diff --git a/app/src/components/explorer/Pagination.vue b/app/src/components/explorer/Pagination.vue
index b3b76874a..efcb9f847 100644
--- a/app/src/components/explorer/Pagination.vue
+++ b/app/src/components/explorer/Pagination.vue
@@ -142,6 +142,7 @@ const prevRow = (): void => {
 watch(() => props.cpage, (newValue, oldValue) => {
   if ((newValue !== oldValue) && pageExists(newValue)) {
     pageInput.value = newValue;
+    verifyRow();
   }
 });
 
diff --git a/app/src/composables/useXmlViewer.ts b/app/src/composables/useXmlViewer.ts
new file mode 100644
index 000000000..d0a45e673
--- /dev/null
+++ b/app/src/composables/useXmlViewer.ts
@@ -0,0 +1,63 @@
+import { ref, computed, watch } from 'vue';
+import { useRoute } from 'vue-router';
+import { useStore } from 'vuex';
+import { useQuery } from '@vue/apollo-composable';
+import { XML_VIEWER } from '@/modules/gql/xml-gql';
+
+export function useXmlViewer() {
+  const route = useRoute();
+  const store = useStore();
+
+  const xmlViewer = ref<any>({});
+
+  const { result, loading, refetch } = useQuery(
+    XML_VIEWER,
+    computed(() => ({
+      input: {
+        id: route.params.id,
+        isNewCuration: route.query?.isNewCuration
+          ? JSON.parse(route.query.isNewCuration as string)
+          : false,
+      },
+    })),
+    { fetchPolicy: 'cache-and-network' }
+  );
+
+  watch(
+    result,
+    (data) => {
+      if (data) {
+        xmlViewer.value = data.xmlViewer;
+      }
+    },
+    { immediate: true }
+  );
+
+  const isAuth = computed(() => store.getters['auth/isAuthenticated']);
+  const isAdmin = computed(() => store.getters['auth/isAdmin']);
+  const dialogBoxActive = computed(() => store.getters.dialogBox);
+
+  const closeDialogBox = () => {
+    store.commit('setDialogBox');
+  };
+
+  const approveCuration = () => {
+    store.commit('setDialogBox');
+  };
+
+  const approval = async () => {
+    await store.dispatch('explorer/curation/approveCuration', { xml: xmlViewer.value });
+  };
+
+  return {
+    xmlViewer,
+    loading,
+    refetch,
+    isAuth,
+    isAdmin,
+    dialogBoxActive,
+    closeDialogBox,
+    approveCuration,
+    approval,
+  };
+}
diff --git a/app/src/modules/auth-utils.ts b/app/src/modules/auth-utils.ts
new file mode 100644
index 000000000..81ccdf00b
--- /dev/null
+++ b/app/src/modules/auth-utils.ts
@@ -0,0 +1,40 @@
+/**
+ * JWT auth utilities for frontend token validation and cleanup.
+ * Decodes JWT payload via base64 (no secret needed) to check expiry.
+ */
+
+export const AUTH_STORAGE_KEYS = [
+  'token',
+  'userId',
+  'displayName',
+  'surName',
+  'givenName',
+  'isAdmin',
+  'tokenExpiration',
+];
+
+export function clearAuthStorage (): void {
+  AUTH_STORAGE_KEYS.forEach((key) => localStorage.removeItem(key));
+}
+
+export function getTokenExp (token: string): number | null {
+  try {
+    const parts = token.split('.');
+    if (parts.length !== 3) return null;
+    const payload = JSON.parse(atob(parts[1]));
+    return typeof payload.exp === 'number' ? payload.exp : null;
+  } catch {
+    return null;
+  }
+}
+
+export function isTokenExpired (token: string): boolean {
+  const exp = getTokenExp(token);
+  if (exp === null) return true;
+  return Date.now() >= exp * 1000;
+}
+
+export function forceLogout (): void {
+  clearAuthStorage();
+  window.location.href = '/nm';
+}
diff --git a/app/src/modules/gql/apolloClient.ts b/app/src/modules/gql/apolloClient.ts
index 5e29c3503..6080d4bf5 100644
--- a/app/src/modules/gql/apolloClient.ts
+++ b/app/src/modules/gql/apolloClient.ts
@@ -1,12 +1,29 @@
-import { ApolloClient, ApolloLink, InMemoryCache, HttpLink } from '@apollo/client/core';
+import {
+  ApolloClient,
+  ApolloLink,
+  InMemoryCache,
+  HttpLink,
+  Observable,
+  from,
+} from '@apollo/client/core';
+import { onError } from '@apollo/client/link/error';
+import { isTokenExpired, forceLogout } from '../auth-utils';
 
 const BASE = window.location.origin;
 const uri = `${BASE}/api/graphql`;
 const httpLink = new HttpLink({ uri });
 
 const authLink = new ApolloLink((operation, forward) => {
-  // add the authorization to the headers
   const token = localStorage.getItem('token') || null;
+
+  if (token && isTokenExpired(token)) {
+    forceLogout();
+    return new Observable((observer) => {
+      observer.error(new Error('Token expired'));
+      observer.complete();
+    });
+  }
+
   operation.setContext({
     headers: {
       authorization: token ? `${token}` : '',
@@ -15,8 +32,29 @@ const authLink = new ApolloLink((operation, forward) => {
   return forward(operation);
 });
 
+const errorLink = onError(({ graphQLErrors, networkError }) => {
+  const authMessages = ['not authenticated', 'jwt expired', 'invalid token', 'jwt malformed'];
+
+  if (graphQLErrors) {
+    for (const err of graphQLErrors) {
+      const msg = (err.message || '').toLowerCase();
+      if (authMessages.some((keyword) => msg.includes(keyword))) {
+        forceLogout();
+        return;
+      }
+    }
+  }
+
+  if (networkError && 'statusCode' in networkError) {
+    const status = (networkError as any).statusCode;
+    if (status === 401 || status === 403) {
+      forceLogout();
+    }
+  }
+});
+
 export default new ApolloClient({
   uri: uri,
-  link: authLink.concat(httpLink), // Chain auth token with the HttpLink
+  link: from([errorLink, authLink, httpLink]),
   cache: new InMemoryCache(),
 });
diff --git a/app/src/pages/explorer/xml/Xml.vue b/app/src/pages/explorer/xml/Xml.vue
index db2bb92a0..7dfa5ad1d 100644
--- a/app/src/pages/explorer/xml/Xml.vue
+++ b/app/src/pages/explorer/xml/Xml.vue
@@ -179,9 +179,9 @@
     <!-- @ts-ignore -->
     <template v-slot:pagination>
       <Pagination
-        v-if="xmlFinder && xmlFinder.xmlData"
+        v-if="xmlFinder && xmlFinder.xmlData && xmlFinder.totalPages > 0"
         :cpage="pageNumber"
-        :tpages="xmlFinder.totalPages || 1"
+        :tpages="xmlFinder.totalPages"
         @go-to-page="loadPrevNextImage($event)"
       />
     </template>
@@ -194,7 +194,7 @@
 </template>
 
 <script setup lang="ts">
-import { ref, computed, onMounted, onActivated, watch, watchEffect } from 'vue';
+import { ref, computed, onMounted, watch, watchEffect } from 'vue';
 import { useStore } from 'vuex';
 import { useRouter, useRoute } from 'vue-router';
 import { useQuery } from '@vue/apollo-composable';
@@ -507,12 +507,4 @@ onMounted(() => {
     paramsReady.value = true;
   });
 });
-
-// Refetch data when component is activated (e.g., when navigating back from detail view)
-onActivated(() => {
-  paramsReady.value = false;
-  initializeGallery().finally(() => {
-    paramsReady.value = true;
-  });
-});
 </script>
diff --git a/app/src/pages/explorer/xml/XmlHistory.vue b/app/src/pages/explorer/xml/XmlHistory.vue
index 285599f9e..550c63819 100644
--- a/app/src/pages/explorer/xml/XmlHistory.vue
+++ b/app/src/pages/explorer/xml/XmlHistory.vue
@@ -1,5 +1,24 @@
 <template>
   <div class="xmlLoader">
+    <Dialog :minWidth="40" :active="dialogBoxActive">
+      <template #title>{{ approvalInProgress ? 'Confirmation' : 'Success' }}</template>
+      <template #content>
+        <div class="u_display-flex u_centralize_items u--margin-posmd">
+          <md-icon class="u--font-emph-smm u--margin-pos" style="color: green"
+            >check_circle</md-icon
+          >
+          <span>{{
+            approvalInProgress
+              ? 'Please confirm your submission'
+              : 'XML has been approved and successfully ingested into the knowledge graph'
+          }}</span>
+        </div>
+      </template>
+      <template #actions>
+        <md-button v-if="approvalInProgress" @click="submitApproval">Submit</md-button>
+        <md-button @click.prevent="closeDialogBox">Close</md-button>
+      </template>
+    </Dialog>
     <section class="u_width--max viz-u-postion__rel utility-roverflow" v-if="!yamlLoading">
       <md-drawer
         class="md-right"
@@ -71,6 +90,17 @@
           <md-tooltip md-direction="top">Comment</md-tooltip>
           <md-icon>comment</md-icon>
         </md-button>
+
+        <md-button
+          @click="handleApproveCuration"
+          v-if="
+            isAuth && xmlViewer.status === 'Approved' && xmlViewer.curationState === 'Completed'
+          "
+          class="md-fab md-dense md-primary btn--primary"
+        >
+          <md-tooltip md-direction="top">Resubmit XML</md-tooltip>
+          <md-icon>check</md-icon>
+        </md-button>
       </div>
     </section>
 
@@ -84,7 +114,9 @@
 import { ref, computed, onMounted } from 'vue';
 import { useStore } from 'vuex';
 import { useRouter, useRoute } from 'vue-router';
+import { useXmlViewer } from '@/composables/useXmlViewer';
 import Comment from '@/components/explorer/Comment.vue';
+import Dialog from '@/components/Dialog.vue';
 import Spinner from '@/components/Spinner.vue';
 import TableComponent from '@/components/explorer/TableComponent.vue';
 
@@ -98,13 +130,15 @@ const store = useStore();
 const router = useRouter();
 const route = useRoute();
 
-// Template refs
-const codeBlock = ref<HTMLElement>();
+// Composable
+const { xmlViewer, isAuth, dialogBoxActive, approveCuration, approval, closeDialogBox } =
+  useXmlViewer();
 
 // Reactive data
 const showSidepanel = ref(false);
 const type = ref('xml');
 const yamlLoading = ref(false);
+const approvalInProgress = ref(false);
 const isSmallTabView = computed(() => {
   return screen.width < 760;
 });
@@ -128,6 +162,18 @@ const controlID = computed(() => {
 const emptyState = computed(() => `No History Data Found for ${controlID.value}`);
 
 // Methods
+const handleApproveCuration = () => {
+  approvalInProgress.value = true;
+  approveCuration();
+};
+
+const submitApproval = async () => {
+  closeDialogBox();
+  approvalInProgress.value = false;
+  await approval();
+  store.dispatch('explorer/curation/fetchChangeLogs', xmlId.value);
+};
+
 const navBack = () => {
   router.back();
 };
diff --git a/app/src/pages/explorer/xml/XmlLoader.vue b/app/src/pages/explorer/xml/XmlLoader.vue
index 7e9618233..b0144ae9f 100644
--- a/app/src/pages/explorer/xml/XmlLoader.vue
+++ b/app/src/pages/explorer/xml/XmlLoader.vue
@@ -12,7 +12,7 @@
       </template>
       <template #actions>
         <md-button v-if="dialogMode === 'edit'" @click="confirmEditCuration">Submit</md-button>
-        <md-button v-else-if="approvalInProgress" @click="approval({ xmlViewer })"
+        <md-button v-else-if="approvalInProgress" @click="approval"
           >Submit</md-button
         >
         <md-button @click.prevent="closeDialogBox">Close</md-button>
@@ -161,13 +161,12 @@
 import { ref, computed, onMounted, nextTick, watch } from 'vue';
 import { useStore } from 'vuex';
 import { useRouter, useRoute } from 'vue-router';
-import { useQuery } from '@vue/apollo-composable';
 import Prism from 'prismjs';
 import 'prismjs/components/prism-xml-doc';
 import 'prismjs/components/prism-markup';
 import 'prismjs/themes/prism-coy.min.css';
-import { XML_VIEWER } from '@/modules/gql/xml-gql';
 import { useOptionalChaining } from '@/composables/useOptionalChaining';
+import { useXmlViewer } from '@/composables/useXmlViewer';
 import Comment from '@/components/explorer/Comment.vue';
 import Spinner from '@/components/Spinner.vue';
 import Dialog from '@/components/Dialog.vue';
@@ -184,6 +183,16 @@ const route = useRoute();
 
 // Composables
 const { optionalChaining } = useOptionalChaining();
+const {
+  xmlViewer,
+  loading,
+  isAuth,
+  isAdmin,
+  dialogBoxActive,
+  closeDialogBox: baseCloseDialogBox,
+  approveCuration: baseApproveCuration,
+  approval: baseApproval,
+} = useXmlViewer();
 
 // Template refs
 const codeBlock = ref<HTMLElement>();
@@ -191,40 +200,11 @@ const codeBlock = ref<HTMLElement>();
 // Reactive data
 const showSidepanel = ref(false);
 const type = ref('xml');
-const xmlViewer = ref<any>({});
 const approvalInProgress = ref(false);
 const dialogMode = ref<'approval' | 'edit'>('approval');
 
-// Apollo query
-const { result, loading, refetch } = useQuery(
-  XML_VIEWER,
-  computed(() => ({
-    input: {
-      id: route.params.id,
-      isNewCuration: route.query?.isNewCuration
-        ? JSON.parse(route.query.isNewCuration as string)
-        : false,
-    },
-  })),
-  { fetchPolicy: 'cache-and-network' }
-);
-
-// Watch for query results
-watch(
-  result,
-  (data) => {
-    if (data) {
-      xmlViewer.value = data.xmlViewer;
-    }
-  },
-  { immediate: true }
-);
-
 // Computed properties
-const isAuth = computed(() => store.getters['auth/isAuthenticated']);
-const isAdmin = computed(() => store.getters['auth/isAdmin']);
 const userId = computed(() => store.getters['auth/userId']);
-const dialogBoxActive = computed(() => store.getters.dialogBox);
 const dialogTitle = computed(() => {
   if (dialogMode.value === 'edit') {
     return `Edit ${xmlViewer.value.id} Sample`;
@@ -252,7 +232,7 @@ const isActiveXmlView = computed(() => !route.query.isYaml && !route.query.isHis
 
 // Methods
 const closeDialogBox = () => {
-  store.commit('setDialogBox');
+  baseCloseDialogBox();
   dialogMode.value = 'approval';
 };
 
@@ -306,27 +286,21 @@ const openHistory = () => {
   return router.push({ name: 'SampleHistory', params, query });
 };
 
-const approval = async ({ xmlViewer }: { xmlViewer: any }) => {
+const approval = async () => {
   closeDialogBox();
   approvalInProgress.value = false;
-  await store.dispatch('explorer/curation/approveCuration', { xml: xmlViewer });
+  await baseApproval();
 };
 
-// TODO: This should ONLY be sending xml id alone, not the whole xmlViewer object
-const approveCuration = async () => {
-  // xmlViewer.curationState !== 'Completed'
-  // TODO: Remove the above logic in line 126 and use here. Check if is completed and show a dialog box to double check with the user if they really want to re-submit
-  // If the above logic if is true, use a different icon and tooltip label
+const approveCuration = () => {
   dialogMode.value = 'approval';
   approvalInProgress.value = true;
-  store.commit('setDialogBox', true, { root: true });
+  baseApproveCuration();
 };
 
 const requestApproval = async ({ curationId, isNew }: { curationId: string; isNew: boolean }) => {
   if (isAdmin.value) {
-    dialogMode.value = 'approval';
-    approvalInProgress.value = true;
-    store.commit('setDialogBox', true, { root: true });
+    approveCuration();
   } else return await store.dispatch('explorer/curation/requestApproval', { curationId, isNew });
 };
 
diff --git a/app/src/pages/nanomine/howTo/HowTo.vue b/app/src/pages/nanomine/howTo/HowTo.vue
index 7f7d7c0fa..8434fca23 100644
--- a/app/src/pages/nanomine/howTo/HowTo.vue
+++ b/app/src/pages/nanomine/howTo/HowTo.vue
@@ -73,11 +73,6 @@ const store = useStore();
 // Reactive data
 const videos = ref<any[]>([]);
 
-// Methods
-const showBox = () => {
-  console.log('showBox called');
-};
-
 const hideVideos = (idx: number) => {
   let noTouch: number | null = null;
   if (idx >= 0) {
diff --git a/app/src/store/modules/auth/actions.ts b/app/src/store/modules/auth/actions.ts
index 086bec045..b8de2d7fa 100644
--- a/app/src/store/modules/auth/actions.ts
+++ b/app/src/store/modules/auth/actions.ts
@@ -1,21 +1,8 @@
 import router from '@/router';
+import { getTokenExp, clearAuthStorage } from '@/modules/auth-utils';
 
 let timer: any;
 
-// Helper function to clear local storage items
-const clearAuthStorage = (): void => {
-  const items = [
-    'token',
-    'userId',
-    'displayName',
-    'surName',
-    'givenName',
-    'isAdmin',
-    'tokenExpiration',
-  ];
-  items.forEach((item) => localStorage.removeItem(item));
-};
-
 // Helper function to set local storage items
 const setAuthStorage = (data: any): void => {
   const { token, userId, displayName, surName, givenName, isAdmin, expirationDate } = data;
@@ -124,8 +111,10 @@ export default {
     const surName = res.surName ?? null;
     const givenName = res.givenName ?? null;
     const isAdmin = res.isAdmin ?? false;
-    const expiresIn = 9000 * 60 * 60;
-    const expirationDate = new Date().getTime() + expiresIn;
+
+    const exp = token ? getTokenExp(token) : null;
+    const expirationDate = exp ? exp * 1000 : new Date().getTime() + 8 * 60 * 60 * 1000;
+    const expiresIn = expirationDate - Date.now();
 
     if (token && userId && displayName) {
       setAuthStorage({
diff --git a/app/src/store/modules/explorer/curation/actions.ts b/app/src/store/modules/explorer/curation/actions.ts
index 6487708fd..41d9da57b 100644
--- a/app/src/store/modules/explorer/curation/actions.ts
+++ b/app/src/store/modules/explorer/curation/actions.ts
@@ -711,7 +711,6 @@ export default {
     }
     const response = await resp.json();
 
-    console.log('Fetched Change Logs:', response);
     const parseLogs = response?.changes?.map((log: any) => ({
       user: log.user,
       timestamp: log.date,
diff --git a/resfulservice/spec/controllers/jobsController.spec.js b/resfulservice/spec/controllers/jobsController.spec.js
new file mode 100644
index 000000000..58161e3f7
--- /dev/null
+++ b/resfulservice/spec/controllers/jobsController.spec.js
@@ -0,0 +1,148 @@
+const fs = require('fs');
+const chai = require('chai');
+const sinon = require('sinon');
+const mongoose = require('mongoose');
+const XmlData = require('../../src/models/xmlData');
+const CuratedSample = require('../../src/models/curatedSamples');
+const FileManager = require('../../src/utils/fileManager');
+const JobsController = require('../../src/controllers/jobs');
+const { logger } = require('../common/utils');
+const { next } = require('../mocks');
+
+const { expect } = chai;
+
+describe('Jobs Controller', function () {
+  afterEach(() => sinon.restore());
+
+  const validId1 = new mongoose.Types.ObjectId().toString();
+  const validId2 = new mongoose.Types.ObjectId().toString();
+  const validId3 = new mongoose.Types.ObjectId().toString();
+
+  const req = {
+    logger,
+    body: {},
+    env: { FILES_DIRECTORY: 'mm_files' }
+  };
+
+  const res = {
+    header: () => {},
+    get: () => String(Date.now()),
+    status: () => {},
+    json: () => {},
+    setHeader: () => {}
+  };
+
+  beforeEach(() => {
+    req.body = {};
+  });
+
+  context('adjustXmlStatus', () => {
+    it('should return 400 if status is missing', async () => {
+      req.body = { text: validId1 };
+      sinon.stub(res, 'status').returnsThis();
+      sinon.stub(res, 'json').returns({ message: 'Status is required' });
+
+      await JobsController.adjustXmlStatus(req, res, next);
+
+      expect(res.status.calledWith(400)).to.be.true;
+    });
+
+    it('should return 400 if both text and filename are missing', async () => {
+      req.body = { status: 'Curated' };
+      sinon.stub(res, 'status').returnsThis();
+      sinon.stub(res, 'json').returns({ message: 'Either text or filename is required' });
+
+      await JobsController.adjustXmlStatus(req, res, next);
+
+      expect(res.status.calledWith(400)).to.be.true;
+    });
+
+    it('should return 400 if both text and filename are provided', async () => {
+      req.body = { status: 'Curated', text: validId1, filename: 'test.txt' };
+      sinon.stub(res, 'status').returnsThis();
+      sinon.stub(res, 'json').returns({ message: 'Provide either text or filename, not both' });
+
+      await JobsController.adjustXmlStatus(req, res, next);
+
+      expect(res.status.calledWith(400)).to.be.true;
+    });
+
+    it('should report invalid ObjectIds', async () => {
+      req.body = { status: 'Curated', text: `${validId1},not-a-valid-id` };
+      sinon.stub(res, 'status').returnsThis();
+      sinon.stub(res, 'json').returnsThis();
+      sinon.stub(XmlData, 'updateMany').resolves({ modifiedCount: 1 });
+      sinon.stub(XmlData, 'find').resolves([{ _id: validId1 }]);
+
+      await JobsController.adjustXmlStatus(req, res, next);
+
+      expect(res.status.calledWith(200)).to.be.true;
+      const jsonArg = res.json.firstCall.args[0];
+      expect(jsonArg.data.invalidIds).to.include('not-a-valid-id');
+      expect(jsonArg.data.xmlDataUpdated).to.equal(1);
+    });
+
+    it('should update xmldata records with text input', async () => {
+      req.body = { status: 'Curated', text: `${validId1},${validId2}` };
+      sinon.stub(res, 'status').returnsThis();
+      sinon.stub(res, 'json').returnsThis();
+      sinon.stub(XmlData, 'updateMany').resolves({ modifiedCount: 2 });
+      sinon.stub(XmlData, 'find').resolves([{ _id: validId1 }, { _id: validId2 }]);
+
+      await JobsController.adjustXmlStatus(req, res, next);
+
+      expect(res.status.calledWith(200)).to.be.true;
+      const jsonArg = res.json.firstCall.args[0];
+      expect(jsonArg.data.xmlDataUpdated).to.equal(2);
+      expect(jsonArg.data.curatedSamplesUpdated).to.equal(0);
+      expect(jsonArg.data.failed).to.have.lengthOf(0);
+    });
+
+    it('should fall through to curatedsamples for IDs not found in xmldata', async () => {
+      req.body = { status: 'Curated', text: `${validId1},${validId2},${validId3}` };
+      sinon.stub(res, 'status').returnsThis();
+      sinon.stub(res, 'json').returnsThis();
+      sinon.stub(XmlData, 'updateMany').resolves({ modifiedCount: 1 });
+      sinon.stub(XmlData, 'find').resolves([{ _id: validId1 }]);
+      sinon.stub(CuratedSample, 'updateMany').resolves({ modifiedCount: 1 });
+      sinon.stub(CuratedSample, 'find').resolves([{ _id: validId2 }]);
+
+      await JobsController.adjustXmlStatus(req, res, next);
+
+      expect(res.status.calledWith(200)).to.be.true;
+      const jsonArg = res.json.firstCall.args[0];
+      expect(jsonArg.data.xmlDataUpdated).to.equal(1);
+      expect(jsonArg.data.curatedSamplesUpdated).to.equal(1);
+      expect(jsonArg.data.failed).to.include(validId3);
+    });
+
+    it('should read IDs from file and delete file after processing', async () => {
+      req.body = { status: 'Curated', filename: 'ids.txt' };
+      sinon.stub(res, 'status').returnsThis();
+      sinon.stub(res, 'json').returnsThis();
+      sinon.stub(fs, 'readFileSync').returns(`${validId1}\n${validId2}\n`);
+      sinon.stub(XmlData, 'updateMany').resolves({ modifiedCount: 2 });
+      sinon.stub(XmlData, 'find').resolves([{ _id: validId1 }, { _id: validId2 }]);
+      const deleteStub = sinon.stub(FileManager, 'deleteFile');
+
+      await JobsController.adjustXmlStatus(req, res, next);
+
+      expect(res.status.calledWith(200)).to.be.true;
+      expect(deleteStub.calledOnce).to.be.true;
+      const jsonArg = res.json.firstCall.args[0];
+      expect(jsonArg.data.xmlDataUpdated).to.equal(2);
+    });
+
+    it('should call next with error on DB failure', async () => {
+      req.body = { status: 'Curated', text: validId1 };
+      sinon.stub(XmlData, 'updateMany').rejects(new Error('DB error'));
+      const nextSpy = sinon.spy();
+
+      await JobsController.adjustXmlStatus(req, res, nextSpy);
+
+      expect(nextSpy.calledOnce).to.be.true;
+      const err = nextSpy.firstCall.args[0];
+      expect(err).to.have.property('statusCode', 500);
+    });
+  });
+});
diff --git a/resfulservice/src/api-docs/swagger-service.yaml b/resfulservice/src/api-docs/swagger-service.yaml
index 8bee7abef..0df0c902c 100644
--- a/resfulservice/src/api-docs/swagger-service.yaml
+++ b/resfulservice/src/api-docs/swagger-service.yaml
@@ -1948,6 +1948,91 @@ paths:
             application/json:
               schema:
                 $ref: '#/components/schemas/Server-Error'
+
+  /jobs/xml/adjust-status:
+    post:
+      security:
+        - BearerAuth: []
+      summary: Bulk-update curation status for XML data and curated samples
+      description: Updates the curateState field in xmldata and curationState field in curatedsamples collections for the provided MongoDB IDs. IDs not found in xmldata are tried against curatedsamples. Provide IDs via comma-separated text or a file.
+      tags:
+        - Jobs
+      requestBody:
+        description: A payload containing the target status and IDs to update (via text or filename).
+        required: true
+        content:
+          application/json:
+            schema:
+              type: object
+              required:
+                - status
+              properties:
+                status:
+                  type: string
+                  description: The target curation status to apply
+                  example: Curated
+                text:
+                  type: string
+                  description: Comma-separated list of MongoDB ObjectIds. Required if filename is not provided.
+                  example: "507f1f77bcf86cd799439011,507f1f77bcf86cd799439012"
+                filename:
+                  type: string
+                  description: Name of a file in FILES_DIRECTORY containing one ObjectId per line. Required if text is not provided.
+                  example: ids.txt
+      responses:
+        '200':
+          description: Returns update counts and any failed or invalid IDs
+          content:
+            application/json:
+              schema:
+                type: object
+                properties:
+                  data:
+                    type: object
+                    properties:
+                      xmlDataUpdated:
+                        type: integer
+                        description: Number of xmldata records updated
+                        example: 5
+                      curatedSamplesUpdated:
+                        type: integer
+                        description: Number of curatedsamples records updated
+                        example: 2
+                      failed:
+                        type: array
+                        description: IDs not found in either collection
+                        items:
+                          type: string
+                        example: ["507f1f77bcf86cd799439013"]
+                      invalidIds:
+                        type: array
+                        description: IDs that are not valid MongoDB ObjectIds
+                        items:
+                          type: string
+                        example: ["not-a-valid-id"]
+        '400':
+          description: Invalid Request Payload
+          content:
+            application/json:
+              schema:
+                type: object
+                properties:
+                  message:
+                    type: string
+                    enum: ['Status is required', 'Either text or filename is required', 'Provide either text or filename, not both']
+        '401':
+          description: Unauthorized access to this service.
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Unauthorized-Error'
+        '500':
+          description: Internal Server Error
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Server-Error'
+
 components:
   securitySchemes:
     BearerAuth:
diff --git a/resfulservice/src/controllers/curationController.js b/resfulservice/src/controllers/curationController.js
index af9aa4980..57879b825 100644
--- a/resfulservice/src/controllers/curationController.js
+++ b/resfulservice/src/controllers/curationController.js
@@ -28,6 +28,7 @@ const DatasetId = require('../models/datasetId');
 const FsFile = require('../models/fsFiles');
 const Task = require('../sw/models/task');
 const ChangeLog = require('../models/changeLog');
+const JobsController = require('./jobs');
 const FileStorage = require('../middlewares/fileStorage');
 const FileController = require('./fileController');
 const { loadViscoelasticPropPipeline } = require('../pipelines/xml-pipeline');
@@ -1541,9 +1542,8 @@ exports.createMaterialObject = async (
                 path: file.path
               };
 
-              filteredObject[
-                BaseObjectSubstitutionMap[property] ?? property
-              ] = `/api/files/${filename}?isStore=true`;
+              filteredObject[BaseObjectSubstitutionMap[property] ?? property] =
+                `/api/files/${filename}?isStore=true`;
 
               const isTif = CH.isTifFile(file.path);
               if (isParentCall || isTif) {
@@ -1904,8 +1904,6 @@ exports.createChangeLog = async (req, res, next) => {
     };
 
     const changeLog = await ChangeLog.findOneAndUpdate(filter, update, options);
-
-    successWriter(req, JSON.stringify(changeLog), 'createChangeLog');
     latency.latencyCalculator(res);
 
     if (req.isBackendCall) return changeLog;
@@ -1948,17 +1946,21 @@ exports.getChangeLogs = async (req, res, next) => {
 
     // Map user objects to concatenated full name
     const formatUser = (entry) => {
-      const obj = typeof entry.toObject === 'function' ? entry.toObject() : entry;
+      const obj =
+        typeof entry.toObject === 'function' ? entry.toObject() : entry;
       const u = obj.user;
-      const name = u && typeof u === 'object'
-        ? `${u.givenName || ''} ${u.surName || ''}`.trim()
-        : u;
+      const name =
+        u && typeof u === 'object'
+          ? `${u.givenName || ''} ${u.surName || ''}`.trim()
+          : u;
       return { ...obj, user: name || 'Unknown' };
     };
 
     const formatted = Array.isArray(changeLogs)
       ? changeLogs.map(formatUser)
-      : changeLogs ? formatUser(changeLogs) : changeLogs;
+      : changeLogs
+        ? formatUser(changeLogs)
+        : changeLogs;
 
     successWriter(req, JSON.stringify(formatted), 'getChangeLogs');
     latency.latencyCalculator(res);
@@ -2080,8 +2082,8 @@ exports.curationETL = async (req, res, next) => {
         sampleIdForFailure = nanopubId;
 
         // Serialize → SHACL validate → changelog (shared logic)
-        const { success, result, failure } =
-          await Builder.serializeAndValidate({
+        const { success, result, failure } = await Builder.serializeAndValidate(
+          {
             nanopubId,
             nanopub,
             assertionId,
@@ -2094,12 +2096,21 @@ exports.curationETL = async (req, res, next) => {
             res,
             next,
             createChangeLogCb: this.createChangeLog
-          });
+          }
+        );
 
         if (!success) {
           failed.push(failure);
           continue;
         }
+
+        // Silently update curation status to Completed
+        try {
+          await JobsController.updateStatus(id, 'Completed');
+        } catch (_e) {
+          /* silent */
+        }
+
         processed.push(result);
       } catch (e) {
         failed.push({
@@ -2165,21 +2176,20 @@ exports.sddCurationETL = async (req, res, next) => {
         await Builder.transformSddToNanopub(nanopubSkeleton, logger);
 
       // Serialize → SHACL validate → changelog (shared logic)
-      const { success, result, failure } =
-        await Builder.serializeAndValidate({
-          nanopubId,
-          nanopub,
-          assertionId,
-          output,
-          inference,
-          resolveUrls,
-          ontologyLink,
-          id,
-          req,
-          res,
-          next,
-          createChangeLogCb: this.createChangeLog
-        });
+      const { success, result, failure } = await Builder.serializeAndValidate({
+        nanopubId,
+        nanopub,
+        assertionId,
+        output,
+        inference,
+        resolveUrls,
+        ontologyLink,
+        id,
+        req,
+        res,
+        next,
+        createChangeLogCb: this.createChangeLog
+      });
 
       if (!success) {
         failed.push(failure);
diff --git a/resfulservice/src/controllers/jobs.js b/resfulservice/src/controllers/jobs.js
new file mode 100644
index 000000000..2f75cccb0
--- /dev/null
+++ b/resfulservice/src/controllers/jobs.js
@@ -0,0 +1,155 @@
+const fs = require('fs');
+const path = require('path');
+const mongoose = require('mongoose');
+const XmlData = require('../models/xmlData');
+const CuratedSample = require('../models/curatedSamples');
+const {
+  CurationStateSubstitutionMap,
+  CurationEntityStates
+} = require('../../config/constant');
+const { latencyCalculator } = require('../middlewares/latencyTimer');
+const { errorWriter, successWriter } = require('../utils/logWriter');
+const FileManager = require('../utils/fileManager');
+
+/**
+ * Updates curateState/curationState for a single MongoDB _id.
+ * Tries xmldata first, falls back to curatedsamples.
+ * @param {string} id - MongoDB ObjectId string
+ * @param {string} status - Target status (e.g. 'Completed', 'Curated')
+ * @returns {{ xmlUpdated: boolean, curatedSampleUpdated: boolean }}
+ */
+exports.updateStatus = async (id, status) => {
+  const xmlResult = await XmlData.updateOne(
+    { _id: id },
+    { $set: { curateState: status, entityState: 'IngestSuccess' } }
+  );
+  if (xmlResult.matchedCount > 0) {
+    return { xmlUpdated: true, curatedSampleUpdated: false };
+  }
+  const mappedStatus = CurationStateSubstitutionMap[status] || status;
+  const curatedResult = await CuratedSample.updateOne(
+    { _id: id },
+    {
+      $set: {
+        curationState: mappedStatus,
+        entityState: CurationEntityStates.Approved
+      }
+    }
+  );
+  return {
+    xmlUpdated: false,
+    curatedSampleUpdated: curatedResult.matchedCount > 0
+  };
+};
+
+exports.adjustXmlStatus = async (req, res, next) => {
+  const { status, text, filename } = req.body;
+
+  try {
+    if (!status) {
+      latencyCalculator(res);
+      return res.status(400).json({ message: 'Status is required' });
+    }
+
+    if (!text && !filename) {
+      latencyCalculator(res);
+      return res
+        .status(400)
+        .json({ message: 'Either text or filename is required' });
+    }
+
+    if (text && filename) {
+      latencyCalculator(res);
+      return res
+        .status(400)
+        .json({ message: 'Provide either text or filename, not both' });
+    }
+
+    let rawIds;
+    let filePath;
+
+    if (text) {
+      rawIds = text
+        .split(',')
+        .map((id) => id.trim())
+        .filter(Boolean);
+    } else {
+      filePath = path.join(req.env?.FILES_DIRECTORY || 'mm_files', filename);
+      const fileContent = fs.readFileSync(filePath, 'utf-8');
+      rawIds = fileContent
+        .split(/\r?\n/)
+        .map((id) => id.trim())
+        .filter(Boolean);
+    }
+
+    const invalidIds = [];
+    const validIds = [];
+
+    for (const id of rawIds) {
+      if (mongoose.Types.ObjectId.isValid(id)) {
+        validIds.push(id);
+      } else {
+        invalidIds.push(id);
+      }
+    }
+
+    // Update xmldata collection
+    const xmlUpdateResult = await XmlData.updateMany(
+      { _id: { $in: validIds } },
+      { $set: { curateState: status } }
+    );
+
+    // Find which IDs exist in xmldata to determine remaining ones
+    const foundInXml = await XmlData.find(
+      { _id: { $in: validIds } },
+      { _id: 1 }
+    );
+    const foundXmlIds = new Set(foundInXml.map((doc) => doc._id.toString()));
+    const remainingIds = validIds.filter((id) => !foundXmlIds.has(id));
+
+    // Update curatedsamples collection for remaining IDs
+    let curatedSamplesUpdated = 0;
+    const failed = [];
+
+    if (remainingIds.length > 0) {
+      const mappedStatus = CurationStateSubstitutionMap[status] || status;
+      const curatedUpdateResult = await CuratedSample.updateMany(
+        { _id: { $in: remainingIds } },
+        { $set: { curationState: mappedStatus } }
+      );
+      curatedSamplesUpdated = curatedUpdateResult.modifiedCount;
+
+      // Find which remaining IDs exist in curatedsamples
+      const foundInCurated = await CuratedSample.find(
+        { _id: { $in: remainingIds } },
+        { _id: 1 }
+      );
+      const foundCuratedIds = new Set(
+        foundInCurated.map((doc) => doc._id.toString())
+      );
+      for (const id of remainingIds) {
+        if (!foundCuratedIds.has(id)) {
+          failed.push(id);
+        }
+      }
+    }
+
+    // Clean up file if filename was provided
+    if (filename && filePath) {
+      FileManager.deleteFile(filePath, req);
+    }
+
+    successWriter(req, 'Successfully adjusted XML status', 'adjustXmlStatus');
+    latencyCalculator(res);
+    return res.status(200).json({
+      data: {
+        xmlDataUpdated: xmlUpdateResult.modifiedCount,
+        curatedSamplesUpdated,
+        failed,
+        invalidIds
+      }
+    });
+  } catch (error) {
+    next(errorWriter(req, error, 'adjustXmlStatus', 500));
+  }
+};
diff --git a/resfulservice/src/controllers/managedServiceController.js b/resfulservice/src/controllers/managedServiceController.js
index 5065183b4..284090784 100644
--- a/resfulservice/src/controllers/managedServiceController.js
+++ b/resfulservice/src/controllers/managedServiceController.js
@@ -25,11 +25,10 @@ const path = require('path');
  * @returns {*} response
  */
 exports.manageServiceRequest = async (req, res, next) => {
-  const { logger, params, body } = req;
+  const { logger, params } = req;
   const [appName, controlId] = params.appName?.split('/');
   logger.info(':::manageServiceRequest Function Entry');
   const reqId = uuidv4();
-  logger.info(`${appName}::${JSON.stringify({ ...body, reqId })}`);
   try {
     if (!ManagedServiceRegister[appName]) {
       return next(
diff --git a/resfulservice/src/graphql/context/getHttpContext.js b/resfulservice/src/graphql/context/getHttpContext.js
index 4b22372b1..1769f77a2 100644
--- a/resfulservice/src/graphql/context/getHttpContext.js
+++ b/resfulservice/src/graphql/context/getHttpContext.js
@@ -8,9 +8,14 @@ async function getHttpContext ({ req }) {
     return { undefined, req };
   }
   logger.info('[getHttpContext]: Setting up req http ctx');
-  const { email } = decodeToken(req, req.headers.authorization);
-  const user = await User.findOne({ email }).lean();
-  if (user) return { user, req, isAuthenticated: true };
+  try {
+    const { email } = decodeToken(req, req.headers.authorization);
+    const user = await User.findOne({ email }).lean();
+    if (user) return { user, req, isAuthenticated: true };
+  } catch (err) {
+    logger.error(`[getHttpContext]: Token decode failed - ${err.message}`);
+    return { req, isAuthenticated: false };
+  }
 }
 
 module.exports = getHttpContext;
diff --git a/resfulservice/src/graphql/context/getWsContext.js b/resfulservice/src/graphql/context/getWsContext.js
index 86b0998e4..3a417f70a 100644
--- a/resfulservice/src/graphql/context/getWsContext.js
+++ b/resfulservice/src/graphql/context/getWsContext.js
@@ -4,9 +4,13 @@ const { decodeToken } = require('../../utils/jwtService');
 async function getWsContext ({ req, connectionParams }) {
   const token = connectionParams?.accessToken;
   if (token) {
-    const { userId } = decodeToken(req, token);
-    const user = await User.findById(userId).lean();
-    if (user) return { userId, req, isAuthenticated: true };
+    try {
+      const { userId } = decodeToken(req, token);
+      const user = await User.findById(userId).lean();
+      if (user) return { userId, req, isAuthenticated: true };
+    } catch (err) {
+      req?.logger?.error(`[getWsContext]: Token decode failed - ${err.message}`);
+    }
     return {};
   }
   return {};
diff --git a/resfulservice/src/pipelines/curation-pipeline.js b/resfulservice/src/pipelines/curation-pipeline.js
index b623397aa..42c6f7142 100644
--- a/resfulservice/src/pipelines/curation-pipeline.js
+++ b/resfulservice/src/pipelines/curation-pipeline.js
@@ -54,6 +54,7 @@ exports.curationSearchQuery = async (input) => {
 
   const data = await XmlData.aggregate([
     { $match: xmlDataFilter },
+    { $match: { curateState: { $in: ['Review', 'Completed'] } } },
     {
       $project: {
         id: '$_id',
@@ -68,7 +69,7 @@ exports.curationSearchQuery = async (input) => {
         isNewCuration: { $literal: false },
         status: {
           $cond: [
-            { $eq: ['$entityState', 'IngestSuccess'] },
+            { $eq: ['$curateState', 'Completed'] },
             'Approved',
             'Not Approved'
           ]
@@ -81,6 +82,7 @@ exports.curationSearchQuery = async (input) => {
         coll: 'curatedsamples',
         pipeline: [
           { $match: curationSampleFilter },
+          { $match: { curationState: { $in: ['Review', 'Completed'] } } },
           {
             $project: {
               id: '$_id',
@@ -104,7 +106,13 @@ exports.curationSearchQuery = async (input) => {
               },
               object: 1,
               isNewCuration: { $literal: true },
-              status: '$entityState',
+              status: {
+                $cond: [
+                  { $eq: ['$curationState', 'Completed'] },
+                  'Approved',
+                  'Not Approved'
+                ]
+              },
               user: 1
             }
           }
@@ -112,12 +120,16 @@ exports.curationSearchQuery = async (input) => {
       }
     },
     { $match: filter },
-    { $group: { _id: null, count: { $sum: 1 }, xmlData: { $push: '$$ROOT' } } },
+    {
+      $facet: {
+        count: [{ $count: 'total' }],
+        xmlData: [{ $skip: skip }, { $limit: pageSize }]
+      }
+    },
     {
       $project: {
-        _id: 0,
-        count: 1,
-        xmlData: { $slice: ['$xmlData', skip, pageSize] }
+        count: { $arrayElemAt: ['$count.total', 0] },
+        xmlData: 1
       }
     }
   ]);
diff --git a/resfulservice/src/routes/jobs.js b/resfulservice/src/routes/jobs.js
new file mode 100644
index 000000000..a7daa90ce
--- /dev/null
+++ b/resfulservice/src/routes/jobs.js
@@ -0,0 +1,11 @@
+const express = require('express');
+const router = express.Router();
+const JobsController = require('../controllers/jobs');
+const isAuth = require('../middlewares/isAuth');
+const { latencyTimer } = require('../middlewares/latencyTimer');
+
+router
+  .route('/xml/adjust-status')
+  .post(isAuth, latencyTimer, JobsController.adjustXmlStatus);
+
+module.exports = router;
diff --git a/resfulservice/src/server.js b/resfulservice/src/server.js
index 5b76a1056..3b46ae442 100644
--- a/resfulservice/src/server.js
+++ b/resfulservice/src/server.js
@@ -20,6 +20,7 @@ const pixelatedRoutes = require('./routes/pixelated');
 const searchRoutes = require('./routes/search');
 const managedServiceRoutes = require('./routes/managed-service');
 const xmlRoutes = require('./routes/xml');
+const jobsRoutes = require('./routes/jobs');
 const resolvers = require('./graphql/resolver');
 const typeDefs = require('./graphql');
 const getHttpContext = require('./graphql/context/getHttpContext');
@@ -57,6 +58,7 @@ if (cluster.isMaster) {
   app.use('/pixelated', pixelatedRoutes);
   app.use('/mn', managedServiceRoutes);
   app.use('/xml', xmlRoutes);
+  app.use('/jobs', jobsRoutes);
   app.use('/*', invalidRoutes);
 
   const schema = makeExecutableSchema({ typeDefs, resolvers });
diff --git a/resfulservice/src/utils/curation-utility.js b/resfulservice/src/utils/curation-utility.js
index 48a971216..42b92bf09 100644
--- a/resfulservice/src/utils/curation-utility.js
+++ b/resfulservice/src/utils/curation-utility.js
@@ -294,7 +294,7 @@ async function getText(maybeUrlOrXml) {
       throw new Error(`GraphQL errors: ${String(errors)}`);
     }
     return {
-      id: data?.data?.xmlViewer?.id || '',
+      id: data?.data?.id || data?.data?.xmlViewer?.id || '',
       rawXml: data?.data?.xmlViewer?.xmlString || ''
     };
   }
@@ -476,7 +476,7 @@ function normalizeXml(xml) {
   // if entire payload is wrapped in the SAME quote char, unwrap once
   const first = s[0];
   const last = s[s.length - 1];
-  if ((first === '\'' && last === '\'') || (first === '"' && last === '"')) {
+  if ((first === "'" && last === "'") || (first === '"' && last === '"')) {
     const inner = s.slice(1, -1);
     if (inner.includes('<') && inner.includes('>')) s = inner;
   }