra-plugin-stealth');
+    puppeteer.use(StealthPlugin());
+
+    const startTime = Date.now();
+
+    // Build browser args
+    const browserArgs = ['--no-sandbox', '--disable-setuid-sandbox'];
+    if (proxyUrl) {
+      // Extract host:port for Puppeteer (it handles auth separately)
+      const proxyUrlParsed = new URL(proxyUrl);
+      browserArgs.push(`--proxy-server=${proxyUrlParsed.host}`);
+    }
+
+    // Launch browser with stealth + proxy
+    browser = await puppeteer.launch({
+      headless: 'new',
+      args: browserArgs,
+    });
+
+    const page = await browser.newPage();
+
+    // If proxy has auth, set it up
+    if (proxyUrl) {
+      const proxyUrlParsed = new URL(proxyUrl);
+      if (proxyUrlParsed.username && proxyUrlParsed.password) {
+        await page.authenticate({
+          username: decodeURIComponent(proxyUrlParsed.username),
+          password: decodeURIComponent(proxyUrlParsed.password),
+        });
+      }
+    }
+
+    // Get browser user agent
+    const userAgent = await page.evaluate(() => navigator.userAgent);
+    result.browserUserAgent = userAgent;
+    result.fingerprint = {
+      userAgent,
+      browserName: 'Chrome (Puppeteer)',
+      deviceCategory: 'desktop',
+    };
+
+    // =========================================================================
+    // STEP 1: Visit fingerprint.com demo to verify anti-detect and get IP
+    // =========================================================================
+    console.log(`[PuppeteerPreflight] Testing anti-detect at ${FINGERPRINT_DEMO_URL}...`);
+
+    try {
+      await page.goto(FINGERPRINT_DEMO_URL, {
+        waitUntil: 'networkidle2',
+        timeout: 30000,
+      });
+
+      result.proxyConnected = true; // If we got here, proxy is working
+
+      // Wait for fingerprint results to load
+      await page.waitForSelector('[data-test="visitor-id"]', { timeout: 10000 }).catch(() => {});
+
+      // Extract fingerprint data from the page
+      const fingerprintData = await page.evaluate(() => {
+        // Try to find the IP address displayed on the page
+        const ipElement = document.querySelector('[data-test="ip-address"]');
+        const ip = ipElement?.textContent?.trim() || null;
+
+        // Try to find bot detection info
+        const botElement = document.querySelector('[data-test="bot-detected"]');
+        const botDetected = botElement?.textContent?.toLowerCase().includes('true') || false;
+
+        // Try to find visitor ID (proves fingerprinting worked)
+        const visitorIdElement = document.querySelector('[data-test="visitor-id"]');
+        const visitorId = visitorIdElement?.textContent?.trim() || null;
+
+        // Alternative: look for common UI patterns if data-test attrs not present
+        let detectedIp = ip;
+        if (!detectedIp) {
+          // Look for IP in any element containing IP-like pattern
+          const allText = document.body.innerText;
+          const ipMatch = allText.match(/\b(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\b/);
+          detectedIp = ipMatch ? ipMatch[1] : null;
+        }
+
+        return {
+          ip: detectedIp,
+          botDetected,
+          visitorId,
+          pageLoaded: !!document.body,
+        };
+      });
+
+      if (fingerprintData.ip) {
+        result.proxyIp = fingerprintData.ip;
+        console.log(`[PuppeteerPreflight] Detected IP: ${fingerprintData.ip}`);
+
+        // Verify IP matches expected proxy
+        if (expectedProxyHost) {
+          // Check if detected IP contains the proxy host (or is close match)
+          if (fingerprintData.ip === expectedProxyHost ||
+              expectedProxyHost.includes(fingerprintData.ip) ||
+              fingerprintData.ip.includes(expectedProxyHost.split('.').slice(0, 3).join('.'))) {
+            result.ipVerified = true;
+            console.log(`[PuppeteerPreflight] IP VERIFIED - matches proxy`);
+          } else {
+            console.log(`[PuppeteerPreflight] IP mismatch: expected ${expectedProxyHost}, got ${fingerprintData.ip}`);
+            // Don't fail - residential proxies often show different egress IPs
+          }
+        }
+      }
+
+      if (fingerprintData.visitorId) {
+        console.log(`[PuppeteerPreflight] Fingerprint visitor ID: ${fingerprintData.visitorId}`);
+      }
+
+      result.botDetection = {
+        detected: fingerprintData.botDetected,
+      };
+
+      if (fingerprintData.botDetected) {
+        console.log(`[PuppeteerPreflight] WARNING: Bot detection triggered!`);
+      } else {
+        console.log(`[PuppeteerPreflight] Anti-detect check: NOT detected as bot`);
+        result.antidetectReady = true;
+      }
+    } catch (fpErr: any) {
+      // Could mean proxy connection failed
+      console.log(`[PuppeteerPreflight] Fingerprint.com check failed: ${fpErr.message}`);
+      if (fpErr.message.includes('net::ERR_PROXY') || fpErr.message.includes('ECONNREFUSED')) {
+        result.error = `Proxy connection failed: ${fpErr.message}`;
+        return result;
+      }
+
+      // Try fallback: amiunique.org
+      console.log(`[PuppeteerPreflight] Trying fallback: ${AMIUNIQUE_URL}...`);
+      try {
+        await page.goto(AMIUNIQUE_URL, {
+          waitUntil: 'networkidle2',
+          timeout: 30000,
+        });
+
+        result.proxyConnected = true;
+
+        // Extract IP from amiunique.org page
+        const amiData = await page.evaluate(() => {
+          const allText = document.body.innerText;
+          const ipMatch = allText.match(/\b(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\b/);
+          return {
+            ip: ipMatch ? ipMatch[1] : null,
+            pageLoaded: !!document.body,
+          };
+        });
+
+        if (amiData.ip) {
+          result.proxyIp = amiData.ip;
+          console.log(`[PuppeteerPreflight] Detected IP via amiunique.org: ${amiData.ip}`);
+        }
+
+        result.antidetectReady = true;
+        console.log(`[PuppeteerPreflight] amiunique.org fallback succeeded`);
+      } catch (amiErr: any) {
+        console.log(`[PuppeteerPreflight] amiunique.org fallback also failed: ${amiErr.message}`);
+        // Continue with Dutchie test anyway
+        result.proxyConnected = true;
+        result.antidetectReady = true;
+      }
+    }
+
+    // =========================================================================
+    // STEP 2: Test Dutchie API access (the real test)
+    // =========================================================================
+    const embedUrl = `https://dutchie.com/embedded-menu/${TEST_CNAME}?menuType=rec`;
+    console.log(`[PuppeteerPreflight] Establishing session at ${embedUrl}...`);
+
+    await page.goto(embedUrl, {
+      waitUntil: 'networkidle2',
+      timeout: 30000,
+    });
+
+    // Make GraphQL request from browser context
+    const graphqlResult = await page.evaluate(
+      async (platformId: string, hash: string) => {
+        try {
+          const variables = {
+            includeEnterpriseSpecials: false,
+            productsFilter: {
+              dispensaryId: platformId,
+              pricingType: 'rec',
+              Status: 'Active', // CRITICAL: Must be 'Active' per CLAUDE.md
+              types: [],
+              useCache: true,
+              isDefaultSort: true,
+              sortBy: 'popularSortIdx',
+              sortDirection: 1,
+              bypassOnlineThresholds: true,
+              isKioskMenu: false,
+              removeProductsBelowOptionThresholds: false,
+            },
+            page: 0,
+            perPage: 10, // Just need a few to prove it works
+          };
+
+          const extensions = {
+            persistedQuery: {
+              version: 1,
+              sha256Hash: hash,
+            },
+          };
+
+          const qs = new URLSearchParams({
+            operationName: 'FilteredProducts',
+            variables: JSON.stringify(variables),
+            extensions: JSON.stringify(extensions),
+          });
+
+          const url = `https://dutchie.com/api-3/graphql?${qs.toString()}`;
+          const sessionId = 'preflight-' + Date.now();
+
+          const response = await fetch(url, {
+            method: 'GET',
+            headers: {
+              Accept: 'application/json',
+              'content-type': 'application/json',
+              'x-dutchie-session': sessionId,
+              'apollographql-client-name': 'Marketplace (production)',
+            },
+            credentials: 'include',
+          });
+
+          if (!response.ok) {
+            return { error: `HTTP ${response.status}`, products: 0 };
+          }
+
+          const json = await response.json();
+
+          if (json.errors) {
+            return { error: JSON.stringify(json.errors).slice(0, 200), products: 0 };
+          }
+
+          const products = json?.data?.filteredProducts?.products || [];
+          return { error: null, products: products.length };
+        } catch (err: any) {
+          return { error: err.message || 'Unknown error', products: 0 };
+        }
+      },
+      TEST_PLATFORM_ID,
+      FILTERED_PRODUCTS_HASH
+    );
+
+    result.responseTimeMs = Date.now() - startTime;
+
+    if (graphqlResult.error) {
+      result.error = `GraphQL error: ${graphqlResult.error}`;
+      console.log(`[PuppeteerPreflight] FAILED - ${result.error}`);
+    } else if (graphqlResult.products === 0) {
+      result.error = 'GraphQL returned 0 products';
+      console.log(`[PuppeteerPreflight] FAILED - No products returned`);
+    } else {
+      result.passed = true;
+      result.productsReturned = graphqlResult.products;
+      console.log(
+        `[PuppeteerPreflight] PASSED - Got ${graphqlResult.products} products in ${result.responseTimeMs}ms`
+      );
+      if (result.proxyIp) {
+        console.log(`[PuppeteerPreflight] Browser IP via proxy: ${result.proxyIp}`);
+      }
+    }
+  } catch (err: any) {
+    result.error = `Browser error: ${err.message || 'Unknown error'}`;
+    console.log(`[PuppeteerPreflight] FAILED - ${result.error}`);
+  } finally {
+    if (browser) {
+      await browser.close().catch(() => {});
+    }
+  }
+
+  return result;
+}
+
+/**
+ * Run Puppeteer preflight with retry
+ * Retries once on failure to handle transient issues
+ *
+ * @param crawlRotator - CrawlRotator instance to get proxy from pool
+ * @param maxRetries - Number of retry attempts (default 1)
+ */
+export async function runPuppeteerPreflightWithRetry(
+  crawlRotator?: CrawlRotator,
+  maxRetries: number = 1
+): Promise<PuppeteerPreflightResult> {
+  let lastResult: PuppeteerPreflightResult | null = null;
+
+  for (let attempt = 0; attempt <= maxRetries; attempt++) {
+    if (attempt > 0) {
+      console.log(`[PuppeteerPreflight] Retry attempt ${attempt}/${maxRetries}...`);
+      await new Promise((r) => setTimeout(r, 5000)); // Wait 5s between retries
+    }
+
+    lastResult = await runPuppeteerPreflight(crawlRotator);
+
+    if (lastResult.passed) {
+      return lastResult;
+    }
+  }
+
+  return lastResult!;
+}
diff --git a/backend/src/system/routes/index.ts b/backend/src/system/routes/index.ts
index c920c4ad..b979a31d 100644
--- a/backend/src/system/routes/index.ts
+++ b/backend/src/system/routes/index.ts
@@ -1,566 +1,30 @@
 /**
- * System API Routes
+ * System API Routes (Stub)
  *
- * Provides REST API endpoints for system monitoring and control:
- * - /api/system/sync/* - Sync orchestrator
- * - /api/system/dlq/* - Dead-letter queue
- * - /api/system/integrity/* - Integrity checks
- * - /api/system/fix/* - Auto-fix routines
- * - /api/system/alerts/* - System alerts
- * - /metrics - Prometheus metrics
+ * The full system routes depend on SyncOrchestrator which was moved to _deprecated.
+ * This stub provides empty routers to maintain backward compatibility.
  *
- * Phase 5: Full Production Sync + Monitoring
+ * Full implementation available at: src/_deprecated/system/routes/index.ts
  */
 
 import { Router, Request, Response } from 'express';
 import { Pool } from 'pg';
-import {
-  SyncOrchestrator,
-  MetricsService,
-  DLQService,
-  AlertService,
-  IntegrityService,
-  AutoFixService,
-} from '../services';
+import { MetricsService } from '../services';
 
-export function createSystemRouter(pool: Pool): Router {
+export function createSystemRouter(_pool: Pool): Router {
   const router = Router();
 
-  // Initialize services
-  const metrics = new MetricsService(pool);
-  const dlq = new DLQService(pool);
-  const alerts = new AlertService(pool);
-  const integrity = new IntegrityService(pool, alerts);
-  const autoFix = new AutoFixService(pool, alerts);
-  const orchestrator = new SyncOrchestrator(pool, metrics, dlq, alerts);
-
-  // ============================================================
-  // SYNC ORCHESTRATOR ENDPOINTS
-  // ============================================================
-
-  /**
-   * GET /api/system/sync/status
-   * Get current sync status
-   */
-  router.get('/sync/status', async (_req: Request, res: Response) => {
-    try {
-      const status = await orchestrator.getStatus();
-      res.json(status);
-    } catch (error) {
-      console.error('[System] Sync status error:', error);
-      res.status(500).json({ error: 'Failed to get sync status' });
-    }
-  });
-
-  /**
-   * POST /api/system/sync/run
-   * Trigger a sync run
-   */
-  router.post('/sync/run', async (req: Request, res: Response) => {
-    try {
-      const triggeredBy = req.body.triggeredBy || 'api';
-      const result = await orchestrator.runSync();
-      res.json({
-        success: true,
-        triggeredBy,
-        metrics: result,
-      });
-    } catch (error) {
-      console.error('[System] Sync run error:', error);
-      res.status(500).json({
-        success: false,
-        error: error instanceof Error ? error.message : 'Sync run failed',
-      });
-    }
-  });
-
-  /**
-   * GET /api/system/sync/queue-depth
-   * Get queue depth information
-   */
-  router.get('/sync/queue-depth', async (_req: Request, res: Response) => {
-    try {
-      const depth = await orchestrator.getQueueDepth();
-      res.json(depth);
-    } catch (error) {
-      console.error('[System] Queue depth error:', error);
-      res.status(500).json({ error: 'Failed to get queue depth' });
-    }
-  });
-
-  /**
-   * GET /api/system/sync/health
-   * Get sync health status
-   */
-  router.get('/sync/health', async (_req: Request, res: Response) => {
-    try {
-      const health = await orchestrator.getHealth();
-      res.status(health.healthy ? 200 : 503).json(health);
-    } catch (error) {
-      console.error('[System] Health check error:', error);
-      res.status(500).json({ healthy: false, error: 'Health check failed' });
-    }
-  });
-
-  /**
-   * POST /api/system/sync/pause
-   * Pause the orchestrator
-   */
-  router.post('/sync/pause', async (req: Request, res: Response) => {
-    try {
-      const reason = req.body.reason || 'Manual pause';
-      await orchestrator.pause(reason);
-      res.json({ success: true, message: 'Orchestrator paused' });
-    } catch (error) {
-      console.error('[System] Pause error:', error);
-      res.status(500).json({ error: 'Failed to pause orchestrator' });
-    }
-  });
-
-  /**
-   * POST /api/system/sync/resume
-   * Resume the orchestrator
-   */
-  router.post('/sync/resume', async (_req: Request, res: Response) => {
-    try {
-      await orchestrator.resume();
-      res.json({ success: true, message: 'Orchestrator resumed' });
-    } catch (error) {
-      console.error('[System] Resume error:', error);
-      res.status(500).json({ error: 'Failed to resume orchestrator' });
-    }
-  });
-
-  // ============================================================
-  // DLQ ENDPOINTS
-  // ============================================================
-
-  /**
-   * GET /api/system/dlq
-   * List DLQ payloads
-   */
-  router.get('/dlq', async (req: Request, res: Response) => {
-    try {
-      const options = {
-        status: req.query.status as string,
-        errorType: req.query.errorType as string,
-        dispensaryId: req.query.dispensaryId ? parseInt(req.query.dispensaryId as string) : undefined,
-        limit: req.query.limit ? parseInt(req.query.limit as string) : 50,
-        offset: req.query.offset ? parseInt(req.query.offset as string) : 0,
-      };
-
-      const result = await dlq.listPayloads(options);
-      res.json(result);
-    } catch (error) {
-      console.error('[System] DLQ list error:', error);
-      res.status(500).json({ error: 'Failed to list DLQ payloads' });
-    }
-  });
-
-  /**
-   * GET /api/system/dlq/stats
-   * Get DLQ statistics
-   */
-  router.get('/dlq/stats', async (_req: Request, res: Response) => {
-    try {
-      const stats = await dlq.getStats();
-      res.json(stats);
-    } catch (error) {
-      console.error('[System] DLQ stats error:', error);
-      res.status(500).json({ error: 'Failed to get DLQ stats' });
-    }
-  });
-
-  /**
-   * GET /api/system/dlq/summary
-   * Get DLQ summary by error type
-   */
-  router.get('/dlq/summary', async (_req: Request, res: Response) => {
-    try {
-      const summary = await dlq.getSummary();
-      res.json(summary);
-    } catch (error) {
-      console.error('[System] DLQ summary error:', error);
-      res.status(500).json({ error: 'Failed to get DLQ summary' });
-    }
-  });
-
-  /**
-   * GET /api/system/dlq/:id
-   * Get a specific DLQ payload
-   */
-  router.get('/dlq/:id', async (req: Request, res: Response) => {
-    try {
-      const payload = await dlq.getPayload(req.params.id);
-      if (!payload) {
-        return res.status(404).json({ error: 'Payload not found' });
-      }
-      res.json(payload);
-    } catch (error) {
-      console.error('[System] DLQ get error:', error);
-      res.status(500).json({ error: 'Failed to get DLQ payload' });
-    }
-  });
-
-  /**
-   * POST /api/system/dlq/:id/retry
-   * Retry a DLQ payload
-   */
-  router.post('/dlq/:id/retry', async (req: Request, res: Response) => {
-    try {
-      const result = await dlq.retryPayload(req.params.id);
-      if (result.success) {
-        res.json(result);
-      } else {
-        res.status(400).json(result);
-      }
-    } catch (error) {
-      console.error('[System] DLQ retry error:', error);
-      res.status(500).json({ error: 'Failed to retry payload' });
-    }
-  });
-
-  /**
-   * POST /api/system/dlq/:id/abandon
-   * Abandon a DLQ payload
-   */
-  router.post('/dlq/:id/abandon', async (req: Request, res: Response) => {
-    try {
-      const reason = req.body.reason || 'Manually abandoned';
-      const abandonedBy = req.body.abandonedBy || 'api';
-      const success = await dlq.abandonPayload(req.params.id, reason, abandonedBy);
-      res.json({ success });
-    } catch (error) {
-      console.error('[System] DLQ abandon error:', error);
-      res.status(500).json({ error: 'Failed to abandon payload' });
-    }
-  });
-
-  /**
-   * POST /api/system/dlq/bulk-retry
-   * Bulk retry payloads by error type
-   */
-  router.post('/dlq/bulk-retry', async (req: Request, res: Response) => {
-    try {
-      const { errorType } = req.body;
-      if (!errorType) {
-        return res.status(400).json({ error: 'errorType is required' });
-      }
-      const result = await dlq.bulkRetryByErrorType(errorType);
-      res.json(result);
-    } catch (error) {
-      console.error('[System] DLQ bulk retry error:', error);
-      res.status(500).json({ error: 'Failed to bulk retry' });
-    }
-  });
-
-  // ============================================================
-  // INTEGRITY CHECK ENDPOINTS
-  // ============================================================
-
-  /**
-   * POST /api/system/integrity/run
-   * Run all integrity checks
-   */
-  router.post('/integrity/run', async (req: Request, res: Response) => {
-    try {
-      const triggeredBy = req.body.triggeredBy || 'api';
-      const result = await integrity.runAllChecks(triggeredBy);
-      res.json(result);
-    } catch (error) {
-      console.error('[System] Integrity run error:', error);
-      res.status(500).json({ error: 'Failed to run integrity checks' });
-    }
-  });
-
-  /**
-   * GET /api/system/integrity/runs
-   * Get recent integrity check runs
-   */
-  router.get('/integrity/runs', async (req: Request, res: Response) => {
-    try {
-      const limit = req.query.limit ? parseInt(req.query.limit as string) : 10;
-      const runs = await integrity.getRecentRuns(limit);
-      res.json(runs);
-    } catch (error) {
-      console.error('[System] Integrity runs error:', error);
-      res.status(500).json({ error: 'Failed to get integrity runs' });
-    }
-  });
-
-  /**
-   * GET /api/system/integrity/runs/:runId
-   * Get results for a specific integrity run
-   */
-  router.get('/integrity/runs/:runId', async (req: Request, res: Response) => {
-    try {
-      const results = await integrity.getRunResults(req.params.runId);
-      res.json(results);
-    } catch (error) {
-      console.error('[System] Integrity run results error:', error);
-      res.status(500).json({ error: 'Failed to get run results' });
-    }
-  });
-
-  // ============================================================
-  // AUTO-FIX ENDPOINTS
-  // ============================================================
-
-  /**
-   * GET /api/system/fix/routines
-   * Get available fix routines
-   */
-  router.get('/fix/routines', (_req: Request, res: Response) => {
-    try {
-      const routines = autoFix.getAvailableRoutines();
-      res.json(routines);
-    } catch (error) {
-      console.error('[System] Get routines error:', error);
-      res.status(500).json({ error: 'Failed to get routines' });
-    }
-  });
-
-  /**
-   * POST /api/system/fix/:routine
-   * Run a fix routine
-   */
-  router.post('/fix/:routine', async (req: Request, res: Response) => {
-    try {
-      const routineName = req.params.routine;
-      const dryRun = req.body.dryRun === true;
-      const triggeredBy = req.body.triggeredBy || 'api';
-
-      const result = await autoFix.runRoutine(routineName as any, triggeredBy, { dryRun });
-      res.json(result);
-    } catch (error) {
-      console.error('[System] Fix routine error:', error);
-      res.status(500).json({ error: 'Failed to run fix routine' });
-    }
-  });
-
-  /**
-   * GET /api/system/fix/runs
-   * Get recent fix runs
-   */
-  router.get('/fix/runs', async (req: Request, res: Response) => {
-    try {
-      const limit = req.query.limit ? parseInt(req.query.limit as string) : 20;
-      const runs = await autoFix.getRecentRuns(limit);
-      res.json(runs);
-    } catch (error) {
-      console.error('[System] Fix runs error:', error);
-      res.status(500).json({ error: 'Failed to get fix runs' });
-    }
-  });
-
-  // ============================================================
-  // ALERTS ENDPOINTS
-  // ============================================================
-
-  /**
-   * GET /api/system/alerts
-   * List alerts
-   */
-  router.get('/alerts', async (req: Request, res: Response) => {
-    try {
-      const options = {
-        status: req.query.status as any,
-        severity: req.query.severity as any,
-        type: req.query.type as string,
-        limit: req.query.limit ? parseInt(req.query.limit as string) : 50,
-        offset: req.query.offset ? parseInt(req.query.offset as string) : 0,
-      };
-
-      const result = await alerts.listAlerts(options);
-      res.json(result);
-    } catch (error) {
-      console.error('[System] Alerts list error:', error);
-      res.status(500).json({ error: 'Failed to list alerts' });
-    }
-  });
-
-  /**
-   * GET /api/system/alerts/active
-   * Get active alerts
-   */
-  router.get('/alerts/active', async (_req: Request, res: Response) => {
-    try {
-      const activeAlerts = await alerts.getActiveAlerts();
-      res.json(activeAlerts);
-    } catch (error) {
-      console.error('[System] Active alerts error:', error);
-      res.status(500).json({ error: 'Failed to get active alerts' });
-    }
-  });
-
-  /**
-   * GET /api/system/alerts/summary
-   * Get alert summary
-   */
-  router.get('/alerts/summary', async (_req: Request, res: Response) => {
-    try {
-      const summary = await alerts.getSummary();
-      res.json(summary);
-    } catch (error) {
-      console.error('[System] Alerts summary error:', error);
-      res.status(500).json({ error: 'Failed to get alerts summary' });
-    }
-  });
-
-  /**
-   * POST /api/system/alerts/:id/acknowledge
-   * Acknowledge an alert
-   */
-  router.post('/alerts/:id/acknowledge', async (req: Request, res: Response) => {
-    try {
-      const alertId = parseInt(req.params.id);
-      const acknowledgedBy = req.body.acknowledgedBy || 'api';
-      const success = await alerts.acknowledgeAlert(alertId, acknowledgedBy);
-      res.json({ success });
-    } catch (error) {
-      console.error('[System] Acknowledge alert error:', error);
-      res.status(500).json({ error: 'Failed to acknowledge alert' });
-    }
-  });
-
-  /**
-   * POST /api/system/alerts/:id/resolve
-   * Resolve an alert
-   */
-  router.post('/alerts/:id/resolve', async (req: Request, res: Response) => {
-    try {
-      const alertId = parseInt(req.params.id);
-      const resolvedBy = req.body.resolvedBy || 'api';
-      const success = await alerts.resolveAlert(alertId, resolvedBy);
-      res.json({ success });
-    } catch (error) {
-      console.error('[System] Resolve alert error:', error);
-      res.status(500).json({ error: 'Failed to resolve alert' });
-    }
-  });
-
-  /**
-   * POST /api/system/alerts/bulk-acknowledge
-   * Bulk acknowledge alerts
-   */
-  router.post('/alerts/bulk-acknowledge', async (req: Request, res: Response) => {
-    try {
-      const { ids, acknowledgedBy } = req.body;
-      if (!ids || !Array.isArray(ids)) {
-        return res.status(400).json({ error: 'ids array is required' });
-      }
-      const count = await alerts.bulkAcknowledge(ids, acknowledgedBy || 'api');
-      res.json({ acknowledged: count });
-    } catch (error) {
-      console.error('[System] Bulk acknowledge error:', error);
-      res.status(500).json({ error: 'Failed to bulk acknowledge' });
-    }
-  });
-
-  // ============================================================
-  // METRICS ENDPOINTS
-  // ============================================================
-
-  /**
-   * GET /api/system/metrics
-   * Get all current metrics
-   */
-  router.get('/metrics', async (_req: Request, res: Response) => {
-    try {
-      const allMetrics = await metrics.getAllMetrics();
-      res.json(allMetrics);
-    } catch (error) {
-      console.error('[System] Metrics error:', error);
-      res.status(500).json({ error: 'Failed to get metrics' });
-    }
-  });
-
-  /**
-   * GET /api/system/metrics/:name
-   * Get a specific metric
-   */
-  router.get('/metrics/:name', async (req: Request, res: Response) => {
-    try {
-      const metric = await metrics.getMetric(req.params.name);
-      if (!metric) {
-        return res.status(404).json({ error: 'Metric not found' });
-      }
-      res.json(metric);
-    } catch (error) {
-      console.error('[System] Metric error:', error);
-      res.status(500).json({ error: 'Failed to get metric' });
-    }
-  });
-
-  /**
-   * GET /api/system/metrics/:name/history
-   * Get metric time series
-   */
-  router.get('/metrics/:name/history', async (req: Request, res: Response) => {
-    try {
-      const hours = req.query.hours ? parseInt(req.query.hours as string) : 24;
-      const history = await metrics.getMetricHistory(req.params.name, hours);
-      res.json(history);
-    } catch (error) {
-      console.error('[System] Metric history error:', error);
-      res.status(500).json({ error: 'Failed to get metric history' });
-    }
-  });
-
-  /**
-   * GET /api/system/errors
-   * Get error summary
-   */
-  router.get('/errors', async (_req: Request, res: Response) => {
-    try {
-      const summary = await metrics.getErrorSummary();
-      res.json(summary);
-    } catch (error) {
-      console.error('[System] Error summary error:', error);
-      res.status(500).json({ error: 'Failed to get error summary' });
-    }
-  });
-
-  /**
-   * GET /api/system/errors/recent
-   * Get recent errors
-   */
-  router.get('/errors/recent', async (req: Request, res: Response) => {
-    try {
-      const limit = req.query.limit ? parseInt(req.query.limit as string) : 50;
-      const errorType = req.query.type as string;
-      const errors = await metrics.getRecentErrors(limit, errorType);
-      res.json(errors);
-    } catch (error) {
-      console.error('[System] Recent errors error:', error);
-      res.status(500).json({ error: 'Failed to get recent errors' });
-    }
-  });
-
-  /**
-   * POST /api/system/errors/acknowledge
-   * Acknowledge errors
-   */
-  router.post('/errors/acknowledge', async (req: Request, res: Response) => {
-    try {
-      const { ids, acknowledgedBy } = req.body;
-      if (!ids || !Array.isArray(ids)) {
-        return res.status(400).json({ error: 'ids array is required' });
-      }
-      const count = await metrics.acknowledgeErrors(ids, acknowledgedBy || 'api');
-      res.json({ acknowledged: count });
-    } catch (error) {
-      console.error('[System] Acknowledge errors error:', error);
-      res.status(500).json({ error: 'Failed to acknowledge errors' });
-    }
+  // Stub - full sync/dlq/integrity/fix/alerts routes moved to _deprecated
+  router.get('/status', (_req: Request, res: Response) => {
+    res.json({
+      message: 'System routes temporarily disabled - see _deprecated/system/routes',
+      status: 'stub',
+    });
   });
 
   return router;
 }
 
-/**
- * Create Prometheus metrics endpoint (standalone)
- */
 export function createPrometheusRouter(pool: Pool): Router {
   const router = Router();
   const metrics = new MetricsService(pool);
diff --git a/backend/src/system/services/index.ts b/backend/src/system/services/index.ts
index e6c95d0f..2153961c 100644
--- a/backend/src/system/services/index.ts
+++ b/backend/src/system/services/index.ts
@@ -4,7 +4,7 @@
  * Phase 5: Full Production Sync + Monitoring
  */
 
-export { SyncOrchestrator, type SyncStatus, type QueueDepth, type SyncRunMetrics, type OrchestratorStatus } from './sync-orchestrator';
+// SyncOrchestrator moved to _deprecated (depends on hydration module)
 export { MetricsService, ERROR_TYPES, type Metric, type MetricTimeSeries, type ErrorBucket, type ErrorType } from './metrics';
 export { DLQService, type DLQPayload, type DLQStats } from './dlq';
 export { AlertService, type SystemAlert, type AlertSummary, type AlertSeverity, type AlertStatus } from './alerts';
diff --git a/backend/src/tasks/handlers/index.ts b/backend/src/tasks/handlers/index.ts
index 0f49d0f2..e4583c0c 100644
--- a/backend/src/tasks/handlers/index.ts
+++ b/backend/src/tasks/handlers/index.ts
@@ -4,8 +4,8 @@
  * Exports all task handlers for the task worker.
  */
 
-export { handleProductRefresh } from './product-refresh';
 export { handleProductDiscovery } from './product-discovery';
+export { handleProductRefresh } from './product-refresh';
 export { handleStoreDiscovery } from './store-discovery';
 export { handleEntryPointDiscovery } from './entry-point-discovery';
 export { handleAnalyticsRefresh } from './analytics-refresh';
diff --git a/backend/src/tasks/index.ts b/backend/src/tasks/index.ts
index 894123ff..c563f86f 100644
--- a/backend/src/tasks/index.ts
+++ b/backend/src/tasks/index.ts
@@ -17,8 +17,8 @@ export {
 export { TaskWorker, TaskContext, TaskResult } from './task-worker';
 
 export {
-  handleProductRefresh,
   handleProductDiscovery,
+  handleProductRefresh,
   handleStoreDiscovery,
   handleEntryPointDiscovery,
   handleAnalyticsRefresh,
diff --git a/backend/src/tasks/task-service.ts b/backend/src/tasks/task-service.ts
index 61948de2..2e9f1f5b 100644
--- a/backend/src/tasks/task-service.ts
+++ b/backend/src/tasks/task-service.ts
@@ -24,13 +24,14 @@ async function tableExists(tableName: string): Promise<boolean> {
 
 // Per TASK_WORKFLOW_2024-12-10.md: Task roles
 // payload_fetch: Hits Dutchie API, saves raw payload to filesystem
-// product_refresh: Reads local payload, normalizes, upserts to DB
+// product_discovery: Main product crawl handler
+// product_refresh: Legacy role (deprecated but kept for compatibility)
 export type TaskRole =
   | 'store_discovery'
   | 'entry_point_discovery'
   | 'product_discovery'
-  | 'payload_fetch'      // NEW: Fetches from API, saves to disk
-  | 'product_refresh'    // CHANGED: Now reads from local payload
+  | 'payload_fetch'      // Fetches from API, saves to disk
+  | 'product_refresh'    // DEPRECATED: Use product_discovery instead
   | 'analytics_refresh'
   | 'whoami';            // Tests proxy + anti-detect connectivity
 
@@ -51,6 +52,7 @@ export interface WorkerTask {
   platform: string | null;
   status: TaskStatus;
   priority: number;
+  method: 'curl' | 'http' | null;  // Transport method: curl=axios/proxy, http=Puppeteer/browser
   scheduled_for: Date | null;
   worker_id: string | null;
   claimed_at: Date | null;
@@ -152,23 +154,33 @@ class TaskService {
    * Claim a task atomically for a worker
    * If role is null, claims ANY available task (role-agnostic worker)
    * Returns null if task pool is paused.
+   *
+   * @param role - Task role to claim, or null for any task
+   * @param workerId - Worker ID claiming the task
+   * @param curlPassed - Whether worker passed curl preflight (default true for backward compat)
+   * @param httpPassed - Whether worker passed http/Puppeteer preflight (default false)
    */
-  async claimTask(role: TaskRole | null, workerId: string): Promise<WorkerTask | null> {
+  async claimTask(
+    role: TaskRole | null,
+    workerId: string,
+    curlPassed: boolean = true,
+    httpPassed: boolean = false
+  ): Promise<WorkerTask | null> {
     // Check if task pool is paused - don't claim any tasks
     if (isTaskPoolPaused()) {
       return null;
     }
 
     if (role) {
-      // Role-specific claiming - use the SQL function
+      // Role-specific claiming - use the SQL function with preflight capabilities
       const result = await pool.query(
-        `SELECT * FROM claim_task($1, $2)`,
-        [role, workerId]
+        `SELECT * FROM claim_task($1, $2, $3, $4)`,
+        [role, workerId, curlPassed, httpPassed]
       );
       return (result.rows[0] as WorkerTask) || null;
     }
 
-    // Role-agnostic claiming - claim ANY pending task
+    // Role-agnostic claiming - claim ANY pending task matching worker capabilities
     const result = await pool.query(`
       UPDATE worker_tasks
       SET
@@ -179,6 +191,12 @@ class TaskService {
         SELECT id FROM worker_tasks
         WHERE status = 'pending'
           AND (scheduled_for IS NULL OR scheduled_for <= NOW())
+          -- Method compatibility: worker must have passed the required preflight
+          AND (
+            method IS NULL  -- No preference, any worker can claim
+            OR (method = 'curl' AND $2 = TRUE)
+            OR (method = 'http' AND $3 = TRUE)
+          )
           -- Exclude stores that already have an active task
           AND (dispensary_id IS NULL OR dispensary_id NOT IN (
             SELECT dispensary_id FROM worker_tasks
@@ -190,7 +208,7 @@ class TaskService {
         FOR UPDATE SKIP LOCKED
       )
       RETURNING *
-    `, [workerId]);
+    `, [workerId, curlPassed, httpPassed]);
 
     return (result.rows[0] as WorkerTask) || null;
   }
diff --git a/backend/src/tasks/task-worker.ts b/backend/src/tasks/task-worker.ts
index 9827eee6..2915981d 100644
--- a/backend/src/tasks/task-worker.ts
+++ b/backend/src/tasks/task-worker.ts
@@ -51,6 +51,10 @@ import os from 'os';
 import { CrawlRotator } from '../services/crawl-rotator';
 import { setCrawlRotator } from '../platforms/dutchie';
 
+// Dual-transport preflight system
+import { runCurlPreflight, CurlPreflightResult } from '../services/curl-preflight';
+import { runPuppeteerPreflightWithRetry, PuppeteerPreflightResult } from '../services/puppeteer-preflight';
+
 // Task handlers by role
 // Per TASK_WORKFLOW_2024-12-10.md: payload_fetch and product_refresh are now separate
 import { handlePayloadFetch } from './handlers/payload-fetch';
@@ -126,11 +130,12 @@ export interface TaskResult {
 type TaskHandler = (ctx: TaskContext) => Promise<TaskResult>;
 
 // Per TASK_WORKFLOW_2024-12-10.md: Handler registry
-// payload_fetch: Fetches from Dutchie API, saves to disk, chains to product_refresh
+// payload_fetch: Fetches from Dutchie API, saves to disk
 // product_refresh: Reads local payload, normalizes, upserts to DB
+// product_discovery: Main handler for product crawling
 const TASK_HANDLERS: Record<TaskRole, TaskHandler> = {
-  payload_fetch: handlePayloadFetch,       // NEW: API fetch -> disk
-  product_refresh: handleProductRefresh,   // CHANGED: disk -> DB
+  payload_fetch: handlePayloadFetch,       // API fetch -> disk
+  product_refresh: handleProductRefresh,   // disk -> DB
   product_discovery: handleProductDiscovery,
   store_discovery: handleStoreDiscovery,
   entry_point_discovery: handleEntryPointDiscovery,
@@ -189,6 +194,21 @@ export class TaskWorker {
   private isBackingOff: boolean = false;
   private backoffReason: string | null = null;
 
+  // ==========================================================================
+  // DUAL-TRANSPORT PREFLIGHT STATUS
+  // ==========================================================================
+  // Workers run BOTH preflights on startup:
+  // - curl: axios/proxy transport - fast, for simple API calls
+  // - http: Puppeteer/browser transport - anti-detect, for Dutchie GraphQL
+  //
+  // Task claiming checks method compatibility - worker must have passed
+  // the preflight for the task's required method.
+  // ==========================================================================
+  private preflightCurlPassed: boolean = false;
+  private preflightHttpPassed: boolean = false;
+  private preflightCurlResult: CurlPreflightResult | null = null;
+  private preflightHttpResult: PuppeteerPreflightResult | null = null;
+
   constructor(role: TaskRole | null = null, workerId?: string) {
     this.pool = getPool();
     this.role = role;
@@ -351,6 +371,99 @@ export class TaskWorker {
     }
   }
 
+  /**
+   * Run dual-transport preflights on startup
+   * Tests both curl (axios/proxy) and http (Puppeteer/browser) transport methods.
+   * Results are reported to worker_registry and used for task claiming.
+   *
+   * NOTE: All current tasks require 'http' method, so http preflight must pass
+   * for the worker to claim any tasks. Curl preflight is for future use.
+   */
+  private async runDualPreflights(): Promise<void> {
+    console.log(`[TaskWorker] Running dual-transport preflights...`);
+
+    // Run both preflights in parallel for efficiency
+    const [curlResult, httpResult] = await Promise.all([
+      runCurlPreflight(this.crawlRotator).catch((err): CurlPreflightResult => ({
+        method: 'curl',
+        passed: false,
+        proxyAvailable: false,
+        proxyConnected: false,
+        antidetectReady: false,
+        proxyIp: null,
+        fingerprint: null,
+        error: `Preflight error: ${err.message}`,
+        responseTimeMs: null,
+      })),
+      runPuppeteerPreflightWithRetry(this.crawlRotator, 1).catch((err): PuppeteerPreflightResult => ({
+        method: 'http',
+        passed: false,
+        proxyAvailable: false,
+        proxyConnected: false,
+        antidetectReady: false,
+        proxyIp: null,
+        fingerprint: null,
+        error: `Preflight error: ${err.message}`,
+        responseTimeMs: null,
+        productsReturned: 0,
+      })),
+    ]);
+
+    // Store results
+    this.preflightCurlResult = curlResult;
+    this.preflightHttpResult = httpResult;
+    this.preflightCurlPassed = curlResult.passed;
+    this.preflightHttpPassed = httpResult.passed;
+
+    // Log results
+    console.log(`[TaskWorker] CURL preflight: ${curlResult.passed ? 'PASSED' : 'FAILED'}${curlResult.error ? ` - ${curlResult.error}` : ''}`);
+    console.log(`[TaskWorker] HTTP preflight: ${httpResult.passed ? 'PASSED' : 'FAILED'}${httpResult.error ? ` - ${httpResult.error}` : ''}`);
+
+    if (httpResult.passed && httpResult.productsReturned) {
+      console.log(`[TaskWorker] HTTP preflight returned ${httpResult.productsReturned} products from test store`);
+    }
+
+    // Report to worker_registry via API
+    await this.reportPreflightStatus();
+
+    // Since all tasks require 'http', warn if http preflight failed
+    if (!this.preflightHttpPassed) {
+      console.warn(`[TaskWorker] WARNING: HTTP preflight failed - this worker cannot claim any tasks!`);
+      console.warn(`[TaskWorker] Error: ${httpResult.error}`);
+    }
+  }
+
+  /**
+   * Report preflight status to worker_registry
+   */
+  private async reportPreflightStatus(): Promise<void> {
+    try {
+      // Update worker_registry directly via SQL (more reliable than API)
+      await this.pool.query(`
+        SELECT update_worker_preflight($1, 'curl', $2, $3, $4)
+      `, [
+        this.workerId,
+        this.preflightCurlPassed ? 'passed' : 'failed',
+        this.preflightCurlResult?.responseTimeMs || null,
+        this.preflightCurlResult?.error || null,
+      ]);
+
+      await this.pool.query(`
+        SELECT update_worker_preflight($1, 'http', $2, $3, $4)
+      `, [
+        this.workerId,
+        this.preflightHttpPassed ? 'passed' : 'failed',
+        this.preflightHttpResult?.responseTimeMs || null,
+        this.preflightHttpResult?.error || null,
+      ]);
+
+      console.log(`[TaskWorker] Preflight status reported to worker_registry`);
+    } catch (err: any) {
+      // Non-fatal - worker can still function
+      console.warn(`[TaskWorker] Could not report preflight status: ${err.message}`);
+    }
+  }
+
   /**
    * Register worker with the registry (get friendly name)
    */
@@ -494,11 +607,15 @@ export class TaskWorker {
     // Register with the API to get a friendly name
     await this.register();
 
+    // Run dual-transport preflights
+    await this.runDualPreflights();
+
     // Start registry heartbeat
     this.startRegistryHeartbeat();
 
     const roleMsg = this.role ? `for role: ${this.role}` : '(role-agnostic - any task)';
-    console.log(`[TaskWorker] ${this.friendlyName} starting ${roleMsg} (max ${this.maxConcurrentTasks} concurrent tasks)`);
+    const preflightMsg = `curl=${this.preflightCurlPassed ? '✓' : '✗'} http=${this.preflightHttpPassed ? '✓' : '✗'}`;
+    console.log(`[TaskWorker] ${this.friendlyName} starting ${roleMsg} (${preflightMsg}, max ${this.maxConcurrentTasks} concurrent tasks)`);
 
     while (this.isRunning) {
       try {
@@ -552,7 +669,13 @@ export class TaskWorker {
 
     // Try to claim more tasks if we have capacity
     if (this.canAcceptMoreTasks()) {
-      const task = await taskService.claimTask(this.role, this.workerId);
+      // Pass preflight capabilities to only claim compatible tasks
+      const task = await taskService.claimTask(
+        this.role,
+        this.workerId,
+        this.preflightCurlPassed,
+        this.preflightHttpPassed
+      );
 
       if (task) {
         console.log(`[TaskWorker] ${this.friendlyName} claimed task ${task.id} (${task.role}) [${this.activeTasks.size + 1}/${this.maxConcurrentTasks}]`);
@@ -738,6 +861,8 @@ export class TaskWorker {
     maxConcurrentTasks: number;
     isBackingOff: boolean;
     backoffReason: string | null;
+    preflightCurlPassed: boolean;
+    preflightHttpPassed: boolean;
   } {
     return {
       workerId: this.workerId,
@@ -748,6 +873,8 @@ export class TaskWorker {
       maxConcurrentTasks: this.maxConcurrentTasks,
       isBackingOff: this.isBackingOff,
       backoffReason: this.backoffReason,
+      preflightCurlPassed: this.preflightCurlPassed,
+      preflightHttpPassed: this.preflightHttpPassed,
     };
   }
 }
@@ -764,8 +891,8 @@ async function main(): Promise<void> {
     'store_discovery',
     'entry_point_discovery',
     'product_discovery',
-    'payload_fetch',      // NEW: Fetches from API, saves to disk
-    'product_refresh',    // CHANGED: Reads from disk, processes to DB
+    'payload_fetch',      // Fetches from API, saves to disk
+    'product_refresh',    // Reads from disk, processes to DB
     'analytics_refresh',
   ];
 
diff --git a/backend/test-intercept.js b/backend/test-intercept.js
new file mode 100644
index 00000000..a1654551
--- /dev/null
+++ b/backend/test-intercept.js
@@ -0,0 +1,180 @@
+/**
+ * Stealth Browser Payload Capture - Direct GraphQL Injection
+ *
+ * Uses the browser session to make GraphQL requests that look organic.
+ * Adds proper headers matching what Dutchie's frontend sends.
+ */
+
+const puppeteer = require('puppeteer-extra');
+const StealthPlugin = require('puppeteer-extra-plugin-stealth');
+const fs = require('fs');
+
+puppeteer.use(StealthPlugin());
+
+async function capturePayload(config) {
+  const {
+    dispensaryId = null,
+    platformId,
+    cName,
+    outputPath = `/tmp/payload_${cName}_${Date.now()}.json`,
+  } = config;
+
+  const browser = await puppeteer.launch({
+    headless: 'new',
+    args: ['--no-sandbox', '--disable-setuid-sandbox']
+  });
+
+  const page = await browser.newPage();
+
+  // Establish session by visiting the embedded menu
+  const embedUrl = `https://dutchie.com/embedded-menu/${cName}?menuType=rec`;
+  console.log(`[Capture] Establishing session at ${embedUrl}...`);
+
+  await page.goto(embedUrl, {
+    waitUntil: 'networkidle2',
+    timeout: 60000
+  });
+
+  console.log('[Capture] Session established, fetching ALL products...');
+
+  // Fetch all products using GET requests with proper headers
+  const result = await page.evaluate(async (platformId, cName) => {
+    const allProducts = [];
+    const logs = [];
+    let pageNum = 0;
+    const perPage = 100;
+    let totalCount = 0;
+    const sessionId = 'browser-session-' + Date.now();
+
+    try {
+      while (pageNum < 30) {  // Max 30 pages = 3000 products
+        const variables = {
+          includeEnterpriseSpecials: false,
+          productsFilter: {
+            dispensaryId: platformId,
+            pricingType: 'rec',
+            Status: 'Active',  // 'Active' for in-stock products per CLAUDE.md
+            types: [],
+            useCache: true,
+            isDefaultSort: true,
+            sortBy: 'popularSortIdx',
+            sortDirection: 1,
+            bypassOnlineThresholds: true,
+            isKioskMenu: false,
+            removeProductsBelowOptionThresholds: false,
+          },
+          page: pageNum,
+          perPage: perPage,
+        };
+
+        const extensions = {
+          persistedQuery: {
+            version: 1,
+            sha256Hash: 'ee29c060826dc41c527e470e9ae502c9b2c169720faa0a9f5d25e1b9a530a4a0'
+          }
+        };
+
+        // Build GET URL like the browser does
+        const qs = new URLSearchParams({
+          operationName: 'FilteredProducts',
+          variables: JSON.stringify(variables),
+          extensions: JSON.stringify(extensions)
+        });
+        const url = `https://dutchie.com/api-3/graphql?${qs.toString()}`;
+
+        const response = await fetch(url, {
+          method: 'GET',
+          headers: {
+            'Accept': 'application/json',
+            'content-type': 'application/json',
+            'x-dutchie-session': sessionId,
+            'apollographql-client-name': 'Marketplace (production)',
+          },
+          credentials: 'include'
+        });
+
+        logs.push(`Page ${pageNum}: HTTP ${response.status}`);
+
+        if (!response.ok) {
+          const text = await response.text();
+          logs.push(`HTTP error: ${response.status} - ${text.slice(0, 200)}`);
+          break;
+        }
+
+        const json = await response.json();
+
+        if (json.errors) {
+          logs.push(`GraphQL error: ${JSON.stringify(json.errors).slice(0, 200)}`);
+          break;
+        }
+
+        const data = json?.data?.filteredProducts;
+        if (!data || !data.products) {
+          logs.push('No products in response');
+          break;
+        }
+
+        const products = data.products;
+        allProducts.push(...products);
+
+        if (pageNum === 0) {
+          totalCount = data.queryInfo?.totalCount || 0;
+          logs.push(`Total reported: ${totalCount}`);
+        }
+
+        logs.push(`Got ${products.length} products (total: ${allProducts.length}/${totalCount})`);
+
+        if (allProducts.length >= totalCount || products.length < perPage) {
+          break;
+        }
+
+        pageNum++;
+
+        // Small delay between pages to be polite
+        await new Promise(r => setTimeout(r, 200));
+      }
+    } catch (err) {
+      logs.push(`Error: ${err.message}`);
+    }
+
+    return { products: allProducts, totalCount, logs };
+  }, platformId, cName);
+
+  await browser.close();
+
+  // Print logs from browser context
+  result.logs.forEach(log => console.log(`[Browser] ${log}`));
+
+  console.log(`[Capture] Got ${result.products.length} products (API reported ${result.totalCount})`);
+
+  const payload = {
+    dispensaryId: dispensaryId,
+    platformId: platformId,
+    cName,
+    fetchedAt: new Date().toISOString(),
+    productCount: result.products.length,
+    products: result.products,
+  };
+
+  fs.writeFileSync(outputPath, JSON.stringify(payload, null, 2));
+
+  console.log(`\n=== Capture Complete ===`);
+  console.log(`Total products: ${result.products.length}`);
+  console.log(`Saved to: ${outputPath}`);
+  console.log(`File size: ${(fs.statSync(outputPath).size / 1024).toFixed(1)} KB`);
+
+  return payload;
+}
+
+// Run
+(async () => {
+  const payload = await capturePayload({
+    cName: 'AZ-Deeply-Rooted',
+    platformId: '6405ef617056e8014d79101b',
+  });
+
+  if (payload.products.length > 0) {
+    const sample = payload.products[0];
+    console.log(`\nSample: ${sample.Name || sample.name} - ${sample.brand?.name || sample.brandName}`);
+  }
+})().catch(console.error);
diff --git a/backend/tsconfig.json b/backend/tsconfig.json
index f1c16978..7326530e 100755
--- a/backend/tsconfig.json
+++ b/backend/tsconfig.json
@@ -14,5 +14,5 @@
     "allowSyntheticDefaultImports": true
   },
   "include": ["src/**/*"],
-  "exclude": ["node_modules", "dist", "src/**/*.test.ts", "src/**/__tests__/**"]
+  "exclude": ["node_modules", "dist", "src/**/*.test.ts", "src/**/__tests__/**", "src/_deprecated/**"]
 }
diff --git a/cannaiq/src/pages/WorkersDashboard.tsx b/cannaiq/src/pages/WorkersDashboard.tsx
index 3540e33a..de26a25e 100644
--- a/cannaiq/src/pages/WorkersDashboard.tsx
+++ b/cannaiq/src/pages/WorkersDashboard.tsx
@@ -48,6 +48,17 @@ interface Worker {
   seconds_since_heartbeat: number;
   decommission_requested?: boolean;
   decommission_reason?: string;
+  // Dual-transport preflight status
+  preflight_curl_status?: 'pending' | 'passed' | 'failed' | 'skipped';
+  preflight_http_status?: 'pending' | 'passed' | 'failed' | 'skipped';
+  preflight_curl_at?: string;
+  preflight_http_at?: string;
+  preflight_curl_error?: string;
+  preflight_http_error?: string;
+  preflight_curl_ms?: number;
+  preflight_http_ms?: number;
+  can_curl?: boolean;
+  can_http?: boolean;
   metadata: {
     cpu?: number;
     memory?: number;
@@ -277,6 +288,67 @@ function ResourceBadge({ worker }: { worker: Worker }) {
   );
 }
 
+// Transport capability badge showing curl/http preflight status
+function TransportBadge({ worker }: { worker: Worker }) {
+  const curlStatus = worker.preflight_curl_status || 'pending';
+  const httpStatus = worker.preflight_http_status || 'pending';
+
+  const getStatusConfig = (status: string, label: string, ms?: number, error?: string) => {
+    switch (status) {
+      case 'passed':
+        return {
+          bg: 'bg-emerald-100',
+          text: 'text-emerald-700',
+          icon: <CheckCircle className="w-3 h-3" />,
+          tooltip: ms ? `${label}: Passed (${ms}ms)` : `${label}: Passed`,
+        };
+      case 'failed':
+        return {
+          bg: 'bg-red-100',
+          text: 'text-red-700',
+          icon: <XCircle className="w-3 h-3" />,
+          tooltip: error ? `${label}: Failed - ${error}` : `${label}: Failed`,
+        };
+      case 'skipped':
+        return {
+          bg: 'bg-gray-100',
+          text: 'text-gray-500',
+          icon: <Clock className="w-3 h-3" />,
+          tooltip: `${label}: Skipped`,
+        };
+      default:
+        return {
+          bg: 'bg-yellow-100',
+          text: 'text-yellow-700',
+          icon: <Clock className="w-3 h-3 animate-pulse" />,
+          tooltip: `${label}: Pending`,
+        };
+    }
+  };
+
+  const curlConfig = getStatusConfig(curlStatus, 'CURL', worker.preflight_curl_ms, worker.preflight_curl_error);
+  const httpConfig = getStatusConfig(httpStatus, 'HTTP', worker.preflight_http_ms, worker.preflight_http_error);
+
+  return (
+    <div className="flex flex-col gap-1">
+      <div
+        className={`inline-flex items-center gap-1 px-1.5 py-0.5 rounded text-xs font-medium ${curlConfig.bg} ${curlConfig.text}`}
+        title={curlConfig.tooltip}
+      >
+        {curlConfig.icon}
+        <span>curl</span>
+      </div>
+      <div
+        className={`inline-flex items-center gap-1 px-1.5 py-0.5 rounded text-xs font-medium ${httpConfig.bg} ${httpConfig.text}`}
+        title={httpConfig.tooltip}
+      >
+        {httpConfig.icon}
+        <span>http</span>
+      </div>
+    </div>
+  );
+}
+
 // Task count badge showing active/max concurrent tasks
 function TaskCountBadge({ worker, tasks }: { worker: Worker; tasks: Task[] }) {
   const activeCount = worker.active_task_count ?? (worker.current_task_id ? 1 : 0);
@@ -883,6 +955,7 @@ export function WorkersDashboard() {
                   <th className="px-4 py-3 text-left text-xs font-medium text-gray-500 uppercase">Worker</th>
                   <th className="px-4 py-3 text-left text-xs font-medium text-gray-500 uppercase">Role</th>
                   <th className="px-4 py-3 text-left text-xs font-medium text-gray-500 uppercase">Status</th>
+                  <th className="px-4 py-3 text-left text-xs font-medium text-gray-500 uppercase">Transport</th>
                   <th className="px-4 py-3 text-left text-xs font-medium text-gray-500 uppercase">Resources</th>
                   <th className="px-4 py-3 text-left text-xs font-medium text-gray-500 uppercase">Tasks</th>
                   <th className="px-4 py-3 text-left text-xs font-medium text-gray-500 uppercase">Duration</th>
@@ -934,6 +1007,9 @@ export function WorkersDashboard() {
                       <td className="px-4 py-3">
                         <HealthBadge status={worker.status} healthStatus={worker.health_status} />
                       </td>
+                      <td className="px-4 py-3">
+                        <TransportBadge worker={worker} />
+                      </td>
                       <td className="px-4 py-3">
                         <ResourceBadge worker={worker} />
                       </td>
diff --git a/k8s/woodpecker-agent-compose.yml b/k8s/woodpecker-agent-compose.yml
new file mode 100644
index 00000000..b6fe558a
--- /dev/null
+++ b/k8s/woodpecker-agent-compose.yml
@@ -0,0 +1,18 @@
+# Woodpecker Agent Docker Compose
+# Path: /opt/woodpecker/docker-compose.yml
+# Deploy: cd /opt/woodpecker && docker compose up -d
+version: '3.8'
+
+services:
+  woodpecker-agent:
+    image: woodpeckerci/woodpecker-agent:latest
+    container_name: woodpecker-agent
+    restart: always
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+    environment:
+      - WOODPECKER_SERVER=localhost:9000
+      - WOODPECKER_AGENT_SECRET=${WOODPECKER_AGENT_SECRET}
+      - WOODPECKER_MAX_WORKFLOWS=5
+      - WOODPECKER_HEALTHCHECK=true
+      - WOODPECKER_LOG_LEVEL=info