fix: replace event count limit with time-based window for past schedule (#107 )

The groupedSchedule useMemo used slice(0, 2000) to limit events. With daily medications having start dates far in the past, thousands of past events would fill all 2000 slots, pushing today and future events completely out of the display. This caused the past schedule to only show weekly medications (fewer events) while daily medications appeared missing. Replace the fixed count limit with a time-based window: only past events within the scheduleDays window (30/90/180 days) are included. All today and future events are always included regardless. Coverage calculations are not affected as they use schedule.events directly.
fix: use PR instead of direct push for badge updates (#106 )
2026-02-07 00:35:14 +01:00 · 2026-02-07 00:15:05 +01:00 · 2026-02-07 00:08:58 +01:00 · 2026-02-06 22:59:40 +01:00 · 2026-02-06 22:38:28 +01:00 · 2026-02-06 22:27:01 +01:00
182 changed files with 57022 additions and 10686 deletions
@@ -78,4 +78,44 @@ REMINDER_DAYS_BEFORE=7
 # Admin settings (not editable in UI)
 REMINDER_HOUR=6                   # 24h format (0-23), e.g. 6 = 6:00 AM, 18 = 6:00 PM
 REMINDER_MINUTES_BEFORE=15        # Minutes before intake to send reminder
-EXPIRY_WARNING_DAYS=30            # Days before expiry to show yellow warning
+EXPIRY_WARNING_DAYS=30            # Days before expiry to show yellow warning
 # =============================================================================
 # Default User Settings (applied when new user is created)
 # =============================================================================
 # These ENV values are only used as DEFAULTS when a new user is created.
 # Once a user saves their settings in the app, these ENV values are ignored
 # for that user - their saved preferences take precedence.
 #
 # Useful for server admins to pre-configure settings for all new users.
 # =============================================================================
 # Email notifications (requires SMTP config above)
 # DEFAULT_EMAIL_ENABLED=false
 # DEFAULT_NOTIFICATION_EMAIL=
 # DEFAULT_EMAIL_STOCK_REMINDERS=true
 # DEFAULT_EMAIL_INTAKE_REMINDERS=true
 # Push notifications (ntfy/gotify via Shoutrrr)
 # DEFAULT_SHOUTRRR_ENABLED=false
 # DEFAULT_SHOUTRRR_URL=
 # DEFAULT_SHOUTRRR_STOCK_REMINDERS=true
 # DEFAULT_SHOUTRRR_INTAKE_REMINDERS=true
 # Repeat/nagging reminders for missed doses
 # DEFAULT_REPEAT_REMINDERS_ENABLED=false
 # DEFAULT_REMINDER_REPEAT_INTERVAL_MINUTES=30
 # DEFAULT_MAX_NAGGING_REMINDERS=5
 # DEFAULT_SKIP_REMINDERS_FOR_TAKEN_DOSES=false
 # Stock reminder settings
 # DEFAULT_REPEAT_DAILY_REMINDERS=false
 # Stock thresholds (days of supply)
 # DEFAULT_LOW_STOCK_DAYS=30
 # DEFAULT_NORMAL_STOCK_DAYS=90
 # DEFAULT_HIGH_STOCK_DAYS=180
 # UI defaults
 # DEFAULT_LANGUAGE=en              # en or de
 # DEFAULT_STOCK_CALCULATION_MODE=automatic  # automatic or manual
@@ -0,0 +1,78 @@
 name: 🐛 Bug Report
 description: Report a bug or unexpected behavior
 labels: ["bug", "triage"]
 body:
  - type: markdown
    attributes:
      value: |
        Thanks for taking the time to report a bug! Please fill out the sections below.
  - type: textarea
    id: description
    attributes:
      label: Bug Description
      description: A clear and concise description of what the bug is.
      placeholder: What happened?
    validations:
      required: true
  - type: textarea
    id: steps
    attributes:
      label: Steps to Reproduce
      description: How can we reproduce this issue?
      placeholder: |
        1. Go to '...'
        2. Click on '...'
        3. See error
    validations:
      required: true
  - type: textarea
    id: expected
    attributes:
      label: Expected Behavior
      description: What did you expect to happen?
      placeholder: What should have happened instead?
    validations:
      required: true
  - type: textarea
    id: screenshots
    attributes:
      label: Screenshots
      description: If applicable, add screenshots to help explain your problem.
      placeholder: Drag and drop images here
  - type: dropdown
    id: deployment
    attributes:
      label: Deployment Type
      description: How are you running MedAssist?
      options:
        - Docker Compose (Production)
        - Docker Compose (Development)
        - Local development (npm run dev)
        - Other
    validations:
      required: true
  - type: input
    id: browser
    attributes:
      label: Browser
      description: What browser are you using?
      placeholder: e.g. Chrome 120, Firefox 121, Safari 17
  - type: textarea
    id: logs
    attributes:
      label: Relevant Log Output
      description: Please copy and paste any relevant log output (backend or browser console).
      render: shell
  - type: textarea
    id: additional
    attributes:
      label: Additional Context
      description: Add any other context about the problem here.
@@ -0,0 +1,8 @@
 blank_issues_enabled: true
 contact_links:
  - name: 💬 Discussions
    url: https://github.com/DanielVolz/medassist-ng/discussions
    about: Ask questions or share ideas in Discussions
  - name: 📖 Documentation
    url: https://github.com/DanielVolz/medassist-ng#readme
    about: Check the README for setup and usage instructions
@@ -0,0 +1,77 @@
 name: ✨ Feature Request
 description: Suggest a new feature or improvement
 labels: ["enhancement", "triage"]
 body:
  - type: markdown
    attributes:
      value: |
        Thanks for suggesting an improvement! Please fill out the sections below.
  - type: textarea
    id: problem
    attributes:
      label: Problem or Motivation
      description: Is your feature request related to a problem? Please describe.
      placeholder: I'm always frustrated when...
    validations:
      required: true
  - type: textarea
    id: solution
    attributes:
      label: Proposed Solution
      description: Describe the solution you'd like to see.
      placeholder: A clear and concise description of what you want to happen.
    validations:
      required: true
  - type: textarea
    id: alternatives
    attributes:
      label: Alternatives Considered
      description: Describe any alternative solutions or features you've considered.
      placeholder: Other approaches you thought about
  - type: dropdown
    id: area
    attributes:
      label: Affected Area
      description: Which part of the app does this affect?
      options:
        - Dashboard
        - Medications
        - Schedule / Timeline
        - Planner
        - Settings
        - Notifications (Email/Push)
        - Authentication
        - Share functionality
        - Mobile experience
        - API / Backend
        - Other
    validations:
      required: true
  - type: dropdown
    id: priority
    attributes:
      label: Priority (your opinion)
      description: How important is this feature to you?
      options:
        - Nice to have
        - Would be helpful
        - Important for my use case
        - Critical / Blocking
  - type: textarea
    id: mockups
    attributes:
      label: Mockups / Examples
      description: If you have any mockups, screenshots, or examples from other apps, add them here.
      placeholder: Drag and drop images here
  - type: textarea
    id: additional
    attributes:
      label: Additional Context
      description: Add any other context about the feature request here.
@@ -0,0 +1,17 @@
 name: "MedAssist CodeQL Config"
 # Paths to ignore in CodeQL analysis
 paths-ignore:
  - "**/node_modules/**"
  - "**/dist/**"
  - "**/*.test.ts"
  - "**/test/**"
 # Query filters to suppress false positives
 query-filters:
  # Rate limiting IS implemented via @fastify/rate-limit plugin (registered in index.ts)
  # Route-specific limits are applied via config.rateLimit option
  # CodeQL doesn't recognize this Fastify-specific pattern
  - exclude:
      id: js/missing-rate-limiting
@@ -1,5 +1,16 @@
 # MedAssist-ng - AI Coding Instructions
 ## General Rules
 - **English is the primary language**: All code, comments, documentation, commit messages, PR descriptions, and GitHub releases MUST be written in English. The user may communicate in German, but all project artifacts must be in English.
 - **NEVER release without explicit permission**: Do NOT create tags, releases, or version bumps unless the user explicitly asks for it. Always wait for explicit confirmation before any release action.
 - **NEVER create PRs without explicit permission**: Do NOT create Pull Requests, push branches, or merge code unless the user explicitly asks for it. Always present changes and wait for the user to confirm before any git operations that affect the remote repository.
 - **No temporary files**: Delete temporary scripts/files immediately after use. Do not commit temporary debug scripts, test files, or one-off utilities to the repository.
 - **Clean workspace**: Always clean up after yourself. If you create a file for a specific task, delete it once done.
 - **Remove old code when re-implementing**: When fixing a bug or re-implementing a feature that didn't work, ALWAYS remove the old/broken code completely. Never leave dead code, unused functions, or obsolete implementations in the codebase.
 - **Tests are mandatory**: Every new feature and every bug fix MUST have corresponding tests. When modifying existing features, update or add tests accordingly. If old tests become obsolete due to code changes, remove or update them.
 - **Fix bugs, don't test around them**: If you discover incorrect behavior in the code while writing tests, ALWAYS fix the buggy code first, then write tests that verify the correct behavior. NEVER write tests that mimic or assert broken behavior. The user's time is finite and irreplaceable — every bug left unfixed wastes it.
 ## Architecture Overview
 MedAssist-ng is a **medication tracking and planning app** with a monorepo structure:
@@ -33,8 +44,277 @@ docker compose up -d
 # Database migrations
 cd backend && npm run migrate
 # Run tests
 cd backend && npm test              # Run all tests
 cd backend && npm run test:coverage # Run with coverage report
 ```
 ## Testing (MANDATORY)
 > ⚠️ **IMPORTANT**: Every new feature MUST be covered by tests!
 > Pull Requests without tests for new features will not be accepted.
 ### Test Framework
 - **Vitest 2.1** with v8 Coverage
 - Tests in `backend/src/test/*.test.ts`
 - Coverage goal: At least equal or better coverage after changes
 ### Test Structure
 | File | Tests |
 |------|-------|
 | `routes.test.ts` | API endpoints (Auth, Medications, Doses, Settings, Share, Planner) |
 | `services.test.ts` | Scheduler utilities (Timezone, Blisters, Usage calculation) |
 | `db.test.ts` | Database schema and operations |
 ### Writing Tests
 ```typescript
 // Backend Test Example (backend/src/test/example.test.ts)
 import { describe, it, expect, beforeAll, afterAll } from 'vitest';
 import { createTestApp, createTestUser } from './routes.test'; // Test-Utilities
 describe('Feature Name', () => {
  let app: FastifyInstance;
  let authToken: string;
  beforeAll(async () => {
    app = await createTestApp();
    const user = await createTestUser(app);
    authToken = user.token;
  });
  afterAll(async () => {
    await app.close();
  });
  it('should do something specific', async () => {
    const response = await app.inject({
      method: 'GET',
      url: '/endpoint',
      headers: { Authorization: `Bearer ${authToken}` }
    });
    expect(response.statusCode).toBe(200);
    expect(response.json()).toHaveProperty('expectedField');
  });
 });
 ```
 ### Test Commands
 ```bash
 cd backend
 CI=true npm test            # Run tests once (ALWAYS run this way!)
 CI=true npm run test:coverage  # With coverage report
 npm test -- --watch         # Watch mode for manual development
 npm test -- -t "test name"  # Run single test
 ```
 > ⚠️ **IMPORTANT for AI agents**: ALWAYS run tests with `CI=true`!
 > Without `CI=true`, Vitest runs in watch mode and waits for input.
 ## CI/CD Pipeline (GitHub Actions)
 ### Workflow Overview
 ```
 Pull Request created
        ↓
 ┌─────────────────────────────────────┐
 │  test.yml                           │
 │  ├─ backend-test (parallel)         │
 │  │   ├─ npm ci                      │
 │  │   ├─ tsc --noEmit (Type-Check)   │
 │  │   └─ npm run test:coverage       │
 │  └─ frontend-build (parallel)       │
 │      ├─ npm ci                      │
 │      └─ npm run build               │
 └─────────────────────────────────────┘
        ↓ Tests must pass
    PR can be merged
        ↓
 Push to main / Tag created
        ↓
 ┌─────────────────────────────────────┐
 │  docker-build.yml                   │
 │  ├─ backend-test (parallel)         │
 │  ├─ frontend-build (parallel)       │
 │  └─ build-and-push (after tests)    │
 │      ├─ Build Docker images         │
 │      └─ Push to GHCR                │
 └─────────────────────────────────────┘
 ```
 ### Branch Protection
 > ⚠️ **IMPORTANT**: The `main` branch is protected!  
 > Direct pushing to `main` is **not possible** - GitHub will reject the push.  
 > All changes must go through Pull Requests.
 - **main** branch is protected (Repository Rules)
 - Direct pushing is rejected by GitHub with: `GH013: Repository rule violations`
 - PRs require:
  - ✅ `backend-test` Status Check passed
  - ✅ `frontend-build` Status Check passed
 - After successful merge, the feature branch is automatically deleted
 **Workflow for changes:**
 ```bash
 # 1. Create feature branch
 git checkout -b feat/my-feature
 # 2. Commit and push changes
 git add . && git commit -m "feat: Description"
 git push -u origin feat/my-feature
 # 3. Create PR (via GitHub CLI or Web)
 gh pr create --title "My Feature" --body "Description"
 # 4. Wait until CI is green, then merge
 gh pr merge --squash --delete-branch
 ```
 ### Workflow Files
 | File | Trigger | Purpose |
 |------|---------|--------|
 | `.github/workflows/test.yml` | Pull Requests | Run tests, block PR on failures |
 | `.github/workflows/docker-build.yml` | Push to main, Tags | Tests + Build and push Docker images |
 ### Adding New Code - Checklist
 1. ✅ Implement feature
 2. ✅ Write tests for the feature
 3. ✅ Run `npm run test:coverage` locally
 4. ✅ Coverage must not decrease
 5. ✅ Create and push feature branch
 6. ✅ Create Pull Request
 7. ✅ Wait until CI is green
 8. ✅ Merge PR (branch is automatically deleted)
 ## GitHub Releases
 > ⚠️ **IMPORTANT**: All GitHub Releases must be written in **English**!
 ### Release Workflow (MANDATORY for minor/major releases)
 The `main` branch is protected - releases are created via GitHub's release UI or API.
 **Release Process:**
 1. Create a new release on GitHub with tag `vX.Y.Z`
 2. **Automatic Version Bump**: A GitHub Action (`version-bump.yml`) automatically updates `package.json` versions to match the release tag
 3. User asks AI to write release notes: "Write the release notes for vX.Y.Z"
 4. AI writes descriptive release notes following the style guide below
 5. User publishes the release with the written notes
 > ⚠️ **MANDATORY for minor and major releases**: The AI assistant MUST write proper descriptive release notes!
 > Do NOT just publish the auto-generated commit list. Follow the process above.
 **AI Assistant Release Notes Workflow:**
 1. When user asks to write release notes for a version:
   - Check commits since previous tag: `git log vPREV..vNEW --oneline`
   - Read through the changes to understand what was added/fixed
   - Write release notes following the style guide below
   - Present the notes to the user for copying to GitHub
 ### Creating Release Notes
 > ⚠️ **MANDATORY**: GitHub Releases MUST contain a written message!
 > Not just auto-generated commit lists, but a brief descriptive text.
 **Release title:** Use just `vX.Y.Z` (e.g., `v1.4.1`), NOT "Release vX.Y.Z".
 **Keep it informative but concise.** Users want to know what changed and where to find it.
 **Required structure of release notes:**
 1. **"What's New"** (1-2 sentences): Brief intro explaining the main change
 2. **"New Features" / "Improvements"**: Grouped bullet points with **bold feature names** and descriptions
 3. **"Where to Find It"**: Tell users where they can access the new feature
 4. **Breaking Changes Warning** (if applicable): See below
 **Style guidelines:**
 - Use `### Heading` for sections (New Features, Improvements, Security, etc.)
 - Use **bold** for feature names in bullet points
 - Keep descriptions on the same line as the feature name
 - Minimal emoji usage (sparingly, not on every line)
 - Always end with "Where to Find It" section
 **DO NOT include:**
 - ❌ Technical implementation details (new columns, endpoints, database changes)
 - ❌ Number of tests added
 - ❌ Internal API changes (unless breaking)
 - ❌ Excessive emoji on every bullet point
 - ❌ .gitignore changes or other developer-only file changes
 - ❌ AI/Copilot instruction updates
 - ❌ CI/CD workflow changes (unless affecting users)
 - ❌ Code refactoring without user-visible changes
 **Only include user-relevant changes** - things that affect what users see or experience in the app.
 **Example of good release notes:**
 ```markdown
 ## What's New
 This release introduces a medication refill tracking feature and improves the mobile user experience.
 ### New Features
 - **Medication Refill**: Track when you refill your medications with a single click. Add full packs or individual pills and view complete refill history.
 - **Automatic Stock Updates**: Stock levels are automatically recalculated after each refill.
 - **Refill History**: Each medication shows a complete history of all refills with timestamps.
 ### Mobile Improvements
 - **Centered Tooltips**: Info tooltips now display centered on screen for better readability.
 - **Touch-friendly**: Tooltips close automatically when scrolling on touch devices.
 ### Where to Find It
 The refill button appears in the medication detail modal and in the edit form for each medication.
 **Full Changelog**: https://github.com/DanielVolz/medassist-ng/compare/v1.2.3...v1.3.0
 ```
 ### Breaking Changes Warning (CRITICAL!)
 > ⚠️ **MANDATORY**: If an update breaks existing configurations or stored data, it MUST be prominently warned about in the release notes!
 **Breaking Changes include:**
 - Database schema changes without automatic migration
 - Removed or renamed ENV variables
 - Changed API endpoints
 - Incompatible `.env` format changes
 - Loss of stored data after update
 **Format for Breaking Changes:**
 ```markdown
 ## ⚠️ BREAKING CHANGES - Please read before updating!
 **Database migration required**: This update changes the database schema. 
 Existing installations need to:
 1. Create backup of `data/` folder
 2. Stop containers
 3. Perform update
 4. If issues occur: Rollback using backup
 **ENV variables changed**: 
 - `OLD_VAR` was renamed to `NEW_VAR`
 - `REMOVED_VAR` is no longer supported
 **Medication data**: Intake schedules with only one time entry will be automatically 
 migrated. Please verify all times are correct after update.
 ```
 **What is NOT a Breaking Change:**
 - ✅ New optional columns with DEFAULT values
 - ✅ New ENV variables (with sensible defaults)
 - ✅ New features that don't affect existing data
 - ✅ Bug fixes that correct behavior
 **Rule of thumb**: If a user can simply run `docker compose pull && docker compose up -d` 
 without adjusting anything → Not a Breaking Change.
 ## Key Patterns
 ### Backend Routes (`backend/src/routes/`)
@@ -142,9 +422,25 @@ Each blister defines a recurring intake:
 | Stock Thresholds | Warning days, critical days, expiry warning days |
 | Email Notifications | Enable, email address, stock/intake toggles |
 | Push Notifications (Shoutrrr) | Enable, URL (ntfy/gotify/etc), stock/intake toggles |
-| Reminder Settings | Days before, repeat daily |
+| Reminder Settings | Days before, repeat daily, skip for taken, repeat/nagging |
 | SMTP | Email config (read-only from .env) |
 ### Settings ENV Defaults
 All user settings can be pre-configured via ENV variables (see `.env.example`).
 These are only used as **defaults when a new user is created**.
 Once a user saves settings in the app, their saved values take precedence over ENV.
 | ENV Variable | Setting | Default |
 |--------------|---------|---------|
 | `DEFAULT_EMAIL_ENABLED` | Email notifications | false |
 | `DEFAULT_SHOUTRRR_ENABLED` | Push notifications | false |
 | `DEFAULT_SHOUTRRR_URL` | ntfy/gotify URL | (empty) |
 | `DEFAULT_REPEAT_REMINDERS_ENABLED` | Nagging reminders | false |
 | `DEFAULT_REMINDER_REPEAT_INTERVAL_MINUTES` | Nag interval | 30 |
 | `DEFAULT_MAX_NAGGING_REMINDERS` | Max nags | 5 |
 | `DEFAULT_LOW_STOCK_DAYS` | Low stock threshold | 30 |
 | `DEFAULT_LANGUAGE` | UI language | en |
 ## Database Schema (`backend/src/db/schema.ts`)
 | Table | Description |
@@ -205,15 +501,77 @@ Example: `5-0-1735344000000` = Medication 5, Blister 0, timestamp
 - **API responses**: Return objects directly, Fastify serializes to JSON
 - **Environment**: Copy `.env.example` → `.env`, secrets must be 10+ chars
 - **i18n**: All UI text via `t('key')` function, translations in `frontend/src/i18n/*.json`
 - **UI Consistency**: Always use existing components for modals, buttons, and forms. For confirmation dialogs, use `ConfirmModal` component. Never create inline modals with custom button styling - all UI elements must match the existing design system. When adding new sections to existing components, ensure font sizes, spacing, margins, and button styles match exactly with other sections. Check existing CSS classes before creating new ones.
-## Database Schema Changes
+## Database Schema Changes (IMPORTANT: Backward Compatibility!)
-When adding new database columns:
+> ⚠️ **CRITICAL**: The app MUST remain backward compatible with older databases!
 > Users upgrade their Docker containers but keep their existing DB.
 > The app must NOT crash if old columns are missing.
-1. **Update schema**: `backend/src/db/schema.ts` - Add the Drizzle column definition
+### ⚠️ MANDATORY for EVERY New Feature
-2. **Update client.ts**: `backend/src/db/client.ts` - Add column to `CREATE TABLE IF NOT EXISTS`
+
-3. **Update migrate.ts**: `backend/src/db/migrate.ts` - Same as client.ts
+**Before implementing ANY feature that touches user data or settings:**
-4. **Delete old DB**: `rm backend/data/medassist-ng.db` and restart
+
 1. **Check if new DB columns are needed** - Does the feature require storing new data?
 2. **If YES → Follow ALL steps below** - Schema.ts + Drizzle migration + ALTER migration + NULL-safe code
 3. **NEVER skip the ALTER migration** - This is the #1 cause of production 500 errors!
 **Common mistake:** Adding a column to `schema.ts` and forgetting the ALTER migration in `client.ts`.
 The Drizzle migration only works for NEW databases. Existing production databases need the ALTER migration!
 ### Schema Management with Drizzle Kit
 The database schema uses **Drizzle Kit** for migrations. There is a **single source of truth**:
 - **`backend/src/db/schema.ts`** - Drizzle ORM schema definitions (TypeScript)
 - **`backend/drizzle/`** - Generated SQL migrations (auto-generated from schema.ts)
 **DO NOT manually edit migration files!** They are generated from schema.ts.
 ### Adding New Columns
 1. **Add to schema.ts** with DEFAULT value:
   ```typescript
   maxNaggingReminders: integer("max_nagging_reminders").notNull().default(5),
   ```
 2. **Generate migration**:
   ```bash
   cd backend && npx drizzle-kit generate --name add_column_name
   ```
 3. **Add backward-compatible ALTER migration** in `client.ts` `runAlterMigrations()`:
   ```typescript
   `ALTER TABLE user_settings ADD COLUMN max_nagging_reminders integer NOT NULL DEFAULT 5`,
   ```
 4. **NULL-safe reading** in routes:
   ```typescript
   maxNaggingReminders: settings.maxNaggingReminders ?? 5,
   ```
 ### Rules for New Columns
 1. **ALWAYS with DEFAULT value**: New columns must have `NOT NULL DEFAULT <value>`
 2. **NULL-safe in code**: All queries must use `?? defaultValue` or `?? false`
 3. **Generate migration**: Run `npx drizzle-kit generate` after schema changes
 4. **Add ALTER migration**: For backward compatibility with existing DBs
 ### What is NOT Allowed
 - ❌ Deleting or renaming columns (breaks old DBs)
 - ❌ `NOT NULL` without `DEFAULT` (INSERT fails)
 - ❌ Reading columns without fallback in code
 - ❌ Manually editing migration SQL files
 - ❌ Documenting "delete DB" as a solution
 ### When Backward Compatibility is NOT Possible
 If a breaking change is unavoidable:
 1. **Explicitly communicate**: Document in release notes
 2. **Migration script**: Provide automatic upgrade script
 3. **Version check**: App should check DB version and warn
 ## File Locations
@@ -221,6 +579,8 @@ When adding new database columns:
 |---------|----------|
 | Backend entry | `backend/src/index.ts` |
 | Database schema | `backend/src/db/schema.ts` |
 | Drizzle migrations | `backend/drizzle/*.sql` |
 | Drizzle config | `backend/drizzle.config.ts` |
 | Backend routes | `backend/src/routes/*.ts` |
 | Backend services | `backend/src/services/*.ts` |
 | Frontend app | `frontend/src/App.tsx` |
@@ -0,0 +1,42 @@
 name: "CodeQL"
 on:
  push:
    branches: [main]
  pull_request:
    branches: [main]
  schedule:
    - cron: "0 6 * * 1" # Weekly on Monday at 6am UTC
  workflow_dispatch: # Allow manual trigger
 jobs:
  analyze:
    name: Analyze
    runs-on: ubuntu-latest
    permissions:
      actions: read
      contents: read
      security-events: write
    strategy:
      fail-fast: false
      matrix:
        language: [javascript-typescript]
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
      - name: Initialize CodeQL
        uses: github/codeql-action/init@v3
        with:
          languages: ${{ matrix.language }}
          config-file: ./.github/codeql/codeql-config.yml
      - name: Autobuild
        uses: github/codeql-action/autobuild@v3
      - name: Perform CodeQL Analysis
        uses: github/codeql-action/analyze@v3
        with:
          category: "/language:${{ matrix.language }}"
@@ -3,19 +3,12 @@ name: Build and Push Docker Images
 on:
  push:
    branches: [main]
    paths:
      - 'backend/**'
      - 'frontend/**'
      - 'docker-compose*.yml'
      - '.github/workflows/docker-build.yml'
    tags: ['v*']
    paths:
      - 'backend/**'
      - 'frontend/**'
      - 'docker-compose*.yml'
      - '.github/workflows/docker-build.yml'
  pull_request:
    branches: [main]
    paths:
      - 'backend/**'
      - 'frontend/**'
      - 'docker-compose*.yml'
      - '.github/workflows/docker-build.yml'
  workflow_dispatch:
    inputs:
      tag:
@@ -23,11 +16,59 @@ on:
        required: false
        default: ''
 # Default minimal permissions
 permissions:
  contents: read
 env:
  REGISTRY: ghcr.io
 jobs:
  # =============================================================================
  # Run Tests First
  # =============================================================================
  backend-test:
    name: Backend Tests
    runs-on: ubuntu-latest
    permissions:
      contents: read
    defaults:
      run:
        working-directory: backend
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-node@v4
        with:
          node-version: '22'
          cache: 'npm'
          cache-dependency-path: backend/package-lock.json
      - run: npm ci
      - run: npx tsc --noEmit
      - run: npm run test:run
  frontend-build:
    name: Frontend Build
    runs-on: ubuntu-latest
    permissions:
      contents: read
    defaults:
      run:
        working-directory: frontend
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-node@v4
        with:
          node-version: '22'
          cache: 'npm'
          cache-dependency-path: frontend/package-lock.json
      - run: npm ci
      - run: npm run build
  # =============================================================================
  # Build and Push Docker Images (only after tests pass)
  # =============================================================================
  build-and-push:
    needs: [backend-test, frontend-build]
    runs-on: ubuntu-latest
    permissions:
      contents: read
@@ -77,6 +118,8 @@ jobs:
          cache-from: type=gha
          cache-to: type=gha,mode=max
          platforms: linux/amd64,linux/arm64
          provenance: false
          sbom: false
  # =============================================================================
  # Create GitHub Release (only on tag push)
@@ -94,13 +137,28 @@ jobs:
        with:
          fetch-depth: 0  # Fetch all history for changelog generation
      - name: Check if release exists
        id: check_release
        run: |
          CURRENT_TAG=${GITHUB_REF#refs/tags/}
          if gh release view "$CURRENT_TAG" &>/dev/null; then
            echo "exists=true" >> $GITHUB_OUTPUT
            echo "Release $CURRENT_TAG already exists, skipping creation"
          else
            echo "exists=false" >> $GITHUB_OUTPUT
          fi
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
      - name: Get previous tag
        if: steps.check_release.outputs.exists == 'false'
        id: prev_tag
        run: |
          PREV_TAG=$(git describe --tags --abbrev=0 HEAD^ 2>/dev/null || echo "")
          echo "tag=${PREV_TAG}" >> $GITHUB_OUTPUT
      - name: Generate changelog
        if: steps.check_release.outputs.exists == 'false'
        id: changelog
        run: |
          CURRENT_TAG=${GITHUB_REF#refs/tags/}
@@ -129,6 +187,7 @@ jobs:
          echo "**Full Changelog**: https://github.com/${{ github.repository }}/compare/${PREV_TAG}...${CURRENT_TAG}" >> changelog.md
      - name: Create GitHub Release
        if: steps.check_release.outputs.exists == 'false'
        uses: softprops/action-gh-release@v2
        with:
          body_path: changelog.md
@@ -16,27 +16,63 @@ jobs:
        with:
          fetch-depth: 0
-      - name: Generate changelog
+      - name: Get version info
-        id: changelog
+        id: version
        run: |
          CURRENT_TAG=${GITHUB_REF#refs/tags/}
          VERSION=${CURRENT_TAG#v}
          echo "tag=$CURRENT_TAG" >> $GITHUB_OUTPUT
          echo "version=$VERSION" >> $GITHUB_OUTPUT
          # Get previous tag
-          PREV_TAG=$(git describe --tags --abbrev=0 HEAD^ 2>/dev/null || echo "")
+          PREV_TAG=$(git tag --sort=-v:refname | grep -A1 "^${CURRENT_TAG}$" | tail -1)
-          
+          if [ "$PREV_TAG" = "$CURRENT_TAG" ]; then
-          if [ -z "$PREV_TAG" ]; then
+            PREV_TAG=""
            # First release - get all commits
            CHANGES=$(git log --pretty=format:"- %s" HEAD)
          else
            # Get commits since last tag
            CHANGES=$(git log --pretty=format:"- %s" ${PREV_TAG}..HEAD)
          fi
-          
+          echo "previous_tag=$PREV_TAG" >> $GITHUB_OUTPUT
          # Write to file for multiline support
          echo "$CHANGES" > changelog.txt
-      - name: Create Release
+      - name: Generate release template
        run: |
          cat > release_notes.md << 'EOF'
          ## What's New
          <!-- 
          Write 1-2 sentences describing the main changes in this release.
          Example: This release introduces a medication refill tracking feature and improves the mobile user experience.
          -->
          ### New Features
          <!-- List new features with **bold** names and descriptions -->
          - **Feature Name**: Description of the feature
          ### Improvements
          <!-- List improvements and fixes -->
          - **Improvement**: Description
          ### Where to Find It
          <!-- Tell users where they can access new features -->
          ---
          ## Docker Images
          ```bash
          docker pull ghcr.io/danielvolz/medassist-ng-backend:${{ steps.version.outputs.version }}
          docker pull ghcr.io/danielvolz/medassist-ng-frontend:${{ steps.version.outputs.version }}
          ```
          **Full Changelog**: https://github.com/DanielVolz/medassist-ng/compare/${{ steps.version.outputs.previous_tag }}...${{ steps.version.outputs.tag }}
          EOF
      - name: Create Draft Release
        uses: softprops/action-gh-release@v1
        with:
-          body_path: changelog.txt
+          body_path: release_notes.md
-          generate_release_notes: true
+          draft: true
          generate_release_notes: false
          name: "Release ${{ steps.version.outputs.tag }}"
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -0,0 +1,85 @@
 name: Test
 on:
  pull_request:
    branches: [main]
 # Minimal permissions for security
 permissions:
  contents: read
 jobs:
  # =============================================================================
  # Backend Tests
  # =============================================================================
  backend-test:
    name: Backend Tests
    runs-on: ubuntu-latest
    permissions:
      contents: read
    defaults:
      run:
        working-directory: backend
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version: '22'
          cache: 'npm'
          cache-dependency-path: backend/package-lock.json
      - name: Install dependencies
        run: npm ci
      - name: Lint
        run: npm run lint
      - name: TypeScript type check
        run: npx tsc --noEmit
      - name: Run tests with coverage
        run: npm run test:coverage
      - name: Upload coverage report
        uses: actions/upload-artifact@v4
        if: always()
        with:
          name: backend-coverage
          path: backend/coverage/
          retention-days: 7
  # =============================================================================
  # Frontend Build Validation
  # =============================================================================
  frontend-build:
    name: Frontend Build
    runs-on: ubuntu-latest
    permissions:
      contents: read
    defaults:
      run:
        working-directory: frontend
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version: '22'
          cache: 'npm'
          cache-dependency-path: frontend/package-lock.json
      - name: Install dependencies
        run: npm ci
      - name: Lint
        run: npm run lint
      - name: TypeScript type check & build
        run: npm run build
@@ -0,0 +1,107 @@
 name: Update Test Badges
 on:
  workflow_dispatch:
  push:
    branches: [main]
    paths:
      - 'backend/src/**'
      - 'frontend/src/**'
      - 'backend/package.json'
      - 'frontend/package.json'
 permissions:
  contents: write
 jobs:
  update-badges:
    name: Update Test Count Badges
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
        with:
          token: ${{ secrets.GITHUB_TOKEN }}
      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version: '22'
          cache: 'npm'
          cache-dependency-path: '**/package-lock.json'
      - name: Install backend dependencies
        working-directory: backend
        run: npm ci
      - name: Install frontend dependencies
        working-directory: frontend
        run: npm ci
      - name: Run backend tests and capture count
        id: backend-tests
        working-directory: backend
        timeout-minutes: 5
        env:
          CI: true
        run: |
          OUTPUT=$(npm run test:run 2>&1) || true
          echo "$OUTPUT"
          # Strip ANSI escape codes, then extract "Tests  X passed" from output
          CLEAN=$(echo "$OUTPUT" | sed 's/\x1b\[[0-9;]*m//g')
          PASSED=$(echo "$CLEAN" | grep -oP 'Tests\s+\K\d+(?=\s+passed)' | tail -1)
          echo "count=$PASSED" >> $GITHUB_OUTPUT
      - name: Run frontend tests and capture count
        id: frontend-tests
        working-directory: frontend
        timeout-minutes: 5
        env:
          CI: true
        run: |
          OUTPUT=$(npm run test:run 2>&1) || true
          echo "$OUTPUT"
          # Strip ANSI escape codes, then extract "Tests  X passed" from output
          CLEAN=$(echo "$OUTPUT" | sed 's/\x1b\[[0-9;]*m//g')
          PASSED=$(echo "$CLEAN" | grep -oP 'Tests\s+\K\d+(?=\s+passed)' | tail -1)
          echo "count=$PASSED" >> $GITHUB_OUTPUT
      - name: Update README badges
        run: |
          BACKEND_COUNT="${{ steps.backend-tests.outputs.count }}"
          FRONTEND_COUNT="${{ steps.frontend-tests.outputs.count }}"
          echo "Backend tests: $BACKEND_COUNT"
          echo "Frontend tests: $FRONTEND_COUNT"
          # Only update if we got valid counts
          if [[ -n "$BACKEND_COUNT" && -n "$FRONTEND_COUNT" ]]; then
            # URL encode the slash for shields.io
            BACKEND_BADGE="https://img.shields.io/badge/Backend_Tests-${BACKEND_COUNT}%2F${BACKEND_COUNT}-brightgreen?logo=vitest"
            FRONTEND_BADGE="https://img.shields.io/badge/Frontend_Tests-${FRONTEND_COUNT}%2F${FRONTEND_COUNT}-brightgreen?logo=vitest"
            # Update README using sed
            sed -i "s|https://img.shields.io/badge/Backend_Tests-[^\"]*|$BACKEND_BADGE|g" README.md
            sed -i "s|https://img.shields.io/badge/Frontend_Tests-[^\"]*|$FRONTEND_BADGE|g" README.md
            echo "Updated badges in README.md"
          else
            echo "Could not extract test counts, skipping update"
            exit 0
          fi
      - name: Create Pull Request
        uses: peter-evans/create-pull-request@v7
        with:
          token: ${{ secrets.GITHUB_TOKEN }}
          commit-message: 'chore: update test count badges'
          title: 'chore: update test count badges'
          body: |
            Automated update of test count badges in README.md.
            - Backend tests: ${{ steps.backend-tests.outputs.count }}
            - Frontend tests: ${{ steps.frontend-tests.outputs.count }}
          branch: chore/update-test-badges
          delete-branch: true
          labels: automated
@@ -0,0 +1,57 @@
 name: Version Bump on Release
 on:
  release:
    types: [published]
 permissions:
  contents: write
 jobs:
  version-bump:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          ref: main
          token: ${{ secrets.GITHUB_TOKEN }}
      - name: Get version from tag
        id: version
        run: |
          # Extract version from tag (e.g., v1.6.0 -> 1.6.0)
          VERSION="${GITHUB_REF_NAME#v}"
          echo "version=$VERSION" >> $GITHUB_OUTPUT
          echo "Extracted version: $VERSION"
      - name: Update package.json versions
        run: |
          VERSION="${{ steps.version.outputs.version }}"
          # Update backend/package.json
          jq --arg v "$VERSION" '.version = $v' backend/package.json > backend/package.json.tmp
          mv backend/package.json.tmp backend/package.json
          # Update frontend/package.json
          jq --arg v "$VERSION" '.version = $v' frontend/package.json > frontend/package.json.tmp
          mv frontend/package.json.tmp frontend/package.json
          echo "Updated versions to $VERSION"
          cat backend/package.json | head -5
          cat frontend/package.json | head -5
      - name: Commit and push
        run: |
          git config user.name "github-actions[bot]"
          git config user.email "github-actions[bot]@users.noreply.github.com"
          git add backend/package.json frontend/package.json
          # Only commit if there are changes
          if git diff --staged --quiet; then
            echo "No version changes needed"
          else
            git commit -m "chore: bump version to ${{ steps.version.outputs.version }} [skip ci]"
            git push origin main
          fi
@@ -1,33 +1,83 @@
-# Node
+# ===================
 # Dependencies
 # ===================
 node_modules/
 .pnpm-store/
 # ===================
 # Build outputs
 # ===================
 dist/
 build/
 .tmp/
 *.tsbuildinfo
 # ===================
 # Test & Coverage
 # ===================
 coverage/
 .nyc_output/
 # Playwright
 /frontend/playwright-report/
 /frontend/test-results/
 /frontend/e2e/.auth/
 /frontend/blob-report/
 # ===================
 # Environment
 # ===================
 .env
 .env.*
 !.env.example
 # ===================
 # Database & Data
 # ===================
 *.db
 *.sqlite
 *.sqlite3
 *.db-journal
 *.db-wal
 *.db-shm
 data/
 # ===================
 # Logs
 # ===================
 logs/
 *.log
 npm-debug.log*
 yarn-debug.log*
 yarn-error.log*
 pnpm-debug.log*
-# Build outputs
+# ===================
-dist/
+# OS files
-build/
+# ===================
 coverage/
 .tmp/
 # Env
 .env
 .env.*
 !.env.example
 # SQLite
 *.db
 *.sqlite
 *.sqlite3
 *.db-journal
 backend/data/
 # Logs
 logs/
 *.log
 # Editor
 .vscode/
 .idea/
 .DS_Store
 Thumbs.db
 *.swp
 *.swo
 *~
 # ===================
 # IDE / Editor
 # ===================
 .idea/
 *.sublime-project
 *.sublime-workspace
 # Keep shared VS Code settings
 # .vscode/ is NOT ignored - settings.json is useful for the team
 # ===================
 # Misc
 # ===================
 *.local
 .cache/
 .turbo/
 .roo/
 .roomodes
 AGENTS.md
 docs/TECH_STACK.md
@@ -0,0 +1 @@
 npx lint-staged
@@ -0,0 +1,5 @@
 {
  "vitest.root": "backend",
  "vitest.enable": true,
  "vitest.commandLine": "npm test --"
 }
@@ -17,6 +17,11 @@
  <img src="https://img.shields.io/badge/Docker-Ready-2496ED?logo=docker" alt="Docker" />
 </p>
 <p align="center">
  <img src="https://img.shields.io/badge/Backend_Tests-454%2F454-brightgreen?logo=vitest" alt="Backend Tests 454/454" />
  <img src="https://img.shields.io/badge/Frontend_Tests-611%2F611-brightgreen?logo=vitest" alt="Frontend Tests 611/611" />
 </p>
 ### 🤖 AI-Generated Code
 > This app was 100% coded with Claude Opus 4.5. Use at your own risk.
@@ -28,6 +33,7 @@
 > **Think of this app as a helpful tool, but make all health decisions independently!**
 - [Features](#features)
 - [Screenshots](#screenshots)
 - [Getting Started](#getting-started)
 - [Configuration](#configuration)
 - [Development](#development)
@@ -38,11 +44,91 @@
  <img src="docs/gifs/MedAssist-demo.gif" alt="MedAssist-ng Dashboard" width="100%" />
 </p>
 <a id="screenshots"></a>
 <details>
 <summary><strong>Screenshots</strong></summary>
 <blockquote>
 <details>
 <summary>Dashboard</summary>
 Overview with stock status, reorder reminders, and upcoming schedules.
 <img src="docs/screenshots/dashboard-desktop.png" alt="Dashboard" width="100%" />
 </details>
 <details>
 <summary>Medication Detail</summary>
 View medication details, stock information, and intake schedule.
 <img src="docs/screenshots/medication-detail-modal.png" alt="Medication Detail Modal" width="100%" />
 </details>
 <details>
 <summary>Medications & Edit Form</summary>
 Manage your medications with the edit form and refill feature.
 <img src="docs/screenshots/medications-edit-desktop.png" alt="Medications Edit Form" width="100%" />
 </details>
 <details>
 <summary>Demand Calculator (Planner)</summary>
 Calculate how many pills you need for a specific date range.
 <img src="docs/screenshots/planner-desktop.png" alt="Planner - Demand Calculator" width="100%" />
 </details>
 <details>
 <summary>Shared Schedule</summary>
 Share your medication schedule with others via a public link.
 <img src="docs/screenshots/share-schedule-desktop.png" alt="Shared Schedule" width="100%" />
 </details>
 <details>
 <summary>Mobile Views</summary>
 <table>
  <tr>
    <td align="center" width="33%">
      <strong>Dashboard</strong><br>
      <img src="docs/screenshots/dashboard-mobile.png" alt="Mobile Dashboard" width="100%" />
    </td>
    <td align="center" width="33%">
      <strong>Medications</strong><br>
      <img src="docs/screenshots/medications-mobile.png" alt="Mobile Medications" width="100%" />
    </td>
    <td align="center" width="33%">
      <strong>Schedule</strong><br>
      <img src="docs/screenshots/schedule-mobile.png" alt="Mobile Schedule" width="100%" />
    </td>
  </tr>
 </table>
 </details>
 </blockquote>
 </details>
 ### Smart Inventory
 - Track exact stock: packs, blisters, and loose pills
 - Display remaining days of supply
 - Automatic calculation based on intake schedule
 ### Medication Refill
 - One-click refill with pack or loose pill options
 - Complete refill history per medication
 - Automatic stock updates after each refill
 ### Flexible Schedules
 - Daily, weekly, or custom intervals per medication
 - Independent schedules for each medication
@@ -60,9 +146,14 @@
 - Manage medications for multiple people
 - Share schedules via link. Recipients can mark doses as taken, you see it live
 ### Data Export & Import
 - Export all your data (medications, dose history, settings) as JSON
 - Import previously exported data with automatic ID remapping
 - Choose whether to include sensitive data in exports
 ### Notifications
 - Email via SMTP
- Push notifications via ntfy, Gotify, Telegram, Discord (Shoutrrr)
+- Push notifications via ntfy, Pushover, Gotify, Telegram, Discord & more ([Shoutrrr](https://containrrr.dev/shoutrrr/))
 - Supports both stock warnings and intake reminders
 ### Privacy & Security
@@ -148,6 +239,54 @@ Generate secrets with: `openssl rand -hex 32`
 | `REMINDER_MINUTES_BEFORE` | `15` | Minutes before intake to send reminder |
 | `EXPIRY_WARNING_DAYS` | `30` | Days before expiry to show warning |
 ### Push Notifications (Shoutrrr)
 MedAssist uses [Shoutrrr](https://containrrr.dev/shoutrrr/) for push notifications, supporting many services with a single URL format.
 **Supported services:** ntfy, Pushover, Gotify, Discord, Telegram, Slack, Matrix, and [many more](https://containrrr.dev/shoutrrr/v0.8/services/overview/).
 Configure push notifications in Settings → Push, or set defaults via environment variables:
 | Variable | Default | Description |
 |----------|---------|-------------|
 | `DEFAULT_SHOUTRRR_ENABLED` | `false` | Enable push notifications by default |
 | `DEFAULT_SHOUTRRR_URL` | — | Shoutrrr URL (see examples below) |
 | `DEFAULT_SHOUTRRR_STOCK_REMINDERS` | `true` | Send stock warnings via push |
 | `DEFAULT_SHOUTRRR_INTAKE_REMINDERS` | `true` | Send intake reminders via push |
 #### URL Examples
 **ntfy** (free, self-hostable):
 ```
 ntfy://ntfy.sh/your-topic
 ntfy://user:password@your-server.com/topic
 ```
 **Pushover** (free app for iOS/Android):
 ```
 pushover://shoutrrr:API_TOKEN@USER_KEY/
 ```
 Get your keys at [pushover.net](https://pushover.net/):
 - **User Key**: Shown on your dashboard (top right)
 - **API Token**: Create an application → copy the API Token
 **Gotify** (self-hosted):
 ```
 gotify://your-server.com/TOKEN
 ```
 **Discord**:
 ```
 discord://TOKEN@WEBHOOK_ID
 ```
 **Telegram**:
 ```
 telegram://TOKEN@telegram?chats=CHAT_ID
 ```
 For all services and options, see the [Shoutrrr documentation](https://containrrr.dev/shoutrrr/v0.8/services/overview/).
 # Development
 ```bash
@@ -0,0 +1,35 @@
 # Dependencies
 node_modules/
 # Build outputs
 dist/
 coverage/
 # Development files
 *.log
 npm-debug.log*
 # Test files
 src/test/
 *.test.ts
 vitest.config.ts
 # Local data (mounted as volume in production)
 data/
 # IDE
 .vscode/
 .idea/
 # OS files
 .DS_Store
 Thumbs.db
 # Git
 .git/
 .gitignore
 # Docker
 Dockerfile
 .dockerignore
 docker-compose*.yml
@@ -46,6 +46,9 @@ COPY --from=builder /app/node_modules ./node_modules
 COPY --from=builder /app/dist ./dist
 COPY --from=builder /app/package.json ./
 # Copy drizzle migrations folder (required for database setup)
 COPY drizzle ./drizzle
 # Create data directory and set ownership to node user (UID 1000)
 RUN mkdir -p /app/data && chown -R node:node /app
@@ -0,0 +1,10 @@
 import { defineConfig } from "drizzle-kit";
 export default defineConfig({
  schema: "./src/db/schema.ts",
  out: "./drizzle",
  dialect: "sqlite",
  dbCredentials: {
    url: process.env.DATABASE_URL || "./data/medassist.db",
  },
 });
@@ -0,0 +1,112 @@
 CREATE TABLE `dose_tracking` (
 	`id` integer PRIMARY KEY AUTOINCREMENT NOT NULL,
 	`user_id` integer NOT NULL,
 	`dose_id` text(255) NOT NULL,
 	`taken_at` integer DEFAULT (strftime('%s','now')) NOT NULL,
 	`marked_by` text(100),
 	`dismissed` integer DEFAULT false NOT NULL,
 	FOREIGN KEY (`user_id`) REFERENCES `users`(`id`) ON UPDATE no action ON DELETE cascade
 );
 --> statement-breakpoint
 CREATE TABLE `medications` (
 	`id` integer PRIMARY KEY AUTOINCREMENT NOT NULL,
 	`user_id` integer NOT NULL,
 	`name` text(100) NOT NULL,
 	`generic_name` text(100),
 	`taken_by_json` text DEFAULT '[]' NOT NULL,
 	`pack_count` integer DEFAULT 1 NOT NULL,
 	`blisters_per_pack` integer DEFAULT 1 NOT NULL,
 	`pills_per_blister` integer DEFAULT 1 NOT NULL,
 	`loose_tablets` integer DEFAULT 0 NOT NULL,
 	`pill_weight_mg` integer,
 	`usage_json` text DEFAULT '[]' NOT NULL,
 	`every_json` text DEFAULT '[]' NOT NULL,
 	`start_json` text DEFAULT '[]' NOT NULL,
 	`image_url` text,
 	`expiry_date` text,
 	`notes` text,
 	`intake_reminders_enabled` integer DEFAULT false NOT NULL,
 	`updated_at` integer DEFAULT CURRENT_TIMESTAMP NOT NULL,
 	FOREIGN KEY (`user_id`) REFERENCES `users`(`id`) ON UPDATE no action ON DELETE cascade
 );
 --> statement-breakpoint
 CREATE TABLE `refill_history` (
 	`id` integer PRIMARY KEY AUTOINCREMENT NOT NULL,
 	`medication_id` integer NOT NULL,
 	`user_id` integer NOT NULL,
 	`packs_added` integer DEFAULT 0 NOT NULL,
 	`loose_pills_added` integer DEFAULT 0 NOT NULL,
 	`refill_date` integer DEFAULT (strftime('%s','now')) NOT NULL,
 	FOREIGN KEY (`medication_id`) REFERENCES `medications`(`id`) ON UPDATE no action ON DELETE cascade,
 	FOREIGN KEY (`user_id`) REFERENCES `users`(`id`) ON UPDATE no action ON DELETE cascade
 );
 --> statement-breakpoint
 CREATE TABLE `refresh_tokens` (
 	`id` integer PRIMARY KEY AUTOINCREMENT NOT NULL,
 	`user_id` integer NOT NULL,
 	`token_id` text(255) NOT NULL,
 	`expires_at` integer NOT NULL,
 	`rotated_at` integer,
 	`revoked` integer DEFAULT false NOT NULL,
 	`created_at` integer DEFAULT CURRENT_TIMESTAMP NOT NULL,
 	FOREIGN KEY (`user_id`) REFERENCES `users`(`id`) ON UPDATE no action ON DELETE cascade
 );
 --> statement-breakpoint
 CREATE UNIQUE INDEX `refresh_tokens_token_id_unique` ON `refresh_tokens` (`token_id`);--> statement-breakpoint
 CREATE TABLE `share_tokens` (
 	`id` integer PRIMARY KEY AUTOINCREMENT NOT NULL,
 	`user_id` integer NOT NULL,
 	`token` text(64) NOT NULL,
 	`taken_by` text(100) NOT NULL,
 	`schedule_days` integer DEFAULT 30 NOT NULL,
 	`created_at` integer DEFAULT CURRENT_TIMESTAMP NOT NULL,
 	`expires_at` integer,
 	FOREIGN KEY (`user_id`) REFERENCES `users`(`id`) ON UPDATE no action ON DELETE cascade
 );
 --> statement-breakpoint
 CREATE UNIQUE INDEX `share_tokens_token_unique` ON `share_tokens` (`token`);--> statement-breakpoint
 CREATE TABLE `user_settings` (
 	`id` integer PRIMARY KEY AUTOINCREMENT NOT NULL,
 	`user_id` integer NOT NULL,
 	`email_enabled` integer DEFAULT false NOT NULL,
 	`notification_email` text,
 	`email_stock_reminders` integer DEFAULT true NOT NULL,
 	`email_intake_reminders` integer DEFAULT true NOT NULL,
 	`shoutrrr_enabled` integer DEFAULT false NOT NULL,
 	`shoutrrr_url` text,
 	`shoutrrr_stock_reminders` integer DEFAULT true NOT NULL,
 	`shoutrrr_intake_reminders` integer DEFAULT true NOT NULL,
 	`reminder_days_before` integer DEFAULT 7 NOT NULL,
 	`repeat_daily_reminders` integer DEFAULT false NOT NULL,
 	`skip_reminders_for_taken_doses` integer DEFAULT false NOT NULL,
 	`repeat_reminders_enabled` integer DEFAULT false NOT NULL,
 	`reminder_repeat_interval_minutes` integer DEFAULT 30 NOT NULL,
 	`max_nagging_reminders` integer DEFAULT 5 NOT NULL,
 	`low_stock_days` integer DEFAULT 30 NOT NULL,
 	`normal_stock_days` integer DEFAULT 90 NOT NULL,
 	`high_stock_days` integer DEFAULT 180 NOT NULL,
 	`expiry_warning_days` integer DEFAULT 90 NOT NULL,
 	`language` text(10) DEFAULT 'en' NOT NULL,
 	`stock_calculation_mode` text(20) DEFAULT 'automatic' NOT NULL,
 	`last_auto_email_sent` text,
 	`last_notification_type` text,
 	`last_notification_channel` text,
 	`updated_at` integer DEFAULT CURRENT_TIMESTAMP NOT NULL,
 	FOREIGN KEY (`user_id`) REFERENCES `users`(`id`) ON UPDATE no action ON DELETE cascade
 );
 --> statement-breakpoint
 CREATE UNIQUE INDEX `user_settings_user_id_unique` ON `user_settings` (`user_id`);--> statement-breakpoint
 CREATE TABLE `users` (
 	`id` integer PRIMARY KEY AUTOINCREMENT NOT NULL,
 	`username` text(100) NOT NULL,
 	`password_hash` text(255),
 	`avatar_url` text(255),
 	`auth_provider` text(50) DEFAULT 'local' NOT NULL,
 	`oidc_subject` text(255),
 	`is_active` integer DEFAULT true NOT NULL,
 	`last_login_at` integer,
 	`created_at` integer DEFAULT CURRENT_TIMESTAMP NOT NULL,
 	`updated_at` integer DEFAULT CURRENT_TIMESTAMP NOT NULL
 );
 --> statement-breakpoint
 CREATE UNIQUE INDEX `users_username_unique` ON `users` (`username`);
@@ -0,0 +1 @@
 ALTER TABLE `medications` ADD `stock_adjustment` integer DEFAULT 0 NOT NULL;
@@ -0,0 +1 @@
 ALTER TABLE `medications` ADD `last_stock_correction_at` integer;
@@ -0,0 +1,3 @@
 ALTER TABLE `medications` ADD `dismissed_until` text;--> statement-breakpoint
 ALTER TABLE `user_settings` ADD `last_reminder_med_name` text;--> statement-breakpoint
 ALTER TABLE `user_settings` ADD `last_reminder_taken_by` text;
@@ -0,0 +1,3 @@
 -- Add package type support (blister vs bottle)
 ALTER TABLE medications ADD COLUMN package_type TEXT DEFAULT 'blister' NOT NULL;
 ALTER TABLE medications ADD COLUMN total_pills INTEGER;
@@ -0,0 +1,3 @@
 -- Add dose_unit column and intakes JSON array for per-intake takenBy support
 ALTER TABLE `medications` ADD `dose_unit` text(20) DEFAULT 'mg';--> statement-breakpoint
 ALTER TABLE `medications` ADD `intakes_json` text DEFAULT '[]' NOT NULL;
@@ -0,0 +1,819 @@
 {
  "version": "6",
  "dialect": "sqlite",
  "id": "0e7f882c-b6e8-4d7b-a6a8-a076969c3e76",
  "prevId": "00000000-0000-0000-0000-000000000000",
  "tables": {
    "dose_tracking": {
      "name": "dose_tracking",
      "columns": {
        "id": {
          "name": "id",
          "type": "integer",
          "primaryKey": true,
          "notNull": true,
          "autoincrement": true
        },
        "user_id": {
          "name": "user_id",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "dose_id": {
          "name": "dose_id",
          "type": "text(255)",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "taken_at": {
          "name": "taken_at",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "(strftime('%s','now'))"
        },
        "marked_by": {
          "name": "marked_by",
          "type": "text(100)",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "dismissed": {
          "name": "dismissed",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": false
        }
      },
      "indexes": {},
      "foreignKeys": {
        "dose_tracking_user_id_users_id_fk": {
          "name": "dose_tracking_user_id_users_id_fk",
          "tableFrom": "dose_tracking",
          "tableTo": "users",
          "columnsFrom": [
            "user_id"
          ],
          "columnsTo": [
            "id"
          ],
          "onDelete": "cascade",
          "onUpdate": "no action"
        }
      },
      "compositePrimaryKeys": {},
      "uniqueConstraints": {},
      "checkConstraints": {}
    },
    "medications": {
      "name": "medications",
      "columns": {
        "id": {
          "name": "id",
          "type": "integer",
          "primaryKey": true,
          "notNull": true,
          "autoincrement": true
        },
        "user_id": {
          "name": "user_id",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "name": {
          "name": "name",
          "type": "text(100)",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "generic_name": {
          "name": "generic_name",
          "type": "text(100)",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "taken_by_json": {
          "name": "taken_by_json",
          "type": "text",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "'[]'"
        },
        "pack_count": {
          "name": "pack_count",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 1
        },
        "blisters_per_pack": {
          "name": "blisters_per_pack",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 1
        },
        "pills_per_blister": {
          "name": "pills_per_blister",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 1
        },
        "loose_tablets": {
          "name": "loose_tablets",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 0
        },
        "pill_weight_mg": {
          "name": "pill_weight_mg",
          "type": "integer",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "usage_json": {
          "name": "usage_json",
          "type": "text",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "'[]'"
        },
        "every_json": {
          "name": "every_json",
          "type": "text",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "'[]'"
        },
        "start_json": {
          "name": "start_json",
          "type": "text",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "'[]'"
        },
        "image_url": {
          "name": "image_url",
          "type": "text",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "expiry_date": {
          "name": "expiry_date",
          "type": "text",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "notes": {
          "name": "notes",
          "type": "text",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "intake_reminders_enabled": {
          "name": "intake_reminders_enabled",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": false
        },
        "updated_at": {
          "name": "updated_at",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "CURRENT_TIMESTAMP"
        }
      },
      "indexes": {},
      "foreignKeys": {
        "medications_user_id_users_id_fk": {
          "name": "medications_user_id_users_id_fk",
          "tableFrom": "medications",
          "tableTo": "users",
          "columnsFrom": [
            "user_id"
          ],
          "columnsTo": [
            "id"
          ],
          "onDelete": "cascade",
          "onUpdate": "no action"
        }
      },
      "compositePrimaryKeys": {},
      "uniqueConstraints": {},
      "checkConstraints": {}
    },
    "refill_history": {
      "name": "refill_history",
      "columns": {
        "id": {
          "name": "id",
          "type": "integer",
          "primaryKey": true,
          "notNull": true,
          "autoincrement": true
        },
        "medication_id": {
          "name": "medication_id",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "user_id": {
          "name": "user_id",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "packs_added": {
          "name": "packs_added",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 0
        },
        "loose_pills_added": {
          "name": "loose_pills_added",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 0
        },
        "refill_date": {
          "name": "refill_date",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "(strftime('%s','now'))"
        }
      },
      "indexes": {},
      "foreignKeys": {
        "refill_history_medication_id_medications_id_fk": {
          "name": "refill_history_medication_id_medications_id_fk",
          "tableFrom": "refill_history",
          "tableTo": "medications",
          "columnsFrom": [
            "medication_id"
          ],
          "columnsTo": [
            "id"
          ],
          "onDelete": "cascade",
          "onUpdate": "no action"
        },
        "refill_history_user_id_users_id_fk": {
          "name": "refill_history_user_id_users_id_fk",
          "tableFrom": "refill_history",
          "tableTo": "users",
          "columnsFrom": [
            "user_id"
          ],
          "columnsTo": [
            "id"
          ],
          "onDelete": "cascade",
          "onUpdate": "no action"
        }
      },
      "compositePrimaryKeys": {},
      "uniqueConstraints": {},
      "checkConstraints": {}
    },
    "refresh_tokens": {
      "name": "refresh_tokens",
      "columns": {
        "id": {
          "name": "id",
          "type": "integer",
          "primaryKey": true,
          "notNull": true,
          "autoincrement": true
        },
        "user_id": {
          "name": "user_id",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "token_id": {
          "name": "token_id",
          "type": "text(255)",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "expires_at": {
          "name": "expires_at",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "rotated_at": {
          "name": "rotated_at",
          "type": "integer",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "revoked": {
          "name": "revoked",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": false
        },
        "created_at": {
          "name": "created_at",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "CURRENT_TIMESTAMP"
        }
      },
      "indexes": {
        "refresh_tokens_token_id_unique": {
          "name": "refresh_tokens_token_id_unique",
          "columns": [
            "token_id"
          ],
          "isUnique": true
        }
      },
      "foreignKeys": {
        "refresh_tokens_user_id_users_id_fk": {
          "name": "refresh_tokens_user_id_users_id_fk",
          "tableFrom": "refresh_tokens",
          "tableTo": "users",
          "columnsFrom": [
            "user_id"
          ],
          "columnsTo": [
            "id"
          ],
          "onDelete": "cascade",
          "onUpdate": "no action"
        }
      },
      "compositePrimaryKeys": {},
      "uniqueConstraints": {},
      "checkConstraints": {}
    },
    "share_tokens": {
      "name": "share_tokens",
      "columns": {
        "id": {
          "name": "id",
          "type": "integer",
          "primaryKey": true,
          "notNull": true,
          "autoincrement": true
        },
        "user_id": {
          "name": "user_id",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "token": {
          "name": "token",
          "type": "text(64)",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "taken_by": {
          "name": "taken_by",
          "type": "text(100)",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "schedule_days": {
          "name": "schedule_days",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 30
        },
        "created_at": {
          "name": "created_at",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "CURRENT_TIMESTAMP"
        },
        "expires_at": {
          "name": "expires_at",
          "type": "integer",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        }
      },
      "indexes": {
        "share_tokens_token_unique": {
          "name": "share_tokens_token_unique",
          "columns": [
            "token"
          ],
          "isUnique": true
        }
      },
      "foreignKeys": {
        "share_tokens_user_id_users_id_fk": {
          "name": "share_tokens_user_id_users_id_fk",
          "tableFrom": "share_tokens",
          "tableTo": "users",
          "columnsFrom": [
            "user_id"
          ],
          "columnsTo": [
            "id"
          ],
          "onDelete": "cascade",
          "onUpdate": "no action"
        }
      },
      "compositePrimaryKeys": {},
      "uniqueConstraints": {},
      "checkConstraints": {}
    },
    "user_settings": {
      "name": "user_settings",
      "columns": {
        "id": {
          "name": "id",
          "type": "integer",
          "primaryKey": true,
          "notNull": true,
          "autoincrement": true
        },
        "user_id": {
          "name": "user_id",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "email_enabled": {
          "name": "email_enabled",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": false
        },
        "notification_email": {
          "name": "notification_email",
          "type": "text",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "email_stock_reminders": {
          "name": "email_stock_reminders",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": true
        },
        "email_intake_reminders": {
          "name": "email_intake_reminders",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": true
        },
        "shoutrrr_enabled": {
          "name": "shoutrrr_enabled",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": false
        },
        "shoutrrr_url": {
          "name": "shoutrrr_url",
          "type": "text",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "shoutrrr_stock_reminders": {
          "name": "shoutrrr_stock_reminders",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": true
        },
        "shoutrrr_intake_reminders": {
          "name": "shoutrrr_intake_reminders",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": true
        },
        "reminder_days_before": {
          "name": "reminder_days_before",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 7
        },
        "repeat_daily_reminders": {
          "name": "repeat_daily_reminders",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": false
        },
        "skip_reminders_for_taken_doses": {
          "name": "skip_reminders_for_taken_doses",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": false
        },
        "repeat_reminders_enabled": {
          "name": "repeat_reminders_enabled",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": false
        },
        "reminder_repeat_interval_minutes": {
          "name": "reminder_repeat_interval_minutes",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 30
        },
        "max_nagging_reminders": {
          "name": "max_nagging_reminders",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 5
        },
        "low_stock_days": {
          "name": "low_stock_days",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 30
        },
        "normal_stock_days": {
          "name": "normal_stock_days",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 90
        },
        "high_stock_days": {
          "name": "high_stock_days",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 180
        },
        "expiry_warning_days": {
          "name": "expiry_warning_days",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 90
        },
        "language": {
          "name": "language",
          "type": "text(10)",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "'en'"
        },
        "stock_calculation_mode": {
          "name": "stock_calculation_mode",
          "type": "text(20)",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "'automatic'"
        },
        "last_auto_email_sent": {
          "name": "last_auto_email_sent",
          "type": "text",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "last_notification_type": {
          "name": "last_notification_type",
          "type": "text",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "last_notification_channel": {
          "name": "last_notification_channel",
          "type": "text",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "updated_at": {
          "name": "updated_at",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "CURRENT_TIMESTAMP"
        }
      },
      "indexes": {
        "user_settings_user_id_unique": {
          "name": "user_settings_user_id_unique",
          "columns": [
            "user_id"
          ],
          "isUnique": true
        }
      },
      "foreignKeys": {
        "user_settings_user_id_users_id_fk": {
          "name": "user_settings_user_id_users_id_fk",
          "tableFrom": "user_settings",
          "tableTo": "users",
          "columnsFrom": [
            "user_id"
          ],
          "columnsTo": [
            "id"
          ],
          "onDelete": "cascade",
          "onUpdate": "no action"
        }
      },
      "compositePrimaryKeys": {},
      "uniqueConstraints": {},
      "checkConstraints": {}
    },
    "users": {
      "name": "users",
      "columns": {
        "id": {
          "name": "id",
          "type": "integer",
          "primaryKey": true,
          "notNull": true,
          "autoincrement": true
        },
        "username": {
          "name": "username",
          "type": "text(100)",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "password_hash": {
          "name": "password_hash",
          "type": "text(255)",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "avatar_url": {
          "name": "avatar_url",
          "type": "text(255)",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "auth_provider": {
          "name": "auth_provider",
          "type": "text(50)",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "'local'"
        },
        "oidc_subject": {
          "name": "oidc_subject",
          "type": "text(255)",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "is_active": {
          "name": "is_active",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": true
        },
        "last_login_at": {
          "name": "last_login_at",
          "type": "integer",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "created_at": {
          "name": "created_at",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "CURRENT_TIMESTAMP"
        },
        "updated_at": {
          "name": "updated_at",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "CURRENT_TIMESTAMP"
        }
      },
      "indexes": {
        "users_username_unique": {
          "name": "users_username_unique",
          "columns": [
            "username"
          ],
          "isUnique": true
        }
      },
      "foreignKeys": {},
      "compositePrimaryKeys": {},
      "uniqueConstraints": {},
      "checkConstraints": {}
    }
  },
  "views": {},
  "enums": {},
  "_meta": {
    "schemas": {},
    "tables": {},
    "columns": {}
  },
  "internal": {
    "indexes": {}
  }
 }
@@ -0,0 +1,827 @@
 {
  "version": "6",
  "dialect": "sqlite",
  "id": "bcb60728-38c0-4965-adac-829c02240d89",
  "prevId": "0e7f882c-b6e8-4d7b-a6a8-a076969c3e76",
  "tables": {
    "dose_tracking": {
      "name": "dose_tracking",
      "columns": {
        "id": {
          "name": "id",
          "type": "integer",
          "primaryKey": true,
          "notNull": true,
          "autoincrement": true
        },
        "user_id": {
          "name": "user_id",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "dose_id": {
          "name": "dose_id",
          "type": "text(255)",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "taken_at": {
          "name": "taken_at",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "(strftime('%s','now'))"
        },
        "marked_by": {
          "name": "marked_by",
          "type": "text(100)",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "dismissed": {
          "name": "dismissed",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": false
        }
      },
      "indexes": {},
      "foreignKeys": {
        "dose_tracking_user_id_users_id_fk": {
          "name": "dose_tracking_user_id_users_id_fk",
          "tableFrom": "dose_tracking",
          "tableTo": "users",
          "columnsFrom": [
            "user_id"
          ],
          "columnsTo": [
            "id"
          ],
          "onDelete": "cascade",
          "onUpdate": "no action"
        }
      },
      "compositePrimaryKeys": {},
      "uniqueConstraints": {},
      "checkConstraints": {}
    },
    "medications": {
      "name": "medications",
      "columns": {
        "id": {
          "name": "id",
          "type": "integer",
          "primaryKey": true,
          "notNull": true,
          "autoincrement": true
        },
        "user_id": {
          "name": "user_id",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "name": {
          "name": "name",
          "type": "text(100)",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "generic_name": {
          "name": "generic_name",
          "type": "text(100)",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "taken_by_json": {
          "name": "taken_by_json",
          "type": "text",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "'[]'"
        },
        "pack_count": {
          "name": "pack_count",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 1
        },
        "blisters_per_pack": {
          "name": "blisters_per_pack",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 1
        },
        "pills_per_blister": {
          "name": "pills_per_blister",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 1
        },
        "loose_tablets": {
          "name": "loose_tablets",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 0
        },
        "stock_adjustment": {
          "name": "stock_adjustment",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 0
        },
        "pill_weight_mg": {
          "name": "pill_weight_mg",
          "type": "integer",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "usage_json": {
          "name": "usage_json",
          "type": "text",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "'[]'"
        },
        "every_json": {
          "name": "every_json",
          "type": "text",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "'[]'"
        },
        "start_json": {
          "name": "start_json",
          "type": "text",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "'[]'"
        },
        "image_url": {
          "name": "image_url",
          "type": "text",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "expiry_date": {
          "name": "expiry_date",
          "type": "text",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "notes": {
          "name": "notes",
          "type": "text",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "intake_reminders_enabled": {
          "name": "intake_reminders_enabled",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": false
        },
        "updated_at": {
          "name": "updated_at",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "CURRENT_TIMESTAMP"
        }
      },
      "indexes": {},
      "foreignKeys": {
        "medications_user_id_users_id_fk": {
          "name": "medications_user_id_users_id_fk",
          "tableFrom": "medications",
          "tableTo": "users",
          "columnsFrom": [
            "user_id"
          ],
          "columnsTo": [
            "id"
          ],
          "onDelete": "cascade",
          "onUpdate": "no action"
        }
      },
      "compositePrimaryKeys": {},
      "uniqueConstraints": {},
      "checkConstraints": {}
    },
    "refill_history": {
      "name": "refill_history",
      "columns": {
        "id": {
          "name": "id",
          "type": "integer",
          "primaryKey": true,
          "notNull": true,
          "autoincrement": true
        },
        "medication_id": {
          "name": "medication_id",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "user_id": {
          "name": "user_id",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "packs_added": {
          "name": "packs_added",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 0
        },
        "loose_pills_added": {
          "name": "loose_pills_added",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 0
        },
        "refill_date": {
          "name": "refill_date",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "(strftime('%s','now'))"
        }
      },
      "indexes": {},
      "foreignKeys": {
        "refill_history_medication_id_medications_id_fk": {
          "name": "refill_history_medication_id_medications_id_fk",
          "tableFrom": "refill_history",
          "tableTo": "medications",
          "columnsFrom": [
            "medication_id"
          ],
          "columnsTo": [
            "id"
          ],
          "onDelete": "cascade",
          "onUpdate": "no action"
        },
        "refill_history_user_id_users_id_fk": {
          "name": "refill_history_user_id_users_id_fk",
          "tableFrom": "refill_history",
          "tableTo": "users",
          "columnsFrom": [
            "user_id"
          ],
          "columnsTo": [
            "id"
          ],
          "onDelete": "cascade",
          "onUpdate": "no action"
        }
      },
      "compositePrimaryKeys": {},
      "uniqueConstraints": {},
      "checkConstraints": {}
    },
    "refresh_tokens": {
      "name": "refresh_tokens",
      "columns": {
        "id": {
          "name": "id",
          "type": "integer",
          "primaryKey": true,
          "notNull": true,
          "autoincrement": true
        },
        "user_id": {
          "name": "user_id",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "token_id": {
          "name": "token_id",
          "type": "text(255)",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "expires_at": {
          "name": "expires_at",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "rotated_at": {
          "name": "rotated_at",
          "type": "integer",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "revoked": {
          "name": "revoked",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": false
        },
        "created_at": {
          "name": "created_at",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "CURRENT_TIMESTAMP"
        }
      },
      "indexes": {
        "refresh_tokens_token_id_unique": {
          "name": "refresh_tokens_token_id_unique",
          "columns": [
            "token_id"
          ],
          "isUnique": true
        }
      },
      "foreignKeys": {
        "refresh_tokens_user_id_users_id_fk": {
          "name": "refresh_tokens_user_id_users_id_fk",
          "tableFrom": "refresh_tokens",
          "tableTo": "users",
          "columnsFrom": [
            "user_id"
          ],
          "columnsTo": [
            "id"
          ],
          "onDelete": "cascade",
          "onUpdate": "no action"
        }
      },
      "compositePrimaryKeys": {},
      "uniqueConstraints": {},
      "checkConstraints": {}
    },
    "share_tokens": {
      "name": "share_tokens",
      "columns": {
        "id": {
          "name": "id",
          "type": "integer",
          "primaryKey": true,
          "notNull": true,
          "autoincrement": true
        },
        "user_id": {
          "name": "user_id",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "token": {
          "name": "token",
          "type": "text(64)",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "taken_by": {
          "name": "taken_by",
          "type": "text(100)",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "schedule_days": {
          "name": "schedule_days",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 30
        },
        "created_at": {
          "name": "created_at",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "CURRENT_TIMESTAMP"
        },
        "expires_at": {
          "name": "expires_at",
          "type": "integer",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        }
      },
      "indexes": {
        "share_tokens_token_unique": {
          "name": "share_tokens_token_unique",
          "columns": [
            "token"
          ],
          "isUnique": true
        }
      },
      "foreignKeys": {
        "share_tokens_user_id_users_id_fk": {
          "name": "share_tokens_user_id_users_id_fk",
          "tableFrom": "share_tokens",
          "tableTo": "users",
          "columnsFrom": [
            "user_id"
          ],
          "columnsTo": [
            "id"
          ],
          "onDelete": "cascade",
          "onUpdate": "no action"
        }
      },
      "compositePrimaryKeys": {},
      "uniqueConstraints": {},
      "checkConstraints": {}
    },
    "user_settings": {
      "name": "user_settings",
      "columns": {
        "id": {
          "name": "id",
          "type": "integer",
          "primaryKey": true,
          "notNull": true,
          "autoincrement": true
        },
        "user_id": {
          "name": "user_id",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "email_enabled": {
          "name": "email_enabled",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": false
        },
        "notification_email": {
          "name": "notification_email",
          "type": "text",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "email_stock_reminders": {
          "name": "email_stock_reminders",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": true
        },
        "email_intake_reminders": {
          "name": "email_intake_reminders",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": true
        },
        "shoutrrr_enabled": {
          "name": "shoutrrr_enabled",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": false
        },
        "shoutrrr_url": {
          "name": "shoutrrr_url",
          "type": "text",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "shoutrrr_stock_reminders": {
          "name": "shoutrrr_stock_reminders",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": true
        },
        "shoutrrr_intake_reminders": {
          "name": "shoutrrr_intake_reminders",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": true
        },
        "reminder_days_before": {
          "name": "reminder_days_before",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 7
        },
        "repeat_daily_reminders": {
          "name": "repeat_daily_reminders",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": false
        },
        "skip_reminders_for_taken_doses": {
          "name": "skip_reminders_for_taken_doses",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": false
        },
        "repeat_reminders_enabled": {
          "name": "repeat_reminders_enabled",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": false
        },
        "reminder_repeat_interval_minutes": {
          "name": "reminder_repeat_interval_minutes",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 30
        },
        "max_nagging_reminders": {
          "name": "max_nagging_reminders",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 5
        },
        "low_stock_days": {
          "name": "low_stock_days",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 30
        },
        "normal_stock_days": {
          "name": "normal_stock_days",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 90
        },
        "high_stock_days": {
          "name": "high_stock_days",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 180
        },
        "expiry_warning_days": {
          "name": "expiry_warning_days",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 90
        },
        "language": {
          "name": "language",
          "type": "text(10)",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "'en'"
        },
        "stock_calculation_mode": {
          "name": "stock_calculation_mode",
          "type": "text(20)",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "'automatic'"
        },
        "last_auto_email_sent": {
          "name": "last_auto_email_sent",
          "type": "text",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "last_notification_type": {
          "name": "last_notification_type",
          "type": "text",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "last_notification_channel": {
          "name": "last_notification_channel",
          "type": "text",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "updated_at": {
          "name": "updated_at",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "CURRENT_TIMESTAMP"
        }
      },
      "indexes": {
        "user_settings_user_id_unique": {
          "name": "user_settings_user_id_unique",
          "columns": [
            "user_id"
          ],
          "isUnique": true
        }
      },
      "foreignKeys": {
        "user_settings_user_id_users_id_fk": {
          "name": "user_settings_user_id_users_id_fk",
          "tableFrom": "user_settings",
          "tableTo": "users",
          "columnsFrom": [
            "user_id"
          ],
          "columnsTo": [
            "id"
          ],
          "onDelete": "cascade",
          "onUpdate": "no action"
        }
      },
      "compositePrimaryKeys": {},
      "uniqueConstraints": {},
      "checkConstraints": {}
    },
    "users": {
      "name": "users",
      "columns": {
        "id": {
          "name": "id",
          "type": "integer",
          "primaryKey": true,
          "notNull": true,
          "autoincrement": true
        },
        "username": {
          "name": "username",
          "type": "text(100)",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "password_hash": {
          "name": "password_hash",
          "type": "text(255)",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "avatar_url": {
          "name": "avatar_url",
          "type": "text(255)",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "auth_provider": {
          "name": "auth_provider",
          "type": "text(50)",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "'local'"
        },
        "oidc_subject": {
          "name": "oidc_subject",
          "type": "text(255)",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "is_active": {
          "name": "is_active",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": true
        },
        "last_login_at": {
          "name": "last_login_at",
          "type": "integer",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "created_at": {
          "name": "created_at",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "CURRENT_TIMESTAMP"
        },
        "updated_at": {
          "name": "updated_at",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "CURRENT_TIMESTAMP"
        }
      },
      "indexes": {
        "users_username_unique": {
          "name": "users_username_unique",
          "columns": [
            "username"
          ],
          "isUnique": true
        }
      },
      "foreignKeys": {},
      "compositePrimaryKeys": {},
      "uniqueConstraints": {},
      "checkConstraints": {}
    }
  },
  "views": {},
  "enums": {},
  "_meta": {
    "schemas": {},
    "tables": {},
    "columns": {}
  },
  "internal": {
    "indexes": {}
  }
 }
@@ -0,0 +1,834 @@
 {
  "version": "6",
  "dialect": "sqlite",
  "id": "098ee506-e43d-4ccb-bee5-c387905695ab",
  "prevId": "bcb60728-38c0-4965-adac-829c02240d89",
  "tables": {
    "dose_tracking": {
      "name": "dose_tracking",
      "columns": {
        "id": {
          "name": "id",
          "type": "integer",
          "primaryKey": true,
          "notNull": true,
          "autoincrement": true
        },
        "user_id": {
          "name": "user_id",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "dose_id": {
          "name": "dose_id",
          "type": "text(255)",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "taken_at": {
          "name": "taken_at",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "(strftime('%s','now'))"
        },
        "marked_by": {
          "name": "marked_by",
          "type": "text(100)",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "dismissed": {
          "name": "dismissed",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": false
        }
      },
      "indexes": {},
      "foreignKeys": {
        "dose_tracking_user_id_users_id_fk": {
          "name": "dose_tracking_user_id_users_id_fk",
          "tableFrom": "dose_tracking",
          "tableTo": "users",
          "columnsFrom": [
            "user_id"
          ],
          "columnsTo": [
            "id"
          ],
          "onDelete": "cascade",
          "onUpdate": "no action"
        }
      },
      "compositePrimaryKeys": {},
      "uniqueConstraints": {},
      "checkConstraints": {}
    },
    "medications": {
      "name": "medications",
      "columns": {
        "id": {
          "name": "id",
          "type": "integer",
          "primaryKey": true,
          "notNull": true,
          "autoincrement": true
        },
        "user_id": {
          "name": "user_id",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "name": {
          "name": "name",
          "type": "text(100)",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "generic_name": {
          "name": "generic_name",
          "type": "text(100)",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "taken_by_json": {
          "name": "taken_by_json",
          "type": "text",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "'[]'"
        },
        "pack_count": {
          "name": "pack_count",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 1
        },
        "blisters_per_pack": {
          "name": "blisters_per_pack",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 1
        },
        "pills_per_blister": {
          "name": "pills_per_blister",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 1
        },
        "loose_tablets": {
          "name": "loose_tablets",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 0
        },
        "stock_adjustment": {
          "name": "stock_adjustment",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 0
        },
        "last_stock_correction_at": {
          "name": "last_stock_correction_at",
          "type": "integer",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "pill_weight_mg": {
          "name": "pill_weight_mg",
          "type": "integer",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "usage_json": {
          "name": "usage_json",
          "type": "text",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "'[]'"
        },
        "every_json": {
          "name": "every_json",
          "type": "text",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "'[]'"
        },
        "start_json": {
          "name": "start_json",
          "type": "text",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "'[]'"
        },
        "image_url": {
          "name": "image_url",
          "type": "text",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "expiry_date": {
          "name": "expiry_date",
          "type": "text",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "notes": {
          "name": "notes",
          "type": "text",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "intake_reminders_enabled": {
          "name": "intake_reminders_enabled",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": false
        },
        "updated_at": {
          "name": "updated_at",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "CURRENT_TIMESTAMP"
        }
      },
      "indexes": {},
      "foreignKeys": {
        "medications_user_id_users_id_fk": {
          "name": "medications_user_id_users_id_fk",
          "tableFrom": "medications",
          "tableTo": "users",
          "columnsFrom": [
            "user_id"
          ],
          "columnsTo": [
            "id"
          ],
          "onDelete": "cascade",
          "onUpdate": "no action"
        }
      },
      "compositePrimaryKeys": {},
      "uniqueConstraints": {},
      "checkConstraints": {}
    },
    "refill_history": {
      "name": "refill_history",
      "columns": {
        "id": {
          "name": "id",
          "type": "integer",
          "primaryKey": true,
          "notNull": true,
          "autoincrement": true
        },
        "medication_id": {
          "name": "medication_id",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "user_id": {
          "name": "user_id",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "packs_added": {
          "name": "packs_added",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 0
        },
        "loose_pills_added": {
          "name": "loose_pills_added",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 0
        },
        "refill_date": {
          "name": "refill_date",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "(strftime('%s','now'))"
        }
      },
      "indexes": {},
      "foreignKeys": {
        "refill_history_medication_id_medications_id_fk": {
          "name": "refill_history_medication_id_medications_id_fk",
          "tableFrom": "refill_history",
          "tableTo": "medications",
          "columnsFrom": [
            "medication_id"
          ],
          "columnsTo": [
            "id"
          ],
          "onDelete": "cascade",
          "onUpdate": "no action"
        },
        "refill_history_user_id_users_id_fk": {
          "name": "refill_history_user_id_users_id_fk",
          "tableFrom": "refill_history",
          "tableTo": "users",
          "columnsFrom": [
            "user_id"
          ],
          "columnsTo": [
            "id"
          ],
          "onDelete": "cascade",
          "onUpdate": "no action"
        }
      },
      "compositePrimaryKeys": {},
      "uniqueConstraints": {},
      "checkConstraints": {}
    },
    "refresh_tokens": {
      "name": "refresh_tokens",
      "columns": {
        "id": {
          "name": "id",
          "type": "integer",
          "primaryKey": true,
          "notNull": true,
          "autoincrement": true
        },
        "user_id": {
          "name": "user_id",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "token_id": {
          "name": "token_id",
          "type": "text(255)",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "expires_at": {
          "name": "expires_at",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "rotated_at": {
          "name": "rotated_at",
          "type": "integer",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "revoked": {
          "name": "revoked",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": false
        },
        "created_at": {
          "name": "created_at",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "CURRENT_TIMESTAMP"
        }
      },
      "indexes": {
        "refresh_tokens_token_id_unique": {
          "name": "refresh_tokens_token_id_unique",
          "columns": [
            "token_id"
          ],
          "isUnique": true
        }
      },
      "foreignKeys": {
        "refresh_tokens_user_id_users_id_fk": {
          "name": "refresh_tokens_user_id_users_id_fk",
          "tableFrom": "refresh_tokens",
          "tableTo": "users",
          "columnsFrom": [
            "user_id"
          ],
          "columnsTo": [
            "id"
          ],
          "onDelete": "cascade",
          "onUpdate": "no action"
        }
      },
      "compositePrimaryKeys": {},
      "uniqueConstraints": {},
      "checkConstraints": {}
    },
    "share_tokens": {
      "name": "share_tokens",
      "columns": {
        "id": {
          "name": "id",
          "type": "integer",
          "primaryKey": true,
          "notNull": true,
          "autoincrement": true
        },
        "user_id": {
          "name": "user_id",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "token": {
          "name": "token",
          "type": "text(64)",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "taken_by": {
          "name": "taken_by",
          "type": "text(100)",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "schedule_days": {
          "name": "schedule_days",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 30
        },
        "created_at": {
          "name": "created_at",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "CURRENT_TIMESTAMP"
        },
        "expires_at": {
          "name": "expires_at",
          "type": "integer",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        }
      },
      "indexes": {
        "share_tokens_token_unique": {
          "name": "share_tokens_token_unique",
          "columns": [
            "token"
          ],
          "isUnique": true
        }
      },
      "foreignKeys": {
        "share_tokens_user_id_users_id_fk": {
          "name": "share_tokens_user_id_users_id_fk",
          "tableFrom": "share_tokens",
          "tableTo": "users",
          "columnsFrom": [
            "user_id"
          ],
          "columnsTo": [
            "id"
          ],
          "onDelete": "cascade",
          "onUpdate": "no action"
        }
      },
      "compositePrimaryKeys": {},
      "uniqueConstraints": {},
      "checkConstraints": {}
    },
    "user_settings": {
      "name": "user_settings",
      "columns": {
        "id": {
          "name": "id",
          "type": "integer",
          "primaryKey": true,
          "notNull": true,
          "autoincrement": true
        },
        "user_id": {
          "name": "user_id",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "email_enabled": {
          "name": "email_enabled",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": false
        },
        "notification_email": {
          "name": "notification_email",
          "type": "text",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "email_stock_reminders": {
          "name": "email_stock_reminders",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": true
        },
        "email_intake_reminders": {
          "name": "email_intake_reminders",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": true
        },
        "shoutrrr_enabled": {
          "name": "shoutrrr_enabled",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": false
        },
        "shoutrrr_url": {
          "name": "shoutrrr_url",
          "type": "text",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "shoutrrr_stock_reminders": {
          "name": "shoutrrr_stock_reminders",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": true
        },
        "shoutrrr_intake_reminders": {
          "name": "shoutrrr_intake_reminders",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": true
        },
        "reminder_days_before": {
          "name": "reminder_days_before",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 7
        },
        "repeat_daily_reminders": {
          "name": "repeat_daily_reminders",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": false
        },
        "skip_reminders_for_taken_doses": {
          "name": "skip_reminders_for_taken_doses",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": false
        },
        "repeat_reminders_enabled": {
          "name": "repeat_reminders_enabled",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": false
        },
        "reminder_repeat_interval_minutes": {
          "name": "reminder_repeat_interval_minutes",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 30
        },
        "max_nagging_reminders": {
          "name": "max_nagging_reminders",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 5
        },
        "low_stock_days": {
          "name": "low_stock_days",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 30
        },
        "normal_stock_days": {
          "name": "normal_stock_days",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 90
        },
        "high_stock_days": {
          "name": "high_stock_days",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 180
        },
        "expiry_warning_days": {
          "name": "expiry_warning_days",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 90
        },
        "language": {
          "name": "language",
          "type": "text(10)",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "'en'"
        },
        "stock_calculation_mode": {
          "name": "stock_calculation_mode",
          "type": "text(20)",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "'automatic'"
        },
        "last_auto_email_sent": {
          "name": "last_auto_email_sent",
          "type": "text",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "last_notification_type": {
          "name": "last_notification_type",
          "type": "text",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "last_notification_channel": {
          "name": "last_notification_channel",
          "type": "text",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "updated_at": {
          "name": "updated_at",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "CURRENT_TIMESTAMP"
        }
      },
      "indexes": {
        "user_settings_user_id_unique": {
          "name": "user_settings_user_id_unique",
          "columns": [
            "user_id"
          ],
          "isUnique": true
        }
      },
      "foreignKeys": {
        "user_settings_user_id_users_id_fk": {
          "name": "user_settings_user_id_users_id_fk",
          "tableFrom": "user_settings",
          "tableTo": "users",
          "columnsFrom": [
            "user_id"
          ],
          "columnsTo": [
            "id"
          ],
          "onDelete": "cascade",
          "onUpdate": "no action"
        }
      },
      "compositePrimaryKeys": {},
      "uniqueConstraints": {},
      "checkConstraints": {}
    },
    "users": {
      "name": "users",
      "columns": {
        "id": {
          "name": "id",
          "type": "integer",
          "primaryKey": true,
          "notNull": true,
          "autoincrement": true
        },
        "username": {
          "name": "username",
          "type": "text(100)",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "password_hash": {
          "name": "password_hash",
          "type": "text(255)",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "avatar_url": {
          "name": "avatar_url",
          "type": "text(255)",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "auth_provider": {
          "name": "auth_provider",
          "type": "text(50)",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "'local'"
        },
        "oidc_subject": {
          "name": "oidc_subject",
          "type": "text(255)",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "is_active": {
          "name": "is_active",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": true
        },
        "last_login_at": {
          "name": "last_login_at",
          "type": "integer",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "created_at": {
          "name": "created_at",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "CURRENT_TIMESTAMP"
        },
        "updated_at": {
          "name": "updated_at",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "CURRENT_TIMESTAMP"
        }
      },
      "indexes": {
        "users_username_unique": {
          "name": "users_username_unique",
          "columns": [
            "username"
          ],
          "isUnique": true
        }
      },
      "foreignKeys": {},
      "compositePrimaryKeys": {},
      "uniqueConstraints": {},
      "checkConstraints": {}
    }
  },
  "views": {},
  "enums": {},
  "_meta": {
    "schemas": {},
    "tables": {},
    "columns": {}
  },
  "internal": {
    "indexes": {}
  }
 }
@@ -0,0 +1,855 @@
 {
  "version": "6",
  "dialect": "sqlite",
  "id": "4f1d8273-1e60-4da1-9bfc-bd51c2784836",
  "prevId": "098ee506-e43d-4ccb-bee5-c387905695ab",
  "tables": {
    "dose_tracking": {
      "name": "dose_tracking",
      "columns": {
        "id": {
          "name": "id",
          "type": "integer",
          "primaryKey": true,
          "notNull": true,
          "autoincrement": true
        },
        "user_id": {
          "name": "user_id",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "dose_id": {
          "name": "dose_id",
          "type": "text(255)",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "taken_at": {
          "name": "taken_at",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "(strftime('%s','now'))"
        },
        "marked_by": {
          "name": "marked_by",
          "type": "text(100)",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "dismissed": {
          "name": "dismissed",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": false
        }
      },
      "indexes": {},
      "foreignKeys": {
        "dose_tracking_user_id_users_id_fk": {
          "name": "dose_tracking_user_id_users_id_fk",
          "tableFrom": "dose_tracking",
          "tableTo": "users",
          "columnsFrom": [
            "user_id"
          ],
          "columnsTo": [
            "id"
          ],
          "onDelete": "cascade",
          "onUpdate": "no action"
        }
      },
      "compositePrimaryKeys": {},
      "uniqueConstraints": {},
      "checkConstraints": {}
    },
    "medications": {
      "name": "medications",
      "columns": {
        "id": {
          "name": "id",
          "type": "integer",
          "primaryKey": true,
          "notNull": true,
          "autoincrement": true
        },
        "user_id": {
          "name": "user_id",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "name": {
          "name": "name",
          "type": "text(100)",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "generic_name": {
          "name": "generic_name",
          "type": "text(100)",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "taken_by_json": {
          "name": "taken_by_json",
          "type": "text",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "'[]'"
        },
        "pack_count": {
          "name": "pack_count",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 1
        },
        "blisters_per_pack": {
          "name": "blisters_per_pack",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 1
        },
        "pills_per_blister": {
          "name": "pills_per_blister",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 1
        },
        "loose_tablets": {
          "name": "loose_tablets",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 0
        },
        "stock_adjustment": {
          "name": "stock_adjustment",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 0
        },
        "last_stock_correction_at": {
          "name": "last_stock_correction_at",
          "type": "integer",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "pill_weight_mg": {
          "name": "pill_weight_mg",
          "type": "integer",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "usage_json": {
          "name": "usage_json",
          "type": "text",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "'[]'"
        },
        "every_json": {
          "name": "every_json",
          "type": "text",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "'[]'"
        },
        "start_json": {
          "name": "start_json",
          "type": "text",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "'[]'"
        },
        "image_url": {
          "name": "image_url",
          "type": "text",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "expiry_date": {
          "name": "expiry_date",
          "type": "text",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "notes": {
          "name": "notes",
          "type": "text",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "intake_reminders_enabled": {
          "name": "intake_reminders_enabled",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": false
        },
        "dismissed_until": {
          "name": "dismissed_until",
          "type": "text",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "updated_at": {
          "name": "updated_at",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "CURRENT_TIMESTAMP"
        }
      },
      "indexes": {},
      "foreignKeys": {
        "medications_user_id_users_id_fk": {
          "name": "medications_user_id_users_id_fk",
          "tableFrom": "medications",
          "tableTo": "users",
          "columnsFrom": [
            "user_id"
          ],
          "columnsTo": [
            "id"
          ],
          "onDelete": "cascade",
          "onUpdate": "no action"
        }
      },
      "compositePrimaryKeys": {},
      "uniqueConstraints": {},
      "checkConstraints": {}
    },
    "refill_history": {
      "name": "refill_history",
      "columns": {
        "id": {
          "name": "id",
          "type": "integer",
          "primaryKey": true,
          "notNull": true,
          "autoincrement": true
        },
        "medication_id": {
          "name": "medication_id",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "user_id": {
          "name": "user_id",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "packs_added": {
          "name": "packs_added",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 0
        },
        "loose_pills_added": {
          "name": "loose_pills_added",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 0
        },
        "refill_date": {
          "name": "refill_date",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "(strftime('%s','now'))"
        }
      },
      "indexes": {},
      "foreignKeys": {
        "refill_history_medication_id_medications_id_fk": {
          "name": "refill_history_medication_id_medications_id_fk",
          "tableFrom": "refill_history",
          "tableTo": "medications",
          "columnsFrom": [
            "medication_id"
          ],
          "columnsTo": [
            "id"
          ],
          "onDelete": "cascade",
          "onUpdate": "no action"
        },
        "refill_history_user_id_users_id_fk": {
          "name": "refill_history_user_id_users_id_fk",
          "tableFrom": "refill_history",
          "tableTo": "users",
          "columnsFrom": [
            "user_id"
          ],
          "columnsTo": [
            "id"
          ],
          "onDelete": "cascade",
          "onUpdate": "no action"
        }
      },
      "compositePrimaryKeys": {},
      "uniqueConstraints": {},
      "checkConstraints": {}
    },
    "refresh_tokens": {
      "name": "refresh_tokens",
      "columns": {
        "id": {
          "name": "id",
          "type": "integer",
          "primaryKey": true,
          "notNull": true,
          "autoincrement": true
        },
        "user_id": {
          "name": "user_id",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "token_id": {
          "name": "token_id",
          "type": "text(255)",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "expires_at": {
          "name": "expires_at",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "rotated_at": {
          "name": "rotated_at",
          "type": "integer",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "revoked": {
          "name": "revoked",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": false
        },
        "created_at": {
          "name": "created_at",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "CURRENT_TIMESTAMP"
        }
      },
      "indexes": {
        "refresh_tokens_token_id_unique": {
          "name": "refresh_tokens_token_id_unique",
          "columns": [
            "token_id"
          ],
          "isUnique": true
        }
      },
      "foreignKeys": {
        "refresh_tokens_user_id_users_id_fk": {
          "name": "refresh_tokens_user_id_users_id_fk",
          "tableFrom": "refresh_tokens",
          "tableTo": "users",
          "columnsFrom": [
            "user_id"
          ],
          "columnsTo": [
            "id"
          ],
          "onDelete": "cascade",
          "onUpdate": "no action"
        }
      },
      "compositePrimaryKeys": {},
      "uniqueConstraints": {},
      "checkConstraints": {}
    },
    "share_tokens": {
      "name": "share_tokens",
      "columns": {
        "id": {
          "name": "id",
          "type": "integer",
          "primaryKey": true,
          "notNull": true,
          "autoincrement": true
        },
        "user_id": {
          "name": "user_id",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "token": {
          "name": "token",
          "type": "text(64)",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "taken_by": {
          "name": "taken_by",
          "type": "text(100)",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "schedule_days": {
          "name": "schedule_days",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 30
        },
        "created_at": {
          "name": "created_at",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "CURRENT_TIMESTAMP"
        },
        "expires_at": {
          "name": "expires_at",
          "type": "integer",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        }
      },
      "indexes": {
        "share_tokens_token_unique": {
          "name": "share_tokens_token_unique",
          "columns": [
            "token"
          ],
          "isUnique": true
        }
      },
      "foreignKeys": {
        "share_tokens_user_id_users_id_fk": {
          "name": "share_tokens_user_id_users_id_fk",
          "tableFrom": "share_tokens",
          "tableTo": "users",
          "columnsFrom": [
            "user_id"
          ],
          "columnsTo": [
            "id"
          ],
          "onDelete": "cascade",
          "onUpdate": "no action"
        }
      },
      "compositePrimaryKeys": {},
      "uniqueConstraints": {},
      "checkConstraints": {}
    },
    "user_settings": {
      "name": "user_settings",
      "columns": {
        "id": {
          "name": "id",
          "type": "integer",
          "primaryKey": true,
          "notNull": true,
          "autoincrement": true
        },
        "user_id": {
          "name": "user_id",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "email_enabled": {
          "name": "email_enabled",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": false
        },
        "notification_email": {
          "name": "notification_email",
          "type": "text",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "email_stock_reminders": {
          "name": "email_stock_reminders",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": true
        },
        "email_intake_reminders": {
          "name": "email_intake_reminders",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": true
        },
        "shoutrrr_enabled": {
          "name": "shoutrrr_enabled",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": false
        },
        "shoutrrr_url": {
          "name": "shoutrrr_url",
          "type": "text",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "shoutrrr_stock_reminders": {
          "name": "shoutrrr_stock_reminders",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": true
        },
        "shoutrrr_intake_reminders": {
          "name": "shoutrrr_intake_reminders",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": true
        },
        "reminder_days_before": {
          "name": "reminder_days_before",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 7
        },
        "repeat_daily_reminders": {
          "name": "repeat_daily_reminders",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": false
        },
        "skip_reminders_for_taken_doses": {
          "name": "skip_reminders_for_taken_doses",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": false
        },
        "repeat_reminders_enabled": {
          "name": "repeat_reminders_enabled",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": false
        },
        "reminder_repeat_interval_minutes": {
          "name": "reminder_repeat_interval_minutes",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 30
        },
        "max_nagging_reminders": {
          "name": "max_nagging_reminders",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 5
        },
        "low_stock_days": {
          "name": "low_stock_days",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 30
        },
        "normal_stock_days": {
          "name": "normal_stock_days",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 90
        },
        "high_stock_days": {
          "name": "high_stock_days",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 180
        },
        "expiry_warning_days": {
          "name": "expiry_warning_days",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 90
        },
        "language": {
          "name": "language",
          "type": "text(10)",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "'en'"
        },
        "stock_calculation_mode": {
          "name": "stock_calculation_mode",
          "type": "text(20)",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "'automatic'"
        },
        "last_auto_email_sent": {
          "name": "last_auto_email_sent",
          "type": "text",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "last_notification_type": {
          "name": "last_notification_type",
          "type": "text",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "last_notification_channel": {
          "name": "last_notification_channel",
          "type": "text",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "last_reminder_med_name": {
          "name": "last_reminder_med_name",
          "type": "text",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "last_reminder_taken_by": {
          "name": "last_reminder_taken_by",
          "type": "text",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "updated_at": {
          "name": "updated_at",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "CURRENT_TIMESTAMP"
        }
      },
      "indexes": {
        "user_settings_user_id_unique": {
          "name": "user_settings_user_id_unique",
          "columns": [
            "user_id"
          ],
          "isUnique": true
        }
      },
      "foreignKeys": {
        "user_settings_user_id_users_id_fk": {
          "name": "user_settings_user_id_users_id_fk",
          "tableFrom": "user_settings",
          "tableTo": "users",
          "columnsFrom": [
            "user_id"
          ],
          "columnsTo": [
            "id"
          ],
          "onDelete": "cascade",
          "onUpdate": "no action"
        }
      },
      "compositePrimaryKeys": {},
      "uniqueConstraints": {},
      "checkConstraints": {}
    },
    "users": {
      "name": "users",
      "columns": {
        "id": {
          "name": "id",
          "type": "integer",
          "primaryKey": true,
          "notNull": true,
          "autoincrement": true
        },
        "username": {
          "name": "username",
          "type": "text(100)",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "password_hash": {
          "name": "password_hash",
          "type": "text(255)",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "avatar_url": {
          "name": "avatar_url",
          "type": "text(255)",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "auth_provider": {
          "name": "auth_provider",
          "type": "text(50)",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "'local'"
        },
        "oidc_subject": {
          "name": "oidc_subject",
          "type": "text(255)",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "is_active": {
          "name": "is_active",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": true
        },
        "last_login_at": {
          "name": "last_login_at",
          "type": "integer",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "created_at": {
          "name": "created_at",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "CURRENT_TIMESTAMP"
        },
        "updated_at": {
          "name": "updated_at",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "CURRENT_TIMESTAMP"
        }
      },
      "indexes": {
        "users_username_unique": {
          "name": "users_username_unique",
          "columns": [
            "username"
          ],
          "isUnique": true
        }
      },
      "foreignKeys": {},
      "compositePrimaryKeys": {},
      "uniqueConstraints": {},
      "checkConstraints": {}
    }
  },
  "views": {},
  "enums": {},
  "_meta": {
    "schemas": {},
    "tables": {},
    "columns": {}
  },
  "internal": {
    "indexes": {}
  }
 }
@@ -0,0 +1,886 @@
 {
  "version": "6",
  "dialect": "sqlite",
  "id": "fb61e5fd-152d-4e61-8836-e2fd1d28e3f0",
  "prevId": "4f1d8273-1e60-4da1-9bfc-bd51c2784836",
  "tables": {
    "dose_tracking": {
      "name": "dose_tracking",
      "columns": {
        "id": {
          "name": "id",
          "type": "integer",
          "primaryKey": true,
          "notNull": true,
          "autoincrement": true
        },
        "user_id": {
          "name": "user_id",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "dose_id": {
          "name": "dose_id",
          "type": "text(255)",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "taken_at": {
          "name": "taken_at",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "(strftime('%s','now'))"
        },
        "marked_by": {
          "name": "marked_by",
          "type": "text(100)",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "dismissed": {
          "name": "dismissed",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": false
        }
      },
      "indexes": {},
      "foreignKeys": {
        "dose_tracking_user_id_users_id_fk": {
          "name": "dose_tracking_user_id_users_id_fk",
          "tableFrom": "dose_tracking",
          "tableTo": "users",
          "columnsFrom": [
            "user_id"
          ],
          "columnsTo": [
            "id"
          ],
          "onDelete": "cascade",
          "onUpdate": "no action"
        }
      },
      "compositePrimaryKeys": {},
      "uniqueConstraints": {},
      "checkConstraints": {}
    },
    "medications": {
      "name": "medications",
      "columns": {
        "id": {
          "name": "id",
          "type": "integer",
          "primaryKey": true,
          "notNull": true,
          "autoincrement": true
        },
        "user_id": {
          "name": "user_id",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "name": {
          "name": "name",
          "type": "text(100)",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "generic_name": {
          "name": "generic_name",
          "type": "text(100)",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "taken_by_json": {
          "name": "taken_by_json",
          "type": "text",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "'[]'"
        },
        "package_type": {
          "name": "package_type",
          "type": "text(20)",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "'blister'"
        },
        "pack_count": {
          "name": "pack_count",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 1
        },
        "blisters_per_pack": {
          "name": "blisters_per_pack",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 1
        },
        "pills_per_blister": {
          "name": "pills_per_blister",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 1
        },
        "total_pills": {
          "name": "total_pills",
          "type": "integer",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "loose_tablets": {
          "name": "loose_tablets",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 0
        },
        "stock_adjustment": {
          "name": "stock_adjustment",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 0
        },
        "last_stock_correction_at": {
          "name": "last_stock_correction_at",
          "type": "integer",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "pill_weight_mg": {
          "name": "pill_weight_mg",
          "type": "integer",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "dose_unit": {
          "name": "dose_unit",
          "type": "text(20)",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false,
          "default": "'mg'"
        },
        "usage_json": {
          "name": "usage_json",
          "type": "text",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "'[]'"
        },
        "every_json": {
          "name": "every_json",
          "type": "text",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "'[]'"
        },
        "start_json": {
          "name": "start_json",
          "type": "text",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "'[]'"
        },
        "intakes_json": {
          "name": "intakes_json",
          "type": "text",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "'[]'"
        },
        "image_url": {
          "name": "image_url",
          "type": "text",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "expiry_date": {
          "name": "expiry_date",
          "type": "text",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "notes": {
          "name": "notes",
          "type": "text",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "intake_reminders_enabled": {
          "name": "intake_reminders_enabled",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": false
        },
        "dismissed_until": {
          "name": "dismissed_until",
          "type": "text",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "updated_at": {
          "name": "updated_at",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "CURRENT_TIMESTAMP"
        }
      },
      "indexes": {},
      "foreignKeys": {
        "medications_user_id_users_id_fk": {
          "name": "medications_user_id_users_id_fk",
          "tableFrom": "medications",
          "tableTo": "users",
          "columnsFrom": [
            "user_id"
          ],
          "columnsTo": [
            "id"
          ],
          "onDelete": "cascade",
          "onUpdate": "no action"
        }
      },
      "compositePrimaryKeys": {},
      "uniqueConstraints": {},
      "checkConstraints": {}
    },
    "refill_history": {
      "name": "refill_history",
      "columns": {
        "id": {
          "name": "id",
          "type": "integer",
          "primaryKey": true,
          "notNull": true,
          "autoincrement": true
        },
        "medication_id": {
          "name": "medication_id",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "user_id": {
          "name": "user_id",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "packs_added": {
          "name": "packs_added",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 0
        },
        "loose_pills_added": {
          "name": "loose_pills_added",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 0
        },
        "refill_date": {
          "name": "refill_date",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "(strftime('%s','now'))"
        }
      },
      "indexes": {},
      "foreignKeys": {
        "refill_history_medication_id_medications_id_fk": {
          "name": "refill_history_medication_id_medications_id_fk",
          "tableFrom": "refill_history",
          "tableTo": "medications",
          "columnsFrom": [
            "medication_id"
          ],
          "columnsTo": [
            "id"
          ],
          "onDelete": "cascade",
          "onUpdate": "no action"
        },
        "refill_history_user_id_users_id_fk": {
          "name": "refill_history_user_id_users_id_fk",
          "tableFrom": "refill_history",
          "tableTo": "users",
          "columnsFrom": [
            "user_id"
          ],
          "columnsTo": [
            "id"
          ],
          "onDelete": "cascade",
          "onUpdate": "no action"
        }
      },
      "compositePrimaryKeys": {},
      "uniqueConstraints": {},
      "checkConstraints": {}
    },
    "refresh_tokens": {
      "name": "refresh_tokens",
      "columns": {
        "id": {
          "name": "id",
          "type": "integer",
          "primaryKey": true,
          "notNull": true,
          "autoincrement": true
        },
        "user_id": {
          "name": "user_id",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "token_id": {
          "name": "token_id",
          "type": "text(255)",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "expires_at": {
          "name": "expires_at",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "rotated_at": {
          "name": "rotated_at",
          "type": "integer",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "revoked": {
          "name": "revoked",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": false
        },
        "created_at": {
          "name": "created_at",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "CURRENT_TIMESTAMP"
        }
      },
      "indexes": {
        "refresh_tokens_token_id_unique": {
          "name": "refresh_tokens_token_id_unique",
          "columns": [
            "token_id"
          ],
          "isUnique": true
        }
      },
      "foreignKeys": {
        "refresh_tokens_user_id_users_id_fk": {
          "name": "refresh_tokens_user_id_users_id_fk",
          "tableFrom": "refresh_tokens",
          "tableTo": "users",
          "columnsFrom": [
            "user_id"
          ],
          "columnsTo": [
            "id"
          ],
          "onDelete": "cascade",
          "onUpdate": "no action"
        }
      },
      "compositePrimaryKeys": {},
      "uniqueConstraints": {},
      "checkConstraints": {}
    },
    "share_tokens": {
      "name": "share_tokens",
      "columns": {
        "id": {
          "name": "id",
          "type": "integer",
          "primaryKey": true,
          "notNull": true,
          "autoincrement": true
        },
        "user_id": {
          "name": "user_id",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "token": {
          "name": "token",
          "type": "text(64)",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "taken_by": {
          "name": "taken_by",
          "type": "text(100)",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "schedule_days": {
          "name": "schedule_days",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 30
        },
        "created_at": {
          "name": "created_at",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "CURRENT_TIMESTAMP"
        },
        "expires_at": {
          "name": "expires_at",
          "type": "integer",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        }
      },
      "indexes": {
        "share_tokens_token_unique": {
          "name": "share_tokens_token_unique",
          "columns": [
            "token"
          ],
          "isUnique": true
        }
      },
      "foreignKeys": {
        "share_tokens_user_id_users_id_fk": {
          "name": "share_tokens_user_id_users_id_fk",
          "tableFrom": "share_tokens",
          "tableTo": "users",
          "columnsFrom": [
            "user_id"
          ],
          "columnsTo": [
            "id"
          ],
          "onDelete": "cascade",
          "onUpdate": "no action"
        }
      },
      "compositePrimaryKeys": {},
      "uniqueConstraints": {},
      "checkConstraints": {}
    },
    "user_settings": {
      "name": "user_settings",
      "columns": {
        "id": {
          "name": "id",
          "type": "integer",
          "primaryKey": true,
          "notNull": true,
          "autoincrement": true
        },
        "user_id": {
          "name": "user_id",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "email_enabled": {
          "name": "email_enabled",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": false
        },
        "notification_email": {
          "name": "notification_email",
          "type": "text",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "email_stock_reminders": {
          "name": "email_stock_reminders",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": true
        },
        "email_intake_reminders": {
          "name": "email_intake_reminders",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": true
        },
        "shoutrrr_enabled": {
          "name": "shoutrrr_enabled",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": false
        },
        "shoutrrr_url": {
          "name": "shoutrrr_url",
          "type": "text",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "shoutrrr_stock_reminders": {
          "name": "shoutrrr_stock_reminders",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": true
        },
        "shoutrrr_intake_reminders": {
          "name": "shoutrrr_intake_reminders",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": true
        },
        "reminder_days_before": {
          "name": "reminder_days_before",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 7
        },
        "repeat_daily_reminders": {
          "name": "repeat_daily_reminders",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": false
        },
        "skip_reminders_for_taken_doses": {
          "name": "skip_reminders_for_taken_doses",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": false
        },
        "repeat_reminders_enabled": {
          "name": "repeat_reminders_enabled",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": false
        },
        "reminder_repeat_interval_minutes": {
          "name": "reminder_repeat_interval_minutes",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 30
        },
        "max_nagging_reminders": {
          "name": "max_nagging_reminders",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 5
        },
        "low_stock_days": {
          "name": "low_stock_days",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 30
        },
        "normal_stock_days": {
          "name": "normal_stock_days",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 90
        },
        "high_stock_days": {
          "name": "high_stock_days",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 180
        },
        "expiry_warning_days": {
          "name": "expiry_warning_days",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 90
        },
        "language": {
          "name": "language",
          "type": "text(10)",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "'en'"
        },
        "stock_calculation_mode": {
          "name": "stock_calculation_mode",
          "type": "text(20)",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "'automatic'"
        },
        "last_auto_email_sent": {
          "name": "last_auto_email_sent",
          "type": "text",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "last_notification_type": {
          "name": "last_notification_type",
          "type": "text",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "last_notification_channel": {
          "name": "last_notification_channel",
          "type": "text",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "last_reminder_med_name": {
          "name": "last_reminder_med_name",
          "type": "text",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "last_reminder_taken_by": {
          "name": "last_reminder_taken_by",
          "type": "text",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "updated_at": {
          "name": "updated_at",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "CURRENT_TIMESTAMP"
        }
      },
      "indexes": {
        "user_settings_user_id_unique": {
          "name": "user_settings_user_id_unique",
          "columns": [
            "user_id"
          ],
          "isUnique": true
        }
      },
      "foreignKeys": {
        "user_settings_user_id_users_id_fk": {
          "name": "user_settings_user_id_users_id_fk",
          "tableFrom": "user_settings",
          "tableTo": "users",
          "columnsFrom": [
            "user_id"
          ],
          "columnsTo": [
            "id"
          ],
          "onDelete": "cascade",
          "onUpdate": "no action"
        }
      },
      "compositePrimaryKeys": {},
      "uniqueConstraints": {},
      "checkConstraints": {}
    },
    "users": {
      "name": "users",
      "columns": {
        "id": {
          "name": "id",
          "type": "integer",
          "primaryKey": true,
          "notNull": true,
          "autoincrement": true
        },
        "username": {
          "name": "username",
          "type": "text(100)",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "password_hash": {
          "name": "password_hash",
          "type": "text(255)",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "avatar_url": {
          "name": "avatar_url",
          "type": "text(255)",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "auth_provider": {
          "name": "auth_provider",
          "type": "text(50)",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "'local'"
        },
        "oidc_subject": {
          "name": "oidc_subject",
          "type": "text(255)",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "is_active": {
          "name": "is_active",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": true
        },
        "last_login_at": {
          "name": "last_login_at",
          "type": "integer",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "created_at": {
          "name": "created_at",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "CURRENT_TIMESTAMP"
        },
        "updated_at": {
          "name": "updated_at",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "CURRENT_TIMESTAMP"
        }
      },
      "indexes": {
        "users_username_unique": {
          "name": "users_username_unique",
          "columns": [
            "username"
          ],
          "isUnique": true
        }
      },
      "foreignKeys": {},
      "compositePrimaryKeys": {},
      "uniqueConstraints": {},
      "checkConstraints": {}
    }
  },
  "views": {},
  "enums": {},
  "_meta": {
    "schemas": {},
    "tables": {},
    "columns": {}
  },
  "internal": {
    "indexes": {}
  }
 }
@@ -0,0 +1,48 @@
 {
  "version": "7",
  "dialect": "sqlite",
  "entries": [
    {
      "idx": 0,
      "version": "6",
      "when": 1768600500759,
      "tag": "0000_init",
      "breakpoints": true
    },
    {
      "idx": 1,
      "version": "6",
      "when": 1768734577830,
      "tag": "0001_add_stock_adjustment",
      "breakpoints": true
    },
    {
      "idx": 2,
      "version": "6",
      "when": 1768736677092,
      "tag": "0002_add_last_stock_correction_at",
      "breakpoints": true
    },
    {
      "idx": 3,
      "version": "6",
      "when": 1769354512857,
      "tag": "0003_add_reminder_info_columns",
      "breakpoints": true
    },
    {
      "idx": 4,
      "version": "6",
      "when": 1769886564000,
      "tag": "0004_add_package_type",
      "breakpoints": true
    },
    {
      "idx": 5,
      "version": "6",
      "when": 1769893708813,
      "tag": "0005_add_intakes_json",
      "breakpoints": true
    }
  ]
 }
@@ -1,13 +1,20 @@
 {
  "name": "medassist-ng-backend",
-  "version": "1.0.2",
+  "version": "1.7.1",
  "private": true,
  "type": "module",
  "scripts": {
    "dev": "tsx watch src/index.ts",
    "build": "tsc -p tsconfig.json",
    "start": "node dist/index.js",
-    "migrate": "tsx src/db/migrate.ts"
+    "migrate": "tsx src/db/migrate.ts",
    "test": "vitest",
    "test:run": "vitest run",
    "test:coverage": "vitest run --coverage",
    "lint": "npx biome check .",
    "lint:fix": "npx biome check --write .",
    "format": "npx biome format --write .",
    "check": "npx biome check . && tsc --noEmit"
  },
  "dependencies": {
    "@fastify/cookie": "^10.0.1",
@@ -15,22 +22,28 @@
    "@fastify/helmet": "^13.0.2",
    "@fastify/jwt": "^10.0.0",
    "@fastify/multipart": "^9.3.0",
-    "@fastify/rate-limit": "^10.1.0",
+    "@fastify/rate-limit": "^10.3.0",
    "@fastify/sensible": "^6.0.4",
    "@fastify/static": "^8.3.0",
    "@libsql/client": "^0.10.0",
    "argon2": "^0.40.0",
    "dotenv": "^16.4.5",
-    "drizzle-orm": "^0.32.2",
+    "drizzle-orm": "^0.45.1",
-    "fastify": "^5.0.0",
+    "fastify": "^5.7.3",
    "nodemailer": "^7.0.11",
    "openid-client": "^6.8.1",
    "zod": "^3.23.8"
  },
  "devDependencies": {
    "@biomejs/biome": "^2.3.12",
    "@types/node": "^22.7.4",
    "@types/nodemailer": "^6.4.21",
    "@types/supertest": "^6.0.2",
    "@vitest/coverage-v8": "^4.0.16",
    "drizzle-kit": "^0.31.8",
    "supertest": "^7.0.0",
    "tsx": "^4.19.0",
-    "typescript": "^5.5.4"
+    "typescript": "^5.5.4",
    "vitest": "^4.0.16"
  }
 }
@@ -1,179 +1,407 @@
-import { createClient, Client } from "@libsql/client";
+import { accessSync, constants, existsSync, mkdirSync, statSync, writeFileSync } from "node:fs";
-import { drizzle } from "drizzle-orm/libsql";
+import { dirname, resolve } from "node:path";
-import { existsSync, mkdirSync, accessSync, constants, statSync, writeFileSync } from "fs";
+import { fileURLToPath } from "node:url";
-import { resolve } from "path";
+import { type Client, createClient } from "@libsql/client";
 import dotenv from "dotenv";
 import { drizzle } from "drizzle-orm/libsql";
 import { migrate } from "drizzle-orm/libsql/migrator";
 import { parseIntakesJson, parseLocalDateTime } from "../utils/scheduler-utils.js";
 dotenv.config({ path: process.env.DOTENV_PATH || ".env" });
 // Get migrations folder path (relative to this file's location)
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = dirname(__filename);
 const migrationsFolder = resolve(__dirname, "../../drizzle");
 // =============================================================================
 // Exported utility functions for testing
 // =============================================================================
 /** Build the database URL from a path */
 export function buildDbUrl(dbPath: string): string {
 	return `file:${dbPath}`;
 }
 /** Get data directory and database path */
 export function getDbPaths(cwd: string = process.cwd()): { dataDir: string; dbPath: string; url: string } {
 	const dataDir = resolve(cwd, "data");
 	const dbPath = resolve(dataDir, "medassist-ng.db");
 	const url = buildDbUrl(dbPath);
 	return { dataDir, dbPath, url };
 }
 /** Ensure data directory exists and is writable */
 export function ensureDataDirectory(dataDir: string): { success: boolean; error?: string } {
 	try {
 		if (!existsSync(dataDir)) {
 			mkdirSync(dataDir, { recursive: true });
 		}
 		// Check if directory is writable
 		accessSync(dataDir, constants.W_OK);
 		// Try to create a test file to verify write access
 		const testFile = resolve(dataDir, ".write-test");
 		writeFileSync(testFile, "test");
 		return { success: true };
 	} catch (err: any) {
 		return { success: false, error: err.message };
 	}
 }
 /** Run drizzle-kit migrations on the database */
 export async function runDrizzleMigrations(
 	database: ReturnType<typeof drizzle>
 ): Promise<{ success: boolean; error?: string; warning?: string }> {
 	try {
 		await migrate(database, { migrationsFolder });
 		return { success: true };
 	} catch (err: any) {
 		// If the error is "duplicate column", it means the schema is already up-to-date
 		// This happens when ALTER migrations in client.ts have already added the columns
 		// We consider this a success with a warning, not a failure
 		if (err.message?.includes("duplicate column")) {
 			return { success: true, warning: `Schema already up-to-date: ${err.message}` };
 		}
 		return { success: false, error: err.message };
 	}
 }
 /** Run ALTER TABLE migrations for backward compatibility with older databases */
 export async function runAlterMigrations(client: Client): Promise<{ success: boolean; errors: string[] }> {
 	const errors: string[] = [];
 	// These add new columns to existing tables (silently fail if column already exists)
 	const alterMigrations = [
 		// Added in v1.x - repeat reminders and nagging settings
 		`ALTER TABLE user_settings ADD COLUMN skip_reminders_for_taken_doses integer NOT NULL DEFAULT 0`,
 		`ALTER TABLE user_settings ADD COLUMN repeat_reminders_enabled integer NOT NULL DEFAULT 0`,
 		`ALTER TABLE user_settings ADD COLUMN reminder_repeat_interval_minutes integer NOT NULL DEFAULT 30`,
 		`ALTER TABLE user_settings ADD COLUMN max_nagging_reminders integer NOT NULL DEFAULT 5`,
 		// Added in v1.2.3 - dismiss missed doses without deducting stock
 		`ALTER TABLE dose_tracking ADD COLUMN dismissed integer NOT NULL DEFAULT 0`,
 		// Added in v1.3.x - stock calculation mode (automatic/manual)
 		`ALTER TABLE user_settings ADD COLUMN stock_calculation_mode text NOT NULL DEFAULT 'automatic'`,
 		// Added for stock correction - hidden offset that doesn't affect looseTablets
 		`ALTER TABLE medications ADD COLUMN stock_adjustment integer NOT NULL DEFAULT 0`,
 		// Added for stock correction - timestamp to ignore consumed doses before correction
 		`ALTER TABLE medications ADD COLUMN last_stock_correction_at integer`,
 		// Added in v1.5.1 - dismiss past doses until date (robust against timestamp changes)
 		`ALTER TABLE medications ADD COLUMN dismissed_until text`,
 		// Added for more detailed reminder info display
 		`ALTER TABLE user_settings ADD COLUMN last_reminder_med_name text`,
 		`ALTER TABLE user_settings ADD COLUMN last_reminder_taken_by text`,
 		// Added for package type support (blister vs bottle)
 		`ALTER TABLE medications ADD COLUMN package_type text NOT NULL DEFAULT 'blister'`,
 		`ALTER TABLE medications ADD COLUMN total_pills integer`,
 		// Added for dose unit selection (mg, g, mcg, ml, IU, etc.)
 		`ALTER TABLE medications ADD COLUMN dose_unit text DEFAULT 'mg'`,
 		// Added for intake-level takenBy: unified intakes structure
 		`ALTER TABLE medications ADD COLUMN intakes_json text NOT NULL DEFAULT '[]'`,
 	];
 	for (const sql of alterMigrations) {
 		try {
 			await client.execute(sql);
 		} catch (e: any) {
 			// Silently ignore "duplicate column" errors - column already exists
 			if (!e.message?.includes("duplicate column")) {
 				errors.push(e.message);
 			}
 		}
 	}
 	// Create tables that might be missing (silently fail if already exists)
 	const createTableMigrations = [
 		// Added in v1.3.x - refill history tracking
 		`CREATE TABLE IF NOT EXISTS refill_history (
      id INTEGER PRIMARY KEY AUTOINCREMENT,
      medication_id INTEGER NOT NULL REFERENCES medications(id) ON DELETE CASCADE,
      user_id INTEGER NOT NULL REFERENCES users(id) ON DELETE CASCADE,
      packs_added INTEGER NOT NULL DEFAULT 0,
      loose_pills_added INTEGER NOT NULL DEFAULT 0,
      refill_date INTEGER NOT NULL DEFAULT (strftime('%s','now'))
    )`,
 	];
 	for (const sql of createTableMigrations) {
 		try {
 			await client.execute(sql);
 		} catch (e: any) {
 			// Silently ignore "table already exists" errors
 			if (!e.message?.includes("already exists")) {
 				errors.push(e.message);
 			}
 		}
 	}
 	return { success: errors.length === 0, errors };
 }
 /** Ensure default user exists for auth-disabled mode */
 export async function ensureDefaultUser(client: Client, authEnabled: boolean): Promise<boolean> {
 	if (authEnabled) {
 		return false; // No default user needed
 	}
 	try {
 		const result = await client.execute("SELECT id FROM users WHERE id = 1");
 		if (result.rows.length === 0) {
 			await client.execute("INSERT INTO users (id, username, auth_provider) VALUES (1, 'default', 'local')");
 			return true; // Created
 		}
 		return false; // Already exists
 	} catch (e: any) {
 		console.error(`[DB] Error creating default user:`, e.message);
 		return false;
 	}
 }
 // =============================================================================
 // Startup repair: fix orphaned dose tracking IDs from past schedule changes
 // =============================================================================
 const MS_PER_DAY = 86_400_000;
 /**
 * Repair dose IDs that have a trailing hyphen caused by a frontend bug where
 * `[].toString()` produced an empty string, resulting in IDs like "5-0-1729123200000-"
 * instead of "5-0-1729123200000". This strips trailing hyphens from all dose IDs.
 *
 * This function is idempotent - safe to run on every startup.
 */
 export async function repairTrailingHyphenDoseIds(client: Client): Promise<{ repaired: number; errors: string[] }> {
 	const errors: string[] = [];
 	let repaired = 0;
 	try {
 		const result = await client.execute(
 			"UPDATE dose_tracking SET dose_id = RTRIM(dose_id, '-') WHERE dose_id LIKE '%-'"
 		);
 		repaired = result.rowsAffected;
 	} catch (e: any) {
 		errors.push(`Trailing-hyphen repair failed: ${e.message}`);
 	}
 	return { repaired, errors };
 }
 /**
 * Repair orphaned dose tracking IDs that no longer match the current intake schedule.
 * This fixes dose IDs that became invalid when a medication's schedule was changed
 * BEFORE the on-edit migration (PR #103) was introduced.
 *
 * For each medication, generates all valid schedule dateOnlyMs values from each intake's
 * start date up to today, then checks all dose_tracking entries. Any dose whose timestamp
 * doesn't match a valid schedule date is remapped to the nearest valid date.
 *
 * This function is idempotent - safe to run on every startup.
 */
 export async function repairOrphanedDoseIds(client: Client): Promise<{ repaired: number; errors: string[] }> {
 	const errors: string[] = [];
 	let repaired = 0;
 	try {
 		// Get all medications
 		const medsResult = await client.execute(
 			"SELECT id, intakes_json, usage_json, every_json, start_json, intake_reminders_enabled FROM medications"
 		);
 		if (medsResult.rows.length === 0) return { repaired, errors };
 		// Get all dose tracking entries
 		const dosesResult = await client.execute("SELECT id, dose_id FROM dose_tracking");
 		if (dosesResult.rows.length === 0) return { repaired, errors };
 		// Build a map of medId → dose entries for quick lookup
 		const dosesByMed = new Map<number, Array<{ id: number; doseId: string }>>();
 		for (const row of dosesResult.rows) {
 			const doseId = row.dose_id as string;
 			const parts = doseId.split("-");
 			if (parts.length < 3) continue;
 			const medId = parseInt(parts[0], 10);
 			if (Number.isNaN(medId)) continue;
 			if (!dosesByMed.has(medId)) dosesByMed.set(medId, []);
 			dosesByMed.get(medId)!.push({ id: row.id as number, doseId });
 		}
 		const now = new Date();
 		const today = new Date(now.getFullYear(), now.getMonth(), now.getDate());
 		for (const med of medsResult.rows) {
 			const medId = med.id as number;
 			const medDoses = dosesByMed.get(medId);
 			if (!medDoses || medDoses.length === 0) continue;
 			// Parse intakes
 			const intakes = parseIntakesJson(
 				med.intakes_json as string | null,
 				{
 					usageJson: (med.usage_json as string) || "[]",
 					everyJson: (med.every_json as string) || "[]",
 					startJson: (med.start_json as string) || "[]",
 				},
 				(med.intake_reminders_enabled as number) === 1
 			);
 			if (intakes.length === 0) continue;
 			// For each intake index, build the set of valid dateOnlyMs values
 			const validDatesByIntake = new Map<number, Set<number>>();
 			for (let idx = 0; idx < intakes.length; idx++) {
 				const intake = intakes[idx];
 				const start = parseLocalDateTime(intake.start);
 				const every = intake.every;
 				if (every <= 0 || Number.isNaN(start.getTime())) continue;
 				const validDates = new Set<number>();
 				for (let d = new Date(start); d <= today; d.setDate(d.getDate() + every)) {
 					validDates.add(new Date(d.getFullYear(), d.getMonth(), d.getDate()).getTime());
 				}
 				validDatesByIntake.set(idx, validDates);
 			}
 			// Check each dose entry
 			for (const dose of medDoses) {
 				const parts = dose.doseId.split("-");
 				if (parts.length < 3) continue;
 				const intakeIdx = parseInt(parts[1], 10);
 				const dateOnlyMs = parseInt(parts[2], 10);
 				if (Number.isNaN(intakeIdx) || Number.isNaN(dateOnlyMs)) continue;
 				const validDates = validDatesByIntake.get(intakeIdx);
 				if (!validDates) continue; // Unknown intake index - skip
 				// Check if this dose's timestamp is valid
 				if (validDates.has(dateOnlyMs)) continue; // Already valid - nothing to do
 				// Orphaned dose - find the nearest valid schedule date
 				const intake = intakes[intakeIdx];
 				if (!intake) continue;
 				const halfInterval = (intake.every * MS_PER_DAY) / 2;
 				let bestMatch: number | null = null;
 				let bestDist = Infinity;
 				for (const validDate of validDates) {
 					const dist = Math.abs(validDate - dateOnlyMs);
 					if (dist < bestDist && dist <= halfInterval) {
 						bestDist = dist;
 						bestMatch = validDate;
 					}
 				}
 				if (bestMatch !== null) {
 					// Rebuild dose ID with new timestamp, preserving person suffix
 					const personSuffix = parts.length > 3 ? `-${parts.slice(3).join("-")}` : "";
 					const newDoseId = `${medId}-${intakeIdx}-${bestMatch}${personSuffix}`;
 					try {
 						await client.execute({
 							sql: "UPDATE dose_tracking SET dose_id = ? WHERE id = ?",
 							args: [newDoseId, dose.id],
 						});
 						repaired++;
 					} catch (e: any) {
 						errors.push(`Failed to repair dose ${dose.id}: ${e.message}`);
 					}
 				}
 			}
 		}
 	} catch (e: any) {
 		errors.push(`Repair failed: ${e.message}`);
 	}
 	return { repaired, errors };
 }
 // =============================================================================
 // Database initialization (runs on import)
 // =============================================================================
 // Use absolute path to ensure it works in Docker
-const dataDir = resolve(process.cwd(), "data");
+const { dataDir, dbPath, url } = getDbPaths();
 const dbPath = resolve(dataDir, "medassist-ng.db");
 const url = `file:${dbPath}`;
 console.log(`[DB] Data directory: ${dataDir}`);
 console.log(`[DB] Database path: ${dbPath}`);
 console.log(`[DB] Database URL: ${url}`);
 // Ensure data directory exists and is writable
-try {
+const dirResult = ensureDataDirectory(dataDir);
-  if (!existsSync(dataDir)) {
+if (!dirResult.success) {
-    mkdirSync(dataDir, { recursive: true });
+	console.error(`[DB] ERROR: Cannot access data directory: ${dirResult.error}`);
-    console.log(`[DB] Created data directory: ${dataDir}`);
+	console.error(`[DB] Please ensure the volume mount has correct permissions.`);
-  } else {
+	console.error(`[DB] Try running on host: sudo chown -R 1000:1000 ${dataDir}`);
-    console.log(`[DB] Data directory exists: ${dataDir}`);
+	process.exit(1);
-  }
+} else {
-  
+	console.log(`[DB] Data directory is writable`);
-  // Check if directory is writable
+
-  accessSync(dataDir, constants.W_OK);
+	// Log directory stats
-  console.log(`[DB] Data directory is writable`);
+	const stats = statSync(dataDir);
-  
+	console.log(`[DB] Directory permissions: ${stats.mode.toString(8)}`);
-  // Log directory stats
+	console.log(`[DB] Directory UID: ${stats.uid}, GID: ${stats.gid}`);
-  const stats = statSync(dataDir);
+	console.log(`[DB] Write test successful`);
  console.log(`[DB] Directory permissions: ${stats.mode.toString(8)}`);
  console.log(`[DB] Directory UID: ${stats.uid}, GID: ${stats.gid}`);
  // Try to create a test file to verify write access
  const testFile = resolve(dataDir, ".write-test");
  writeFileSync(testFile, "test");
  console.log(`[DB] Write test successful`);
 } catch (err: any) {
  console.error(`[DB] ERROR: Cannot access data directory: ${err.message}`);
  console.error(`[DB] Please ensure the volume mount has correct permissions.`);
  console.error(`[DB] Try running on host: sudo chown -R 1000:1000 ${dataDir}`);
  process.exit(1);
 }
 let client: Client;
 try {
-  client = createClient({ url });
+	client = createClient({ url });
-  console.log(`[DB] Database client created successfully`);
+	console.log(`[DB] Database client created successfully`);
 } catch (err: any) {
-  console.error(`[DB] ERROR: Failed to create database client: ${err.message}`);
+	console.error(`[DB] ERROR: Failed to create database client: ${err.message}`);
-  console.error(`[DB] Database path: ${dbPath}`);
+	console.error(`[DB] Database path: ${dbPath}`);
-  process.exit(1);
+	process.exit(1);
 }
 export const db = drizzle(client);
 // Auto-run migrations (self-healing database)
 async function runMigrations() {
-  // First, ensure all tables exist (for fresh databases)
+	// Run drizzle-kit generated migrations
-  const tableCreations = [
+	console.log(`[DB] Running drizzle migrations from: ${migrationsFolder}`);
-    `CREATE TABLE IF NOT EXISTS users (
+	const migrateResult = await runDrizzleMigrations(db);
-      id integer PRIMARY KEY AUTOINCREMENT,
+	if (!migrateResult.success) {
-      username text NOT NULL UNIQUE,
+		console.error(`[DB] Migration error:`, migrateResult.error);
-      password_hash text,
+	} else if (migrateResult.warning) {
-      avatar_url text,
+		console.log(`[DB] Migration warning:`, migrateResult.warning);
-      auth_provider text NOT NULL DEFAULT 'local',
+	} else {
-      oidc_subject text,
+		console.log(`[DB] Drizzle migrations completed`);
-      is_active integer NOT NULL DEFAULT 1,
+	}
      last_login_at integer,
      created_at integer NOT NULL DEFAULT (strftime('%s','now')),
      updated_at integer NOT NULL DEFAULT (strftime('%s','now'))
    )`,
    `CREATE TABLE IF NOT EXISTS medications (
      id integer PRIMARY KEY AUTOINCREMENT,
      user_id integer NOT NULL,
      name text NOT NULL,
      generic_name text,
      taken_by_json text NOT NULL DEFAULT '[]',
      pack_count integer NOT NULL DEFAULT 1,
      blisters_per_pack integer NOT NULL DEFAULT 1,
      pills_per_blister integer NOT NULL DEFAULT 1,
      loose_tablets integer NOT NULL DEFAULT 0,
      pill_weight_mg integer,
      usage_json text NOT NULL DEFAULT '[]',
      every_json text NOT NULL DEFAULT '[]',
      start_json text NOT NULL DEFAULT '[]',
      image_url text,
      expiry_date text,
      notes text,
      intake_reminders_enabled integer NOT NULL DEFAULT 0,
      updated_at integer NOT NULL DEFAULT (strftime('%s','now')),
      FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE
    )`,
    `CREATE TABLE IF NOT EXISTS user_settings (
      id integer PRIMARY KEY AUTOINCREMENT,
      user_id integer NOT NULL UNIQUE,
      email_enabled integer NOT NULL DEFAULT 0,
      notification_email text,
      email_stock_reminders integer NOT NULL DEFAULT 1,
      email_intake_reminders integer NOT NULL DEFAULT 1,
      shoutrrr_enabled integer NOT NULL DEFAULT 0,
      shoutrrr_url text,
      shoutrrr_stock_reminders integer NOT NULL DEFAULT 1,
      shoutrrr_intake_reminders integer NOT NULL DEFAULT 1,
      reminder_days_before integer NOT NULL DEFAULT 7,
      repeat_daily_reminders integer NOT NULL DEFAULT 0,
      low_stock_days integer NOT NULL DEFAULT 30,
      normal_stock_days integer NOT NULL DEFAULT 90,
      high_stock_days integer NOT NULL DEFAULT 180,
      expiry_warning_days integer NOT NULL DEFAULT 90,
      language text NOT NULL DEFAULT 'en',
      stock_calculation_mode text NOT NULL DEFAULT 'automatic',
      last_auto_email_sent text,
      last_notification_type text,
      last_notification_channel text,
      updated_at integer NOT NULL DEFAULT (strftime('%s','now')),
      FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE
    )`,
    `CREATE TABLE IF NOT EXISTS refresh_tokens (
      id integer PRIMARY KEY AUTOINCREMENT,
      user_id integer NOT NULL,
      token_id text NOT NULL UNIQUE,
      expires_at integer NOT NULL,
      rotated_at integer,
      revoked integer NOT NULL DEFAULT 0,
      created_at integer NOT NULL DEFAULT (strftime('%s','now')),
      FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE
    )`,
    `CREATE TABLE IF NOT EXISTS share_tokens (
      id integer PRIMARY KEY AUTOINCREMENT,
      user_id integer NOT NULL,
      token text NOT NULL UNIQUE,
      taken_by text NOT NULL,
      schedule_days integer NOT NULL DEFAULT 30,
      created_at integer NOT NULL DEFAULT (strftime('%s','now')),
      expires_at integer,
      FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE
    )`,
    `CREATE TABLE IF NOT EXISTS dose_tracking (
      id integer PRIMARY KEY AUTOINCREMENT,
      user_id integer NOT NULL,
      dose_id text NOT NULL,
      taken_at integer NOT NULL DEFAULT (strftime('%s','now')),
      marked_by text,
      FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE
    )`,
  ];
-  for (const sql of tableCreations) {
+	// Run ALTER TABLE migrations for backward compatibility
-    try {
+	const alterResult = await runAlterMigrations(client);
-      await client.execute(sql);
+	if (alterResult.errors.length > 0) {
-    } catch (e: any) {
+		alterResult.errors.forEach((err) => console.error(`[DB] ALTER migration error:`, err));
-      console.error(`[DB] Table creation error:`, e.message);
+	}
-    }
+	console.log(`[DB] Tables verified/created`);
  }
  console.log(`[DB] Tables verified/created`);
-  // If auth is disabled, ensure a default user exists (ID=1)
+	// Repair dose IDs with trailing hyphens (from frontend takenBy bug)
-  const authEnabled = process.env.AUTH_ENABLED === "true";
+	const trailingResult = await repairTrailingHyphenDoseIds(client);
-  if (!authEnabled) {
+	if (trailingResult.repaired > 0) {
-    try {
+		console.log(`[DB] Repaired ${trailingResult.repaired} dose IDs with trailing hyphens`);
-      // Check if default user exists
+	}
-      const result = await client.execute("SELECT id FROM users WHERE id = 1");
+	if (trailingResult.errors.length > 0) {
-      if (result.rows.length === 0) {
+		trailingResult.errors.forEach((err) => console.error(`[DB] Trailing-hyphen repair error:`, err));
-        await client.execute(
+	}
-          "INSERT INTO users (id, username, auth_provider) VALUES (1, 'default', 'local')"
+
-        );
+	// Repair orphaned dose tracking IDs from past schedule changes
-        console.log(`[DB] Created default user for auth-disabled mode`);
+	const repairResult = await repairOrphanedDoseIds(client);
-      }
+	if (repairResult.repaired > 0) {
-    } catch (e: any) {
+		console.log(`[DB] Repaired ${repairResult.repaired} orphaned dose tracking IDs`);
-      console.error(`[DB] Error creating default user:`, e.message);
+	}
-    }
+	if (repairResult.errors.length > 0) {
-  }
+		repairResult.errors.forEach((err) => console.error(`[DB] Dose repair error:`, err));
 	}
 	// If auth is disabled, ensure a default user exists (ID=1)
 	const authEnabled = process.env.AUTH_ENABLED === "true";
 	const created = await ensureDefaultUser(client, authEnabled);
 	if (created) {
 		console.log(`[DB] Created default user for auth-disabled mode`);
 	}
 }
 // Export promise so server can await it before starting
@@ -1,125 +1,84 @@
-import { createClient } from "@libsql/client";
+import { dirname, resolve } from "node:path";
 import { fileURLToPath } from "node:url";
 import { type Client, createClient } from "@libsql/client";
 import dotenv from "dotenv";
-import fs from "fs";
+import { drizzle } from "drizzle-orm/libsql";
-import path from "path";
+import { migrate } from "drizzle-orm/libsql/migrator";
 dotenv.config({ path: process.env.DOTENV_PATH || ".env" });
 // Get migrations folder path (relative to this file's location)
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = dirname(__filename);
 const migrationsFolder = resolve(__dirname, "../../drizzle");
 // =============================================================================
 // Exported utility functions for testing
 // =============================================================================
 /** Split SQL string into individual statements (for backwards compatibility with tests) */
 export function splitSQLStatements(sql: string): string[] {
 	return sql.split(";").filter((s) => s.trim().length > 0);
 }
 /** Execute drizzle migrations on a database */
 export async function executeMigration(
 	client: Client
 ): Promise<{ success: boolean; executed: number; errors: string[] }> {
 	const errors: string[] = [];
 	const db = drizzle(client);
 	try {
 		await migrate(db, { migrationsFolder });
 		// Count tables as a proxy for "executed" statements
 		const tables = await client.execute(
 			"SELECT COUNT(*) as count FROM sqlite_master WHERE type='table' AND name NOT LIKE 'sqlite_%' AND name NOT LIKE '__drizzle%'"
 		);
 		const executed = Number(tables.rows[0].count) || 0;
 		return { success: true, executed, errors };
 	} catch (err: any) {
 		errors.push(err.message);
 		return { success: false, executed: 0, errors };
 	}
 }
 /** Get a preview of statement (first N characters) */
 export function getStatementPreview(stmt: string, maxLength: number = 50): string {
 	const trimmed = stmt.trim();
 	if (trimmed.length <= maxLength) {
 		return trimmed;
 	}
 	return `${trimmed.substring(0, maxLength)}...`;
 }
 // =============================================================================
 // CLI execution (only runs when called directly)
 // =============================================================================
 const url = "file:./data/medassist-ng.db";
 async function main() {
-  console.log("Starting database setup...");
+	console.log("Starting database setup...");
-  console.log("Database URL:", url);
+	console.log("Database URL:", url);
-  
+	console.log("Migrations folder:", migrationsFolder);
  const client = createClient({ url });
  // Create tables - fresh schema without roles, with per-user settings
  const sql = `
    CREATE TABLE IF NOT EXISTS users (
      id integer PRIMARY KEY AUTOINCREMENT,
      username text NOT NULL UNIQUE,
      password_hash text,
      avatar_url text,
      auth_provider text NOT NULL DEFAULT 'local',
      oidc_subject text,
      is_active integer NOT NULL DEFAULT 1,
      last_login_at integer,
      created_at integer NOT NULL DEFAULT (strftime('%s','now')),
      updated_at integer NOT NULL DEFAULT (strftime('%s','now'))
    );
-    CREATE TABLE IF NOT EXISTS medications (
+	const client = createClient({ url });
-      id integer PRIMARY KEY AUTOINCREMENT,
+	const db = drizzle(client);
      user_id integer NOT NULL,
      name text NOT NULL,
      generic_name text,
      taken_by_json text NOT NULL DEFAULT '[]',
      pack_count integer NOT NULL DEFAULT 1,
      blisters_per_pack integer NOT NULL DEFAULT 1,
      pills_per_blister integer NOT NULL DEFAULT 1,
      loose_tablets integer NOT NULL DEFAULT 0,
      pill_weight_mg integer,
      usage_json text NOT NULL DEFAULT '[]',
      every_json text NOT NULL DEFAULT '[]',
      start_json text NOT NULL DEFAULT '[]',
      image_url text,
      expiry_date text,
      notes text,
      intake_reminders_enabled integer NOT NULL DEFAULT 0,
      updated_at integer NOT NULL DEFAULT (strftime('%s','now')),
      FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE
    );
-    CREATE TABLE IF NOT EXISTS user_settings (
+	console.log("Running drizzle migrations...");
-      id integer PRIMARY KEY AUTOINCREMENT,
+	await migrate(db, { migrationsFolder });
      user_id integer NOT NULL UNIQUE,
      email_enabled integer NOT NULL DEFAULT 0,
      notification_email text,
      email_stock_reminders integer NOT NULL DEFAULT 1,
      email_intake_reminders integer NOT NULL DEFAULT 1,
      shoutrrr_enabled integer NOT NULL DEFAULT 0,
      shoutrrr_url text,
      shoutrrr_stock_reminders integer NOT NULL DEFAULT 1,
      shoutrrr_intake_reminders integer NOT NULL DEFAULT 1,
      reminder_days_before integer NOT NULL DEFAULT 7,
      repeat_daily_reminders integer NOT NULL DEFAULT 0,
      low_stock_days integer NOT NULL DEFAULT 30,
      normal_stock_days integer NOT NULL DEFAULT 90,
      high_stock_days integer NOT NULL DEFAULT 180,
      language text NOT NULL DEFAULT 'en',
      stock_calculation_mode text NOT NULL DEFAULT 'automatic',
      last_auto_email_sent text,
      last_notification_type text,
      last_notification_channel text,
      updated_at integer NOT NULL DEFAULT (strftime('%s','now')),
      FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE
    );
-    CREATE TABLE IF NOT EXISTS refresh_tokens (
+	console.log("Database setup complete!");
-      id integer PRIMARY KEY AUTOINCREMENT,
+	process.exit(0);
      user_id integer NOT NULL,
      token_id text NOT NULL UNIQUE,
      expires_at integer NOT NULL,
      rotated_at integer,
      revoked integer NOT NULL DEFAULT 0,
      created_at integer NOT NULL DEFAULT (strftime('%s','now')),
      FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE
    );
    CREATE TABLE IF NOT EXISTS share_tokens (
      id integer PRIMARY KEY AUTOINCREMENT,
      user_id integer NOT NULL,
      token text NOT NULL UNIQUE,
      taken_by text NOT NULL,
      schedule_days integer NOT NULL DEFAULT 30,
      created_at integer NOT NULL DEFAULT (strftime('%s','now')),
      expires_at integer,
      FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE
    );
    CREATE TABLE IF NOT EXISTS dose_tracking (
      id integer PRIMARY KEY AUTOINCREMENT,
      user_id integer NOT NULL,
      dose_id text NOT NULL,
      taken_at integer NOT NULL DEFAULT (strftime('%s','now')),
      marked_by text,
      FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE
    );
  `;
  // Execute each statement separately
  const statements = sql.split(';').filter(s => s.trim().length > 0);
  for (const stmt of statements) {
    console.log("Executing:", stmt.trim().substring(0, 50) + "...");
    await client.execute(stmt);
  }
  console.log("Database setup complete!");
  process.exit(0);
 }
-main().catch((err) => {
+// Only run main() if this file is executed directly (not imported)
-  console.error("Migration failed:", err);
+const isMainModule = import.meta.url === `file://${process.argv[1]}`;
-  process.exit(1);
+if (isMainModule) {
-});
+	main().catch((err) => {
 		console.error("Migration failed:", err);
 		process.exit(1);
 	});
 }
@@ -0,0 +1,114 @@
 /**
 * Shared SQL table creation statements for database initialization.
 * Used by client.ts, migrate.ts, and test setup to avoid duplication.
 */
 /**
 * Get all SQL table creation statements as an array.
 * Each statement creates a table if it doesn't exist.
 */
 export function getTableCreationSQL(): string[] {
 	return [
 		`CREATE TABLE IF NOT EXISTS users (
      id integer PRIMARY KEY AUTOINCREMENT,
      username text NOT NULL UNIQUE,
      password_hash text,
      avatar_url text,
      auth_provider text NOT NULL DEFAULT 'local',
      oidc_subject text,
      is_active integer NOT NULL DEFAULT 1,
      last_login_at integer,
      created_at integer NOT NULL DEFAULT (strftime('%s','now')),
      updated_at integer NOT NULL DEFAULT (strftime('%s','now'))
    )`,
 		`CREATE TABLE IF NOT EXISTS medications (
      id integer PRIMARY KEY AUTOINCREMENT,
      user_id integer NOT NULL,
      name text NOT NULL,
      generic_name text,
      taken_by_json text NOT NULL DEFAULT '[]',
      pack_count integer NOT NULL DEFAULT 1,
      blisters_per_pack integer NOT NULL DEFAULT 1,
      pills_per_blister integer NOT NULL DEFAULT 1,
      loose_tablets integer NOT NULL DEFAULT 0,
      pill_weight_mg integer,
      usage_json text NOT NULL DEFAULT '[]',
      every_json text NOT NULL DEFAULT '[]',
      start_json text NOT NULL DEFAULT '[]',
      image_url text,
      expiry_date text,
      notes text,
      intake_reminders_enabled integer NOT NULL DEFAULT 0,
      updated_at integer NOT NULL DEFAULT (strftime('%s','now')),
      FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE
    )`,
 		`CREATE TABLE IF NOT EXISTS user_settings (
      id integer PRIMARY KEY AUTOINCREMENT,
      user_id integer NOT NULL UNIQUE,
      email_enabled integer NOT NULL DEFAULT 0,
      notification_email text,
      email_stock_reminders integer NOT NULL DEFAULT 1,
      email_intake_reminders integer NOT NULL DEFAULT 1,
      shoutrrr_enabled integer NOT NULL DEFAULT 0,
      shoutrrr_url text,
      shoutrrr_stock_reminders integer NOT NULL DEFAULT 1,
      shoutrrr_intake_reminders integer NOT NULL DEFAULT 1,
      reminder_days_before integer NOT NULL DEFAULT 7,
      repeat_daily_reminders integer NOT NULL DEFAULT 0,
      skip_reminders_for_taken_doses integer NOT NULL DEFAULT 0,
      repeat_reminders_enabled integer NOT NULL DEFAULT 0,
      reminder_repeat_interval_minutes integer NOT NULL DEFAULT 30,
      max_nagging_reminders integer NOT NULL DEFAULT 5,
      low_stock_days integer NOT NULL DEFAULT 30,
      normal_stock_days integer NOT NULL DEFAULT 90,
      high_stock_days integer NOT NULL DEFAULT 180,
      expiry_warning_days integer NOT NULL DEFAULT 90,
      language text NOT NULL DEFAULT 'en',
      stock_calculation_mode text NOT NULL DEFAULT 'automatic',
      last_auto_email_sent text,
      last_notification_type text,
      last_notification_channel text,
      updated_at integer NOT NULL DEFAULT (strftime('%s','now')),
      FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE
    )`,
 		`CREATE TABLE IF NOT EXISTS refresh_tokens (
      id integer PRIMARY KEY AUTOINCREMENT,
      user_id integer NOT NULL,
      token_id text NOT NULL UNIQUE,
      expires_at integer NOT NULL,
      rotated_at integer,
      revoked integer NOT NULL DEFAULT 0,
      created_at integer NOT NULL DEFAULT (strftime('%s','now')),
      FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE
    )`,
 		`CREATE TABLE IF NOT EXISTS share_tokens (
      id integer PRIMARY KEY AUTOINCREMENT,
      user_id integer NOT NULL,
      token text NOT NULL UNIQUE,
      taken_by text NOT NULL,
      schedule_days integer NOT NULL DEFAULT 30,
      created_at integer NOT NULL DEFAULT (strftime('%s','now')),
      expires_at integer,
      FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE
    )`,
 		`CREATE TABLE IF NOT EXISTS dose_tracking (
      id integer PRIMARY KEY AUTOINCREMENT,
      user_id integer NOT NULL,
      dose_id text NOT NULL,
      taken_at integer NOT NULL DEFAULT (strftime('%s','now')),
      marked_by text,
      dismissed integer NOT NULL DEFAULT 0,
      FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE
    )`,
 		`CREATE TABLE IF NOT EXISTS refill_history (
      id integer PRIMARY KEY AUTOINCREMENT,
      medication_id integer NOT NULL,
      user_id integer NOT NULL,
      packs_added integer NOT NULL DEFAULT 0,
      loose_pills_added integer NOT NULL DEFAULT 0,
      refill_date integer NOT NULL DEFAULT (strftime('%s','now')),
      FOREIGN KEY (medication_id) REFERENCES medications(id) ON DELETE CASCADE,
      FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE
    )`,
 	];
 }
@@ -1,114 +1,157 @@
 import { sqliteTable, text, integer } from "drizzle-orm/sqlite-core";
 import { sql } from "drizzle-orm";
 import { integer, sqliteTable, text } from "drizzle-orm/sqlite-core";
 // =============================================================================
 // Users - Simple auth, no roles (every user is equal)
 // =============================================================================
 export const users = sqliteTable("users", {
-  id: integer("id").primaryKey({ autoIncrement: true }),
+	id: integer("id").primaryKey({ autoIncrement: true }),
-  username: text("username", { length: 100 }).notNull().unique(),
+	username: text("username", { length: 100 }).notNull().unique(),
-  passwordHash: text("password_hash", { length: 255 }),
+	passwordHash: text("password_hash", { length: 255 }),
-  avatarUrl: text("avatar_url", { length: 255 }),
+	avatarUrl: text("avatar_url", { length: 255 }),
-  authProvider: text("auth_provider", { length: 50 }).notNull().default("local"),
+	authProvider: text("auth_provider", { length: 50 }).notNull().default("local"),
-  oidcSubject: text("oidc_subject", { length: 255 }),  // OIDC provider's unique user ID (sub claim)
+	oidcSubject: text("oidc_subject", { length: 255 }), // OIDC provider's unique user ID (sub claim)
-  isActive: integer("is_active", { mode: "boolean" }).notNull().default(true),
+	isActive: integer("is_active", { mode: "boolean" }).notNull().default(true),
-  lastLoginAt: integer("last_login_at", { mode: "timestamp" }),
+	lastLoginAt: integer("last_login_at", { mode: "timestamp" }),
-  createdAt: integer("created_at", { mode: "timestamp" }).notNull().default(sql`CURRENT_TIMESTAMP`),
+	createdAt: integer("created_at", { mode: "timestamp" }).notNull().default(sql`CURRENT_TIMESTAMP`),
-  updatedAt: integer("updated_at", { mode: "timestamp" }).notNull().default(sql`CURRENT_TIMESTAMP`),
+	updatedAt: integer("updated_at", { mode: "timestamp" }).notNull().default(sql`CURRENT_TIMESTAMP`),
 });
 // =============================================================================
 // Medications - Per user
 // =============================================================================
 export const medications = sqliteTable("medications", {
-  id: integer("id").primaryKey({ autoIncrement: true }),
+	id: integer("id").primaryKey({ autoIncrement: true }),
-  userId: integer("user_id").notNull().references(() => users.id, { onDelete: "cascade" }),
+	userId: integer("user_id")
-  name: text("name", { length: 100 }).notNull(),
+		.notNull()
-  genericName: text("generic_name", { length: 100 }),
+		.references(() => users.id, { onDelete: "cascade" }),
-  takenByJson: text("taken_by_json").notNull().default("[]"), // JSON array of person names
+	name: text("name", { length: 100 }).notNull(),
-  packCount: integer("pack_count").notNull().default(1),
+	genericName: text("generic_name", { length: 100 }),
-  blistersPerPack: integer("blisters_per_pack").notNull().default(1),
+	takenByJson: text("taken_by_json").notNull().default("[]"), // JSON array of person names
-  pillsPerBlister: integer("pills_per_blister").notNull().default(1),
+	packageType: text("package_type", { length: 20 }).notNull().default("blister"), // 'blister' or 'bottle'
-  looseTablets: integer("loose_tablets").notNull().default(0),
+	packCount: integer("pack_count").notNull().default(1),
-  pillWeightMg: integer("pill_weight_mg"),
+	blistersPerPack: integer("blisters_per_pack").notNull().default(1),
-  usageJson: text("usage_json").notNull().default("[]"),
+	pillsPerBlister: integer("pills_per_blister").notNull().default(1),
-  everyJson: text("every_json").notNull().default("[]"),
+	totalPills: integer("total_pills"), // For bottle type: total capacity of the container
-  startJson: text("start_json").notNull().default("[]"),
+	looseTablets: integer("loose_tablets").notNull().default(0), // For blister: extra loose pills; for bottle: current stock
-  imageUrl: text("image_url"),
+	stockAdjustment: integer("stock_adjustment").notNull().default(0), // Hidden offset from stock corrections
-  expiryDate: text("expiry_date"),
+	lastStockCorrectionAt: integer("last_stock_correction_at", { mode: "timestamp" }), // When stock was last corrected - consumed doses before this don't count
-  notes: text("notes"),
+	pillWeightMg: integer("pill_weight_mg"),
-  intakeRemindersEnabled: integer("intake_reminders_enabled", { mode: "boolean" }).notNull().default(false),
+	doseUnit: text("dose_unit", { length: 20 }).default("mg"), // Unit for the dose (mg, g, mcg, ml, IU, etc.)
-  updatedAt: integer("updated_at", { mode: "timestamp" }).notNull().default(sql`CURRENT_TIMESTAMP`),
+	usageJson: text("usage_json").notNull().default("[]"), // DEPRECATED: Use intakesJson instead
 	everyJson: text("every_json").notNull().default("[]"), // DEPRECATED: Use intakesJson instead
 	startJson: text("start_json").notNull().default("[]"), // DEPRECATED: Use intakesJson instead
 	// New unified intakes structure: [{usage, every, start, takenBy, intakeRemindersEnabled}]
 	intakesJson: text("intakes_json").notNull().default("[]"),
 	imageUrl: text("image_url"),
 	expiryDate: text("expiry_date"),
 	notes: text("notes"),
 	intakeRemindersEnabled: integer("intake_reminders_enabled", { mode: "boolean" }).notNull().default(false),
 	dismissedUntil: text("dismissed_until"), // ISO date string (e.g. "2026-01-23") - all past doses until this date are dismissed
 	updatedAt: integer("updated_at", { mode: "timestamp" }).notNull().default(sql`CURRENT_TIMESTAMP`),
 });
 // =============================================================================
 // User Settings - Per user (email, push, thresholds, language)
 // =============================================================================
 export const userSettings = sqliteTable("user_settings", {
-  id: integer("id").primaryKey({ autoIncrement: true }),
+	id: integer("id").primaryKey({ autoIncrement: true }),
-  userId: integer("user_id").notNull().unique().references(() => users.id, { onDelete: "cascade" }),
+	userId: integer("user_id")
-  // Email notifications
+		.notNull()
-  emailEnabled: integer("email_enabled", { mode: "boolean" }).notNull().default(false),
+		.unique()
-  notificationEmail: text("notification_email"),
+		.references(() => users.id, { onDelete: "cascade" }),
-  emailStockReminders: integer("email_stock_reminders", { mode: "boolean" }).notNull().default(true),
+	// Email notifications
-  emailIntakeReminders: integer("email_intake_reminders", { mode: "boolean" }).notNull().default(true),
+	emailEnabled: integer("email_enabled", { mode: "boolean" }).notNull().default(false),
-  // Push notifications (shoutrrr/ntfy)
+	notificationEmail: text("notification_email"),
-  shoutrrrEnabled: integer("shoutrrr_enabled", { mode: "boolean" }).notNull().default(false),
+	emailStockReminders: integer("email_stock_reminders", { mode: "boolean" }).notNull().default(true),
-  shoutrrrUrl: text("shoutrrr_url"),
+	emailIntakeReminders: integer("email_intake_reminders", { mode: "boolean" }).notNull().default(true),
-  shoutrrrStockReminders: integer("shoutrrr_stock_reminders", { mode: "boolean" }).notNull().default(true),
+	// Push notifications (shoutrrr/ntfy)
-  shoutrrrIntakeReminders: integer("shoutrrr_intake_reminders", { mode: "boolean" }).notNull().default(true),
+	shoutrrrEnabled: integer("shoutrrr_enabled", { mode: "boolean" }).notNull().default(false),
-  // Reminder settings
+	shoutrrrUrl: text("shoutrrr_url"),
-  reminderDaysBefore: integer("reminder_days_before").notNull().default(7),
+	shoutrrrStockReminders: integer("shoutrrr_stock_reminders", { mode: "boolean" }).notNull().default(true),
-  repeatDailyReminders: integer("repeat_daily_reminders", { mode: "boolean" }).notNull().default(false),
+	shoutrrrIntakeReminders: integer("shoutrrr_intake_reminders", { mode: "boolean" }).notNull().default(true),
-  // Stock thresholds (days)
+	// Reminder settings
-  lowStockDays: integer("low_stock_days").notNull().default(30),
+	reminderDaysBefore: integer("reminder_days_before").notNull().default(7),
-  normalStockDays: integer("normal_stock_days").notNull().default(90),
+	repeatDailyReminders: integer("repeat_daily_reminders", { mode: "boolean" }).notNull().default(false),
-  highStockDays: integer("high_stock_days").notNull().default(180),
+	skipRemindersForTakenDoses: integer("skip_reminders_for_taken_doses", { mode: "boolean" }).notNull().default(false),
-  // UI preferences
+	repeatRemindersEnabled: integer("repeat_reminders_enabled", { mode: "boolean" }).notNull().default(false),
-  language: text("language", { length: 10 }).notNull().default("en"),
+	reminderRepeatIntervalMinutes: integer("reminder_repeat_interval_minutes").notNull().default(30),
-  // Stock calculation mode: "automatic" (schedule-based) or "manual" (only marked doses)
+	maxNaggingReminders: integer("max_nagging_reminders").notNull().default(5),
-  stockCalculationMode: text("stock_calculation_mode", { length: 20 }).notNull().default("automatic"),
+	// Stock thresholds (days)
-  // Last notification tracking
+	lowStockDays: integer("low_stock_days").notNull().default(30),
-  lastAutoEmailSent: text("last_auto_email_sent"),
+	normalStockDays: integer("normal_stock_days").notNull().default(90),
-  lastNotificationType: text("last_notification_type"),
+	highStockDays: integer("high_stock_days").notNull().default(180),
-  lastNotificationChannel: text("last_notification_channel"),
+	expiryWarningDays: integer("expiry_warning_days").notNull().default(90),
-  // Timestamps
+	// UI preferences
-  updatedAt: integer("updated_at", { mode: "timestamp" }).notNull().default(sql`CURRENT_TIMESTAMP`),
+	language: text("language", { length: 10 }).notNull().default("en"),
 	// Stock calculation mode: "automatic" (schedule-based) or "manual" (only marked doses)
 	stockCalculationMode: text("stock_calculation_mode", { length: 20 }).notNull().default("automatic"),
 	// Last notification tracking
 	lastAutoEmailSent: text("last_auto_email_sent"),
 	lastNotificationType: text("last_notification_type"),
 	lastNotificationChannel: text("last_notification_channel"),
 	lastReminderMedName: text("last_reminder_med_name"),
 	lastReminderTakenBy: text("last_reminder_taken_by"),
 	// Timestamps
 	updatedAt: integer("updated_at", { mode: "timestamp" }).notNull().default(sql`CURRENT_TIMESTAMP`),
 });
 // =============================================================================
 // Refresh Tokens - For JWT rotation
 // =============================================================================
 export const refreshTokens = sqliteTable("refresh_tokens", {
-  id: integer("id").primaryKey({ autoIncrement: true }),
+	id: integer("id").primaryKey({ autoIncrement: true }),
-  userId: integer("user_id").notNull().references(() => users.id, { onDelete: "cascade" }),
+	userId: integer("user_id")
-  tokenId: text("token_id", { length: 255 }).notNull().unique(),
+		.notNull()
-  expiresAt: integer("expires_at", { mode: "timestamp" }).notNull(),
+		.references(() => users.id, { onDelete: "cascade" }),
-  rotatedAt: integer("rotated_at", { mode: "timestamp" }),
+	tokenId: text("token_id", { length: 255 }).notNull().unique(),
-  revoked: integer("revoked", { mode: "boolean" }).notNull().default(false),
+	expiresAt: integer("expires_at", { mode: "timestamp" }).notNull(),
-  createdAt: integer("created_at", { mode: "timestamp" }).notNull().default(sql`CURRENT_TIMESTAMP`),
+	rotatedAt: integer("rotated_at", { mode: "timestamp" }),
 	revoked: integer("revoked", { mode: "boolean" }).notNull().default(false),
 	createdAt: integer("created_at", { mode: "timestamp" }).notNull().default(sql`CURRENT_TIMESTAMP`),
 });
 // =============================================================================
 // Share Tokens - For public schedule sharing by takenBy person
 // =============================================================================
 export const shareTokens = sqliteTable("share_tokens", {
-  id: integer("id").primaryKey({ autoIncrement: true }),
+	id: integer("id").primaryKey({ autoIncrement: true }),
-  userId: integer("user_id").notNull().references(() => users.id, { onDelete: "cascade" }),
+	userId: integer("user_id")
-  token: text("token", { length: 64 }).notNull().unique(),
+		.notNull()
-  takenBy: text("taken_by", { length: 100 }).notNull(),
+		.references(() => users.id, { onDelete: "cascade" }),
-  scheduleDays: integer("schedule_days").notNull().default(30),
+	token: text("token", { length: 64 }).notNull().unique(),
-  createdAt: integer("created_at", { mode: "timestamp" }).notNull().default(sql`CURRENT_TIMESTAMP`),
+	takenBy: text("taken_by", { length: 100 }).notNull(),
-  expiresAt: integer("expires_at", { mode: "timestamp" }), // NULL = never expires
+	scheduleDays: integer("schedule_days").notNull().default(30),
 	createdAt: integer("created_at", { mode: "timestamp" }).notNull().default(sql`CURRENT_TIMESTAMP`),
 	expiresAt: integer("expires_at", { mode: "timestamp" }), // NULL = never expires
 });
 // =============================================================================
 // Dose Tracking - Tracks when doses are marked as taken
 // =============================================================================
 export const doseTracking = sqliteTable("dose_tracking", {
-  id: integer("id").primaryKey({ autoIncrement: true }),
+	id: integer("id").primaryKey({ autoIncrement: true }),
-  userId: integer("user_id").notNull().references(() => users.id, { onDelete: "cascade" }),
+	userId: integer("user_id")
-  doseId: text("dose_id", { length: 255 }).notNull(), // e.g. "med-5-1-86400000-1735200000000"
+		.notNull()
-  takenAt: integer("taken_at", { mode: "timestamp" }).notNull().default(sql`(strftime('%s','now'))`),
+		.references(() => users.id, { onDelete: "cascade" }),
-  markedBy: text("marked_by", { length: 100 }), // null = user, "Daniel" = via share link
+	doseId: text("dose_id", { length: 255 }).notNull(), // e.g. "med-5-1-86400000-1735200000000"
 	takenAt: integer("taken_at", { mode: "timestamp" }).notNull().default(sql`(strftime('%s','now'))`),
 	markedBy: text("marked_by", { length: 100 }), // null = user, "Daniel" = via share link
 	dismissed: integer("dismissed", { mode: "boolean" }).notNull().default(false), // true = missed dose acknowledged without taking
 });
 // =============================================================================
 // Refill History - Tracks when medication stock was refilled
 // =============================================================================
 export const refillHistory = sqliteTable("refill_history", {
 	id: integer("id").primaryKey({ autoIncrement: true }),
 	medicationId: integer("medication_id")
 		.notNull()
 		.references(() => medications.id, { onDelete: "cascade" }),
 	userId: integer("user_id")
 		.notNull()
 		.references(() => users.id, { onDelete: "cascade" }),
 	packsAdded: integer("packs_added").notNull().default(0),
 	loosePillsAdded: integer("loose_pills_added").notNull().default(0),
 	refillDate: integer("refill_date", { mode: "timestamp" }).notNull().default(sql`(strftime('%s','now'))`),
 });
@@ -1,193 +1,266 @@
 // Backend translations for notifications
 export type Language = "en" | "de";
 /**
 * Map timezone to region code (ISO 3166-1 alpha-2).
 * This allows combining app language with regional formatting.
 */
 const TIMEZONE_TO_REGION: Record<string, string> = {
 	// Europe
 	"Europe/Berlin": "DE",
 	"Europe/Vienna": "AT",
 	"Europe/Zurich": "CH",
 	"Europe/London": "GB",
 	"Europe/Dublin": "IE",
 	"Europe/Paris": "FR",
 	"Europe/Madrid": "ES",
 	"Europe/Rome": "IT",
 	"Europe/Amsterdam": "NL",
 	"Europe/Brussels": "BE",
 	"Europe/Warsaw": "PL",
 	"Europe/Prague": "CZ",
 	"Europe/Stockholm": "SE",
 	"Europe/Oslo": "NO",
 	"Europe/Copenhagen": "DK",
 	"Europe/Helsinki": "FI",
 	"Europe/Athens": "GR",
 	"Europe/Lisbon": "PT",
 	"Europe/Moscow": "RU",
 	"Europe/Kiev": "UA",
 	"Europe/Kyiv": "UA",
 	"Europe/Budapest": "HU",
 	"Europe/Bucharest": "RO",
 	// Americas
 	"America/New_York": "US",
 	"America/Chicago": "US",
 	"America/Denver": "US",
 	"America/Los_Angeles": "US",
 	"America/Phoenix": "US",
 	"America/Toronto": "CA",
 	"America/Vancouver": "CA",
 	"America/Mexico_City": "MX",
 	"America/Sao_Paulo": "BR",
 	"America/Buenos_Aires": "AR",
 	// Asia/Pacific
 	"Asia/Tokyo": "JP",
 	"Asia/Shanghai": "CN",
 	"Asia/Hong_Kong": "HK",
 	"Asia/Singapore": "SG",
 	"Asia/Seoul": "KR",
 	"Asia/Dubai": "AE",
 	"Asia/Kolkata": "IN",
 	"Australia/Sydney": "AU",
 	"Australia/Melbourne": "AU",
 	"Pacific/Auckland": "NZ",
 };
 /**
 * Get region code from TZ environment variable.
 */
 function getRegionFromTimezone(): string | undefined {
 	const tz = process.env.TZ;
 	if (!tz) return undefined;
 	return TIMEZONE_TO_REGION[tz];
 }
 type TranslationKeys = {
-  // Stock reminder email
+	// Stock reminder email
-  stockReminder: {
+	stockReminder: {
-    subject: string;
+		subject: string;
-    title: string;
+		title: string;
-    description: string;
+		description: string;
-    alertSingle: string;
+		alertSingle: string;
-    alertMultiple: string;
+		alertMultiple: string;
-    tableHeaders: {
+		tableHeaders: {
-      medication: string;
+			medication: string;
-      pills: string;
+			pills: string;
-      days: string;
+			days: string;
-      runsOut: string;
+			runsOut: string;
-    };
+		};
-    footer: string;
+		footer: string;
-    repeatDailyNote: string;
+		repeatDailyNote: string;
-  };
+	};
-  // Intake reminder email
+	// Intake reminder email
-  intakeReminder: {
+	intakeReminder: {
-    subject: string;
+		subject: string;
-    title: string;
+		title: string;
-    description: string;
+		description: string;
-    alertSingle: string;
+		alertSingle: string;
-    alertMultiple: string;
+		alertMultiple: string;
-    tableHeaders: {
+		tableHeaders: {
-      medication: string;
+			medication: string;
-      dosage: string;
+			dosage: string;
-      time: string;
+			time: string;
-    };
+		};
-    pills: string;
+		pills: string;
-    takenBy: string;
+		takenBy: string;
-    footer: string;
+		footer: string;
-  };
+	};
-  // Push notifications
+	// Push notifications
-  push: {
+	push: {
-    stockTitle: string;
+		stockTitle: string;
-    stockTitleMultiple: string;
+		stockTitleMultiple: string;
-    intakeTitle: string;
+		intakeTitle: string;
-    pillsLeft: string;
+		pillsLeft: string;
-    daysLeft: string;
+		daysLeft: string;
-    pillsAt: string;
+		pillsAt: string;
-    repeatDailyNote: string;
+		repeatDailyNote: string;
-    empty: string;
+		empty: string;
-    low: string;
+		low: string;
-    reorderNow: string;
+		reorderNow: string;
-    emptySection: string;
+		emptySection: string;
-    lowSection: string;
+		lowSection: string;
-  };
+	};
-  // Common
+	// Common
-  common: {
+	common: {
-    pill: string;
+		pill: string;
-    pills: string;
+		pills: string;
-    day: string;
+		day: string;
-    days: string;
+		days: string;
-    soon: string;
+		soon: string;
-  };
+	};
 };
 const translations: Record<Language, TranslationKeys> = {
-  en: {
+	en: {
-    stockReminder: {
+		stockReminder: {
-      subject: "MedAssist-ng Auto-Reminder: {count} Medication{s} Running Low",
+			subject: "MedAssist-ng Auto-Reminder: {count} Medication{s} Running Low",
-      title: "⚠️ MedAssist-ng - Automatic Reorder Reminder",
+			title: "⚠️ MedAssist-ng - Automatic Reorder Reminder",
-      description: "The following medications are running low and need to be reordered:",
+			description: "The following medications are running low and need to be reordered:",
-      alertSingle: "⚠️ 1 medication running low!",
+			alertSingle: "⚠️ 1 medication running low!",
-      alertMultiple: "⚠️ {count} medications running low!",
+			alertMultiple: "⚠️ {count} medications running low!",
-      tableHeaders: {
+			tableHeaders: {
-        medication: "Medication",
+				medication: "Medication",
-        pills: "Pills",
+				pills: "Pills",
-        days: "Days",
+				days: "Days",
-        runsOut: "Runs Out",
+				runsOut: "Runs Out",
-      },
+			},
-      footer: "🤖 Automatic reminder from MedAssist-ng",
+			footer: "🤖 Automatic reminder from MedAssist-ng",
-      repeatDailyNote: "You are receiving this daily reminder because 'Repeat Daily' is enabled in settings.",
+			repeatDailyNote: "You are receiving this daily reminder because 'Repeat Daily' is enabled in settings.",
-    },
+		},
-    intakeReminder: {
+		intakeReminder: {
-      subject: "MedAssist-ng: Medication Reminder - {medications}",
+			subject: "MedAssist-ng: Medication Reminder - {medications}",
-      title: "💊 MedAssist-ng - Intake Reminder",
+			title: "💊 MedAssist-ng - Intake Reminder",
-      description: "Time to take your medication in {minutes} minutes:",
+			description: "Time to take your medication in {minutes} minutes:",
-      alertSingle: "💊 1 medication scheduled",
+			alertSingle: "💊 1 medication scheduled",
-      alertMultiple: "💊 {count} medications scheduled",
+			alertMultiple: "💊 {count} medications scheduled",
-      tableHeaders: {
+			tableHeaders: {
-        medication: "Medication",
+				medication: "Medication",
-        dosage: "Dosage",
+				dosage: "Dosage",
-        time: "Time",
+				time: "Time",
-      },
+			},
-      pills: "pills",
+			pills: "pills",
-      takenBy: "for {name}",
+			takenBy: "for {name}",
-      footer: "🤖 Automatic reminder from MedAssist-ng",
+			footer: "🤖 Automatic reminder from MedAssist-ng",
-    },
+		},
-    push: {
+		push: {
-      stockTitle: "MedAssist-ng: 1 Medication Running Low",
+			stockTitle: "MedAssist-ng: 1 Medication Running Low",
-      stockTitleMultiple: "MedAssist-ng: {count} Medications Running Low",
+			stockTitleMultiple: "MedAssist-ng: {count} Medications Running Low",
-      intakeTitle: "💊 Medication Reminder in {minutes} min",
+			intakeTitle: "💊 Medication Reminder in {minutes} min",
-      pillsLeft: "{count} pills",
+			pillsLeft: "{count} pills",
-      daysLeft: "{count} days left",
+			daysLeft: "{count} days left",
-      pillsAt: "{count} pills at {time}",
+			pillsAt: "{count} pills at {time}",
-      repeatDailyNote: "(Daily reminder enabled)",
+			repeatDailyNote: "(Daily reminder enabled)",
-      empty: "Empty",
+			empty: "Empty",
-      low: "Low",
+			low: "Low",
-      reorderNow: "Reorder Now!",
+			reorderNow: "Reorder Now!",
-      emptySection: "EMPTY (reorder immediately)",
+			emptySection: "EMPTY (reorder immediately)",
-      lowSection: "RUNNING LOW (reorder soon)",
+			lowSection: "RUNNING LOW (reorder soon)",
-    },
+		},
-    common: {
+		common: {
-      pill: "pill",
+			pill: "pill",
-      pills: "pills",
+			pills: "pills",
-      day: "day",
+			day: "day",
-      days: "days",
+			days: "days",
-      soon: "soon",
+			soon: "soon",
-    },
+		},
-  },
+	},
-  de: {
+	de: {
-    stockReminder: {
+		stockReminder: {
-      subject: "MedAssist-ng Auto-Erinnerung: {count} Medikament{e} wird knapp",
+			subject: "MedAssist-ng Auto-Erinnerung: {count} Medikament{e} wird knapp",
-      title: "⚠️ MedAssist-ng - Automatische Nachbestell-Erinnerung",
+			title: "⚠️ MedAssist-ng - Automatische Nachbestell-Erinnerung",
-      description: "Die folgenden Medikamente gehen zur Neige und sollten nachbestellt werden:",
+			description: "Die folgenden Medikamente gehen zur Neige und sollten nachbestellt werden:",
-      alertSingle: "⚠️ 1 Medikament wird knapp!",
+			alertSingle: "⚠️ 1 Medikament wird knapp!",
-      alertMultiple: "⚠️ {count} Medikamente werden knapp!",
+			alertMultiple: "⚠️ {count} Medikamente werden knapp!",
-      tableHeaders: {
+			tableHeaders: {
-        medication: "Medikament",
+				medication: "Medikament",
-        pills: "Tabletten",
+				pills: "Tabletten",
-        days: "Tage",
+				days: "Tage",
-        runsOut: "Aufgebraucht",
+				runsOut: "Aufgebraucht",
-      },
+			},
-      footer: "🤖 Automatische Erinnerung von MedAssist-ng",
+			footer: "🤖 Automatische Erinnerung von MedAssist-ng",
-      repeatDailyNote: "Sie erhalten diese tägliche Erinnerung, weil 'Täglich wiederholen' in den Einstellungen aktiviert ist.",
+			repeatDailyNote:
-    },
+				"Sie erhalten diese tägliche Erinnerung, weil 'Täglich wiederholen' in den Einstellungen aktiviert ist.",
-    intakeReminder: {
+		},
-      subject: "MedAssist-ng: Einnahme-Erinnerung - {medications}",
+		intakeReminder: {
-      title: "💊 MedAssist-ng - Einnahme-Erinnerung",
+			subject: "MedAssist-ng: Einnahme-Erinnerung - {medications}",
-      description: "Zeit für Ihre Medikamente in {minutes} Minuten:",
+			title: "💊 MedAssist-ng - Einnahme-Erinnerung",
-      alertSingle: "💊 1 Medikament geplant",
+			description: "Zeit für Ihre Medikamente in {minutes} Minuten:",
-      alertMultiple: "💊 {count} Medikamente geplant",
+			alertSingle: "💊 1 Medikament geplant",
-      tableHeaders: {
+			alertMultiple: "💊 {count} Medikamente geplant",
-        medication: "Medikament",
+			tableHeaders: {
-        dosage: "Dosis",
+				medication: "Medikament",
-        time: "Uhrzeit",
+				dosage: "Dosis",
-      },
+				time: "Uhrzeit",
-      pills: "Tabletten",
+			},
-      takenBy: "für {name}",
+			pills: "Tabletten",
-      footer: "🤖 Automatische Erinnerung von MedAssist-ng",
+			takenBy: "für {name}",
-    },
+			footer: "🤖 Automatische Erinnerung von MedAssist-ng",
-    push: {
+		},
-      stockTitle: "MedAssist-ng: 1 Medikament wird knapp",
+		push: {
-      stockTitleMultiple: "MedAssist-ng: {count} Medikamente werden knapp",
+			stockTitle: "MedAssist-ng: 1 Medikament wird knapp",
-      intakeTitle: "💊 Einnahme-Erinnerung in {minutes} Min.",
+			stockTitleMultiple: "MedAssist-ng: {count} Medikamente werden knapp",
-      pillsLeft: "{count} Tabletten",
+			intakeTitle: "💊 Einnahme-Erinnerung in {minutes} Min.",
-      daysLeft: "{count} Tage übrig",
+			pillsLeft: "{count} Tabletten",
-      pillsAt: "{count} Tabletten um {time}",
+			daysLeft: "{count} Tage übrig",
-      repeatDailyNote: "(Tägliche Erinnerung aktiviert)",
+			pillsAt: "{count} Tabletten um {time}",
-      empty: "Leer",
+			repeatDailyNote: "(Tägliche Erinnerung aktiviert)",
-      low: "Knapp",
+			empty: "Leer",
-      reorderNow: "Jetzt nachbestellen!",
+			low: "Knapp",
-      emptySection: "LEER (sofort nachbestellen)",
+			reorderNow: "Jetzt nachbestellen!",
-      lowSection: "WIRD KNAPP (bald nachbestellen)",
+			emptySection: "LEER (sofort nachbestellen)",
-    },
+			lowSection: "WIRD KNAPP (bald nachbestellen)",
-    common: {
+		},
-      pill: "Tablette",
+		common: {
-      pills: "Tabletten",
+			pill: "Tablette",
-      day: "Tag",
+			pills: "Tabletten",
-      days: "Tage",
+			day: "Tag",
-      soon: "bald",
+			days: "Tage",
-    },
+			soon: "bald",
-  },
+		},
 	},
 };
 export function getTranslations(language: Language): TranslationKeys {
-  return translations[language] || translations.en;
+	return translations[language] || translations.en;
 }
 // Helper function to replace placeholders in strings
 export function t(template: string, params: Record<string, string | number> = {}): string {
-  let result = template;
+	let result = template;
-  for (const [key, value] of Object.entries(params)) {
+	for (const [key, value] of Object.entries(params)) {
-    result = result.replace(new RegExp(`\\{${key}\\}`, "g"), String(value));
+		result = result.replace(new RegExp(`\\{${key}\\}`, "g"), String(value));
-  }
+	}
-  return result;
+	return result;
 }
-// Get date locale for toLocaleDateString
+/**
 * Get locale for formatting based on language and timezone region.
 * Combines language (en/de) with region from timezone (DE/US/etc.)
 * Example: lang=en + TZ=Europe/Berlin → en-DE (English text, German format = 24h time)
 */
 export function getDateLocale(language: Language): string {
-  switch (language) {
+	const region = getRegionFromTimezone();
-    case "de":
+
-      return "de-DE";
+	if (region) {
-    case "en":
+		return `${language}-${region}`;
-    default:
+	}
-      return "en-US";
+
-  }
+	// Fallback: use language default
 	switch (language) {
 		case "de":
 			return "de-DE";
 		default:
 			return "en-US";
 	}
 }
@@ -1,100 +1,180 @@
-import Fastify from "fastify";
+import { existsSync } from "node:fs";
-import helmet from "@fastify/helmet";
+import { resolve } from "node:path";
 import cookie from "@fastify/cookie";
 import cors from "@fastify/cors";
-import rateLimit from "@fastify/rate-limit";
+import helmet from "@fastify/helmet";
 import sensible from "@fastify/sensible";
 import cookie, { CookieSerializeOptions } from "@fastify/cookie";
 import jwt from "@fastify/jwt";
 import fastifyMultipart from "@fastify/multipart";
 import rateLimit from "@fastify/rate-limit";
 import sensible from "@fastify/sensible";
 import fastifyStatic from "@fastify/static";
-import { resolve } from "path";
+import Fastify, { type FastifyInstance } from "fastify";
 import { existsSync, mkdirSync } from "fs";
 import { env } from "./plugins/env.js";
 import { migrationsReady } from "./db/client.js";
-import { healthRoutes } from "./routes/health.js";
+import { env } from "./plugins/env.js";
 import { authRoutes } from "./routes/auth.js";
 import { oidcRoutes } from "./routes/oidc.js";
 import { medicationRoutes } from "./routes/medications.js";
 import { settingsRoutes } from "./routes/settings.js";
 import { plannerRoutes } from "./routes/planner.js";
 import { shareRoutes } from "./routes/share.js";
 import { doseRoutes } from "./routes/doses.js";
-import { startReminderScheduler } from "./services/reminder-scheduler.js";
+import { exportRoutes } from "./routes/export.js";
 import { healthRoutes } from "./routes/health.js";
 import { medicationRoutes } from "./routes/medications.js";
 import { oidcRoutes } from "./routes/oidc.js";
 import { plannerRoutes } from "./routes/planner.js";
 import { refillRoutes } from "./routes/refills.js";
 import { settingsRoutes } from "./routes/settings.js";
 import { shareRoutes } from "./routes/share.js";
 import { startIntakeReminderScheduler } from "./services/intake-reminder-scheduler.js";
 import { startReminderScheduler } from "./services/reminder-scheduler.js";
 // Re-export utilities from server-config for external use
 export {
 	buildAppConfig,
 	buildBaseCookieOptions,
 	buildRefreshCookieOptions,
 	ensureImagesDirectory,
 	getJwtConfig,
 	parseCorsOrigins,
 } from "./utils/server-config.js";
 import {
 	buildAppConfig,
 	buildBaseCookieOptions,
 	buildRefreshCookieOptions,
 	ensureImagesDirectory,
 	getJwtConfig,
 	parseCorsOrigins,
 } from "./utils/server-config.js";
 /** Create and configure Fastify app (without starting) */
 export async function createApp(options?: {
 	logLevel?: string;
 	corsOrigins?: string[];
 	authEnabled?: boolean;
 	jwtSecret?: string;
 	refreshSecret?: string;
 	cookieSecret?: string;
 	accessTtlMinutes?: number;
 	refreshTtlDays?: number;
 	isProduction?: boolean;
 	imagesDir?: string;
 }): Promise<FastifyInstance> {
 	const opts = {
 		logLevel: options?.logLevel ?? "info",
 		corsOrigins: options?.corsOrigins ?? ["http://localhost:5173"],
 		authEnabled: options?.authEnabled ?? false,
 		jwtSecret: options?.jwtSecret,
 		refreshSecret: options?.refreshSecret,
 		cookieSecret: options?.cookieSecret ?? "dev-cookie-secret",
 		accessTtlMinutes: options?.accessTtlMinutes ?? 15,
 		refreshTtlDays: options?.refreshTtlDays ?? 7,
 		isProduction: options?.isProduction ?? false,
 		imagesDir: options?.imagesDir ?? resolve(process.cwd(), "data/images"),
 	};
 	const app = Fastify({
 		logger: { level: opts.logLevel },
 	});
 	// Build config
 	const appConfig = buildAppConfig({
 		jwtSecret: opts.jwtSecret,
 		refreshSecret: opts.refreshSecret,
 		accessTtlMinutes: opts.accessTtlMinutes,
 		refreshTtlDays: opts.refreshTtlDays,
 		isProduction: opts.isProduction,
 	});
 	app.decorate("config", appConfig);
 	// Register plugins
 	await app.register(sensible);
 	await app.register(helmet);
 	await app.register(cors, { origin: opts.corsOrigins, credentials: true });
 	await app.register(rateLimit, { max: 300, timeWindow: "1 minute" });
 	await app.register(cookie, { secret: opts.cookieSecret });
 	// JWT plugin
 	const jwtConfig = getJwtConfig(opts.authEnabled, opts.jwtSecret);
 	await app.register(jwt, jwtConfig);
 	await app.register(fastifyMultipart, { limits: { fileSize: 10 * 1024 * 1024 } });
 	// Only register static if directory exists
 	if (existsSync(opts.imagesDir)) {
 		await app.register(fastifyStatic, {
 			root: opts.imagesDir,
 			prefix: "/images/",
 			decorateReply: false,
 		});
 	}
 	// Register routes
 	await app.register(healthRoutes);
 	await app.register(authRoutes);
 	await app.register(oidcRoutes);
 	await app.register(medicationRoutes);
 	await app.register(settingsRoutes);
 	await app.register(plannerRoutes);
 	await app.register(shareRoutes);
 	await app.register(doseRoutes);
 	await app.register(exportRoutes);
 	await app.register(refillRoutes);
 	return app;
 }
 // =============================================================================
 // Server initialization (runs on import)
 // =============================================================================
 // Wait for database migrations before anything else
 await migrationsReady;
 console.log("[DB] Migrations complete, starting server...");
 // Ensure images directory exists
-const imagesDir = resolve(process.cwd(), "data/images");
+const imagesDir = ensureImagesDirectory();
 if (!existsSync(imagesDir)) {
  mkdirSync(imagesDir, { recursive: true });
 }
 const app = Fastify({
-  logger: {
+	logger: {
-    level: env.LOG_LEVEL,
+		level: env.LOG_LEVEL,
-  },
+	},
 });
-const origins = env.CORS_ORIGINS.split(",").map((o) => o.trim()).filter(Boolean);
+const origins = parseCorsOrigins(env.CORS_ORIGINS);
 // Auth token TTLs (hardcoded - no need for user configuration)
-const accessTtlMinutes = env.ACCESS_TOKEN_TTL_MINUTES;  // Access token TTL
+const accessTtlMinutes = env.ACCESS_TOKEN_TTL_MINUTES; // Access token TTL
-const refreshTtlDays = env.REFRESH_TOKEN_TTL_DAYS;      // Refresh token TTL
+const refreshTtlDays = env.REFRESH_TOKEN_TTL_DAYS; // Refresh token TTL
-const baseCookieOptions: CookieSerializeOptions = {
+const baseCookieOptions = buildBaseCookieOptions(accessTtlMinutes, env.NODE_ENV === "production");
-  httpOnly: true,
+const refreshCookieOptions = buildRefreshCookieOptions(baseCookieOptions, refreshTtlDays);
  sameSite: "lax",
  secure: env.NODE_ENV === "production",
  path: "/",
  maxAge: accessTtlMinutes * 60,
 };
 const refreshCookieOptions: CookieSerializeOptions = {
  ...baseCookieOptions,
  maxAge: refreshTtlDays * 24 * 60 * 60,
 };
 // Config decorator - only include secrets if auth is enabled
 app.decorate("config", {
-  accessSecret: env.JWT_SECRET ?? "",
+	accessSecret: env.JWT_SECRET ?? "",
-  refreshSecret: env.REFRESH_SECRET ?? "",
+	refreshSecret: env.REFRESH_SECRET ?? "",
-  accessTtl: accessTtlMinutes,
+	accessTtl: accessTtlMinutes,
-  refreshTtl: refreshTtlDays,
+	refreshTtl: refreshTtlDays,
-  cookieOptions: baseCookieOptions,
+	cookieOptions: baseCookieOptions,
-  refreshCookieOptions,
+	refreshCookieOptions,
 });
 await app.register(sensible);
 await app.register(helmet);
 await app.register(cors, { origin: origins, credentials: true });
 await app.register(rateLimit, {
-  max: 100,
+	max: 100,
-  timeWindow: "1 minute",
+	timeWindow: "1 minute",
 });
 await app.register(cookie, { secret: env.COOKIE_SECRET ?? "dev-cookie-secret" });
 // JWT plugin - only register with valid secret if auth is enabled
-if (env.AUTH_ENABLED && env.JWT_SECRET) {
+const jwtConfig = getJwtConfig(env.AUTH_ENABLED, env.JWT_SECRET);
-  await app.register(jwt, { 
+await app.register(jwt, jwtConfig);
    secret: env.JWT_SECRET, 
    cookie: { cookieName: "access_token", signed: false } 
  });
 } else {
  // Dummy JWT for when auth is disabled - prevents errors
  await app.register(jwt, { 
    secret: "auth-disabled-no-secret-needed", 
    cookie: { cookieName: "access_token", signed: false } 
  });
 }
 await app.register(fastifyMultipart, { limits: { fileSize: 10 * 1024 * 1024 } }); // 10MB limit
 await app.register(fastifyStatic, {
-  root: imagesDir,
+	root: imagesDir,
-  prefix: "/images/",
+	prefix: "/images/",
-  decorateReply: false,
+	decorateReply: false,
 });
 await app.register(healthRoutes);
@@ -105,27 +185,29 @@ await app.register(settingsRoutes);
 await app.register(plannerRoutes);
 await app.register(shareRoutes);
 await app.register(doseRoutes);
 await app.register(exportRoutes);
 await app.register(refillRoutes);
 const start = async () => {
-  try {
+	try {
-    await app.listen({ port: env.PORT, host: "0.0.0.0" });
+		await app.listen({ port: env.PORT, host: "0.0.0.0" });
-    app.log.info(`Server running on ${env.PORT}`);
+		app.log.info(`Server running on ${env.PORT}`);
-    
+
-    // Start the automatic reminder scheduler
+		// Start the automatic reminder scheduler
-    startReminderScheduler({
+		startReminderScheduler({
-      info: (msg) => app.log.info(msg),
+			info: (msg) => app.log.info(msg),
-      error: (msg) => app.log.error(msg),
+			error: (msg) => app.log.error(msg),
-    });
+		});
-    
+
-    // Start the intake reminder scheduler (checks every minute)
+		// Start the intake reminder scheduler (checks every minute)
-    startIntakeReminderScheduler({
+		startIntakeReminderScheduler({
-      info: (msg) => app.log.info(msg),
+			info: (msg) => app.log.info(msg),
-      error: (msg) => app.log.error(msg),
+			error: (msg) => app.log.error(msg),
-    });
+		});
-  } catch (err) {
+	} catch (err) {
-    app.log.error(err);
+		app.log.error(err);
-    process.exit(1);
+		process.exit(1);
-  }
+	}
 };
 start();
@@ -1,8 +1,8 @@
-import { FastifyInstance, FastifyRequest, FastifyReply } from "fastify";
+import { count, eq, sql } from "drizzle-orm";
-import { env } from "./env.js";
+import type { FastifyInstance, FastifyReply, FastifyRequest } from "fastify";
 import { db } from "../db/client.js";
 import { users } from "../db/schema.js";
-import { sql, count, eq } from "drizzle-orm";
+import { env } from "./env.js";
 // =============================================================================
 // Anonymous User - Used when AUTH_ENABLED=false
@@ -17,67 +17,67 @@ let anonymousUserVerified = false;
 * Uses a fixed ID (999999999) that will never collide with auto-increment IDs.
 */
 export async function getAnonymousUserId(): Promise<number> {
-  // Return cached if already verified
+	// Return cached if already verified
-  if (anonymousUserVerified) {
+	if (anonymousUserVerified) {
-    return ANONYMOUS_USER_ID;
+		return ANONYMOUS_USER_ID;
-  }
+	}
-  // Check if anonymous user exists
+	// Check if anonymous user exists
-  const [existing] = await db.select().from(users).where(eq(users.id, ANONYMOUS_USER_ID));
+	const [existing] = await db.select().from(users).where(eq(users.id, ANONYMOUS_USER_ID));
  if (existing) {
    anonymousUserVerified = true;
    return ANONYMOUS_USER_ID;
  }
-  // Create anonymous user with fixed ID (SQLite allows explicit ID)
+	if (existing) {
-  await db.run(sql`
+		anonymousUserVerified = true;
 		return ANONYMOUS_USER_ID;
 	}
 	// Create anonymous user with fixed ID (SQLite allows explicit ID)
 	await db.run(sql`
    INSERT INTO users (id, username, password_hash, auth_provider, is_active, created_at, updated_at)
    VALUES (${ANONYMOUS_USER_ID}, ${ANONYMOUS_USERNAME}, NULL, 'anonymous', 1, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP)
  `);
-  anonymousUserVerified = true;
+	anonymousUserVerified = true;
-  console.log(`Created anonymous user with fixed ID ${ANONYMOUS_USER_ID} for no-auth mode`);
+	console.log(`Created anonymous user with fixed ID ${ANONYMOUS_USER_ID} for no-auth mode`);
-  
+
-  return ANONYMOUS_USER_ID;
+	return ANONYMOUS_USER_ID;
 }
 // =============================================================================
 // Auth State - Computed at runtime
 // =============================================================================
 export interface AuthState {
-  authEnabled: boolean;
+	authEnabled: boolean;
-  registrationEnabled: boolean;
+	registrationEnabled: boolean;
-  localAuthEnabled: boolean;
+	localAuthEnabled: boolean;
-  oidcEnabled: boolean;
+	oidcEnabled: boolean;
-  oidcProviderName: string;
+	oidcProviderName: string;
-  hasUsers: boolean;
+	hasUsers: boolean;
-  needsSetup: boolean;
+	needsSetup: boolean;
 }
 export async function getAuthState(): Promise<AuthState> {
-  // Count only real users (not the anonymous user with fixed ID)
+	// Count only real users (not the anonymous user with fixed ID)
-  const [result] = await db.select({ count: count() }).from(users).where(sql`${users.id} != ${ANONYMOUS_USER_ID}`);
+	const [result] = await db.select({ count: count() }).from(users).where(sql`${users.id} != ${ANONYMOUS_USER_ID}`);
-  const hasUsers = result.count > 0;
+	const hasUsers = result.count > 0;
-  
+
-  return {
+	return {
-    authEnabled: env.AUTH_ENABLED,
+		authEnabled: env.AUTH_ENABLED,
-    // Registration: enabled via ENV OR no users exist (first-time setup)
+		// Registration: enabled via ENV OR no users exist (first-time setup)
-    registrationEnabled: env.REGISTRATION_ENABLED || !hasUsers,
+		registrationEnabled: env.REGISTRATION_ENABLED || !hasUsers,
-    localAuthEnabled: env.AUTH_ENABLED,  // Password auth available when auth is enabled
+		localAuthEnabled: env.AUTH_ENABLED, // Password auth available when auth is enabled
-    oidcEnabled: env.OIDC_ENABLED,
+		oidcEnabled: env.OIDC_ENABLED,
-    oidcProviderName: env.OIDC_PROVIDER_NAME,
+		oidcProviderName: env.OIDC_PROVIDER_NAME,
-    hasUsers,
+		hasUsers,
-    needsSetup: env.AUTH_ENABLED && !hasUsers,
+		needsSetup: env.AUTH_ENABLED && !hasUsers,
-  };
+	};
 }
 // =============================================================================
 // Request User Type (no roles - all users are equal)
 // =============================================================================
 export interface RequestUser {
-  id: number;
+	id: number;
-  username: string;
+	username: string;
 }
 // =============================================================================
@@ -87,78 +87,78 @@ export interface RequestUser {
 /**
 * Optional auth - verifies JWT if present, but doesn't require it
 */
-export async function optionalAuth(request: FastifyRequest, reply: FastifyReply) {
+export async function optionalAuth(request: FastifyRequest, _reply: FastifyReply) {
-  if (!env.AUTH_ENABLED) {
+	if (!env.AUTH_ENABLED) {
-    return;
+		return;
-  }
+	}
-  const token = request.cookies.access_token;
+	const token = request.cookies.access_token;
-  if (!token) {
+	if (!token) {
-    return;
+		return;
-  }
+	}
-  try {
+	try {
-    const decoded = await request.jwtVerify<{ sub: number; username: string }>();
+		const decoded = await request.jwtVerify<{ sub: number; username: string }>();
-    const [user] = await db.select().from(users).where(sql`${users.id} = ${decoded.sub}`);
+		const [user] = await db.select().from(users).where(sql`${users.id} = ${decoded.sub}`);
-    if (user && user.isActive) {
+		if (user?.isActive) {
-      request.user = {
+			request.user = {
-        id: user.id,
+				id: user.id,
-        username: user.username,
+				username: user.username,
-      };
+			};
-    }
+		}
-  } catch {
+	} catch {
-    // Invalid token, continue as anonymous
+		// Invalid token, continue as anonymous
-  }
+	}
 }
 /**
 * Required auth - requires valid JWT when auth is enabled
 */
 export async function requireAuth(request: FastifyRequest, reply: FastifyReply) {
-  if (!env.AUTH_ENABLED) {
+	if (!env.AUTH_ENABLED) {
-    return;
+		return;
-  }
+	}
-  const token = request.cookies.access_token;
+	const token = request.cookies.access_token;
-  if (!token) {
+	if (!token) {
-    reply.status(401).send({ error: "Authentication required", code: "AUTH_REQUIRED" });
+		reply.status(401).send({ error: "Authentication required", code: "AUTH_REQUIRED" });
-    throw new Error("AUTH_REQUIRED");
+		throw new Error("AUTH_REQUIRED");
-  }
+	}
-  try {
+	try {
-    const decoded = await request.jwtVerify<{ sub: number; username: string }>();
+		const decoded = await request.jwtVerify<{ sub: number; username: string }>();
-    const [user] = await db.select().from(users).where(sql`${users.id} = ${decoded.sub}`);
+		const [user] = await db.select().from(users).where(sql`${users.id} = ${decoded.sub}`);
    if (!user) {
      reply.status(401).send({ error: "User not found", code: "USER_NOT_FOUND" });
      throw new Error("USER_NOT_FOUND");
    }
    if (!user.isActive) {
      reply.status(401).send({ error: "Account disabled", code: "ACCOUNT_DISABLED" });
      throw new Error("ACCOUNT_DISABLED");
    }
-    request.user = {
+		if (!user) {
-      id: user.id,
+			reply.status(401).send({ error: "User not found", code: "USER_NOT_FOUND" });
-      username: user.username,
+			throw new Error("USER_NOT_FOUND");
-    };
+		}
-  } catch (err: any) {
+
-    // Re-throw our own errors
+		if (!user.isActive) {
-    if (err?.message === "AUTH_REQUIRED" || err?.message === "USER_NOT_FOUND" || err?.message === "ACCOUNT_DISABLED") {
+			reply.status(401).send({ error: "Account disabled", code: "ACCOUNT_DISABLED" });
-      throw err;
+			throw new Error("ACCOUNT_DISABLED");
-    }
+		}
-    // JWT verification failed
+
-    reply.status(401).send({ error: "Invalid or expired token", code: "INVALID_TOKEN" });
+		request.user = {
-    throw new Error("INVALID_TOKEN");
+			id: user.id,
-  }
+			username: user.username,
 		};
 	} catch (err: any) {
 		// Re-throw our own errors
 		if (err?.message === "AUTH_REQUIRED" || err?.message === "USER_NOT_FOUND" || err?.message === "ACCOUNT_DISABLED") {
 			throw err;
 		}
 		// JWT verification failed
 		reply.status(401).send({ error: "Invalid or expired token", code: "INVALID_TOKEN" });
 		throw new Error("INVALID_TOKEN");
 	}
 }
 /**
 * Auth state endpoint plugin
 */
 export async function authPlugin(app: FastifyInstance) {
-  app.get("/auth/state", async () => {
+	app.get("/auth/state", async () => {
-    return getAuthState();
+		return getAuthState();
-  });
+	});
 }
@@ -1,45 +1,65 @@
 import { z } from "zod";
 import dotenv from "dotenv";
 import { z } from "zod";
 dotenv.config({ path: process.env.DOTENV_PATH || ".env" });
 const EnvSchema = z.object({
-  NODE_ENV: z.enum(["development", "production", "test"]).default("production"),
+	NODE_ENV: z.enum(["development", "production", "test"]).default("production"),
-  PORT: z.string().transform((v) => parseInt(v, 10)).default("3000"),
+	PORT: z
-  CORS_ORIGINS: z.string().default("http://localhost:5173,http://localhost:4173"),
+		.string()
-  LOG_LEVEL: z.string().default("info"),
+		.transform((v) => parseInt(v, 10))
-  
+		.default("3000"),
-  // ==========================================================================
+	CORS_ORIGINS: z.string().default("http://localhost:5173,http://localhost:4173"),
-  // Auth Configuration
+	LOG_LEVEL: z.string().default("info"),
  // ==========================================================================
  // Master switch: Enable/disable authentication (default: disabled for easy setup)
  AUTH_ENABLED: z.string().transform((v) => v === "true").default("false"),
  // Allow new user registrations (auto-enabled if no users exist)
  REGISTRATION_ENABLED: z.string().transform((v) => v === "true").default("false"),
  // Disable local auth when using SSO only
-  
+	// ==========================================================================
-  // JWT Secrets - only required when AUTH_ENABLED=true
+	// Auth Configuration
-  JWT_SECRET: z.string().min(10).optional(),
+	// ==========================================================================
-  REFRESH_SECRET: z.string().min(10).optional(),
+	// Master switch: Enable/disable authentication (default: disabled for easy setup)
-  COOKIE_SECRET: z.string().min(10).optional(),
+	AUTH_ENABLED: z
-  
+		.string()
-  // Token TTL settings
+		.transform((v) => v === "true")
-  ACCESS_TOKEN_TTL_MINUTES: z.string().transform((v) => parseInt(v, 10)).default("15"),
+		.default("false"),
-  REFRESH_TOKEN_TTL_DAYS: z.string().transform((v) => parseInt(v, 10)).default("7"),
+	// Allow new user registrations (auto-enabled if no users exist)
 	REGISTRATION_ENABLED: z
 		.string()
 		.transform((v) => v === "true")
 		.default("false"),
 	// Disable local auth when using SSO only
-  // ==========================================================================
+	// JWT Secrets - only required when AUTH_ENABLED=true
-  // OIDC SSO Configuration (Pocket ID, Authelia, etc.)
+	JWT_SECRET: z.string().min(10).optional(),
-  // ==========================================================================
+	REFRESH_SECRET: z.string().min(10).optional(),
-  OIDC_ENABLED: z.string().transform((v) => v === "true").default("false"),
+	COOKIE_SECRET: z.string().min(10).optional(),
-  OIDC_ISSUER_URL: z.string().url().optional(),  // e.g., https://auth.example.com
+
-  OIDC_CLIENT_ID: z.string().optional(),
+	// Token TTL settings
-  OIDC_CLIENT_SECRET: z.string().optional(),
+	ACCESS_TOKEN_TTL_MINUTES: z
-  OIDC_REDIRECT_URI: z.string().url().optional(),  // e.g., https://medassist.example.com/api/auth/oidc/callback
+		.string()
-  OIDC_SCOPES: z.string().default("openid profile email"),
+		.transform((v) => parseInt(v, 10))
-  OIDC_AUTO_CREATE_USERS: z.string().transform((v) => v === "true").default("true"),
+		.default("15"),
-  OIDC_USERNAME_CLAIM: z.string().default("preferred_username"),  // or 'email', 'sub'
+	REFRESH_TOKEN_TTL_DAYS: z
-  OIDC_PROVIDER_NAME: z.string().default("SSO"),  // Display name for UI button
+		.string()
 		.transform((v) => parseInt(v, 10))
 		.default("7"),
 	// ==========================================================================
 	// OIDC SSO Configuration (Pocket ID, Authelia, etc.)
 	// ==========================================================================
 	OIDC_ENABLED: z
 		.string()
 		.transform((v) => v === "true")
 		.default("false"),
 	OIDC_ISSUER_URL: z.string().url().optional(), // e.g., https://auth.example.com
 	OIDC_CLIENT_ID: z.string().optional(),
 	OIDC_CLIENT_SECRET: z.string().optional(),
 	OIDC_REDIRECT_URI: z.string().url().optional(), // e.g., https://medassist.example.com/api/auth/oidc/callback
 	OIDC_SCOPES: z.string().default("openid profile email"),
 	OIDC_AUTO_CREATE_USERS: z
 		.string()
 		.transform((v) => v === "true")
 		.default("true"),
 	OIDC_USERNAME_CLAIM: z.string().default("preferred_username"), // or 'email', 'sub'
 	OIDC_PROVIDER_NAME: z.string().default("SSO"), // Display name for UI button
 });
 export type Env = z.infer<typeof EnvSchema>;
@@ -47,62 +67,62 @@ export type Env = z.infer<typeof EnvSchema>;
 // Parse and validate
 let parsed: z.infer<typeof EnvSchema>;
 try {
-  parsed = EnvSchema.parse(process.env);
+	parsed = EnvSchema.parse(process.env);
 } catch (err) {
-  console.error("=".repeat(60));
+	console.error("=".repeat(60));
-  console.error("ENVIRONMENT CONFIGURATION ERROR");
+	console.error("ENVIRONMENT CONFIGURATION ERROR");
-  console.error("=".repeat(60));
+	console.error("=".repeat(60));
-  console.error(err);
+	console.error(err);
-  console.error("\nPlease check your .env file or environment variables.");
+	console.error("\nPlease check your .env file or environment variables.");
-  console.error("=".repeat(60));
+	console.error("=".repeat(60));
-  process.exit(1);
+	process.exit(1);
 }
 // Validate that secrets are provided when auth is enabled
 if (parsed.AUTH_ENABLED) {
-  const missing: string[] = [];
+	const missing: string[] = [];
-  if (!parsed.JWT_SECRET) missing.push("JWT_SECRET");
+	if (!parsed.JWT_SECRET) missing.push("JWT_SECRET");
-  if (!parsed.REFRESH_SECRET) missing.push("REFRESH_SECRET");
+	if (!parsed.REFRESH_SECRET) missing.push("REFRESH_SECRET");
-  if (!parsed.COOKIE_SECRET) missing.push("COOKIE_SECRET");
+	if (!parsed.COOKIE_SECRET) missing.push("COOKIE_SECRET");
-  
+
-  if (missing.length > 0) {
+	if (missing.length > 0) {
-    console.error("=".repeat(60));
+		console.error("=".repeat(60));
-    console.error("AUTHENTICATION CONFIGURATION ERROR");
+		console.error("AUTHENTICATION CONFIGURATION ERROR");
-    console.error("=".repeat(60));
+		console.error("=".repeat(60));
-    console.error(`AUTH_ENABLED=true but missing required secrets: ${missing.join(", ")}`);
+		console.error(`AUTH_ENABLED=true but missing required secrets: ${missing.join(", ")}`);
-    console.error("");
+		console.error("");
-    console.error("To fix this, either:");
+		console.error("To fix this, either:");
-    console.error("  1. Set these environment variables with secure random values:");
+		console.error("  1. Set these environment variables with secure random values:");
-    console.error("     Generate with: openssl rand -hex 32");
+		console.error("     Generate with: openssl rand -hex 32");
-    console.error("");
+		console.error("");
-    console.error("  2. Or disable authentication by removing AUTH_ENABLED=true");
+		console.error("  2. Or disable authentication by removing AUTH_ENABLED=true");
-    console.error("=".repeat(60));
+		console.error("=".repeat(60));
-    process.exit(1);
+		process.exit(1);
-  }
+	}
 }
 // Validate OIDC configuration when enabled
 if (parsed.OIDC_ENABLED) {
-  const missing: string[] = [];
+	const missing: string[] = [];
-  if (!parsed.OIDC_ISSUER_URL) missing.push("OIDC_ISSUER_URL");
+	if (!parsed.OIDC_ISSUER_URL) missing.push("OIDC_ISSUER_URL");
-  if (!parsed.OIDC_CLIENT_ID) missing.push("OIDC_CLIENT_ID");
+	if (!parsed.OIDC_CLIENT_ID) missing.push("OIDC_CLIENT_ID");
-  if (!parsed.OIDC_CLIENT_SECRET) missing.push("OIDC_CLIENT_SECRET");
+	if (!parsed.OIDC_CLIENT_SECRET) missing.push("OIDC_CLIENT_SECRET");
-  if (!parsed.OIDC_REDIRECT_URI) missing.push("OIDC_REDIRECT_URI");
+	if (!parsed.OIDC_REDIRECT_URI) missing.push("OIDC_REDIRECT_URI");
-  
+
-  if (missing.length > 0) {
+	if (missing.length > 0) {
-    console.error("=".repeat(60));
+		console.error("=".repeat(60));
-    console.error("OIDC CONFIGURATION ERROR");
+		console.error("OIDC CONFIGURATION ERROR");
-    console.error("=".repeat(60));
+		console.error("=".repeat(60));
-    console.error(`OIDC_ENABLED=true but missing required settings: ${missing.join(", ")}`);
+		console.error(`OIDC_ENABLED=true but missing required settings: ${missing.join(", ")}`);
-    console.error("");
+		console.error("");
-    console.error("Required OIDC settings:");
+		console.error("Required OIDC settings:");
-    console.error("  OIDC_ISSUER_URL=https://your-oidc-provider.com");
+		console.error("  OIDC_ISSUER_URL=https://your-oidc-provider.com");
-    console.error("  OIDC_CLIENT_ID=your-client-id");
+		console.error("  OIDC_CLIENT_ID=your-client-id");
-    console.error("  OIDC_CLIENT_SECRET=your-client-secret");
+		console.error("  OIDC_CLIENT_SECRET=your-client-secret");
-    console.error("  OIDC_REDIRECT_URI=https://your-app.com/api/auth/oidc/callback");
+		console.error("  OIDC_REDIRECT_URI=https://your-app.com/api/auth/oidc/callback");
-    console.error("=".repeat(60));
+		console.error("=".repeat(60));
-    process.exit(1);
+		process.exit(1);
-  }
+	}
 }
 export const env = parsed;
@@ -1,11 +1,10 @@
-import { FastifyInstance } from "fastify";
+import { randomBytes } from "node:crypto";
 import { z } from "zod";
 import argon2 from "argon2";
 import { randomBytes } from "crypto";
 import { db } from "../db/client.js";
 import { users, refreshTokens } from "../db/schema.js";
 import { eq } from "drizzle-orm";
-import { env } from "../plugins/env.js";
+import type { FastifyInstance } from "fastify";
 import { z } from "zod";
 import { db } from "../db/client.js";
 import { refreshTokens, users } from "../db/schema.js";
 import { getAuthState, requireAuth } from "../plugins/auth.js";
 import type { AuthUser } from "../types/fastify.js";
@@ -13,456 +12,566 @@ import type { AuthUser } from "../types/fastify.js";
 // Argon2id Configuration - State of the Art Password Hashing
 // =============================================================================
 const ARGON2_OPTIONS: argon2.Options = {
-  type: argon2.argon2id,       // Argon2id - best for password hashing
+	type: argon2.argon2id, // Argon2id - best for password hashing
-  memoryCost: 65536,           // 64 MB memory
+	memoryCost: 65536, // 64 MB memory
-  timeCost: 3,                 // 3 iterations
+	timeCost: 3, // 3 iterations
-  parallelism: 4,              // 4 parallel threads
+	parallelism: 4, // 4 parallel threads
-  hashLength: 32,              // 256-bit hash
+	hashLength: 32, // 256-bit hash
 };
 // =============================================================================
 // Rate Limiting Configuration for Auth Routes
 // =============================================================================
 // Stricter rate limits for authentication endpoints to prevent brute-force attacks
 // Note: Rate limiting is implemented via @fastify/rate-limit plugin registered in index.ts
 // and route-specific limits are applied via the 'config.rateLimit' option below.
 // CodeQL may not recognize this pattern - see: https://github.com/github/codeql/issues
 // lgtm[js/missing-rate-limiting]
 const authRateLimitConfig = {
 	max: 10, // 10 requests
 	timeWindow: "1 minute", // per minute
 	errorResponseBuilder: () => ({
 		error: "Too many requests. Please try again later.",
 		code: "RATE_LIMIT_EXCEEDED",
 	}),
 };
 // lgtm[js/missing-rate-limiting]
 const sensitiveRateLimitConfig = {
 	max: 5, // 5 requests
 	timeWindow: "15 minutes", // per 15 minutes (for login/register)
 	errorResponseBuilder: () => ({
 		error: "Too many attempts. Please try again later.",
 		code: "RATE_LIMIT_EXCEEDED",
 	}),
 };
 // =============================================================================
 // Validation Schemas
 // =============================================================================
 const registerSchema = z.object({
-  username: z.string()
+	username: z
-    .min(3, "Username must be at least 3 characters")
+		.string()
-    .max(50, "Username must be at most 50 characters")
+		.min(3, "Username must be at least 3 characters")
-    .regex(/^[a-zA-Z0-9_-]+$/, "Username can only contain letters, numbers, underscores, and hyphens"),
+		.max(50, "Username must be at most 50 characters")
-  password: z.string()
+		.regex(/^[a-zA-Z0-9_-]+$/, "Username can only contain letters, numbers, underscores, and hyphens"),
-    .min(8, "Password must be at least 8 characters")
+	password: z
-    .max(128, "Password must be at most 128 characters"),
+		.string()
 		.min(8, "Password must be at least 8 characters")
 		.max(128, "Password must be at most 128 characters"),
 });
 const loginSchema = z.object({
-  username: z.string().min(1, "Username is required"),
+	username: z.string().min(1, "Username is required"),
-  password: z.string().min(1, "Password is required"),
+	password: z.string().min(1, "Password is required"),
-  rememberMe: z.boolean().optional().default(false),
+	rememberMe: z.boolean().optional().default(false),
 });
 const updateProfileSchema = z.object({
-  currentPassword: z.string().optional(),
+	currentPassword: z.string().optional(),
-  newPassword: z.string()
+	newPassword: z
-    .min(8, "Password must be at least 8 characters")
+		.string()
-    .max(128, "Password must be at most 128 characters")
+		.min(8, "Password must be at least 8 characters")
-    .optional(),
+		.max(128, "Password must be at most 128 characters")
 		.optional(),
 });
 // =============================================================================
 // Auth Routes
 // =============================================================================
 export async function authRoutes(app: FastifyInstance) {
-  // Token TTLs
+	// Token TTLs
-  const accessTtlMinutes = 15;
+	const accessTtlMinutes = 15;
-  const refreshTtlDays = 14;
+	const refreshTtlDays = 14;
-  // ---------------------------------------------------------------------------
+	// ---------------------------------------------------------------------------
-  // GET /auth/state - Public auth state (needed before login)
+	// GET /auth/state - Public auth state (needed before login)
-  // ---------------------------------------------------------------------------
+	// Exempt from rate limit - lightweight state check called frequently
-  app.get("/auth/state", async () => {
+	// ---------------------------------------------------------------------------
-    return getAuthState();
+	app.get("/auth/state", { config: { rateLimit: false } }, async () => {
-  });
+		return getAuthState();
 	});
-  // ---------------------------------------------------------------------------
+	// ---------------------------------------------------------------------------
-  // POST /auth/register - User registration
+	// POST /auth/register - User registration
-  // ---------------------------------------------------------------------------
+	// ---------------------------------------------------------------------------
-  app.post<{ Body: z.infer<typeof registerSchema> }>("/auth/register", async (request, reply) => {
+	app.post<{ Body: z.infer<typeof registerSchema> }>(
-    // Check auth state
+		"/auth/register",
-    const state = await getAuthState();
+		{
-    
+			config: { rateLimit: sensitiveRateLimitConfig },
-    if (!state.authEnabled) {
+		},
-      return reply.status(400).send({ error: "Authentication is disabled", code: "AUTH_DISABLED" });
+		async (request, reply) => {
-    }
+			// Check auth state
-    
+			const state = await getAuthState();
    if (!state.registrationEnabled) {
      return reply.status(400).send({ error: "Registration is disabled", code: "REGISTRATION_DISABLED" });
    }
    if (!state.localAuthEnabled) {
      return reply.status(400).send({ error: "Local authentication is disabled", code: "LOCAL_AUTH_DISABLED" });
    }
-    // Validate input
+			if (!state.authEnabled) {
-    const parsed = registerSchema.safeParse(request.body);
+				return reply.status(400).send({ error: "Authentication is disabled", code: "AUTH_DISABLED" });
-    if (!parsed.success) {
+			}
      return reply.status(400).send({ 
        error: parsed.error.errors[0]?.message ?? "Invalid input",
        code: "VALIDATION_ERROR" 
      });
    }
-    const { username, password } = parsed.data;
+			if (!state.registrationEnabled) {
 				return reply.status(400).send({ error: "Registration is disabled", code: "REGISTRATION_DISABLED" });
 			}
-    // Check if username already exists
+			if (!state.localAuthEnabled) {
-    const [existingUser] = await db.select().from(users).where(eq(users.username, username));
+				return reply.status(400).send({ error: "Local authentication is disabled", code: "LOCAL_AUTH_DISABLED" });
-    if (existingUser) {
+			}
      return reply.status(409).send({ error: "Username already taken", code: "USERNAME_EXISTS" });
    }
-    // Hash password with Argon2id
+			// Validate input
-    const passwordHash = await argon2.hash(password, ARGON2_OPTIONS);
+			const parsed = registerSchema.safeParse(request.body);
 			if (!parsed.success) {
 				return reply.status(400).send({
 					error: parsed.error.errors[0]?.message ?? "Invalid input",
 					code: "VALIDATION_ERROR",
 				});
 			}
-    // Create user
+			const { username, password } = parsed.data;
    const [newUser] = await db.insert(users).values({
      username,
      passwordHash,
      authProvider: "local",
    }).returning();
-    app.log.info(`User registered: ${username}`);
+			// Check if username already exists
 			const [existingUser] = await db.select().from(users).where(eq(users.username, username));
 			if (existingUser) {
 				return reply.status(409).send({ error: "Username already taken", code: "USERNAME_EXISTS" });
 			}
-    return reply.status(201).send({
+			// Hash password with Argon2id
-      ok: true,
+			const passwordHash = await argon2.hash(password, ARGON2_OPTIONS);
      user: {
        id: newUser.id,
        username: newUser.username,
      },
      message: "Account created",
    });
  });
-  // ---------------------------------------------------------------------------
+			// Create user
-  // POST /auth/login - User login
+			const [newUser] = await db
-  // ---------------------------------------------------------------------------
+				.insert(users)
-  app.post<{ Body: z.infer<typeof loginSchema> }>("/auth/login", async (request, reply) => {
+				.values({
-    const state = await getAuthState();
+					username,
-    
+					passwordHash,
-    if (!state.authEnabled) {
+					authProvider: "local",
-      return reply.status(400).send({ error: "Authentication is disabled", code: "AUTH_DISABLED" });
+				})
-    }
+				.returning();
    if (!state.localAuthEnabled) {
      return reply.status(400).send({ error: "Local authentication is disabled", code: "LOCAL_AUTH_DISABLED" });
    }
-    const parsed = loginSchema.safeParse(request.body);
+			app.log.info(`User registered: ${username}`);
    if (!parsed.success) {
      return reply.status(400).send({ 
        error: "Invalid credentials",
        code: "VALIDATION_ERROR" 
      });
    }
-    const { username, password, rememberMe } = parsed.data;
+			return reply.status(201).send({
 				ok: true,
 				user: {
 					id: newUser.id,
 					username: newUser.username,
 				},
 				message: "Account created",
 			});
 		}
 	);
-    // Find user by username
+	// ---------------------------------------------------------------------------
-    const [user] = await db.select().from(users).where(eq(users.username, username));
+	// POST /auth/login - User login
-    
+	// ---------------------------------------------------------------------------
-    // Generic error to prevent user enumeration
+	app.post<{ Body: z.infer<typeof loginSchema> }>(
-    const invalidCredentialsError = () => 
+		"/auth/login",
-      reply.status(401).send({ error: "Invalid username or password", code: "INVALID_CREDENTIALS" });
+		{
 			config: { rateLimit: sensitiveRateLimitConfig },
 		},
 		async (request, reply) => {
 			const state = await getAuthState();
-    if (!user) {
+			if (!state.authEnabled) {
-      // Perform dummy hash to prevent timing attacks
+				return reply.status(400).send({ error: "Authentication is disabled", code: "AUTH_DISABLED" });
-      await argon2.hash("dummy", ARGON2_OPTIONS);
+			}
      return invalidCredentialsError();
    }
-    if (!user.isActive) {
+			if (!state.localAuthEnabled) {
-      return reply.status(401).send({ error: "Account disabled", code: "ACCOUNT_DISABLED" });
+				return reply.status(400).send({ error: "Local authentication is disabled", code: "LOCAL_AUTH_DISABLED" });
-    }
+			}
-    if (!user.passwordHash) {
+			const parsed = loginSchema.safeParse(request.body);
-      // SSO-only user trying local login
+			if (!parsed.success) {
-      return reply.status(401).send({ error: "Please use SSO to login", code: "SSO_ONLY" });
+				return reply.status(400).send({
-    }
+					error: "Invalid credentials",
 					code: "VALIDATION_ERROR",
 				});
 			}
-    // Verify password
+			const { username, password, rememberMe } = parsed.data;
    const valid = await argon2.verify(user.passwordHash, password, ARGON2_OPTIONS);
    if (!valid) {
      return invalidCredentialsError();
    }
-    // Update last login
+			// Find user by username
-    await db.update(users)
+			const [user] = await db.select().from(users).where(eq(users.username, username));
      .set({ lastLoginAt: new Date(), updatedAt: new Date() })
      .where(eq(users.id, user.id));
-    // Generate tokens
+			// Generic error to prevent user enumeration
-    const accessToken = app.jwt.sign(
+			const invalidCredentialsError = () =>
-      { sub: user.id, username: user.username },
+				reply.status(401).send({ error: "Invalid username or password", code: "INVALID_CREDENTIALS" });
      { expiresIn: `${accessTtlMinutes}m` }
    );
-    const tokenId = randomBytes(32).toString("hex");
+			if (!user) {
-    const refreshExp = new Date(Date.now() + refreshTtlDays * 24 * 60 * 60 * 1000);
+				// Perform dummy hash to prevent timing attacks
-    
+				await argon2.hash("dummy", ARGON2_OPTIONS);
-    await db.insert(refreshTokens).values({
+				return invalidCredentialsError();
-      userId: user.id,
+			}
      tokenId,
      expiresAt: refreshExp,
    });
-    const refreshToken = app.jwt.sign(
+			if (!user.isActive) {
-      { sub: user.id, jti: tokenId },
+				return reply.status(401).send({ error: "Account disabled", code: "ACCOUNT_DISABLED" });
-      { expiresIn: `${refreshTtlDays}d`, key: app.config.refreshSecret }
+			}
    );
-    app.log.info(`User logged in: ${username} (rememberMe: ${rememberMe})`);
+			if (!user.passwordHash) {
 				// SSO-only user trying local login
 				return reply.status(401).send({ error: "Please use SSO to login", code: "SSO_ONLY" });
 			}
-    // Cookie options: with maxAge for "remember me", without for session cookie
+			// Verify password
-    const accessCookieOptions = rememberMe 
+			const valid = await argon2.verify(user.passwordHash, password, ARGON2_OPTIONS);
-      ? app.config.cookieOptions 
+			if (!valid) {
-      : { ...app.config.cookieOptions, maxAge: undefined };
+				return invalidCredentialsError();
-    const refreshCookieOptions = rememberMe 
+			}
      ? app.config.refreshCookieOptions 
      : { ...app.config.refreshCookieOptions, maxAge: undefined };
-    return reply
+			// Update last login
-      .setCookie("access_token", accessToken, accessCookieOptions)
+			await db.update(users).set({ lastLoginAt: new Date(), updatedAt: new Date() }).where(eq(users.id, user.id));
      .setCookie("refresh_token", refreshToken, refreshCookieOptions)
      .send({
        ok: true,
        user: {
          id: user.id,
          username: user.username,
          avatarUrl: user.avatarUrl,
        },
      });
  });
-  // ---------------------------------------------------------------------------
+			// Generate tokens
-  // POST /auth/refresh - Refresh access token
+			const accessToken = app.jwt.sign(
-  // ---------------------------------------------------------------------------
+				{ sub: user.id, username: user.username },
-  app.post("/auth/refresh", async (request, reply) => {
+				{ expiresIn: `${accessTtlMinutes}m` }
-    const refreshTokenCookie = request.cookies.refresh_token;
+			);
    if (!refreshTokenCookie) {
      return reply.status(401).send({ error: "No refresh token", code: "NO_REFRESH_TOKEN" });
    }
-    try {
+			const tokenId = randomBytes(32).toString("hex");
-      // Verify refresh token
+			const refreshExp = new Date(Date.now() + refreshTtlDays * 24 * 60 * 60 * 1000);
      const decoded = app.jwt.verify<{ sub: number; jti: string }>(
        refreshTokenCookie,
        { key: app.config.refreshSecret }
      );
-      // Check if token exists and is valid
+			await db.insert(refreshTokens).values({
-      const [token] = await db.select().from(refreshTokens)
+				userId: user.id,
-        .where(eq(refreshTokens.tokenId, decoded.jti));
+				tokenId,
 				expiresAt: refreshExp,
 			});
-      if (!token || token.revoked || token.expiresAt < new Date()) {
+			const refreshToken = app.jwt.sign(
-        return reply.status(401).send({ error: "Invalid refresh token", code: "INVALID_REFRESH_TOKEN" });
+				{ sub: user.id, jti: tokenId },
-      }
+				{ expiresIn: `${refreshTtlDays}d`, key: app.config.refreshSecret }
 			);
-      // Get user
+			app.log.info(`User logged in: ${username} (rememberMe: ${rememberMe})`);
      const [user] = await db.select().from(users).where(eq(users.id, decoded.sub));
      if (!user || !user.isActive) {
        return reply.status(401).send({ error: "User not found or disabled", code: "USER_INVALID" });
      }
-      // Rotate refresh token (revoke old, create new)
+			// Cookie options: with maxAge for "remember me", without for session cookie
-      await db.update(refreshTokens)
+			const accessCookieOptions = rememberMe
-        .set({ revoked: true, rotatedAt: new Date() })
+				? app.config.cookieOptions
-        .where(eq(refreshTokens.id, token.id));
+				: { ...app.config.cookieOptions, maxAge: undefined };
 			const refreshCookieOptions = rememberMe
 				? app.config.refreshCookieOptions
 				: { ...app.config.refreshCookieOptions, maxAge: undefined };
-      const newTokenId = randomBytes(32).toString("hex");
+			return reply
-      const refreshExp = new Date(Date.now() + refreshTtlDays * 24 * 60 * 60 * 1000);
+				.setCookie("access_token", accessToken, accessCookieOptions)
-      
+				.setCookie("refresh_token", refreshToken, refreshCookieOptions)
-      await db.insert(refreshTokens).values({
+				.send({
-        userId: user.id,
+					ok: true,
-        tokenId: newTokenId,
+					user: {
-        expiresAt: refreshExp,
+						id: user.id,
-      });
+						username: user.username,
 						avatarUrl: user.avatarUrl,
 					},
 				});
 		}
 	);
-      // Generate new tokens
+	// ---------------------------------------------------------------------------
-      const newAccessToken = app.jwt.sign(
+	// POST /auth/refresh - Refresh access token
-        { sub: user.id, username: user.username },
+	// ---------------------------------------------------------------------------
-        { expiresIn: `${accessTtlMinutes}m` }
+	app.post(
-      );
+		"/auth/refresh",
 		{
 			config: { rateLimit: authRateLimitConfig },
 		},
 		async (request, reply) => {
 			const refreshTokenCookie = request.cookies.refresh_token;
 			if (!refreshTokenCookie) {
 				return reply.status(401).send({ error: "No refresh token", code: "NO_REFRESH_TOKEN" });
 			}
-      const newRefreshToken = app.jwt.sign(
+			try {
-        { sub: user.id, jti: newTokenId },
+				// Verify refresh token
-        { expiresIn: `${refreshTtlDays}d`, key: app.config.refreshSecret }
+				const decoded = app.jwt.verify<{ sub: number; jti: string }>(refreshTokenCookie, {
-      );
+					key: app.config.refreshSecret,
 				});
-      return reply
+				// Check if token exists and is valid
-        .setCookie("access_token", newAccessToken, app.config.cookieOptions)
+				const [token] = await db.select().from(refreshTokens).where(eq(refreshTokens.tokenId, decoded.jti));
        .setCookie("refresh_token", newRefreshToken, app.config.refreshCookieOptions)
        .send({ ok: true });
-    } catch {
+				if (!token || token.revoked || token.expiresAt < new Date()) {
-      return reply.status(401).send({ error: "Invalid refresh token", code: "INVALID_REFRESH_TOKEN" });
+					return reply.status(401).send({ error: "Invalid refresh token", code: "INVALID_REFRESH_TOKEN" });
-    }
+				}
  });
-  // ---------------------------------------------------------------------------
+				// Get user
-  // POST /auth/logout - Logout (revoke refresh token)
+				const [user] = await db.select().from(users).where(eq(users.id, decoded.sub));
-  // ---------------------------------------------------------------------------
+				if (!user || !user.isActive) {
-  app.post("/auth/logout", async (request, reply) => {
+					return reply.status(401).send({ error: "User not found or disabled", code: "USER_INVALID" });
-    const refreshTokenCookie = request.cookies.refresh_token;
+				}
    if (refreshTokenCookie) {
      try {
        const decoded = app.jwt.verify<{ jti: string }>(
          refreshTokenCookie,
          { key: app.config.refreshSecret }
        );
        // Revoke the refresh token
        await db.update(refreshTokens)
          .set({ revoked: true })
          .where(eq(refreshTokens.tokenId, decoded.jti));
      } catch {
        // Invalid token, ignore
      }
    }
-    return reply
+				// Rotate refresh token (revoke old, create new)
-      .clearCookie("access_token", app.config.cookieOptions)
+				await db
-      .clearCookie("refresh_token", app.config.refreshCookieOptions)
+					.update(refreshTokens)
-      .send({ ok: true });
+					.set({ revoked: true, rotatedAt: new Date() })
-  });
+					.where(eq(refreshTokens.id, token.id));
-  // ---------------------------------------------------------------------------
+				const newTokenId = randomBytes(32).toString("hex");
-  // GET /auth/me - Get current user profile
+				const refreshExp = new Date(Date.now() + refreshTtlDays * 24 * 60 * 60 * 1000);
  // ---------------------------------------------------------------------------
  app.get("/auth/me", { preHandler: requireAuth }, async (request, reply) => {
    const authUser = request.user as unknown as AuthUser | null;
    if (!authUser) {
      return reply.status(401).send({ error: "Not authenticated" });
    }
-    const [user] = await db.select().from(users).where(eq(users.id, authUser.id));
+				await db.insert(refreshTokens).values({
-    if (!user) {
+					userId: user.id,
-      return reply.status(404).send({ error: "User not found" });
+					tokenId: newTokenId,
-    }
+					expiresAt: refreshExp,
 				});
-    return {
+				// Generate new tokens
-      id: user.id,
+				const newAccessToken = app.jwt.sign(
-      username: user.username,
+					{ sub: user.id, username: user.username },
-      avatarUrl: user.avatarUrl,
+					{ expiresIn: `${accessTtlMinutes}m` }
-      authProvider: user.authProvider,
+				);
      createdAt: user.createdAt,
      lastLoginAt: user.lastLoginAt,
    };
  });
-  // ---------------------------------------------------------------------------
+				const newRefreshToken = app.jwt.sign(
-  // PUT /auth/me - Update current user profile
+					{ sub: user.id, jti: newTokenId },
-  // ---------------------------------------------------------------------------
+					{ expiresIn: `${refreshTtlDays}d`, key: app.config.refreshSecret }
-  app.put<{ Body: z.infer<typeof updateProfileSchema> }>("/auth/me", { preHandler: requireAuth }, async (request, reply) => {
+				);
    const authUser = request.user as unknown as AuthUser | null;
    if (!authUser) {
      return reply.status(401).send({ error: "Not authenticated" });
    }
-    const parsed = updateProfileSchema.safeParse(request.body);
+				return reply
-    if (!parsed.success) {
+					.setCookie("access_token", newAccessToken, app.config.cookieOptions)
-      return reply.status(400).send({ 
+					.setCookie("refresh_token", newRefreshToken, app.config.refreshCookieOptions)
-        error: parsed.error.errors[0]?.message ?? "Invalid input",
+					.send({ ok: true });
-        code: "VALIDATION_ERROR" 
+			} catch {
-      });
+				return reply.status(401).send({ error: "Invalid refresh token", code: "INVALID_REFRESH_TOKEN" });
-    }
+			}
 		}
 	);
-    const { currentPassword, newPassword } = parsed.data;
+	// ---------------------------------------------------------------------------
-    const [user] = await db.select().from(users).where(eq(users.id, authUser.id));
+	// POST /auth/logout - Logout (revoke refresh token)
 	// ---------------------------------------------------------------------------
 	app.post(
 		"/auth/logout",
 		{
 			config: { rateLimit: authRateLimitConfig },
 		},
 		async (request, reply) => {
 			const refreshTokenCookie = request.cookies.refresh_token;
-    if (!user) {
+			if (refreshTokenCookie) {
-      return reply.status(404).send({ error: "User not found" });
+				try {
-    }
+					const decoded = app.jwt.verify<{ jti: string }>(refreshTokenCookie, { key: app.config.refreshSecret });
-    const updates: Partial<typeof users.$inferInsert> = {
+					// Revoke the refresh token
-      updatedAt: new Date(),
+					await db.update(refreshTokens).set({ revoked: true }).where(eq(refreshTokens.tokenId, decoded.jti));
-    };
+				} catch {
 					// Invalid token, ignore
 				}
 			}
-    // Update password if provided
+			return reply
-    if (newPassword) {
+				.clearCookie("access_token", app.config.cookieOptions)
-      if (!currentPassword) {
+				.clearCookie("refresh_token", app.config.refreshCookieOptions)
-        return reply.status(400).send({ error: "Current password required", code: "CURRENT_PASSWORD_REQUIRED" });
+				.send({ ok: true });
-      }
+		}
 	);
-      if (!user.passwordHash) {
+	// ---------------------------------------------------------------------------
-        return reply.status(400).send({ error: "Cannot change password for SSO account", code: "SSO_ACCOUNT" });
+	// GET /auth/me - Get current user profile
-      }
+	// ---------------------------------------------------------------------------
 	app.get("/auth/me", { preHandler: requireAuth }, async (request, reply) => {
 		const authUser = request.user as unknown as AuthUser | null;
 		if (!authUser) {
 			return reply.status(401).send({ error: "Not authenticated" });
 		}
-      const valid = await argon2.verify(user.passwordHash, currentPassword, ARGON2_OPTIONS);
+		const [user] = await db.select().from(users).where(eq(users.id, authUser.id));
-      if (!valid) {
+		if (!user) {
-        return reply.status(401).send({ error: "Current password is incorrect", code: "INVALID_PASSWORD" });
+			return reply.status(404).send({ error: "User not found" });
-      }
+		}
-      updates.passwordHash = await argon2.hash(newPassword, ARGON2_OPTIONS);
+		return {
-    }
+			id: user.id,
 			username: user.username,
 			avatarUrl: user.avatarUrl,
 			authProvider: user.authProvider,
 			createdAt: user.createdAt,
 			lastLoginAt: user.lastLoginAt,
 		};
 	});
-    await db.update(users).set(updates).where(eq(users.id, user.id));
+	// ---------------------------------------------------------------------------
 	// PUT /auth/me - Update current user profile
 	// ---------------------------------------------------------------------------
 	app.put<{ Body: z.infer<typeof updateProfileSchema> }>(
 		"/auth/me",
 		{
 			preHandler: requireAuth,
 			config: { rateLimit: authRateLimitConfig },
 		},
 		async (request, reply) => {
 			const authUser = request.user as unknown as AuthUser | null;
 			if (!authUser) {
 				return reply.status(401).send({ error: "Not authenticated" });
 			}
-    return { ok: true, message: "Profile updated" };
+			const parsed = updateProfileSchema.safeParse(request.body);
-  });
+			if (!parsed.success) {
 				return reply.status(400).send({
 					error: parsed.error.errors[0]?.message ?? "Invalid input",
 					code: "VALIDATION_ERROR",
 				});
 			}
-  // ---------------------------------------------------------------------------
+			const { currentPassword, newPassword } = parsed.data;
-  // POST /auth/avatar - Upload user avatar
+			const [user] = await db.select().from(users).where(eq(users.id, authUser.id));
  // ---------------------------------------------------------------------------
  app.post("/auth/avatar", { preHandler: requireAuth }, async (request, reply) => {
    const authUser = request.user as unknown as AuthUser | null;
    if (!authUser) {
      return reply.status(401).send({ error: "Not authenticated" });
    }
-    const data = await request.file();
+			if (!user) {
-    if (!data) {
+				return reply.status(404).send({ error: "User not found" });
-      return reply.status(400).send({ error: "No file uploaded" });
+			}
    }
-    // Validate file type
+			const updates: Partial<typeof users.$inferInsert> = {
-    const allowedTypes = ["image/jpeg", "image/png", "image/webp", "image/gif"];
+				updatedAt: new Date(),
-    if (!allowedTypes.includes(data.mimetype)) {
+			};
      return reply.status(400).send({ error: "Invalid file type. Allowed: JPEG, PNG, WebP, GIF" });
    }
-    // Generate unique filename
+			// Update password if provided
-    const ext = data.filename.split(".").pop() || "jpg";
+			if (newPassword) {
-    const filename = `avatar_${authUser.id}_${Date.now()}.${ext}`;
+				if (!currentPassword) {
-    
+					return reply.status(400).send({ error: "Current password required", code: "CURRENT_PASSWORD_REQUIRED" });
-    // Save file
+				}
    const fs = await import("fs/promises");
    const path = await import("path");
    const imagesDir = path.join(process.cwd(), "data", "images");
    await fs.mkdir(imagesDir, { recursive: true });
    const buffer = await data.toBuffer();
    await fs.writeFile(path.join(imagesDir, filename), buffer);
-    // Delete old avatar if exists
+				if (!user.passwordHash) {
-    const [user] = await db.select().from(users).where(eq(users.id, authUser.id));
+					return reply.status(400).send({ error: "Cannot change password for SSO account", code: "SSO_ACCOUNT" });
-    if (user?.avatarUrl) {
+				}
      try {
        await fs.unlink(path.join(imagesDir, user.avatarUrl));
      } catch {
        // Ignore if file doesn't exist
      }
    }
-    // Update user
+				const valid = await argon2.verify(user.passwordHash, currentPassword, ARGON2_OPTIONS);
-    await db.update(users).set({ avatarUrl: filename, updatedAt: new Date() }).where(eq(users.id, authUser.id));
+				if (!valid) {
 					return reply.status(401).send({ error: "Current password is incorrect", code: "INVALID_PASSWORD" });
 				}
-    return { ok: true, avatarUrl: filename };
+				updates.passwordHash = await argon2.hash(newPassword, ARGON2_OPTIONS);
-  });
+			}
-  // ---------------------------------------------------------------------------
+			await db.update(users).set(updates).where(eq(users.id, user.id));
  // DELETE /auth/avatar - Delete user avatar
  // ---------------------------------------------------------------------------
  app.delete("/auth/avatar", { preHandler: requireAuth }, async (request, reply) => {
    const authUser = request.user as unknown as AuthUser | null;
    if (!authUser) {
      return reply.status(401).send({ error: "Not authenticated" });
    }
-    const [user] = await db.select().from(users).where(eq(users.id, authUser.id));
+			return { ok: true, message: "Profile updated" };
-    if (!user?.avatarUrl) {
+		}
-      return reply.status(404).send({ error: "No avatar to delete" });
+	);
    }
-    // Delete file
+	// ---------------------------------------------------------------------------
-    const fs = await import("fs/promises");
+	// POST /auth/avatar - Upload user avatar
-    const path = await import("path");
+	// ---------------------------------------------------------------------------
-    try {
+	app.post(
-      await fs.unlink(path.join(process.cwd(), "data", "images", user.avatarUrl));
+		"/auth/avatar",
-    } catch {
+		{
-      // Ignore if file doesn't exist
+			preHandler: requireAuth,
-    }
+			config: { rateLimit: authRateLimitConfig },
 		},
 		async (request, reply) => {
 			const authUser = request.user as unknown as AuthUser | null;
 			if (!authUser) {
 				return reply.status(401).send({ error: "Not authenticated" });
 			}
-    // Update user
+			const data = await request.file();
-    await db.update(users).set({ avatarUrl: null, updatedAt: new Date() }).where(eq(users.id, authUser.id));
+			if (!data) {
 				return reply.status(400).send({ error: "No file uploaded" });
 			}
-    return { ok: true };
+			// Validate file type
-  });
+			const allowedTypes = ["image/jpeg", "image/png", "image/webp", "image/gif"];
 			if (!allowedTypes.includes(data.mimetype)) {
 				return reply.status(400).send({ error: "Invalid file type. Allowed: JPEG, PNG, WebP, GIF" });
 			}
 			// Generate unique filename
 			const ext = data.filename.split(".").pop() || "jpg";
 			const filename = `avatar_${authUser.id}_${Date.now()}.${ext}`;
 			// Save file
 			const fs = await import("node:fs/promises");
 			const path = await import("node:path");
 			const imagesDir = path.join(process.cwd(), "data", "images");
 			await fs.mkdir(imagesDir, { recursive: true });
 			const buffer = await data.toBuffer();
 			await fs.writeFile(path.join(imagesDir, filename), buffer);
 			// Delete old avatar if exists
 			const [user] = await db.select().from(users).where(eq(users.id, authUser.id));
 			if (user?.avatarUrl) {
 				try {
 					await fs.unlink(path.join(imagesDir, user.avatarUrl));
 				} catch {
 					// Ignore if file doesn't exist
 				}
 			}
 			// Update user
 			await db.update(users).set({ avatarUrl: filename, updatedAt: new Date() }).where(eq(users.id, authUser.id));
 			return { ok: true, avatarUrl: filename };
 		}
 	);
 	// ---------------------------------------------------------------------------
 	// DELETE /auth/avatar - Delete user avatar
 	// ---------------------------------------------------------------------------
 	app.delete(
 		"/auth/avatar",
 		{
 			preHandler: requireAuth,
 			config: { rateLimit: authRateLimitConfig },
 		},
 		async (request, reply) => {
 			const authUser = request.user as unknown as AuthUser | null;
 			if (!authUser) {
 				return reply.status(401).send({ error: "Not authenticated" });
 			}
 			const [user] = await db.select().from(users).where(eq(users.id, authUser.id));
 			if (!user?.avatarUrl) {
 				return reply.status(404).send({ error: "No avatar to delete" });
 			}
 			// Delete file
 			const fs = await import("node:fs/promises");
 			const path = await import("node:path");
 			try {
 				await fs.unlink(path.join(process.cwd(), "data", "images", user.avatarUrl));
 			} catch {
 				// Ignore if file doesn't exist
 			}
 			// Update user
 			await db.update(users).set({ avatarUrl: null, updatedAt: new Date() }).where(eq(users.id, authUser.id));
 			return { ok: true };
 		}
 	);
 	// ---------------------------------------------------------------------------
 	// DELETE /auth/me - Delete user account and all data
 	// ---------------------------------------------------------------------------
 	app.delete(
 		"/auth/me",
 		{
 			preHandler: requireAuth,
 			config: { rateLimit: sensitiveRateLimitConfig },
 		},
 		async (request, reply) => {
 			const authUser = request.user as unknown as AuthUser | null;
 			if (!authUser) {
 				return reply.status(401).send({ error: "Not authenticated" });
 			}
 			// Delete avatar file if exists
 			const [user] = await db.select().from(users).where(eq(users.id, authUser.id));
 			if (user?.avatarUrl) {
 				const fs = await import("node:fs/promises");
 				const path = await import("node:path");
 				try {
 					await fs.unlink(path.join(process.cwd(), "data", "images", user.avatarUrl));
 				} catch {
 					// Ignore if file doesn't exist
 				}
 			}
 			// Delete user - cascade delete handles all related data
 			await db.delete(users).where(eq(users.id, authUser.id));
 			app.log.info(`User deleted account: ${authUser.username} (ID: ${authUser.id})`);
 			// Clear auth cookies
 			return reply
 				.clearCookie("access_token", app.config.cookieOptions)
 				.clearCookie("refresh_token", app.config.refreshCookieOptions)
 				.send({ ok: true, message: "Account deleted" });
 		}
 	);
 }
@@ -1,9 +1,9 @@
-import { FastifyInstance } from "fastify";
+import { and, eq } from "drizzle-orm";
 import type { FastifyInstance, FastifyReply, FastifyRequest } from "fastify";
 import { z } from "zod";
 import { db } from "../db/client.js";
 import { doseTracking, shareTokens } from "../db/schema.js";
-import { eq, and } from "drizzle-orm";
+import { getAnonymousUserId, requireAuth } from "../plugins/auth.js";
 import { requireAuth, getAnonymousUserId } from "../plugins/auth.js";
 import { env } from "../plugins/env.js";
 import type { AuthUser } from "../types/fastify.js";
@@ -11,221 +11,296 @@ import type { AuthUser } from "../types/fastify.js";
 // Validation Schemas
 // =============================================================================
 const markDoseSchema = z.object({
-  doseId: z.string().min(1, "doseId is required"),
+	doseId: z.string().min(1, "doseId is required"),
 });
 const shareDoseSchema = z.object({
-  doseId: z.string().min(1, "doseId is required"),
+	doseId: z.string().min(1, "doseId is required"),
 });
 const dismissDosesSchema = z.object({
 	doseIds: z.array(z.string().min(1)).min(1, "At least one doseId is required"),
 });
 // Helper to get user ID from request
 // Returns anonymous user ID when auth is disabled
-async function getUserId(request: any, reply: any): Promise<number> {
+async function getUserId(request: FastifyRequest, reply: FastifyReply): Promise<number> {
-  // If auth is disabled, use the anonymous user
+	// If auth is disabled, use the anonymous user
-  if (!env.AUTH_ENABLED) {
+	if (!env.AUTH_ENABLED) {
-    return getAnonymousUserId();
+		return getAnonymousUserId();
-  }
+	}
-  
+
-  const authUser = request.user as unknown as AuthUser | null;
+	const authUser = request.user as unknown as AuthUser | null;
-  if (!authUser) {
+	if (!authUser) {
-    reply.status(401).send({ error: "Not authenticated" });
+		reply.status(401).send({ error: "Not authenticated" });
-    throw new Error("AUTH_REQUIRED");
+		throw new Error("AUTH_REQUIRED");
-  }
+	}
-  return authUser.id;
+	return authUser.id;
 }
 // =============================================================================
 // Dose Tracking Routes
 // =============================================================================
 export async function doseRoutes(app: FastifyInstance) {
-  // ---------------------------------------------------------------------------
+	// ---------------------------------------------------------------------------
-  // GET /doses/taken - PROTECTED: Get all taken doses for the user
+	// GET /doses/taken - PROTECTED: Get all taken doses for the user
-  // ---------------------------------------------------------------------------
+	// ---------------------------------------------------------------------------
-  app.get(
+	app.get("/doses/taken", { preHandler: requireAuth }, async (request, reply) => {
-    "/doses/taken",
+		const userId = await getUserId(request, reply);
    { preHandler: requireAuth },
    async (request, reply) => {
      const userId = await getUserId(request, reply);
-      // Get all taken doses for this user (no time limit)
+		// Get all taken doses for this user (no time limit)
-      const doses = await db.select()
+		const doses = await db.select().from(doseTracking).where(eq(doseTracking.userId, userId));
        .from(doseTracking)
        .where(eq(doseTracking.userId, userId));
-      return {
+		return {
-        doses: doses.map((d) => ({
+			doses: doses.map((d) => ({
-          doseId: d.doseId,
+				doseId: d.doseId,
-          takenAt: d.takenAt?.getTime() ?? Date.now(),
+				takenAt: d.takenAt?.getTime() ?? Date.now(),
-          markedBy: d.markedBy,
+				markedBy: d.markedBy,
-        })),
+				dismissed: d.dismissed ?? false,
-      };
+			})),
-    }
+		};
-  );
+	});
-  // ---------------------------------------------------------------------------
+	// ---------------------------------------------------------------------------
-  // POST /doses/taken - PROTECTED: Mark a dose as taken
+	// POST /doses/taken - PROTECTED: Mark a dose as taken
-  // ---------------------------------------------------------------------------
+	// ---------------------------------------------------------------------------
-  app.post<{ Body: z.infer<typeof markDoseSchema> }>(
+	app.post<{ Body: z.infer<typeof markDoseSchema> }>(
-    "/doses/taken",
+		"/doses/taken",
-    { preHandler: requireAuth },
+		{ preHandler: requireAuth },
-    async (request, reply) => {
+		async (request, reply) => {
-      const userId = await getUserId(request, reply);
+			const userId = await getUserId(request, reply);
-      const parsed = markDoseSchema.safeParse(request.body);
+			const parsed = markDoseSchema.safeParse(request.body);
-      if (!parsed.success) {
+			if (!parsed.success) {
-        return reply.status(400).send({
+				return reply.status(400).send({
-          error: parsed.error.errors[0]?.message ?? "Invalid input",
+					error: parsed.error.errors[0]?.message ?? "Invalid input",
-        });
+				});
-      }
+			}
-      const { doseId } = parsed.data;
+			const { doseId } = parsed.data;
-      // Check if already marked
+			// Check if already marked
-      const [existing] = await db.select()
+			const [existing] = await db
-        .from(doseTracking)
+				.select()
-        .where(
+				.from(doseTracking)
-          and(
+				.where(and(eq(doseTracking.userId, userId), eq(doseTracking.doseId, doseId)));
            eq(doseTracking.userId, userId),
            eq(doseTracking.doseId, doseId)
          )
        );
-      if (existing) {
+			if (existing) {
-        return { success: true, message: "Already marked" };
+				return { success: true, message: "Already marked" };
-      }
+			}
-      // Insert new record
+			// Insert new record
-      await db.insert(doseTracking).values({
+			await db.insert(doseTracking).values({
-        userId,
+				userId,
-        doseId,
+				doseId,
-        markedBy: null, // Marked by the user themselves
+				markedBy: null, // Marked by the user themselves
-      });
+			});
-      return { success: true };
+			return { success: true };
-    }
+		}
-  );
+	);
-  // ---------------------------------------------------------------------------
+	// ---------------------------------------------------------------------------
-  // DELETE /doses/taken/:doseId - PROTECTED: Unmark a dose
+	// DELETE /doses/taken/:doseId - PROTECTED: Unmark a dose
-  // ---------------------------------------------------------------------------
+	// ---------------------------------------------------------------------------
-  app.delete<{ Params: { doseId: string } }>(
+	app.delete<{ Params: { doseId: string } }>(
-    "/doses/taken/:doseId",
+		"/doses/taken/:doseId",
-    { preHandler: requireAuth },
+		{ preHandler: requireAuth },
-    async (request, reply) => {
+		async (request, reply) => {
-      const userId = await getUserId(request, reply);
+			const userId = await getUserId(request, reply);
-      const { doseId } = request.params;
+			const { doseId } = request.params;
-      await db.delete(doseTracking).where(
+			// Check if this dose was dismissed
-        and(
+			const [existing] = await db
-          eq(doseTracking.userId, userId),
+				.select()
-          eq(doseTracking.doseId, doseId)
+				.from(doseTracking)
-        )
+				.where(and(eq(doseTracking.userId, userId), eq(doseTracking.doseId, doseId)));
      );
-      return { success: true };
+			if (existing?.dismissed) {
-    }
+				// Already dismissed - keep the record as-is
-  );
+				// The dose stays dismissed, we just acknowledge the undo request
 			} else {
 				// Not dismissed - delete the record entirely
 				await db.delete(doseTracking).where(and(eq(doseTracking.userId, userId), eq(doseTracking.doseId, doseId)));
 			}
-  // ---------------------------------------------------------------------------
+			return { success: true };
-  // GET /share/:token/doses - PUBLIC: Get taken doses for a share link
+		}
-  // ---------------------------------------------------------------------------
+	);
  app.get<{ Params: { token: string } }>(
    "/share/:token/doses",
    async (request, reply) => {
      const { token } = request.params;
-      // Find share token
+	// ---------------------------------------------------------------------------
-      const [share] = await db.select().from(shareTokens).where(eq(shareTokens.token, token));
+	// POST /doses/dismiss - PROTECTED: Dismiss missed doses without deducting stock
-      if (!share) {
+	// ---------------------------------------------------------------------------
-        return reply.notFound("Share link not found");
+	app.post<{ Body: z.infer<typeof dismissDosesSchema> }>(
-      }
+		"/doses/dismiss",
 		{ preHandler: requireAuth },
 		async (request, reply) => {
 			const userId = await getUserId(request, reply);
-      // Get all taken doses for this user (no time limit)
+			const parsed = dismissDosesSchema.safeParse(request.body);
-      const doses = await db.select()
+			if (!parsed.success) {
-        .from(doseTracking)
+				return reply.status(400).send({
-        .where(eq(doseTracking.userId, share.userId));
+					error: parsed.error.errors[0]?.message ?? "Invalid input",
 				});
 			}
-      return {
+			const { doseIds } = parsed.data;
        doses: doses.map((d) => ({
          doseId: d.doseId,
          takenAt: d.takenAt?.getTime() ?? Date.now(),
          markedBy: d.markedBy,
        })),
      };
    }
  );
-  // ---------------------------------------------------------------------------
+			// Insert dismissed records for each dose that doesn't exist yet
-  // POST /share/:token/doses - PUBLIC: Mark a dose as taken via share link
+			let dismissedCount = 0;
-  // ---------------------------------------------------------------------------
+			for (const doseId of doseIds) {
-  app.post<{ Params: { token: string }; Body: z.infer<typeof shareDoseSchema> }>(
+				// Check if already exists (taken or dismissed)
-    "/share/:token/doses",
+				const [existing] = await db
-    async (request, reply) => {
+					.select()
-      const { token } = request.params;
+					.from(doseTracking)
 					.where(and(eq(doseTracking.userId, userId), eq(doseTracking.doseId, doseId)));
-      const parsed = shareDoseSchema.safeParse(request.body);
+				if (existing) {
-      if (!parsed.success) {
+					// Already exists - update to dismissed if not already
-        return reply.status(400).send({
+					if (!existing.dismissed) {
-          error: parsed.error.errors[0]?.message ?? "Invalid input",
+						await db
-        });
+							.update(doseTracking)
-      }
+							.set({ dismissed: true })
 							.where(and(eq(doseTracking.userId, userId), eq(doseTracking.doseId, doseId)));
 						dismissedCount++;
 					}
 				} else {
 					// Create new dismissed record
 					await db.insert(doseTracking).values({
 						userId,
 						doseId,
 						markedBy: null,
 						dismissed: true,
 					});
 					dismissedCount++;
 				}
 			}
-      const { doseId } = parsed.data;
+			return { success: true, dismissedCount };
 		}
 	);
-      // Find share token
+	// ---------------------------------------------------------------------------
-      const [share] = await db.select().from(shareTokens).where(eq(shareTokens.token, token));
+	// DELETE /doses/dismiss - PROTECTED: Clear all dismissed doses (un-dismiss)
-      if (!share) {
+	// ---------------------------------------------------------------------------
-        return reply.notFound("Share link not found");
+	app.delete("/doses/dismiss", { preHandler: requireAuth }, async (request, reply) => {
-      }
+		const userId = await getUserId(request, reply);
-      // Check if already marked
+		// Delete all dismissed-only records (not taken ones)
-      const [existing] = await db.select()
+		// For taken+dismissed, just remove the dismissed flag
-        .from(doseTracking)
+		const dismissed = await db
-        .where(
+			.select()
-          and(
+			.from(doseTracking)
-            eq(doseTracking.userId, share.userId),
+			.where(and(eq(doseTracking.userId, userId), eq(doseTracking.dismissed, true)));
            eq(doseTracking.doseId, doseId)
          )
        );
-      if (existing) {
+		for (const d of dismissed) {
-        return { success: true, message: "Already marked" };
+			if (d.markedBy !== null || d.takenAt) {
-      }
+				// This was also marked as taken - just remove dismissed flag
 				await db.update(doseTracking).set({ dismissed: false }).where(eq(doseTracking.id, d.id));
 			} else {
 				// This was only dismissed - delete it
 				await db.delete(doseTracking).where(eq(doseTracking.id, d.id));
 			}
 		}
-      // Insert new record - marked by the takenBy person
+		return { success: true, clearedCount: dismissed.length };
-      await db.insert(doseTracking).values({
+	});
        userId: share.userId,
        doseId,
        markedBy: share.takenBy, // e.g. "Daniel"
      });
-      return { success: true };
+	// ---------------------------------------------------------------------------
-    }
+	// GET /share/:token/doses - PUBLIC: Get taken doses for a share link
-  );
+	// ---------------------------------------------------------------------------
 	app.get<{ Params: { token: string } }>("/share/:token/doses", async (request, reply) => {
 		const { token } = request.params;
-  // ---------------------------------------------------------------------------
+		// Find share token
-  // DELETE /share/:token/doses/:doseId - PUBLIC: Unmark a dose via share link
+		const [share] = await db.select().from(shareTokens).where(eq(shareTokens.token, token));
-  // ---------------------------------------------------------------------------
+		if (!share) {
-  app.delete<{ Params: { token: string; doseId: string } }>(
+			return reply.notFound("Share link not found");
-    "/share/:token/doses/:doseId",
+		}
    async (request, reply) => {
      const { token, doseId } = request.params;
-      // Find share token
+		// Get all taken doses for this user (no time limit)
-      const [share] = await db.select().from(shareTokens).where(eq(shareTokens.token, token));
+		const doses = await db.select().from(doseTracking).where(eq(doseTracking.userId, share.userId));
      if (!share) {
        return reply.notFound("Share link not found");
      }
-      await db.delete(doseTracking).where(
+		return {
-        and(
+			doses: doses.map((d) => ({
-          eq(doseTracking.userId, share.userId),
+				doseId: d.doseId,
-          eq(doseTracking.doseId, doseId)
+				takenAt: d.takenAt?.getTime() ?? Date.now(),
-        )
+				markedBy: d.markedBy,
-      );
+				dismissed: d.dismissed ?? false,
 			})),
 		};
 	});
-      return { success: true };
+	// ---------------------------------------------------------------------------
-    }
+	// POST /share/:token/doses - PUBLIC: Mark a dose as taken via share link
-  );
+	// ---------------------------------------------------------------------------
 	app.post<{ Params: { token: string }; Body: z.infer<typeof shareDoseSchema> }>(
 		"/share/:token/doses",
 		async (request, reply) => {
 			const { token } = request.params;
 			const parsed = shareDoseSchema.safeParse(request.body);
 			if (!parsed.success) {
 				return reply.status(400).send({
 					error: parsed.error.errors[0]?.message ?? "Invalid input",
 				});
 			}
 			const { doseId } = parsed.data;
 			// Find share token
 			const [share] = await db.select().from(shareTokens).where(eq(shareTokens.token, token));
 			if (!share) {
 				return reply.notFound("Share link not found");
 			}
 			// Check if already marked
 			const [existing] = await db
 				.select()
 				.from(doseTracking)
 				.where(and(eq(doseTracking.userId, share.userId), eq(doseTracking.doseId, doseId)));
 			if (existing) {
 				return { success: true, message: "Already marked" };
 			}
 			// Insert new record - marked by the takenBy person
 			await db.insert(doseTracking).values({
 				userId: share.userId,
 				doseId,
 				markedBy: share.takenBy, // e.g. "Daniel"
 			});
 			return { success: true };
 		}
 	);
 	// ---------------------------------------------------------------------------
 	// DELETE /share/:token/doses/:doseId - PUBLIC: Unmark a dose via share link
 	// ---------------------------------------------------------------------------
 	app.delete<{ Params: { token: string; doseId: string } }>("/share/:token/doses/:doseId", async (request, reply) => {
 		const { token, doseId } = request.params;
 		// Find share token
 		const [share] = await db.select().from(shareTokens).where(eq(shareTokens.token, token));
 		if (!share) {
 			return reply.notFound("Share link not found");
 		}
 		// Check if this dose was dismissed
 		const [existing] = await db
 			.select()
 			.from(doseTracking)
 			.where(and(eq(doseTracking.userId, share.userId), eq(doseTracking.doseId, doseId)));
 		if (existing?.dismissed) {
 			// Already dismissed - keep the record as-is
 		} else {
 			// Not dismissed - delete the record entirely
 			await db.delete(doseTracking).where(and(eq(doseTracking.userId, share.userId), eq(doseTracking.doseId, doseId)));
 		}
 		return { success: true };
 	});
 }
@@ -0,0 +1,593 @@
 import { randomBytes } from "node:crypto";
 import { existsSync, mkdirSync, readFileSync, unlinkSync, writeFileSync } from "node:fs";
 import { extname, resolve } from "node:path";
 import { eq } from "drizzle-orm";
 import type { FastifyInstance } from "fastify";
 import { z } from "zod";
 import { db } from "../db/client.js";
 import { doseTracking, medications, shareTokens, userSettings } from "../db/schema.js";
 import { getAnonymousUserId, requireAuth } from "../plugins/auth.js";
 import { env } from "../plugins/env.js";
 import type { AuthUser } from "../types/fastify.js";
 import { parseIntakesJson, parseTakenByJson } from "../utils/scheduler-utils.js";
 const IMAGES_DIR = resolve(process.cwd(), "data/images");
 // =============================================================================
 // Export Format Version (bump this when format changes)
 // =============================================================================
 const EXPORT_VERSION = "1.0";
 // =============================================================================
 // Zod Schemas for Import Validation
 // =============================================================================
 const scheduleSchema = z.object({
 	usage: z.number().nonnegative(),
 	every: z.number().int().min(1),
 	start: z.string(), // ISO datetime string
 	remind: z.boolean().optional().default(false),
 	takenBy: z.string().nullable().optional(), // Per-intake takenBy (new field)
 });
 const inventorySchema = z.object({
 	packCount: z.number().int().min(0).default(1),
 	blistersPerPack: z.number().int().min(1).default(1),
 	pillsPerBlister: z.number().int().min(1).default(1),
 	looseTablets: z.number().int().min(0).default(0),
 	stockAdjustment: z.number().int().default(0), // Manual stock correction
 });
 const medicationExportSchema = z.object({
 	_exportId: z.string(),
 	name: z.string().min(1),
 	genericName: z.string().nullable().optional(),
 	takenBy: z.array(z.string()).default([]),
 	inventory: inventorySchema,
 	pillWeightMg: z.number().int().nullable().optional(),
 	doseUnit: z.enum(["mg", "g", "mcg", "ml", "IU", "units", "drops", "puffs"]).default("mg"),
 	schedules: z.array(scheduleSchema).default([]),
 	expiryDate: z.string().nullable().optional(),
 	notes: z.string().nullable().optional(),
 	intakeRemindersEnabled: z.boolean().default(false),
 	image: z.string().nullable().optional(), // base64 data URL or null
 	lastStockCorrectionAt: z.string().nullable().optional(), // ISO datetime of last stock correction
 });
 const doseHistorySchema = z.object({
 	medicationRef: z.string(), // References _exportId
 	scheduleIndex: z.number().int().min(0),
 	scheduledTime: z.string(), // ISO datetime
 	takenAt: z.string(), // ISO datetime
 	markedBy: z.string().nullable().optional(),
 	dismissed: z.boolean().default(false),
 	takenByPerson: z.string().nullable().optional(), // Person suffix from dose ID (e.g., "Daniel")
 });
 const shareLinkSchema = z.object({
 	takenBy: z.string().min(1),
 	scheduleDays: z.number().int().min(1).default(30),
 	expiresAt: z.string().nullable().optional(), // ISO datetime
 	regenerateToken: z.boolean().default(true),
 });
 const settingsExportSchema = z
 	.object({
 		// Email notifications
 		emailEnabled: z.boolean().default(false),
 		notificationEmail: z.string().nullable().optional(),
 		emailStockReminders: z.boolean().default(true),
 		emailIntakeReminders: z.boolean().default(true),
 		// Push notifications
 		shoutrrrEnabled: z.boolean().optional(),
 		shoutrrrUrl: z.string().nullable().optional(),
 		shoutrrrStockReminders: z.boolean().default(true),
 		shoutrrrIntakeReminders: z.boolean().default(true),
 		// Reminder settings
 		reminderDaysBefore: z.number().int().default(7),
 		repeatDailyReminders: z.boolean().default(false),
 		skipRemindersForTakenDoses: z.boolean().default(false),
 		repeatRemindersEnabled: z.boolean().default(false),
 		reminderRepeatIntervalMinutes: z.number().int().default(30),
 		maxNaggingReminders: z.number().int().default(5),
 		// Stock thresholds
 		lowStockDays: z.number().int().default(30),
 		normalStockDays: z.number().int().default(90),
 		highStockDays: z.number().int().default(180),
 		// UI preferences
 		language: z.string().default("en"),
 		stockCalculationMode: z.enum(["automatic", "manual"]).default("automatic"),
 	})
 	.optional();
 const importDataSchema = z.object({
 	version: z.string(),
 	exportedAt: z.string(),
 	includeSensitiveData: z.boolean().default(false),
 	medications: z.array(medicationExportSchema).default([]),
 	doseHistory: z.array(doseHistorySchema).default([]),
 	settings: settingsExportSchema,
 	shareLinks: z.array(shareLinkSchema).default([]),
 });
 // =============================================================================
 // Helper Functions
 // =============================================================================
 // Helper to get user ID from request
 async function getUserId(request: any, reply: any): Promise<number> {
 	if (!env.AUTH_ENABLED) {
 		return getAnonymousUserId();
 	}
 	const authUser = request.user as unknown as AuthUser | null;
 	if (!authUser) {
 		reply.status(401).send({ error: "Not authenticated" });
 		throw new Error("AUTH_REQUIRED");
 	}
 	return authUser.id;
 }
 // Parse intakes from DB format to export format (with per-intake takenBy)
 function parseIntakesForExport(
 	row: typeof medications.$inferSelect
 ): Array<{ usage: number; every: number; start: string; remind: boolean; takenBy: string | null }> {
 	// Use the new parseIntakesJson which falls back to legacy format
 	const intakes = parseIntakesJson(
 		row.intakesJson,
 		{ usageJson: row.usageJson, everyJson: row.everyJson, startJson: row.startJson },
 		row.intakeRemindersEnabled ?? false
 	);
 	return intakes.map((intake) => ({
 		usage: intake.usage,
 		every: intake.every,
 		start: intake.start,
 		remind: intake.intakeRemindersEnabled,
 		takenBy: intake.takenBy, // Per-intake takenBy
 	}));
 }
 // Read image file and convert to base64 data URL
 function imageToBase64(imageUrl: string | null): string | null {
 	if (!imageUrl) return null;
 	const imagePath = resolve(IMAGES_DIR, imageUrl);
 	if (!existsSync(imagePath)) return null;
 	try {
 		const imageBuffer = readFileSync(imagePath);
 		const ext = extname(imageUrl).toLowerCase();
 		const mimeTypes: Record<string, string> = {
 			".jpg": "image/jpeg",
 			".jpeg": "image/jpeg",
 			".png": "image/png",
 			".webp": "image/webp",
 			".gif": "image/gif",
 		};
 		const mimeType = mimeTypes[ext] || "image/jpeg";
 		return `data:${mimeType};base64,${imageBuffer.toString("base64")}`;
 	} catch {
 		return null;
 	}
 }
 // Save base64 image to file and return filename
 function base64ToImage(base64: string, medicationId: number): string | null {
 	if (!base64 || !base64.startsWith("data:")) return null;
 	try {
 		// Parse data URL: "data:image/jpeg;base64,/9j/4AAQ..."
 		const matches = base64.match(/^data:image\/(\w+);base64,(.+)$/);
 		if (!matches) return null;
 		const ext = matches[1] === "jpeg" ? "jpg" : matches[1];
 		const data = matches[2];
 		const buffer = Buffer.from(data, "base64");
 		const filename = `med-${medicationId}-${Date.now()}.${ext}`;
 		const filepath = resolve(IMAGES_DIR, filename);
 		// Ensure images directory exists
 		if (!existsSync(IMAGES_DIR)) {
 			mkdirSync(IMAGES_DIR, { recursive: true });
 		}
 		writeFileSync(filepath, buffer);
 		return filename;
 	} catch {
 		return null;
 	}
 }
 // Parse dose ID to extract medication ID and timestamp
 // Format: "{medicationId}-{blisterIndex}-{timestampMs}" or "{medicationId}-{blisterIndex}-{timestampMs}-{person}"
 function parseDoseId(
 	doseId: string
 ): { medicationId: number; blisterIndex: number; timestampMs: number; person: string | null } | null {
 	const parts = doseId.split("-");
 	if (parts.length < 3) return null;
 	const medicationId = parseInt(parts[0], 10);
 	const blisterIndex = parseInt(parts[1], 10);
 	const timestampMs = parseInt(parts[2], 10);
 	if (Number.isNaN(medicationId) || Number.isNaN(blisterIndex) || Number.isNaN(timestampMs)) return null;
 	// Check if there's a person suffix (4th part onwards, could be multi-part name)
 	const person = parts.length > 3 ? parts.slice(3).join("-") : null;
 	return { medicationId, blisterIndex, timestampMs, person };
 }
 // Build dose ID from parts (with optional person suffix)
 function buildDoseId(medicationId: number, blisterIndex: number, timestampMs: number, person?: string | null): string {
 	const base = `${medicationId}-${blisterIndex}-${timestampMs}`;
 	return person ? `${base}-${person}` : base;
 }
 // =============================================================================
 // Export Routes
 // =============================================================================
 export async function exportRoutes(app: FastifyInstance) {
 	// All export routes require auth
 	app.addHook("preHandler", requireAuth);
 	// ---------------------------------------------------------------------------
 	// GET /export - Export all user data
 	// ---------------------------------------------------------------------------
 	app.get<{ Querystring: { includeSensitive?: string; includeImages?: string } }>("/export", async (request, reply) => {
 		const userId = await getUserId(request, reply);
 		const includeSensitive = request.query.includeSensitive === "true";
 		const includeImages = request.query.includeImages !== "false"; // Default to true
 		// 1. Load all medications
 		const meds = await db.select().from(medications).where(eq(medications.userId, userId)).orderBy(medications.id);
 		// Build medication ID to export ID mapping
 		const medIdToExportId = new Map<number, string>();
 		const exportMedications = meds.map((med, index) => {
 			const exportId = `med-${index + 1}`;
 			medIdToExportId.set(med.id, exportId);
 			// Safely convert lastStockCorrectionAt to ISO string
 			let lastStockCorrectionAtIso: string | null = null;
 			if (med.lastStockCorrectionAt) {
 				try {
 					if (med.lastStockCorrectionAt instanceof Date && !Number.isNaN(med.lastStockCorrectionAt.getTime())) {
 						lastStockCorrectionAtIso = med.lastStockCorrectionAt.toISOString();
 					} else if (typeof med.lastStockCorrectionAt === "number" || typeof med.lastStockCorrectionAt === "string") {
 						const d = new Date(med.lastStockCorrectionAt);
 						lastStockCorrectionAtIso = !Number.isNaN(d.getTime()) ? d.toISOString() : null;
 					}
 				} catch {
 					lastStockCorrectionAtIso = null;
 				}
 			}
 			return {
 				_exportId: exportId,
 				name: med.name,
 				genericName: med.genericName,
 				takenBy: parseTakenByJson(med.takenByJson),
 				inventory: {
 					packCount: med.packCount ?? 1,
 					blistersPerPack: med.blistersPerPack ?? 1,
 					pillsPerBlister: med.pillsPerBlister ?? 1,
 					looseTablets: med.looseTablets ?? 0,
 					stockAdjustment: med.stockAdjustment ?? 0,
 				},
 				pillWeightMg: med.pillWeightMg,
 				doseUnit: med.doseUnit ?? "mg",
 				schedules: parseIntakesForExport(med),
 				expiryDate: med.expiryDate,
 				notes: med.notes,
 				intakeRemindersEnabled: med.intakeRemindersEnabled ?? false,
 				image: includeImages ? imageToBase64(med.imageUrl) : null,
 				lastStockCorrectionAt: lastStockCorrectionAtIso,
 			};
 		});
 		// 2. Load all dose tracking entries
 		const doses = await db.select().from(doseTracking).where(eq(doseTracking.userId, userId));
 		const exportDoseHistory = doses
 			.map((dose) => {
 				const parsed = parseDoseId(dose.doseId);
 				if (!parsed) return null;
 				const exportId = medIdToExportId.get(parsed.medicationId);
 				if (!exportId) return null; // Orphaned dose, skip
 				// Safely convert takenAt to ISO string
 				let takenAtIso: string;
 				try {
 					if (dose.takenAt instanceof Date && !Number.isNaN(dose.takenAt.getTime())) {
 						takenAtIso = dose.takenAt.toISOString();
 					} else if (typeof dose.takenAt === "number" || typeof dose.takenAt === "string") {
 						const d = new Date(dose.takenAt);
 						takenAtIso = !Number.isNaN(d.getTime()) ? d.toISOString() : new Date().toISOString();
 					} else {
 						takenAtIso = new Date().toISOString();
 					}
 				} catch {
 					takenAtIso = new Date().toISOString();
 				}
 				// Safely convert scheduled time
 				let scheduledTimeIso: string;
 				try {
 					const d = new Date(parsed.timestampMs);
 					scheduledTimeIso = !Number.isNaN(d.getTime()) ? d.toISOString() : new Date().toISOString();
 				} catch {
 					scheduledTimeIso = new Date().toISOString();
 				}
 				return {
 					medicationRef: exportId,
 					scheduleIndex: parsed.blisterIndex,
 					scheduledTime: scheduledTimeIso,
 					takenAt: takenAtIso,
 					markedBy: dose.markedBy,
 					dismissed: dose.dismissed ?? false,
 					takenByPerson: parsed.person,
 				};
 			})
 			.filter((d): d is NonNullable<typeof d> => d !== null);
 		// 3. Load user settings
 		const [settings] = await db.select().from(userSettings).where(eq(userSettings.userId, userId));
 		const exportSettings = settings
 			? {
 					emailEnabled: settings.emailEnabled,
 					notificationEmail: settings.notificationEmail,
 					emailStockReminders: settings.emailStockReminders,
 					emailIntakeReminders: settings.emailIntakeReminders,
 					// Only include sensitive data if requested
 					shoutrrrEnabled: includeSensitive ? settings.shoutrrrEnabled : undefined,
 					shoutrrrUrl: includeSensitive ? settings.shoutrrrUrl : undefined,
 					shoutrrrStockReminders: settings.shoutrrrStockReminders,
 					shoutrrrIntakeReminders: settings.shoutrrrIntakeReminders,
 					reminderDaysBefore: settings.reminderDaysBefore,
 					repeatDailyReminders: settings.repeatDailyReminders,
 					skipRemindersForTakenDoses: settings.skipRemindersForTakenDoses,
 					repeatRemindersEnabled: settings.repeatRemindersEnabled,
 					reminderRepeatIntervalMinutes: settings.reminderRepeatIntervalMinutes,
 					maxNaggingReminders: settings.maxNaggingReminders,
 					lowStockDays: settings.lowStockDays,
 					normalStockDays: settings.normalStockDays,
 					highStockDays: settings.highStockDays,
 					language: settings.language,
 					stockCalculationMode: settings.stockCalculationMode,
 				}
 			: undefined;
 		// 4. Load share links
 		const shares = await db.select().from(shareTokens).where(eq(shareTokens.userId, userId));
 		const exportShareLinks = shares.map((share) => {
 			// Safely convert expiresAt to ISO string
 			let expiresAtIso: string | null = null;
 			if (share.expiresAt) {
 				try {
 					if (share.expiresAt instanceof Date && !Number.isNaN(share.expiresAt.getTime())) {
 						expiresAtIso = share.expiresAt.toISOString();
 					} else if (typeof share.expiresAt === "number" || typeof share.expiresAt === "string") {
 						const d = new Date(share.expiresAt);
 						expiresAtIso = !Number.isNaN(d.getTime()) ? d.toISOString() : null;
 					}
 				} catch {
 					expiresAtIso = null;
 				}
 			}
 			return {
 				takenBy: share.takenBy,
 				scheduleDays: share.scheduleDays,
 				expiresAt: expiresAtIso,
 				regenerateToken: true, // Always regenerate tokens on import for security
 			};
 		});
 		// Build export object
 		const exportData = {
 			version: EXPORT_VERSION,
 			exportedAt: new Date().toISOString(),
 			includeSensitiveData: includeSensitive,
 			medications: exportMedications,
 			doseHistory: exportDoseHistory,
 			settings: exportSettings,
 			shareLinks: exportShareLinks,
 		};
 		// Set download headers
 		const filename = `medassist-export-${new Date().toISOString().split("T")[0]}.json`;
 		reply.header("Content-Type", "application/json");
 		reply.header("Content-Disposition", `attachment; filename="${filename}"`);
 		return exportData;
 	});
 	// ---------------------------------------------------------------------------
 	// POST /import - Import user data (replaces all existing data!)
 	// ---------------------------------------------------------------------------
 	app.post(
 		"/import",
 		{
 			config: {
 				// Increase body limit to 50MB to handle exports with base64 images
 				rawBody: true,
 			},
 			bodyLimit: 50 * 1024 * 1024, // 50 MB
 		},
 		async (request, reply) => {
 			const userId = await getUserId(request, reply);
 			// 1. Parse and validate import data
 			const parsed = importDataSchema.safeParse(request.body);
 			if (!parsed.success) {
 				return reply.status(400).send({
 					error: "Invalid import data format",
 					details: parsed.error.format(),
 				});
 			}
 			const importData = parsed.data;
 			// 2. Delete all existing user data (in correct order to respect foreign keys)
 			// Note: CASCADE delete should handle this, but let's be explicit
 			// First, delete images for existing medications
 			const existingMeds = await db.select().from(medications).where(eq(medications.userId, userId));
 			for (const med of existingMeds) {
 				if (med.imageUrl) {
 					const imagePath = resolve(IMAGES_DIR, med.imageUrl);
 					if (existsSync(imagePath)) {
 						try {
 							unlinkSync(imagePath);
 						} catch {
 							/* ignore */
 						}
 					}
 				}
 			}
 			// Delete in order: doses, share tokens, medications, settings
 			await db.delete(doseTracking).where(eq(doseTracking.userId, userId));
 			await db.delete(shareTokens).where(eq(shareTokens.userId, userId));
 			await db.delete(medications).where(eq(medications.userId, userId));
 			await db.delete(userSettings).where(eq(userSettings.userId, userId));
 			// 3. Import medications and build ID mapping
 			const exportIdToNewId = new Map<string, number>();
 			for (const med of importData.medications) {
 				// Convert schedules to both legacy and new formats
 				const usageJson = JSON.stringify(med.schedules.map((s) => s.usage));
 				const everyJson = JSON.stringify(med.schedules.map((s) => s.every));
 				const startJson = JSON.stringify(med.schedules.map((s) => s.start));
 				const takenByJson = JSON.stringify(med.takenBy);
 				// Build intakesJson array (new unified format with per-intake takenBy)
 				const intakesJson = JSON.stringify(
 					med.schedules.map((s) => ({
 						usage: s.usage,
 						every: s.every,
 						start: s.start,
 						takenBy: s.takenBy || null,
 						intakeRemindersEnabled: s.remind ?? false,
 					}))
 				);
 				// Check if any schedule has remind enabled
 				const intakeRemindersEnabled = med.schedules.some((s) => s.remind) || med.intakeRemindersEnabled;
 				const [inserted] = await db
 					.insert(medications)
 					.values({
 						userId,
 						name: med.name,
 						genericName: med.genericName || null,
 						takenByJson,
 						packCount: med.inventory.packCount,
 						blistersPerPack: med.inventory.blistersPerPack,
 						pillsPerBlister: med.inventory.pillsPerBlister,
 						looseTablets: med.inventory.looseTablets,
 						stockAdjustment: med.inventory.stockAdjustment ?? 0,
 						lastStockCorrectionAt: med.lastStockCorrectionAt ? new Date(med.lastStockCorrectionAt) : null,
 						pillWeightMg: med.pillWeightMg || null,
 						doseUnit: med.doseUnit ?? "mg",
 						intakesJson,
 						usageJson,
 						everyJson,
 						startJson,
 						expiryDate: med.expiryDate || null,
 						notes: med.notes || null,
 						intakeRemindersEnabled,
 						imageUrl: null, // Will be set after image is saved
 					})
 					.returning();
 				// Save mapping
 				exportIdToNewId.set(med._exportId, inserted.id);
 				// Save image if present
 				if (med.image) {
 					const imageUrl = base64ToImage(med.image, inserted.id);
 					if (imageUrl) {
 						await db.update(medications).set({ imageUrl }).where(eq(medications.id, inserted.id));
 					}
 				}
 			}
 			// 4. Import dose history with remapped medication IDs
 			for (const dose of importData.doseHistory) {
 				const newMedId = exportIdToNewId.get(dose.medicationRef);
 				if (!newMedId) continue; // Skip orphaned doses
 				// Convert ISO timestamp back to milliseconds for dose ID
 				const timestampMs = new Date(dose.scheduledTime).getTime();
 				// Rebuild dose ID with optional person suffix
 				const doseId = buildDoseId(newMedId, dose.scheduleIndex, timestampMs, dose.takenByPerson);
 				await db.insert(doseTracking).values({
 					userId,
 					doseId,
 					takenAt: new Date(dose.takenAt),
 					markedBy: dose.markedBy || null,
 					dismissed: dose.dismissed ?? false,
 				});
 			}
 			// 5. Import settings
 			if (importData.settings) {
 				await db.insert(userSettings).values({
 					userId,
 					emailEnabled: importData.settings.emailEnabled ?? false,
 					notificationEmail: importData.settings.notificationEmail || null,
 					emailStockReminders: importData.settings.emailStockReminders ?? true,
 					emailIntakeReminders: importData.settings.emailIntakeReminders ?? true,
 					shoutrrrEnabled: importData.settings.shoutrrrEnabled ?? false,
 					shoutrrrUrl: importData.settings.shoutrrrUrl || null,
 					shoutrrrStockReminders: importData.settings.shoutrrrStockReminders ?? true,
 					shoutrrrIntakeReminders: importData.settings.shoutrrrIntakeReminders ?? true,
 					reminderDaysBefore: importData.settings.reminderDaysBefore ?? 7,
 					repeatDailyReminders: importData.settings.repeatDailyReminders ?? false,
 					skipRemindersForTakenDoses: importData.settings.skipRemindersForTakenDoses ?? false,
 					repeatRemindersEnabled: importData.settings.repeatRemindersEnabled ?? false,
 					reminderRepeatIntervalMinutes: importData.settings.reminderRepeatIntervalMinutes ?? 30,
 					maxNaggingReminders: importData.settings.maxNaggingReminders ?? 5,
 					lowStockDays: importData.settings.lowStockDays ?? 30,
 					normalStockDays: importData.settings.normalStockDays ?? 90,
 					highStockDays: importData.settings.highStockDays ?? 180,
 					language: importData.settings.language ?? "en",
 					stockCalculationMode: importData.settings.stockCalculationMode ?? "automatic",
 				});
 			}
 			// 6. Import share links (with new tokens)
 			for (const share of importData.shareLinks) {
 				// Always generate new token for security
 				const token = randomBytes(8).toString("hex");
 				await db.insert(shareTokens).values({
 					userId,
 					token,
 					takenBy: share.takenBy,
 					scheduleDays: share.scheduleDays,
 					expiresAt: share.expiresAt ? new Date(share.expiresAt) : null,
 				});
 			}
 			return {
 				success: true,
 				imported: {
 					medications: importData.medications.length,
 					doseHistory: importData.doseHistory.length,
 					settings: importData.settings ? 1 : 0,
 					shareLinks: importData.shareLinks.length,
 				},
 			};
 		}
 	);
 }
@@ -1,5 +1,20 @@
-import { FastifyInstance } from "fastify";
+import { readFileSync } from "node:fs";
 import { dirname, resolve } from "node:path";
 import { fileURLToPath } from "node:url";
 import type { FastifyInstance } from "fastify";
 // Read version from package.json at startup
 const __dirname = dirname(fileURLToPath(import.meta.url));
 const packageJsonPath = resolve(__dirname, "../../package.json");
 const packageJson = JSON.parse(readFileSync(packageJsonPath, "utf-8"));
 const backendVersion = packageJson.version || "unknown";
 export async function healthRoutes(app: FastifyInstance) {
-  app.get("/health", async () => ({ status: "ok" }));
+	// Exempt from rate limit - lightweight health check
 	app.get("/health", { config: { rateLimit: false } }, async () => ({
 		status: "ok",
 		version: backendVersion,
 		smtpConfigured: Boolean(process.env.SMTP_HOST),
 		shoutrrrConfigured: Boolean(process.env.SHOUTRRR_URL),
 	}));
 }
@@ -1,9 +1,9 @@
-import { FastifyInstance, FastifyReply, FastifyRequest } from "fastify";
+import { createHash, randomBytes } from "node:crypto";
 import { eq } from "drizzle-orm";
 import type { FastifyInstance, FastifyReply } from "fastify";
 import * as client from "openid-client";
 import { randomBytes, createHash } from "crypto";
 import { db } from "../db/client.js";
-import { users, refreshTokens } from "../db/schema.js";
+import { refreshTokens, users } from "../db/schema.js";
 import { eq, sql } from "drizzle-orm";
 import { env } from "../plugins/env.js";
 // =============================================================================
@@ -12,299 +12,290 @@ import { env } from "../plugins/env.js";
 let oidcConfig: client.Configuration | null = null;
 async function getOIDCConfig(): Promise<client.Configuration> {
-  if (oidcConfig) return oidcConfig;
+	if (oidcConfig) return oidcConfig;
  if (!env.OIDC_ISSUER_URL || !env.OIDC_CLIENT_ID || !env.OIDC_CLIENT_SECRET) {
    throw new Error("OIDC not configured");
  }
-  oidcConfig = await client.discovery(
+	if (!env.OIDC_ISSUER_URL || !env.OIDC_CLIENT_ID || !env.OIDC_CLIENT_SECRET) {
-    new URL(env.OIDC_ISSUER_URL),
+		throw new Error("OIDC not configured");
-    env.OIDC_CLIENT_ID,
+	}
-    env.OIDC_CLIENT_SECRET
+
-  );
+	oidcConfig = await client.discovery(new URL(env.OIDC_ISSUER_URL), env.OIDC_CLIENT_ID, env.OIDC_CLIENT_SECRET);
-  
+
-  return oidcConfig;
+	return oidcConfig;
 }
 // =============================================================================
 // PKCE Helpers
 // =============================================================================
 function generateCodeVerifier(): string {
-  return randomBytes(32).toString("base64url");
+	return randomBytes(32).toString("base64url");
 }
 function generateCodeChallenge(verifier: string): string {
-  return createHash("sha256").update(verifier).digest("base64url");
+	return createHash("sha256").update(verifier).digest("base64url");
 }
 function generateState(): string {
-  return randomBytes(16).toString("hex");
+	return randomBytes(16).toString("hex");
 }
 // =============================================================================
 // Helpers
 // =============================================================================
 function getFrontendUrl(): string {
-  return env.CORS_ORIGINS.split(",")[0] || "http://localhost:5173";
+	return env.CORS_ORIGINS.split(",")[0] || "http://localhost:5173";
 }
 // =============================================================================
 // OIDC Routes
 // =============================================================================
 export async function oidcRoutes(app: FastifyInstance) {
-  if (!env.OIDC_ENABLED) {
+	if (!env.OIDC_ENABLED) {
-    // Register a disabled route that returns an error
+		// Register a disabled route that returns an error
-    app.get("/auth/oidc/login", async (request, reply) => {
+		app.get("/auth/oidc/login", async (_request, reply) => {
-      return reply.status(400).send({ error: "OIDC authentication is not enabled" });
+			return reply.status(400).send({ error: "OIDC authentication is not enabled" });
-    });
+		});
-    app.get("/auth/oidc/callback", async (request, reply) => {
+		app.get("/auth/oidc/callback", async (_request, reply) => {
-      return reply.status(400).send({ error: "OIDC authentication is not enabled" });
+			return reply.status(400).send({ error: "OIDC authentication is not enabled" });
-    });
+		});
-    return;
+		return;
-  }
+	}
-  // ---------------------------------------------------------------------------
+	// ---------------------------------------------------------------------------
-  // GET /auth/oidc/login - Initiates OIDC flow
+	// GET /auth/oidc/login - Initiates OIDC flow
-  // ---------------------------------------------------------------------------
+	// ---------------------------------------------------------------------------
-  app.get("/auth/oidc/login", async (request, reply) => {
+	app.get("/auth/oidc/login", async (_request, reply) => {
-    try {
+		try {
-      const config = await getOIDCConfig();
+			const config = await getOIDCConfig();
      // Generate PKCE values
      const codeVerifier = generateCodeVerifier();
      const codeChallenge = generateCodeChallenge(codeVerifier);
      const state = generateState();
      // Store PKCE verifier and state in signed cookies (short-lived)
      reply.setCookie("oidc_code_verifier", codeVerifier, {
        httpOnly: true,
        secure: env.NODE_ENV === "production",
        sameSite: "lax",
        path: "/",
        maxAge: 600, // 10 minutes
        signed: true,
      });
      reply.setCookie("oidc_state", state, {
        httpOnly: true,
        secure: env.NODE_ENV === "production",
        sameSite: "lax",
        path: "/",
        maxAge: 600,
        signed: true,
      });
      // Build authorization URL
      const redirectUri = env.OIDC_REDIRECT_URI!;
      const scope = env.OIDC_SCOPES;
      const authUrl = client.buildAuthorizationUrl(config, {
        redirect_uri: redirectUri,
        scope,
        state,
        code_challenge: codeChallenge,
        code_challenge_method: "S256",
      });
      return reply.redirect(authUrl.href);
    } catch (err: any) {
      console.error("[OIDC] Login error:", err);
      return reply.redirect(`${getFrontendUrl()}/?error=oidc_init_failed`);
    }
  });
-  // ---------------------------------------------------------------------------
+			// Generate PKCE values
-  // GET /auth/oidc/callback - Handles callback from OIDC provider
+			const codeVerifier = generateCodeVerifier();
-  // ---------------------------------------------------------------------------
+			const codeChallenge = generateCodeChallenge(codeVerifier);
-  app.get<{ Querystring: { code?: string; state?: string; error?: string; error_description?: string } }>(
+			const state = generateState();
-    "/auth/oidc/callback",
+
-    async (request, reply) => {
+			// Store PKCE verifier and state in signed cookies (short-lived)
-      const { code, state, error, error_description } = request.query;
+			reply.setCookie("oidc_code_verifier", codeVerifier, {
-      
+				httpOnly: true,
-      // Handle OIDC provider errors
+				secure: env.NODE_ENV === "production",
-      if (error) {
+				sameSite: "lax",
-        console.error(`[OIDC] Provider error: ${error} - ${error_description}`);
+				path: "/",
-        return reply.redirect(`${getFrontendUrl()}/?error=oidc_${error}`);
+				maxAge: 600, // 10 minutes
-      }
+				signed: true,
-      
+			});
-      if (!code || !state) {
+
-        return reply.redirect(`${getFrontendUrl()}/?error=oidc_missing_params`);
+			reply.setCookie("oidc_state", state, {
-      }
+				httpOnly: true,
-      
+				secure: env.NODE_ENV === "production",
-      // Verify state
+				sameSite: "lax",
-      const storedState = request.unsignCookie(request.cookies.oidc_state || "");
+				path: "/",
-      if (!storedState.valid || storedState.value !== state) {
+				maxAge: 600,
-        console.error("[OIDC] State mismatch");
+				signed: true,
-        return reply.redirect(`${getFrontendUrl()}/?error=oidc_state_mismatch`);
+			});
-      }
+
-      
+			// Build authorization URL
-      // Get code verifier
+			const redirectUri = env.OIDC_REDIRECT_URI!;
-      const storedVerifier = request.unsignCookie(request.cookies.oidc_code_verifier || "");
+			const scope = env.OIDC_SCOPES;
-      if (!storedVerifier.valid || !storedVerifier.value) {
+
-        console.error("[OIDC] Missing code verifier");
+			const authUrl = client.buildAuthorizationUrl(config, {
-        return reply.redirect(`${getFrontendUrl()}/?error=oidc_missing_verifier`);
+				redirect_uri: redirectUri,
-      }
+				scope,
-      
+				state,
-      try {
+				code_challenge: codeChallenge,
-        const config = await getOIDCConfig();
+				code_challenge_method: "S256",
-        const redirectUri = env.OIDC_REDIRECT_URI!;
+			});
-        
+
-        // Exchange code for tokens
+			return reply.redirect(authUrl.href);
-        const tokens = await client.authorizationCodeGrant(config, new URL(request.url, `http://${request.headers.host}`), {
+		} catch (err: any) {
-          pkceCodeVerifier: storedVerifier.value,
+			console.error("[OIDC] Login error:", err);
-          expectedState: state,
+			return reply.redirect(`${getFrontendUrl()}/?error=oidc_init_failed`);
-        });
+		}
-        
+	});
-        // Get user info
+
-        const sub = tokens.claims()?.sub;
+	// ---------------------------------------------------------------------------
-        if (!sub) {
+	// GET /auth/oidc/callback - Handles callback from OIDC provider
-          console.error("[OIDC] Missing sub claim in token");
+	// ---------------------------------------------------------------------------
-          return reply.redirect(`${getFrontendUrl()}/?error=oidc_missing_sub`);
+	app.get<{ Querystring: { code?: string; state?: string; error?: string; error_description?: string } }>(
-        }
+		"/auth/oidc/callback",
-        const userInfo = await client.fetchUserInfo(config, tokens.access_token, sub);
+		async (request, reply) => {
-        
+			const { code, state, error, error_description } = request.query;
-        // Extract username from configured claim
+
-        const usernameClaim = env.OIDC_USERNAME_CLAIM;
+			// Handle OIDC provider errors
-        let username = (userInfo as any)[usernameClaim] || userInfo.preferred_username || userInfo.email || userInfo.sub;
+			if (error) {
-        const oidcSubject = userInfo.sub;
+				console.error(`[OIDC] Provider error: ${error} - ${error_description}`);
-        
+				return reply.redirect(`${getFrontendUrl()}/?error=oidc_${error}`);
-        if (!username || !oidcSubject) {
+			}
-          console.error("[OIDC] Missing required user info:", { username, oidcSubject });
+
-          return reply.redirect(`${getFrontendUrl()}/?error=oidc_missing_user_info`);
+			if (!code || !state) {
-        }
+				return reply.redirect(`${getFrontendUrl()}/?error=oidc_missing_params`);
-        
+			}
-        // Clean cookies
+
-        reply.clearCookie("oidc_code_verifier", { path: "/" });
+			// Verify state
-        reply.clearCookie("oidc_state", { path: "/" });
+			const storedState = request.unsignCookie(request.cookies.oidc_state || "");
-        
+			if (!storedState.valid || storedState.value !== state) {
-        // Find or create user
+				console.error("[OIDC] State mismatch");
-        let user = await findOrCreateOIDCUser(username, oidcSubject, reply);
+				return reply.redirect(`${getFrontendUrl()}/?error=oidc_state_mismatch`);
-        
+			}
-        if (!user) {
+
-          return reply.redirect(`${getFrontendUrl()}/?error=oidc_user_creation_failed`);
+			// Get code verifier
-        }
+			const storedVerifier = request.unsignCookie(request.cookies.oidc_code_verifier || "");
-        
+			if (!storedVerifier.valid || !storedVerifier.value) {
-        // Update last login
+				console.error("[OIDC] Missing code verifier");
-        await db.update(users)
+				return reply.redirect(`${getFrontendUrl()}/?error=oidc_missing_verifier`);
-          .set({ lastLoginAt: new Date() })
+			}
-          .where(eq(users.id, user.id));
+
-        
+			try {
-        // Issue JWT tokens (same as local auth)
+				const config = await getOIDCConfig();
-        const accessToken = await generateAccessToken(app, user.id, user.username);
+				const _redirectUri = env.OIDC_REDIRECT_URI!;
-        const { refreshToken, tokenId, expiresAt } = await generateRefreshToken(app, user.id);
+
-        
+				// Exchange code for tokens
-        // Store refresh token
+				const tokens = await client.authorizationCodeGrant(
-        await db.insert(refreshTokens).values({
+					config,
-          userId: user.id,
+					new URL(request.url, `http://${request.headers.host}`),
-          tokenId,
+					{
-          expiresAt,
+						pkceCodeVerifier: storedVerifier.value,
-        });
+						expectedState: state,
-        
+					}
-        // Set cookies (use app's centralized cookie options)
+				);
-        console.log(`[OIDC] Setting cookies for user ${user.username}, NODE_ENV=${env.NODE_ENV}, secure=${app.config.cookieOptions.secure}`);
+
-        setAuthCookies(app, reply, accessToken, refreshToken);
+				// Get user info
-        
+				const sub = tokens.claims()?.sub;
-        // Redirect to frontend dashboard
+				if (!sub) {
-        // In dev: CORS_ORIGINS contains the frontend URL
+					console.error("[OIDC] Missing sub claim in token");
-        const frontendUrl = env.CORS_ORIGINS.split(",")[0] || "http://localhost:5173";
+					return reply.redirect(`${getFrontendUrl()}/?error=oidc_missing_sub`);
-        return reply.redirect(`${frontendUrl}/dashboard`);
+				}
-        
+				const userInfo = await client.fetchUserInfo(config, tokens.access_token, sub);
-      } catch (err: any) {
+
-        console.error("[OIDC] Callback error:", err);
+				// Extract username from configured claim
-        return reply.redirect(`${getFrontendUrl()}/?error=oidc_callback_failed`);
+				const usernameClaim = env.OIDC_USERNAME_CLAIM;
-      }
+				const username =
-    }
+					(userInfo as any)[usernameClaim] || userInfo.preferred_username || userInfo.email || userInfo.sub;
-  );
+				const oidcSubject = userInfo.sub;
 				if (!username || !oidcSubject) {
 					console.error("[OIDC] Missing required user info:", { username, oidcSubject });
 					return reply.redirect(`${getFrontendUrl()}/?error=oidc_missing_user_info`);
 				}
 				// Clean cookies
 				reply.clearCookie("oidc_code_verifier", { path: "/" });
 				reply.clearCookie("oidc_state", { path: "/" });
 				// Find or create user
 				const user = await findOrCreateOIDCUser(username, oidcSubject, reply);
 				if (!user) {
 					return reply.redirect(`${getFrontendUrl()}/?error=oidc_user_creation_failed`);
 				}
 				// Update last login
 				await db.update(users).set({ lastLoginAt: new Date() }).where(eq(users.id, user.id));
 				// Issue JWT tokens (same as local auth)
 				const accessToken = await generateAccessToken(app, user.id, user.username);
 				const { refreshToken, tokenId, expiresAt } = await generateRefreshToken(app, user.id);
 				// Store refresh token
 				await db.insert(refreshTokens).values({
 					userId: user.id,
 					tokenId,
 					expiresAt,
 				});
 				// Set cookies (use app's centralized cookie options)
 				console.log(
 					`[OIDC] Setting cookies for user ${user.username}, NODE_ENV=${env.NODE_ENV}, secure=${app.config.cookieOptions.secure}`
 				);
 				setAuthCookies(app, reply, accessToken, refreshToken);
 				// Redirect to frontend dashboard
 				// In dev: CORS_ORIGINS contains the frontend URL
 				const frontendUrl = env.CORS_ORIGINS.split(",")[0] || "http://localhost:5173";
 				return reply.redirect(`${frontendUrl}/dashboard`);
 			} catch (err: any) {
 				console.error("[OIDC] Callback error:", err);
 				return reply.redirect(`${getFrontendUrl()}/?error=oidc_callback_failed`);
 			}
 		}
 	);
 }
 // =============================================================================
 // User Management
 // =============================================================================
 async function findOrCreateOIDCUser(
-  username: string, 
+	username: string,
-  oidcSubject: string,
+	oidcSubject: string,
-  reply: FastifyReply
+	_reply: FastifyReply
 ): Promise<{ id: number; username: string } | null> {
-  
+	// First, try to find user by OIDC subject (most reliable)
-  // First, try to find user by OIDC subject (most reliable)
+	const [existingBySubject] = await db.select().from(users).where(eq(users.oidcSubject, oidcSubject));
-  const [existingBySubject] = await db.select()
+
-    .from(users)
+	if (existingBySubject) {
-    .where(eq(users.oidcSubject, oidcSubject));
+		return { id: existingBySubject.id, username: existingBySubject.username };
-  
+	}
-  if (existingBySubject) {
+
-    return { id: existingBySubject.id, username: existingBySubject.username };
+	// Check if username already exists (potential collision)
-  }
+	const [existingByUsername] = await db.select().from(users).where(eq(users.username, username));
-  
+
-  // Check if username already exists (potential collision)
+	if (existingByUsername) {
-  const [existingByUsername] = await db.select()
+		// Username collision! Check if it's a local user without OIDC linked
-    .from(users)
+		if (existingByUsername.authProvider === "local" && !existingByUsername.oidcSubject) {
-    .where(eq(users.username, username));
+			// Local user exists without SSO - link this OIDC account to existing user
-  
+			await db.update(users).set({ oidcSubject: oidcSubject }).where(eq(users.id, existingByUsername.id));
-  if (existingByUsername) {
+			console.log(`[OIDC] Linked OIDC to existing local user: ${username}`);
-    // Username collision! Check if it's a local user without OIDC linked
+			return { id: existingByUsername.id, username: existingByUsername.username };
-    if (existingByUsername.authProvider === "local" && !existingByUsername.oidcSubject) {
+		} else if (existingByUsername.oidcSubject && existingByUsername.oidcSubject !== oidcSubject) {
-      // Local user exists without SSO - link this OIDC account to existing user
+			// User already has a DIFFERENT OIDC subject - create new user with suffix
-      await db.update(users)
+			username = `${username}_sso`;
-        .set({ oidcSubject: oidcSubject })
+			console.log(`[OIDC] Username collision (different OIDC subject), using: ${username}`);
-        .where(eq(users.id, existingByUsername.id));
+		}
-      console.log(`[OIDC] Linked OIDC to existing local user: ${username}`);
+	}
-      return { id: existingByUsername.id, username: existingByUsername.username };
+
-    } else if (existingByUsername.oidcSubject && existingByUsername.oidcSubject !== oidcSubject) {
+	// Check if auto-create is enabled
-      // User already has a DIFFERENT OIDC subject - create new user with suffix
+	if (!env.OIDC_AUTO_CREATE_USERS) {
-      username = `${username}_sso`;
+		console.error(`[OIDC] User creation disabled and user not found: ${username}`);
-      console.log(`[OIDC] Username collision (different OIDC subject), using: ${username}`);
+		return null;
-    }
+	}
-  }
+
-  
+	// Create new OIDC user
-  // Check if auto-create is enabled
+	const [newUser] = await db
-  if (!env.OIDC_AUTO_CREATE_USERS) {
+		.insert(users)
-    console.error(`[OIDC] User creation disabled and user not found: ${username}`);
+		.values({
-    return null;
+			username,
-  }
+			passwordHash: null,
-  
+			authProvider: "oidc",
-  // Create new OIDC user
+			oidcSubject: oidcSubject,
-  const [newUser] = await db.insert(users)
+			isActive: true,
-    .values({
+		})
-      username,
+		.returning({ id: users.id, username: users.username });
-      passwordHash: null,
+
-      authProvider: "oidc",
+	console.log(`[OIDC] Created new user: ${newUser.username} (ID: ${newUser.id})`);
-      oidcSubject: oidcSubject,
+	return newUser;
      isActive: true,
    })
    .returning({ id: users.id, username: users.username });
  console.log(`[OIDC] Created new user: ${newUser.username} (ID: ${newUser.id})`);
  return newUser;
 }
 // =============================================================================
 // JWT Token Generation (reused from auth.ts logic)
 // =============================================================================
 async function generateAccessToken(app: FastifyInstance, userId: number, username: string): Promise<string> {
-  return app.jwt.sign(
+	return app.jwt.sign({ sub: userId, username }, { expiresIn: `${env.ACCESS_TOKEN_TTL_MINUTES}m` });
    { sub: userId, username },
    { expiresIn: `${env.ACCESS_TOKEN_TTL_MINUTES}m` }
  );
 }
 async function generateRefreshToken(
-  app: FastifyInstance, 
+	app: FastifyInstance,
-  userId: number
+	userId: number
 ): Promise<{ refreshToken: string; tokenId: string; expiresAt: Date }> {
-  const tokenId = randomBytes(32).toString("hex");
+	const tokenId = randomBytes(32).toString("hex");
-  const expiresAt = new Date(Date.now() + env.REFRESH_TOKEN_TTL_DAYS * 24 * 60 * 60 * 1000);
+	const expiresAt = new Date(Date.now() + env.REFRESH_TOKEN_TTL_DAYS * 24 * 60 * 60 * 1000);
-  
+
-  const refreshToken = app.jwt.sign(
+	const refreshToken = app.jwt.sign(
-    { sub: userId, jti: tokenId, type: "refresh" },
+		{ sub: userId, jti: tokenId, type: "refresh" },
-    { expiresIn: `${env.REFRESH_TOKEN_TTL_DAYS}d` }
+		{ expiresIn: `${env.REFRESH_TOKEN_TTL_DAYS}d` }
-  );
+	);
-  
+
-  return { refreshToken, tokenId, expiresAt };
+	return { refreshToken, tokenId, expiresAt };
 }
 function setAuthCookies(app: FastifyInstance, reply: FastifyReply, accessToken: string, refreshToken: string) {
-  // Use the same cookie options as regular auth for consistency
+	// Use the same cookie options as regular auth for consistency
-  reply.setCookie("access_token", accessToken, app.config.cookieOptions);
+	reply.setCookie("access_token", accessToken, app.config.cookieOptions);
-  reply.setCookie("refresh_token", refreshToken, app.config.refreshCookieOptions);
+	reply.setCookie("refresh_token", refreshToken, app.config.refreshCookieOptions);
 }
@@ -1,140 +1,163 @@
-import { FastifyInstance } from "fastify";
+import type { FastifyInstance, FastifyRequest } from "fastify";
 import nodemailer from "nodemailer";
-import { updateReminderSentTime, updateUserReminderSentTime } from "../services/reminder-scheduler.js";
+import { getDateLocale, getTranslations, type Language, t } from "../i18n/translations.js";
-import { loadUserSettings, sendShoutrrrNotification } from "./settings.js";
+import { getAnonymousUserId, requireAuth } from "../plugins/auth.js";
 import { getDateLocale, getTranslations, t, type Language } from "../i18n/translations.js";
 import type { AuthUser } from "../types/fastify.js";
 import { requireAuth, getAnonymousUserId } from "../plugins/auth.js";
 import { env } from "../plugins/env.js";
 import { updateReminderSentTime, updateUserReminderSentTime } from "../services/reminder-scheduler.js";
 import type { AuthUser } from "../types/fastify.js";
 import { loadUserSettings, sendShoutrrrNotification } from "./settings.js";
 // Escape HTML to prevent XSS in email templates
 function escapeHtml(text: string): string {
 	const htmlEscapes: Record<string, string> = {
 		"&": "&amp;",
 		"<": "&lt;",
 		">": "&gt;",
 		'"': "&quot;",
 		"'": "&#39;",
 	};
 	return text.replace(/[&<>"']/g, (char) => htmlEscapes[char] || char);
 }
 type PlannerRow = {
-  medicationId: number;
+	medicationId: number;
-  medicationName: string;
+	medicationName: string;
-  totalPills: number;
+	totalPills: number;
-  plannerUsage: number;
+	plannerUsage: number;
-  stripSize: number;
+	blisterSize: number;
-  stripsNeeded: number;
+	blistersNeeded: number;
-  stripsAvailable: number;
+	fullBlisters: number;
-  enough: boolean;
+	loosePills: number;
 	enough: boolean;
 };
 type SendEmailBody = {
-  email: string;
+	email: string;
-  from: string;
+	from: string;
-  until: string;
+	until: string;
-  rows: PlannerRow[];
+	rows: PlannerRow[];
-  language?: Language; // Optional: passed from frontend for unauthenticated requests
+	language?: Language; // Optional: passed from frontend for unauthenticated requests
 };
 type LowStockItem = {
-  name: string;
+	name: string;
-  medsLeft: number;
+	medsLeft: number;
-  daysLeft: number | null;
+	daysLeft: number | null;
-  depletionDate: string | null;
+	depletionDate: string | null;
 };
 type ReminderEmailBody = {
-  email: string;
+	email: string;
-  lowStock: LowStockItem[];
+	lowStock: LowStockItem[];
-  language?: Language; // Optional: passed from frontend for unauthenticated requests
+	language?: Language; // Optional: passed from frontend for unauthenticated requests
 };
 export async function plannerRoutes(app: FastifyInstance) {
-  // Add auth hook for all planner routes
+	// Add auth hook for all planner routes
-  app.addHook("preHandler", requireAuth);
+	app.addHook("preHandler", requireAuth);
-  // Helper to get user ID from request
+	// Helper to get user ID from request
-  async function getUserId(request: any): Promise<number> {
+	async function getUserId(request: FastifyRequest): Promise<number> {
-    if (!env.AUTH_ENABLED) {
+		if (!env.AUTH_ENABLED) {
-      return getAnonymousUserId();
+			return getAnonymousUserId();
-    }
+		}
-    const authUser = request.user as AuthUser | null;
+		const authUser = request.user as unknown as AuthUser | null;
-    if (!authUser?.id) {
+		if (!authUser?.id) {
-      throw new Error("User not authenticated");
+			throw new Error("User not authenticated");
-    }
+		}
-    return authUser.id;
+		return authUser.id;
-  }
+	}
-  app.post<{ Body: SendEmailBody }>("/planner/send-email", async (request, reply) => {
+	app.post<{ Body: SendEmailBody }>("/planner/send-email", async (request, reply) => {
-    const { email, from, until, rows, language: bodyLanguage } = request.body;
+		const { email, from, until, rows, language: bodyLanguage } = request.body;
-    if (!email || !rows || rows.length === 0) {
+		if (!email || !rows || rows.length === 0) {
-      return reply.status(400).send({ error: "Missing email or planner data" });
+			return reply.status(400).send({ error: "Missing email or planner data" });
-    }
+		}
-    const smtpHost = process.env.SMTP_HOST;
+		const smtpHost = process.env.SMTP_HOST;
-    const smtpUser = process.env.SMTP_USER;
+		const smtpUser = process.env.SMTP_USER;
-    const smtpPass = process.env.SMTP_TOKEN || process.env.SMTP_PASS; // Token takes precedence
+		const smtpPass = process.env.SMTP_TOKEN || process.env.SMTP_PASS; // Token takes precedence
-    const smtpPort = parseInt(process.env.SMTP_PORT ?? "587");
+		const smtpPort = parseInt(process.env.SMTP_PORT ?? "587", 10);
-    const smtpSecure = process.env.SMTP_SECURE === "true";
+		const smtpSecure = process.env.SMTP_SECURE === "true";
-    const smtpFrom = process.env.SMTP_FROM ?? smtpUser;
+		const smtpFrom = process.env.SMTP_FROM ?? smtpUser;
-    if (!smtpHost || !smtpUser) {
+		if (!smtpHost || !smtpUser) {
-      return reply.status(400).send({ error: "SMTP not configured" });
+			return reply.status(400).send({ error: "SMTP not configured" });
-    }
+		}
-    // Get locale from user settings or use the language passed in the body
+		// Get locale from user settings or use the language passed in the body
-    let language: Language = bodyLanguage || "en";
+		let language: Language = bodyLanguage || "en";
-    const authUser = request.user as unknown as AuthUser | null;
+		const authUser = request.user as unknown as AuthUser | null;
-    if (authUser?.id) {
+		if (authUser?.id) {
-      const userSettings = await loadUserSettings(authUser.id);
+			const userSettings = await loadUserSettings(authUser.id);
-      language = userSettings.language;
+			language = userSettings.language;
-    }
+		}
-    const locale = getDateLocale(language);
+		const locale = getDateLocale(language);
-    // Format dates for display
+		// Format dates for display - escape to prevent XSS even though toLocaleDateString should be safe
-    const fromDate = new Date(from).toLocaleDateString(locale, {
+		const fromDate = escapeHtml(
-      year: "numeric",
+			new Date(from).toLocaleDateString(locale, {
-      month: "long",
+				year: "numeric",
-      day: "numeric",
+				month: "long",
-    });
+				day: "numeric",
-    const untilDate = new Date(until).toLocaleDateString(locale, {
+			})
-      year: "numeric",
+		);
-      month: "long",
+		const untilDate = escapeHtml(
-      day: "numeric",
+			new Date(until).toLocaleDateString(locale, {
-    });
+				year: "numeric",
 				month: "long",
 				day: "numeric",
 			})
 		);
-    // Build HTML table with horizontal scroll for mobile
+		// Build HTML table with horizontal scroll for mobile
-    const tableRows = rows
+		// Escape/coerce all user-provided values to prevent XSS
-      .map(
+		const tableRows = rows
-        (row) => `
+			.map((row) => {
 				const safeName = escapeHtml(row.medicationName);
 				const safeTotalPills = Number(row.totalPills) || 0;
 				const safePlannerUsage = Number(row.plannerUsage) || 0;
 				const safeBlistersNeeded = Number(row.blistersNeeded) || 0;
 				const safeBlisterSize = Number(row.blisterSize) || 0;
 				const safeFullBlisters = Number(row.fullBlisters) || 0;
 				const safeLoosePills = Number(row.loosePills) || 0;
 				return `
        <tr>
-          <td style="padding: 10px 12px; border-bottom: 1px solid #e5e7eb; white-space: nowrap;">${row.medicationName}</td>
+          <td style="padding: 10px 12px; border-bottom: 1px solid #e5e7eb; white-space: nowrap;">${safeName}</td>
-          <td style="padding: 10px 12px; border-bottom: 1px solid #e5e7eb; text-align: center; white-space: nowrap;"><strong>${row.totalPills}</strong></td>
+          <td style="padding: 10px 12px; border-bottom: 1px solid #e5e7eb; text-align: center; white-space: nowrap;"><strong>${safeTotalPills}</strong></td>
-          <td style="padding: 10px 12px; border-bottom: 1px solid #e5e7eb; text-align: center; white-space: nowrap;"><strong>${row.plannerUsage}</strong></td>
+          <td style="padding: 10px 12px; border-bottom: 1px solid #e5e7eb; text-align: center; white-space: nowrap;"><strong>${safePlannerUsage}</strong></td>
-          <td style="padding: 10px 12px; border-bottom: 1px solid #e5e7eb; text-align: center; white-space: nowrap;">${row.stripsNeeded} × ${row.stripSize}</td>
+          <td style="padding: 10px 12px; border-bottom: 1px solid #e5e7eb; text-align: center; white-space: nowrap;">${safeBlistersNeeded} × ${safeBlisterSize}</td>
-          <td style="padding: 10px 12px; border-bottom: 1px solid #e5e7eb; text-align: center; white-space: nowrap;">${row.stripsAvailable}</td>
+          <td style="padding: 10px 12px; border-bottom: 1px solid #e5e7eb; text-align: center; white-space: nowrap;">${safeFullBlisters}${safeLoosePills > 0 ? ` (+${safeLoosePills})` : ""}</td>
          <td style="padding: 10px 12px; border-bottom: 1px solid #e5e7eb; text-align: center; white-space: nowrap;">
            <span style="display: inline-block; padding: 4px 10px; border-radius: 12px; font-size: 12px; font-weight: 600; ${
-              row.enough
+							row.enough ? "background: #d1fae5; color: #065f46;" : "background: #fee2e2; color: #991b1b;"
-                ? "background: #d1fae5; color: #065f46;"
+						}">
                : "background: #fee2e2; color: #991b1b;"
            }">
              ${row.enough ? "✓ OK" : "✗ Out of Stock"}
            </span>
          </td>
        </tr>
-      `
+      `;
-      )
+			})
-      .join("");
+			.join("");
-    const outOfStockCount = rows.filter((r) => !r.enough).length;
+		const outOfStockCount = rows.filter((r) => !r.enough).length;
-    const summaryText =
+		const summaryText =
-      outOfStockCount > 0
+			outOfStockCount > 0
-        ? `⚠️ ${outOfStockCount} medication${outOfStockCount > 1 ? "s" : ""} will be out of stock during this period.`
+				? `⚠️ ${outOfStockCount} medication${outOfStockCount > 1 ? "s" : ""} will be out of stock during this period.`
-        : "✓ All medications have sufficient supply for this period.";
+				: "✓ All medications have sufficient supply for this period.";
-    const html = `
+		const html = `
      <div style="font-family: system-ui, -apple-system, sans-serif; max-width: 100%; margin: 0 auto; padding: 12px; background: #f9fafb;">
        <div style="background: white; border-radius: 12px; padding: 16px; box-shadow: 0 1px 3px rgba(0,0,0,0.1);">
          <h2 style="color: #1f2937; margin: 0 0 8px; font-size: 18px;">MedAssist-ng - Demand Calculator</h2>
          <p style="color: #6b7280; margin: 0 0 16px; font-size: 13px;">Supply overview from <strong>${fromDate}</strong> to <strong>${untilDate}</strong></p>
          <div style="padding: 10px 14px; border-radius: 8px; margin-bottom: 16px; ${
-            outOfStockCount > 0
+						outOfStockCount > 0
-              ? "background: #fef2f2; border: 1px solid #fecaca;"
+							? "background: #fef2f2; border: 1px solid #fecaca;"
-              : "background: #f0fdf4; border: 1px solid #bbf7d0;"
+							: "background: #f0fdf4; border: 1px solid #bbf7d0;"
-          }">
+					}">
            <p style="margin: 0; color: ${outOfStockCount > 0 ? "#991b1b" : "#166534"}; font-weight: 500; font-size: 13px;">
              ${summaryText}
            </p>
@@ -164,89 +187,89 @@ export async function plannerRoutes(app: FastifyInstance) {
      </div>
    `;
-    const plainText = `MedAssist-ng - Demand Calculator
+		const plainText = `MedAssist-ng - Demand Calculator
 Supply overview from ${fromDate} to ${untilDate}
 ${summaryText}
-${rows.map((r) => `${r.medicationName}: ${r.totalPills} pills in stock, ${r.plannerUsage} pills needed, ${r.stripsAvailable} blisters available (${r.stripsNeeded} needed) - ${r.enough ? "Enough" : "OUT OF STOCK"}`).join("\n")}
+${rows.map((r) => `${r.medicationName}: ${r.totalPills} pills in stock, ${r.plannerUsage} pills needed, ${r.fullBlisters} blisters available${r.loosePills > 0 ? ` (+${r.loosePills} loose)` : ""} (${r.blistersNeeded} needed) - ${r.enough ? "Enough" : "OUT OF STOCK"}`).join("\n")}
 ---
 Sent from MedAssist-ng Medication Planner`;
-    try {
+		try {
-      const transporter = nodemailer.createTransport({
+			const transporter = nodemailer.createTransport({
-        host: smtpHost,
+				host: smtpHost,
-        port: smtpPort,
+				port: smtpPort,
-        secure: smtpSecure,
+				secure: smtpSecure,
-        auth: {
+				auth: {
-          user: smtpUser,
+					user: smtpUser,
-          pass: smtpPass ?? "",
+					pass: smtpPass ?? "",
-        },
+				},
-      });
+			});
-      await transporter.sendMail({
+			await transporter.sendMail({
-        from: smtpFrom,
+				from: smtpFrom,
-        to: email,
+				to: email,
-        subject: `MedAssist-ng - Supply Overview (${fromDate} - ${untilDate})`,
+				subject: `MedAssist-ng - Supply Overview (${fromDate} - ${untilDate})`,
-        text: plainText,
+				text: plainText,
-        html,
+				html,
-      });
+			});
-      return reply.send({ success: true, message: "Email sent successfully" });
+			return reply.send({ success: true, message: "Email sent successfully" });
-    } catch (error) {
+		} catch (error) {
-      const errorMessage = error instanceof Error ? error.message : "Unknown error";
+			const errorMessage = error instanceof Error ? error.message : "Unknown error";
-      return reply.status(500).send({ error: `Failed to send email: ${errorMessage}` });
+			return reply.status(500).send({ error: `Failed to send email: ${errorMessage}` });
-    }
+		}
-  });
+	});
-  // Reminder notification for low stock medications (supports email and push)
+	// Reminder notification for low stock medications (supports email and push)
-  app.post<{ Body: ReminderEmailBody }>("/reminder/send-email", async (request, reply) => {
+	app.post<{ Body: ReminderEmailBody }>("/reminder/send-email", async (request, reply) => {
-    const { email, lowStock, language: bodyLanguage } = request.body;
+		const { email, lowStock } = request.body;
-    if (!lowStock || lowStock.length === 0) {
+		if (!lowStock || lowStock.length === 0) {
-      return reply.status(400).send({ error: "Missing low stock data" });
+			return reply.status(400).send({ error: "Missing low stock data" });
-    }
+		}
-    // Load user settings
+		// Load user settings
-    const userId = await getUserId(request);
+		const userId = await getUserId(request);
-    const userSettings = await loadUserSettings(userId);
+		const userSettings = await loadUserSettings(userId);
-    const notificationSettings = {
+		const notificationSettings = {
-      emailEnabled: userSettings.emailEnabled,
+			emailEnabled: userSettings.emailEnabled,
-      shoutrrrEnabled: userSettings.shoutrrrEnabled,
+			shoutrrrEnabled: userSettings.shoutrrrEnabled,
-      shoutrrrUrl: userSettings.shoutrrrUrl || "",
+			shoutrrrUrl: userSettings.shoutrrrUrl || "",
-    };
+		};
    const results: { email?: boolean; push?: boolean; errors: string[] } = { errors: [] };
-    // Separate empty from low stock medications
+		const results: { email?: boolean; push?: boolean; errors: string[] } = { errors: [] };
    const emptyMeds = lowStock.filter(r => r.medsLeft <= 0);
    const lowMeds = lowStock.filter(r => r.medsLeft > 0);
-    // Send email if enabled
+		// Separate empty from low stock medications
-    if (notificationSettings.emailEnabled && email) {
+		const emptyMeds = lowStock.filter((r) => r.medsLeft <= 0);
-      const smtpHost = process.env.SMTP_HOST;
+		const lowMeds = lowStock.filter((r) => r.medsLeft > 0);
      const smtpUser = process.env.SMTP_USER;
      const smtpPass = process.env.SMTP_TOKEN || process.env.SMTP_PASS; // Token takes precedence
      const smtpPort = parseInt(process.env.SMTP_PORT ?? "587");
      const smtpSecure = process.env.SMTP_SECURE === "true";
      const smtpFrom = process.env.SMTP_FROM ?? smtpUser;
-      if (smtpHost && smtpUser) {
+		// Send email if enabled
-        // Build subject line based on what we have
+		if (notificationSettings.emailEnabled && email) {
-        let subjectText: string;
+			const smtpHost = process.env.SMTP_HOST;
-        if (emptyMeds.length > 0 && lowMeds.length > 0) {
+			const smtpUser = process.env.SMTP_USER;
-          subjectText = `🚨 ${emptyMeds.length} Empty, ⚠️ ${lowMeds.length} Running Low`;
+			const smtpPass = process.env.SMTP_TOKEN || process.env.SMTP_PASS; // Token takes precedence
-        } else if (emptyMeds.length > 0) {
+			const smtpPort = parseInt(process.env.SMTP_PORT ?? "587", 10);
-          subjectText = `🚨 ${emptyMeds.length} Medication${emptyMeds.length > 1 ? "s" : ""} Empty`;
+			const smtpSecure = process.env.SMTP_SECURE === "true";
-        } else {
+			const smtpFrom = process.env.SMTP_FROM ?? smtpUser;
          subjectText = `⚠️ ${lowMeds.length} Medication${lowMeds.length > 1 ? "s" : ""} Running Low`;
        }
-        // Build alert box based on what we have
+			if (smtpHost && smtpUser) {
-        let alertHtml: string;
+				// Build subject line based on what we have
-        if (emptyMeds.length > 0 && lowMeds.length > 0) {
+				let subjectText: string;
-          alertHtml = `
+				if (emptyMeds.length > 0 && lowMeds.length > 0) {
 					subjectText = `🚨 ${emptyMeds.length} Empty, ⚠️ ${lowMeds.length} Running Low`;
 				} else if (emptyMeds.length > 0) {
 					subjectText = `🚨 ${emptyMeds.length} Medication${emptyMeds.length > 1 ? "s" : ""} Empty`;
 				} else {
 					subjectText = `⚠️ ${lowMeds.length} Medication${lowMeds.length > 1 ? "s" : ""} Running Low`;
 				}
 				// Build alert box based on what we have
 				let alertHtml: string;
 				if (emptyMeds.length > 0 && lowMeds.length > 0) {
 					alertHtml = `
            <div style="padding: 10px 14px; border-radius: 8px; margin-bottom: 12px; background: #fef2f2; border: 1px solid #dc2626;">
              <p style="margin: 0; color: #dc2626; font-weight: 600; font-size: 13px;">
                🚨 ${emptyMeds.length} medication${emptyMeds.length > 1 ? "s" : ""} EMPTY - reorder immediately!
@@ -257,49 +280,54 @@ Sent from MedAssist-ng Medication Planner`;
                ⚠️ ${lowMeds.length} medication${lowMeds.length > 1 ? "s" : ""} running low - reorder soon
              </p>
            </div>`;
-        } else if (emptyMeds.length > 0) {
+				} else if (emptyMeds.length > 0) {
-          alertHtml = `
+					alertHtml = `
            <div style="padding: 10px 14px; border-radius: 8px; margin-bottom: 16px; background: #fef2f2; border: 1px solid #dc2626;">
              <p style="margin: 0; color: #dc2626; font-weight: 600; font-size: 13px;">
                🚨 ${emptyMeds.length} medication${emptyMeds.length > 1 ? "s" : ""} EMPTY - reorder immediately!
              </p>
            </div>`;
-        } else {
+				} else {
-          alertHtml = `
+					alertHtml = `
            <div style="padding: 10px 14px; border-radius: 8px; margin-bottom: 16px; background: #fffbeb; border: 1px solid #f59e0b;">
              <p style="margin: 0; color: #b45309; font-weight: 500; font-size: 13px;">
                ⚠️ ${lowMeds.length} medication${lowMeds.length > 1 ? "s" : ""} running low - reorder soon
              </p>
            </div>`;
-        }
+				}
-        // Build table rows with status indicator
+				// Build table rows with status indicator
-        const buildTableRow = (row: LowStockItem) => {
+				const buildTableRow = (row: LowStockItem) => {
-          const isEmpty = row.medsLeft <= 0;
+					const isEmpty = row.medsLeft <= 0;
-          const statusIcon = isEmpty ? "🚨" : "⚠️";
+					const statusIcon = isEmpty ? "🚨" : "⚠️";
-          const rowBg = isEmpty ? "#fef2f2" : "white";
+					const rowBg = isEmpty ? "#fef2f2" : "white";
-          return `
+					// Escape user-provided strings and coerce numbers to prevent XSS
 					const safeName = escapeHtml(row.name);
 					const safeMedsLeft = Number(row.medsLeft) || 0;
 					const safeDaysLeft = Number(row.daysLeft) || 0;
 					const safeDepletionDate = row.depletionDate ? escapeHtml(String(row.depletionDate)) : "-";
 					return `
          <tr style="background: ${rowBg};">
-            <td style="padding: 10px 12px; border-bottom: 1px solid #e5e7eb; white-space: nowrap;">${statusIcon} ${row.name}</td>
+            <td style="padding: 10px 12px; border-bottom: 1px solid #e5e7eb; white-space: nowrap;">${statusIcon} ${safeName}</td>
-            <td style="padding: 10px 12px; border-bottom: 1px solid #e5e7eb; text-align: center; white-space: nowrap; ${isEmpty ? "color: #dc2626; font-weight: 600;" : ""}"><strong>${row.medsLeft}</strong></td>
+            <td style="padding: 10px 12px; border-bottom: 1px solid #e5e7eb; text-align: center; white-space: nowrap; ${isEmpty ? "color: #dc2626; font-weight: 600;" : ""}"><strong>${safeMedsLeft}</strong></td>
-            <td style="padding: 10px 12px; border-bottom: 1px solid #e5e7eb; text-align: center; white-space: nowrap;">${row.daysLeft ?? 0}</td>
+            <td style="padding: 10px 12px; border-bottom: 1px solid #e5e7eb; text-align: center; white-space: nowrap;">${safeDaysLeft}</td>
-            <td style="padding: 10px 12px; border-bottom: 1px solid #e5e7eb; text-align: center; white-space: nowrap;">${isEmpty ? "<strong>NOW</strong>" : (row.depletionDate ?? "-")}</td>
+            <td style="padding: 10px 12px; border-bottom: 1px solid #e5e7eb; text-align: center; white-space: nowrap;">${isEmpty ? "<strong>NOW</strong>" : safeDepletionDate}</td>
          </tr>`;
-        };
+				};
        const tableRows = lowStock.map(buildTableRow).join("");
-        // Build description text
+				const tableRows = lowStock.map(buildTableRow).join("");
        let descriptionText: string;
        if (emptyMeds.length > 0 && lowMeds.length > 0) {
          descriptionText = "The following medications need to be reordered:";
        } else if (emptyMeds.length > 0) {
          descriptionText = "The following medications are EMPTY and need to be reordered immediately:";
        } else {
          descriptionText = "The following medications are running low and need to be reordered:";
        }
-        const html = `
+				// Build description text
 				let descriptionText: string;
 				if (emptyMeds.length > 0 && lowMeds.length > 0) {
 					descriptionText = "The following medications need to be reordered:";
 				} else if (emptyMeds.length > 0) {
 					descriptionText = "The following medications are EMPTY and need to be reordered immediately:";
 				} else {
 					descriptionText = "The following medications are running low and need to be reordered:";
 				}
 				const html = `
          <div style="font-family: system-ui, -apple-system, sans-serif; max-width: 100%; margin: 0 auto; padding: 12px; background: #f9fafb;">
            <div style="background: white; border-radius: 12px; padding: 16px; box-shadow: 0 1px 3px rgba(0,0,0,0.1);">
              <h2 style="color: #1f2937; margin: 0 0 8px; font-size: 18px;">${emptyMeds.length > 0 ? "🚨" : "⚠️"} MedAssist-ng - Reorder Reminder</h2>
@@ -329,120 +357,124 @@ Sent from MedAssist-ng Medication Planner`;
          </div>
        `;
-        // Build plain text with sections
+				// Build plain text with sections
-        let plainTextContent: string;
+				let plainTextContent: string;
-        if (emptyMeds.length > 0 && lowMeds.length > 0) {
+				if (emptyMeds.length > 0 && lowMeds.length > 0) {
-          plainTextContent = `🚨 EMPTY (reorder immediately):
+					plainTextContent = `🚨 EMPTY (reorder immediately):
 ${emptyMeds.map((r) => `  • ${r.name}`).join("\n")}
 ⚠️ RUNNING LOW (reorder soon):
 ${lowMeds.map((r) => `  • ${r.name}: ${r.medsLeft} pills left, ${r.daysLeft ?? 0} days remaining`).join("\n")}`;
-        } else if (emptyMeds.length > 0) {
+				} else if (emptyMeds.length > 0) {
-          plainTextContent = `🚨 EMPTY (reorder immediately):
+					plainTextContent = `🚨 EMPTY (reorder immediately):
 ${emptyMeds.map((r) => `  • ${r.name}`).join("\n")}`;
-        } else {
+				} else {
-          plainTextContent = `⚠️ Running low:
+					plainTextContent = `⚠️ Running low:
 ${lowMeds.map((r) => `  • ${r.name}: ${r.medsLeft} pills left, ${r.daysLeft ?? 0} days remaining, runs out ${r.depletionDate ?? "soon"}`).join("\n")}`;
-        }
+				}
-        const plainText = `MedAssist-ng - Reorder Reminder
+				const plainText = `MedAssist-ng - Reorder Reminder
 ${plainTextContent}
 ---
 Sent from MedAssist-ng Medication Planner`;
-        try {
+				try {
-          const transporter = nodemailer.createTransport({
+					const transporter = nodemailer.createTransport({
-            host: smtpHost,
+						host: smtpHost,
-            port: smtpPort,
+						port: smtpPort,
-            secure: smtpSecure,
+						secure: smtpSecure,
-            auth: {
+						auth: {
-              user: smtpUser,
+							user: smtpUser,
-              pass: smtpPass ?? "",
+							pass: smtpPass ?? "",
-            },
+						},
-          });
+					});
-          await transporter.sendMail({
+					await transporter.sendMail({
-            from: smtpFrom,
+						from: smtpFrom,
-            to: email,
+						to: email,
-            subject: `MedAssist-ng - ${subjectText}`,
+						subject: `MedAssist-ng - ${subjectText}`,
-            text: plainText,
+						text: plainText,
-            html,
+						html,
-          });
+					});
-          results.email = true;
+					results.email = true;
-        } catch (error) {
+				} catch (error) {
-          const errorMessage = error instanceof Error ? error.message : "Unknown error";
+					const errorMessage = error instanceof Error ? error.message : "Unknown error";
-          results.errors.push(`Email: ${errorMessage}`);
+					results.errors.push(`Email: ${errorMessage}`);
-        }
+				}
-      }
+			}
-    }
+		}
-    // Send push notification if enabled
+		// Send push notification if enabled
-    if (notificationSettings.shoutrrrEnabled && notificationSettings.shoutrrrUrl) {
+		if (notificationSettings.shoutrrrEnabled && notificationSettings.shoutrrrUrl) {
-      // Get translations based on user language (default to 'en')
+			// Get translations based on user language (default to 'en')
-      const tr = getTranslations((userSettings.language as Language) || "en");
+			const tr = getTranslations((userSettings.language as Language) || "en");
      // Build clear title
      const titleParts: string[] = [];
      if (emptyMeds.length > 0) {
        titleParts.push(`🚨 ${emptyMeds.length} ${tr.push.empty}`);
      }
      if (lowMeds.length > 0) {
        titleParts.push(`⚠️ ${lowMeds.length} ${tr.push.low}`);
      }
      const title = `MedAssist: ${titleParts.join(", ")} - ${tr.push.reorderNow}`;
      // Build clear message with sections
      const messageParts: string[] = [];
      if (emptyMeds.length > 0) {
        messageParts.push(`🚨 ${tr.push.emptySection}:`);
        emptyMeds.forEach(r => messageParts.push(`  • ${r.name}`));
      }
      if (lowMeds.length > 0) {
        if (emptyMeds.length > 0) messageParts.push("");
        messageParts.push(`⚠️ ${tr.push.lowSection}:`);
        lowMeds.forEach(r => messageParts.push(`  • ${r.name}: ${t(tr.push.pillsLeft, { count: r.medsLeft })}, ${t(tr.push.daysLeft, { count: r.daysLeft ?? 0 })}`));
      }
      const message = messageParts.join("\n");
-      try {
+			// Build clear title
-        const pushResult = await sendShoutrrrNotification(notificationSettings.shoutrrrUrl, title, message);
+			const titleParts: string[] = [];
-        if (pushResult.success) {
+			if (emptyMeds.length > 0) {
-          results.push = true;
+				titleParts.push(`🚨 ${emptyMeds.length} ${tr.push.empty}`);
-        } else {
+			}
-          results.errors.push(`Push: ${pushResult.error}`);
+			if (lowMeds.length > 0) {
-        }
+				titleParts.push(`⚠️ ${lowMeds.length} ${tr.push.low}`);
-      } catch (error) {
+			}
-        const errorMessage = error instanceof Error ? error.message : "Unknown error";
+			const title = `MedAssist: ${titleParts.join(", ")} - ${tr.push.reorderNow}`;
        results.errors.push(`Push: ${errorMessage}`);
      }
    }
-    // Update the reminder state to record this notification was sent
+			// Build clear message with sections
-    if (results.email || results.push) {
+			const messageParts: string[] = [];
-      const channel = results.email && results.push ? "both" : results.email ? "email" : "push";
+			if (emptyMeds.length > 0) {
-      updateReminderSentTime("stock", channel);
+				messageParts.push(`🚨 ${tr.push.emptySection}:`);
-      
+				emptyMeds.forEach((r) => messageParts.push(`  • ${r.name}`));
-      // Also update user settings in database so frontend can display the info
+			}
-      await updateUserReminderSentTime(userId, "stock", channel);
+			if (lowMeds.length > 0) {
-    }
+				if (emptyMeds.length > 0) messageParts.push("");
 				messageParts.push(`⚠️ ${tr.push.lowSection}:`);
 				lowMeds.forEach((r) =>
 					messageParts.push(
 						`  • ${r.name}: ${t(tr.push.pillsLeft, { count: r.medsLeft })}, ${t(tr.push.daysLeft, { count: r.daysLeft ?? 0 })}`
 					)
 				);
 			}
 			const message = messageParts.join("\n");
-    // Build response message
+			try {
-    const sentChannels: string[] = [];
+				const pushResult = await sendShoutrrrNotification(notificationSettings.shoutrrrUrl, title, message);
-    if (results.email) sentChannels.push("email");
+				if (pushResult.success) {
-    if (results.push) sentChannels.push("push");
+					results.push = true;
 				} else {
 					results.errors.push(`Push: ${pushResult.error}`);
 				}
 			} catch (error) {
 				const errorMessage = error instanceof Error ? error.message : "Unknown error";
 				results.errors.push(`Push: ${errorMessage}`);
 			}
 		}
-    if (sentChannels.length > 0) {
+		// Update the reminder state to record this notification was sent
-      return reply.send({ 
+		if (results.email || results.push) {
-        success: true, 
+			const channel = results.email && results.push ? "both" : results.email ? "email" : "push";
-        message: `Reminder sent via ${sentChannels.join(" and ")}` 
+			updateReminderSentTime("stock", channel);
-      });
+
-    } else if (results.errors.length > 0) {
+			// Also update user settings in database so frontend can display the info
-      return reply.status(500).send({ error: results.errors.join("; ") });
+			await updateUserReminderSentTime(userId, "stock", channel);
-    } else {
+		}
-      return reply.status(400).send({ error: "No notification channels configured" });
+
-    }
+		// Build response message
-  });
+		const sentChannels: string[] = [];
 		if (results.email) sentChannels.push("email");
 		if (results.push) sentChannels.push("push");
 		if (sentChannels.length > 0) {
 			return reply.send({
 				success: true,
 				message: `Reminder sent via ${sentChannels.join(" and ")}`,
 			});
 		} else if (results.errors.length > 0) {
 			return reply.status(500).send({ error: results.errors.join("; ") });
 		} else {
 			return reply.status(400).send({ error: "No notification channels configured" });
 		}
 	});
 }
@@ -0,0 +1,133 @@
 import { and, desc, eq } from "drizzle-orm";
 import type { FastifyInstance, FastifyReply, FastifyRequest } from "fastify";
 import { z } from "zod";
 import { db } from "../db/client.js";
 import { medications, refillHistory } from "../db/schema.js";
 import { getAnonymousUserId, requireAuth } from "../plugins/auth.js";
 import { env } from "../plugins/env.js";
 import type { AuthUser } from "../types/fastify.js";
 const refillSchema = z
 	.object({
 		packsAdded: z.number().int().min(0).default(0),
 		loosePillsAdded: z.number().int().min(0).default(0),
 	})
 	.refine((data) => data.packsAdded > 0 || data.loosePillsAdded > 0, {
 		message: "Must add at least one pack or some loose pills",
 	});
 export async function refillRoutes(app: FastifyInstance) {
 	// All refill routes require auth
 	app.addHook("preHandler", requireAuth);
 	// Helper to get user ID from request
 	async function getUserId(request: FastifyRequest, reply: FastifyReply): Promise<number> {
 		if (!env.AUTH_ENABLED) {
 			return getAnonymousUserId();
 		}
 		const authUser = request.user as unknown as AuthUser | null;
 		if (!authUser) {
 			reply.status(401).send({ error: "User not authenticated", code: "AUTH_REQUIRED" });
 			throw new Error("AUTH_REQUIRED");
 		}
 		return authUser.id;
 	}
 	// POST /medications/:id/refill - Add stock to medication
 	app.post<{ Params: { id: string } }>("/medications/:id/refill", async (req, reply) => {
 		const parsed = refillSchema.safeParse(req.body);
 		if (!parsed.success) return reply.status(400).send(parsed.error.format());
 		const medId = Number(req.params.id);
 		if (Number.isNaN(medId)) return reply.badRequest("Invalid medication id");
 		const userId = await getUserId(req, reply);
 		// Verify ownership
 		const [med] = await db
 			.select()
 			.from(medications)
 			.where(and(eq(medications.id, medId), eq(medications.userId, userId)));
 		if (!med) return reply.notFound("Medication not found");
 		const { packsAdded, loosePillsAdded } = parsed.data;
 		// Update medication stock
 		const newPackCount = med.packCount + packsAdded;
 		const newLooseTablets = med.looseTablets + loosePillsAdded;
 		await db
 			.update(medications)
 			.set({
 				packCount: newPackCount,
 				looseTablets: newLooseTablets,
 				stockAdjustment: 0, // Reset offset since we're adding to base stock
 				lastStockCorrectionAt: new Date(), // Reset consumed counter to now
 				updatedAt: new Date(),
 			})
 			.where(and(eq(medications.id, medId), eq(medications.userId, userId)));
 		// Create refill history entry
 		const [refill] = await db
 			.insert(refillHistory)
 			.values({
 				medicationId: medId,
 				userId,
 				packsAdded,
 				loosePillsAdded,
 			})
 			.returning();
 		// Calculate pills added for response
 		const pillsPerPack = med.blistersPerPack * med.pillsPerBlister;
 		const totalPillsAdded = packsAdded * pillsPerPack + loosePillsAdded;
 		return {
 			success: true,
 			refill: {
 				id: refill.id,
 				packsAdded,
 				loosePillsAdded,
 				totalPillsAdded,
 				refillDate: refill.refillDate,
 			},
 			newStock: {
 				packCount: newPackCount,
 				looseTablets: newLooseTablets,
 				totalPills: newPackCount * pillsPerPack + newLooseTablets,
 			},
 		};
 	});
 	// GET /medications/:id/refills - Get refill history for a medication
 	app.get<{ Params: { id: string } }>("/medications/:id/refills", async (req, reply) => {
 		const medId = Number(req.params.id);
 		if (Number.isNaN(medId)) return reply.badRequest("Invalid medication id");
 		const userId = await getUserId(req, reply);
 		// Verify ownership
 		const [med] = await db
 			.select()
 			.from(medications)
 			.where(and(eq(medications.id, medId), eq(medications.userId, userId)));
 		if (!med) return reply.notFound("Medication not found");
 		// Get refill history, newest first
 		const refills = await db
 			.select()
 			.from(refillHistory)
 			.where(eq(refillHistory.medicationId, medId))
 			.orderBy(desc(refillHistory.refillDate));
 		const pillsPerPack = med.blistersPerPack * med.pillsPerBlister;
 		return refills.map((r) => ({
 			id: r.id,
 			packsAdded: r.packsAdded,
 			loosePillsAdded: r.loosePillsAdded,
 			totalPillsAdded: r.packsAdded * pillsPerPack + r.loosePillsAdded,
 			refillDate: r.refillDate,
 		}));
 	});
 }
@@ -1,292 +1,348 @@
-import { FastifyInstance } from "fastify";
+import { eq } from "drizzle-orm";
 import type { FastifyInstance } from "fastify";
 import nodemailer from "nodemailer";
 import { db } from "../db/client.js";
 import { userSettings } from "../db/schema.js";
-import { eq } from "drizzle-orm";
+import type { Language } from "../i18n/translations.js";
-import { requireAuth, getAnonymousUserId } from "../plugins/auth.js";
+import { getAnonymousUserId, requireAuth } from "../plugins/auth.js";
 import { env } from "../plugins/env.js";
 import type { AuthUser } from "../types/fastify.js";
 import type { Language } from "../i18n/translations.js";
 // Exported type for use in schedulers
 export type UserSettings = {
-  userId: number;
+	userId: number;
-  emailEnabled: boolean;
+	emailEnabled: boolean;
-  notificationEmail: string | null;
+	notificationEmail: string | null;
-  emailStockReminders: boolean;
+	emailStockReminders: boolean;
-  emailIntakeReminders: boolean;
+	emailIntakeReminders: boolean;
-  shoutrrrEnabled: boolean;
+	shoutrrrEnabled: boolean;
-  shoutrrrUrl: string | null;
+	shoutrrrUrl: string | null;
-  shoutrrrStockReminders: boolean;
+	shoutrrrStockReminders: boolean;
-  shoutrrrIntakeReminders: boolean;
+	shoutrrrIntakeReminders: boolean;
-  reminderDaysBefore: number;
+	reminderDaysBefore: number;
-  repeatDailyReminders: boolean;
+	repeatDailyReminders: boolean;
-  lowStockDays: number;
+	skipRemindersForTakenDoses: boolean;
-  normalStockDays: number;
+	repeatRemindersEnabled: boolean;
-  highStockDays: number;
+	reminderRepeatIntervalMinutes: number;
-  language: Language;
+	maxNaggingReminders: number;
-  stockCalculationMode: "automatic" | "manual";
+	lowStockDays: number;
-  lastAutoEmailSent: string | null;
+	normalStockDays: number;
-  lastNotificationType: string | null;
+	highStockDays: number;
-  lastNotificationChannel: string | null;
+	language: Language;
 	stockCalculationMode: "automatic" | "manual";
 	lastAutoEmailSent: string | null;
 	lastNotificationType: string | null;
 	lastNotificationChannel: string | null;
 	lastReminderMedName: string | null;
 	lastReminderTakenBy: string | null;
 };
 type SettingsBody = {
-  emailEnabled: boolean;
+	emailEnabled: boolean;
-  notificationEmail: string;
+	notificationEmail: string;
-  reminderDaysBefore: number;
+	reminderDaysBefore: number;
-  repeatDailyReminders: boolean;
+	repeatDailyReminders: boolean;
-  lowStockDays: number;
+	lowStockDays: number;
-  normalStockDays: number;
+	normalStockDays: number;
-  highStockDays: number;
+	highStockDays: number;
-  shoutrrrEnabled: boolean;
+	shoutrrrEnabled: boolean;
-  shoutrrrUrl: string;
+	shoutrrrUrl: string;
-  emailStockReminders: boolean;
+	emailStockReminders: boolean;
-  emailIntakeReminders: boolean;
+	emailIntakeReminders: boolean;
-  shoutrrrStockReminders: boolean;
+	shoutrrrStockReminders: boolean;
-  shoutrrrIntakeReminders: boolean;
+	shoutrrrIntakeReminders: boolean;
-  language: string;
+	skipRemindersForTakenDoses: boolean;
-  stockCalculationMode: "automatic" | "manual";
+	repeatRemindersEnabled: boolean;
 	reminderRepeatIntervalMinutes: number;
 	maxNaggingReminders: number;
 	language: string;
 	stockCalculationMode: "automatic" | "manual";
 };
 type TestEmailBody = {
-  email: string;
+	email: string;
 };
 type TestShoutrrrBody = {
-  url: string;
+	url: string;
 };
-// Default settings for new users
+// Helper to parse boolean env vars
-const defaultSettings = {
+function envBool(key: string, defaultVal: boolean): boolean {
-  emailEnabled: false,
+	const val = process.env[key];
-  notificationEmail: null,
+	if (val === undefined) return defaultVal;
-  emailStockReminders: true,
+	return val === "true" || val === "1";
-  emailIntakeReminders: true,
+}
-  shoutrrrEnabled: false,
+
-  shoutrrrUrl: null,
+// Helper to parse integer env vars
-  shoutrrrStockReminders: true,
+function envInt(key: string, defaultVal: number): number {
-  shoutrrrIntakeReminders: true,
+	const val = process.env[key];
-  reminderDaysBefore: 7,
+	if (val === undefined) return defaultVal;
-  repeatDailyReminders: false,
+	const parsed = parseInt(val, 10);
-  lowStockDays: 30,
+	return Number.isNaN(parsed) ? defaultVal : parsed;
-  normalStockDays: 90,
+}
-  highStockDays: 180,
+
-  language: "en",
+// Default settings for new users - read from ENV with fallbacks
-  stockCalculationMode: "automatic" as const,
+function getDefaultSettings() {
-  lastAutoEmailSent: null,
+	return {
-  lastNotificationType: null,
+		emailEnabled: envBool("DEFAULT_EMAIL_ENABLED", false),
-  lastNotificationChannel: null,
+		notificationEmail: process.env.DEFAULT_NOTIFICATION_EMAIL || null,
-};
+		emailStockReminders: envBool("DEFAULT_EMAIL_STOCK_REMINDERS", true),
 		emailIntakeReminders: envBool("DEFAULT_EMAIL_INTAKE_REMINDERS", true),
 		shoutrrrEnabled: envBool("DEFAULT_SHOUTRRR_ENABLED", false),
 		shoutrrrUrl: process.env.DEFAULT_SHOUTRRR_URL || null,
 		shoutrrrStockReminders: envBool("DEFAULT_SHOUTRRR_STOCK_REMINDERS", true),
 		shoutrrrIntakeReminders: envBool("DEFAULT_SHOUTRRR_INTAKE_REMINDERS", true),
 		reminderDaysBefore: envInt("REMINDER_DAYS_BEFORE", 7),
 		repeatDailyReminders: envBool("DEFAULT_REPEAT_DAILY_REMINDERS", false),
 		skipRemindersForTakenDoses: envBool("DEFAULT_SKIP_REMINDERS_FOR_TAKEN_DOSES", false),
 		repeatRemindersEnabled: envBool("DEFAULT_REPEAT_REMINDERS_ENABLED", false),
 		reminderRepeatIntervalMinutes: envInt("DEFAULT_REMINDER_REPEAT_INTERVAL_MINUTES", 30),
 		maxNaggingReminders: envInt("DEFAULT_MAX_NAGGING_REMINDERS", 5),
 		lowStockDays: envInt("DEFAULT_LOW_STOCK_DAYS", 30),
 		normalStockDays: envInt("DEFAULT_NORMAL_STOCK_DAYS", 90),
 		highStockDays: envInt("DEFAULT_HIGH_STOCK_DAYS", 180),
 		language: (process.env.DEFAULT_LANGUAGE as "en" | "de") || "en",
 		stockCalculationMode: (process.env.DEFAULT_STOCK_CALCULATION_MODE as "automatic" | "manual") || "automatic",
 		lastAutoEmailSent: null,
 		lastNotificationType: null,
 		lastNotificationChannel: null,
 		lastReminderMedName: null,
 		lastReminderTakenBy: null,
 	};
 }
 // Helper to get or create user settings
 async function getOrCreateUserSettings(userId: number) {
-  let [settings] = await db.select().from(userSettings).where(eq(userSettings.userId, userId));
+	let [settings] = await db.select().from(userSettings).where(eq(userSettings.userId, userId));
-  
+
-  if (!settings) {
+	if (!settings) {
-    // Create default settings for user
+		// Create default settings for user (using ENV defaults)
-    [settings] = await db.insert(userSettings).values({
+		[settings] = await db
-      userId,
+			.insert(userSettings)
-      ...defaultSettings,
+			.values({
-    }).returning();
+				userId,
-  }
+				...getDefaultSettings(),
-  
+			})
-  return settings;
+			.returning();
 	}
 	return settings;
 }
 // Export for use in reminder scheduler
 export async function loadUserSettings(userId: number): Promise<UserSettings> {
-  const settings = await getOrCreateUserSettings(userId);
+	const settings = await getOrCreateUserSettings(userId);
-  return {
+	return {
-    userId: settings.userId,
+		userId: settings.userId,
-    emailEnabled: settings.emailEnabled,
+		emailEnabled: settings.emailEnabled,
-    notificationEmail: settings.notificationEmail,
+		notificationEmail: settings.notificationEmail,
-    emailStockReminders: settings.emailStockReminders,
+		emailStockReminders: settings.emailStockReminders,
-    emailIntakeReminders: settings.emailIntakeReminders,
+		emailIntakeReminders: settings.emailIntakeReminders,
-    shoutrrrEnabled: settings.shoutrrrEnabled,
+		shoutrrrEnabled: settings.shoutrrrEnabled,
-    shoutrrrUrl: settings.shoutrrrUrl,
+		shoutrrrUrl: settings.shoutrrrUrl,
-    shoutrrrStockReminders: settings.shoutrrrStockReminders,
+		shoutrrrStockReminders: settings.shoutrrrStockReminders,
-    shoutrrrIntakeReminders: settings.shoutrrrIntakeReminders,
+		shoutrrrIntakeReminders: settings.shoutrrrIntakeReminders,
-    reminderDaysBefore: settings.reminderDaysBefore,
+		reminderDaysBefore: settings.reminderDaysBefore,
-    repeatDailyReminders: settings.repeatDailyReminders,
+		repeatDailyReminders: settings.repeatDailyReminders,
-    lowStockDays: settings.lowStockDays,
+		skipRemindersForTakenDoses: settings.skipRemindersForTakenDoses ?? false,
-    normalStockDays: settings.normalStockDays,
+		repeatRemindersEnabled: settings.repeatRemindersEnabled ?? false,
-    highStockDays: settings.highStockDays,
+		reminderRepeatIntervalMinutes: settings.reminderRepeatIntervalMinutes ?? 30,
-    language: settings.language as Language,
+		maxNaggingReminders: settings.maxNaggingReminders ?? 5,
-    stockCalculationMode: (settings.stockCalculationMode as "automatic" | "manual") ?? "automatic",
+		lowStockDays: settings.lowStockDays,
-    lastAutoEmailSent: settings.lastAutoEmailSent,
+		normalStockDays: settings.normalStockDays,
-    lastNotificationType: settings.lastNotificationType,
+		highStockDays: settings.highStockDays,
-    lastNotificationChannel: settings.lastNotificationChannel,
+		language: settings.language as Language,
-  };
+		stockCalculationMode: (settings.stockCalculationMode as "automatic" | "manual") ?? "automatic",
 		lastAutoEmailSent: settings.lastAutoEmailSent,
 		lastNotificationType: settings.lastNotificationType,
 		lastNotificationChannel: settings.lastNotificationChannel,
 		lastReminderMedName: settings.lastReminderMedName ?? null,
 		lastReminderTakenBy: settings.lastReminderTakenBy ?? null,
 	};
 }
 // Get all users with settings for scheduler
 export async function getAllUserSettings(): Promise<UserSettings[]> {
-  const allSettings = await db.select().from(userSettings);
+	const allSettings = await db.select().from(userSettings);
-  return allSettings.map(settings => ({
+	return allSettings.map((settings) => ({
-    userId: settings.userId,
+		userId: settings.userId,
-    emailEnabled: settings.emailEnabled,
+		emailEnabled: settings.emailEnabled,
-    notificationEmail: settings.notificationEmail,
+		notificationEmail: settings.notificationEmail,
-    emailStockReminders: settings.emailStockReminders,
+		emailStockReminders: settings.emailStockReminders,
-    emailIntakeReminders: settings.emailIntakeReminders,
+		emailIntakeReminders: settings.emailIntakeReminders,
-    shoutrrrEnabled: settings.shoutrrrEnabled,
+		shoutrrrEnabled: settings.shoutrrrEnabled,
-    shoutrrrUrl: settings.shoutrrrUrl,
+		shoutrrrUrl: settings.shoutrrrUrl,
-    shoutrrrStockReminders: settings.shoutrrrStockReminders,
+		shoutrrrStockReminders: settings.shoutrrrStockReminders,
-    shoutrrrIntakeReminders: settings.shoutrrrIntakeReminders,
+		shoutrrrIntakeReminders: settings.shoutrrrIntakeReminders,
-    reminderDaysBefore: settings.reminderDaysBefore,
+		reminderDaysBefore: settings.reminderDaysBefore,
-    repeatDailyReminders: settings.repeatDailyReminders,
+		repeatDailyReminders: settings.repeatDailyReminders,
-    lowStockDays: settings.lowStockDays,
+		skipRemindersForTakenDoses: settings.skipRemindersForTakenDoses ?? false,
-    normalStockDays: settings.normalStockDays,
+		repeatRemindersEnabled: settings.repeatRemindersEnabled ?? false,
-    highStockDays: settings.highStockDays,
+		reminderRepeatIntervalMinutes: settings.reminderRepeatIntervalMinutes ?? 30,
-    language: settings.language as Language,
+		maxNaggingReminders: settings.maxNaggingReminders ?? 5,
-    stockCalculationMode: (settings.stockCalculationMode as "automatic" | "manual") ?? "automatic",
+		lowStockDays: settings.lowStockDays,
-    lastAutoEmailSent: settings.lastAutoEmailSent,
+		normalStockDays: settings.normalStockDays,
-    lastNotificationType: settings.lastNotificationType,
+		highStockDays: settings.highStockDays,
-    lastNotificationChannel: settings.lastNotificationChannel,
+		language: settings.language as Language,
-  }));
+		stockCalculationMode: (settings.stockCalculationMode as "automatic" | "manual") ?? "automatic",
 		lastAutoEmailSent: settings.lastAutoEmailSent,
 		lastNotificationType: settings.lastNotificationType,
 		lastNotificationChannel: settings.lastNotificationChannel,
 		lastReminderMedName: settings.lastReminderMedName ?? null,
 		lastReminderTakenBy: settings.lastReminderTakenBy ?? null,
 	}));
 }
 export async function settingsRoutes(app: FastifyInstance) {
-  // All settings routes require auth
+	// All settings routes require auth
-  app.addHook("preHandler", requireAuth);
+	app.addHook("preHandler", requireAuth);
-  // Helper to get user ID from request
+	// Helper to get user ID from request
-  // Returns anonymous user ID when auth is disabled
+	// Returns anonymous user ID when auth is disabled
-  async function getUserId(request: any, reply: any): Promise<number> {
+	async function getUserId(request: any, reply: any): Promise<number> {
-    // If auth is disabled, use the anonymous user
+		// If auth is disabled, use the anonymous user
-    if (!env.AUTH_ENABLED) {
+		if (!env.AUTH_ENABLED) {
-      return getAnonymousUserId();
+			return getAnonymousUserId();
-    }
+		}
    const authUser = request.user as unknown as AuthUser | null;
    if (!authUser) {
      reply.status(401).send({ error: "Not authenticated" });
      throw new Error("AUTH_REQUIRED");
    }
    return authUser.id;
  }
-  // Get settings for current user
+		const authUser = request.user as unknown as AuthUser | null;
-  app.get("/settings", async (request, reply) => {
+		if (!authUser) {
-    const userId = await getUserId(request, reply);
+			reply.status(401).send({ error: "Not authenticated" });
 			throw new Error("AUTH_REQUIRED");
 		}
 		return authUser.id;
 	}
-    const settings = await getOrCreateUserSettings(userId);
+	// Get settings for current user
-    
+	app.get("/settings", async (request, reply) => {
-    return reply.send({
+		const userId = await getUserId(request, reply);
      // User notification settings (from DB)
      emailEnabled: settings.emailEnabled,
      notificationEmail: settings.notificationEmail ?? "",
      reminderDaysBefore: settings.reminderDaysBefore,
      repeatDailyReminders: settings.repeatDailyReminders,
      lowStockDays: settings.lowStockDays,
      normalStockDays: settings.normalStockDays,
      highStockDays: settings.highStockDays,
      shoutrrrEnabled: settings.shoutrrrEnabled,
      shoutrrrUrl: settings.shoutrrrUrl ?? "",
      emailStockReminders: settings.emailStockReminders,
      emailIntakeReminders: settings.emailIntakeReminders,
      shoutrrrStockReminders: settings.shoutrrrStockReminders,
      shoutrrrIntakeReminders: settings.shoutrrrIntakeReminders,
      language: settings.language,
      stockCalculationMode: settings.stockCalculationMode ?? "automatic",
      // SMTP settings (from .env - shared/server-configured)
      smtpHost: process.env.SMTP_HOST ?? "",
      smtpPort: parseInt(process.env.SMTP_PORT ?? "587"),
      smtpUser: process.env.SMTP_USER ?? "",
      smtpFrom: process.env.SMTP_FROM ?? "",
      smtpSecure: process.env.SMTP_SECURE === "true",
      hasSmtpPassword: !!(process.env.SMTP_TOKEN || process.env.SMTP_PASS),
      // Reminder state for this user
      lastAutoEmailSent: settings.lastAutoEmailSent,
      lastNotificationType: settings.lastNotificationType,
      lastNotificationChannel: settings.lastNotificationChannel,
      // Server settings (from .env, read-only)
      expiryWarningDays: parseInt(process.env.EXPIRY_WARNING_DAYS ?? "30", 10),
    });
  });
-  // Update settings for current user
+		const settings = await getOrCreateUserSettings(userId);
  app.put<{ Body: SettingsBody }>("/settings", async (request, reply) => {
    const userId = await getUserId(request, reply);
-    const body = request.body;
+		return reply.send({
-    
+			// User notification settings (from DB)
-    // Check if any stock reminders are configured
+			emailEnabled: settings.emailEnabled,
-    const hasEmailStock = body.emailEnabled && body.emailStockReminders && body.notificationEmail;
+			notificationEmail: settings.notificationEmail ?? "",
-    const hasShoutrrrStock = body.shoutrrrEnabled && body.shoutrrrStockReminders && body.shoutrrrUrl;
+			reminderDaysBefore: settings.reminderDaysBefore,
-    const hasAnyStockReminder = hasEmailStock || hasShoutrrrStock;
+			repeatDailyReminders: settings.repeatDailyReminders,
-    
+			lowStockDays: settings.lowStockDays,
-    // Disable repeatDailyReminders if no stock reminders are configured
+			normalStockDays: settings.normalStockDays,
-    const repeatDailyReminders = hasAnyStockReminder ? (body.repeatDailyReminders ?? false) : false;
+			highStockDays: settings.highStockDays,
 			shoutrrrEnabled: settings.shoutrrrEnabled,
 			shoutrrrUrl: settings.shoutrrrUrl ?? "",
 			emailStockReminders: settings.emailStockReminders,
 			emailIntakeReminders: settings.emailIntakeReminders,
 			shoutrrrStockReminders: settings.shoutrrrStockReminders,
 			shoutrrrIntakeReminders: settings.shoutrrrIntakeReminders,
 			skipRemindersForTakenDoses: settings.skipRemindersForTakenDoses,
 			repeatRemindersEnabled: settings.repeatRemindersEnabled ?? false,
 			reminderRepeatIntervalMinutes: settings.reminderRepeatIntervalMinutes ?? 30,
 			maxNaggingReminders: settings.maxNaggingReminders ?? 5,
 			language: settings.language,
 			stockCalculationMode: settings.stockCalculationMode ?? "automatic",
 			// SMTP settings (from .env - shared/server-configured)
 			smtpHost: process.env.SMTP_HOST ?? "",
 			smtpPort: parseInt(process.env.SMTP_PORT ?? "587", 10),
 			smtpUser: process.env.SMTP_USER ?? "",
 			smtpFrom: process.env.SMTP_FROM ?? "",
 			smtpSecure: process.env.SMTP_SECURE === "true",
 			hasSmtpPassword: !!(process.env.SMTP_TOKEN || process.env.SMTP_PASS),
 			// Reminder state for this user
 			lastAutoEmailSent: settings.lastAutoEmailSent,
 			lastNotificationType: settings.lastNotificationType,
 			lastNotificationChannel: settings.lastNotificationChannel,
 			lastReminderMedName: settings.lastReminderMedName ?? null,
 			lastReminderTakenBy: settings.lastReminderTakenBy ?? null,
 			// Server settings (from .env, read-only)
 			expiryWarningDays: parseInt(process.env.EXPIRY_WARNING_DAYS ?? "30", 10),
 		});
 	});
-    // Update or insert user settings
+	// Update settings for current user
-    const existingSettings = await db.select().from(userSettings).where(eq(userSettings.userId, userId));
+	app.put<{ Body: SettingsBody }>("/settings", async (request, reply) => {
-    
+		const userId = await getUserId(request, reply);
    const settingsData = {
      emailEnabled: body.emailEnabled,
      notificationEmail: body.notificationEmail || null,
      emailStockReminders: body.emailStockReminders ?? true,
      emailIntakeReminders: body.emailIntakeReminders ?? true,
      shoutrrrEnabled: body.shoutrrrEnabled ?? false,
      shoutrrrUrl: body.shoutrrrUrl || null,
      shoutrrrStockReminders: body.shoutrrrStockReminders ?? true,
      shoutrrrIntakeReminders: body.shoutrrrIntakeReminders ?? true,
      reminderDaysBefore: body.reminderDaysBefore,
      repeatDailyReminders,
      lowStockDays: body.lowStockDays ?? 30,
      normalStockDays: body.normalStockDays ?? 90,
      highStockDays: body.highStockDays ?? 180,
      language: body.language ?? "en",
      stockCalculationMode: body.stockCalculationMode ?? "automatic",
      updatedAt: new Date(),
    };
-    if (existingSettings.length > 0) {
+		const body = request.body;
      await db.update(userSettings)
        .set(settingsData)
        .where(eq(userSettings.userId, userId));
    } else {
      await db.insert(userSettings).values({
        userId: userId,
        ...settingsData,
      });
    }
-    return reply.send({ success: true });
+		// Check if any stock reminders are configured
-  });
+		const hasEmailStock = body.emailEnabled && body.emailStockReminders && body.notificationEmail;
 		const hasShoutrrrStock = body.shoutrrrEnabled && body.shoutrrrStockReminders && body.shoutrrrUrl;
 		const hasAnyStockReminder = hasEmailStock || hasShoutrrrStock;
-  // Test email - use SMTP settings from process.env
+		// Disable repeatDailyReminders if no stock reminders are configured
-  app.post<{ Body: TestEmailBody }>("/settings/test-email", async (request, reply) => {
+		const repeatDailyReminders = hasAnyStockReminder ? (body.repeatDailyReminders ?? false) : false;
    const { email } = request.body;
    const smtpHost = process.env.SMTP_HOST;
    const smtpUser = process.env.SMTP_USER;
    const smtpPass = process.env.SMTP_TOKEN || process.env.SMTP_PASS;
    const smtpPort = parseInt(process.env.SMTP_PORT ?? "587");
    const smtpSecure = process.env.SMTP_SECURE === "true";
    const smtpFrom = process.env.SMTP_FROM ?? smtpUser;
-    if (!smtpHost || !smtpUser) {
+		// Update or insert user settings
-      return reply.status(400).send({ error: "SMTP not configured" });
+		const existingSettings = await db.select().from(userSettings).where(eq(userSettings.userId, userId));
    }
-    try {
+		const settingsData = {
-      const transporter = nodemailer.createTransport({
+			emailEnabled: body.emailEnabled,
-        host: smtpHost,
+			notificationEmail: body.notificationEmail || null,
-        port: smtpPort,
+			emailStockReminders: body.emailStockReminders ?? true,
-        secure: smtpSecure,
+			emailIntakeReminders: body.emailIntakeReminders ?? true,
-        auth: {
+			shoutrrrEnabled: body.shoutrrrEnabled ?? false,
-          user: smtpUser,
+			shoutrrrUrl: body.shoutrrrUrl || null,
-          pass: smtpPass ?? "",
+			shoutrrrStockReminders: body.shoutrrrStockReminders ?? true,
-        },
+			shoutrrrIntakeReminders: body.shoutrrrIntakeReminders ?? true,
-      });
+			reminderDaysBefore: body.reminderDaysBefore,
 			repeatDailyReminders,
 			skipRemindersForTakenDoses: body.skipRemindersForTakenDoses ?? false,
 			repeatRemindersEnabled: body.repeatRemindersEnabled ?? false,
 			reminderRepeatIntervalMinutes: body.reminderRepeatIntervalMinutes ?? 30,
 			maxNaggingReminders: body.maxNaggingReminders ?? 5,
 			lowStockDays: body.lowStockDays ?? 30,
 			normalStockDays: body.normalStockDays ?? 90,
 			highStockDays: body.highStockDays ?? 180,
 			language: body.language ?? "en",
 			stockCalculationMode: body.stockCalculationMode ?? "automatic",
 			updatedAt: new Date(),
 		};
-      await transporter.sendMail({
+		if (existingSettings.length > 0) {
-        from: smtpFrom,
+			await db.update(userSettings).set(settingsData).where(eq(userSettings.userId, userId));
-        to: email,
+		} else {
-        subject: "MedAssist-ng - Test Email",
+			await db.insert(userSettings).values({
-        text: "This is a test email from MedAssist-ng. If you received this, your email configuration is working correctly!",
+				userId: userId,
-        html: `
+				...settingsData,
 			});
 		}
 		return reply.send({ success: true });
 	});
 	// Test email - use SMTP settings from process.env
 	app.post<{ Body: TestEmailBody }>("/settings/test-email", async (request, reply) => {
 		const { email } = request.body;
 		const smtpHost = process.env.SMTP_HOST;
 		const smtpUser = process.env.SMTP_USER;
 		const smtpPass = process.env.SMTP_TOKEN || process.env.SMTP_PASS;
 		const smtpPort = parseInt(process.env.SMTP_PORT ?? "587", 10);
 		const smtpSecure = process.env.SMTP_SECURE === "true";
 		const smtpFrom = process.env.SMTP_FROM ?? smtpUser;
 		if (!smtpHost || !smtpUser) {
 			return reply.status(400).send({ error: "SMTP not configured" });
 		}
 		try {
 			const transporter = nodemailer.createTransport({
 				host: smtpHost,
 				port: smtpPort,
 				secure: smtpSecure,
 				auth: {
 					user: smtpUser,
 					pass: smtpPass ?? "",
 				},
 			});
 			await transporter.sendMail({
 				from: smtpFrom,
 				to: email,
 				subject: "MedAssist-ng - Test Email",
 				text: "This is a test email from MedAssist-ng. If you received this, your email configuration is working correctly!",
 				html: `
          <div style="font-family: system-ui, sans-serif; max-width: 600px; margin: 0 auto; padding: 20px;">
            <h2 style="color: #2563eb;">MedAssist-ng - Test Email</h2>
            <p>This is a test email from MedAssist-ng.</p>
@@ -295,85 +351,203 @@ export async function settingsRoutes(app: FastifyInstance) {
            <p style="color: #6b7280; font-size: 14px;">Sent from MedAssist-ng Medication Planner</p>
          </div>
        `,
-      });
+			});
-      return reply.send({ success: true, message: "Test email sent successfully" });
+			return reply.send({ success: true, message: "Test email sent successfully" });
-    } catch (error) {
+		} catch (error) {
-      const errorMessage = error instanceof Error ? error.message : "Unknown error";
+			const errorMessage = error instanceof Error ? error.message : "Unknown error";
-      return reply.status(500).send({ error: `Failed to send email: ${errorMessage}` });
+			return reply.status(500).send({ error: `Failed to send email: ${errorMessage}` });
-    }
+		}
-  });
+	});
-  // Test Shoutrrr/ntfy notification
+	// Test Shoutrrr/ntfy notification
-  app.post<{ Body: TestShoutrrrBody }>("/settings/test-shoutrrr", async (request, reply) => {
+	app.post<{ Body: TestShoutrrrBody }>("/settings/test-shoutrrr", async (request, reply) => {
-    const { url } = request.body;
+		const { url } = request.body;
    if (!url) {
      return reply.status(400).send({ error: "Notification URL is required" });
    }
-    try {
+		if (!url) {
-      const result = await sendShoutrrrNotification(url, "MedAssist-ng Test", "This is a test notification from MedAssist-ng. If you received this, your notification configuration is working correctly!");
+			return reply.status(400).send({ error: "Notification URL is required" });
-      
+		}
-      if (result.success) {
+
-        return reply.send({ success: true, message: "Test notification sent successfully" });
+		try {
-      } else {
+			const result = await sendShoutrrrNotification(
-        return reply.status(500).send({ error: result.error });
+				url,
-      }
+				"MedAssist-ng Test",
-    } catch (error) {
+				"This is a test notification from MedAssist-ng. If you received this, your notification configuration is working correctly!"
-      const errorMessage = error instanceof Error ? error.message : "Unknown error";
+			);
-      return reply.status(500).send({ error: `Failed to send notification: ${errorMessage}` });
+
-    }
+			if (result.success) {
-  });
+				return reply.send({ success: true, message: "Test notification sent successfully" });
 			} else {
 				return reply.status(500).send({ error: result.error });
 			}
 		} catch (error) {
 			const errorMessage = error instanceof Error ? error.message : "Unknown error";
 			return reply.status(500).send({ error: `Failed to send notification: ${errorMessage}` });
 		}
 	});
 }
 // Validate and sanitize URL to prevent SSRF attacks
 // Returns a reconstructed URL from validated components to break taint tracking
 function sanitizeNotificationUrl(
 	urlStr: string
 ): { url: string; isNtfy: boolean; auth?: { user: string; pass: string } } | { error: string } {
 	try {
 		// Convert ntfy:// to https:// for parsing, track if it was ntfy
 		const isNtfy = urlStr.startsWith("ntfy://");
 		const normalizedUrl = isNtfy ? urlStr.replace("ntfy://", "https://") : urlStr;
 		const parsed = new URL(normalizedUrl);
 		// Only allow http and https protocols
 		if (!["http:", "https:"].includes(parsed.protocol)) {
 			return { error: "Only HTTP/HTTPS protocols are allowed" };
 		}
 		// Block private/internal IP addresses
 		const hostname = parsed.hostname.toLowerCase();
 		// Block localhost
 		if (hostname === "localhost" || hostname === "127.0.0.1" || hostname === "::1") {
 			return { error: "Localhost URLs are not allowed" };
 		}
 		// Block private IP ranges (basic check)
 		const ipMatch = hostname.match(/^(\d+)\.(\d+)\.(\d+)\.(\d+)$/);
 		if (ipMatch) {
 			const [, a, b] = ipMatch.map(Number);
 			// 10.x.x.x, 172.16-31.x.x, 192.168.x.x, 169.254.x.x (link-local)
 			if (
 				a === 10 ||
 				a === 127 ||
 				(a === 172 && b >= 16 && b <= 31) ||
 				(a === 192 && b === 168) ||
 				(a === 169 && b === 254)
 			) {
 				return { error: "Private IP addresses are not allowed" };
 			}
 		}
 		// Block common internal hostnames
 		if (
 			hostname.endsWith(".local") ||
 			hostname.endsWith(".internal") ||
 			hostname.endsWith(".lan") ||
 			hostname === "metadata.google.internal"
 		) {
 			return { error: "Internal hostnames are not allowed" };
 		}
 		// Reconstruct URL from validated components - this breaks taint tracking
 		// because we're building a new string from validated parts, not passing through user input
 		const reconstructedUrl = `${parsed.protocol}//${parsed.host}${parsed.pathname}${parsed.search}`;
 		// Extract auth credentials separately for ntfy (they're in the URL but not in host)
 		const auth =
 			isNtfy && parsed.username && parsed.password ? { user: parsed.username, pass: parsed.password } : undefined;
 		return { url: reconstructedUrl, isNtfy, auth };
 	} catch {
 		return { error: "Invalid URL format" };
 	}
 }
 // Send notification via Shoutrrr-compatible URL (supports ntfy, Discord, Telegram, etc.)
-export async function sendShoutrrrNotification(urlStr: string, title: string, message: string): Promise<{ success: boolean; error?: string }> {
+export async function sendShoutrrrNotification(
-  try {
+	urlStr: string,
-    let targetUrl: string;
+	title: string,
-    let method = "POST";
+	message: string
-    let headers: Record<string, string> = {};
+): Promise<{ success: boolean; error?: string }> {
-    let body: string | undefined;
+	try {
 		// Validate and sanitize URL to prevent SSRF - this reconstructs the URL
 		// from validated components, breaking taint tracking
 		const validation = sanitizeNotificationUrl(urlStr);
 		if ("error" in validation) {
 			return { success: false, error: validation.error };
 		}
-    // Remove emojis from title for header compatibility
+		// Use ONLY the reconstructed URL from validation - never the original urlStr
-    const cleanTitle = title.replace(/[\u{1F300}-\u{1F9FF}]|[\u{2600}-\u{26FF}]|[\u{2700}-\u{27BF}]|[\u{FE00}-\u{FE0F}]|[\u{2000}-\u{206F}]|⚠|️/gu, "").trim();
+		const { url: sanitizedUrl, isNtfy, auth } = validation;
-    if (urlStr.startsWith("ntfy://")) {
+		let targetUrl: string;
-      const parsed = new URL(urlStr.replace("ntfy://", "https://"));
+		const method = "POST";
-      targetUrl = `https://${parsed.host}${parsed.pathname}`;
+		let headers: Record<string, string> = {};
-      headers = { "Title": cleanTitle, "Tags": "pill" };
+		let body: string | undefined;
      body = message;
      if (parsed.username && parsed.password) {
        headers["Authorization"] = "Basic " + Buffer.from(`${parsed.username}:${parsed.password}`).toString("base64");
      }
    } else if (urlStr.startsWith("https://ntfy.") || urlStr.includes("ntfy.sh") || urlStr.includes("/ntfy/")) {
      targetUrl = urlStr;
      headers = { "Title": cleanTitle, "Tags": "pill" };
      body = message;
    } else if (urlStr.startsWith("http://") || urlStr.startsWith("https://")) {
      targetUrl = urlStr;
      headers = { "Content-Type": "application/json" };
      body = JSON.stringify({ title, message, text: `${title}\n\n${message}` });
    } else {
      return { success: false, error: "Unsupported URL format. Use ntfy:// or https:// URL" };
    }
-    const response = await fetch(targetUrl, {
+		// Remove emojis from title for header compatibility
-      method,
+		const cleanTitle = title
-      headers,
+			.replace(
-      body,
+				/[\u{1F300}-\u{1F9FF}]|[\u{2600}-\u{26FF}]|[\u{2700}-\u{27BF}]|[\u{FE00}-\u{FE0F}]|[\u{2000}-\u{206F}]|⚠|️/gu,
-    });
+				""
 			)
 			.trim();
-    if (response.ok) {
+		// Determine notification type based on URL hostname
-      return { success: true };
+		// Use JSON format only for known webhook services that require it
-    } else {
+		// Use proper URL parsing to prevent bypass attacks (e.g., evil.com?hooks.slack.com)
-      const errorText = await response.text();
+		let isJsonWebhook = false;
-      return { success: false, error: `HTTP ${response.status}: ${errorText}` };
+		try {
-    }
+			const parsedUrl = new URL(sanitizedUrl);
-  } catch (error) {
+			const hostname = parsedUrl.hostname.toLowerCase();
-    const errorMessage = error instanceof Error ? error.message : "Unknown error";
+			const pathname = parsedUrl.pathname.toLowerCase();
-    return { success: false, error: errorMessage };
+
-  }
+			isJsonWebhook =
 				// Discord webhooks
 				((hostname === "discord.com" || hostname === "discordapp.com") && pathname.startsWith("/api/webhooks")) ||
 				// Slack webhooks
 				hostname === "hooks.slack.com" ||
 				hostname.endsWith(".hooks.slack.com") ||
 				// Telegram API
 				hostname === "api.telegram.org" ||
 				// Gotify (can be self-hosted, so check if "gotify" is in hostname)
 				hostname.includes("gotify");
 		} catch {
 			// If URL parsing fails, default to ntfy-style
 			isJsonWebhook = false;
 		}
 		// Default to ntfy-style (plain text with Title header) for all other HTTP URLs
 		// This works for ntfy, Apprise, and most simple push services
 		if (!isJsonWebhook) {
 			targetUrl = sanitizedUrl;
 			headers = { Title: cleanTitle, Tags: "pill" };
 			body = message;
 			// Add auth if present (extracted during sanitization)
 			if (auth) {
 				headers.Authorization = `Basic ${Buffer.from(`${auth.user}:${auth.pass}`).toString("base64")}`;
 			}
 		} else if (sanitizedUrl.startsWith("http://") || sanitizedUrl.startsWith("https://")) {
 			targetUrl = sanitizedUrl;
 			headers = { "Content-Type": "application/json" };
 			body = JSON.stringify({ title, message, text: `${title}\n\n${message}` });
 		} else {
 			return { success: false, error: "Unsupported URL format. Use ntfy:// or https:// URL" };
 		}
 		// SSRF protection: targetUrl is reconstructed from sanitizeNotificationUrl() which validates:
 		// - Only http/https protocols allowed
 		// - Blocks localhost (localhost, 127.0.0.1, ::1)
 		// - Blocks private IPs (10.x.x.x, 172.16-31.x.x, 192.168.x.x, 169.254.x.x)
 		// - Blocks internal hostnames (.local, .internal, .lan, metadata.google.internal)
 		// - redirect: "error" prevents redirect-based bypass attacks
 		// This is an intentional feature: users configure their own external notification services
 		// lgtm [js/request-forgery]
 		const response = await fetch(targetUrl, {
 			method,
 			headers,
 			body,
 			redirect: "error", // Don't follow redirects that could bypass validation
 		});
 		if (response.ok) {
 			return { success: true };
 		} else {
 			const errorText = await response.text();
 			return { success: false, error: `HTTP ${response.status}: ${errorText}` };
 		}
 	} catch (error) {
 		const errorMessage = error instanceof Error ? error.message : "Unknown error";
 		return { success: false, error: errorMessage };
 	}
 }
@@ -1,12 +1,18 @@
-import { FastifyInstance } from "fastify";
+import { randomBytes } from "node:crypto";
 import { eq } from "drizzle-orm";
 import type { FastifyInstance, FastifyReply, FastifyRequest } from "fastify";
 import { z } from "zod";
 import { randomBytes } from "crypto";
 import { db } from "../db/client.js";
 import { medications, shareTokens, userSettings, users } from "../db/schema.js";
-import { eq, and, sql } from "drizzle-orm";
+import { getAnonymousUserId, requireAuth } from "../plugins/auth.js";
 import { requireAuth, optionalAuth, getAnonymousUserId } from "../plugins/auth.js";
 import { env } from "../plugins/env.js";
 import type { AuthUser } from "../types/fastify.js";
 import {
 	getAllTakenByForMedication,
 	parseIntakesJson,
 	parseTakenByJson,
 	personTakesMedication,
 } from "../utils/scheduler-utils.js";
 // Share token validity: 1 year in milliseconds
 const SHARE_TOKEN_VALIDITY_MS = 365 * 24 * 60 * 60 * 1000;
@@ -15,212 +21,226 @@ const SHARE_TOKEN_VALIDITY_MS = 365 * 24 * 60 * 60 * 1000;
 // Validation Schemas
 // =============================================================================
 const createShareSchema = z.object({
-  takenBy: z.string().min(1, "takenBy is required"),
+	takenBy: z.string().min(1, "takenBy is required"),
-  scheduleDays: z.number().int().min(1).max(365).default(30),
+	scheduleDays: z.number().int().min(1).max(365).default(30),
 });
 // Helper to get user ID from request
 // Returns anonymous user ID when auth is disabled
-async function getUserId(request: any, reply: any): Promise<number> {
+async function getUserId(request: FastifyRequest, reply: FastifyReply): Promise<number> {
-  // If auth is disabled, use the anonymous user
+	// If auth is disabled, use the anonymous user
-  if (!env.AUTH_ENABLED) {
+	if (!env.AUTH_ENABLED) {
-    return getAnonymousUserId();
+		return getAnonymousUserId();
-  }
+	}
  const authUser = request.user as unknown as AuthUser | null;
  if (!authUser) {
    reply.status(401).send({ error: "Not authenticated" });
    throw new Error("AUTH_REQUIRED");
  }
  return authUser.id;
 }
-// Helper to parse takenByJson
+	const authUser = request.user as unknown as AuthUser | null;
-function parseTakenByJson(takenByJson: string | null | undefined): string[] {
+	if (!authUser) {
-  if (!takenByJson) return [];
+		reply.status(401).send({ error: "Not authenticated" });
-  try {
+		throw new Error("AUTH_REQUIRED");
-    const parsed = JSON.parse(takenByJson);
+	}
-    return Array.isArray(parsed) ? parsed.filter((s: unknown) => typeof s === "string" && s.trim()) : [];
+	return authUser.id;
  } catch {
    return [];
  }
 }
 // =============================================================================
 // Share Routes
 // =============================================================================
 export async function shareRoutes(app: FastifyInstance) {
-  // ---------------------------------------------------------------------------
+	// ---------------------------------------------------------------------------
-  // GET /share/:token - PUBLIC: Get shared schedule by token
+	// GET /share/:token - PUBLIC: Get shared schedule by token
-  // ---------------------------------------------------------------------------
+	// ---------------------------------------------------------------------------
-  app.get<{ Params: { token: string } }>("/share/:token", async (request, reply) => {
+	app.get<{ Params: { token: string } }>("/share/:token", async (request, reply) => {
-    const { token } = request.params;
+		const { token } = request.params;
-    // Find share token
+		// Find share token
-    const [share] = await db.select().from(shareTokens).where(eq(shareTokens.token, token));
+		const [share] = await db.select().from(shareTokens).where(eq(shareTokens.token, token));
-    if (!share) {
+		if (!share) {
-      return reply.status(404).send({ 
+			return reply.status(404).send({
-        error: "Share link not found",
+				error: "Share link not found",
-        code: "NOT_FOUND"
+				code: "NOT_FOUND",
-      });
+			});
-    }
+		}
-    // Check if token has expired
+		// Check if token has expired
-    if (share.expiresAt && share.expiresAt.getTime() < Date.now()) {
+		if (share.expiresAt && share.expiresAt.getTime() < Date.now()) {
-      // Get the username of the owner to show in the expired message
+			// Get the username of the owner to show in the expired message
-      const [owner] = await db.select({ username: users.username }).from(users).where(eq(users.id, share.userId));
+			const [owner] = await db.select({ username: users.username }).from(users).where(eq(users.id, share.userId));
-      return reply.status(410).send({
+			return reply.status(410).send({
-        error: "Share link has expired",
+				error: "Share link has expired",
-        code: "EXPIRED",
+				code: "EXPIRED",
-        ownerUsername: owner?.username ?? "the owner",
+				ownerUsername: owner?.username ?? "the owner",
-        takenBy: share.takenBy,
+				takenBy: share.takenBy,
-        expiredAt: share.expiresAt.toISOString(),
+				expiredAt: share.expiresAt.toISOString(),
-      });
+			});
-    }
+		}
-    // Get user settings for stock thresholds
+		// Get user settings for stock thresholds
-    const [settings] = await db.select().from(userSettings).where(eq(userSettings.userId, share.userId));
+		const [settings] = await db.select().from(userSettings).where(eq(userSettings.userId, share.userId));
-    // Get the username of the owner who created this share link
+		// Get the username of the owner who created this share link
-    const [owner] = await db.select({ username: users.username }).from(users).where(eq(users.id, share.userId));
+		const [owner] = await db.select({ username: users.username }).from(users).where(eq(users.id, share.userId));
-    // Get medications for this user filtered by takenBy (search in JSON array)
+		// Get medications for this user filtered by takenBy (search in JSON array)
-    // Use SQLite JSON function to check if takenBy is in the array
+		// Use SQLite JSON function to check if takenBy is in the array
-    const allMeds = await db.select().from(medications).where(eq(medications.userId, share.userId));
+		const allMeds = await db.select().from(medications).where(eq(medications.userId, share.userId));
    // Filter medications where takenByJson array contains the share.takenBy value
    const meds = allMeds.filter((med) => {
      const takenByArray = parseTakenByJson(med.takenByJson);
      return takenByArray.includes(share.takenBy);
    });
-    // Parse blisters and build schedule data
+		// Filter medications where takenBy matches either medication-level OR any intake-level takenBy
-    const medicationsWithBlisters = meds.map((med) => {
+		const meds = allMeds.filter((med) => {
-      let blisters: { usage: number; every: number; start: string }[] = [];
+			const takenByArray = parseTakenByJson(med.takenByJson);
-      try {
+			const intakes = parseIntakesJson(
-        const usageArr = JSON.parse(med.usageJson || "[]");
+				med.intakesJson,
-        const everyArr = JSON.parse(med.everyJson || "[]");
+				{ usageJson: med.usageJson, everyJson: med.everyJson, startJson: med.startJson },
-        const startArr = JSON.parse(med.startJson || "[]");
+				med.intakeRemindersEnabled ?? false
-        blisters = usageArr.map((usage: number, i: number) => ({
+			);
-          usage,
+			return personTakesMedication(share.takenBy, takenByArray, intakes);
-          every: everyArr[i] ?? 1,
+		});
          start: startArr[i] ?? new Date().toISOString(),
        }));
      } catch {
        blisters = [];
      }
-      // Parse takenBy JSON array
+		// Parse blisters and build schedule data
-      const takenByArray = parseTakenByJson(med.takenByJson);
+		const medicationsWithBlisters = meds.map((med) => {
 			// Parse intakes from new format, falling back to legacy
 			const intakes = parseIntakesJson(
 				med.intakesJson,
 				{ usageJson: med.usageJson, everyJson: med.everyJson, startJson: med.startJson },
 				med.intakeRemindersEnabled ?? false
 			);
-      const totalPills = med.packCount * med.blistersPerPack * med.pillsPerBlister + med.looseTablets;
+			// Convert to legacy blisters format for backward compat
-      return {
+			const blisters = intakes.map((i) => ({
-        id: med.id,
+				usage: i.usage,
-        name: med.name,
+				every: i.every,
-        genericName: med.genericName,
+				start: i.start,
-        pillWeightMg: med.pillWeightMg,
+			}));
        imageUrl: med.imageUrl,
        totalPills,
        packCount: med.packCount,
        blistersPerPack: med.blistersPerPack,
        looseTablets: med.looseTablets,
        pillsPerBlister: med.pillsPerBlister,
        takenBy: takenByArray,
        blisters,
      };
    });
-    return {
+			// Parse takenBy JSON array
-      takenBy: share.takenBy,
+			const takenByArray = parseTakenByJson(med.takenByJson);
      sharedBy: owner?.username ?? null,
      scheduleDays: share.scheduleDays,
      medications: medicationsWithBlisters,
      stockThresholds: {
        lowStockDays: settings?.lowStockDays ?? 30,
      },
    };
  });
-  // ---------------------------------------------------------------------------
+			const totalPills =
-  // POST /share - PROTECTED: Create a new share link
+				med.packCount * med.blistersPerPack * med.pillsPerBlister + med.looseTablets + (med.stockAdjustment ?? 0);
-  // ---------------------------------------------------------------------------
+			return {
-  app.post<{ Body: z.infer<typeof createShareSchema> }>(
+				id: med.id,
-    "/share",
+				name: med.name,
-    { preHandler: requireAuth },
+				genericName: med.genericName,
-    async (request, reply) => {
+				pillWeightMg: med.pillWeightMg,
-      const userId = await getUserId(request, reply);
+				doseUnit: med.doseUnit ?? "mg",
 				imageUrl: med.imageUrl,
 				totalPills,
 				packCount: med.packCount,
 				blistersPerPack: med.blistersPerPack,
 				looseTablets: med.looseTablets,
 				pillsPerBlister: med.pillsPerBlister,
 				takenBy: takenByArray,
 				intakes, // New unified format with per-intake takenBy
 				blisters, // Legacy format for backward compat
 				dismissedUntil: med.dismissedUntil,
 				updatedAt: med.updatedAt, // For filtering out doses from previous schedule configurations
 			};
 		});
-      const parsed = createShareSchema.safeParse(request.body);
+		return {
-      if (!parsed.success) {
+			takenBy: share.takenBy,
-        return reply.status(400).send({
+			sharedBy: owner?.username ?? null,
-          error: parsed.error.errors[0]?.message ?? "Invalid input",
+			scheduleDays: share.scheduleDays,
-          code: "VALIDATION_ERROR",
+			medications: medicationsWithBlisters,
-        });
+			stockThresholds: {
-      }
+				lowStockDays: settings?.lowStockDays ?? 30,
 			},
 		};
 	});
-      const { takenBy, scheduleDays } = parsed.data;
+	// ---------------------------------------------------------------------------
 	// POST /share - PROTECTED: Create a new share link
 	// ---------------------------------------------------------------------------
 	app.post<{ Body: z.infer<typeof createShareSchema> }>(
 		"/share",
 		{ preHandler: requireAuth },
 		async (request, reply) => {
 			const userId = await getUserId(request, reply);
-      // Check if user has medications for this takenBy (search in JSON array)
+			const parsed = createShareSchema.safeParse(request.body);
-      const allMeds = await db.select().from(medications).where(eq(medications.userId, userId));
+			if (!parsed.success) {
-      const medsForPerson = allMeds.filter((med) => {
+				return reply.status(400).send({
-        const takenByArray = parseTakenByJson(med.takenByJson);
+					error: parsed.error.errors[0]?.message ?? "Invalid input",
-        return takenByArray.includes(takenBy);
+					code: "VALIDATION_ERROR",
-      });
+				});
 			}
-      if (medsForPerson.length === 0) {
+			const { takenBy, scheduleDays } = parsed.data;
        return reply.status(400).send({
          error: "No medications found for this person",
          code: "NO_MEDICATIONS",
        });
      }
-      // Generate unique token (8 bytes = 16 hex chars)
+			// Check if user has medications for this takenBy (search in both medication-level and intake-level)
-      const token = randomBytes(8).toString("hex");
+			const allMeds = await db.select().from(medications).where(eq(medications.userId, userId));
-      
+			const medsForPerson = allMeds.filter((med) => {
-      // Set expiration date (1 year from now)
+				const takenByArray = parseTakenByJson(med.takenByJson);
-      const expiresAt = new Date(Date.now() + SHARE_TOKEN_VALIDITY_MS);
+				const intakes = parseIntakesJson(
 					med.intakesJson,
 					{ usageJson: med.usageJson, everyJson: med.everyJson, startJson: med.startJson },
 					med.intakeRemindersEnabled ?? false
 				);
 				return personTakesMedication(takenBy, takenByArray, intakes);
 			});
-      // Create share token
+			if (medsForPerson.length === 0) {
-      await db.insert(shareTokens).values({
+				return reply.status(400).send({
-        userId: userId,
+					error: "No medications found for this person",
-        token,
+					code: "NO_MEDICATIONS",
-        takenBy,
+				});
-        scheduleDays,
+			}
        expiresAt,
      });
-      return {
+			// Generate unique token (8 bytes = 16 hex chars)
-        token,
+			const token = randomBytes(8).toString("hex");
        shareUrl: `/share/${token}`,
        expiresAt: expiresAt.toISOString(),
      };
    }
  );
-  // ---------------------------------------------------------------------------
+			// Set expiration date (1 year from now)
-  // GET /share/people - PROTECTED: Get list of unique takenBy values
+			const expiresAt = new Date(Date.now() + SHARE_TOKEN_VALIDITY_MS);
  // ---------------------------------------------------------------------------
  app.get(
    "/share/people",
    { preHandler: requireAuth },
    async (request, reply) => {
      const userId = await getUserId(request, reply);
-      // Get all unique takenBy values for this user (from JSON arrays)
+			// Create share token
-      const meds = await db.select({ takenByJson: medications.takenByJson })
+			await db.insert(shareTokens).values({
-        .from(medications)
+				userId: userId,
-        .where(eq(medications.userId, userId));
+				token,
 				takenBy,
 				scheduleDays,
 				expiresAt,
 			});
-      // Collect all unique person names from all takenByJson arrays
+			return {
-      const allPeople = new Set<string>();
+				token,
-      for (const med of meds) {
+				shareUrl: `/share/${token}`,
-        const takenByArray = parseTakenByJson(med.takenByJson);
+				expiresAt: expiresAt.toISOString(),
-        for (const person of takenByArray) {
+			};
-          if (person) allPeople.add(person);
+		}
-        }
+	);
      }
-      return { people: [...allPeople].sort() };
+	// ---------------------------------------------------------------------------
-    }
+	// GET /share/people - PROTECTED: Get list of unique takenBy values
-  );
+	// ---------------------------------------------------------------------------
 	app.get("/share/people", { preHandler: requireAuth }, async (request, reply) => {
 		const userId = await getUserId(request, reply);
 		// Get all unique takenBy values for this user (from both medication-level and intake-level)
 		const meds = await db
 			.select({
 				takenByJson: medications.takenByJson,
 				intakesJson: medications.intakesJson,
 				usageJson: medications.usageJson,
 				everyJson: medications.everyJson,
 				startJson: medications.startJson,
 				intakeRemindersEnabled: medications.intakeRemindersEnabled,
 			})
 			.from(medications)
 			.where(eq(medications.userId, userId));
 		// Collect all unique person names from medication-level AND intake-level takenBy
 		const allPeople = new Set<string>();
 		for (const med of meds) {
 			const takenByArray = parseTakenByJson(med.takenByJson);
 			const intakes = parseIntakesJson(
 				med.intakesJson,
 				{ usageJson: med.usageJson, everyJson: med.everyJson, startJson: med.startJson },
 				med.intakeRemindersEnabled ?? false
 			);
 			const allForMed = getAllTakenByForMedication(takenByArray, intakes);
 			for (const person of allForMed) {
 				if (person) allPeople.add(person);
 			}
 		}
 		return { people: [...allPeople].sort() };
 	});
 }
@@ -1,275 +1,148 @@
-import nodemailer from "nodemailer";
+import { existsSync, readFileSync, writeFileSync } from "node:fs";
 import { resolve } from "node:path";
 import { eq } from "drizzle-orm";
 import nodemailer from "nodemailer";
 import { db } from "../db/client.js";
-import { medications, users, userSettings } from "../db/schema.js";
+import { medications, userSettings } from "../db/schema.js";
-import { readFileSync, writeFileSync, existsSync } from "fs";
+import { getTranslations, type Language, t } from "../i18n/translations.js";
-import { resolve } from "path";
+import { getAllUserSettings, sendShoutrrrNotification, type UserSettings } from "../routes/settings.js";
 import { loadUserSettings, getAllUserSettings, sendShoutrrrNotification, type UserSettings } from "../routes/settings.js";
 import { getTranslations, t, getDateLocale, type Language } from "../i18n/translations.js";
-type Blister = { usage: number; every: number; start: string };
+// Import shared utilities
-
+import {
-type ReminderState = {
+	type Blister,
-  lastAutoEmailSent: string | null; // ISO date string
+	calculateDepletionInfo,
-  lastAutoEmailDate: string | null; // YYYY-MM-DD - to track if we already sent today
+	createDefaultReminderState,
-  notifiedMedications: string[]; // List of medication names that have been notified (cleared when restocked)
+	formatInTimezone,
-  nextScheduledCheck: string | null; // ISO date string for when the next check is scheduled
+	getCurrentHourInTimezone,
-  lastNotificationType: "stock" | "intake" | null; // Type of last notification
+	getMsUntilNextCheck,
-  lastNotificationChannel: "email" | "push" | "both" | null; // Channel used for last notification
+	getNextScheduledTime,
-};
+	getTimezone,
 	getTodayInTimezone,
 	parseBlisters,
 	parseReminderState,
 	type ReminderState,
 } from "../utils/scheduler-utils.js";
 const REMINDER_HOUR = parseInt(process.env.REMINDER_HOUR ?? "6", 10); // Default 6:00 AM local time
 // Get current timezone from TZ env variable or default to UTC
 function getTimezone(): string {
  return process.env.TZ || "UTC";
 }
 // Format a date in the configured timezone
 function formatInTimezone(date: Date): string {
  return date.toLocaleString("de-DE", { 
    timeZone: getTimezone(),
    day: "2-digit",
    month: "2-digit",
    year: "numeric",
    hour: "2-digit",
    minute: "2-digit"
  });
 }
 // Get current hour in the configured timezone
 function getCurrentHourInTimezone(): number {
  const now = new Date();
  const timeStr = now.toLocaleString("en-US", { 
    timeZone: getTimezone(), 
    hour: "numeric", 
    hour12: false 
  });
  return parseInt(timeStr, 10);
 }
 // Get today's date string in the configured timezone (YYYY-MM-DD)
 function getTodayInTimezone(): string {
  const now = new Date();
  const parts = now.toLocaleDateString("en-CA", { timeZone: getTimezone() }).split("-");
  return parts.join("-"); // YYYY-MM-DD format
 }
 function getNextScheduledTime(): Date {
  const now = new Date();
  const tz = getTimezone();
  // Get current time components in the target timezone
  const formatter = new Intl.DateTimeFormat("en-US", {
    timeZone: tz,
    year: "numeric",
    month: "2-digit",
    day: "2-digit",
    hour: "2-digit",
    minute: "2-digit",
    hour12: false
  });
  const parts = formatter.formatToParts(now);
  const getPart = (type: string) => parts.find(p => p.type === type)?.value || "0";
  const currentHour = parseInt(getPart("hour"), 10);
  const currentMinute = parseInt(getPart("minute"), 10);
  // Calculate if we need tomorrow
  const needTomorrow = currentHour > REMINDER_HOUR || (currentHour === REMINDER_HOUR && currentMinute > 0);
  // Get the date we want to schedule for
  const year = parseInt(getPart("year"), 10);
  const month = parseInt(getPart("month"), 10);
  let day = parseInt(getPart("day"), 10);
  if (needTomorrow) {
    day += 1;
  }
  // Handle month overflow simply by adding a day to now if needed
  let targetDate: Date;
  if (needTomorrow) {
    targetDate = new Date(now.getTime() + 24 * 60 * 60 * 1000);
  } else {
    targetDate = new Date(now);
  }
  // Get the target date's date string in the timezone
  const targetFormatter = new Intl.DateTimeFormat("en-CA", {
    timeZone: tz,
    year: "numeric",
    month: "2-digit",
    day: "2-digit"
  });
  const [targetYear, targetMonth, targetDay] = targetFormatter.format(targetDate).split("-").map(Number);
  // Now we need to find the UTC time that corresponds to REMINDER_HOUR:00 on targetDate in the target timezone
  // Use a search approach: start with a guess and adjust
  const guessUtc = new Date(Date.UTC(targetYear, targetMonth - 1, targetDay, REMINDER_HOUR, 0, 0, 0));
  // Check what hour this UTC time corresponds to in the target timezone
  const checkFormatter = new Intl.DateTimeFormat("en-US", {
    timeZone: tz,
    hour: "2-digit",
    hour12: false
  });
  // Adjust based on the difference
  const guessHour = parseInt(checkFormatter.format(guessUtc), 10);
  const hourDiff = guessHour - REMINDER_HOUR;
  // Apply correction (if guessHour is higher, we need to subtract time)
  const correctedUtc = new Date(guessUtc.getTime() - hourDiff * 60 * 60 * 1000);
  return correctedUtc;
 }
 function getMsUntilNextCheck(): number {
  const next = getNextScheduledTime();
  return next.getTime() - Date.now();
 }
 const reminderStateFile = resolve(process.cwd(), "data", "reminder-state.json");
 function loadReminderState(): ReminderState {
-  try {
+	try {
-    if (existsSync(reminderStateFile)) {
+		if (existsSync(reminderStateFile)) {
-      const saved = JSON.parse(readFileSync(reminderStateFile, "utf-8"));
+			return parseReminderState(readFileSync(reminderStateFile, "utf-8"));
-      return {
+		}
-        lastAutoEmailSent: saved.lastAutoEmailSent ?? null,
+	} catch {
-        lastAutoEmailDate: saved.lastAutoEmailDate ?? null,
+		// ignore
-        notifiedMedications: saved.notifiedMedications ?? [],
+	}
-        nextScheduledCheck: saved.nextScheduledCheck ?? null,
+	return createDefaultReminderState();
        lastNotificationType: saved.lastNotificationType ?? null,
        lastNotificationChannel: saved.lastNotificationChannel ?? null,
      };
    }
  } catch {
    // ignore
  }
  return { lastAutoEmailSent: null, lastAutoEmailDate: null, notifiedMedications: [], nextScheduledCheck: null, lastNotificationType: null, lastNotificationChannel: null };
 }
 function saveReminderState(state: ReminderState): void {
-  writeFileSync(reminderStateFile, JSON.stringify(state, null, 2));
+	writeFileSync(reminderStateFile, JSON.stringify(state, null, 2));
 }
 export function getReminderState(): ReminderState {
-  return loadReminderState();
+	return loadReminderState();
 }
-export function updateReminderSentTime(type: "stock" | "intake" = "stock", channel: "email" | "push" | "both" = "email"): void {
+export function updateReminderSentTime(
-  const state = loadReminderState();
+	type: "stock" | "intake" = "stock",
-  const today = getTodayInTimezone();
+	channel: "email" | "push" | "both" = "email"
-  saveReminderState({
+): void {
-    ...state,
+	const state = loadReminderState();
-    lastAutoEmailSent: new Date().toISOString(),
+	const today = getTodayInTimezone();
-    lastAutoEmailDate: today,
+	saveReminderState({
-    lastNotificationType: type,
+		...state,
-    lastNotificationChannel: channel,
+		lastAutoEmailSent: new Date().toISOString(),
-  });
+		lastAutoEmailDate: today,
 		lastNotificationType: type,
 		lastNotificationChannel: channel,
 	});
 }
 // Update user settings in database when reminder is sent
 export async function updateUserReminderSentTime(
-  userId: number, 
+	userId: number,
-  type: "stock" | "intake" = "stock", 
+	type: "stock" | "intake" = "stock",
-  channel: "email" | "push" | "both" = "email"
+	channel: "email" | "push" | "both" = "email",
 	medName?: string,
 	takenBy?: string
 ): Promise<void> {
-  const now = new Date().toISOString();
+	const now = new Date().toISOString();
-  await db.update(userSettings)
+	await db
-    .set({
+		.update(userSettings)
-      lastAutoEmailSent: now,
+		.set({
-      lastNotificationType: type,
+			lastAutoEmailSent: now,
-      lastNotificationChannel: channel,
+			lastNotificationType: type,
-    })
+			lastNotificationChannel: channel,
-    .where(eq(userSettings.userId, userId));
+			lastReminderMedName: medName ?? null,
 			lastReminderTakenBy: takenBy ?? null,
 		})
 		.where(eq(userSettings.userId, userId));
 }
-function parseBlisters(row: { usageJson: string; everyJson: string; startJson: string }): Blister[] {
+function parseBlistersFromRow(row: { usageJson: string; everyJson: string; startJson: string }): Blister[] {
-  try {
+	return parseBlisters(row);
    const usage = JSON.parse(row.usageJson) as number[];
    const every = JSON.parse(row.everyJson) as number[];
    const start = JSON.parse(row.startJson) as string[];
    const len = Math.min(usage.length, every.length, start.length);
    const blisters: Blister[] = [];
    for (let i = 0; i < len; i++) {
      blisters.push({ usage: usage[i], every: every[i], start: start[i] });
    }
    return blisters;
  } catch {
    return [];
  }
 }
 function calculateDailyUsage(blisters: Blister[]): number {
  return blisters.reduce((sum, s) => sum + s.usage / s.every, 0);
 }
 function calculateDepletionInfo(med: { count: number; blisters: Blister[] }, language: Language): { daysLeft: number | null; depletionDate: string | null } {
  const dailyUsage = calculateDailyUsage(med.blisters);
  if (dailyUsage <= 0) return { daysLeft: null, depletionDate: null };
  const daysLeft = Math.floor(med.count / dailyUsage);
  const depletionMs = Date.now() + daysLeft * 86_400_000;
  const depletionDate = new Date(depletionMs).toLocaleDateString(getDateLocale(language), {
    weekday: "short",
    day: "2-digit",
    month: "short",
  });
  return { daysLeft, depletionDate };
 }
 type LowStockItem = {
-  name: string;
+	name: string;
-  medsLeft: number;
+	medsLeft: number;
-  daysLeft: number | null;
+	daysLeft: number | null;
-  depletionDate: string | null;
+	depletionDate: string | null;
 };
-async function getMedicationsNeedingReminder(userId: number, reminderDaysBefore: number, language: Language): Promise<LowStockItem[]> {
+async function getMedicationsNeedingReminder(
-  const rows = await db.select().from(medications).where(eq(medications.userId, userId)).orderBy(medications.id);
+	userId: number,
-  
+	reminderDaysBefore: number,
-  const lowStock: LowStockItem[] = [];
+	language: Language
-  
+): Promise<LowStockItem[]> {
-  for (const row of rows) {
+	const rows = await db.select().from(medications).where(eq(medications.userId, userId)).orderBy(medications.id);
-    const blisters = parseBlisters(row);
+
-    const totalPills = row.packCount * row.blistersPerPack * row.pillsPerBlister + row.looseTablets;
+	const lowStock: LowStockItem[] = [];
-    const { daysLeft, depletionDate } = calculateDepletionInfo({ count: totalPills, blisters }, language);
+
-    
+	for (const row of rows) {
-    // Check if medication runs out within reminderDaysBefore days
+		const blisters = parseBlistersFromRow(row);
-    if (daysLeft !== null && daysLeft <= reminderDaysBefore) {
+		const totalPills =
-      lowStock.push({
+			row.packCount * row.blistersPerPack * row.pillsPerBlister + row.looseTablets + (row.stockAdjustment ?? 0);
-        name: row.name,
+		const { daysLeft, depletionDate } = calculateDepletionInfo({ count: totalPills, blisters }, language);
-        medsLeft: totalPills,
+
-        daysLeft,
+		// Check if medication runs out within reminderDaysBefore days
-        depletionDate,
+		if (daysLeft !== null && daysLeft <= reminderDaysBefore) {
-      });
+			lowStock.push({
-    }
+				name: row.name,
-  }
+				medsLeft: totalPills,
-  
+				daysLeft,
-  return lowStock;
+				depletionDate,
 			});
 		}
 	}
 	return lowStock;
 }
-async function sendReminderEmail(email: string, lowStock: LowStockItem[], language: Language, isRepeatDaily: boolean = false): Promise<{ success: boolean; error?: string }> {
+async function sendReminderEmail(
-  const smtpHost = process.env.SMTP_HOST;
+	email: string,
-  const smtpUser = process.env.SMTP_USER;
+	lowStock: LowStockItem[],
-  const smtpPass = process.env.SMTP_TOKEN || process.env.SMTP_PASS; // Token takes precedence
+	language: Language,
-  const smtpPort = parseInt(process.env.SMTP_PORT ?? "587");
+	isRepeatDaily: boolean = false
-  const smtpSecure = process.env.SMTP_SECURE === "true";
+): Promise<{ success: boolean; error?: string }> {
-  const smtpFrom = process.env.SMTP_FROM ?? smtpUser;
+	const smtpHost = process.env.SMTP_HOST;
 	const smtpUser = process.env.SMTP_USER;
 	const smtpPass = process.env.SMTP_TOKEN || process.env.SMTP_PASS; // Token takes precedence
 	const smtpPort = parseInt(process.env.SMTP_PORT ?? "587", 10);
 	const smtpSecure = process.env.SMTP_SECURE === "true";
 	const smtpFrom = process.env.SMTP_FROM ?? smtpUser;
-  if (!smtpHost || !smtpUser) {
+	if (!smtpHost || !smtpUser) {
-    return { success: false, error: "SMTP not configured" };
+		return { success: false, error: "SMTP not configured" };
-  }
+	}
-  const tr = getTranslations(language);
+	const tr = getTranslations(language);
-  const tableRows = lowStock
+	const tableRows = lowStock
-    .map(
+		.map(
-      (row) => `
+			(row) => `
      <tr>
        <td style="padding: 10px 12px; border-bottom: 1px solid #e5e7eb; white-space: nowrap;">${row.name}</td>
        <td style="padding: 10px 12px; border-bottom: 1px solid #e5e7eb; text-align: center; white-space: nowrap;"><strong>${row.medsLeft}</strong></td>
@@ -277,14 +150,15 @@ async function sendReminderEmail(email: string, lowStock: LowStockItem[], langua
        <td style="padding: 10px 12px; border-bottom: 1px solid #e5e7eb; text-align: center; white-space: nowrap;">${row.depletionDate ?? "-"}</td>
      </tr>
    `
-    )
+		)
-    .join("");
+		.join("");
-  const alertText = lowStock.length === 1 
+	const alertText =
-    ? tr.stockReminder.alertSingle 
+		lowStock.length === 1
-    : t(tr.stockReminder.alertMultiple, { count: lowStock.length });
+			? tr.stockReminder.alertSingle
 			: t(tr.stockReminder.alertMultiple, { count: lowStock.length });
-  const html = `
+	const html = `
    <div style="font-family: system-ui, -apple-system, sans-serif; max-width: 100%; margin: 0 auto; padding: 12px; background: #f9fafb;">
      <div style="background: white; border-radius: 12px; padding: 16px; box-shadow: 0 1px 3px rgba(0,0,0,0.1);">
        <h2 style="color: #1f2937; margin: 0 0 8px; font-size: 18px;">${tr.stockReminder.title}</h2>
@@ -321,7 +195,7 @@ async function sendReminderEmail(email: string, lowStock: LowStockItem[], langua
    </div>
  `;
-  const plainText = `${tr.stockReminder.title}
+	const plainText = `${tr.stockReminder.title}
 ${tr.stockReminder.description}
@@ -330,204 +204,221 @@ ${lowStock.map((r) => `${r.name}: ${r.medsLeft} ${tr.common.pills}, ${r.daysLeft
 ---
 ${tr.stockReminder.footer}${isRepeatDaily ? `\n\n${tr.stockReminder.repeatDailyNote}` : ""}`;
-  const subjectPlural = lowStock.length === 1 ? "" : (language === "de" ? "e" : "s");
+	const subjectPlural = lowStock.length === 1 ? "" : language === "de" ? "e" : "s";
-  const subject = t(tr.stockReminder.subject, { count: lowStock.length, s: subjectPlural, e: subjectPlural });
+	const subject = t(tr.stockReminder.subject, { count: lowStock.length, s: subjectPlural, e: subjectPlural });
-  try {
+	try {
-    const transporter = nodemailer.createTransport({
+		const transporter = nodemailer.createTransport({
-      host: smtpHost,
+			host: smtpHost,
-      port: smtpPort,
+			port: smtpPort,
-      secure: smtpSecure,
+			secure: smtpSecure,
-      auth: {
+			auth: {
-        user: smtpUser,
+				user: smtpUser,
-        pass: smtpPass ?? "",
+				pass: smtpPass ?? "",
-      },
+			},
-    });
+		});
-    await transporter.sendMail({
+		await transporter.sendMail({
-      from: smtpFrom,
+			from: smtpFrom,
-      to: email,
+			to: email,
-      subject: `⚠️ ${subject}`,
+			subject: `⚠️ ${subject}`,
-      text: plainText,
+			text: plainText,
-      html,
+			html,
-    });
+		});
-    return { success: true };
+		return { success: true };
-  } catch (error) {
+	} catch (error) {
-    const errorMessage = error instanceof Error ? error.message : "Unknown error";
+		const errorMessage = error instanceof Error ? error.message : "Unknown error";
-    return { success: false, error: errorMessage };
+		return { success: false, error: errorMessage };
-  }
+	}
 }
-async function checkAndSendReminder(logger: { info: (msg: string) => void; error: (msg: string) => void }): Promise<void> {
+async function checkAndSendReminder(logger: {
-  // Get all user settings to iterate over each user
+	info: (msg: string) => void;
-  const allUserSettings = await getAllUserSettings();
+	error: (msg: string) => void;
-  
+}): Promise<void> {
-  if (allUserSettings.length === 0) {
+	// Get all user settings to iterate over each user
-    logger.info("[Reminder] No users with settings found");
+	const allUserSettings = await getAllUserSettings();
    return;
  }
-  for (const userSettings of allUserSettings) {
+	if (allUserSettings.length === 0) {
-    await checkAndSendReminderForUser(userSettings, logger);
+		logger.info("[Reminder] No users with settings found");
-  }
+		return;
 	}
 	for (const userSettings of allUserSettings) {
 		await checkAndSendReminderForUser(userSettings, logger);
 	}
 }
 async function checkAndSendReminderForUser(
-  settings: UserSettings & { userId: number },
+	settings: UserSettings & { userId: number },
-  logger: { info: (msg: string) => void; error: (msg: string) => void }
+	logger: { info: (msg: string) => void; error: (msg: string) => void }
 ): Promise<void> {
-  const language = settings.language;
+	const language = settings.language;
-  const tr = getTranslations(language);
+	const tr = getTranslations(language);
  // Check if any stock reminder notifications are enabled (granular check)
  const emailEnabled = settings.emailEnabled && settings.notificationEmail && settings.emailStockReminders;
  const shoutrrrEnabled = settings.shoutrrrEnabled && settings.shoutrrrUrl && settings.shoutrrrStockReminders;
  if (!emailEnabled && !shoutrrrEnabled) {
    return; // No stock reminder notifications enabled for this user
  }
-  const state = loadReminderState();
+	// Check if any stock reminder notifications are enabled (granular check)
-  const today = getTodayInTimezone(); // YYYY-MM-DD in configured timezone
+	const emailEnabled = settings.emailEnabled && settings.notificationEmail && settings.emailStockReminders;
-  const userStateKey = `user_${settings.userId}`;
+	const shoutrrrEnabled = settings.shoutrrrEnabled && settings.shoutrrrUrl && settings.shoutrrrStockReminders;
-  // Get all medications that need a reminder for this user
+	if (!emailEnabled && !shoutrrrEnabled) {
-  const allLowStock = await getMedicationsNeedingReminder(settings.userId, settings.reminderDaysBefore, language);
+		return; // No stock reminder notifications enabled for this user
-  
+	}
  if (allLowStock.length === 0) {
    return; // No low stock for this user
  }
-  // Simple per-user tracking - check if we already sent today
+	const state = loadReminderState();
-  const userNotifiedKey = `${userStateKey}_${today}`;
+	const today = getTodayInTimezone(); // YYYY-MM-DD in configured timezone
-  if (state.notifiedMedications.includes(userNotifiedKey) && !settings.repeatDailyReminders) {
+	const userStateKey = `user_${settings.userId}`;
    return; // Already notified this user today
  }
-  logger.info(`[Reminder] User ${settings.userId}: Sending reminder for ${allLowStock.length} medications...`);
+	// Get all medications that need a reminder for this user
-  
+	const allLowStock = await getMedicationsNeedingReminder(settings.userId, settings.reminderDaysBefore, language);
-  let emailSuccess = false;
+
-  let shoutrrrSuccess = false;
+	if (allLowStock.length === 0) {
-  
+		return; // No low stock for this user
-  // Send email if enabled
+	}
-  if (emailEnabled) {
+
-    const result = await sendReminderEmail(settings.notificationEmail!, allLowStock, language, settings.repeatDailyReminders);
+	// Simple per-user tracking - check if we already sent today
-    emailSuccess = result.success;
+	const userNotifiedKey = `${userStateKey}_${today}`;
-    if (result.success) {
+	if (state.notifiedMedications.includes(userNotifiedKey) && !settings.repeatDailyReminders) {
-      logger.info(`[Reminder] User ${settings.userId}: Email sent successfully to ${settings.notificationEmail}`);
+		return; // Already notified this user today
-    } else {
+	}
-      logger.error(`[Reminder] User ${settings.userId}: Failed to send email: ${result.error}`);
+
-    }
+	logger.info(`[Reminder] User ${settings.userId}: Sending reminder for ${allLowStock.length} medications...`);
-  }
+
-  
+	let emailSuccess = false;
-  // Send Shoutrrr notification if enabled
+	let shoutrrrSuccess = false;
-  if (shoutrrrEnabled) {
+
-    // Separate empty from low stock medications
+	// Send email if enabled
-    const emptyMeds = allLowStock.filter(m => m.medsLeft <= 0);
+	if (emailEnabled) {
-    const lowMeds = allLowStock.filter(m => m.medsLeft > 0);
+		const result = await sendReminderEmail(
-    
+			settings.notificationEmail!,
-    // Build clear title
+			allLowStock,
-    const titleParts: string[] = [];
+			language,
-    if (emptyMeds.length > 0) {
+			settings.repeatDailyReminders
-      titleParts.push(`🚨 ${emptyMeds.length} ${tr.push.empty || "Empty"}`);
+		);
-    }
+		emailSuccess = result.success;
-    if (lowMeds.length > 0) {
+		if (result.success) {
-      titleParts.push(`⚠️ ${lowMeds.length} ${tr.push.low || "Low"}`);
+			logger.info(`[Reminder] User ${settings.userId}: Email sent successfully to ${settings.notificationEmail}`);
-    }
+		} else {
-    const title = `MedAssist: ${titleParts.join(", ")} - ${tr.push.reorderNow || "Reorder Now!"}`;
+			logger.error(`[Reminder] User ${settings.userId}: Failed to send email: ${result.error}`);
-    
+		}
-    // Build clear message with sections
+	}
-    const messageParts: string[] = [];
+
-    if (emptyMeds.length > 0) {
+	// Send Shoutrrr notification if enabled
-      messageParts.push(`🚨 ${tr.push.emptySection || "EMPTY (reorder immediately)"}:`);
+	if (shoutrrrEnabled) {
-      emptyMeds.forEach(m => messageParts.push(`  • ${m.name}`));
+		// Separate empty from low stock medications
-    }
+		const emptyMeds = allLowStock.filter((m) => m.medsLeft <= 0);
-    if (lowMeds.length > 0) {
+		const lowMeds = allLowStock.filter((m) => m.medsLeft > 0);
-      if (emptyMeds.length > 0) messageParts.push("");
+
-      messageParts.push(`⚠️ ${tr.push.lowSection || "RUNNING LOW (reorder soon)"}:`);
+		// Build clear title
-      lowMeds.forEach(m => messageParts.push(`  • ${m.name}: ${t(tr.push.pillsLeft, { count: m.medsLeft })}, ${t(tr.push.daysLeft, { count: m.daysLeft ?? 0 })}`));
+		const titleParts: string[] = [];
-    }
+		if (emptyMeds.length > 0) {
-    
+			titleParts.push(`🚨 ${emptyMeds.length} ${tr.push.empty || "Empty"}`);
-    if (settings.repeatDailyReminders) {
+		}
-      messageParts.push("");
+		if (lowMeds.length > 0) {
-      messageParts.push(tr.push.repeatDailyNote);
+			titleParts.push(`⚠️ ${lowMeds.length} ${tr.push.low || "Low"}`);
-    }
+		}
-    
+		const title = `MedAssist: ${titleParts.join(", ")} - ${tr.push.reorderNow || "Reorder Now!"}`;
-    const message = messageParts.join("\n");
+
-    
+		// Build clear message with sections
-    const result = await sendShoutrrrNotification(settings.shoutrrrUrl!, title, message);
+		const messageParts: string[] = [];
-    shoutrrrSuccess = result.success;
+		if (emptyMeds.length > 0) {
-    if (result.success) {
+			messageParts.push(`🚨 ${tr.push.emptySection || "EMPTY (reorder immediately)"}:`);
-      logger.info(`[Reminder] User ${settings.userId}: Push notification sent successfully`);
+			emptyMeds.forEach((m) => messageParts.push(`  • ${m.name}`));
-    } else {
+		}
-      logger.error(`[Reminder] User ${settings.userId}: Failed to send push notification: ${result.error}`);
+		if (lowMeds.length > 0) {
-    }
+			if (emptyMeds.length > 0) messageParts.push("");
-  }
+			messageParts.push(`⚠️ ${tr.push.lowSection || "RUNNING LOW (reorder soon)"}:`);
-  
+			lowMeds.forEach((m) =>
-  // Update state if any notification was sent successfully
+				messageParts.push(
-  if (emailSuccess || shoutrrrSuccess) {
+					`  • ${m.name}: ${t(tr.push.pillsLeft, { count: m.medsLeft })}, ${t(tr.push.daysLeft, { count: m.daysLeft ?? 0 })}`
-    const currentState = loadReminderState();
+				)
-    const channel = emailSuccess && shoutrrrSuccess ? "both" : emailSuccess ? "email" : "push";
+			);
-    saveReminderState({
+		}
-      lastAutoEmailSent: new Date().toISOString(),
+
-      lastAutoEmailDate: today,
+		if (settings.repeatDailyReminders) {
-      notifiedMedications: [...new Set([...currentState.notifiedMedications, userNotifiedKey])],
+			messageParts.push("");
-      nextScheduledCheck: currentState.nextScheduledCheck,
+			messageParts.push(tr.push.repeatDailyNote);
-      lastNotificationType: "stock",
+		}
-      lastNotificationChannel: channel,
+
-    });
+		const message = messageParts.join("\n");
-    
+
-    // Also update user settings in database so frontend can display the info
+		const result = await sendShoutrrrNotification(settings.shoutrrrUrl!, title, message);
-    await updateUserReminderSentTime(settings.userId, "stock", channel);
+		shoutrrrSuccess = result.success;
-  }
+		if (result.success) {
 			logger.info(`[Reminder] User ${settings.userId}: Push notification sent successfully`);
 		} else {
 			logger.error(`[Reminder] User ${settings.userId}: Failed to send push notification: ${result.error}`);
 		}
 	}
 	// Update state if any notification was sent successfully
 	if (emailSuccess || shoutrrrSuccess) {
 		const currentState = loadReminderState();
 		const channel = emailSuccess && shoutrrrSuccess ? "both" : emailSuccess ? "email" : "push";
 		saveReminderState({
 			lastAutoEmailSent: new Date().toISOString(),
 			lastAutoEmailDate: today,
 			notifiedMedications: [...new Set([...currentState.notifiedMedications, userNotifiedKey])],
 			nextScheduledCheck: currentState.nextScheduledCheck,
 			lastNotificationType: "stock",
 			lastNotificationChannel: channel,
 		});
 		// Also update user settings in database so frontend can display the info
 		// For stock reminders, show the first medication name
 		const firstMed = allLowStock[0];
 		const medNames = allLowStock.length > 1 ? `${firstMed.name} (+${allLowStock.length - 1})` : firstMed?.name;
 		await updateUserReminderSentTime(settings.userId, "stock", channel, medNames);
 	}
 }
 let schedulerTimeout: NodeJS.Timeout | null = null;
 function scheduleNextCheck(logger: { info: (msg: string) => void; error: (msg: string) => void }): void {
-  const msUntilNext = getMsUntilNextCheck();
+	const msUntilNext = getMsUntilNextCheck(REMINDER_HOUR);
-  const nextTime = getNextScheduledTime();
+	const nextTime = getNextScheduledTime(REMINDER_HOUR);
-  
+
-  // Save next scheduled time to state
+	// Save next scheduled time to state
-  const state = loadReminderState();
+	const state = loadReminderState();
-  saveReminderState({
+	saveReminderState({
-    ...state,
+		...state,
-    nextScheduledCheck: nextTime.toISOString(),
+		nextScheduledCheck: nextTime.toISOString(),
-  });
+	});
-  
+
-  logger.info(`[Reminder] Next check scheduled for ${formatInTimezone(nextTime)} (${getTimezone()}) (in ${Math.round(msUntilNext / 1000 / 60)} minutes)`);
+	logger.info(
-  
+		`[Reminder] Next check scheduled for ${formatInTimezone(nextTime)} (${getTimezone()}) (in ${Math.round(msUntilNext / 1000 / 60)} minutes)`
-  schedulerTimeout = setTimeout(() => {
+	);
-    checkAndSendReminder(logger).catch((err) => logger.error(`[Reminder] Error: ${err}`));
+
-    // Schedule the next check after this one completes
+	schedulerTimeout = setTimeout(() => {
-    scheduleNextCheck(logger);
+		checkAndSendReminder(logger).catch((err) => logger.error(`[Reminder] Error: ${err}`));
-  }, msUntilNext);
+		// Schedule the next check after this one completes
 		scheduleNextCheck(logger);
 	}, msUntilNext);
 }
 export function startReminderScheduler(logger: { info: (msg: string) => void; error: (msg: string) => void }): void {
-  logger.info(`[Reminder] Starting reminder scheduler (timezone: ${getTimezone()})...`);
+	logger.info(`[Reminder] Starting reminder scheduler (timezone: ${getTimezone()})...`);
-  
+
-  // Check if we need to run immediately (missed today's check)
+	// Check if we need to run immediately (missed today's check)
-  const state = loadReminderState();
+	const state = loadReminderState();
-  const today = getTodayInTimezone();
+	const today = getTodayInTimezone();
-  const currentHour = getCurrentHourInTimezone();
+	const currentHour = getCurrentHourInTimezone();
-  
+
-  // If it's past REMINDER_HOUR today in the configured timezone and we haven't checked today, run immediately
+	// If it's past REMINDER_HOUR today in the configured timezone and we haven't checked today, run immediately
-  if (currentHour >= REMINDER_HOUR && state.lastAutoEmailDate !== today) {
+	if (currentHour >= REMINDER_HOUR && state.lastAutoEmailDate !== today) {
-    logger.info("[Reminder] Missed today's check, running now...");
+		logger.info("[Reminder] Missed today's check, running now...");
-    checkAndSendReminder(logger).catch((err) => logger.error(`[Reminder] Error: ${err}`));
+		checkAndSendReminder(logger).catch((err) => logger.error(`[Reminder] Error: ${err}`));
-  }
+	}
-  
+
-  // Schedule next check at REMINDER_HOUR
+	// Schedule next check at REMINDER_HOUR
-  scheduleNextCheck(logger);
+	scheduleNextCheck(logger);
-  
+
-  logger.info(`[Reminder] Scheduler started - daily check at ${REMINDER_HOUR}:00 ${getTimezone()}`);
+	logger.info(`[Reminder] Scheduler started - daily check at ${REMINDER_HOUR}:00 ${getTimezone()}`);
 }
 export function stopReminderScheduler(): void {
-  if (schedulerTimeout) {
+	if (schedulerTimeout) {
-    clearTimeout(schedulerTimeout);
+		clearTimeout(schedulerTimeout);
-    schedulerTimeout = null;
+		schedulerTimeout = null;
-  }
+	}
 }
@@ -0,0 +1,743 @@
 /**
 * E2E Tests for auth routes with AUTH_ENABLED=true
 */
 import cookie from "@fastify/cookie";
 import jwt from "@fastify/jwt";
 import sensible from "@fastify/sensible";
 import type { Client } from "@libsql/client";
 import Fastify, { type FastifyInstance } from "fastify";
 import { afterAll, beforeAll, beforeEach, describe, expect, it, vi } from "vitest";
 // Use vi.hoisted to create the db BEFORE mocks are set up
 const { testClient, testDb } = vi.hoisted(() => {
 	const { createClient } = require("@libsql/client");
 	const { drizzle } = require("drizzle-orm/libsql");
 	const client = createClient({ url: ":memory:" });
 	const db = drizzle(client);
 	return { testClient: client, testDb: db };
 });
 // Mock modules using the hoisted db
 vi.mock("../db/client.js", () => ({
 	db: testDb,
 	migrationsReady: Promise.resolve(),
 }));
 // Enable auth for these tests
 vi.mock("../plugins/env.js", () => ({
 	env: {
 		AUTH_ENABLED: true,
 		LOCAL_AUTH_ENABLED: true,
 		REGISTRATION_ENABLED: true,
 		OIDC_ENABLED: false,
 		NODE_ENV: "test",
 		LOG_LEVEL: "silent",
 		PORT: 3000,
 		CORS_ORIGINS: "*",
 		JWT_SECRET: "test-jwt-secret-12345",
 		REFRESH_SECRET: "test-refresh-secret-12345",
 		COOKIE_SECRET: "test-cookie-secret-12345",
 		ACCESS_TOKEN_TTL_MINUTES: 15,
 		REFRESH_TOKEN_TTL_DAYS: 7,
 	},
 }));
 // Import real auth plugin and routes
 const { authRoutes } = await import("../routes/auth.js");
 // =============================================================================
 // Test Setup
 // =============================================================================
 async function createSchema(client: Client) {
 	const tableCreations = [
 		`CREATE TABLE IF NOT EXISTS users (
      id integer PRIMARY KEY AUTOINCREMENT,
      username text NOT NULL UNIQUE,
      password_hash text,
      avatar_url text,
      auth_provider text NOT NULL DEFAULT 'local',
      oidc_subject text,
      is_active integer NOT NULL DEFAULT 1,
      last_login_at integer,
      created_at integer NOT NULL DEFAULT (strftime('%s','now')),
      updated_at integer NOT NULL DEFAULT (strftime('%s','now'))
    )`,
 		`CREATE TABLE IF NOT EXISTS refresh_tokens (
      id integer PRIMARY KEY AUTOINCREMENT,
      user_id integer NOT NULL,
      token_id text NOT NULL UNIQUE,
      expires_at integer NOT NULL,
      revoked integer NOT NULL DEFAULT 0,
      rotated_at integer,
      created_at integer NOT NULL DEFAULT (strftime('%s','now')),
      FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE
    )`,
 	];
 	for (const sql of tableCreations) {
 		await client.execute(sql);
 	}
 }
 async function clearData(client: Client) {
 	await client.execute("DELETE FROM refresh_tokens");
 	await client.execute("DELETE FROM users");
 	await client.execute("DELETE FROM sqlite_sequence");
 }
 // =============================================================================
 // Tests
 // =============================================================================
 describe("Auth Routes (AUTH_ENABLED=true)", () => {
 	let app: FastifyInstance;
 	beforeAll(async () => {
 		await createSchema(testClient);
 		app = Fastify({ logger: false });
 		await app.register(sensible);
 		await app.register(cookie, { secret: "test-cookie-secret-12345" });
 		await app.register(jwt, {
 			secret: "test-jwt-secret-12345",
 			cookie: { cookieName: "access_token", signed: false },
 		});
 		// Decorate with config needed by auth routes
 		app.decorate("config", {
 			accessSecret: "test-jwt-secret-12345",
 			refreshSecret: "test-refresh-secret-12345",
 			accessTtl: 15,
 			refreshTtl: 7,
 			cookieOptions: { httpOnly: true, sameSite: "lax", secure: false, path: "/", maxAge: 15 * 60 },
 			refreshCookieOptions: { httpOnly: true, sameSite: "lax", secure: false, path: "/auth", maxAge: 7 * 24 * 60 * 60 },
 		});
 		await app.register(authRoutes);
 		await app.ready();
 	});
 	afterAll(async () => {
 		await app.close();
 		testClient.close();
 	});
 	beforeEach(async () => {
 		await clearData(testClient);
 	});
 	// ---------------------------------------------------------------------------
 	// Auth State Tests
 	// ---------------------------------------------------------------------------
 	describe("GET /auth/state", () => {
 		it("should return auth state", async () => {
 			const response = await app.inject({
 				method: "GET",
 				url: "/auth/state",
 			});
 			expect(response.statusCode).toBe(200);
 			const data = response.json();
 			expect(data.authEnabled).toBe(true);
 			expect(data.registrationEnabled).toBe(true);
 			expect(data.localAuthEnabled).toBe(true);
 		});
 	});
 	// ---------------------------------------------------------------------------
 	// Registration Tests
 	// ---------------------------------------------------------------------------
 	describe("POST /auth/register", () => {
 		it("should register a new user", async () => {
 			const response = await app.inject({
 				method: "POST",
 				url: "/auth/register",
 				payload: {
 					username: "testuser",
 					password: "TestPassword123",
 				},
 			});
 			expect(response.statusCode).toBe(201);
 			const data = response.json();
 			expect(data.ok).toBe(true);
 			expect(data.user.username).toBe("testuser");
 		});
 		it("should reject duplicate username", async () => {
 			// First registration
 			await app.inject({
 				method: "POST",
 				url: "/auth/register",
 				payload: {
 					username: "duplicate",
 					password: "TestPassword123",
 				},
 			});
 			// Second registration with same username
 			const response = await app.inject({
 				method: "POST",
 				url: "/auth/register",
 				payload: {
 					username: "duplicate",
 					password: "AnotherPassword123",
 				},
 			});
 			expect(response.statusCode).toBe(409);
 			expect(response.json().code).toBe("USERNAME_EXISTS");
 		});
 		it("should reject short password", async () => {
 			const response = await app.inject({
 				method: "POST",
 				url: "/auth/register",
 				payload: {
 					username: "testuser",
 					password: "short",
 				},
 			});
 			expect(response.statusCode).toBe(400);
 			expect(response.json().code).toBe("VALIDATION_ERROR");
 		});
 		it("should reject short username", async () => {
 			const response = await app.inject({
 				method: "POST",
 				url: "/auth/register",
 				payload: {
 					username: "ab",
 					password: "ValidPassword123",
 				},
 			});
 			expect(response.statusCode).toBe(400);
 			expect(response.json().code).toBe("VALIDATION_ERROR");
 		});
 		it("should reject invalid username characters", async () => {
 			const response = await app.inject({
 				method: "POST",
 				url: "/auth/register",
 				payload: {
 					username: "test@user",
 					password: "ValidPassword123",
 				},
 			});
 			expect(response.statusCode).toBe(400);
 			expect(response.json().code).toBe("VALIDATION_ERROR");
 		});
 	});
 	// ---------------------------------------------------------------------------
 	// Login Tests
 	// ---------------------------------------------------------------------------
 	describe("POST /auth/login", () => {
 		beforeEach(async () => {
 			// Create a test user
 			await app.inject({
 				method: "POST",
 				url: "/auth/register",
 				payload: {
 					username: "loginuser",
 					password: "TestPassword123",
 				},
 			});
 		});
 		it("should login with valid credentials", async () => {
 			const response = await app.inject({
 				method: "POST",
 				url: "/auth/login",
 				payload: {
 					username: "loginuser",
 					password: "TestPassword123",
 				},
 			});
 			expect(response.statusCode).toBe(200);
 			const data = response.json();
 			expect(data.ok).toBe(true);
 			expect(data.user.username).toBe("loginuser");
 			// Should set cookies
 			const cookies = response.cookies;
 			expect(cookies.find((c: any) => c.name === "access_token")).toBeDefined();
 			expect(cookies.find((c: any) => c.name === "refresh_token")).toBeDefined();
 		});
 		it("should reject invalid password", async () => {
 			const response = await app.inject({
 				method: "POST",
 				url: "/auth/login",
 				payload: {
 					username: "loginuser",
 					password: "WrongPassword",
 				},
 			});
 			expect(response.statusCode).toBe(401);
 			expect(response.json().code).toBe("INVALID_CREDENTIALS");
 		});
 		it("should reject non-existent user", async () => {
 			const response = await app.inject({
 				method: "POST",
 				url: "/auth/login",
 				payload: {
 					username: "nonexistent",
 					password: "TestPassword123",
 				},
 			});
 			expect(response.statusCode).toBe(401);
 			expect(response.json().code).toBe("INVALID_CREDENTIALS");
 		});
 		it("should support rememberMe option", async () => {
 			const response = await app.inject({
 				method: "POST",
 				url: "/auth/login",
 				payload: {
 					username: "loginuser",
 					password: "TestPassword123",
 					rememberMe: true,
 				},
 			});
 			expect(response.statusCode).toBe(200);
 			const data = response.json();
 			expect(data.ok).toBe(true);
 		});
 	});
 	// ---------------------------------------------------------------------------
 	// Token Refresh Tests
 	// ---------------------------------------------------------------------------
 	describe("POST /auth/refresh", () => {
 		it("should refresh access token with valid refresh token", async () => {
 			// Login first to get tokens
 			const _loginResponse = await app.inject({
 				method: "POST",
 				url: "/auth/login",
 				payload: {
 					username: "loginuser",
 					password: "TestPassword123",
 				},
 			});
 			// Need to create user first
 			await app.inject({
 				method: "POST",
 				url: "/auth/register",
 				payload: {
 					username: "refreshuser",
 					password: "TestPassword123",
 				},
 			});
 			const login = await app.inject({
 				method: "POST",
 				url: "/auth/login",
 				payload: {
 					username: "refreshuser",
 					password: "TestPassword123",
 				},
 			});
 			const refreshToken = login.cookies.find((c: any) => c.name === "refresh_token");
 			const response = await app.inject({
 				method: "POST",
 				url: "/auth/refresh",
 				cookies: {
 					refresh_token: refreshToken?.value ?? "",
 				},
 			});
 			expect(response.statusCode).toBe(200);
 			expect(response.json().ok).toBe(true);
 		});
 		it("should reject without refresh token", async () => {
 			const response = await app.inject({
 				method: "POST",
 				url: "/auth/refresh",
 			});
 			expect(response.statusCode).toBe(401);
 			expect(response.json().code).toBe("NO_REFRESH_TOKEN");
 		});
 		it("should reject invalid refresh token", async () => {
 			const response = await app.inject({
 				method: "POST",
 				url: "/auth/refresh",
 				cookies: {
 					refresh_token: "invalid-token",
 				},
 			});
 			expect(response.statusCode).toBe(401);
 			expect(response.json().code).toBe("INVALID_REFRESH_TOKEN");
 		});
 	});
 	// ---------------------------------------------------------------------------
 	// Logout Tests
 	// ---------------------------------------------------------------------------
 	describe("POST /auth/logout", () => {
 		it("should logout and clear cookies", async () => {
 			// Register and login first
 			await app.inject({
 				method: "POST",
 				url: "/auth/register",
 				payload: {
 					username: "logoutuser",
 					password: "TestPassword123",
 				},
 			});
 			const login = await app.inject({
 				method: "POST",
 				url: "/auth/login",
 				payload: {
 					username: "logoutuser",
 					password: "TestPassword123",
 				},
 			});
 			const refreshToken = login.cookies.find((c: any) => c.name === "refresh_token");
 			const response = await app.inject({
 				method: "POST",
 				url: "/auth/logout",
 				cookies: {
 					refresh_token: refreshToken?.value ?? "",
 				},
 			});
 			expect(response.statusCode).toBe(200);
 			expect(response.json().ok).toBe(true);
 		});
 		it("should succeed even without refresh token", async () => {
 			const response = await app.inject({
 				method: "POST",
 				url: "/auth/logout",
 			});
 			expect(response.statusCode).toBe(200);
 			expect(response.json().ok).toBe(true);
 		});
 	});
 	// ---------------------------------------------------------------------------
 	// Me Endpoint Tests
 	// ---------------------------------------------------------------------------
 	describe("GET /auth/me", () => {
 		it("should return user info with valid access token", async () => {
 			// Register and login
 			await app.inject({
 				method: "POST",
 				url: "/auth/register",
 				payload: {
 					username: "meuser",
 					password: "TestPassword123",
 				},
 			});
 			const login = await app.inject({
 				method: "POST",
 				url: "/auth/login",
 				payload: {
 					username: "meuser",
 					password: "TestPassword123",
 				},
 			});
 			const accessToken = login.cookies.find((c: any) => c.name === "access_token");
 			const response = await app.inject({
 				method: "GET",
 				url: "/auth/me",
 				cookies: {
 					access_token: accessToken?.value ?? "",
 				},
 			});
 			expect(response.statusCode).toBe(200);
 			const data = response.json();
 			expect(data.username).toBe("meuser");
 		});
 		it("should reject without access token", async () => {
 			const response = await app.inject({
 				method: "GET",
 				url: "/auth/me",
 			});
 			expect(response.statusCode).toBe(401);
 		});
 		it("should reject with invalid access token", async () => {
 			const response = await app.inject({
 				method: "GET",
 				url: "/auth/me",
 				cookies: {
 					access_token: "invalid.jwt.token",
 				},
 			});
 			expect(response.statusCode).toBe(401);
 		});
 	});
 	// ---------------------------------------------------------------------------
 	// Inactive User Tests
 	// ---------------------------------------------------------------------------
 	describe("Inactive user handling", () => {
 		it("should reject login for inactive user", async () => {
 			// Create user
 			await app.inject({
 				method: "POST",
 				url: "/auth/register",
 				payload: {
 					username: "inactiveuser",
 					password: "TestPassword123",
 				},
 			});
 			// Manually deactivate user in DB
 			await testClient.execute({
 				sql: "UPDATE users SET is_active = 0 WHERE username = ?",
 				args: ["inactiveuser"],
 			});
 			const response = await app.inject({
 				method: "POST",
 				url: "/auth/login",
 				payload: {
 					username: "inactiveuser",
 					password: "TestPassword123",
 				},
 			});
 			expect(response.statusCode).toBe(401);
 			expect(response.json().code).toBe("ACCOUNT_DISABLED");
 		});
 	});
 	// ---------------------------------------------------------------------------
 	// Profile Update Tests
 	// ---------------------------------------------------------------------------
 	describe("PUT /auth/me (profile update)", () => {
 		it("should update password with valid current password", async () => {
 			// Register and login
 			await app.inject({
 				method: "POST",
 				url: "/auth/register",
 				payload: {
 					username: "profileuser",
 					password: "TestPassword123",
 				},
 			});
 			const login = await app.inject({
 				method: "POST",
 				url: "/auth/login",
 				payload: {
 					username: "profileuser",
 					password: "TestPassword123",
 				},
 			});
 			const accessToken = login.cookies.find((c: any) => c.name === "access_token");
 			const response = await app.inject({
 				method: "PUT",
 				url: "/auth/me",
 				cookies: {
 					access_token: accessToken?.value ?? "",
 				},
 				payload: {
 					currentPassword: "TestPassword123",
 					newPassword: "NewPassword456",
 				},
 			});
 			expect(response.statusCode).toBe(200);
 			expect(response.json().ok).toBe(true);
 			// Verify can login with new password
 			const newLogin = await app.inject({
 				method: "POST",
 				url: "/auth/login",
 				payload: {
 					username: "profileuser",
 					password: "NewPassword456",
 				},
 			});
 			expect(newLogin.statusCode).toBe(200);
 		});
 		it("should reject password change without current password", async () => {
 			await app.inject({
 				method: "POST",
 				url: "/auth/register",
 				payload: {
 					username: "profileuser2",
 					password: "TestPassword123",
 				},
 			});
 			const login = await app.inject({
 				method: "POST",
 				url: "/auth/login",
 				payload: {
 					username: "profileuser2",
 					password: "TestPassword123",
 				},
 			});
 			const accessToken = login.cookies.find((c: any) => c.name === "access_token");
 			const response = await app.inject({
 				method: "PUT",
 				url: "/auth/me",
 				cookies: {
 					access_token: accessToken?.value ?? "",
 				},
 				payload: {
 					newPassword: "NewPassword456",
 				},
 			});
 			expect(response.statusCode).toBe(400);
 			expect(response.json().code).toBe("CURRENT_PASSWORD_REQUIRED");
 		});
 		it("should reject password change with wrong current password", async () => {
 			await app.inject({
 				method: "POST",
 				url: "/auth/register",
 				payload: {
 					username: "profileuser3",
 					password: "TestPassword123",
 				},
 			});
 			const login = await app.inject({
 				method: "POST",
 				url: "/auth/login",
 				payload: {
 					username: "profileuser3",
 					password: "TestPassword123",
 				},
 			});
 			const accessToken = login.cookies.find((c: any) => c.name === "access_token");
 			const response = await app.inject({
 				method: "PUT",
 				url: "/auth/me",
 				cookies: {
 					access_token: accessToken?.value ?? "",
 				},
 				payload: {
 					currentPassword: "WrongPassword",
 					newPassword: "NewPassword456",
 				},
 			});
 			expect(response.statusCode).toBe(401);
 			expect(response.json().code).toBe("INVALID_PASSWORD");
 		});
 		it("should reject profile update without auth", async () => {
 			const response = await app.inject({
 				method: "PUT",
 				url: "/auth/me",
 				payload: {
 					currentPassword: "Test123",
 					newPassword: "NewPassword456",
 				},
 			});
 			expect(response.statusCode).toBe(401);
 		});
 	});
 	describe("DELETE /auth/me - Delete Account", () => {
 		it("should delete user account and all data", async () => {
 			// Register and login
 			await app.inject({
 				method: "POST",
 				url: "/auth/register",
 				payload: {
 					username: "deleteuser",
 					password: "TestPassword123",
 				},
 			});
 			const login = await app.inject({
 				method: "POST",
 				url: "/auth/login",
 				payload: {
 					username: "deleteuser",
 					password: "TestPassword123",
 				},
 			});
 			const accessToken = login.cookies.find((c: any) => c.name === "access_token");
 			// Delete account
 			const response = await app.inject({
 				method: "DELETE",
 				url: "/auth/me",
 				cookies: {
 					access_token: accessToken?.value ?? "",
 				},
 			});
 			expect(response.statusCode).toBe(200);
 			expect(response.json().ok).toBe(true);
 			// Verify can't login anymore
 			const loginAgain = await app.inject({
 				method: "POST",
 				url: "/auth/login",
 				payload: {
 					username: "deleteuser",
 					password: "TestPassword123",
 				},
 			});
 			expect(loginAgain.statusCode).toBe(401);
 		});
 		it("should reject delete without auth", async () => {
 			const response = await app.inject({
 				method: "DELETE",
 				url: "/auth/me",
 			});
 			expect(response.statusCode).toBe(401);
 		});
 	});
 });
@@ -0,0 +1,994 @@
 import { existsSync, mkdirSync, rmSync } from "node:fs";
 import { tmpdir } from "node:os";
 import { dirname, resolve } from "node:path";
 import { fileURLToPath } from "node:url";
 import { createClient } from "@libsql/client";
 import { drizzle } from "drizzle-orm/libsql";
 import { migrate } from "drizzle-orm/libsql/migrator";
 import { afterEach, beforeEach, describe, expect, it } from "vitest";
 // Import the exported utility functions from client.ts
 import {
 	buildDbUrl,
 	ensureDataDirectory,
 	ensureDefaultUser,
 	getDbPaths,
 	repairOrphanedDoseIds,
 	repairTrailingHyphenDoseIds,
 	runAlterMigrations,
 	runDrizzleMigrations,
 } from "../db/client.js";
 // Import the exported utility functions from migrate.ts
 import { executeMigration, getStatementPreview, splitSQLStatements } from "../db/migrate.js";
 // Get migrations folder path
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = dirname(__filename);
 const migrationsFolder = resolve(__dirname, "../../drizzle");
 describe("Migration Script Utilities", () => {
 	describe("executeMigration", () => {
 		let client: ReturnType<typeof createClient>;
 		beforeEach(() => {
 			client = createClient({ url: ":memory:" });
 		});
 		it("should execute all migrations successfully", async () => {
 			const result = await executeMigration(client);
 			expect(result.success).toBe(true);
 			expect(result.executed).toBeGreaterThan(0);
 			expect(result.errors).toHaveLength(0);
 		});
 		it("should create all tables", async () => {
 			await executeMigration(client);
 			const tables = await client.execute(
 				"SELECT name FROM sqlite_master WHERE type='table' AND name NOT LIKE 'sqlite_%' AND name NOT LIKE '__drizzle%' ORDER BY name"
 			);
 			const tableNames = tables.rows.map((r) => r.name);
 			expect(tableNames).toContain("users");
 			expect(tableNames).toContain("medications");
 			expect(tableNames).toContain("user_settings");
 			expect(tableNames).toContain("refresh_tokens");
 			expect(tableNames).toContain("share_tokens");
 			expect(tableNames).toContain("dose_tracking");
 			expect(tableNames).toContain("refill_history");
 		});
 		it("should be idempotent", async () => {
 			await executeMigration(client);
 			const result = await executeMigration(client);
 			expect(result.success).toBe(true);
 		});
 		it("should allow inserting data after migration", async () => {
 			await executeMigration(client);
 			await client.execute("INSERT INTO users (username) VALUES ('testuser')");
 			const result = await client.execute("SELECT * FROM users");
 			expect(result.rows).toHaveLength(1);
 		});
 	});
 	describe("splitSQLStatements", () => {
 		it("should split SQL by semicolons", () => {
 			const sql = "SELECT 1; SELECT 2; SELECT 3;";
 			const statements = splitSQLStatements(sql);
 			expect(statements).toHaveLength(3);
 		});
 		it("should filter out empty statements", () => {
 			const sql = "SELECT 1;; ; SELECT 2;";
 			const statements = splitSQLStatements(sql);
 			expect(statements).toHaveLength(2);
 		});
 		it("should handle statements without trailing semicolon", () => {
 			const sql = "SELECT 1; SELECT 2";
 			const statements = splitSQLStatements(sql);
 			expect(statements).toHaveLength(2);
 		});
 		it("should preserve whitespace within statements", () => {
 			const sql = "CREATE TABLE test (\n  id INTEGER\n);";
 			const statements = splitSQLStatements(sql);
 			expect(statements[0]).toContain("\n");
 		});
 	});
 	describe("getStatementPreview", () => {
 		it("should return full string if shorter than maxLength", () => {
 			const preview = getStatementPreview("SELECT 1", 50);
 			expect(preview).toBe("SELECT 1");
 		});
 		it("should truncate and add ellipsis if longer than maxLength", () => {
 			const preview = getStatementPreview("SELECT * FROM very_long_table_name WHERE condition = true", 20);
 			expect(preview).toBe("SELECT * FROM very_l...");
 			expect(preview.length).toBe(23); // 20 + "..."
 		});
 		it("should use default maxLength of 50", () => {
 			const longStmt = "A".repeat(100);
 			const preview = getStatementPreview(longStmt);
 			expect(preview).toBe(`${"A".repeat(50)}...`);
 		});
 		it("should trim whitespace", () => {
 			const preview = getStatementPreview("  SELECT 1  ", 50);
 			expect(preview).toBe("SELECT 1");
 		});
 		it("should handle CREATE TABLE statements", () => {
 			const stmt = "CREATE TABLE IF NOT EXISTS users (id integer PRIMARY KEY)";
 			const preview = getStatementPreview(stmt, 30);
 			expect(preview).toBe("CREATE TABLE IF NOT EXISTS use...");
 		});
 	});
 });
 describe("Database Client Utilities", () => {
 	describe("buildDbUrl", () => {
 		it("should build a file:// URL from path", () => {
 			const url = buildDbUrl("/path/to/db.sqlite");
 			expect(url).toBe("file:/path/to/db.sqlite");
 		});
 		it("should handle relative paths", () => {
 			const url = buildDbUrl("./data/test.db");
 			expect(url).toBe("file:./data/test.db");
 		});
 	});
 	describe("getDbPaths", () => {
 		it("should return correct paths based on cwd", () => {
 			const paths = getDbPaths("/app");
 			expect(paths.dataDir).toBe("/app/data");
 			expect(paths.dbPath).toBe("/app/data/medassist-ng.db");
 			expect(paths.url).toBe("file:/app/data/medassist-ng.db");
 		});
 		it("should use process.cwd() by default", () => {
 			const paths = getDbPaths();
 			expect(paths.dataDir).toContain("data");
 			expect(paths.dbPath).toContain("medassist-ng.db");
 		});
 	});
 	describe("ensureDataDirectory", () => {
 		const testDir = resolve(tmpdir(), `test-data-dir-${Date.now()}`);
 		afterEach(() => {
 			try {
 				if (existsSync(testDir)) {
 					rmSync(testDir, { recursive: true, force: true });
 				}
 			} catch {
 				// ignore cleanup errors
 			}
 		});
 		it("should create directory if it does not exist", () => {
 			const result = ensureDataDirectory(testDir);
 			expect(result.success).toBe(true);
 			expect(existsSync(testDir)).toBe(true);
 		});
 		it("should succeed if directory already exists", () => {
 			mkdirSync(testDir, { recursive: true });
 			const result = ensureDataDirectory(testDir);
 			expect(result.success).toBe(true);
 		});
 		it("should create .write-test file", () => {
 			const result = ensureDataDirectory(testDir);
 			expect(result.success).toBe(true);
 			expect(existsSync(resolve(testDir, ".write-test"))).toBe(true);
 		});
 		it("should return error for invalid path", () => {
 			// Try to create in a path that can't exist
 			const result = ensureDataDirectory("/nonexistent/root/path/that/cannot/exist");
 			expect(result.success).toBe(false);
 			expect(result.error).toBeDefined();
 		});
 	});
 	describe("runDrizzleMigrations", () => {
 		let client: ReturnType<typeof createClient>;
 		beforeEach(() => {
 			client = createClient({ url: ":memory:" });
 		});
 		it("should create all tables successfully", async () => {
 			const db = drizzle(client);
 			const result = await runDrizzleMigrations(db);
 			expect(result.success).toBe(true);
 		});
 		it("should be idempotent (run twice without errors)", async () => {
 			const db = drizzle(client);
 			await runDrizzleMigrations(db);
 			const result = await runDrizzleMigrations(db);
 			expect(result.success).toBe(true);
 		});
 		it("should create all 7 tables", async () => {
 			const db = drizzle(client);
 			await runDrizzleMigrations(db);
 			const tables = await client.execute(
 				"SELECT name FROM sqlite_master WHERE type='table' AND name NOT LIKE 'sqlite_%' AND name NOT LIKE '__drizzle%' ORDER BY name"
 			);
 			const tableNames = tables.rows.map((r) => r.name);
 			expect(tableNames).toContain("users");
 			expect(tableNames).toContain("medications");
 			expect(tableNames).toContain("user_settings");
 			expect(tableNames).toContain("refresh_tokens");
 			expect(tableNames).toContain("share_tokens");
 			expect(tableNames).toContain("dose_tracking");
 			expect(tableNames).toContain("refill_history");
 		});
 	});
 	describe("runAlterMigrations", () => {
 		let client: ReturnType<typeof createClient>;
 		beforeEach(async () => {
 			client = createClient({ url: ":memory:" });
 			const db = drizzle(client);
 			await migrate(db, { migrationsFolder });
 		});
 		it("should run without errors on a fresh database", async () => {
 			const result = await runAlterMigrations(client);
 			expect(result.success).toBe(true);
 			expect(result.errors).toHaveLength(0);
 		});
 		it("should be idempotent", async () => {
 			await runAlterMigrations(client);
 			const result = await runAlterMigrations(client);
 			expect(result.success).toBe(true);
 		});
 	});
 	describe("ensureDefaultUser", () => {
 		let client: ReturnType<typeof createClient>;
 		beforeEach(async () => {
 			client = createClient({ url: ":memory:" });
 			const db = drizzle(client);
 			await migrate(db, { migrationsFolder });
 		});
 		it("should create default user when auth is disabled", async () => {
 			const created = await ensureDefaultUser(client, false);
 			expect(created).toBe(true);
 			const result = await client.execute("SELECT * FROM users WHERE id = 1");
 			expect(result.rows).toHaveLength(1);
 			expect(result.rows[0].username).toBe("default");
 			expect(result.rows[0].auth_provider).toBe("local");
 		});
 		it("should not create user when auth is enabled", async () => {
 			const created = await ensureDefaultUser(client, true);
 			expect(created).toBe(false);
 			const result = await client.execute("SELECT * FROM users WHERE id = 1");
 			expect(result.rows).toHaveLength(0);
 		});
 		it("should not duplicate user if already exists", async () => {
 			// First call creates the user
 			await ensureDefaultUser(client, false);
 			// Second call should not create again
 			const created = await ensureDefaultUser(client, false);
 			expect(created).toBe(false);
 			// Should still have only one user
 			const result = await client.execute("SELECT * FROM users");
 			expect(result.rows).toHaveLength(1);
 		});
 	});
 });
 describe("Database Client", () => {
 	describe("In-Memory Database Creation", () => {
 		it("should create an in-memory SQLite client", () => {
 			const client = createClient({ url: ":memory:" });
 			expect(client).toBeDefined();
 		});
 		it("should create a drizzle instance from client", () => {
 			const client = createClient({ url: ":memory:" });
 			const db = drizzle(client);
 			expect(db).toBeDefined();
 		});
 		it("should execute SQL statements", async () => {
 			const client = createClient({ url: ":memory:" });
 			// Create a simple test table
 			await client.execute(`
        CREATE TABLE IF NOT EXISTS test_table (
          id INTEGER PRIMARY KEY AUTOINCREMENT,
          name TEXT NOT NULL
        )
      `);
 			// Insert a row
 			await client.execute("INSERT INTO test_table (name) VALUES ('test')");
 			// Query the row
 			const result = await client.execute("SELECT * FROM test_table");
 			expect(result.rows).toHaveLength(1);
 			expect(result.rows[0].name).toBe("test");
 		});
 	});
 	describe("Table Schema via Drizzle Migrations", () => {
 		let client: ReturnType<typeof createClient>;
 		beforeEach(async () => {
 			client = createClient({ url: ":memory:" });
 			const db = drizzle(client);
 			await migrate(db, { migrationsFolder });
 		});
 		it("should have users table with correct columns", async () => {
 			const columns = await client.execute("PRAGMA table_info(users)");
 			const columnNames = columns.rows.map((r) => r.name);
 			expect(columnNames).toContain("id");
 			expect(columnNames).toContain("username");
 			expect(columnNames).toContain("password_hash");
 			expect(columnNames).toContain("auth_provider");
 		});
 		it("should have medications table with correct columns", async () => {
 			const columns = await client.execute("PRAGMA table_info(medications)");
 			const columnNames = columns.rows.map((r) => r.name);
 			expect(columnNames).toContain("id");
 			expect(columnNames).toContain("user_id");
 			expect(columnNames).toContain("name");
 			expect(columnNames).toContain("taken_by_json");
 			expect(columnNames).toContain("pack_count");
 			expect(columnNames).toContain("usage_json");
 		});
 		it("should have user_settings table with correct columns", async () => {
 			const columns = await client.execute("PRAGMA table_info(user_settings)");
 			const columnNames = columns.rows.map((r) => r.name);
 			expect(columnNames).toContain("id");
 			expect(columnNames).toContain("user_id");
 			expect(columnNames).toContain("email_enabled");
 			expect(columnNames).toContain("language");
 			expect(columnNames).toContain("stock_calculation_mode");
 		});
 		it("should have refresh_tokens table", async () => {
 			const columns = await client.execute("PRAGMA table_info(refresh_tokens)");
 			const columnNames = columns.rows.map((r) => r.name);
 			expect(columnNames).toContain("id");
 			expect(columnNames).toContain("user_id");
 			expect(columnNames).toContain("token_id");
 		});
 		it("should have share_tokens table", async () => {
 			const columns = await client.execute("PRAGMA table_info(share_tokens)");
 			const columnNames = columns.rows.map((r) => r.name);
 			expect(columnNames).toContain("id");
 			expect(columnNames).toContain("token");
 			expect(columnNames).toContain("taken_by");
 		});
 		it("should have dose_tracking table", async () => {
 			const columns = await client.execute("PRAGMA table_info(dose_tracking)");
 			const columnNames = columns.rows.map((r) => r.name);
 			expect(columnNames).toContain("id");
 			expect(columnNames).toContain("dose_id");
 			expect(columnNames).toContain("marked_by");
 		});
 		it("should have refill_history table", async () => {
 			const columns = await client.execute("PRAGMA table_info(refill_history)");
 			const columnNames = columns.rows.map((r) => r.name);
 			expect(columnNames).toContain("id");
 			expect(columnNames).toContain("medication_id");
 			expect(columnNames).toContain("packs_added");
 			expect(columnNames).toContain("loose_pills_added");
 		});
 	});
 	describe("Default Values", () => {
 		let client: ReturnType<typeof createClient>;
 		beforeEach(async () => {
 			client = createClient({ url: ":memory:" });
 			const db = drizzle(client);
 			await migrate(db, { migrationsFolder });
 		});
 		it("should use default values for auth_provider", async () => {
 			await client.execute("INSERT INTO users (username) VALUES ('testuser')");
 			const result = await client.execute("SELECT auth_provider FROM users WHERE username = 'testuser'");
 			expect(result.rows[0].auth_provider).toBe("local");
 		});
 		it("should use default values for is_active", async () => {
 			await client.execute("INSERT INTO users (username) VALUES ('testuser')");
 			const result = await client.execute("SELECT is_active FROM users WHERE username = 'testuser'");
 			// SQLite stores booleans as integers
 			expect(result.rows[0].is_active).toBeTruthy();
 		});
 	});
 	describe("User Settings Defaults", () => {
 		let client: ReturnType<typeof createClient>;
 		beforeEach(async () => {
 			client = createClient({ url: ":memory:" });
 			const db = drizzle(client);
 			await migrate(db, { migrationsFolder });
 			await client.execute("INSERT INTO users (username) VALUES ('testuser')");
 		});
 		it("should use default notification settings", async () => {
 			await client.execute("INSERT INTO user_settings (user_id) VALUES (1)");
 			const result = await client.execute("SELECT * FROM user_settings WHERE user_id = 1");
 			// SQLite stores booleans as integers (false = 0)
 			expect(result.rows[0].email_enabled).toBeFalsy();
 			expect(result.rows[0].shoutrrr_enabled).toBeFalsy();
 		});
 		it("should use default stock threshold settings", async () => {
 			await client.execute("INSERT INTO user_settings (user_id) VALUES (1)");
 			const result = await client.execute("SELECT * FROM user_settings WHERE user_id = 1");
 			expect(result.rows[0].low_stock_days).toBe(30);
 			expect(result.rows[0].normal_stock_days).toBe(90);
 			expect(result.rows[0].high_stock_days).toBe(180);
 		});
 		it("should use default language (en)", async () => {
 			await client.execute("INSERT INTO user_settings (user_id) VALUES (1)");
 			const result = await client.execute("SELECT language FROM user_settings WHERE user_id = 1");
 			expect(result.rows[0].language).toBe("en");
 		});
 		it("should use default stock_calculation_mode (automatic)", async () => {
 			await client.execute("INSERT INTO user_settings (user_id) VALUES (1)");
 			const result = await client.execute("SELECT stock_calculation_mode FROM user_settings WHERE user_id = 1");
 			expect(result.rows[0].stock_calculation_mode).toBe("automatic");
 		});
 		it("should use default reminder_days_before (7)", async () => {
 			await client.execute("INSERT INTO user_settings (user_id) VALUES (1)");
 			const result = await client.execute("SELECT reminder_days_before FROM user_settings WHERE user_id = 1");
 			expect(result.rows[0].reminder_days_before).toBe(7);
 		});
 	});
 	describe("Medication Defaults", () => {
 		let client: ReturnType<typeof createClient>;
 		beforeEach(async () => {
 			client = createClient({ url: ":memory:" });
 			const db = drizzle(client);
 			await migrate(db, { migrationsFolder });
 			await client.execute("INSERT INTO users (username) VALUES ('testuser')");
 		});
 		it("should use default inventory values", async () => {
 			await client.execute("INSERT INTO medications (user_id, name) VALUES (1, 'Test Med')");
 			const result = await client.execute("SELECT * FROM medications WHERE name = 'Test Med'");
 			expect(result.rows[0].pack_count).toBe(1);
 			expect(result.rows[0].blisters_per_pack).toBe(1);
 			expect(result.rows[0].pills_per_blister).toBe(1);
 			expect(result.rows[0].loose_tablets).toBe(0);
 		});
 		it("should use default JSON arrays for schedules", async () => {
 			await client.execute("INSERT INTO medications (user_id, name) VALUES (1, 'Test Med')");
 			const result = await client.execute("SELECT * FROM medications WHERE name = 'Test Med'");
 			expect(result.rows[0].taken_by_json).toBe("[]");
 			expect(result.rows[0].usage_json).toBe("[]");
 			expect(result.rows[0].every_json).toBe("[]");
 			expect(result.rows[0].start_json).toBe("[]");
 		});
 		it("should default intake_reminders_enabled to false", async () => {
 			await client.execute("INSERT INTO medications (user_id, name) VALUES (1, 'Test Med')");
 			const result = await client.execute("SELECT intake_reminders_enabled FROM medications WHERE name = 'Test Med'");
 			expect(result.rows[0].intake_reminders_enabled).toBeFalsy();
 		});
 	});
 	describe("Foreign Key Constraints", () => {
 		let client: ReturnType<typeof createClient>;
 		beforeEach(async () => {
 			client = createClient({ url: ":memory:" });
 			// Enable foreign keys
 			await client.execute("PRAGMA foreign_keys = ON");
 			const db = drizzle(client);
 			await migrate(db, { migrationsFolder });
 		});
 		it("should cascade delete medications when user is deleted", async () => {
 			await client.execute("INSERT INTO users (username) VALUES ('testuser')");
 			await client.execute("INSERT INTO medications (user_id, name) VALUES (1, 'Med1')");
 			await client.execute("INSERT INTO medications (user_id, name) VALUES (1, 'Med2')");
 			// Verify medications exist
 			let meds = await client.execute("SELECT * FROM medications");
 			expect(meds.rows).toHaveLength(2);
 			// Delete user
 			await client.execute("DELETE FROM users WHERE id = 1");
 			// Medications should be deleted too
 			meds = await client.execute("SELECT * FROM medications");
 			expect(meds.rows).toHaveLength(0);
 		});
 	});
 	describe("Unique Constraints", () => {
 		let client: ReturnType<typeof createClient>;
 		beforeEach(async () => {
 			client = createClient({ url: ":memory:" });
 			const db = drizzle(client);
 			await migrate(db, { migrationsFolder });
 		});
 		it("should enforce unique constraint on username", async () => {
 			await client.execute("INSERT INTO users (username) VALUES ('testuser')");
 			await expect(client.execute("INSERT INTO users (username) VALUES ('testuser')")).rejects.toThrow();
 		});
 		it("should enforce unique constraint on refresh token_id", async () => {
 			await client.execute("INSERT INTO users (username) VALUES ('testuser')");
 			await client.execute(
 				"INSERT INTO refresh_tokens (user_id, token_id, expires_at) VALUES (1, 'token123', 1735689600)"
 			);
 			await expect(
 				client.execute("INSERT INTO refresh_tokens (user_id, token_id, expires_at) VALUES (1, 'token123', 1735689600)")
 			).rejects.toThrow();
 		});
 	});
 	describe("Default User Creation (Auth Disabled)", () => {
 		let client: ReturnType<typeof createClient>;
 		beforeEach(async () => {
 			client = createClient({ url: ":memory:" });
 			const db = drizzle(client);
 			await migrate(db, { migrationsFolder });
 		});
 		it("should be able to create a default user with ID 1", async () => {
 			// This mimics the auth-disabled mode behavior
 			const result = await client.execute("SELECT id FROM users WHERE id = 1");
 			if (result.rows.length === 0) {
 				await client.execute("INSERT INTO users (id, username, auth_provider) VALUES (1, 'default', 'local')");
 			}
 			const user = await client.execute("SELECT * FROM users WHERE id = 1");
 			expect(user.rows).toHaveLength(1);
 			expect(user.rows[0].username).toBe("default");
 			expect(user.rows[0].auth_provider).toBe("local");
 		});
 		it("should not duplicate default user if already exists", async () => {
 			await client.execute("INSERT INTO users (id, username, auth_provider) VALUES (1, 'default', 'local')");
 			// Check if exists before insert (mimics runtime behavior)
 			const result = await client.execute("SELECT id FROM users WHERE id = 1");
 			if (result.rows.length === 0) {
 				await client.execute("INSERT INTO users (id, username, auth_provider) VALUES (1, 'default', 'local')");
 			}
 			// Should still have only one user
 			const users = await client.execute("SELECT * FROM users");
 			expect(users.rows).toHaveLength(1);
 		});
 	});
 	describe("repairOrphanedDoseIds", () => {
 		let client: ReturnType<typeof createClient>;
 		beforeEach(async () => {
 			client = createClient({ url: ":memory:" });
 			const db = drizzle(client);
 			await migrate(db, { migrationsFolder });
 			// Create a test user
 			await client.execute("INSERT INTO users (id, username, auth_provider) VALUES (1, 'testuser', 'local')");
 		});
 		it("should return 0 repairs when no data exists", async () => {
 			const result = await repairOrphanedDoseIds(client);
 			expect(result.repaired).toBe(0);
 			expect(result.errors).toHaveLength(0);
 		});
 		it("should not modify dose IDs that already match the current schedule", async () => {
 			// Create weekly medication starting Oct 17 (Friday)
 			const intakes = JSON.stringify([
 				{ usage: 1, every: 7, start: "2025-10-17T08:00:00", takenBy: null, intakeRemindersEnabled: false },
 			]);
 			await client.execute({
 				sql: `INSERT INTO medications (id, user_id, name, intakes_json, usage_json, every_json, start_json)
 				      VALUES (1, 1, 'Weekly Med', ?, '[1]', '[7]', '["2025-10-17T08:00:00"]')`,
 				args: [intakes],
 			});
 			// Insert dose IDs that match the schedule (Fridays)
 			const fri17 = new Date(2025, 9, 17).getTime();
 			const fri24 = new Date(2025, 9, 24).getTime();
 			await client.execute({
 				sql: "INSERT INTO dose_tracking (user_id, dose_id) VALUES (1, ?)",
 				args: [`1-0-${fri17}`],
 			});
 			await client.execute({
 				sql: "INSERT INTO dose_tracking (user_id, dose_id) VALUES (1, ?)",
 				args: [`1-0-${fri24}`],
 			});
 			const result = await repairOrphanedDoseIds(client);
 			expect(result.repaired).toBe(0);
 			// Verify IDs unchanged
 			const doses = await client.execute("SELECT dose_id FROM dose_tracking ORDER BY dose_id");
 			expect(doses.rows[0].dose_id).toBe(`1-0-${fri17}`);
 			expect(doses.rows[1].dose_id).toBe(`1-0-${fri24}`);
 		});
 		it("should repair orphaned dose IDs when schedule shifted by 1 day", async () => {
 			// Current schedule: Saturdays (Oct 18)
 			const intakes = JSON.stringify([
 				{ usage: 1, every: 7, start: "2025-10-18T08:00:00", takenBy: null, intakeRemindersEnabled: false },
 			]);
 			await client.execute({
 				sql: `INSERT INTO medications (id, user_id, name, intakes_json, usage_json, every_json, start_json)
 				      VALUES (1, 1, 'Weekly Med', ?, '[1]', '[7]', '["2025-10-18T08:00:00"]')`,
 				args: [intakes],
 			});
 			// Insert orphaned dose IDs from OLD schedule (Fridays)
 			const fri17 = new Date(2025, 9, 17).getTime();
 			const fri24 = new Date(2025, 9, 24).getTime();
 			const fri31 = new Date(2025, 9, 31).getTime();
 			await client.execute({
 				sql: "INSERT INTO dose_tracking (user_id, dose_id) VALUES (1, ?)",
 				args: [`1-0-${fri17}`],
 			});
 			await client.execute({
 				sql: "INSERT INTO dose_tracking (user_id, dose_id) VALUES (1, ?)",
 				args: [`1-0-${fri24}`],
 			});
 			await client.execute({
 				sql: "INSERT INTO dose_tracking (user_id, dose_id) VALUES (1, ?)",
 				args: [`1-0-${fri31}`],
 			});
 			const result = await repairOrphanedDoseIds(client);
 			expect(result.repaired).toBe(3);
 			expect(result.errors).toHaveLength(0);
 			// Verify dose IDs are now Saturdays
 			const sat18 = new Date(2025, 9, 18).getTime();
 			const sat25 = new Date(2025, 9, 25).getTime();
 			const nov1 = new Date(2025, 10, 1).getTime();
 			const doses = await client.execute("SELECT dose_id FROM dose_tracking ORDER BY dose_id");
 			const ids = doses.rows.map((r) => r.dose_id);
 			expect(ids).toContain(`1-0-${sat18}`);
 			expect(ids).toContain(`1-0-${sat25}`);
 			expect(ids).toContain(`1-0-${nov1}`);
 		});
 		it("should preserve person suffix when repairing dose IDs", async () => {
 			// Current schedule: Saturdays
 			const intakes = JSON.stringify([
 				{ usage: 1, every: 7, start: "2025-10-18T08:00:00", takenBy: "Alice", intakeRemindersEnabled: false },
 			]);
 			await client.execute({
 				sql: `INSERT INTO medications (id, user_id, name, intakes_json, usage_json, every_json, start_json)
 				      VALUES (1, 1, 'Person Med', ?, '[1]', '[7]', '["2025-10-18T08:00:00"]')`,
 				args: [intakes],
 			});
 			// Orphaned dose with person suffix (from old Friday schedule)
 			const fri17 = new Date(2025, 9, 17).getTime();
 			await client.execute({
 				sql: "INSERT INTO dose_tracking (user_id, dose_id) VALUES (1, ?)",
 				args: [`1-0-${fri17}-Alice`],
 			});
 			const result = await repairOrphanedDoseIds(client);
 			expect(result.repaired).toBe(1);
 			// Verify person suffix preserved
 			const sat18 = new Date(2025, 9, 18).getTime();
 			const doses = await client.execute("SELECT dose_id FROM dose_tracking");
 			expect(doses.rows[0].dose_id).toBe(`1-0-${sat18}-Alice`);
 		});
 		it("should not repair doses that are too far from any valid schedule date", async () => {
 			// Current schedule: biweekly (every 14 days) starting Oct 18
 			// halfInterval = 7 days, so doses more than 7 days from any valid date won't match
 			const intakes = JSON.stringify([
 				{ usage: 1, every: 14, start: "2025-10-18T08:00:00", takenBy: null, intakeRemindersEnabled: false },
 			]);
 			await client.execute({
 				sql: `INSERT INTO medications (id, user_id, name, intakes_json, usage_json, every_json, start_json)
 				      VALUES (1, 1, 'Biweekly Med', ?, '[1]', '[14]', '["2025-10-18T08:00:00"]')`,
 				args: [intakes],
 			});
 			// Insert dose on Oct 27 (9 days away from Oct 18, 4 days away from Nov 1)
 			// halfInterval = 7 days. Oct 27 is 9 days from Oct 18 (too far) and 4 days from Nov 1 (within range)
 			// Actually use Oct 26 which is 8 days from both (Oct 18 and Nov 1) - exactly at halfInterval + 1
 			// Wait: biweekly = Oct 18, Nov 1. Oct 26 is 8 days from Oct 18, 6 days from Nov 1 → 6 < 7, matches Nov 1
 			// Use Oct 25: 7 days from Oct 18, 7 days from Nov 1 → exactly at boundary. Use Oct 25 and check.
 			// The condition is dist <= halfInterval, so 7 <= 7 is true. Need dist > 7.
 			// Use a 28-day schedule instead: Oct 18, Nov 15. Midpoint is Nov 1-2. Nov 2 is 15 days from Oct 18, 13 from Nov 15. Both > 14. No match.
 			const intakes28 = JSON.stringify([
 				{ usage: 1, every: 28, start: "2025-10-18T08:00:00", takenBy: null, intakeRemindersEnabled: false },
 			]);
 			await client.execute({
 				sql: `UPDATE medications SET intakes_json = ?, every_json = '[28]' WHERE id = 1`,
 				args: [intakes28],
 			});
 			// Insert dose on Nov 2 (15 days from Oct 18, 13 days from Nov 15)
 			// halfInterval = 14 days. Both 15 > 14 and 13 < 14, so Nov 2 actually WOULD map to Nov 15.
 			// Use Nov 4: 17 days from Oct 18, 11 days from Nov 15 → 11 < 14, maps to Nov 15.
 			// For a 28-day interval, halfInterval = 14. A date must be > 14 days from ALL schedule dates.
 			// Between Oct 18 and Nov 15 (28 days), the only date > 14 from both is impossible.
 			// So lets use a gap: Oct 18 is the only past date for a monthly schedule.
 			// If we pick a date before Oct 18, like Oct 1 (17 days before Oct 18) → 17 > 14 → no match!
 			const oct1 = new Date(2025, 9, 1).getTime();
 			await client.execute({
 				sql: "INSERT INTO dose_tracking (user_id, dose_id) VALUES (1, ?)",
 				args: [`1-0-${oct1}`],
 			});
 			const result = await repairOrphanedDoseIds(client);
 			expect(result.repaired).toBe(0);
 			// Dose should remain unchanged
 			const doses = await client.execute("SELECT dose_id FROM dose_tracking");
 			expect(doses.rows[0].dose_id).toBe(`1-0-${oct1}`);
 		});
 		it("should be idempotent - running twice produces same result", async () => {
 			// Current schedule: Saturdays
 			const intakes = JSON.stringify([
 				{ usage: 1, every: 7, start: "2025-10-18T08:00:00", takenBy: null, intakeRemindersEnabled: false },
 			]);
 			await client.execute({
 				sql: `INSERT INTO medications (id, user_id, name, intakes_json, usage_json, every_json, start_json)
 				      VALUES (1, 1, 'Weekly Med', ?, '[1]', '[7]', '["2025-10-18T08:00:00"]')`,
 				args: [intakes],
 			});
 			// Insert orphaned dose from Friday
 			const fri17 = new Date(2025, 9, 17).getTime();
 			await client.execute({
 				sql: "INSERT INTO dose_tracking (user_id, dose_id) VALUES (1, ?)",
 				args: [`1-0-${fri17}`],
 			});
 			// First run
 			const result1 = await repairOrphanedDoseIds(client);
 			expect(result1.repaired).toBe(1);
 			// Second run - should find 0 repairs (already fixed)
 			const result2 = await repairOrphanedDoseIds(client);
 			expect(result2.repaired).toBe(0);
 			// Verify final state
 			const sat18 = new Date(2025, 9, 18).getTime();
 			const doses = await client.execute("SELECT dose_id FROM dose_tracking");
 			expect(doses.rows).toHaveLength(1);
 			expect(doses.rows[0].dose_id).toBe(`1-0-${sat18}`);
 		});
 		it("should handle multiple medications independently", async () => {
 			// Med 1: weekly Saturdays
 			const intakes1 = JSON.stringify([
 				{ usage: 1, every: 7, start: "2025-10-18T08:00:00", takenBy: null, intakeRemindersEnabled: false },
 			]);
 			await client.execute({
 				sql: `INSERT INTO medications (id, user_id, name, intakes_json, usage_json, every_json, start_json)
 				      VALUES (1, 1, 'Med 1', ?, '[1]', '[7]', '["2025-10-18T08:00:00"]')`,
 				args: [intakes1],
 			});
 			// Med 2: daily starting Oct 20 (valid IDs, no repair needed)
 			const intakes2 = JSON.stringify([
 				{ usage: 1, every: 1, start: "2025-10-20T08:00:00", takenBy: null, intakeRemindersEnabled: false },
 			]);
 			await client.execute({
 				sql: `INSERT INTO medications (id, user_id, name, intakes_json, usage_json, every_json, start_json)
 				      VALUES (2, 1, 'Med 2', ?, '[1]', '[1]', '["2025-10-20T08:00:00"]')`,
 				args: [intakes2],
 			});
 			// Med 1: orphaned Friday dose
 			const fri17 = new Date(2025, 9, 17).getTime();
 			await client.execute({
 				sql: "INSERT INTO dose_tracking (user_id, dose_id) VALUES (1, ?)",
 				args: [`1-0-${fri17}`],
 			});
 			// Med 2: valid daily dose
 			const oct20 = new Date(2025, 9, 20).getTime();
 			await client.execute({
 				sql: "INSERT INTO dose_tracking (user_id, dose_id) VALUES (1, ?)",
 				args: [`2-0-${oct20}`],
 			});
 			const result = await repairOrphanedDoseIds(client);
 			expect(result.repaired).toBe(1); // Only med 1 dose repaired
 			// Med 2 dose should be unchanged
 			const med2Doses = await client.execute("SELECT dose_id FROM dose_tracking WHERE dose_id LIKE '2-%'");
 			expect(med2Doses.rows[0].dose_id).toBe(`2-0-${oct20}`);
 		});
 		it("should handle legacy format (no intakes_json, uses usage/every/start arrays)", async () => {
 			// Medication with only legacy fields (intakes_json is '[]')
 			await client.execute({
 				sql: `INSERT INTO medications (id, user_id, name, intakes_json, usage_json, every_json, start_json)
 				      VALUES (1, 1, 'Legacy Med', '[]', '[1]', '[7]', '["2025-10-18T08:00:00"]')`,
 				args: [],
 			});
 			// Orphaned Friday dose
 			const fri17 = new Date(2025, 9, 17).getTime();
 			await client.execute({
 				sql: "INSERT INTO dose_tracking (user_id, dose_id) VALUES (1, ?)",
 				args: [`1-0-${fri17}`],
 			});
 			const result = await repairOrphanedDoseIds(client);
 			expect(result.repaired).toBe(1);
 			// Verify mapped to Saturday
 			const sat18 = new Date(2025, 9, 18).getTime();
 			const doses = await client.execute("SELECT dose_id FROM dose_tracking");
 			expect(doses.rows[0].dose_id).toBe(`1-0-${sat18}`);
 		});
 	});
 	describe("repairTrailingHyphenDoseIds", () => {
 		let client: ReturnType<typeof createClient>;
 		beforeEach(async () => {
 			client = createClient({ url: ":memory:" });
 			const db = drizzle(client);
 			await migrate(db, { migrationsFolder });
 			await client.execute("INSERT INTO users (id, username, auth_provider) VALUES (1, 'testuser', 'local')");
 		});
 		it("should return 0 repairs when no dose IDs have trailing hyphens", async () => {
 			const ts = new Date(2025, 9, 17).getTime();
 			await client.execute({
 				sql: "INSERT INTO dose_tracking (user_id, dose_id) VALUES (1, ?)",
 				args: [`1-0-${ts}`],
 			});
 			const result = await repairTrailingHyphenDoseIds(client);
 			expect(result.repaired).toBe(0);
 			expect(result.errors).toHaveLength(0);
 		});
 		it("should strip trailing hyphen from dose IDs", async () => {
 			const ts = new Date(2025, 9, 17).getTime();
 			await client.execute({
 				sql: "INSERT INTO dose_tracking (user_id, dose_id) VALUES (1, ?)",
 				args: [`1-0-${ts}-`],
 			});
 			const result = await repairTrailingHyphenDoseIds(client);
 			expect(result.repaired).toBe(1);
 			expect(result.errors).toHaveLength(0);
 			const doses = await client.execute("SELECT dose_id FROM dose_tracking");
 			expect(doses.rows[0].dose_id).toBe(`1-0-${ts}`);
 		});
 		it("should not modify dose IDs with valid person suffixes", async () => {
 			const ts = new Date(2025, 9, 17).getTime();
 			await client.execute({
 				sql: "INSERT INTO dose_tracking (user_id, dose_id) VALUES (1, ?)",
 				args: [`1-0-${ts}-Alice`],
 			});
 			const result = await repairTrailingHyphenDoseIds(client);
 			expect(result.repaired).toBe(0);
 			const doses = await client.execute("SELECT dose_id FROM dose_tracking");
 			expect(doses.rows[0].dose_id).toBe(`1-0-${ts}-Alice`);
 		});
 		it("should handle multiple trailing hyphens", async () => {
 			const ts = new Date(2025, 9, 17).getTime();
 			await client.execute({
 				sql: "INSERT INTO dose_tracking (user_id, dose_id) VALUES (1, ?)",
 				args: [`1-0-${ts}--`],
 			});
 			const result = await repairTrailingHyphenDoseIds(client);
 			expect(result.repaired).toBe(1);
 			const doses = await client.execute("SELECT dose_id FROM dose_tracking");
 			expect(doses.rows[0].dose_id).toBe(`1-0-${ts}`);
 		});
 		it("should repair multiple affected rows at once", async () => {
 			const ts1 = new Date(2025, 9, 17).getTime();
 			const ts2 = new Date(2025, 9, 24).getTime();
 			const ts3 = new Date(2025, 9, 31).getTime();
 			await client.execute({
 				sql: "INSERT INTO dose_tracking (user_id, dose_id) VALUES (1, ?), (1, ?), (1, ?)",
 				args: [`1-0-${ts1}-`, `2-0-${ts2}-`, `1-0-${ts3}`],
 			});
 			const result = await repairTrailingHyphenDoseIds(client);
 			expect(result.repaired).toBe(2); // Only 2 had trailing hyphens
 			expect(result.errors).toHaveLength(0);
 			const doses = await client.execute("SELECT dose_id FROM dose_tracking ORDER BY dose_id");
 			const ids = doses.rows.map((r) => r.dose_id);
 			expect(ids).toContain(`1-0-${ts1}`);
 			expect(ids).toContain(`2-0-${ts2}`);
 			expect(ids).toContain(`1-0-${ts3}`);
 		});
 		it("should be idempotent - running twice has no effect the second time", async () => {
 			const ts = new Date(2025, 9, 17).getTime();
 			await client.execute({
 				sql: "INSERT INTO dose_tracking (user_id, dose_id) VALUES (1, ?)",
 				args: [`1-0-${ts}-`],
 			});
 			const result1 = await repairTrailingHyphenDoseIds(client);
 			expect(result1.repaired).toBe(1);
 			const result2 = await repairTrailingHyphenDoseIds(client);
 			expect(result2.repaired).toBe(0);
 		});
 	});
 });
@@ -0,0 +1,542 @@
 /**
 * Tests for /doses/taken API endpoints.
 * Tests marking doses as taken, listing taken doses, and unmarking.
 */
 import { afterAll, beforeAll, beforeEach, describe, expect, it } from "vitest";
 import { buildTestApp, clearTestData, closeTestApp, createTestUser, type TestContext } from "./setup.js";
 // =============================================================================
 // Route Registration
 // Since we can't easily import routes that depend on the global db,
 // we'll create simplified route handlers for testing the core logic.
 // =============================================================================
 async function registerDoseRoutes(ctx: TestContext) {
 	const { app, client } = ctx;
 	// GET /doses/taken - List all taken doses
 	app.get("/doses/taken", async (_request, _reply) => {
 		// In test mode, use user ID 1 (will be created in tests)
 		const userId = 1;
 		const result = await client.execute({
 			sql: `SELECT dose_id, taken_at, marked_by FROM dose_tracking WHERE user_id = ?`,
 			args: [userId],
 		});
 		return {
 			doses: result.rows.map((d) => ({
 				doseId: d.dose_id,
 				takenAt: (d.taken_at as number) * 1000, // Convert to ms
 				markedBy: d.marked_by,
 			})),
 		};
 	});
 	// POST /doses/taken - Mark a dose as taken
 	app.post<{ Body: { doseId: string } }>("/doses/taken", async (request, reply) => {
 		const userId = 1;
 		const { doseId } = request.body || {};
 		if (!doseId || typeof doseId !== "string" || doseId.length === 0) {
 			return reply.status(400).send({ error: "doseId is required" });
 		}
 		// Check if already marked
 		const existing = await client.execute({
 			sql: `SELECT id FROM dose_tracking WHERE user_id = ? AND dose_id = ?`,
 			args: [userId, doseId],
 		});
 		if (existing.rows.length > 0) {
 			return { success: true, message: "Already marked" };
 		}
 		// Insert new record
 		await client.execute({
 			sql: `INSERT INTO dose_tracking (user_id, dose_id, marked_by) VALUES (?, ?, NULL)`,
 			args: [userId, doseId],
 		});
 		return { success: true };
 	});
 	// DELETE /doses/taken/:doseId - Unmark a dose
 	app.delete<{ Params: { doseId: string } }>("/doses/taken/:doseId", async (request, _reply) => {
 		const userId = 1;
 		const { doseId } = request.params;
 		// Check if this dose was also dismissed
 		const existing = await client.execute({
 			sql: `SELECT id, dismissed FROM dose_tracking WHERE user_id = ? AND dose_id = ?`,
 			args: [userId, doseId],
 		});
 		if (existing.rows.length > 0 && existing.rows[0].dismissed) {
 			// Already dismissed - keep the record as-is (don't delete)
 			// The dose stays dismissed, we just ignore the undo request
 		} else {
 			// Not dismissed - delete the record entirely
 			await client.execute({
 				sql: `DELETE FROM dose_tracking WHERE user_id = ? AND dose_id = ?`,
 				args: [userId, doseId],
 			});
 		}
 		return { success: true };
 	});
 	// POST /doses/dismiss - Dismiss missed doses without deducting stock
 	app.post<{ Body: { doseIds: string[] } }>("/doses/dismiss", async (request, reply) => {
 		const userId = 1;
 		const { doseIds } = request.body || {};
 		if (!doseIds || !Array.isArray(doseIds) || doseIds.length === 0) {
 			return reply.status(400).send({ error: "doseIds array is required" });
 		}
 		let dismissedCount = 0;
 		for (const doseId of doseIds) {
 			// Check if already exists
 			const existing = await client.execute({
 				sql: `SELECT id, dismissed FROM dose_tracking WHERE user_id = ? AND dose_id = ?`,
 				args: [userId, doseId],
 			});
 			if (existing.rows.length > 0) {
 				// Update to dismissed if not already
 				if (!existing.rows[0].dismissed) {
 					await client.execute({
 						sql: `UPDATE dose_tracking SET dismissed = 1 WHERE id = ?`,
 						args: [existing.rows[0].id],
 					});
 					dismissedCount++;
 				}
 			} else {
 				// Insert new dismissed record
 				await client.execute({
 					sql: `INSERT INTO dose_tracking (user_id, dose_id, dismissed) VALUES (?, ?, 1)`,
 					args: [userId, doseId],
 				});
 				dismissedCount++;
 			}
 		}
 		return { success: true, dismissedCount };
 	});
 }
 // =============================================================================
 // Tests
 // =============================================================================
 describe("Dose Tracking API", () => {
 	let ctx: TestContext;
 	let userId: number;
 	beforeAll(async () => {
 		ctx = await buildTestApp();
 		await registerDoseRoutes(ctx);
 		await ctx.app.ready();
 	});
 	afterAll(async () => {
 		await closeTestApp(ctx);
 	});
 	beforeEach(async () => {
 		await clearTestData(ctx.client);
 		// Create test user - will get ID 1 since table is cleared
 		userId = await createTestUser(ctx.client, { username: "testuser" });
 		// Reset SQLite autoincrement so user gets ID 1
 		await ctx.client.execute("DELETE FROM sqlite_sequence WHERE name='users'");
 		await clearTestData(ctx.client);
 		userId = await createTestUser(ctx.client, { username: "testuser" });
 	});
 	// ---------------------------------------------------------------------------
 	// POST /doses/taken
 	// ---------------------------------------------------------------------------
 	describe("POST /doses/taken", () => {
 		it("should mark a dose as taken", async () => {
 			const doseId = "1-0-1735344000000";
 			const response = await ctx.app.inject({
 				method: "POST",
 				url: "/doses/taken",
 				payload: { doseId },
 			});
 			expect(response.statusCode).toBe(200);
 			expect(response.json()).toEqual({ success: true });
 			// Verify in database
 			const result = await ctx.client.execute({
 				sql: `SELECT dose_id, marked_by FROM dose_tracking WHERE user_id = ? AND dose_id = ?`,
 				args: [userId, doseId],
 			});
 			expect(result.rows.length).toBe(1);
 			expect(result.rows[0].dose_id).toBe(doseId);
 			expect(result.rows[0].marked_by).toBeNull();
 		});
 		it("should return idempotent response when dose already marked", async () => {
 			const doseId = "1-0-1735344000000";
 			// Mark once
 			await ctx.app.inject({
 				method: "POST",
 				url: "/doses/taken",
 				payload: { doseId },
 			});
 			// Mark again
 			const response = await ctx.app.inject({
 				method: "POST",
 				url: "/doses/taken",
 				payload: { doseId },
 			});
 			expect(response.statusCode).toBe(200);
 			expect(response.json()).toEqual({ success: true, message: "Already marked" });
 			// Should still only have one record
 			const result = await ctx.client.execute({
 				sql: `SELECT COUNT(*) as count FROM dose_tracking WHERE user_id = ? AND dose_id = ?`,
 				args: [userId, doseId],
 			});
 			expect(result.rows[0].count).toBe(1);
 		});
 		it("should reject request without doseId", async () => {
 			const response = await ctx.app.inject({
 				method: "POST",
 				url: "/doses/taken",
 				payload: {},
 			});
 			expect(response.statusCode).toBe(400);
 			expect(response.json()).toEqual({ error: "doseId is required" });
 		});
 		it("should reject request with empty doseId", async () => {
 			const response = await ctx.app.inject({
 				method: "POST",
 				url: "/doses/taken",
 				payload: { doseId: "" },
 			});
 			expect(response.statusCode).toBe(400);
 			expect(response.json()).toEqual({ error: "doseId is required" });
 		});
 	});
 	// ---------------------------------------------------------------------------
 	// GET /doses/taken
 	// ---------------------------------------------------------------------------
 	describe("GET /doses/taken", () => {
 		it("should return empty array when no doses taken", async () => {
 			const response = await ctx.app.inject({
 				method: "GET",
 				url: "/doses/taken",
 			});
 			expect(response.statusCode).toBe(200);
 			expect(response.json()).toEqual({ doses: [] });
 		});
 		it("should return list of taken doses", async () => {
 			const doseId1 = "1-0-1735344000000";
 			const doseId2 = "1-0-1735430400000";
 			// Mark two doses
 			await ctx.app.inject({
 				method: "POST",
 				url: "/doses/taken",
 				payload: { doseId: doseId1 },
 			});
 			await ctx.app.inject({
 				method: "POST",
 				url: "/doses/taken",
 				payload: { doseId: doseId2 },
 			});
 			const response = await ctx.app.inject({
 				method: "GET",
 				url: "/doses/taken",
 			});
 			expect(response.statusCode).toBe(200);
 			const data = response.json();
 			expect(data.doses).toHaveLength(2);
 			expect(data.doses.map((d: any) => d.doseId).sort()).toEqual([doseId1, doseId2].sort());
 			// Each dose should have a takenAt timestamp
 			for (const dose of data.doses) {
 				expect(dose.takenAt).toBeTypeOf("number");
 				expect(dose.takenAt).toBeGreaterThan(0);
 				expect(dose.markedBy).toBeNull();
 			}
 		});
 		it("should include markedBy when present", async () => {
 			const doseId = "1-0-1735344000000";
 			// Insert directly with markedBy
 			await ctx.client.execute({
 				sql: `INSERT INTO dose_tracking (user_id, dose_id, marked_by) VALUES (?, ?, ?)`,
 				args: [userId, doseId, "Daniel"],
 			});
 			const response = await ctx.app.inject({
 				method: "GET",
 				url: "/doses/taken",
 			});
 			expect(response.statusCode).toBe(200);
 			const data = response.json();
 			expect(data.doses).toHaveLength(1);
 			expect(data.doses[0].markedBy).toBe("Daniel");
 		});
 	});
 	// ---------------------------------------------------------------------------
 	// DELETE /doses/taken/:doseId
 	// ---------------------------------------------------------------------------
 	describe("DELETE /doses/taken/:doseId", () => {
 		it("should unmark a dose", async () => {
 			const doseId = "1-0-1735344000000";
 			// Mark first
 			await ctx.app.inject({
 				method: "POST",
 				url: "/doses/taken",
 				payload: { doseId },
 			});
 			// Verify marked
 			let result = await ctx.client.execute({
 				sql: `SELECT COUNT(*) as count FROM dose_tracking WHERE dose_id = ?`,
 				args: [doseId],
 			});
 			expect(result.rows[0].count).toBe(1);
 			// Unmark
 			const response = await ctx.app.inject({
 				method: "DELETE",
 				url: `/doses/taken/${encodeURIComponent(doseId)}`,
 			});
 			expect(response.statusCode).toBe(200);
 			expect(response.json()).toEqual({ success: true });
 			// Verify unmarked
 			result = await ctx.client.execute({
 				sql: `SELECT COUNT(*) as count FROM dose_tracking WHERE dose_id = ?`,
 				args: [doseId],
 			});
 			expect(result.rows[0].count).toBe(0);
 		});
 		it("should succeed even if dose was not marked", async () => {
 			const doseId = "nonexistent-dose-id";
 			const response = await ctx.app.inject({
 				method: "DELETE",
 				url: `/doses/taken/${encodeURIComponent(doseId)}`,
 			});
 			expect(response.statusCode).toBe(200);
 			expect(response.json()).toEqual({ success: true });
 		});
 		it("should preserve dismissed status when unmarking a dose", async () => {
 			const doseId = "1-0-1735344000000";
 			// First dismiss the dose
 			await ctx.app.inject({
 				method: "POST",
 				url: "/doses/dismiss",
 				payload: { doseIds: [doseId] },
 			});
 			// Verify it's dismissed
 			let result = await ctx.client.execute({
 				sql: `SELECT dismissed, taken_at FROM dose_tracking WHERE dose_id = ?`,
 				args: [doseId],
 			});
 			expect(result.rows[0].dismissed).toBe(1);
 			const originalTakenAt = result.rows[0].taken_at;
 			// Now try to unmark it (undo) - should keep the dismissed record
 			const response = await ctx.app.inject({
 				method: "DELETE",
 				url: `/doses/taken/${encodeURIComponent(doseId)}`,
 			});
 			expect(response.statusCode).toBe(200);
 			expect(response.json()).toEqual({ success: true });
 			// Verify the record still exists and is still dismissed
 			result = await ctx.client.execute({
 				sql: `SELECT dose_id, dismissed, taken_at FROM dose_tracking WHERE dose_id = ?`,
 				args: [doseId],
 			});
 			expect(result.rows.length).toBe(1);
 			expect(result.rows[0].dismissed).toBe(1);
 			expect(result.rows[0].taken_at).toBe(originalTakenAt); // unchanged
 		});
 	});
 	// ---------------------------------------------------------------------------
 	// Dose ID Format Tests
 	// ---------------------------------------------------------------------------
 	describe("Dose ID Format", () => {
 		it("should handle standard dose ID format: {medId}-{blisterIdx}-{timestamp}", async () => {
 			const doseId = "5-0-1735344000000";
 			const response = await ctx.app.inject({
 				method: "POST",
 				url: "/doses/taken",
 				payload: { doseId },
 			});
 			expect(response.statusCode).toBe(200);
 			expect(response.json()).toEqual({ success: true });
 		});
 		it("should handle dose ID with person: {medId}-{blisterIdx}-{timestamp}-{person}", async () => {
 			const doseId = "5-0-1735344000000-Daniel";
 			const response = await ctx.app.inject({
 				method: "POST",
 				url: "/doses/taken",
 				payload: { doseId },
 			});
 			expect(response.statusCode).toBe(200);
 			expect(response.json()).toEqual({ success: true });
 		});
 		it("should handle special characters in dose ID", async () => {
 			// Dose ID with URL-unsafe characters (edge case)
 			const doseId = "5-0-1735344000000-Max Müller";
 			const response = await ctx.app.inject({
 				method: "POST",
 				url: "/doses/taken",
 				payload: { doseId },
 			});
 			expect(response.statusCode).toBe(200);
 			// Can retrieve it
 			const getResponse = await ctx.app.inject({
 				method: "GET",
 				url: "/doses/taken",
 			});
 			expect(getResponse.json().doses[0].doseId).toBe(doseId);
 		});
 	});
 	// ---------------------------------------------------------------------------
 	// Dismiss Doses Tests (POST /doses/dismiss)
 	// ---------------------------------------------------------------------------
 	describe("POST /doses/dismiss", () => {
 		it("should dismiss multiple doses", async () => {
 			const doseIds = ["1-0-1735344000000", "1-0-1735430400000"];
 			const response = await ctx.app.inject({
 				method: "POST",
 				url: "/doses/dismiss",
 				payload: { doseIds },
 			});
 			expect(response.statusCode).toBe(200);
 			expect(response.json()).toEqual({ success: true, dismissedCount: 2 });
 			// Verify in database
 			const result = await ctx.client.execute({
 				sql: `SELECT dose_id, dismissed FROM dose_tracking WHERE user_id = ? AND dismissed = 1`,
 				args: [userId],
 			});
 			expect(result.rows.length).toBe(2);
 		});
 		it("should not double-count already dismissed doses", async () => {
 			const doseId = "1-0-1735344000000";
 			// Dismiss once
 			await ctx.app.inject({
 				method: "POST",
 				url: "/doses/dismiss",
 				payload: { doseIds: [doseId] },
 			});
 			// Dismiss again
 			const response = await ctx.app.inject({
 				method: "POST",
 				url: "/doses/dismiss",
 				payload: { doseIds: [doseId] },
 			});
 			expect(response.statusCode).toBe(200);
 			expect(response.json()).toEqual({ success: true, dismissedCount: 0 });
 		});
 		it("should reject empty doseIds array", async () => {
 			const response = await ctx.app.inject({
 				method: "POST",
 				url: "/doses/dismiss",
 				payload: { doseIds: [] },
 			});
 			expect(response.statusCode).toBe(400);
 			expect(response.json()).toEqual({ error: "doseIds array is required" });
 		});
 		it("should reject missing doseIds", async () => {
 			const response = await ctx.app.inject({
 				method: "POST",
 				url: "/doses/dismiss",
 				payload: {},
 			});
 			expect(response.statusCode).toBe(400);
 			expect(response.json()).toEqual({ error: "doseIds array is required" });
 		});
 		it("should dismiss a dose that was already taken (convert to dismissed)", async () => {
 			const doseId = "1-0-1735344000000";
 			// First mark as taken
 			await ctx.app.inject({
 				method: "POST",
 				url: "/doses/taken",
 				payload: { doseId },
 			});
 			// Then dismiss it
 			const response = await ctx.app.inject({
 				method: "POST",
 				url: "/doses/dismiss",
 				payload: { doseIds: [doseId] },
 			});
 			expect(response.statusCode).toBe(200);
 			expect(response.json()).toEqual({ success: true, dismissedCount: 1 });
 			// Verify it's now dismissed
 			const result = await ctx.client.execute({
 				sql: `SELECT dismissed FROM dose_tracking WHERE user_id = ? AND dose_id = ?`,
 				args: [userId, doseId],
 			});
 			expect(result.rows[0].dismissed).toBe(1);
 		});
 	});
 });
@@ -0,0 +1,386 @@
 import { describe, expect, it, vi } from "vitest";
 import { z } from "zod";
 // Mock process.exit to prevent tests from exiting
 const mockExit = vi.fn();
 vi.spyOn(process, "exit").mockImplementation(mockExit as any);
 // Re-create the schema from env.ts for testing
 const EnvSchema = z.object({
 	NODE_ENV: z.enum(["development", "production", "test"]).default("production"),
 	PORT: z
 		.string()
 		.transform((v) => parseInt(v, 10))
 		.default("3000"),
 	CORS_ORIGINS: z.string().default("http://localhost:5173,http://localhost:4173"),
 	LOG_LEVEL: z.string().default("info"),
 	AUTH_ENABLED: z
 		.string()
 		.transform((v) => v === "true")
 		.default("false"),
 	REGISTRATION_ENABLED: z
 		.string()
 		.transform((v) => v === "true")
 		.default("false"),
 	JWT_SECRET: z.string().min(10).optional(),
 	REFRESH_SECRET: z.string().min(10).optional(),
 	COOKIE_SECRET: z.string().min(10).optional(),
 	ACCESS_TOKEN_TTL_MINUTES: z
 		.string()
 		.transform((v) => parseInt(v, 10))
 		.default("15"),
 	REFRESH_TOKEN_TTL_DAYS: z
 		.string()
 		.transform((v) => parseInt(v, 10))
 		.default("7"),
 	OIDC_ENABLED: z
 		.string()
 		.transform((v) => v === "true")
 		.default("false"),
 	OIDC_ISSUER_URL: z.string().url().optional(),
 	OIDC_CLIENT_ID: z.string().optional(),
 	OIDC_CLIENT_SECRET: z.string().optional(),
 	OIDC_REDIRECT_URI: z.string().url().optional(),
 	OIDC_SCOPES: z.string().default("openid profile email"),
 	OIDC_AUTO_CREATE_USERS: z
 		.string()
 		.transform((v) => v === "true")
 		.default("true"),
 	OIDC_USERNAME_CLAIM: z.string().default("preferred_username"),
 	OIDC_PROVIDER_NAME: z.string().default("SSO"),
 });
 // Validation functions from env.ts
 function validateAuthSecrets(parsed: z.infer<typeof EnvSchema>): string[] {
 	const missing: string[] = [];
 	if (parsed.AUTH_ENABLED) {
 		if (!parsed.JWT_SECRET) missing.push("JWT_SECRET");
 		if (!parsed.REFRESH_SECRET) missing.push("REFRESH_SECRET");
 		if (!parsed.COOKIE_SECRET) missing.push("COOKIE_SECRET");
 	}
 	return missing;
 }
 function validateOidcConfig(parsed: z.infer<typeof EnvSchema>): string[] {
 	const missing: string[] = [];
 	if (parsed.OIDC_ENABLED) {
 		if (!parsed.OIDC_ISSUER_URL) missing.push("OIDC_ISSUER_URL");
 		if (!parsed.OIDC_CLIENT_ID) missing.push("OIDC_CLIENT_ID");
 		if (!parsed.OIDC_CLIENT_SECRET) missing.push("OIDC_CLIENT_SECRET");
 		if (!parsed.OIDC_REDIRECT_URI) missing.push("OIDC_REDIRECT_URI");
 	}
 	return missing;
 }
 describe("EnvSchema", () => {
 	describe("default values", () => {
 		it("should use default values when env vars are empty", () => {
 			const result = EnvSchema.parse({});
 			expect(result.NODE_ENV).toBe("production");
 			expect(result.PORT).toBe(3000);
 			expect(result.CORS_ORIGINS).toBe("http://localhost:5173,http://localhost:4173");
 			expect(result.LOG_LEVEL).toBe("info");
 			expect(result.AUTH_ENABLED).toBe(false);
 			expect(result.REGISTRATION_ENABLED).toBe(false);
 			expect(result.ACCESS_TOKEN_TTL_MINUTES).toBe(15);
 			expect(result.REFRESH_TOKEN_TTL_DAYS).toBe(7);
 			expect(result.OIDC_ENABLED).toBe(false);
 			expect(result.OIDC_SCOPES).toBe("openid profile email");
 			expect(result.OIDC_AUTO_CREATE_USERS).toBe(true);
 			expect(result.OIDC_USERNAME_CLAIM).toBe("preferred_username");
 			expect(result.OIDC_PROVIDER_NAME).toBe("SSO");
 		});
 	});
 	describe("NODE_ENV validation", () => {
 		it("should accept development", () => {
 			const result = EnvSchema.parse({ NODE_ENV: "development" });
 			expect(result.NODE_ENV).toBe("development");
 		});
 		it("should accept production", () => {
 			const result = EnvSchema.parse({ NODE_ENV: "production" });
 			expect(result.NODE_ENV).toBe("production");
 		});
 		it("should accept test", () => {
 			const result = EnvSchema.parse({ NODE_ENV: "test" });
 			expect(result.NODE_ENV).toBe("test");
 		});
 		it("should reject invalid NODE_ENV values", () => {
 			expect(() => EnvSchema.parse({ NODE_ENV: "staging" })).toThrow();
 			expect(() => EnvSchema.parse({ NODE_ENV: "invalid" })).toThrow();
 		});
 	});
 	describe("PORT transformation", () => {
 		it("should transform string PORT to number", () => {
 			const result = EnvSchema.parse({ PORT: "8080" });
 			expect(result.PORT).toBe(8080);
 		});
 		it("should use default port when not provided", () => {
 			const result = EnvSchema.parse({});
 			expect(result.PORT).toBe(3000);
 		});
 	});
 	describe("boolean transformations", () => {
 		it("should transform AUTH_ENABLED=true to boolean true", () => {
 			const result = EnvSchema.parse({ AUTH_ENABLED: "true" });
 			expect(result.AUTH_ENABLED).toBe(true);
 		});
 		it("should transform AUTH_ENABLED=false to boolean false", () => {
 			const result = EnvSchema.parse({ AUTH_ENABLED: "false" });
 			expect(result.AUTH_ENABLED).toBe(false);
 		});
 		it("should treat non-true string as false", () => {
 			const result = EnvSchema.parse({ AUTH_ENABLED: "yes" });
 			expect(result.AUTH_ENABLED).toBe(false);
 		});
 		it("should transform REGISTRATION_ENABLED correctly", () => {
 			expect(EnvSchema.parse({ REGISTRATION_ENABLED: "true" }).REGISTRATION_ENABLED).toBe(true);
 			expect(EnvSchema.parse({ REGISTRATION_ENABLED: "false" }).REGISTRATION_ENABLED).toBe(false);
 		});
 		it("should transform OIDC_ENABLED correctly", () => {
 			expect(EnvSchema.parse({ OIDC_ENABLED: "true" }).OIDC_ENABLED).toBe(true);
 			expect(EnvSchema.parse({ OIDC_ENABLED: "false" }).OIDC_ENABLED).toBe(false);
 		});
 		it("should transform OIDC_AUTO_CREATE_USERS correctly", () => {
 			expect(EnvSchema.parse({ OIDC_AUTO_CREATE_USERS: "true" }).OIDC_AUTO_CREATE_USERS).toBe(true);
 			expect(EnvSchema.parse({ OIDC_AUTO_CREATE_USERS: "false" }).OIDC_AUTO_CREATE_USERS).toBe(false);
 		});
 	});
 	describe("JWT secret validation", () => {
 		it("should accept JWT_SECRET with 10+ characters", () => {
 			const result = EnvSchema.parse({ JWT_SECRET: "1234567890" });
 			expect(result.JWT_SECRET).toBe("1234567890");
 		});
 		it("should reject JWT_SECRET with less than 10 characters", () => {
 			expect(() => EnvSchema.parse({ JWT_SECRET: "123456789" })).toThrow();
 		});
 		it("should allow optional JWT_SECRET", () => {
 			const result = EnvSchema.parse({});
 			expect(result.JWT_SECRET).toBeUndefined();
 		});
 	});
 	describe("TTL transformations", () => {
 		it("should transform ACCESS_TOKEN_TTL_MINUTES to number", () => {
 			const result = EnvSchema.parse({ ACCESS_TOKEN_TTL_MINUTES: "30" });
 			expect(result.ACCESS_TOKEN_TTL_MINUTES).toBe(30);
 		});
 		it("should transform REFRESH_TOKEN_TTL_DAYS to number", () => {
 			const result = EnvSchema.parse({ REFRESH_TOKEN_TTL_DAYS: "14" });
 			expect(result.REFRESH_TOKEN_TTL_DAYS).toBe(14);
 		});
 	});
 	describe("OIDC URL validation", () => {
 		it("should accept valid OIDC_ISSUER_URL", () => {
 			const result = EnvSchema.parse({ OIDC_ISSUER_URL: "https://auth.example.com" });
 			expect(result.OIDC_ISSUER_URL).toBe("https://auth.example.com");
 		});
 		it("should reject invalid OIDC_ISSUER_URL", () => {
 			expect(() => EnvSchema.parse({ OIDC_ISSUER_URL: "not-a-url" })).toThrow();
 		});
 		it("should accept valid OIDC_REDIRECT_URI", () => {
 			const result = EnvSchema.parse({ OIDC_REDIRECT_URI: "https://app.example.com/callback" });
 			expect(result.OIDC_REDIRECT_URI).toBe("https://app.example.com/callback");
 		});
 		it("should reject invalid OIDC_REDIRECT_URI", () => {
 			expect(() => EnvSchema.parse({ OIDC_REDIRECT_URI: "invalid" })).toThrow();
 		});
 	});
 	describe("CORS_ORIGINS parsing", () => {
 		it("should accept comma-separated origins", () => {
 			const result = EnvSchema.parse({ CORS_ORIGINS: "http://a.com,http://b.com" });
 			expect(result.CORS_ORIGINS).toBe("http://a.com,http://b.com");
 		});
 		it("should accept single origin", () => {
 			const result = EnvSchema.parse({ CORS_ORIGINS: "http://localhost:3000" });
 			expect(result.CORS_ORIGINS).toBe("http://localhost:3000");
 		});
 	});
 });
 describe("Auth validation", () => {
 	it("should require secrets when AUTH_ENABLED=true", () => {
 		const parsed = EnvSchema.parse({ AUTH_ENABLED: "true" });
 		const missing = validateAuthSecrets(parsed);
 		expect(missing).toContain("JWT_SECRET");
 		expect(missing).toContain("REFRESH_SECRET");
 		expect(missing).toContain("COOKIE_SECRET");
 	});
 	it("should not require secrets when AUTH_ENABLED=false", () => {
 		const parsed = EnvSchema.parse({ AUTH_ENABLED: "false" });
 		const missing = validateAuthSecrets(parsed);
 		expect(missing).toHaveLength(0);
 	});
 	it("should pass validation with all secrets provided", () => {
 		const parsed = EnvSchema.parse({
 			AUTH_ENABLED: "true",
 			JWT_SECRET: "super-secret-jwt-key-12345",
 			REFRESH_SECRET: "super-secret-refresh-key-12345",
 			COOKIE_SECRET: "super-secret-cookie-key-12345",
 		});
 		const missing = validateAuthSecrets(parsed);
 		expect(missing).toHaveLength(0);
 	});
 	it("should identify which specific secrets are missing", () => {
 		const parsed = EnvSchema.parse({
 			AUTH_ENABLED: "true",
 			JWT_SECRET: "super-secret-jwt-key-12345",
 			// REFRESH_SECRET missing
 			COOKIE_SECRET: "super-secret-cookie-key-12345",
 		});
 		const missing = validateAuthSecrets(parsed);
 		expect(missing).toHaveLength(1);
 		expect(missing).toContain("REFRESH_SECRET");
 	});
 });
 describe("OIDC validation", () => {
 	it("should require all OIDC settings when OIDC_ENABLED=true", () => {
 		const parsed = EnvSchema.parse({ OIDC_ENABLED: "true" });
 		const missing = validateOidcConfig(parsed);
 		expect(missing).toContain("OIDC_ISSUER_URL");
 		expect(missing).toContain("OIDC_CLIENT_ID");
 		expect(missing).toContain("OIDC_CLIENT_SECRET");
 		expect(missing).toContain("OIDC_REDIRECT_URI");
 	});
 	it("should not require OIDC settings when OIDC_ENABLED=false", () => {
 		const parsed = EnvSchema.parse({ OIDC_ENABLED: "false" });
 		const missing = validateOidcConfig(parsed);
 		expect(missing).toHaveLength(0);
 	});
 	it("should pass validation with all OIDC settings provided", () => {
 		const parsed = EnvSchema.parse({
 			OIDC_ENABLED: "true",
 			OIDC_ISSUER_URL: "https://auth.example.com",
 			OIDC_CLIENT_ID: "my-client-id",
 			OIDC_CLIENT_SECRET: "my-client-secret",
 			OIDC_REDIRECT_URI: "https://app.example.com/callback",
 		});
 		const missing = validateOidcConfig(parsed);
 		expect(missing).toHaveLength(0);
 	});
 	it("should identify which specific OIDC settings are missing", () => {
 		const parsed = EnvSchema.parse({
 			OIDC_ENABLED: "true",
 			OIDC_ISSUER_URL: "https://auth.example.com",
 			OIDC_CLIENT_ID: "my-client-id",
 			// OIDC_CLIENT_SECRET missing
 			// OIDC_REDIRECT_URI missing
 		});
 		const missing = validateOidcConfig(parsed);
 		expect(missing).toHaveLength(2);
 		expect(missing).toContain("OIDC_CLIENT_SECRET");
 		expect(missing).toContain("OIDC_REDIRECT_URI");
 	});
 });
 describe("Full configuration scenarios", () => {
 	it("should parse minimal config (auth disabled)", () => {
 		const result = EnvSchema.parse({});
 		expect(result.AUTH_ENABLED).toBe(false);
 		expect(result.OIDC_ENABLED).toBe(false);
 	});
 	it("should parse full production config with auth enabled", () => {
 		const env = {
 			NODE_ENV: "production",
 			PORT: "8080",
 			CORS_ORIGINS: "https://myapp.com",
 			LOG_LEVEL: "warn",
 			AUTH_ENABLED: "true",
 			REGISTRATION_ENABLED: "false",
 			JWT_SECRET: "production-jwt-secret-key-12345",
 			REFRESH_SECRET: "production-refresh-secret-key-12345",
 			COOKIE_SECRET: "production-cookie-secret-key-12345",
 			ACCESS_TOKEN_TTL_MINUTES: "30",
 			REFRESH_TOKEN_TTL_DAYS: "14",
 		};
 		const result = EnvSchema.parse(env);
 		expect(result.NODE_ENV).toBe("production");
 		expect(result.PORT).toBe(8080);
 		expect(result.CORS_ORIGINS).toBe("https://myapp.com");
 		expect(result.LOG_LEVEL).toBe("warn");
 		expect(result.AUTH_ENABLED).toBe(true);
 		expect(result.REGISTRATION_ENABLED).toBe(false);
 		expect(result.ACCESS_TOKEN_TTL_MINUTES).toBe(30);
 		expect(result.REFRESH_TOKEN_TTL_DAYS).toBe(14);
 		// Should pass auth validation
 		const missing = validateAuthSecrets(result);
 		expect(missing).toHaveLength(0);
 	});
 	it("should parse config with OIDC SSO enabled", () => {
 		const env = {
 			AUTH_ENABLED: "true",
 			JWT_SECRET: "production-jwt-secret-key-12345",
 			REFRESH_SECRET: "production-refresh-secret-key-12345",
 			COOKIE_SECRET: "production-cookie-secret-key-12345",
 			OIDC_ENABLED: "true",
 			OIDC_ISSUER_URL: "https://authelia.example.com",
 			OIDC_CLIENT_ID: "medassist",
 			OIDC_CLIENT_SECRET: "super-secret-oidc-secret",
 			OIDC_REDIRECT_URI: "https://medassist.example.com/api/auth/oidc/callback",
 			OIDC_SCOPES: "openid profile email groups",
 			OIDC_USERNAME_CLAIM: "email",
 			OIDC_PROVIDER_NAME: "Authelia",
 		};
 		const result = EnvSchema.parse(env);
 		expect(result.OIDC_ENABLED).toBe(true);
 		expect(result.OIDC_ISSUER_URL).toBe("https://authelia.example.com");
 		expect(result.OIDC_SCOPES).toBe("openid profile email groups");
 		expect(result.OIDC_USERNAME_CLAIM).toBe("email");
 		expect(result.OIDC_PROVIDER_NAME).toBe("Authelia");
 		// Should pass both validations
 		expect(validateAuthSecrets(result)).toHaveLength(0);
 		expect(validateOidcConfig(result)).toHaveLength(0);
 	});
 	it("should parse development config", () => {
 		const env = {
 			NODE_ENV: "development",
 			PORT: "3000",
 			LOG_LEVEL: "debug",
 			AUTH_ENABLED: "false",
 		};
 		const result = EnvSchema.parse(env);
 		expect(result.NODE_ENV).toBe("development");
 		expect(result.LOG_LEVEL).toBe("debug");
 		expect(result.AUTH_ENABLED).toBe(false);
 	});
 });
@@ -0,0 +1,843 @@
 /**
 * Tests for /export and /import API endpoints.
 * Tests export/import functionality with schema-independent format.
 */
 import { randomBytes } from "node:crypto";
 import { afterAll, beforeAll, beforeEach, describe, expect, it } from "vitest";
 import {
 	buildTestApp,
 	clearTestData,
 	closeTestApp,
 	createTestMedication,
 	createTestUser,
 	type TestContext,
 } from "./setup.js";
 // =============================================================================
 // Route Registration (simplified test routes)
 // =============================================================================
 async function registerExportRoutes(ctx: TestContext) {
 	const { app, client } = ctx;
 	const userId = 1; // Test user ID
 	// Helper to parse blisters from DB
 	function parseBlisters(row: any): Array<{ usage: number; every: number; start: string; remind: boolean }> {
 		const usage = JSON.parse(row.usage_json || "[]") as number[];
 		const every = JSON.parse(row.every_json || "[]") as number[];
 		const start = JSON.parse(row.start_json || "[]") as string[];
 		const len = Math.min(usage.length, every.length, start.length);
 		return Array.from({ length: len }, (_, i) => ({
 			usage: usage[i],
 			every: every[i],
 			start: start[i],
 			remind: Boolean(row.intake_reminders_enabled),
 		}));
 	}
 	// GET /export
 	app.get<{ Querystring: { includeSensitive?: string } }>("/export", async (request, _reply) => {
 		const includeSensitive = request.query.includeSensitive === "true";
 		// Load medications
 		const medsResult = await client.execute({
 			sql: `SELECT * FROM medications WHERE user_id = ? ORDER BY id`,
 			args: [userId],
 		});
 		const medIdToExportId = new Map<number, string>();
 		const medications = medsResult.rows.map((m, i) => {
 			const exportId = `med-${i + 1}`;
 			medIdToExportId.set(m.id as number, exportId);
 			return {
 				_exportId: exportId,
 				name: m.name,
 				genericName: m.generic_name,
 				takenBy: JSON.parse((m.taken_by_json as string) || "[]"),
 				inventory: {
 					packCount: m.pack_count ?? 1,
 					blistersPerPack: m.blisters_per_pack ?? 1,
 					pillsPerBlister: m.pills_per_blister ?? 1,
 					looseTablets: m.loose_tablets ?? 0,
 				},
 				pillWeightMg: m.pill_weight_mg,
 				schedules: parseBlisters(m),
 				expiryDate: m.expiry_date,
 				notes: m.notes,
 				intakeRemindersEnabled: Boolean(m.intake_reminders_enabled),
 				image: null, // Skip images in test
 			};
 		});
 		// Load dose tracking
 		const dosesResult = await client.execute({
 			sql: `SELECT * FROM dose_tracking WHERE user_id = ?`,
 			args: [userId],
 		});
 		const doseHistory = dosesResult.rows
 			.map((d) => {
 				const parts = (d.dose_id as string).split("-");
 				if (parts.length < 3) return null;
 				const medId = parseInt(parts[0], 10);
 				const exportId = medIdToExportId.get(medId);
 				if (!exportId) return null;
 				return {
 					medicationRef: exportId,
 					scheduleIndex: parseInt(parts[1], 10),
 					scheduledTime: new Date(parseInt(parts[2], 10)).toISOString(),
 					takenAt: d.taken_at ? new Date((d.taken_at as number) * 1000).toISOString() : new Date().toISOString(),
 					markedBy: d.marked_by,
 				};
 			})
 			.filter(Boolean);
 		// Load settings
 		const settingsResult = await client.execute({
 			sql: `SELECT * FROM user_settings WHERE user_id = ?`,
 			args: [userId],
 		});
 		let settings;
 		if (settingsResult.rows.length > 0) {
 			const s = settingsResult.rows[0];
 			settings = {
 				emailEnabled: Boolean(s.email_enabled),
 				notificationEmail: s.notification_email,
 				emailStockReminders: Boolean(s.email_stock_reminders ?? 1),
 				emailIntakeReminders: Boolean(s.email_intake_reminders ?? 1),
 				shoutrrrEnabled: includeSensitive ? Boolean(s.shoutrrr_enabled) : undefined,
 				shoutrrrUrl: includeSensitive ? s.shoutrrr_url : undefined,
 				shoutrrrStockReminders: Boolean(s.shoutrrr_stock_reminders ?? 1),
 				shoutrrrIntakeReminders: Boolean(s.shoutrrr_intake_reminders ?? 1),
 				reminderDaysBefore: s.reminder_days_before ?? 7,
 				repeatDailyReminders: Boolean(s.repeat_daily_reminders),
 				skipRemindersForTakenDoses: Boolean(s.skip_reminders_for_taken_doses),
 				repeatRemindersEnabled: Boolean(s.repeat_reminders_enabled),
 				reminderRepeatIntervalMinutes: s.reminder_repeat_interval_minutes ?? 30,
 				maxNaggingReminders: s.max_nagging_reminders ?? 5,
 				lowStockDays: s.low_stock_days ?? 30,
 				normalStockDays: s.normal_stock_days ?? 90,
 				highStockDays: s.high_stock_days ?? 180,
 				language: s.language ?? "en",
 				stockCalculationMode: s.stock_calculation_mode ?? "automatic",
 			};
 		}
 		// Load share links
 		const sharesResult = await client.execute({
 			sql: `SELECT * FROM share_tokens WHERE user_id = ?`,
 			args: [userId],
 		});
 		const shareLinks = sharesResult.rows.map((s) => ({
 			takenBy: s.taken_by,
 			scheduleDays: s.schedule_days ?? 30,
 			expiresAt: s.expires_at ? new Date((s.expires_at as number) * 1000).toISOString() : null,
 			regenerateToken: true,
 		}));
 		return {
 			version: "1.0",
 			exportedAt: new Date().toISOString(),
 			includeSensitiveData: includeSensitive,
 			medications,
 			doseHistory,
 			settings,
 			shareLinks,
 		};
 	});
 	// POST /import
 	app.post<{ Body: any }>("/import", async (request, reply) => {
 		const importData = request.body as any;
 		// Basic validation
 		if (!importData.version) {
 			return reply.status(400).send({ error: "Invalid import data format" });
 		}
 		// Delete existing data
 		await client.execute({ sql: `DELETE FROM dose_tracking WHERE user_id = ?`, args: [userId] });
 		await client.execute({ sql: `DELETE FROM share_tokens WHERE user_id = ?`, args: [userId] });
 		await client.execute({ sql: `DELETE FROM medications WHERE user_id = ?`, args: [userId] });
 		await client.execute({ sql: `DELETE FROM user_settings WHERE user_id = ?`, args: [userId] });
 		// Import medications
 		const exportIdToNewId = new Map<string, number>();
 		for (const med of importData.medications || []) {
 			const usageJson = JSON.stringify((med.schedules || []).map((s: any) => s.usage));
 			const everyJson = JSON.stringify((med.schedules || []).map((s: any) => s.every));
 			const startJson = JSON.stringify((med.schedules || []).map((s: any) => s.start));
 			const takenByJson = JSON.stringify(med.takenBy || []);
 			const result = await client.execute({
 				sql: `INSERT INTO medications (
          user_id, name, generic_name, taken_by_json,
          pack_count, blisters_per_pack, pills_per_blister, loose_tablets,
          pill_weight_mg, expiry_date, notes, intake_reminders_enabled,
          usage_json, every_json, start_json
        ) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?) RETURNING id`,
 				args: [
 					userId,
 					med.name,
 					med.genericName || null,
 					takenByJson,
 					med.inventory?.packCount ?? 1,
 					med.inventory?.blistersPerPack ?? 1,
 					med.inventory?.pillsPerBlister ?? 1,
 					med.inventory?.looseTablets ?? 0,
 					med.pillWeightMg ?? null,
 					med.expiryDate || null,
 					med.notes || null,
 					med.intakeRemindersEnabled ? 1 : 0,
 					usageJson,
 					everyJson,
 					startJson,
 				],
 			});
 			exportIdToNewId.set(med._exportId, result.rows[0].id as number);
 		}
 		// Import dose history
 		for (const dose of importData.doseHistory || []) {
 			const newMedId = exportIdToNewId.get(dose.medicationRef);
 			if (!newMedId) continue;
 			const timestampMs = new Date(dose.scheduledTime).getTime();
 			const doseId = `${newMedId}-${dose.scheduleIndex}-${timestampMs}`;
 			await client.execute({
 				sql: `INSERT INTO dose_tracking (user_id, dose_id, taken_at, marked_by) VALUES (?, ?, ?, ?)`,
 				args: [userId, doseId, Math.floor(new Date(dose.takenAt).getTime() / 1000), dose.markedBy || null],
 			});
 		}
 		// Import settings
 		if (importData.settings) {
 			const s = importData.settings;
 			await client.execute({
 				sql: `INSERT INTO user_settings (
          user_id, email_enabled, notification_email,
          email_stock_reminders, email_intake_reminders,
          shoutrrr_enabled, shoutrrr_url,
          shoutrrr_stock_reminders, shoutrrr_intake_reminders,
          reminder_days_before, repeat_daily_reminders,
          skip_reminders_for_taken_doses, repeat_reminders_enabled,
          reminder_repeat_interval_minutes, max_nagging_reminders,
          low_stock_days, normal_stock_days, high_stock_days,
          language, stock_calculation_mode
        ) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`,
 				args: [
 					userId,
 					s.emailEnabled ? 1 : 0,
 					s.notificationEmail || null,
 					s.emailStockReminders ?? 1,
 					s.emailIntakeReminders ?? 1,
 					s.shoutrrrEnabled ? 1 : 0,
 					s.shoutrrrUrl || null,
 					s.shoutrrrStockReminders ?? 1,
 					s.shoutrrrIntakeReminders ?? 1,
 					s.reminderDaysBefore ?? 7,
 					s.repeatDailyReminders ? 1 : 0,
 					s.skipRemindersForTakenDoses ? 1 : 0,
 					s.repeatRemindersEnabled ? 1 : 0,
 					s.reminderRepeatIntervalMinutes ?? 30,
 					s.maxNaggingReminders ?? 5,
 					s.lowStockDays ?? 30,
 					s.normalStockDays ?? 90,
 					s.highStockDays ?? 180,
 					s.language ?? "en",
 					s.stockCalculationMode ?? "automatic",
 				],
 			});
 		}
 		// Import share links
 		for (const share of importData.shareLinks || []) {
 			const token = randomBytes(8).toString("hex");
 			await client.execute({
 				sql: `INSERT INTO share_tokens (user_id, token, taken_by, schedule_days, expires_at) VALUES (?, ?, ?, ?, ?)`,
 				args: [
 					userId,
 					token,
 					share.takenBy,
 					share.scheduleDays ?? 30,
 					share.expiresAt ? Math.floor(new Date(share.expiresAt).getTime() / 1000) : null,
 				],
 			});
 		}
 		return {
 			success: true,
 			imported: {
 				medications: (importData.medications || []).length,
 				doseHistory: (importData.doseHistory || []).length,
 				settings: importData.settings ? 1 : 0,
 				shareLinks: (importData.shareLinks || []).length,
 			},
 		};
 	});
 }
 // =============================================================================
 // Tests
 // =============================================================================
 describe("Export/Import API", () => {
 	let ctx: TestContext;
 	let userId: number;
 	beforeAll(async () => {
 		ctx = await buildTestApp();
 		await registerExportRoutes(ctx);
 		await ctx.app.ready();
 	});
 	afterAll(async () => {
 		await closeTestApp(ctx);
 	});
 	beforeEach(async () => {
 		await clearTestData(ctx.client);
 		await ctx.client.execute("DELETE FROM sqlite_sequence WHERE name='users'");
 		await ctx.client.execute("DELETE FROM sqlite_sequence WHERE name='medications'");
 		userId = await createTestUser(ctx.client, { username: "testuser" });
 	});
 	// ---------------------------------------------------------------------------
 	// GET /export
 	// ---------------------------------------------------------------------------
 	describe("GET /export", () => {
 		it("should export empty data for new user", async () => {
 			const response = await ctx.app.inject({
 				method: "GET",
 				url: "/export",
 			});
 			expect(response.statusCode).toBe(200);
 			const data = response.json();
 			expect(data.version).toBe("1.0");
 			expect(data.exportedAt).toBeDefined();
 			expect(data.medications).toEqual([]);
 			expect(data.doseHistory).toEqual([]);
 			expect(data.shareLinks).toEqual([]);
 		});
 		it("should export medications with correct format", async () => {
 			const startDate = "2025-01-15T08:00:00.000Z";
 			await createTestMedication(ctx.client, {
 				userId,
 				name: "Aspirin",
 				genericName: "Acetylsalicylic acid",
 				takenBy: ["Daniel", "Maria"],
 				packCount: 2,
 				blistersPerPack: 3,
 				pillsPerBlister: 10,
 				looseTablets: 5,
 				pillWeightMg: 500,
 				expiryDate: "2027-06-30",
 				notes: "Take with food",
 				intakeRemindersEnabled: true,
 				blisters: [
 					{ usage: 1, every: 1, start: startDate },
 					{ usage: 0.5, every: 7, start: startDate },
 				],
 			});
 			const response = await ctx.app.inject({
 				method: "GET",
 				url: "/export",
 			});
 			expect(response.statusCode).toBe(200);
 			const data = response.json();
 			expect(data.medications).toHaveLength(1);
 			const med = data.medications[0];
 			expect(med._exportId).toBe("med-1");
 			expect(med.name).toBe("Aspirin");
 			expect(med.genericName).toBe("Acetylsalicylic acid");
 			expect(med.takenBy).toEqual(["Daniel", "Maria"]);
 			expect(med.inventory).toEqual({
 				packCount: 2,
 				blistersPerPack: 3,
 				pillsPerBlister: 10,
 				looseTablets: 5,
 			});
 			expect(med.pillWeightMg).toBe(500);
 			expect(med.expiryDate).toBe("2027-06-30");
 			expect(med.notes).toBe("Take with food");
 			expect(med.intakeRemindersEnabled).toBe(true);
 			expect(med.schedules).toHaveLength(2);
 			expect(med.schedules[0]).toEqual({
 				usage: 1,
 				every: 1,
 				start: startDate,
 				remind: true,
 			});
 		});
 		it("should export settings", async () => {
 			// Create settings
 			await ctx.client.execute({
 				sql: `INSERT INTO user_settings (
          user_id, email_enabled, notification_email, language, low_stock_days
        ) VALUES (?, 1, 'test@example.com', 'de', 14)`,
 				args: [userId],
 			});
 			const response = await ctx.app.inject({
 				method: "GET",
 				url: "/export",
 			});
 			expect(response.statusCode).toBe(200);
 			const data = response.json();
 			expect(data.settings).toBeDefined();
 			expect(data.settings.emailEnabled).toBe(true);
 			expect(data.settings.notificationEmail).toBe("test@example.com");
 			expect(data.settings.language).toBe("de");
 			expect(data.settings.lowStockDays).toBe(14);
 		});
 		it("should exclude sensitive data by default", async () => {
 			await ctx.client.execute({
 				sql: `INSERT INTO user_settings (
          user_id, shoutrrr_enabled, shoutrrr_url
        ) VALUES (?, 1, 'ntfy://user:pass@ntfy.sh/topic')`,
 				args: [userId],
 			});
 			const response = await ctx.app.inject({
 				method: "GET",
 				url: "/export",
 			});
 			expect(response.statusCode).toBe(200);
 			const data = response.json();
 			expect(data.includeSensitiveData).toBe(false);
 			expect(data.settings.shoutrrrEnabled).toBeUndefined();
 			expect(data.settings.shoutrrrUrl).toBeUndefined();
 		});
 		it("should include sensitive data when requested", async () => {
 			await ctx.client.execute({
 				sql: `INSERT INTO user_settings (
          user_id, shoutrrr_enabled, shoutrrr_url
        ) VALUES (?, 1, 'ntfy://user:pass@ntfy.sh/topic')`,
 				args: [userId],
 			});
 			const response = await ctx.app.inject({
 				method: "GET",
 				url: "/export?includeSensitive=true",
 			});
 			expect(response.statusCode).toBe(200);
 			const data = response.json();
 			expect(data.includeSensitiveData).toBe(true);
 			expect(data.settings.shoutrrrEnabled).toBe(true);
 			expect(data.settings.shoutrrrUrl).toBe("ntfy://user:pass@ntfy.sh/topic");
 		});
 		it("should export dose history with medication references", async () => {
 			const medId = await createTestMedication(ctx.client, {
 				userId,
 				name: "Test Med",
 			});
 			// Create dose tracking entry
 			const timestampMs = Date.now();
 			const doseId = `${medId}-0-${timestampMs}`;
 			await ctx.client.execute({
 				sql: `INSERT INTO dose_tracking (user_id, dose_id, taken_at) VALUES (?, ?, ?)`,
 				args: [userId, doseId, Math.floor(Date.now() / 1000)],
 			});
 			const response = await ctx.app.inject({
 				method: "GET",
 				url: "/export",
 			});
 			expect(response.statusCode).toBe(200);
 			const data = response.json();
 			expect(data.doseHistory).toHaveLength(1);
 			expect(data.doseHistory[0].medicationRef).toBe("med-1");
 			expect(data.doseHistory[0].scheduleIndex).toBe(0);
 			expect(data.doseHistory[0].scheduledTime).toBeDefined();
 			expect(data.doseHistory[0].takenAt).toBeDefined();
 		});
 		it("should export share links", async () => {
 			await ctx.client.execute({
 				sql: `INSERT INTO share_tokens (user_id, token, taken_by, schedule_days) VALUES (?, ?, ?, ?)`,
 				args: [userId, "abc123", "Daniel", 30],
 			});
 			const response = await ctx.app.inject({
 				method: "GET",
 				url: "/export",
 			});
 			expect(response.statusCode).toBe(200);
 			const data = response.json();
 			expect(data.shareLinks).toHaveLength(1);
 			expect(data.shareLinks[0].takenBy).toBe("Daniel");
 			expect(data.shareLinks[0].scheduleDays).toBe(30);
 			expect(data.shareLinks[0].regenerateToken).toBe(true);
 		});
 	});
 	// ---------------------------------------------------------------------------
 	// POST /import
 	// ---------------------------------------------------------------------------
 	describe("POST /import", () => {
 		it("should import medications", async () => {
 			const importData = {
 				version: "1.0",
 				exportedAt: new Date().toISOString(),
 				medications: [
 					{
 						_exportId: "med-1",
 						name: "Imported Med",
 						genericName: "Generic",
 						takenBy: ["Alice"],
 						inventory: {
 							packCount: 2,
 							blistersPerPack: 3,
 							pillsPerBlister: 10,
 							looseTablets: 5,
 						},
 						pillWeightMg: 250,
 						schedules: [{ usage: 1, every: 1, start: "2025-01-15T08:00:00.000Z", remind: true }],
 						expiryDate: "2027-12-31",
 						notes: "Test notes",
 						intakeRemindersEnabled: true,
 					},
 				],
 				doseHistory: [],
 				shareLinks: [],
 			};
 			const response = await ctx.app.inject({
 				method: "POST",
 				url: "/import",
 				payload: importData,
 			});
 			expect(response.statusCode).toBe(200);
 			expect(response.json().success).toBe(true);
 			expect(response.json().imported.medications).toBe(1);
 			// Verify in database
 			const result = await ctx.client.execute({
 				sql: `SELECT * FROM medications WHERE user_id = ?`,
 				args: [userId],
 			});
 			expect(result.rows).toHaveLength(1);
 			expect(result.rows[0].name).toBe("Imported Med");
 			expect(result.rows[0].generic_name).toBe("Generic");
 			expect(result.rows[0].pack_count).toBe(2);
 			expect(result.rows[0].blisters_per_pack).toBe(3);
 			expect(result.rows[0].pills_per_blister).toBe(10);
 			expect(result.rows[0].loose_tablets).toBe(5);
 		});
 		it("should replace existing data on import", async () => {
 			// Create existing medication
 			await createTestMedication(ctx.client, {
 				userId,
 				name: "Existing Med",
 			});
 			const importData = {
 				version: "1.0",
 				exportedAt: new Date().toISOString(),
 				medications: [
 					{
 						_exportId: "med-1",
 						name: "New Med",
 						schedules: [{ usage: 1, every: 1, start: "2025-01-15T08:00:00.000Z" }],
 					},
 				],
 				doseHistory: [],
 				shareLinks: [],
 			};
 			await ctx.app.inject({
 				method: "POST",
 				url: "/import",
 				payload: importData,
 			});
 			// Verify old med deleted, new one exists
 			const result = await ctx.client.execute({
 				sql: `SELECT * FROM medications WHERE user_id = ?`,
 				args: [userId],
 			});
 			expect(result.rows).toHaveLength(1);
 			expect(result.rows[0].name).toBe("New Med");
 		});
 		it("should import dose history with remapped IDs", async () => {
 			const importData = {
 				version: "1.0",
 				exportedAt: new Date().toISOString(),
 				medications: [
 					{
 						_exportId: "med-1",
 						name: "Med 1",
 						schedules: [{ usage: 1, every: 1, start: "2025-01-15T08:00:00.000Z" }],
 					},
 				],
 				doseHistory: [
 					{
 						medicationRef: "med-1",
 						scheduleIndex: 0,
 						scheduledTime: "2025-01-15T08:00:00.000Z",
 						takenAt: "2025-01-15T08:15:00.000Z",
 						markedBy: null,
 					},
 				],
 				shareLinks: [],
 			};
 			await ctx.app.inject({
 				method: "POST",
 				url: "/import",
 				payload: importData,
 			});
 			// Verify dose tracking
 			const doses = await ctx.client.execute({
 				sql: `SELECT * FROM dose_tracking WHERE user_id = ?`,
 				args: [userId],
 			});
 			expect(doses.rows).toHaveLength(1);
 			// Dose ID should contain the NEW medication ID
 			const doseId = doses.rows[0].dose_id as string;
 			expect(doseId).toMatch(/^\d+-0-\d+$/);
 		});
 		it("should import settings", async () => {
 			const importData = {
 				version: "1.0",
 				exportedAt: new Date().toISOString(),
 				medications: [],
 				doseHistory: [],
 				settings: {
 					emailEnabled: true,
 					notificationEmail: "imported@example.com",
 					language: "de",
 					lowStockDays: 14,
 					normalStockDays: 60,
 					highStockDays: 120,
 				},
 				shareLinks: [],
 			};
 			await ctx.app.inject({
 				method: "POST",
 				url: "/import",
 				payload: importData,
 			});
 			// Verify settings
 			const settings = await ctx.client.execute({
 				sql: `SELECT * FROM user_settings WHERE user_id = ?`,
 				args: [userId],
 			});
 			expect(settings.rows).toHaveLength(1);
 			expect(settings.rows[0].email_enabled).toBe(1);
 			expect(settings.rows[0].notification_email).toBe("imported@example.com");
 			expect(settings.rows[0].language).toBe("de");
 			expect(settings.rows[0].low_stock_days).toBe(14);
 		});
 		it("should import share links with new tokens", async () => {
 			const importData = {
 				version: "1.0",
 				exportedAt: new Date().toISOString(),
 				medications: [],
 				doseHistory: [],
 				shareLinks: [
 					{
 						takenBy: "Daniel",
 						scheduleDays: 60,
 						regenerateToken: true,
 					},
 				],
 			};
 			await ctx.app.inject({
 				method: "POST",
 				url: "/import",
 				payload: importData,
 			});
 			// Verify share token
 			const shares = await ctx.client.execute({
 				sql: `SELECT * FROM share_tokens WHERE user_id = ?`,
 				args: [userId],
 			});
 			expect(shares.rows).toHaveLength(1);
 			expect(shares.rows[0].taken_by).toBe("Daniel");
 			expect(shares.rows[0].schedule_days).toBe(60);
 			expect(shares.rows[0].token).toBeDefined();
 			expect((shares.rows[0].token as string).length).toBe(16); // 8 bytes = 16 hex chars
 		});
 		it("should reject invalid import data", async () => {
 			const response = await ctx.app.inject({
 				method: "POST",
 				url: "/import",
 				payload: { invalid: "data" },
 			});
 			expect(response.statusCode).toBe(400);
 			expect(response.json().error).toBe("Invalid import data format");
 		});
 	});
 	// ---------------------------------------------------------------------------
 	// Export/Import Roundtrip Tests
 	// ---------------------------------------------------------------------------
 	describe("Export/Import Roundtrip", () => {
 		it("should preserve all data through export/import cycle", async () => {
 			// Setup: Create medications, doses, settings, shares
 			const startDate = "2025-01-15T08:00:00.000Z";
 			const medId = await createTestMedication(ctx.client, {
 				userId,
 				name: "Roundtrip Med",
 				genericName: "Generic Name",
 				takenBy: ["Daniel", "Maria"],
 				packCount: 2,
 				blistersPerPack: 3,
 				pillsPerBlister: 10,
 				looseTablets: 5,
 				pillWeightMg: 500,
 				expiryDate: "2027-06-30",
 				notes: "Test notes",
 				intakeRemindersEnabled: true,
 				blisters: [
 					{ usage: 1, every: 1, start: startDate },
 					{ usage: 0.5, every: 7, start: startDate },
 				],
 			});
 			// Create dose
 			const timestampMs = new Date(startDate).getTime();
 			const doseId = `${medId}-0-${timestampMs}`;
 			await ctx.client.execute({
 				sql: `INSERT INTO dose_tracking (user_id, dose_id, taken_at, marked_by) VALUES (?, ?, ?, ?)`,
 				args: [userId, doseId, Math.floor(Date.now() / 1000), "Daniel"],
 			});
 			// Create settings
 			await ctx.client.execute({
 				sql: `INSERT INTO user_settings (user_id, email_enabled, notification_email, language, low_stock_days) VALUES (?, 1, 'test@example.com', 'de', 14)`,
 				args: [userId],
 			});
 			// Create share
 			await ctx.client.execute({
 				sql: `INSERT INTO share_tokens (user_id, token, taken_by, schedule_days) VALUES (?, ?, ?, ?)`,
 				args: [userId, "original123", "Daniel", 60],
 			});
 			// Export
 			const exportResponse = await ctx.app.inject({
 				method: "GET",
 				url: "/export",
 			});
 			expect(exportResponse.statusCode).toBe(200);
 			const exportData = exportResponse.json();
 			// Import (this replaces all data)
 			const importResponse = await ctx.app.inject({
 				method: "POST",
 				url: "/import",
 				payload: exportData,
 			});
 			expect(importResponse.statusCode).toBe(200);
 			// Export again and compare
 			const reExportResponse = await ctx.app.inject({
 				method: "GET",
 				url: "/export",
 			});
 			const reExportData = reExportResponse.json();
 			// Compare (excluding timestamps and IDs that change)
 			expect(reExportData.medications).toHaveLength(1);
 			expect(reExportData.medications[0].name).toBe("Roundtrip Med");
 			expect(reExportData.medications[0].genericName).toBe("Generic Name");
 			expect(reExportData.medications[0].takenBy).toEqual(["Daniel", "Maria"]);
 			expect(reExportData.medications[0].inventory).toEqual({
 				packCount: 2,
 				blistersPerPack: 3,
 				pillsPerBlister: 10,
 				looseTablets: 5,
 			});
 			expect(reExportData.medications[0].schedules).toHaveLength(2);
 			expect(reExportData.doseHistory).toHaveLength(1);
 			expect(reExportData.doseHistory[0].markedBy).toBe("Daniel");
 			expect(reExportData.settings.emailEnabled).toBe(true);
 			expect(reExportData.settings.notificationEmail).toBe("test@example.com");
 			expect(reExportData.settings.language).toBe("de");
 			expect(reExportData.shareLinks).toHaveLength(1);
 			expect(reExportData.shareLinks[0].takenBy).toBe("Daniel");
 		});
 		it("should handle import with different schema (backward compatibility)", async () => {
 			// Simulate import from older version without some fields
 			const importData = {
 				version: "1.0",
 				exportedAt: new Date().toISOString(),
 				medications: [
 					{
 						_exportId: "med-1",
 						name: "Legacy Med",
 						// Missing: genericName, takenBy, pillWeightMg, etc.
 						inventory: {
 							packCount: 1,
 							blistersPerPack: 1,
 							pillsPerBlister: 10,
 							looseTablets: 0,
 						},
 						schedules: [{ usage: 1, every: 1, start: "2025-01-15T08:00:00.000Z" }],
 					},
 				],
 				doseHistory: [],
 				// Missing: settings, shareLinks
 			};
 			const response = await ctx.app.inject({
 				method: "POST",
 				url: "/import",
 				payload: importData,
 			});
 			expect(response.statusCode).toBe(200);
 			expect(response.json().success).toBe(true);
 			// Verify defaults were applied
 			const result = await ctx.client.execute({
 				sql: `SELECT * FROM medications WHERE user_id = ?`,
 				args: [userId],
 			});
 			expect(result.rows[0].name).toBe("Legacy Med");
 			expect(result.rows[0].generic_name).toBeNull();
 			expect(result.rows[0].taken_by_json).toBe("[]");
 		});
 	});
 });
@@ -0,0 +1,671 @@
 /**
 * Tests for /medications API endpoints.
 * Tests CRUD operations for medications.
 */
 import { afterAll, beforeAll, beforeEach, describe, expect, it } from "vitest";
 import {
 	buildTestApp,
 	clearTestData,
 	closeTestApp,
 	createTestMedication,
 	createTestUser,
 	type TestContext,
 } from "./setup.js";
 // =============================================================================
 // Route Registration
 // =============================================================================
 async function registerMedicationRoutes(ctx: TestContext) {
 	const { app, client } = ctx;
 	// GET /medications - List all medications
 	app.get("/medications", async (_request, _reply) => {
 		const userId = 1;
 		const result = await client.execute({
 			sql: `SELECT * FROM medications WHERE user_id = ? ORDER BY name`,
 			args: [userId],
 		});
 		return result.rows.map((m) => ({
 			id: m.id,
 			name: m.name,
 			genericName: m.generic_name,
 			takenBy: JSON.parse((m.taken_by_json as string) || "[]"),
 			packCount: m.pack_count,
 			blistersPerPack: m.blisters_per_pack,
 			pillsPerBlister: m.pills_per_blister,
 			looseTablets: m.loose_tablets,
 			pillWeightMg: m.pill_weight_mg,
 			imageUrl: m.image_url,
 			expiryDate: m.expiry_date,
 			notes: m.notes,
 			intakeRemindersEnabled: Boolean(m.intake_reminders_enabled),
 			blisters: (() => {
 				const usage: number[] = JSON.parse((m.usage_json as string) || "[]");
 				const every: number[] = JSON.parse((m.every_json as string) || "[]");
 				const start: string[] = JSON.parse((m.start_json as string) || "[]");
 				return usage.map((u, i) => ({
 					usage: u,
 					every: every[i] || 1,
 					start: start[i] || new Date().toISOString(),
 				}));
 			})(),
 		}));
 	});
 	// POST /medications - Create medication
 	app.post<{
 		Body: {
 			name: string;
 			genericName?: string;
 			takenBy?: string[];
 			packCount?: number;
 			blistersPerPack?: number;
 			pillsPerBlister?: number;
 			looseTablets?: number;
 			pillWeightMg?: number;
 			expiryDate?: string;
 			notes?: string;
 			intakeRemindersEnabled?: boolean;
 			blisters: Array<{ usage: number; every: number; start: string }>;
 		};
 	}>("/medications", async (request, reply) => {
 		const userId = 1;
 		const body = request.body || {};
 		// Validation
 		if (!body.name || body.name.length === 0) {
 			return reply.status(400).send({ error: "Name is required" });
 		}
 		if (body.name.length > 100) {
 			return reply.status(400).send({ error: "Name must be 100 characters or less" });
 		}
 		if (!body.blisters || body.blisters.length === 0) {
 			return reply.status(400).send({ error: "At least one intake schedule is required" });
 		}
 		if (body.blisters.length > 12) {
 			return reply.status(400).send({ error: "Maximum 12 intake schedules allowed" });
 		}
 		const usageJson = JSON.stringify(body.blisters.map((b) => b.usage));
 		const everyJson = JSON.stringify(body.blisters.map((b) => b.every));
 		const startJson = JSON.stringify(body.blisters.map((b) => b.start));
 		const takenByJson = JSON.stringify(body.takenBy || []);
 		const result = await client.execute({
 			sql: `INSERT INTO medications (
        user_id, name, generic_name, taken_by_json,
        pack_count, blisters_per_pack, pills_per_blister, loose_tablets,
        pill_weight_mg, expiry_date, notes, intake_reminders_enabled,
        usage_json, every_json, start_json
      ) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?) RETURNING id`,
 			args: [
 				userId,
 				body.name,
 				body.genericName || null,
 				takenByJson,
 				body.packCount ?? 1,
 				body.blistersPerPack ?? 1,
 				body.pillsPerBlister ?? 1,
 				body.looseTablets ?? 0,
 				body.pillWeightMg ?? null,
 				body.expiryDate || null,
 				body.notes || null,
 				body.intakeRemindersEnabled ? 1 : 0,
 				usageJson,
 				everyJson,
 				startJson,
 			],
 		});
 		return { id: result.rows[0].id, success: true };
 	});
 	// PUT /medications/:id - Update medication
 	app.put<{
 		Params: { id: string };
 		Body: {
 			name: string;
 			genericName?: string;
 			takenBy?: string[];
 			packCount?: number;
 			blistersPerPack?: number;
 			pillsPerBlister?: number;
 			looseTablets?: number;
 			pillWeightMg?: number;
 			expiryDate?: string;
 			notes?: string;
 			intakeRemindersEnabled?: boolean;
 			blisters: Array<{ usage: number; every: number; start: string }>;
 		};
 	}>("/medications/:id", async (request, reply) => {
 		const userId = 1;
 		const medId = parseInt(request.params.id, 10);
 		const body = request.body || {};
 		// Check ownership
 		const existing = await client.execute({
 			sql: `SELECT id FROM medications WHERE id = ? AND user_id = ?`,
 			args: [medId, userId],
 		});
 		if (existing.rows.length === 0) {
 			return reply.status(404).send({ error: "Medication not found" });
 		}
 		// Validation
 		if (!body.name || body.name.length === 0) {
 			return reply.status(400).send({ error: "Name is required" });
 		}
 		if (!body.blisters || body.blisters.length === 0) {
 			return reply.status(400).send({ error: "At least one intake schedule is required" });
 		}
 		const usageJson = JSON.stringify(body.blisters.map((b) => b.usage));
 		const everyJson = JSON.stringify(body.blisters.map((b) => b.every));
 		const startJson = JSON.stringify(body.blisters.map((b) => b.start));
 		const takenByJson = JSON.stringify(body.takenBy || []);
 		await client.execute({
 			sql: `UPDATE medications SET
        name = ?, generic_name = ?, taken_by_json = ?,
        pack_count = ?, blisters_per_pack = ?, pills_per_blister = ?, loose_tablets = ?,
        pill_weight_mg = ?, expiry_date = ?, notes = ?, intake_reminders_enabled = ?,
        usage_json = ?, every_json = ?, start_json = ?,
        updated_at = strftime('%s','now')
      WHERE id = ? AND user_id = ?`,
 			args: [
 				body.name,
 				body.genericName || null,
 				takenByJson,
 				body.packCount ?? 1,
 				body.blistersPerPack ?? 1,
 				body.pillsPerBlister ?? 1,
 				body.looseTablets ?? 0,
 				body.pillWeightMg ?? null,
 				body.expiryDate || null,
 				body.notes || null,
 				body.intakeRemindersEnabled ? 1 : 0,
 				usageJson,
 				everyJson,
 				startJson,
 				medId,
 				userId,
 			],
 		});
 		return { success: true };
 	});
 	// DELETE /medications/:id - Delete medication
 	app.delete<{ Params: { id: string } }>("/medications/:id", async (request, reply) => {
 		const userId = 1;
 		const medId = parseInt(request.params.id, 10);
 		// Check ownership
 		const existing = await client.execute({
 			sql: `SELECT id FROM medications WHERE id = ? AND user_id = ?`,
 			args: [medId, userId],
 		});
 		if (existing.rows.length === 0) {
 			return reply.status(404).send({ error: "Medication not found" });
 		}
 		await client.execute({
 			sql: `DELETE FROM medications WHERE id = ? AND user_id = ?`,
 			args: [medId, userId],
 		});
 		return { success: true };
 	});
 	// GET /medications/:id - Get single medication
 	app.get<{ Params: { id: string } }>("/medications/:id", async (request, reply) => {
 		const userId = 1;
 		const medId = parseInt(request.params.id, 10);
 		const result = await client.execute({
 			sql: `SELECT * FROM medications WHERE id = ? AND user_id = ?`,
 			args: [medId, userId],
 		});
 		if (result.rows.length === 0) {
 			return reply.status(404).send({ error: "Medication not found" });
 		}
 		const m = result.rows[0];
 		return {
 			id: m.id,
 			name: m.name,
 			genericName: m.generic_name,
 			takenBy: JSON.parse((m.taken_by_json as string) || "[]"),
 			packCount: m.pack_count,
 			blistersPerPack: m.blisters_per_pack,
 			pillsPerBlister: m.pills_per_blister,
 			looseTablets: m.loose_tablets,
 			pillWeightMg: m.pill_weight_mg,
 			imageUrl: m.image_url,
 			expiryDate: m.expiry_date,
 			notes: m.notes,
 			intakeRemindersEnabled: Boolean(m.intake_reminders_enabled),
 			blisters: (() => {
 				const usage: number[] = JSON.parse((m.usage_json as string) || "[]");
 				const every: number[] = JSON.parse((m.every_json as string) || "[]");
 				const start: string[] = JSON.parse((m.start_json as string) || "[]");
 				return usage.map((u, i) => ({
 					usage: u,
 					every: every[i] || 1,
 					start: start[i] || new Date().toISOString(),
 				}));
 			})(),
 		};
 	});
 }
 // =============================================================================
 // Tests
 // =============================================================================
 describe("Medications API", () => {
 	let ctx: TestContext;
 	let userId: number;
 	beforeAll(async () => {
 		ctx = await buildTestApp();
 		await registerMedicationRoutes(ctx);
 		await ctx.app.ready();
 	});
 	afterAll(async () => {
 		await closeTestApp(ctx);
 	});
 	beforeEach(async () => {
 		await clearTestData(ctx.client);
 		await ctx.client.execute("DELETE FROM sqlite_sequence WHERE name='users'");
 		await ctx.client.execute("DELETE FROM sqlite_sequence WHERE name='medications'");
 		userId = await createTestUser(ctx.client, { username: "testuser" });
 	});
 	// ---------------------------------------------------------------------------
 	// GET /medications
 	// ---------------------------------------------------------------------------
 	describe("GET /medications", () => {
 		it("should return empty array when no medications", async () => {
 			const response = await ctx.app.inject({
 				method: "GET",
 				url: "/medications",
 			});
 			expect(response.statusCode).toBe(200);
 			expect(response.json()).toEqual([]);
 		});
 		it("should return list of medications", async () => {
 			await createTestMedication(ctx.client, {
 				userId,
 				name: "Aspirin",
 				genericName: "Acetylsalicylic acid",
 				takenBy: ["Daniel"],
 				packCount: 2,
 				pillsPerBlister: 10,
 			});
 			await createTestMedication(ctx.client, {
 				userId,
 				name: "Ibuprofen",
 			});
 			const response = await ctx.app.inject({
 				method: "GET",
 				url: "/medications",
 			});
 			expect(response.statusCode).toBe(200);
 			const data = response.json();
 			expect(data).toHaveLength(2);
 			// Sorted by name
 			expect(data[0].name).toBe("Aspirin");
 			expect(data[0].genericName).toBe("Acetylsalicylic acid");
 			expect(data[0].takenBy).toEqual(["Daniel"]);
 			expect(data[1].name).toBe("Ibuprofen");
 		});
 		it("should return medication with all fields", async () => {
 			const startDate = "2025-01-01T08:00:00.000Z";
 			await createTestMedication(ctx.client, {
 				userId,
 				name: "Test Med",
 				genericName: "Generic Name",
 				takenBy: ["Person1", "Person2"],
 				packCount: 3,
 				blistersPerPack: 2,
 				pillsPerBlister: 14,
 				looseTablets: 5,
 				pillWeightMg: 500,
 				blisters: [
 					{ usage: 1, every: 1, start: startDate },
 					{ usage: 2, every: 2, start: startDate },
 				],
 			});
 			const response = await ctx.app.inject({
 				method: "GET",
 				url: "/medications",
 			});
 			expect(response.statusCode).toBe(200);
 			const [med] = response.json();
 			expect(med.name).toBe("Test Med");
 			expect(med.genericName).toBe("Generic Name");
 			expect(med.takenBy).toEqual(["Person1", "Person2"]);
 			expect(med.packCount).toBe(3);
 			expect(med.blistersPerPack).toBe(2);
 			expect(med.pillsPerBlister).toBe(14);
 			expect(med.looseTablets).toBe(5);
 			expect(med.pillWeightMg).toBe(500);
 			expect(med.blisters).toHaveLength(2);
 			expect(med.blisters[0]).toEqual({ usage: 1, every: 1, start: startDate });
 			expect(med.blisters[1]).toEqual({ usage: 2, every: 2, start: startDate });
 		});
 	});
 	// ---------------------------------------------------------------------------
 	// POST /medications
 	// ---------------------------------------------------------------------------
 	describe("POST /medications", () => {
 		it("should create a medication", async () => {
 			const response = await ctx.app.inject({
 				method: "POST",
 				url: "/medications",
 				payload: {
 					name: "New Med",
 					blisters: [{ usage: 1, every: 1, start: "2025-01-01T08:00:00.000Z" }],
 				},
 			});
 			expect(response.statusCode).toBe(200);
 			const data = response.json();
 			expect(data.success).toBe(true);
 			expect(data.id).toBeDefined();
 			// Verify in database
 			const result = await ctx.client.execute({
 				sql: `SELECT name FROM medications WHERE id = ?`,
 				args: [data.id],
 			});
 			expect(result.rows[0].name).toBe("New Med");
 		});
 		it("should create medication with all fields", async () => {
 			const response = await ctx.app.inject({
 				method: "POST",
 				url: "/medications",
 				payload: {
 					name: "Full Med",
 					genericName: "Generic",
 					takenBy: ["Alice", "Bob"],
 					packCount: 2,
 					blistersPerPack: 3,
 					pillsPerBlister: 10,
 					looseTablets: 5,
 					pillWeightMg: 250,
 					expiryDate: "2026-12-31",
 					notes: "Take with food",
 					intakeRemindersEnabled: true,
 					blisters: [
 						{ usage: 1, every: 1, start: "2025-01-01T08:00:00.000Z" },
 						{ usage: 2, every: 1, start: "2025-01-01T20:00:00.000Z" },
 					],
 				},
 			});
 			expect(response.statusCode).toBe(200);
 			// Verify
 			const medId = response.json().id;
 			const result = await ctx.client.execute({
 				sql: `SELECT * FROM medications WHERE id = ?`,
 				args: [medId],
 			});
 			const med = result.rows[0];
 			expect(med.name).toBe("Full Med");
 			expect(med.generic_name).toBe("Generic");
 			expect(JSON.parse(med.taken_by_json as string)).toEqual(["Alice", "Bob"]);
 			expect(med.pack_count).toBe(2);
 			expect(med.blisters_per_pack).toBe(3);
 			expect(med.pills_per_blister).toBe(10);
 			expect(med.loose_tablets).toBe(5);
 			expect(med.pill_weight_mg).toBe(250);
 			expect(med.expiry_date).toBe("2026-12-31");
 			expect(med.notes).toBe("Take with food");
 			expect(med.intake_reminders_enabled).toBe(1);
 		});
 		it("should reject request without name", async () => {
 			const response = await ctx.app.inject({
 				method: "POST",
 				url: "/medications",
 				payload: {
 					blisters: [{ usage: 1, every: 1, start: "2025-01-01T08:00:00.000Z" }],
 				},
 			});
 			expect(response.statusCode).toBe(400);
 			expect(response.json().error).toBe("Name is required");
 		});
 		it("should reject request without blisters", async () => {
 			const response = await ctx.app.inject({
 				method: "POST",
 				url: "/medications",
 				payload: {
 					name: "Test",
 					blisters: [],
 				},
 			});
 			expect(response.statusCode).toBe(400);
 			expect(response.json().error).toBe("At least one intake schedule is required");
 		});
 		it("should reject name over 100 characters", async () => {
 			const response = await ctx.app.inject({
 				method: "POST",
 				url: "/medications",
 				payload: {
 					name: "A".repeat(101),
 					blisters: [{ usage: 1, every: 1, start: "2025-01-01T08:00:00.000Z" }],
 				},
 			});
 			expect(response.statusCode).toBe(400);
 			expect(response.json().error).toBe("Name must be 100 characters or less");
 		});
 		it("should reject more than 12 blisters", async () => {
 			const response = await ctx.app.inject({
 				method: "POST",
 				url: "/medications",
 				payload: {
 					name: "Test",
 					blisters: Array(13).fill({ usage: 1, every: 1, start: "2025-01-01T08:00:00.000Z" }),
 				},
 			});
 			expect(response.statusCode).toBe(400);
 			expect(response.json().error).toBe("Maximum 12 intake schedules allowed");
 		});
 	});
 	// ---------------------------------------------------------------------------
 	// PUT /medications/:id
 	// ---------------------------------------------------------------------------
 	describe("PUT /medications/:id", () => {
 		it("should update a medication", async () => {
 			const medId = await createTestMedication(ctx.client, {
 				userId,
 				name: "Old Name",
 			});
 			const response = await ctx.app.inject({
 				method: "PUT",
 				url: `/medications/${medId}`,
 				payload: {
 					name: "New Name",
 					blisters: [{ usage: 2, every: 1, start: "2025-01-01T08:00:00.000Z" }],
 				},
 			});
 			expect(response.statusCode).toBe(200);
 			expect(response.json()).toEqual({ success: true });
 			// Verify
 			const result = await ctx.client.execute({
 				sql: `SELECT name, usage_json FROM medications WHERE id = ?`,
 				args: [medId],
 			});
 			expect(result.rows[0].name).toBe("New Name");
 			expect(JSON.parse(result.rows[0].usage_json as string)).toEqual([2]);
 		});
 		it("should return 404 for non-existent medication", async () => {
 			const response = await ctx.app.inject({
 				method: "PUT",
 				url: "/medications/99999",
 				payload: {
 					name: "Test",
 					blisters: [{ usage: 1, every: 1, start: "2025-01-01T08:00:00.000Z" }],
 				},
 			});
 			expect(response.statusCode).toBe(404);
 			expect(response.json().error).toBe("Medication not found");
 		});
 		it("should not update medication of another user", async () => {
 			// Create another user
 			const otherUserId = await createTestUser(ctx.client, { username: "other" });
 			const medId = await createTestMedication(ctx.client, {
 				userId: otherUserId,
 				name: "Other Med",
 			});
 			const response = await ctx.app.inject({
 				method: "PUT",
 				url: `/medications/${medId}`,
 				payload: {
 					name: "Hacked",
 					blisters: [{ usage: 1, every: 1, start: "2025-01-01T08:00:00.000Z" }],
 				},
 			});
 			expect(response.statusCode).toBe(404);
 		});
 	});
 	// ---------------------------------------------------------------------------
 	// DELETE /medications/:id
 	// ---------------------------------------------------------------------------
 	describe("DELETE /medications/:id", () => {
 		it("should delete a medication", async () => {
 			const medId = await createTestMedication(ctx.client, {
 				userId,
 				name: "To Delete",
 			});
 			const response = await ctx.app.inject({
 				method: "DELETE",
 				url: `/medications/${medId}`,
 			});
 			expect(response.statusCode).toBe(200);
 			expect(response.json()).toEqual({ success: true });
 			// Verify deleted
 			const result = await ctx.client.execute({
 				sql: `SELECT COUNT(*) as count FROM medications WHERE id = ?`,
 				args: [medId],
 			});
 			expect(result.rows[0].count).toBe(0);
 		});
 		it("should return 404 for non-existent medication", async () => {
 			const response = await ctx.app.inject({
 				method: "DELETE",
 				url: "/medications/99999",
 			});
 			expect(response.statusCode).toBe(404);
 		});
 	});
 	// ---------------------------------------------------------------------------
 	// GET /medications/:id
 	// ---------------------------------------------------------------------------
 	describe("GET /medications/:id", () => {
 		it("should return single medication", async () => {
 			const medId = await createTestMedication(ctx.client, {
 				userId,
 				name: "Single Med",
 				genericName: "Generic",
 				takenBy: ["Daniel"],
 			});
 			const response = await ctx.app.inject({
 				method: "GET",
 				url: `/medications/${medId}`,
 			});
 			expect(response.statusCode).toBe(200);
 			const data = response.json();
 			expect(data.id).toBe(medId);
 			expect(data.name).toBe("Single Med");
 			expect(data.genericName).toBe("Generic");
 			expect(data.takenBy).toEqual(["Daniel"]);
 		});
 		it("should return 404 for non-existent medication", async () => {
 			const response = await ctx.app.inject({
 				method: "GET",
 				url: "/medications/99999",
 			});
 			expect(response.statusCode).toBe(404);
 		});
 	});
 	// ---------------------------------------------------------------------------
 	// Stock Calculation Tests
 	// ---------------------------------------------------------------------------
 	describe("Stock Calculation", () => {
 		it("should calculate total pills correctly", async () => {
 			await createTestMedication(ctx.client, {
 				userId,
 				name: "Stock Test",
 				packCount: 2,
 				blistersPerPack: 3,
 				pillsPerBlister: 10,
 				looseTablets: 5,
 			});
 			const response = await ctx.app.inject({
 				method: "GET",
 				url: "/medications",
 			});
 			const [med] = response.json();
 			// Total = (2 packs × 3 blisters × 10 pills) + 5 loose = 65
 			const totalPills = med.packCount * med.blistersPerPack * med.pillsPerBlister + med.looseTablets;
 			expect(totalPills).toBe(65);
 		});
 	});
 });
@@ -0,0 +1,702 @@
 import type { Client } from "@libsql/client";
 import Fastify, { type FastifyInstance } from "fastify";
 import { afterAll, beforeAll, beforeEach, describe, expect, it, vi } from "vitest";
 // Create test database and mocks before anything else (hoisted)
 const {
 	testClient,
 	testDb,
 	mockSendMail,
 	mockSendShoutrrr,
 	mockUpdateReminderSentTime,
 	mockUpdateUserReminderSentTime,
 } = vi.hoisted(() => {
 	const { createClient } = require("@libsql/client");
 	const { drizzle } = require("drizzle-orm/libsql");
 	const client = createClient({ url: ":memory:" });
 	const db = drizzle(client);
 	return {
 		testClient: client,
 		testDb: db,
 		mockSendMail: vi.fn(),
 		mockSendShoutrrr: vi.fn(),
 		mockUpdateReminderSentTime: vi.fn(),
 		mockUpdateUserReminderSentTime: vi.fn(),
 	};
 });
 // Mock nodemailer
 vi.mock("nodemailer", () => ({
 	default: {
 		createTransport: vi.fn(() => ({
 			sendMail: mockSendMail,
 		})),
 	},
 }));
 // Mock the db module
 vi.mock("../db/client.js", () => ({
 	db: testDb,
 	migrationsReady: Promise.resolve(),
 }));
 // Mock env to disable auth
 vi.mock("../plugins/env.js", () => ({
 	env: {
 		AUTH_ENABLED: false,
 		JWT_SECRET: "test-secret-key-for-testing",
 		JWT_REFRESH_SECRET: "test-refresh-secret-key",
 	},
 }));
 // Mock auth plugin
 vi.mock("../plugins/auth.js", () => ({
 	requireAuth: async () => {},
 	getAnonymousUserId: () => 999999999,
 }));
 // Mock reminder-scheduler
 vi.mock("../services/reminder-scheduler.js", () => ({
 	updateReminderSentTime: mockUpdateReminderSentTime,
 	updateUserReminderSentTime: mockUpdateUserReminderSentTime,
 }));
 // Mock sendShoutrrrNotification from settings
 vi.mock("../routes/settings.js", async (importOriginal) => {
 	const original = (await importOriginal()) as any;
 	return {
 		...original,
 		sendShoutrrrNotification: mockSendShoutrrr,
 	};
 });
 import { plannerRoutes } from "../routes/planner.js";
 // =============================================================================
 // Test Setup
 // =============================================================================
 async function createSchema(client: Client) {
 	const tableCreations = [
 		`CREATE TABLE IF NOT EXISTS users (
      id integer PRIMARY KEY AUTOINCREMENT,
      username text NOT NULL UNIQUE,
      password_hash text,
      auth_provider text NOT NULL DEFAULT 'local',
      is_active integer NOT NULL DEFAULT 1,
      created_at integer NOT NULL DEFAULT (strftime('%s','now')),
      updated_at integer NOT NULL DEFAULT (strftime('%s','now'))
    )`,
 		`CREATE TABLE IF NOT EXISTS user_settings (
      id integer PRIMARY KEY AUTOINCREMENT,
      user_id integer NOT NULL UNIQUE,
      email_enabled integer NOT NULL DEFAULT 0,
      notification_email text,
      email_stock_reminders integer NOT NULL DEFAULT 1,
      email_intake_reminders integer NOT NULL DEFAULT 1,
      shoutrrr_enabled integer NOT NULL DEFAULT 0,
      shoutrrr_url text,
      shoutrrr_stock_reminders integer NOT NULL DEFAULT 1,
      shoutrrr_intake_reminders integer NOT NULL DEFAULT 1,
      reminder_days_before integer NOT NULL DEFAULT 7,
      repeat_daily_reminders integer NOT NULL DEFAULT 0,
      skip_reminders_for_taken_doses integer NOT NULL DEFAULT 0,
      repeat_reminders_enabled integer NOT NULL DEFAULT 0,
      reminder_repeat_interval_minutes integer NOT NULL DEFAULT 30,
      max_nagging_reminders integer NOT NULL DEFAULT 5,
      low_stock_days integer NOT NULL DEFAULT 30,
      normal_stock_days integer NOT NULL DEFAULT 90,
      high_stock_days integer NOT NULL DEFAULT 180,
      expiry_warning_days integer NOT NULL DEFAULT 90,
      language text NOT NULL DEFAULT 'en',
      stock_calculation_mode text NOT NULL DEFAULT 'automatic',
      last_auto_email_sent text,
      last_notification_type text,
      last_notification_channel text,
      last_reminder_med_name text,
      last_reminder_taken_by text,
      updated_at integer NOT NULL DEFAULT (strftime('%s','now')),
      FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE
    )`,
 	];
 	for (const sql of tableCreations) {
 		await client.execute(sql);
 	}
 }
 async function clearData(client: Client) {
 	await client.execute("DELETE FROM user_settings");
 	await client.execute("DELETE FROM users");
 	await client.execute("DELETE FROM sqlite_sequence");
 }
 describe("Planner Routes", () => {
 	let app: FastifyInstance;
 	beforeAll(async () => {
 		await createSchema(testClient);
 	});
 	beforeEach(async () => {
 		await clearData(testClient);
 		// Create anonymous user
 		await testClient.execute(
 			"INSERT INTO users (id, username, auth_provider) VALUES (999999999, '__anonymous__', 'anonymous')"
 		);
 		app = Fastify({ logger: false });
 		await app.register(plannerRoutes);
 		await app.ready();
 		vi.clearAllMocks();
 		mockSendMail.mockReset();
 		mockSendShoutrrr.mockReset();
 	});
 	afterAll(async () => {
 		await app?.close();
 		testClient.close();
 	});
 	describe("POST /planner/send-email", () => {
 		it("should reject request with missing email", async () => {
 			const response = await app.inject({
 				method: "POST",
 				url: "/planner/send-email",
 				payload: {
 					from: "2025-01-01",
 					until: "2025-01-31",
 					rows: [{ medicationName: "Test", totalPills: 10, plannerUsage: 5, enough: true }],
 				},
 			});
 			expect(response.statusCode).toBe(400);
 			expect(response.json()).toEqual({ error: "Missing email or planner data" });
 		});
 		it("should reject request with missing rows", async () => {
 			const response = await app.inject({
 				method: "POST",
 				url: "/planner/send-email",
 				payload: {
 					email: "test@example.com",
 					from: "2025-01-01",
 					until: "2025-01-31",
 					rows: [],
 				},
 			});
 			expect(response.statusCode).toBe(400);
 			expect(response.json()).toEqual({ error: "Missing email or planner data" });
 		});
 		it("should reject when SMTP is not configured", async () => {
 			const response = await app.inject({
 				method: "POST",
 				url: "/planner/send-email",
 				payload: {
 					email: "test@example.com",
 					from: "2025-01-01",
 					until: "2025-01-31",
 					rows: [
 						{
 							medicationId: 1,
 							medicationName: "Aspirin",
 							totalPills: 30,
 							plannerUsage: 10,
 							blisterSize: 10,
 							blistersNeeded: 1,
 							fullBlisters: 3,
 							loosePills: 0,
 							enough: true,
 						},
 					],
 				},
 			});
 			expect(response.statusCode).toBe(400);
 			expect(response.json()).toEqual({ error: "SMTP not configured" });
 		});
 		it("should send email successfully when SMTP is configured", async () => {
 			// Set SMTP env vars
 			process.env.SMTP_HOST = "smtp.test.com";
 			process.env.SMTP_USER = "user@test.com";
 			process.env.SMTP_PASS = "password";
 			mockSendMail.mockResolvedValueOnce({ messageId: "123" });
 			const response = await app.inject({
 				method: "POST",
 				url: "/planner/send-email",
 				payload: {
 					email: "test@example.com",
 					from: "2025-01-01",
 					until: "2025-01-31",
 					language: "en",
 					rows: [
 						{
 							medicationId: 1,
 							medicationName: "Aspirin",
 							totalPills: 30,
 							plannerUsage: 10,
 							blisterSize: 10,
 							blistersNeeded: 1,
 							fullBlisters: 3,
 							loosePills: 0,
 							enough: true,
 						},
 					],
 				},
 			});
 			expect(response.statusCode).toBe(200);
 			expect(response.json()).toEqual({ success: true, message: "Email sent successfully" });
 			expect(mockSendMail).toHaveBeenCalledTimes(1);
 			// Cleanup
 			delete process.env.SMTP_HOST;
 			delete process.env.SMTP_USER;
 			delete process.env.SMTP_PASS;
 		});
 		it("should handle email with out of stock medications", async () => {
 			process.env.SMTP_HOST = "smtp.test.com";
 			process.env.SMTP_USER = "user@test.com";
 			process.env.SMTP_PASS = "password";
 			mockSendMail.mockResolvedValueOnce({ messageId: "123" });
 			const response = await app.inject({
 				method: "POST",
 				url: "/planner/send-email",
 				payload: {
 					email: "test@example.com",
 					from: "2025-01-01",
 					until: "2025-01-31",
 					rows: [
 						{
 							medicationId: 1,
 							medicationName: "Aspirin",
 							totalPills: 5,
 							plannerUsage: 30,
 							blisterSize: 10,
 							blistersNeeded: 3,
 							fullBlisters: 0,
 							loosePills: 5,
 							enough: false,
 						},
 						{
 							medicationId: 2,
 							medicationName: "Ibuprofen",
 							totalPills: 100,
 							plannerUsage: 10,
 							blisterSize: 10,
 							blistersNeeded: 1,
 							fullBlisters: 10,
 							loosePills: 0,
 							enough: true,
 						},
 					],
 				},
 			});
 			expect(response.statusCode).toBe(200);
 			expect(mockSendMail).toHaveBeenCalledTimes(1);
 			// Check that HTML contains out of stock warning
 			const mailCall = mockSendMail.mock.calls[0][0];
 			expect(mailCall.html).toContain("Out of Stock");
 			expect(mailCall.html).toContain("1 medication");
 			delete process.env.SMTP_HOST;
 			delete process.env.SMTP_USER;
 			delete process.env.SMTP_PASS;
 		});
 		it("should handle SMTP error gracefully", async () => {
 			process.env.SMTP_HOST = "smtp.test.com";
 			process.env.SMTP_USER = "user@test.com";
 			process.env.SMTP_PASS = "password";
 			mockSendMail.mockRejectedValueOnce(new Error("Connection refused"));
 			const response = await app.inject({
 				method: "POST",
 				url: "/planner/send-email",
 				payload: {
 					email: "test@example.com",
 					from: "2025-01-01",
 					until: "2025-01-31",
 					rows: [
 						{
 							medicationId: 1,
 							medicationName: "Aspirin",
 							totalPills: 30,
 							plannerUsage: 10,
 							blisterSize: 10,
 							blistersNeeded: 1,
 							fullBlisters: 3,
 							loosePills: 0,
 							enough: true,
 						},
 					],
 				},
 			});
 			expect(response.statusCode).toBe(500);
 			expect(response.json().error).toContain("Failed to send email");
 			expect(response.json().error).toContain("Connection refused");
 			delete process.env.SMTP_HOST;
 			delete process.env.SMTP_USER;
 			delete process.env.SMTP_PASS;
 		});
 		it("should use German locale when language is de", async () => {
 			process.env.SMTP_HOST = "smtp.test.com";
 			process.env.SMTP_USER = "user@test.com";
 			process.env.SMTP_PASS = "password";
 			mockSendMail.mockResolvedValueOnce({ messageId: "123" });
 			const response = await app.inject({
 				method: "POST",
 				url: "/planner/send-email",
 				payload: {
 					email: "test@example.com",
 					from: "2025-01-15",
 					until: "2025-02-15",
 					language: "de",
 					rows: [
 						{
 							medicationId: 1,
 							medicationName: "Aspirin",
 							totalPills: 30,
 							plannerUsage: 10,
 							blisterSize: 10,
 							blistersNeeded: 1,
 							fullBlisters: 3,
 							loosePills: 0,
 							enough: true,
 						},
 					],
 				},
 			});
 			expect(response.statusCode).toBe(200);
 			// German date format should be used
 			const mailCall = mockSendMail.mock.calls[0][0];
 			expect(mailCall.subject).toContain("Supply Overview");
 			delete process.env.SMTP_HOST;
 			delete process.env.SMTP_USER;
 			delete process.env.SMTP_PASS;
 		});
 	});
 	describe("POST /reminder/send-email", () => {
 		it("should reject request with missing lowStock data", async () => {
 			const response = await app.inject({
 				method: "POST",
 				url: "/reminder/send-email",
 				payload: {
 					email: "test@example.com",
 					lowStock: [],
 				},
 			});
 			expect(response.statusCode).toBe(400);
 			expect(response.json()).toEqual({ error: "Missing low stock data" });
 		});
 		it("should reject request with no lowStock array", async () => {
 			const response = await app.inject({
 				method: "POST",
 				url: "/reminder/send-email",
 				payload: {
 					email: "test@example.com",
 				},
 			});
 			expect(response.statusCode).toBe(400);
 			expect(response.json()).toEqual({ error: "Missing low stock data" });
 		});
 		it("should return error when no notification channels configured", async () => {
 			// User settings exist but email/shoutrrr disabled
 			await testClient.execute({
 				sql: `INSERT INTO user_settings (user_id, email_enabled, shoutrrr_enabled, language) VALUES (?, 0, 0, 'en')`,
 				args: [999999999],
 			});
 			const response = await app.inject({
 				method: "POST",
 				url: "/reminder/send-email",
 				payload: {
 					email: "test@example.com",
 					lowStock: [{ name: "Aspirin", medsLeft: 5, daysLeft: 3, depletionDate: "2025-01-03" }],
 				},
 			});
 			expect(response.statusCode).toBe(400);
 			expect(response.json()).toEqual({ error: "No notification channels configured" });
 		});
 		it("should send email reminder when email is enabled", async () => {
 			process.env.SMTP_HOST = "smtp.test.com";
 			process.env.SMTP_USER = "user@test.com";
 			process.env.SMTP_PASS = "password";
 			// Enable email in user settings
 			await testClient.execute({
 				sql: `INSERT INTO user_settings (user_id, email_enabled, shoutrrr_enabled, language) VALUES (?, 1, 0, 'en')`,
 				args: [999999999],
 			});
 			mockSendMail.mockResolvedValueOnce({ messageId: "123" });
 			const response = await app.inject({
 				method: "POST",
 				url: "/reminder/send-email",
 				payload: {
 					email: "test@example.com",
 					lowStock: [{ name: "Aspirin", medsLeft: 5, daysLeft: 3, depletionDate: "2025-01-03" }],
 				},
 			});
 			expect(response.statusCode).toBe(200);
 			expect(response.json()).toEqual({ success: true, message: "Reminder sent via email" });
 			expect(mockSendMail).toHaveBeenCalledTimes(1);
 			delete process.env.SMTP_HOST;
 			delete process.env.SMTP_USER;
 			delete process.env.SMTP_PASS;
 		});
 		it("should handle empty medications (medsLeft <= 0)", async () => {
 			process.env.SMTP_HOST = "smtp.test.com";
 			process.env.SMTP_USER = "user@test.com";
 			process.env.SMTP_PASS = "password";
 			await testClient.execute({
 				sql: `INSERT INTO user_settings (user_id, email_enabled, shoutrrr_enabled, language) VALUES (?, 1, 0, 'en')`,
 				args: [999999999],
 			});
 			mockSendMail.mockResolvedValueOnce({ messageId: "123" });
 			const response = await app.inject({
 				method: "POST",
 				url: "/reminder/send-email",
 				payload: {
 					email: "test@example.com",
 					lowStock: [
 						{ name: "Aspirin", medsLeft: 0, daysLeft: 0, depletionDate: null },
 						{ name: "Ibuprofen", medsLeft: 5, daysLeft: 3, depletionDate: "2025-01-03" },
 					],
 				},
 			});
 			expect(response.statusCode).toBe(200);
 			// Check email contains EMPTY warning
 			const mailCall = mockSendMail.mock.calls[0][0];
 			expect(mailCall.subject).toContain("Empty");
 			expect(mailCall.html).toContain("EMPTY");
 			delete process.env.SMTP_HOST;
 			delete process.env.SMTP_USER;
 			delete process.env.SMTP_PASS;
 		});
 		it("should handle mixed empty and low stock medications", async () => {
 			process.env.SMTP_HOST = "smtp.test.com";
 			process.env.SMTP_USER = "user@test.com";
 			process.env.SMTP_PASS = "password";
 			await testClient.execute({
 				sql: `INSERT INTO user_settings (user_id, email_enabled, shoutrrr_enabled, language) VALUES (?, 1, 0, 'en')`,
 				args: [999999999],
 			});
 			mockSendMail.mockResolvedValueOnce({ messageId: "123" });
 			const response = await app.inject({
 				method: "POST",
 				url: "/reminder/send-email",
 				payload: {
 					email: "test@example.com",
 					lowStock: [
 						{ name: "Aspirin", medsLeft: 0, daysLeft: 0, depletionDate: null },
 						{ name: "Ibuprofen", medsLeft: 10, daysLeft: 5, depletionDate: "2025-01-05" },
 					],
 				},
 			});
 			expect(response.statusCode).toBe(200);
 			const mailCall = mockSendMail.mock.calls[0][0];
 			expect(mailCall.subject).toContain("Empty");
 			expect(mailCall.subject).toContain("Running Low");
 			delete process.env.SMTP_HOST;
 			delete process.env.SMTP_USER;
 			delete process.env.SMTP_PASS;
 		});
 		it("should handle email error gracefully", async () => {
 			process.env.SMTP_HOST = "smtp.test.com";
 			process.env.SMTP_USER = "user@test.com";
 			process.env.SMTP_PASS = "password";
 			await testClient.execute({
 				sql: `INSERT INTO user_settings (user_id, email_enabled, shoutrrr_enabled, language) VALUES (?, 1, 0, 'en')`,
 				args: [999999999],
 			});
 			mockSendMail.mockRejectedValueOnce(new Error("SMTP error"));
 			const response = await app.inject({
 				method: "POST",
 				url: "/reminder/send-email",
 				payload: {
 					email: "test@example.com",
 					lowStock: [{ name: "Aspirin", medsLeft: 5, daysLeft: 3, depletionDate: "2025-01-03" }],
 				},
 			});
 			expect(response.statusCode).toBe(500);
 			expect(response.json().error).toContain("Email:");
 			delete process.env.SMTP_HOST;
 			delete process.env.SMTP_USER;
 			delete process.env.SMTP_PASS;
 		});
 		it("should send push notification when shoutrrr is enabled", async () => {
 			await testClient.execute({
 				sql: `INSERT INTO user_settings (user_id, email_enabled, shoutrrr_enabled, shoutrrr_url, language) VALUES (?, 0, 1, 'ntfy://localhost/test', 'en')`,
 				args: [999999999],
 			});
 			mockSendShoutrrr.mockResolvedValueOnce({ success: true });
 			const response = await app.inject({
 				method: "POST",
 				url: "/reminder/send-email",
 				payload: {
 					email: "test@example.com",
 					lowStock: [{ name: "Aspirin", medsLeft: 5, daysLeft: 3, depletionDate: "2025-01-03" }],
 				},
 			});
 			expect(response.statusCode).toBe(200);
 			expect(response.json()).toEqual({ success: true, message: "Reminder sent via push" });
 			expect(mockSendShoutrrr).toHaveBeenCalledTimes(1);
 		});
 		it("should send both email and push when both enabled", async () => {
 			process.env.SMTP_HOST = "smtp.test.com";
 			process.env.SMTP_USER = "user@test.com";
 			process.env.SMTP_PASS = "password";
 			await testClient.execute({
 				sql: `INSERT INTO user_settings (user_id, email_enabled, shoutrrr_enabled, shoutrrr_url, language) VALUES (?, 1, 1, 'ntfy://localhost/test', 'en')`,
 				args: [999999999],
 			});
 			mockSendMail.mockResolvedValueOnce({ messageId: "123" });
 			mockSendShoutrrr.mockResolvedValueOnce({ success: true });
 			const response = await app.inject({
 				method: "POST",
 				url: "/reminder/send-email",
 				payload: {
 					email: "test@example.com",
 					lowStock: [{ name: "Aspirin", medsLeft: 5, daysLeft: 3, depletionDate: "2025-01-03" }],
 				},
 			});
 			expect(response.statusCode).toBe(200);
 			expect(response.json()).toEqual({ success: true, message: "Reminder sent via email and push" });
 			expect(mockSendMail).toHaveBeenCalledTimes(1);
 			expect(mockSendShoutrrr).toHaveBeenCalledTimes(1);
 			delete process.env.SMTP_HOST;
 			delete process.env.SMTP_USER;
 			delete process.env.SMTP_PASS;
 		});
 		it("should handle push notification error gracefully", async () => {
 			await testClient.execute({
 				sql: `INSERT INTO user_settings (user_id, email_enabled, shoutrrr_enabled, shoutrrr_url, language) VALUES (?, 0, 1, 'ntfy://localhost/test', 'en')`,
 				args: [999999999],
 			});
 			mockSendShoutrrr.mockResolvedValueOnce({ success: false, error: "Connection failed" });
 			const response = await app.inject({
 				method: "POST",
 				url: "/reminder/send-email",
 				payload: {
 					email: "test@example.com",
 					lowStock: [{ name: "Aspirin", medsLeft: 5, daysLeft: 3, depletionDate: "2025-01-03" }],
 				},
 			});
 			expect(response.statusCode).toBe(500);
 			expect(response.json().error).toContain("Push:");
 		});
 		it("should handle push with empty meds using German translations", async () => {
 			await testClient.execute({
 				sql: `INSERT INTO user_settings (user_id, email_enabled, shoutrrr_enabled, shoutrrr_url, language) VALUES (?, 0, 1, 'ntfy://localhost/test', 'de')`,
 				args: [999999999],
 			});
 			mockSendShoutrrr.mockResolvedValueOnce({ success: true });
 			const response = await app.inject({
 				method: "POST",
 				url: "/reminder/send-email",
 				payload: {
 					email: "test@example.com",
 					lowStock: [{ name: "Aspirin", medsLeft: 0, daysLeft: 0, depletionDate: null }],
 				},
 			});
 			expect(response.statusCode).toBe(200);
 			expect(mockSendShoutrrr).toHaveBeenCalledTimes(1);
 			// Check German translations are used
 			const [title, _message] = mockSendShoutrrr.mock.calls[0].slice(1);
 			expect(title).toContain("Leer");
 		});
 		it("should handle push exception gracefully", async () => {
 			await testClient.execute({
 				sql: `INSERT INTO user_settings (user_id, email_enabled, shoutrrr_enabled, shoutrrr_url, language) VALUES (?, 0, 1, 'ntfy://localhost/test', 'en')`,
 				args: [999999999],
 			});
 			mockSendShoutrrr.mockRejectedValueOnce(new Error("Network error"));
 			const response = await app.inject({
 				method: "POST",
 				url: "/reminder/send-email",
 				payload: {
 					email: "test@example.com",
 					lowStock: [{ name: "Aspirin", medsLeft: 5, daysLeft: 3, depletionDate: "2025-01-03" }],
 				},
 			});
 			expect(response.statusCode).toBe(500);
 			expect(response.json().error).toContain("Push:");
 			expect(response.json().error).toContain("Network error");
 		});
 	});
 });
@@ -0,0 +1,396 @@
 /**
 * Tests for /medications/:id/refill and /medications/:id/refills API endpoints.
 * Tests adding refills to medication stock and retrieving refill history.
 */
 import { afterAll, beforeAll, beforeEach, describe, expect, it } from "vitest";
 import {
 	buildTestApp,
 	clearTestData,
 	closeTestApp,
 	createTestMedication,
 	createTestUser,
 	type TestContext,
 } from "./setup.js";
 // Store userId at module level so routes can access it
 let currentUserId = 1;
 // =============================================================================
 // Route Registration
 // =============================================================================
 async function registerRefillRoutes(ctx: TestContext) {
 	const { app, client } = ctx;
 	// POST /medications/:id/refill - Add stock and record history
 	app.post<{ Params: { id: string }; Body: { packsAdded?: number; loosePillsAdded?: number } }>(
 		"/medications/:id/refill",
 		async (request, reply) => {
 			const userId = currentUserId;
 			const medId = parseInt(request.params.id, 10);
 			const { packsAdded = 0, loosePillsAdded = 0 } = request.body || {};
 			// Validate input
 			if (packsAdded < 0 || loosePillsAdded < 0) {
 				return reply.status(400).send({ error: "packsAdded and loosePillsAdded must be non-negative" });
 			}
 			if (packsAdded === 0 && loosePillsAdded === 0) {
 				return reply
 					.status(400)
 					.send({ error: "At least one of packsAdded or loosePillsAdded must be greater than 0" });
 			}
 			// Check medication exists and belongs to user
 			const medResult = await client.execute({
 				sql: `SELECT id, pack_count, loose_tablets, blisters_per_pack, pills_per_blister 
              FROM medications WHERE id = ? AND user_id = ?`,
 				args: [medId, userId],
 			});
 			if (medResult.rows.length === 0) {
 				return reply.status(404).send({ error: "Medication not found" });
 			}
 			const med = medResult.rows[0];
 			const newPackCount = (med.pack_count as number) + packsAdded;
 			const newLooseTablets = (med.loose_tablets as number) + loosePillsAdded;
 			const pillsPerPack = (med.blisters_per_pack as number) * (med.pills_per_blister as number);
 			const totalPillsAdded = packsAdded * pillsPerPack + loosePillsAdded;
 			// Update medication stock
 			await client.execute({
 				sql: `UPDATE medications SET pack_count = ?, loose_tablets = ? WHERE id = ?`,
 				args: [newPackCount, newLooseTablets, medId],
 			});
 			// Record refill history
 			await client.execute({
 				sql: `INSERT INTO refill_history (medication_id, user_id, packs_added, loose_pills_added) 
              VALUES (?, ?, ?, ?)`,
 				args: [medId, userId, packsAdded, loosePillsAdded],
 			});
 			return {
 				success: true,
 				pillsAdded: totalPillsAdded,
 				newPackCount,
 				newLooseTablets,
 			};
 		}
 	);
 	// GET /medications/:id/refills - Get refill history
 	app.get<{ Params: { id: string } }>("/medications/:id/refills", async (request, reply) => {
 		const userId = currentUserId;
 		const medId = parseInt(request.params.id, 10);
 		// Check medication exists and belongs to user
 		const medResult = await client.execute({
 			sql: `SELECT id FROM medications WHERE id = ? AND user_id = ?`,
 			args: [medId, userId],
 		});
 		if (medResult.rows.length === 0) {
 			return reply.status(404).send({ error: "Medication not found" });
 		}
 		// Get refill history, newest first
 		const refillResult = await client.execute({
 			sql: `SELECT id, packs_added, loose_pills_added, refill_date 
            FROM refill_history 
            WHERE medication_id = ? AND user_id = ?
            ORDER BY refill_date DESC`,
 			args: [medId, userId],
 		});
 		return {
 			refills: refillResult.rows.map((r) => ({
 				id: r.id,
 				packsAdded: r.packs_added,
 				loosePillsAdded: r.loose_pills_added,
 				refillDate: r.refill_date,
 			})),
 		};
 	});
 }
 // =============================================================================
 // Tests
 // =============================================================================
 describe("Refill API", () => {
 	let ctx: TestContext;
 	let userId: number;
 	let medId: number;
 	beforeAll(async () => {
 		ctx = await buildTestApp();
 		await registerRefillRoutes(ctx);
 		await ctx.app.ready();
 	});
 	afterAll(async () => {
 		await closeTestApp(ctx);
 	});
 	beforeEach(async () => {
 		await clearTestData(ctx.client);
 		// Create test user
 		userId = await createTestUser(ctx.client, { username: "testuser" });
 		// Update the module-level userId so routes use the correct one
 		currentUserId = userId;
 		// Create a test medication with 1 pack (10 blisters × 10 pills = 100 pills/pack)
 		medId = await createTestMedication(ctx.client, {
 			userId,
 			name: "Test Med",
 			packCount: 1,
 			blistersPerPack: 10,
 			pillsPerBlister: 10,
 			looseTablets: 5,
 		});
 	});
 	// ---------------------------------------------------------------------------
 	// POST /medications/:id/refill
 	// ---------------------------------------------------------------------------
 	describe("POST /medications/:id/refill", () => {
 		it("should add packs to medication stock", async () => {
 			const response = await ctx.app.inject({
 				method: "POST",
 				url: `/medications/${medId}/refill`,
 				payload: { packsAdded: 2 },
 			});
 			expect(response.statusCode).toBe(200);
 			const data = response.json();
 			expect(data.success).toBe(true);
 			expect(data.pillsAdded).toBe(200); // 2 packs × 100 pills
 			expect(data.newPackCount).toBe(3); // 1 + 2
 			// Verify in database
 			const result = await ctx.client.execute({
 				sql: `SELECT pack_count FROM medications WHERE id = ?`,
 				args: [medId],
 			});
 			expect(result.rows[0].pack_count).toBe(3);
 		});
 		it("should add loose pills to medication stock", async () => {
 			const response = await ctx.app.inject({
 				method: "POST",
 				url: `/medications/${medId}/refill`,
 				payload: { loosePillsAdded: 15 },
 			});
 			expect(response.statusCode).toBe(200);
 			const data = response.json();
 			expect(data.success).toBe(true);
 			expect(data.pillsAdded).toBe(15);
 			expect(data.newLooseTablets).toBe(20); // 5 + 15
 			// Verify in database
 			const result = await ctx.client.execute({
 				sql: `SELECT loose_tablets FROM medications WHERE id = ?`,
 				args: [medId],
 			});
 			expect(result.rows[0].loose_tablets).toBe(20);
 		});
 		it("should add both packs and loose pills", async () => {
 			const response = await ctx.app.inject({
 				method: "POST",
 				url: `/medications/${medId}/refill`,
 				payload: { packsAdded: 1, loosePillsAdded: 10 },
 			});
 			expect(response.statusCode).toBe(200);
 			const data = response.json();
 			expect(data.success).toBe(true);
 			expect(data.pillsAdded).toBe(110); // 1 pack (100) + 10 loose
 			expect(data.newPackCount).toBe(2);
 			expect(data.newLooseTablets).toBe(15);
 		});
 		it("should record refill in history", async () => {
 			await ctx.app.inject({
 				method: "POST",
 				url: `/medications/${medId}/refill`,
 				payload: { packsAdded: 2, loosePillsAdded: 5 },
 			});
 			// Check history
 			const result = await ctx.client.execute({
 				sql: `SELECT packs_added, loose_pills_added FROM refill_history WHERE medication_id = ?`,
 				args: [medId],
 			});
 			expect(result.rows.length).toBe(1);
 			expect(result.rows[0].packs_added).toBe(2);
 			expect(result.rows[0].loose_pills_added).toBe(5);
 		});
 		it("should reject refill with zero amounts", async () => {
 			const response = await ctx.app.inject({
 				method: "POST",
 				url: `/medications/${medId}/refill`,
 				payload: { packsAdded: 0, loosePillsAdded: 0 },
 			});
 			expect(response.statusCode).toBe(400);
 			expect(response.json().error).toContain("At least one");
 		});
 		it("should reject refill with negative amounts", async () => {
 			const response = await ctx.app.inject({
 				method: "POST",
 				url: `/medications/${medId}/refill`,
 				payload: { packsAdded: -1 },
 			});
 			expect(response.statusCode).toBe(400);
 			expect(response.json().error).toContain("non-negative");
 		});
 		it("should return 404 for non-existent medication", async () => {
 			const response = await ctx.app.inject({
 				method: "POST",
 				url: `/medications/99999/refill`,
 				payload: { packsAdded: 1 },
 			});
 			expect(response.statusCode).toBe(404);
 			expect(response.json().error).toBe("Medication not found");
 		});
 	});
 	// ---------------------------------------------------------------------------
 	// GET /medications/:id/refills
 	// ---------------------------------------------------------------------------
 	describe("GET /medications/:id/refills", () => {
 		it("should return empty array when no refills", async () => {
 			const response = await ctx.app.inject({
 				method: "GET",
 				url: `/medications/${medId}/refills`,
 			});
 			expect(response.statusCode).toBe(200);
 			expect(response.json()).toEqual({ refills: [] });
 		});
 		it("should return refill history newest first", async () => {
 			// Add two refills with different values so we can identify them
 			await ctx.app.inject({
 				method: "POST",
 				url: `/medications/${medId}/refill`,
 				payload: { packsAdded: 1, loosePillsAdded: 0 },
 			});
 			// Increase delay to ensure different timestamps (SQLite datetime has second precision)
 			await new Promise((r) => setTimeout(r, 1100));
 			await ctx.app.inject({
 				method: "POST",
 				url: `/medications/${medId}/refill`,
 				payload: { packsAdded: 0, loosePillsAdded: 20 },
 			});
 			const response = await ctx.app.inject({
 				method: "GET",
 				url: `/medications/${medId}/refills`,
 			});
 			expect(response.statusCode).toBe(200);
 			const data = response.json();
 			expect(data.refills).toHaveLength(2);
 			// Newest first (loose pills - added second)
 			expect(data.refills[0].packsAdded).toBe(0);
 			expect(data.refills[0].loosePillsAdded).toBe(20);
 			// Older (packs - added first)
 			expect(data.refills[1].packsAdded).toBe(1);
 			expect(data.refills[1].loosePillsAdded).toBe(0);
 			// Each entry should have an id and refillDate
 			for (const refill of data.refills) {
 				expect(refill.id).toBeTypeOf("number");
 				expect(refill.refillDate).toBeTruthy();
 			}
 		});
 		it("should return 404 for non-existent medication", async () => {
 			const response = await ctx.app.inject({
 				method: "GET",
 				url: `/medications/99999/refills`,
 			});
 			expect(response.statusCode).toBe(404);
 			expect(response.json().error).toBe("Medication not found");
 		});
 	});
 	// ---------------------------------------------------------------------------
 	// Cascade Delete Tests
 	// ---------------------------------------------------------------------------
 	describe("Cascade Delete", () => {
 		it("should delete refill history when medication is deleted", async () => {
 			// Add a refill
 			await ctx.app.inject({
 				method: "POST",
 				url: `/medications/${medId}/refill`,
 				payload: { packsAdded: 1 },
 			});
 			// Verify refill exists
 			let result = await ctx.client.execute({
 				sql: `SELECT COUNT(*) as count FROM refill_history WHERE medication_id = ?`,
 				args: [medId],
 			});
 			expect(result.rows[0].count).toBe(1);
 			// Delete medication
 			await ctx.client.execute({
 				sql: `DELETE FROM medications WHERE id = ?`,
 				args: [medId],
 			});
 			// Verify refill history was cascade deleted
 			result = await ctx.client.execute({
 				sql: `SELECT COUNT(*) as count FROM refill_history WHERE medication_id = ?`,
 				args: [medId],
 			});
 			expect(result.rows[0].count).toBe(0);
 		});
 		it("should delete refill history when user is deleted", async () => {
 			// Add a refill
 			await ctx.app.inject({
 				method: "POST",
 				url: `/medications/${medId}/refill`,
 				payload: { packsAdded: 1 },
 			});
 			// Verify refill exists
 			let result = await ctx.client.execute({
 				sql: `SELECT COUNT(*) as count FROM refill_history WHERE user_id = ?`,
 				args: [userId],
 			});
 			expect(result.rows[0].count).toBe(1);
 			// Delete user
 			await ctx.client.execute({
 				sql: `DELETE FROM users WHERE id = ?`,
 				args: [userId],
 			});
 			// Verify refill history was cascade deleted
 			result = await ctx.client.execute({
 				sql: `SELECT COUNT(*) as count FROM refill_history WHERE user_id = ?`,
 				args: [userId],
 			});
 			expect(result.rows[0].count).toBe(0);
 		});
 	});
 });
@@ -0,0 +1,509 @@
 import { existsSync, rmSync } from "node:fs";
 import { tmpdir } from "node:os";
 import { resolve } from "node:path";
 import cookie from "@fastify/cookie";
 import cors from "@fastify/cors";
 import sensible from "@fastify/sensible";
 import Fastify from "fastify";
 import { afterEach, describe, expect, it } from "vitest";
 // Import from utils to avoid index.ts import side effects (server start)
 import {
 	buildAppConfig,
 	buildBaseCookieOptions,
 	buildRefreshCookieOptions,
 	ensureImagesDirectory,
 	getJwtConfig,
 	parseCorsOrigins,
 } from "../utils/server-config.js";
 describe("Index.ts Utility Functions", () => {
 	describe("parseCorsOrigins", () => {
 		it("should parse comma-separated origins", () => {
 			const origins = parseCorsOrigins("http://localhost:5173,http://localhost:4173");
 			expect(origins).toHaveLength(2);
 			expect(origins[0]).toBe("http://localhost:5173");
 			expect(origins[1]).toBe("http://localhost:4173");
 		});
 		it("should handle single origin", () => {
 			const origins = parseCorsOrigins("https://myapp.example.com");
 			expect(origins).toHaveLength(1);
 			expect(origins[0]).toBe("https://myapp.example.com");
 		});
 		it("should filter out empty strings", () => {
 			const origins = parseCorsOrigins("http://localhost:5173,,http://localhost:4173,");
 			expect(origins).toHaveLength(2);
 		});
 		it("should trim whitespace", () => {
 			const origins = parseCorsOrigins(" http://localhost:5173 , http://localhost:4173 ");
 			expect(origins).toEqual(["http://localhost:5173", "http://localhost:4173"]);
 		});
 		it("should return empty array for empty string", () => {
 			const origins = parseCorsOrigins("");
 			expect(origins).toHaveLength(0);
 		});
 	});
 	describe("buildBaseCookieOptions", () => {
 		it("should set secure=true in production", () => {
 			const options = buildBaseCookieOptions(15, true);
 			expect(options.secure).toBe(true);
 			expect(options.httpOnly).toBe(true);
 			expect(options.sameSite).toBe("lax");
 			expect(options.path).toBe("/");
 		});
 		it("should set secure=false in development", () => {
 			const options = buildBaseCookieOptions(15, false);
 			expect(options.secure).toBe(false);
 		});
 		it("should calculate maxAge in seconds from minutes", () => {
 			const options = buildBaseCookieOptions(15, false);
 			expect(options.maxAge).toBe(15 * 60); // 900 seconds
 		});
 		it("should handle custom TTL values", () => {
 			const options = buildBaseCookieOptions(30, false);
 			expect(options.maxAge).toBe(30 * 60); // 1800 seconds
 		});
 	});
 	describe("buildRefreshCookieOptions", () => {
 		it("should extend base options with longer maxAge", () => {
 			const base = buildBaseCookieOptions(15, false);
 			const refresh = buildRefreshCookieOptions(base, 7);
 			expect(refresh.httpOnly).toBe(true);
 			expect(refresh.sameSite).toBe("lax");
 			expect(refresh.maxAge).toBe(7 * 24 * 60 * 60); // 7 days in seconds
 		});
 		it("should calculate 14 days correctly", () => {
 			const base = buildBaseCookieOptions(15, false);
 			const refresh = buildRefreshCookieOptions(base, 14);
 			expect(refresh.maxAge).toBe(14 * 24 * 60 * 60); // 1209600 seconds
 		});
 		it("should preserve secure flag from base", () => {
 			const base = buildBaseCookieOptions(15, true);
 			const refresh = buildRefreshCookieOptions(base, 7);
 			expect(refresh.secure).toBe(true);
 		});
 	});
 	describe("buildAppConfig", () => {
 		it("should build complete config object", () => {
 			const config = buildAppConfig({
 				jwtSecret: "test-jwt-secret",
 				refreshSecret: "test-refresh-secret",
 				accessTtlMinutes: 15,
 				refreshTtlDays: 7,
 				isProduction: false,
 			});
 			expect(config.accessSecret).toBe("test-jwt-secret");
 			expect(config.refreshSecret).toBe("test-refresh-secret");
 			expect(config.accessTtl).toBe(15);
 			expect(config.refreshTtl).toBe(7);
 			expect(config.cookieOptions).toBeDefined();
 			expect(config.refreshCookieOptions).toBeDefined();
 		});
 		it("should use empty strings for missing secrets", () => {
 			const config = buildAppConfig({
 				accessTtlMinutes: 15,
 				refreshTtlDays: 7,
 				isProduction: false,
 			});
 			expect(config.accessSecret).toBe("");
 			expect(config.refreshSecret).toBe("");
 		});
 		it("should set secure cookies in production", () => {
 			const config = buildAppConfig({
 				accessTtlMinutes: 15,
 				refreshTtlDays: 7,
 				isProduction: true,
 			});
 			expect(config.cookieOptions.secure).toBe(true);
 			expect(config.refreshCookieOptions.secure).toBe(true);
 		});
 	});
 	describe("ensureImagesDirectory", () => {
 		const testDir = resolve(tmpdir(), `test-images-dir-${Date.now()}`);
 		afterEach(() => {
 			try {
 				if (existsSync(testDir)) {
 					rmSync(testDir, { recursive: true, force: true });
 				}
 			} catch {
 				// ignore cleanup errors
 			}
 		});
 		it("should create directory if it does not exist", () => {
 			const imagesDir = ensureImagesDirectory(testDir);
 			expect(existsSync(imagesDir)).toBe(true);
 			expect(imagesDir).toContain("data/images");
 		});
 		it("should return path if directory already exists", () => {
 			const firstCall = ensureImagesDirectory(testDir);
 			const secondCall = ensureImagesDirectory(testDir);
 			expect(firstCall).toBe(secondCall);
 		});
 	});
 	describe("getJwtConfig", () => {
 		it("should return real secret when auth enabled with secret", () => {
 			const config = getJwtConfig(true, "my-super-secret");
 			expect(config.secret).toBe("my-super-secret");
 			expect(config.cookie.cookieName).toBe("access_token");
 			expect(config.cookie.signed).toBe(false);
 		});
 		it("should return dummy secret when auth disabled", () => {
 			const config = getJwtConfig(false, undefined);
 			expect(config.secret).toBe("auth-disabled-no-secret-needed");
 		});
 		it("should return dummy secret when auth enabled but no secret", () => {
 			const config = getJwtConfig(true, undefined);
 			expect(config.secret).toBe("auth-disabled-no-secret-needed");
 		});
 		it("should return dummy secret when auth enabled with empty secret", () => {
 			const config = getJwtConfig(true, "");
 			expect(config.secret).toBe("auth-disabled-no-secret-needed");
 		});
 	});
 });
 // Test the server bootstrap logic without starting the actual server
 describe("Server Bootstrap", () => {
 	describe("Fastify App Configuration", () => {
 		it("should create a Fastify instance with logger", async () => {
 			const app = Fastify({
 				logger: {
 					level: "silent", // Disable logging for tests
 				},
 			});
 			expect(app).toBeDefined();
 			expect(app.log).toBeDefined();
 			await app.close();
 		});
 		it("should register sensible plugin", async () => {
 			const app = Fastify({ logger: false });
 			await app.register(sensible);
 			// Sensible adds error helpers
 			expect(app.httpErrors).toBeDefined();
 			expect(app.httpErrors.notFound).toBeDefined();
 			await app.close();
 		});
 		it("should register cors plugin with multiple origins", async () => {
 			const origins = ["http://localhost:5173", "http://localhost:4173"];
 			const app = Fastify({ logger: false });
 			await app.register(cors, { origin: origins, credentials: true });
 			// Add a test route
 			app.get("/test", async () => ({ ok: true }));
 			await app.ready();
 			// Test CORS headers
 			const response = await app.inject({
 				method: "GET",
 				url: "/test",
 				headers: {
 					origin: "http://localhost:5173",
 				},
 			});
 			expect(response.headers["access-control-allow-origin"]).toBe("http://localhost:5173");
 			expect(response.headers["access-control-allow-credentials"]).toBe("true");
 			await app.close();
 		});
 		it("should register cookie plugin", async () => {
 			const app = Fastify({ logger: false });
 			await app.register(cookie, { secret: "test-cookie-secret" });
 			// Add a test route that sets a cookie
 			app.get("/set-cookie", async (_request, reply) => {
 				reply.setCookie("test", "value", { path: "/" });
 				return { ok: true };
 			});
 			await app.ready();
 			const response = await app.inject({
 				method: "GET",
 				url: "/set-cookie",
 			});
 			expect(response.headers["set-cookie"]).toBeDefined();
 			await app.close();
 		});
 	});
 	describe("Config Decorator", () => {
 		it("should create config with auth settings", async () => {
 			const app = Fastify({ logger: false });
 			const accessTtlMinutes = 15;
 			const refreshTtlDays = 7;
 			const baseCookieOptions = {
 				httpOnly: true,
 				sameSite: "lax" as const,
 				secure: false, // test environment
 				path: "/",
 				maxAge: accessTtlMinutes * 60,
 			};
 			const refreshCookieOptions = {
 				...baseCookieOptions,
 				maxAge: refreshTtlDays * 24 * 60 * 60,
 			};
 			app.decorate("config", {
 				accessSecret: "test-jwt-secret",
 				refreshSecret: "test-refresh-secret",
 				accessTtl: accessTtlMinutes,
 				refreshTtl: refreshTtlDays,
 				cookieOptions: baseCookieOptions,
 				refreshCookieOptions,
 			});
 			expect((app as any).config.accessTtl).toBe(15);
 			expect((app as any).config.refreshTtl).toBe(7);
 			expect((app as any).config.cookieOptions.httpOnly).toBe(true);
 			expect((app as any).config.refreshCookieOptions.maxAge).toBe(7 * 24 * 60 * 60);
 			await app.close();
 		});
 		it("should calculate cookie maxAge correctly", () => {
 			const accessTtlMinutes = 30;
 			const refreshTtlDays = 14;
 			const accessMaxAge = accessTtlMinutes * 60;
 			const refreshMaxAge = refreshTtlDays * 24 * 60 * 60;
 			expect(accessMaxAge).toBe(1800); // 30 minutes in seconds
 			expect(refreshMaxAge).toBe(1209600); // 14 days in seconds
 		});
 	});
 	describe("CORS Origins Parsing", () => {
 		it("should parse comma-separated origins", () => {
 			const originsEnv = "http://localhost:5173,http://localhost:4173";
 			const origins = originsEnv
 				.split(",")
 				.map((o) => o.trim())
 				.filter(Boolean);
 			expect(origins).toHaveLength(2);
 			expect(origins[0]).toBe("http://localhost:5173");
 			expect(origins[1]).toBe("http://localhost:4173");
 		});
 		it("should handle single origin", () => {
 			const originsEnv = "https://myapp.example.com";
 			const origins = originsEnv
 				.split(",")
 				.map((o) => o.trim())
 				.filter(Boolean);
 			expect(origins).toHaveLength(1);
 			expect(origins[0]).toBe("https://myapp.example.com");
 		});
 		it("should filter out empty strings", () => {
 			const originsEnv = "http://localhost:5173,,http://localhost:4173,";
 			const origins = originsEnv
 				.split(",")
 				.map((o) => o.trim())
 				.filter(Boolean);
 			expect(origins).toHaveLength(2);
 		});
 		it("should trim whitespace", () => {
 			const originsEnv = " http://localhost:5173 , http://localhost:4173 ";
 			const origins = originsEnv
 				.split(",")
 				.map((o) => o.trim())
 				.filter(Boolean);
 			expect(origins).toEqual(["http://localhost:5173", "http://localhost:4173"]);
 		});
 	});
 	describe("Route Registration", () => {
 		it("should register multiple route plugins", async () => {
 			const app = Fastify({ logger: false });
 			// Mock route plugins
 			const healthRoutes = async (app: any) => {
 				app.get("/health", async () => ({ status: "ok" }));
 			};
 			const authRoutes = async (app: any) => {
 				app.post("/auth/login", async () => ({ token: "mock" }));
 			};
 			const medicationRoutes = async (app: any) => {
 				app.get("/medications", async () => []);
 			};
 			await app.register(healthRoutes);
 			await app.register(authRoutes);
 			await app.register(medicationRoutes);
 			await app.ready();
 			// Verify routes are registered
 			const routes = app.printRoutes();
 			expect(routes).toContain("health");
 			expect(routes).toContain("auth/login");
 			expect(routes).toContain("medications");
 			await app.close();
 		});
 	});
 	describe("Server Startup", () => {
 		it("should listen on specified port", async () => {
 			const app = Fastify({ logger: false });
 			app.get("/test", async () => ({ ok: true }));
 			// Use port 0 to get a random available port
 			const address = await app.listen({ port: 0, host: "127.0.0.1" });
 			expect(address).toContain("127.0.0.1");
 			await app.close();
 		});
 		it("should handle listen errors gracefully", async () => {
 			const app = Fastify({ logger: false });
 			// Try to listen on an invalid port
 			await expect(app.listen({ port: -1, host: "127.0.0.1" })).rejects.toThrow();
 			await app.close();
 		});
 	});
 	describe("Images Directory", () => {
 		it("should construct images directory path correctly", () => {
 			const resolve = (base: string, ...paths: string[]) => {
 				return [base, ...paths].join("/").replace(/\/+/g, "/");
 			};
 			const cwd = "/app";
 			const imagesDir = resolve(cwd, "data/images");
 			expect(imagesDir).toBe("/app/data/images");
 		});
 	});
 });
 describe("Cookie Options", () => {
 	describe("Production vs Development", () => {
 		it("should set secure=true in production", () => {
 			const isProduction = true;
 			const cookieOptions = {
 				httpOnly: true,
 				sameSite: "lax" as const,
 				secure: isProduction,
 				path: "/",
 			};
 			expect(cookieOptions.secure).toBe(true);
 		});
 		it("should set secure=false in development", () => {
 			const isProduction = false;
 			const cookieOptions = {
 				httpOnly: true,
 				sameSite: "lax" as const,
 				secure: isProduction,
 				path: "/",
 			};
 			expect(cookieOptions.secure).toBe(false);
 		});
 	});
 });
 describe("Rate Limiting", () => {
 	it("should configure rate limit settings", () => {
 		const rateLimitConfig = {
 			max: 300,
 			timeWindow: "1 minute",
 		};
 		expect(rateLimitConfig.max).toBe(300);
 		expect(rateLimitConfig.timeWindow).toBe("1 minute");
 	});
 });
 describe("JWT Configuration", () => {
 	it("should configure JWT with auth enabled", () => {
 		const authEnabled = true;
 		const jwtSecret = "my-super-secret-jwt-key";
 		const jwtConfig = {
 			secret: authEnabled && jwtSecret ? jwtSecret : "auth-disabled-no-secret-needed",
 			cookie: { cookieName: "access_token", signed: false },
 		};
 		expect(jwtConfig.secret).toBe(jwtSecret);
 		expect(jwtConfig.cookie.cookieName).toBe("access_token");
 		expect(jwtConfig.cookie.signed).toBe(false);
 	});
 	it("should use dummy secret with auth disabled", () => {
 		const authEnabled = false;
 		const jwtSecret = undefined;
 		const jwtConfig = {
 			secret: authEnabled && jwtSecret ? jwtSecret : "auth-disabled-no-secret-needed",
 			cookie: { cookieName: "access_token", signed: false },
 		};
 		expect(jwtConfig.secret).toBe("auth-disabled-no-secret-needed");
 	});
 });
 describe("Multipart Configuration", () => {
 	it("should set file size limit to 10MB", () => {
 		const fileSizeLimit = 10 * 1024 * 1024;
 		expect(fileSizeLimit).toBe(10485760);
 	});
 });
@@ -0,0 +1,643 @@
 import { afterEach, beforeEach, describe, expect, it } from "vitest";
 // Import actual utility functions from scheduler-utils
 import {
 	type Blister,
 	calculateDailyUsage,
 	calculateDepletionInfo,
 	cleanOldIntakeReminders,
 	createDefaultIntakeReminderState,
 	createDefaultReminderState,
 	formatInTimezone,
 	getCurrentHourInTimezone,
 	getMsUntilNextCheck,
 	getNextScheduledTime,
 	getTimezone,
 	getTodayInTimezone,
 	getTodaysIntakes,
 	getUpcomingIntakes,
 	type Intake,
 	parseBlisters,
 	parseIntakeReminderState,
 	parseReminderState,
 	parseTakenByJson,
 } from "../utils/scheduler-utils.js";
 // Helper to convert Blister to Intake for tests
 function blisterToIntake(blister: Blister, takenBy: string | null = null, intakeRemindersEnabled = false): Intake {
 	return {
 		usage: blister.usage,
 		every: blister.every,
 		start: blister.start,
 		takenBy,
 		intakeRemindersEnabled,
 	};
 }
 describe("Scheduler Utils - Timezone Functions", () => {
 	let originalTz: string | undefined;
 	beforeEach(() => {
 		originalTz = process.env.TZ;
 	});
 	afterEach(() => {
 		if (originalTz !== undefined) {
 			process.env.TZ = originalTz;
 		} else {
 			delete process.env.TZ;
 		}
 	});
 	describe("getTimezone", () => {
 		it("should return TZ env variable when set", () => {
 			process.env.TZ = "America/New_York";
 			expect(getTimezone()).toBe("America/New_York");
 		});
 		it("should return UTC when TZ not set", () => {
 			delete process.env.TZ;
 			expect(getTimezone()).toBe("UTC");
 		});
 		it("should handle Europe/Berlin timezone", () => {
 			process.env.TZ = "Europe/Berlin";
 			expect(getTimezone()).toBe("Europe/Berlin");
 		});
 	});
 	describe("formatInTimezone", () => {
 		it("should format date in given timezone", () => {
 			const date = new Date("2025-12-30T12:00:00.000Z");
 			const formatted = formatInTimezone(date, "UTC");
 			expect(formatted).toContain("30");
 			expect(formatted).toContain("12");
 		});
 		it("should use process.env.TZ when no tz provided", () => {
 			process.env.TZ = "UTC";
 			const date = new Date("2025-12-30T15:30:00.000Z");
 			const formatted = formatInTimezone(date);
 			expect(formatted).toContain("15:30");
 		});
 	});
 	describe("getCurrentHourInTimezone", () => {
 		it("should return a valid hour (0-23)", () => {
 			process.env.TZ = "UTC";
 			const hour = getCurrentHourInTimezone();
 			expect(hour).toBeGreaterThanOrEqual(0);
 			expect(hour).toBeLessThanOrEqual(23);
 		});
 		it("should respect timezone parameter", () => {
 			const hourUtc = getCurrentHourInTimezone("UTC");
 			expect(hourUtc).toBeGreaterThanOrEqual(0);
 			expect(hourUtc).toBeLessThanOrEqual(23);
 		});
 	});
 	describe("getTodayInTimezone", () => {
 		it("should return date in YYYY-MM-DD format", () => {
 			process.env.TZ = "UTC";
 			const today = getTodayInTimezone();
 			expect(today).toMatch(/^\d{4}-\d{2}-\d{2}$/);
 		});
 		it("should return a valid date", () => {
 			process.env.TZ = "UTC";
 			const today = getTodayInTimezone();
 			const date = new Date(today);
 			expect(date.toString()).not.toBe("Invalid Date");
 		});
 		it("should respect timezone parameter", () => {
 			const today = getTodayInTimezone("UTC");
 			expect(today).toMatch(/^\d{4}-\d{2}-\d{2}$/);
 		});
 	});
 	describe("getNextScheduledTime", () => {
 		it("should return a Date object", () => {
 			const next = getNextScheduledTime(6, "UTC");
 			expect(next).toBeInstanceOf(Date);
 		});
 		it("should return a time in the future", () => {
 			// Use hour 0 to minimize chance of being exactly at that hour
 			const next = getNextScheduledTime(0, "UTC");
 			expect(next.getTime()).toBeGreaterThan(Date.now() - 60 * 60 * 1000); // Within 1 hour of now or future
 		});
 		it("should schedule for the given hour", () => {
 			const next = getNextScheduledTime(10, "UTC");
 			const hourInUtc = parseInt(next.toLocaleString("en-US", { timeZone: "UTC", hour: "numeric", hour12: false }), 10);
 			expect(hourInUtc).toBe(10);
 		});
 	});
 	describe("getMsUntilNextCheck", () => {
 		it("should return a positive number (or very small negative within tolerance)", () => {
 			const ms = getMsUntilNextCheck(6, "UTC");
 			// Could be slightly negative if we're right at the scheduled time
 			expect(ms).toBeGreaterThan(-60000);
 		});
 		it("should be less than or equal to 24 hours", () => {
 			const ms = getMsUntilNextCheck(6, "UTC");
 			const maxMs = 24 * 60 * 60 * 1000 + 60000; // 24h + 1min tolerance
 			expect(ms).toBeLessThanOrEqual(maxMs);
 		});
 	});
 });
 describe("Scheduler Utils - Blister Parsing", () => {
 	describe("parseBlisters", () => {
 		it("should parse valid blister JSON arrays", () => {
 			const row = {
 				usageJson: "[1, 2, 0.5]",
 				everyJson: "[1, 2, 7]",
 				startJson: '["2025-01-01T08:00", "2025-01-01T20:00", "2025-01-01T12:00"]',
 			};
 			const blisters = parseBlisters(row);
 			expect(blisters).toHaveLength(3);
 			expect(blisters[0]).toEqual({ usage: 1, every: 1, start: "2025-01-01T08:00" });
 			expect(blisters[1]).toEqual({ usage: 2, every: 2, start: "2025-01-01T20:00" });
 			expect(blisters[2]).toEqual({ usage: 0.5, every: 7, start: "2025-01-01T12:00" });
 		});
 		it("should handle arrays of different lengths (use shortest)", () => {
 			const row = {
 				usageJson: "[1, 2]",
 				everyJson: "[1]",
 				startJson: '["2025-01-01T08:00", "2025-01-01T20:00", "2025-01-01T12:00"]',
 			};
 			const blisters = parseBlisters(row);
 			expect(blisters).toHaveLength(1);
 			expect(blisters[0]).toEqual({ usage: 1, every: 1, start: "2025-01-01T08:00" });
 		});
 		it("should return empty array for empty JSON arrays", () => {
 			const row = {
 				usageJson: "[]",
 				everyJson: "[]",
 				startJson: "[]",
 			};
 			const blisters = parseBlisters(row);
 			expect(blisters).toHaveLength(0);
 		});
 		it("should return empty array for invalid JSON", () => {
 			const row = {
 				usageJson: "invalid",
 				everyJson: "[1]",
 				startJson: '["2025-01-01T08:00"]',
 			};
 			const blisters = parseBlisters(row);
 			expect(blisters).toHaveLength(0);
 		});
 		it("should return empty array for non-array JSON", () => {
 			const row = {
 				usageJson: '{"usage": 1}',
 				everyJson: "[1]",
 				startJson: '["2025-01-01T08:00"]',
 			};
 			const blisters = parseBlisters(row);
 			expect(blisters).toHaveLength(0);
 		});
 	});
 	describe("parseTakenByJson", () => {
 		it("should return empty array for null input", () => {
 			expect(parseTakenByJson(null)).toEqual([]);
 		});
 		it("should return empty array for undefined input", () => {
 			expect(parseTakenByJson(undefined)).toEqual([]);
 		});
 		it("should return empty array for empty string", () => {
 			expect(parseTakenByJson("")).toEqual([]);
 		});
 		it("should parse valid JSON array of strings", () => {
 			expect(parseTakenByJson('["Alice", "Bob"]')).toEqual(["Alice", "Bob"]);
 		});
 		it("should return empty array for empty JSON array", () => {
 			expect(parseTakenByJson("[]")).toEqual([]);
 		});
 		it("should filter out non-string values", () => {
 			expect(parseTakenByJson('[1, "Alice", null, "Bob", true]')).toEqual(["Alice", "Bob"]);
 		});
 		it("should filter out empty strings", () => {
 			expect(parseTakenByJson('["Alice", "", "Bob", "  "]')).toEqual(["Alice", "Bob"]);
 		});
 		it("should return empty array for invalid JSON", () => {
 			expect(parseTakenByJson("invalid json")).toEqual([]);
 		});
 		it("should return empty array for non-array JSON", () => {
 			expect(parseTakenByJson('{"name": "Alice"}')).toEqual([]);
 			expect(parseTakenByJson('"Alice"')).toEqual([]);
 			expect(parseTakenByJson("123")).toEqual([]);
 		});
 	});
 });
 describe("Scheduler Utils - Daily Usage Calculation", () => {
 	describe("calculateDailyUsage", () => {
 		it("should calculate daily usage for single daily dose", () => {
 			const blisters: Blister[] = [{ usage: 1, every: 1, start: "2025-01-01T08:00" }];
 			expect(calculateDailyUsage(blisters)).toBe(1);
 		});
 		it("should calculate daily usage for twice daily dose", () => {
 			const blisters: Blister[] = [
 				{ usage: 1, every: 1, start: "2025-01-01T08:00" },
 				{ usage: 1, every: 1, start: "2025-01-01T20:00" },
 			];
 			expect(calculateDailyUsage(blisters)).toBe(2);
 		});
 		it("should calculate daily usage for weekly dose", () => {
 			const blisters: Blister[] = [{ usage: 1, every: 7, start: "2025-01-01T08:00" }];
 			expect(calculateDailyUsage(blisters)).toBeCloseTo(1 / 7, 5);
 		});
 		it("should calculate daily usage for mixed schedules", () => {
 			const blisters: Blister[] = [
 				{ usage: 2, every: 1, start: "2025-01-01T08:00" }, // 2 per day
 				{ usage: 1, every: 2, start: "2025-01-01T20:00" }, // 0.5 per day
 			];
 			expect(calculateDailyUsage(blisters)).toBe(2.5);
 		});
 		it("should return 0 for empty blisters", () => {
 			expect(calculateDailyUsage([])).toBe(0);
 		});
 		it("should handle fractional usage amounts", () => {
 			const blisters: Blister[] = [{ usage: 0.5, every: 1, start: "2025-01-01T08:00" }];
 			expect(calculateDailyUsage(blisters)).toBe(0.5);
 		});
 	});
 });
 describe("Scheduler Utils - Depletion Calculation", () => {
 	describe("calculateDepletionInfo", () => {
 		it("should calculate days left correctly", () => {
 			const blisters: Blister[] = [{ usage: 1, every: 1, start: "2025-01-01T08:00" }];
 			const result = calculateDepletionInfo({ count: 30, blisters }, "en");
 			expect(result.daysLeft).toBe(30);
 			expect(result.depletionDate).toBeTruthy();
 		});
 		it("should calculate days left with multiple doses per day", () => {
 			const blisters: Blister[] = [
 				{ usage: 1, every: 1, start: "2025-01-01T08:00" },
 				{ usage: 1, every: 1, start: "2025-01-01T20:00" },
 			];
 			const result = calculateDepletionInfo({ count: 30, blisters }, "en");
 			expect(result.daysLeft).toBe(15);
 		});
 		it("should return null when no blisters configured", () => {
 			const result = calculateDepletionInfo({ count: 30, blisters: [] }, "en");
 			expect(result.daysLeft).toBeNull();
 			expect(result.depletionDate).toBeNull();
 		});
 		it("should return null when usage is zero", () => {
 			const blisters: Blister[] = [{ usage: 0, every: 1, start: "2025-01-01T08:00" }];
 			const result = calculateDepletionInfo({ count: 30, blisters }, "en");
 			expect(result.daysLeft).toBeNull();
 		});
 		it("should floor the days left", () => {
 			// 10 pills / 3 per day = 3.33... days -> floors to 3
 			const blisters: Blister[] = [{ usage: 3, every: 1, start: "2025-01-01T08:00" }];
 			const result = calculateDepletionInfo({ count: 10, blisters }, "en");
 			expect(result.daysLeft).toBe(3);
 		});
 		it("should handle German language", () => {
 			const blisters: Blister[] = [{ usage: 1, every: 1, start: "2025-01-01T08:00" }];
 			const result = calculateDepletionInfo({ count: 10, blisters }, "de");
 			expect(result.depletionDate).toBeTruthy();
 			// German locale should be used
 		});
 	});
 });
 describe("Scheduler Utils - Upcoming Intakes", () => {
 	describe("getUpcomingIntakes", () => {
 		it("should return empty array when no intakes in window", () => {
 			// With parseLocalDateTime, times are treated as local - use same format for consistency
 			const intakes: Intake[] = [blisterToIntake({ usage: 1, every: 1, start: "2025-01-01T08:00:00" })];
 			// Set "now" to a time far from any scheduled intake (12:00 local)
 			const now = new Date(2025, 0, 1, 12, 0, 0).getTime();
 			const result = getUpcomingIntakes("TestMed", intakes, 15, [], null, "en-US", "UTC", now);
 			expect(result).toEqual([]);
 		});
 		it("should find intake within reminder window", () => {
 			// Schedule intake at 08:00 local, check at 07:45 local (15 minutes before)
 			const intakes: Intake[] = [blisterToIntake({ usage: 2, every: 1, start: "2025-01-01T08:00:00" }, "Alice")];
 			const now = new Date(2025, 0, 1, 7, 45, 0).getTime();
 			const result = getUpcomingIntakes("TestMed", intakes, 15, [], 500, "en-US", "UTC", now);
 			expect(result).toHaveLength(1);
 			expect(result[0].medName).toBe("TestMed");
 			expect(result[0].usage).toBe(2);
 			expect(result[0].takenBy).toBe("Alice");
 			expect(result[0].pillWeightMg).toBe(500);
 		});
 		it("should skip blisters with zero interval", () => {
 			const intakes: Intake[] = [blisterToIntake({ usage: 1, every: 0, start: "2025-01-01T08:00:00" })];
 			const now = new Date(2025, 0, 1, 7, 45, 0).getTime();
 			const result = getUpcomingIntakes("TestMed", intakes, 15, [], null, "en-US", "UTC", now);
 			expect(result).toEqual([]);
 		});
 		it("should handle multiple blisters", () => {
 			// Two intakes at 08:00 and 08:01 local
 			const intakes: Intake[] = [
 				blisterToIntake({ usage: 1, every: 1, start: "2025-01-01T08:00:00" }),
 				blisterToIntake({ usage: 2, every: 1, start: "2025-01-01T08:01:00" }),
 			];
 			const now = new Date(2025, 0, 1, 7, 45, 0).getTime();
 			const result = getUpcomingIntakes("TestMed", intakes, 15, [], null, "en-US", "UTC", now);
 			// Both should be found as they're within the window
 			expect(result.length).toBeGreaterThanOrEqual(1);
 		});
 	});
 	describe("getTodaysIntakes", () => {
 		it("should return all intakes for today", () => {
 			// Daily medication at 08:00 starting yesterday
 			// With parseLocalDateTime, "08:00:00.000Z" is treated as 08:00 local time
 			const intakes: Intake[] = [blisterToIntake({ usage: 1, every: 1, start: "2025-01-01T08:00:00.000Z" })];
 			// Get intakes for today (today's intake should be at 08:00 local)
 			const result = getTodaysIntakes("TestMed", intakes, [], null, "en-US", "UTC");
 			expect(result.length).toBeGreaterThanOrEqual(1);
 			const intake = result.find((i) => i.intakeTime.getHours() === 8);
 			expect(intake).toBeDefined();
 			expect(intake?.medName).toBe("TestMed");
 			expect(intake?.usage).toBe(1);
 		});
 		it("should include past intakes from today", () => {
 			// Medication at 00:01 today (definitely in the past)
 			const todayMidnight = new Date();
 			todayMidnight.setUTCHours(0, 1, 0, 0);
 			const intakes: Intake[] = [
 				blisterToIntake(
 					{
 						usage: 2,
 						every: 1,
 						start: todayMidnight.toISOString(),
 					},
 					"Bob"
 				),
 			];
 			const result = getTodaysIntakes("PastMed", intakes, [], 250, "en-US", "UTC");
 			expect(result).toHaveLength(1);
 			expect(result[0].medName).toBe("PastMed");
 			expect(result[0].usage).toBe(2);
 			expect(result[0].takenBy).toBe("Bob");
 			expect(result[0].pillWeightMg).toBe(250);
 		});
 		it("should handle multiple intakes per day", () => {
 			// Two intakes today: morning and evening
 			const today = new Date();
 			const morning = new Date(today);
 			morning.setUTCHours(8, 0, 0, 0);
 			const evening = new Date(today);
 			evening.setUTCHours(20, 0, 0, 0);
 			const intakes: Intake[] = [
 				blisterToIntake({ usage: 1, every: 1, start: morning.toISOString() }),
 				blisterToIntake({ usage: 1, every: 1, start: evening.toISOString() }),
 			];
 			const result = getTodaysIntakes("MultiMed", intakes, [], null, "en-US", "UTC");
 			expect(result.length).toBeGreaterThanOrEqual(2);
 		});
 		it("should not include intakes from other days", () => {
 			// Weekly medication on a different day of week
 			const lastWeek = new Date();
 			lastWeek.setDate(lastWeek.getDate() - 7);
 			const intakes: Intake[] = [
 				blisterToIntake({
 					usage: 1,
 					every: 7,
 					start: lastWeek.toISOString(),
 				}),
 			];
 			// If today is not the same day of week, should return empty
 			const result = getTodaysIntakes("WeeklyMed", intakes, [], null, "en-US", "UTC");
 			// This test might return 0 or 1 depending on the day
 			expect(Array.isArray(result)).toBe(true);
 		});
 		it("should handle local time correctly (ignore Z suffix)", () => {
 			// With parseLocalDateTime, the Z suffix is ignored and time is treated as local server time
 			// The intakeTimeStr is then formatted for the target timezone (Europe/Berlin)
 			// So if server is in UTC, 14:00 server time becomes 15:00 Europe/Berlin time
 			const intakes: Intake[] = [
 				blisterToIntake({
 					usage: 1,
 					every: 1,
 					start: "2025-01-01T14:00:00.000Z", // Treated as 14:00 server local time
 				}),
 			];
 			const result = getTodaysIntakes("TzMed", intakes, [], null, "de-DE", "Europe/Berlin");
 			expect(Array.isArray(result)).toBe(true);
 			if (result.length > 0) {
 				// The intakeTimeStr should be a valid time format (HH:MM)
 				// Exact value depends on server timezone vs target timezone offset
 				expect(result[0].intakeTimeStr).toMatch(/^\d{2}:\d{2}$/);
 			}
 		});
 	});
 });
 describe("Scheduler Utils - State Management", () => {
 	describe("createDefaultReminderState", () => {
 		it("should create default reminder state", () => {
 			const state = createDefaultReminderState();
 			expect(state.lastAutoEmailSent).toBeNull();
 			expect(state.lastAutoEmailDate).toBeNull();
 			expect(state.notifiedMedications).toEqual([]);
 			expect(state.nextScheduledCheck).toBeNull();
 			expect(state.lastNotificationType).toBeNull();
 			expect(state.lastNotificationChannel).toBeNull();
 		});
 	});
 	describe("createDefaultIntakeReminderState", () => {
 		it("should create default intake reminder state", () => {
 			const state = createDefaultIntakeReminderState();
 			expect(state.reminders).toEqual({});
 		});
 	});
 	describe("parseReminderState", () => {
 		it("should parse valid JSON", () => {
 			const json = JSON.stringify({
 				lastAutoEmailSent: "2025-12-30T10:00:00.000Z",
 				lastAutoEmailDate: "2025-12-30",
 				notifiedMedications: ["med1", "med2"],
 				nextScheduledCheck: "2025-12-31T06:00:00.000Z",
 				lastNotificationType: "stock",
 				lastNotificationChannel: "email",
 			});
 			const state = parseReminderState(json);
 			expect(state.lastAutoEmailSent).toBe("2025-12-30T10:00:00.000Z");
 			expect(state.lastAutoEmailDate).toBe("2025-12-30");
 			expect(state.notifiedMedications).toEqual(["med1", "med2"]);
 			expect(state.lastNotificationType).toBe("stock");
 			expect(state.lastNotificationChannel).toBe("email");
 		});
 		it("should handle partial state with defaults", () => {
 			const json = JSON.stringify({ lastAutoEmailSent: "2025-12-30T10:00:00.000Z" });
 			const state = parseReminderState(json);
 			expect(state.lastAutoEmailSent).toBe("2025-12-30T10:00:00.000Z");
 			expect(state.lastAutoEmailDate).toBeNull();
 			expect(state.notifiedMedications).toEqual([]);
 		});
 		it("should return defaults for invalid JSON", () => {
 			const state = parseReminderState("invalid json {{{");
 			expect(state.lastAutoEmailSent).toBeNull();
 			expect(state.notifiedMedications).toEqual([]);
 		});
 	});
 	describe("parseIntakeReminderState", () => {
 		it("should parse valid new format JSON", () => {
 			const json = JSON.stringify({
 				reminders: {
 					"med1:123": { firstSentAt: 1000, lastSentAt: 2000, sendCount: 2 },
 					"med2:456": { firstSentAt: 3000, lastSentAt: 3000, sendCount: 1 },
 				},
 			});
 			const state = parseIntakeReminderState(json);
 			expect(Object.keys(state.reminders)).toHaveLength(2);
 			expect(state.reminders["med1:123"].sendCount).toBe(2);
 		});
 		it("should convert old array format to new format", () => {
 			const json = JSON.stringify({ sentReminders: ["med1:123", "med2:456"] });
 			const state = parseIntakeReminderState(json);
 			expect(Object.keys(state.reminders)).toHaveLength(2);
 			expect(state.reminders["med1:123"]).toBeDefined();
 			expect(state.reminders["med1:123"].sendCount).toBe(1);
 		});
 		it("should return defaults for invalid JSON", () => {
 			const state = parseIntakeReminderState("invalid");
 			expect(state.reminders).toEqual({});
 		});
 		it("should handle missing reminders field", () => {
 			const state = parseIntakeReminderState("{}");
 			expect(state.reminders).toEqual({});
 		});
 	});
 	describe("cleanOldIntakeReminders", () => {
 		it("should remove entries from past days (timezone-aware)", () => {
 			const tz = "Europe/Berlin";
 			const now = new Date();
 			const today = new Date(now.toLocaleString("en-US", { timeZone: tz }));
 			today.setHours(12, 0, 0, 0);
 			const yesterday = new Date(today);
 			yesterday.setDate(yesterday.getDate() - 1);
 			const reminders = {
 				[`med1:${yesterday.getTime()}`]: {
 					firstSentAt: yesterday.getTime(),
 					lastSentAt: yesterday.getTime(),
 					sendCount: 1,
 				},
 				[`med2:${today.getTime()}`]: { firstSentAt: today.getTime(), lastSentAt: today.getTime(), sendCount: 1 },
 			};
 			const cleaned = cleanOldIntakeReminders(reminders, tz);
 			expect(Object.keys(cleaned)).toHaveLength(1);
 			expect(cleaned[`med2:${today.getTime()}`]).toBeDefined();
 		});
 		it("should keep all entries from today", () => {
 			const tz = "Europe/Berlin";
 			const now = new Date();
 			const morning = new Date(now.toLocaleString("en-US", { timeZone: tz }));
 			morning.setHours(8, 0, 0, 0);
 			const evening = new Date(now.toLocaleString("en-US", { timeZone: tz }));
 			evening.setHours(20, 0, 0, 0);
 			const reminders = {
 				[`med1:${morning.getTime()}`]: { firstSentAt: morning.getTime(), lastSentAt: morning.getTime(), sendCount: 1 },
 				[`med2:${evening.getTime()}`]: { firstSentAt: evening.getTime(), lastSentAt: evening.getTime(), sendCount: 1 },
 			};
 			const cleaned = cleanOldIntakeReminders(reminders, tz);
 			expect(Object.keys(cleaned)).toHaveLength(2);
 		});
 		it("should handle empty reminders", () => {
 			const cleaned = cleanOldIntakeReminders({}, "Europe/Berlin");
 			expect(cleaned).toEqual({});
 		});
 		it("should handle malformed entries (invalid timestamp in key)", () => {
 			const reminders = {
 				"med1:invalid": { firstSentAt: 1000, lastSentAt: 1000, sendCount: 1 },
 				"med2:notanumber": { firstSentAt: 2000, lastSentAt: 2000, sendCount: 1 },
 			};
 			const cleaned = cleanOldIntakeReminders(reminders, "Europe/Berlin");
 			// NaN from parseInt will cause these to be filtered out (invalid < todayStart)
 			expect(Object.keys(cleaned)).toHaveLength(0);
 		});
 	});
 });
@@ -0,0 +1,677 @@
 /**
 * Tests for /settings API endpoints.
 * Tests user settings CRUD operations.
 */
 import { afterAll, beforeAll, beforeEach, describe, expect, it } from "vitest";
 import {
 	buildTestApp,
 	clearTestData,
 	closeTestApp,
 	createTestUser,
 	setUserSettings,
 	type TestContext,
 } from "./setup.js";
 // =============================================================================
 // Route Registration
 // =============================================================================
 async function registerSettingsRoutes(ctx: TestContext) {
 	const { app, client } = ctx;
 	// GET /settings - Get user settings
 	app.get("/settings", async (_request, _reply) => {
 		const userId = 1;
 		const result = await client.execute({
 			sql: `SELECT * FROM user_settings WHERE user_id = ?`,
 			args: [userId],
 		});
 		if (result.rows.length === 0) {
 			// Return defaults
 			return {
 				emailEnabled: false,
 				notificationEmail: "",
 				emailStockReminders: true,
 				emailIntakeReminders: true,
 				shoutrrrEnabled: false,
 				shoutrrrUrl: "",
 				shoutrrrStockReminders: true,
 				shoutrrrIntakeReminders: true,
 				reminderDaysBefore: 7,
 				repeatDailyReminders: false,
 				skipRemindersForTakenDoses: false,
 				repeatRemindersEnabled: false,
 				reminderRepeatIntervalMinutes: 30,
 				maxNaggingReminders: 5,
 				lowStockDays: 30,
 				normalStockDays: 90,
 				highStockDays: 180,
 				expiryWarningDays: 90,
 				language: "en",
 				stockCalculationMode: "automatic",
 			};
 		}
 		const s = result.rows[0];
 		return {
 			emailEnabled: Boolean(s.email_enabled),
 			notificationEmail: s.notification_email || "",
 			emailStockReminders: Boolean(s.email_stock_reminders),
 			emailIntakeReminders: Boolean(s.email_intake_reminders),
 			shoutrrrEnabled: Boolean(s.shoutrrr_enabled),
 			shoutrrrUrl: s.shoutrrr_url || "",
 			shoutrrrStockReminders: Boolean(s.shoutrrr_stock_reminders),
 			shoutrrrIntakeReminders: Boolean(s.shoutrrr_intake_reminders),
 			reminderDaysBefore: s.reminder_days_before,
 			repeatDailyReminders: Boolean(s.repeat_daily_reminders),
 			skipRemindersForTakenDoses: Boolean(s.skip_reminders_for_taken_doses ?? false),
 			repeatRemindersEnabled: Boolean(s.repeat_reminders_enabled ?? false),
 			reminderRepeatIntervalMinutes: s.reminder_repeat_interval_minutes ?? 30,
 			maxNaggingReminders: s.max_nagging_reminders ?? 5,
 			lowStockDays: s.low_stock_days,
 			normalStockDays: s.normal_stock_days,
 			highStockDays: s.high_stock_days,
 			expiryWarningDays: s.expiry_warning_days,
 			language: s.language,
 			stockCalculationMode: s.stock_calculation_mode,
 		};
 	});
 	// PUT /settings - Update user settings
 	app.put<{
 		Body: {
 			emailEnabled?: boolean;
 			notificationEmail?: string;
 			emailStockReminders?: boolean;
 			emailIntakeReminders?: boolean;
 			shoutrrrEnabled?: boolean;
 			shoutrrrUrl?: string;
 			shoutrrrStockReminders?: boolean;
 			shoutrrrIntakeReminders?: boolean;
 			reminderDaysBefore?: number;
 			repeatDailyReminders?: boolean;
 			skipRemindersForTakenDoses?: boolean;
 			repeatRemindersEnabled?: boolean;
 			reminderRepeatIntervalMinutes?: number;
 			maxNaggingReminders?: number;
 			lowStockDays?: number;
 			normalStockDays?: number;
 			highStockDays?: number;
 			expiryWarningDays?: number;
 			language?: string;
 			stockCalculationMode?: "automatic" | "manual";
 		};
 	}>("/settings", async (request, reply) => {
 		const userId = 1;
 		const body = request.body || {};
 		// Validation
 		if (body.emailEnabled && !body.notificationEmail) {
 			return reply.status(400).send({ error: "Email address required when email is enabled" });
 		}
 		if (body.notificationEmail && !/^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(body.notificationEmail)) {
 			return reply.status(400).send({ error: "Invalid email address" });
 		}
 		if (body.lowStockDays !== undefined && (body.lowStockDays < 1 || body.lowStockDays > 365)) {
 			return reply.status(400).send({ error: "lowStockDays must be between 1 and 365" });
 		}
 		if (body.language && !["en", "de"].includes(body.language)) {
 			return reply.status(400).send({ error: "Language must be 'en' or 'de'" });
 		}
 		if (body.stockCalculationMode && !["automatic", "manual"].includes(body.stockCalculationMode)) {
 			return reply.status(400).send({ error: "stockCalculationMode must be 'automatic' or 'manual'" });
 		}
 		if (
 			body.reminderRepeatIntervalMinutes !== undefined &&
 			(body.reminderRepeatIntervalMinutes < 5 || body.reminderRepeatIntervalMinutes > 480)
 		) {
 			return reply.status(400).send({ error: "reminderRepeatIntervalMinutes must be between 5 and 480" });
 		}
 		if (body.maxNaggingReminders !== undefined && (body.maxNaggingReminders < 1 || body.maxNaggingReminders > 20)) {
 			return reply.status(400).send({ error: "maxNaggingReminders must be between 1 and 20" });
 		}
 		// Check if settings exist
 		const existing = await client.execute({
 			sql: `SELECT id FROM user_settings WHERE user_id = ?`,
 			args: [userId],
 		});
 		if (existing.rows.length === 0) {
 			// Insert new settings
 			await client.execute({
 				sql: `INSERT INTO user_settings (
          user_id, email_enabled, notification_email,
          email_stock_reminders, email_intake_reminders,
          shoutrrr_enabled, shoutrrr_url,
          shoutrrr_stock_reminders, shoutrrr_intake_reminders,
          reminder_days_before, repeat_daily_reminders, skip_reminders_for_taken_doses,
          repeat_reminders_enabled, reminder_repeat_interval_minutes, max_nagging_reminders,
          low_stock_days, normal_stock_days, high_stock_days,
          expiry_warning_days, language, stock_calculation_mode
        ) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`,
 				args: [
 					userId,
 					body.emailEnabled ? 1 : 0,
 					body.notificationEmail || null,
 					body.emailStockReminders !== false ? 1 : 0,
 					body.emailIntakeReminders !== false ? 1 : 0,
 					body.shoutrrrEnabled ? 1 : 0,
 					body.shoutrrrUrl || null,
 					body.shoutrrrStockReminders !== false ? 1 : 0,
 					body.shoutrrrIntakeReminders !== false ? 1 : 0,
 					body.reminderDaysBefore ?? 7,
 					body.repeatDailyReminders ? 1 : 0,
 					body.skipRemindersForTakenDoses ? 1 : 0,
 					body.repeatRemindersEnabled ? 1 : 0,
 					body.reminderRepeatIntervalMinutes ?? 30,
 					body.maxNaggingReminders ?? 5,
 					body.lowStockDays ?? 30,
 					body.normalStockDays ?? 90,
 					body.highStockDays ?? 180,
 					body.expiryWarningDays ?? 90,
 					body.language || "en",
 					body.stockCalculationMode || "automatic",
 				],
 			});
 		} else {
 			// Update existing settings
 			await client.execute({
 				sql: `UPDATE user_settings SET
          email_enabled = ?,
          notification_email = ?,
          email_stock_reminders = ?,
          email_intake_reminders = ?,
          shoutrrr_enabled = ?,
          shoutrrr_url = ?,
          shoutrrr_stock_reminders = ?,
          shoutrrr_intake_reminders = ?,
          reminder_days_before = ?,
          repeat_daily_reminders = ?,
          skip_reminders_for_taken_doses = ?,
          repeat_reminders_enabled = ?,
          reminder_repeat_interval_minutes = ?,
          max_nagging_reminders = ?,
          low_stock_days = ?,
          normal_stock_days = ?,
          high_stock_days = ?,
          expiry_warning_days = ?,
          language = ?,
          stock_calculation_mode = ?,
          updated_at = strftime('%s','now')
        WHERE user_id = ?`,
 				args: [
 					body.emailEnabled ? 1 : 0,
 					body.notificationEmail || null,
 					body.emailStockReminders !== false ? 1 : 0,
 					body.emailIntakeReminders !== false ? 1 : 0,
 					body.shoutrrrEnabled ? 1 : 0,
 					body.shoutrrrUrl || null,
 					body.shoutrrrStockReminders !== false ? 1 : 0,
 					body.shoutrrrIntakeReminders !== false ? 1 : 0,
 					body.reminderDaysBefore ?? 7,
 					body.repeatDailyReminders ? 1 : 0,
 					body.skipRemindersForTakenDoses ? 1 : 0,
 					body.repeatRemindersEnabled ? 1 : 0,
 					body.reminderRepeatIntervalMinutes ?? 30,
 					body.maxNaggingReminders ?? 5,
 					body.lowStockDays ?? 30,
 					body.normalStockDays ?? 90,
 					body.highStockDays ?? 180,
 					body.expiryWarningDays ?? 90,
 					body.language || "en",
 					body.stockCalculationMode || "automatic",
 					userId,
 				],
 			});
 		}
 		return { success: true };
 	});
 }
 // =============================================================================
 // Tests
 // =============================================================================
 describe("Settings API", () => {
 	let ctx: TestContext;
 	let userId: number;
 	beforeAll(async () => {
 		ctx = await buildTestApp();
 		await registerSettingsRoutes(ctx);
 		await ctx.app.ready();
 	});
 	afterAll(async () => {
 		await closeTestApp(ctx);
 	});
 	beforeEach(async () => {
 		await clearTestData(ctx.client);
 		await ctx.client.execute("DELETE FROM sqlite_sequence WHERE name='users'");
 		userId = await createTestUser(ctx.client, { username: "testuser" });
 	});
 	// ---------------------------------------------------------------------------
 	// GET /settings
 	// ---------------------------------------------------------------------------
 	describe("GET /settings", () => {
 		it("should return default settings for new user", async () => {
 			const response = await ctx.app.inject({
 				method: "GET",
 				url: "/settings",
 			});
 			expect(response.statusCode).toBe(200);
 			const data = response.json();
 			expect(data.emailEnabled).toBe(false);
 			expect(data.lowStockDays).toBe(30);
 			expect(data.normalStockDays).toBe(90);
 			expect(data.highStockDays).toBe(180);
 			expect(data.language).toBe("en");
 			expect(data.stockCalculationMode).toBe("automatic");
 		});
 		it("should return saved settings", async () => {
 			// Create settings first
 			await setUserSettings(ctx.client, {
 				userId,
 				stockCalculationMode: "manual",
 				lowStockDays: 14,
 			});
 			const response = await ctx.app.inject({
 				method: "GET",
 				url: "/settings",
 			});
 			expect(response.statusCode).toBe(200);
 			const data = response.json();
 			expect(data.stockCalculationMode).toBe("manual");
 			expect(data.lowStockDays).toBe(14);
 		});
 	});
 	// ---------------------------------------------------------------------------
 	// PUT /settings
 	// ---------------------------------------------------------------------------
 	describe("PUT /settings", () => {
 		it("should create settings for new user", async () => {
 			const response = await ctx.app.inject({
 				method: "PUT",
 				url: "/settings",
 				payload: {
 					language: "de",
 					lowStockDays: 14,
 					stockCalculationMode: "manual",
 				},
 			});
 			expect(response.statusCode).toBe(200);
 			expect(response.json()).toEqual({ success: true });
 			// Verify
 			const result = await ctx.client.execute({
 				sql: `SELECT language, low_stock_days, stock_calculation_mode FROM user_settings WHERE user_id = ?`,
 				args: [userId],
 			});
 			expect(result.rows[0].language).toBe("de");
 			expect(result.rows[0].low_stock_days).toBe(14);
 			expect(result.rows[0].stock_calculation_mode).toBe("manual");
 		});
 		it("should update existing settings", async () => {
 			// Create initial settings
 			await ctx.app.inject({
 				method: "PUT",
 				url: "/settings",
 				payload: { language: "en" },
 			});
 			// Update
 			const response = await ctx.app.inject({
 				method: "PUT",
 				url: "/settings",
 				payload: { language: "de" },
 			});
 			expect(response.statusCode).toBe(200);
 			// Verify
 			const result = await ctx.client.execute({
 				sql: `SELECT language FROM user_settings WHERE user_id = ?`,
 				args: [userId],
 			});
 			expect(result.rows[0].language).toBe("de");
 		});
 		it("should enable email notifications", async () => {
 			const response = await ctx.app.inject({
 				method: "PUT",
 				url: "/settings",
 				payload: {
 					emailEnabled: true,
 					notificationEmail: "test@example.com",
 					emailStockReminders: true,
 					emailIntakeReminders: false,
 				},
 			});
 			expect(response.statusCode).toBe(200);
 			// Verify
 			const result = await ctx.client.execute({
 				sql: `SELECT email_enabled, notification_email, email_stock_reminders, email_intake_reminders 
              FROM user_settings WHERE user_id = ?`,
 				args: [userId],
 			});
 			expect(result.rows[0].email_enabled).toBe(1);
 			expect(result.rows[0].notification_email).toBe("test@example.com");
 			expect(result.rows[0].email_stock_reminders).toBe(1);
 			expect(result.rows[0].email_intake_reminders).toBe(0);
 		});
 		it("should reject email enabled without email address", async () => {
 			const response = await ctx.app.inject({
 				method: "PUT",
 				url: "/settings",
 				payload: {
 					emailEnabled: true,
 				},
 			});
 			expect(response.statusCode).toBe(400);
 			expect(response.json().error).toBe("Email address required when email is enabled");
 		});
 		it("should reject invalid email address", async () => {
 			const response = await ctx.app.inject({
 				method: "PUT",
 				url: "/settings",
 				payload: {
 					notificationEmail: "not-an-email",
 				},
 			});
 			expect(response.statusCode).toBe(400);
 			expect(response.json().error).toBe("Invalid email address");
 		});
 		it("should reject invalid lowStockDays", async () => {
 			const response = await ctx.app.inject({
 				method: "PUT",
 				url: "/settings",
 				payload: {
 					lowStockDays: 0,
 				},
 			});
 			expect(response.statusCode).toBe(400);
 			expect(response.json().error).toBe("lowStockDays must be between 1 and 365");
 		});
 		it("should reject invalid language", async () => {
 			const response = await ctx.app.inject({
 				method: "PUT",
 				url: "/settings",
 				payload: {
 					language: "fr",
 				},
 			});
 			expect(response.statusCode).toBe(400);
 			expect(response.json().error).toBe("Language must be 'en' or 'de'");
 		});
 		it("should reject invalid stockCalculationMode", async () => {
 			const response = await ctx.app.inject({
 				method: "PUT",
 				url: "/settings",
 				payload: {
 					stockCalculationMode: "invalid",
 				},
 			});
 			expect(response.statusCode).toBe(400);
 			expect(response.json().error).toBe("stockCalculationMode must be 'automatic' or 'manual'");
 		});
 		it("should enable shoutrrr notifications", async () => {
 			const response = await ctx.app.inject({
 				method: "PUT",
 				url: "/settings",
 				payload: {
 					shoutrrrEnabled: true,
 					shoutrrrUrl: "ntfy://ntfy.sh/mytopic",
 					shoutrrrStockReminders: true,
 					shoutrrrIntakeReminders: true,
 				},
 			});
 			expect(response.statusCode).toBe(200);
 			// Verify
 			const result = await ctx.client.execute({
 				sql: `SELECT shoutrrr_enabled, shoutrrr_url FROM user_settings WHERE user_id = ?`,
 				args: [userId],
 			});
 			expect(result.rows[0].shoutrrr_enabled).toBe(1);
 			expect(result.rows[0].shoutrrr_url).toBe("ntfy://ntfy.sh/mytopic");
 		});
 		it("should update threshold settings", async () => {
 			const response = await ctx.app.inject({
 				method: "PUT",
 				url: "/settings",
 				payload: {
 					lowStockDays: 14,
 					normalStockDays: 60,
 					highStockDays: 120,
 					expiryWarningDays: 30,
 				},
 			});
 			expect(response.statusCode).toBe(200);
 			// Verify
 			const result = await ctx.client.execute({
 				sql: `SELECT low_stock_days, normal_stock_days, high_stock_days, expiry_warning_days 
              FROM user_settings WHERE user_id = ?`,
 				args: [userId],
 			});
 			expect(result.rows[0].low_stock_days).toBe(14);
 			expect(result.rows[0].normal_stock_days).toBe(60);
 			expect(result.rows[0].high_stock_days).toBe(120);
 			expect(result.rows[0].expiry_warning_days).toBe(30);
 		});
 	});
 	// ---------------------------------------------------------------------------
 	// Stock Calculation Mode
 	// ---------------------------------------------------------------------------
 	describe("Stock Calculation Mode", () => {
 		it("should switch to manual mode", async () => {
 			const response = await ctx.app.inject({
 				method: "PUT",
 				url: "/settings",
 				payload: {
 					stockCalculationMode: "manual",
 				},
 			});
 			expect(response.statusCode).toBe(200);
 			const getResponse = await ctx.app.inject({
 				method: "GET",
 				url: "/settings",
 			});
 			expect(getResponse.json().stockCalculationMode).toBe("manual");
 		});
 		it("should switch back to automatic mode", async () => {
 			// Set to manual first
 			await ctx.app.inject({
 				method: "PUT",
 				url: "/settings",
 				payload: { stockCalculationMode: "manual" },
 			});
 			// Switch back
 			const response = await ctx.app.inject({
 				method: "PUT",
 				url: "/settings",
 				payload: { stockCalculationMode: "automatic" },
 			});
 			expect(response.statusCode).toBe(200);
 			const getResponse = await ctx.app.inject({
 				method: "GET",
 				url: "/settings",
 			});
 			expect(getResponse.json().stockCalculationMode).toBe("automatic");
 		});
 	});
 	// ---------------------------------------------------------------------------
 	// Repeat Reminders & Skip Reminders Settings
 	// ---------------------------------------------------------------------------
 	describe("Repeat Reminders Settings", () => {
 		it("should enable repeat reminders with interval", async () => {
 			const response = await ctx.app.inject({
 				method: "PUT",
 				url: "/settings",
 				payload: {
 					repeatRemindersEnabled: true,
 					reminderRepeatIntervalMinutes: 10,
 				},
 			});
 			expect(response.statusCode).toBe(200);
 			const getResponse = await ctx.app.inject({
 				method: "GET",
 				url: "/settings",
 			});
 			const settings = getResponse.json();
 			expect(settings.repeatRemindersEnabled).toBe(true);
 			expect(settings.reminderRepeatIntervalMinutes).toBe(10);
 		});
 		it("should validate repeat interval range", async () => {
 			let response = await ctx.app.inject({
 				method: "PUT",
 				url: "/settings",
 				payload: {
 					repeatRemindersEnabled: true,
 					reminderRepeatIntervalMinutes: 2,
 				},
 			});
 			expect(response.statusCode).toBe(400);
 			response = await ctx.app.inject({
 				method: "PUT",
 				url: "/settings",
 				payload: {
 					repeatRemindersEnabled: true,
 					reminderRepeatIntervalMinutes: 500,
 				},
 			});
 			expect(response.statusCode).toBe(400);
 		});
 		it("should validate max nagging reminders range", async () => {
 			let response = await ctx.app.inject({
 				method: "PUT",
 				url: "/settings",
 				payload: {
 					maxNaggingReminders: 0,
 				},
 			});
 			expect(response.statusCode).toBe(400);
 			response = await ctx.app.inject({
 				method: "PUT",
 				url: "/settings",
 				payload: {
 					maxNaggingReminders: 25,
 				},
 			});
 			expect(response.statusCode).toBe(400);
 			// Valid values should work
 			response = await ctx.app.inject({
 				method: "PUT",
 				url: "/settings",
 				payload: {
 					maxNaggingReminders: 10,
 				},
 			});
 			expect(response.statusCode).toBe(200);
 			const getResponse = await ctx.app.inject({
 				method: "GET",
 				url: "/settings",
 			});
 			const settings = getResponse.json();
 			expect(settings.maxNaggingReminders).toBe(10);
 		});
 	});
 	describe("Skip Reminders for Taken Doses", () => {
 		it("should enable and disable skip reminders setting", async () => {
 			let response = await ctx.app.inject({
 				method: "PUT",
 				url: "/settings",
 				payload: {
 					skipRemindersForTakenDoses: true,
 				},
 			});
 			expect(response.statusCode).toBe(200);
 			response = await ctx.app.inject({
 				method: "PUT",
 				url: "/settings",
 				payload: {
 					skipRemindersForTakenDoses: false,
 				},
 			});
 			expect(response.statusCode).toBe(200);
 		});
 		it("should work with repeat reminders enabled", async () => {
 			const response = await ctx.app.inject({
 				method: "PUT",
 				url: "/settings",
 				payload: {
 					repeatRemindersEnabled: true,
 					reminderRepeatIntervalMinutes: 5,
 					skipRemindersForTakenDoses: true,
 				},
 			});
 			expect(response.statusCode).toBe(200);
 			const getResponse = await ctx.app.inject({
 				method: "GET",
 				url: "/settings",
 			});
 			const settings = getResponse.json();
 			expect(settings.repeatRemindersEnabled).toBe(true);
 			expect(settings.reminderRepeatIntervalMinutes).toBe(5);
 			expect(settings.skipRemindersForTakenDoses).toBe(true);
 		});
 	});
 });
@@ -0,0 +1,278 @@
 /**
 * Test setup and utilities for MedAssist backend API tests.
 * Uses in-memory SQLite for isolation between test files.
 */
 import { dirname, resolve } from "node:path";
 import { fileURLToPath } from "node:url";
 import cookie from "@fastify/cookie";
 import jwt from "@fastify/jwt";
 import fastifyMultipart from "@fastify/multipart";
 import sensible from "@fastify/sensible";
 import { type Client, createClient } from "@libsql/client";
 import { drizzle } from "drizzle-orm/libsql";
 import { migrate } from "drizzle-orm/libsql/migrator";
 import Fastify, { type FastifyInstance } from "fastify";
 // Get migrations folder path
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = dirname(__filename);
 const migrationsFolder = resolve(__dirname, "../../drizzle");
 // Type for our test database
 export type TestDb = ReturnType<typeof drizzle>;
 // =============================================================================
 // Test App Builder
 // =============================================================================
 export interface TestContext {
 	app: FastifyInstance;
 	db: TestDb;
 	client: Client;
 }
 /**
 * Build a test Fastify app with in-memory SQLite.
 * Each test file gets its own isolated database.
 */
 export async function buildTestApp(): Promise<TestContext> {
 	// Create in-memory SQLite database
 	const client = createClient({ url: ":memory:" });
 	const db = drizzle(client);
 	// Run schema creation
 	await runTestMigrations(client);
 	// Create Fastify app with minimal plugins
 	const app = Fastify({ logger: false });
 	await app.register(sensible);
 	await app.register(cookie, { secret: "test-cookie-secret" });
 	await app.register(jwt, {
 		secret: "test-jwt-secret",
 		cookie: { cookieName: "access_token", signed: false },
 	});
 	await app.register(fastifyMultipart, { limits: { fileSize: 10 * 1024 * 1024 } });
 	// Decorate config (matches index.ts structure)
 	app.decorate("config", {
 		accessSecret: "test-jwt-secret",
 		refreshSecret: "test-refresh-secret",
 		accessTtl: 15,
 		refreshTtl: 7,
 		cookieOptions: { httpOnly: true, sameSite: "lax", secure: false, path: "/" },
 		refreshCookieOptions: { httpOnly: true, sameSite: "lax", secure: false, path: "/" },
 	});
 	return { app, db, client };
 }
 /**
 * Create test database schema using drizzle-kit migrations
 */
 async function runTestMigrations(client: Client): Promise<void> {
 	const db = drizzle(client);
 	await migrate(db, { migrationsFolder });
 }
 // =============================================================================
 // Factory Helpers
 // =============================================================================
 export interface CreateUserOptions {
 	username?: string;
 	authProvider?: string;
 }
 /**
 * Create a test user and return the ID
 */
 export async function createTestUser(client: Client, options: CreateUserOptions = {}): Promise<number> {
 	const { username = `user_${Date.now()}`, authProvider = "local" } = options;
 	const result = await client.execute({
 		sql: `INSERT INTO users (username, auth_provider) VALUES (?, ?) RETURNING id`,
 		args: [username, authProvider],
 	});
 	return result.rows[0].id as number;
 }
 export interface CreateMedicationOptions {
 	userId: number;
 	name?: string;
 	genericName?: string;
 	takenBy?: string[];
 	packCount?: number;
 	blistersPerPack?: number;
 	pillsPerBlister?: number;
 	looseTablets?: number;
 	pillWeightMg?: number;
 	expiryDate?: string | null;
 	notes?: string | null;
 	intakeRemindersEnabled?: boolean;
 	/** Array of { usage, every, start } for each blister schedule */
 	blisters?: Array<{ usage: number; every: number; start: string }>;
 }
 /**
 * Create a test medication and return the ID
 */
 export async function createTestMedication(client: Client, options: CreateMedicationOptions): Promise<number> {
 	const {
 		userId,
 		name = "Test Medication",
 		genericName = null,
 		takenBy = [],
 		packCount = 1,
 		blistersPerPack = 1,
 		pillsPerBlister = 10,
 		looseTablets = 0,
 		pillWeightMg = null,
 		expiryDate = null,
 		notes = null,
 		intakeRemindersEnabled = false,
 		blisters = [{ usage: 1, every: 1, start: new Date().toISOString() }],
 	} = options;
 	// Extract arrays from blisters
 	const usageJson = JSON.stringify(blisters.map((b) => b.usage));
 	const everyJson = JSON.stringify(blisters.map((b) => b.every));
 	const startJson = JSON.stringify(blisters.map((b) => b.start));
 	const takenByJson = JSON.stringify(takenBy);
 	const result = await client.execute({
 		sql: `INSERT INTO medications (
      user_id, name, generic_name, taken_by_json,
      pack_count, blisters_per_pack, pills_per_blister, loose_tablets,
      pill_weight_mg, usage_json, every_json, start_json, expiry_date, notes, intake_reminders_enabled
    ) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?) RETURNING id`,
 		args: [
 			userId,
 			name,
 			genericName,
 			takenByJson,
 			packCount,
 			blistersPerPack,
 			pillsPerBlister,
 			looseTablets,
 			pillWeightMg,
 			usageJson,
 			everyJson,
 			startJson,
 			expiryDate,
 			notes,
 			intakeRemindersEnabled ? 1 : 0,
 		],
 	});
 	return result.rows[0].id as number;
 }
 export interface CreateShareTokenOptions {
 	userId: number;
 	takenBy: string;
 	token?: string;
 	scheduleDays?: number;
 	expiresAt?: number | null;
 }
 /**
 * Create a test share token and return the token string
 */
 export async function createTestShareToken(client: Client, options: CreateShareTokenOptions): Promise<string> {
 	const { userId, takenBy, token = `test_token_${Date.now()}`, scheduleDays = 30, expiresAt = null } = options;
 	await client.execute({
 		sql: `INSERT INTO share_tokens (user_id, token, taken_by, schedule_days, expires_at)
          VALUES (?, ?, ?, ?, ?)`,
 		args: [userId, token, takenBy, scheduleDays, expiresAt],
 	});
 	return token;
 }
 export interface CreateDoseTrackingOptions {
 	userId: number;
 	doseId: string;
 	markedBy?: string | null;
 	takenAt?: number;
 }
 /**
 * Create a dose tracking record
 */
 export async function createTestDoseTracking(client: Client, options: CreateDoseTrackingOptions): Promise<void> {
 	const { userId, doseId, markedBy = null, takenAt = Math.floor(Date.now() / 1000) } = options;
 	await client.execute({
 		sql: `INSERT INTO dose_tracking (user_id, dose_id, marked_by, taken_at)
          VALUES (?, ?, ?, ?)`,
 		args: [userId, doseId, markedBy, takenAt],
 	});
 }
 export interface UpdateUserSettingsOptions {
 	userId: number;
 	stockCalculationMode?: "automatic" | "manual";
 	lowStockDays?: number;
 }
 /**
 * Create or update user settings
 */
 export async function setUserSettings(client: Client, options: UpdateUserSettingsOptions): Promise<void> {
 	const { userId, stockCalculationMode = "automatic", lowStockDays = 30 } = options;
 	// Check if settings exist
 	const existing = await client.execute({
 		sql: `SELECT id FROM user_settings WHERE user_id = ?`,
 		args: [userId],
 	});
 	if (existing.rows.length > 0) {
 		await client.execute({
 			sql: `UPDATE user_settings SET stock_calculation_mode = ?, low_stock_days = ? WHERE user_id = ?`,
 			args: [stockCalculationMode, lowStockDays, userId],
 		});
 	} else {
 		await client.execute({
 			sql: `INSERT INTO user_settings (user_id, stock_calculation_mode, low_stock_days) VALUES (?, ?, ?)`,
 			args: [userId, stockCalculationMode, lowStockDays],
 		});
 	}
 }
 // =============================================================================
 // Test Cleanup
 // =============================================================================
 /**
 * Close test app and database connections
 */
 export async function closeTestApp(ctx: TestContext): Promise<void> {
 	await ctx.app.close();
 	ctx.client.close();
 }
 /**
 * Clear all data from test database (between tests)
 */
 export async function clearTestData(client: Client): Promise<void> {
 	// Order matters due to foreign keys
 	await client.execute("DELETE FROM refill_history");
 	await client.execute("DELETE FROM dose_tracking");
 	await client.execute("DELETE FROM share_tokens");
 	await client.execute("DELETE FROM refresh_tokens");
 	await client.execute("DELETE FROM user_settings");
 	await client.execute("DELETE FROM medications");
 	await client.execute("DELETE FROM users");
 }
 // =============================================================================
 // Vitest Global Setup
 // =============================================================================
 // Set test environment
 process.env.AUTH_ENABLED = "false";
 process.env.NODE_ENV = "test";
@@ -0,0 +1,639 @@
 /**
 * Tests for share link API endpoints.
 * Tests creating share tokens, accessing shared schedules, and marking doses via share links.
 */
 import { afterAll, beforeAll, beforeEach, describe, expect, it } from "vitest";
 import {
 	buildTestApp,
 	clearTestData,
 	closeTestApp,
 	createTestMedication,
 	createTestShareToken,
 	createTestUser,
 	type TestContext,
 } from "./setup.js";
 // =============================================================================
 // Route Registration
 // =============================================================================
 async function registerShareRoutes(ctx: TestContext) {
 	const { app, client } = ctx;
 	// POST /share - Create a share token
 	app.post<{ Body: { takenBy: string; scheduleDays?: number } }>("/share", async (request, reply) => {
 		const userId = 1;
 		const { takenBy, scheduleDays = 30 } = request.body || {};
 		if (!takenBy || typeof takenBy !== "string" || takenBy.length === 0) {
 			return reply.status(400).send({ error: "takenBy is required", code: "VALIDATION_ERROR" });
 		}
 		if (scheduleDays < 1 || scheduleDays > 365) {
 			return reply.status(400).send({ error: "scheduleDays must be 1-365", code: "VALIDATION_ERROR" });
 		}
 		// Check if user has medications for this person
 		const meds = await client.execute({
 			sql: `SELECT id, taken_by_json FROM medications WHERE user_id = ?`,
 			args: [userId],
 		});
 		const hasMatchingMed = meds.rows.some((m) => {
 			const takenByList: string[] = JSON.parse((m.taken_by_json as string) || "[]");
 			return takenByList.includes(takenBy);
 		});
 		if (!hasMatchingMed) {
 			return reply.status(400).send({ error: "No medications found for this person", code: "NO_MEDICATIONS" });
 		}
 		// Generate token
 		const token = `share_${Date.now()}_${Math.random().toString(36).substring(2, 10)}`;
 		const expiresAt = Math.floor(Date.now() / 1000) + 30 * 24 * 60 * 60; // 30 days
 		await client.execute({
 			sql: `INSERT INTO share_tokens (user_id, token, taken_by, schedule_days, expires_at)
            VALUES (?, ?, ?, ?, ?)`,
 			args: [userId, token, takenBy, scheduleDays, expiresAt],
 		});
 		return {
 			token,
 			shareUrl: `/share/${token}`,
 			expiresAt: new Date(expiresAt * 1000).toISOString(),
 		};
 	});
 	// GET /share/:token - Get shared schedule data
 	app.get<{ Params: { token: string } }>("/share/:token", async (request, reply) => {
 		const { token } = request.params;
 		const shareResult = await client.execute({
 			sql: `SELECT st.*, u.username as owner_username 
            FROM share_tokens st 
            JOIN users u ON st.user_id = u.id 
            WHERE st.token = ?`,
 			args: [token],
 		});
 		if (shareResult.rows.length === 0) {
 			return reply.status(404).send({ error: "Share link not found", code: "NOT_FOUND" });
 		}
 		const share = shareResult.rows[0];
 		const now = Math.floor(Date.now() / 1000);
 		// Check expiry
 		if (share.expires_at && (share.expires_at as number) < now) {
 			return reply.status(410).send({
 				error: "Share link has expired",
 				code: "EXPIRED",
 				ownerUsername: share.owner_username,
 				takenBy: share.taken_by,
 				expiredAt: new Date((share.expires_at as number) * 1000).toISOString(),
 			});
 		}
 		// Get medications for this person
 		const medsResult = await client.execute({
 			sql: `SELECT * FROM medications WHERE user_id = ?`,
 			args: [share.user_id],
 		});
 		const medications = medsResult.rows
 			.filter((m) => {
 				const takenByList: string[] = JSON.parse((m.taken_by_json as string) || "[]");
 				return takenByList.includes(share.taken_by as string);
 			})
 			.map((m) => {
 				const usageArr: number[] = JSON.parse((m.usage_json as string) || "[]");
 				const everyArr: number[] = JSON.parse((m.every_json as string) || "[]");
 				const startArr: string[] = JSON.parse((m.start_json as string) || "[]");
 				return {
 					id: m.id,
 					name: m.name,
 					genericName: m.generic_name,
 					pillWeightMg: m.pill_weight_mg,
 					imageUrl: m.image_url,
 					totalPills:
 						(m.pack_count as number) * (m.blisters_per_pack as number) * (m.pills_per_blister as number) +
 						(m.loose_tablets as number),
 					packCount: m.pack_count,
 					blistersPerPack: m.blisters_per_pack,
 					looseTablets: m.loose_tablets,
 					pillsPerBlister: m.pills_per_blister,
 					takenBy: JSON.parse((m.taken_by_json as string) || "[]"),
 					blisters: usageArr.map((usage, i) => ({
 						usage,
 						every: everyArr[i] || 1,
 						start: startArr[i] || new Date().toISOString(),
 					})),
 				};
 			});
 		// Get settings
 		const settingsResult = await client.execute({
 			sql: `SELECT low_stock_days FROM user_settings WHERE user_id = ?`,
 			args: [share.user_id],
 		});
 		const lowStockDays = settingsResult.rows.length > 0 ? (settingsResult.rows[0].low_stock_days as number) : 30;
 		return {
 			takenBy: share.taken_by,
 			sharedBy: share.owner_username,
 			scheduleDays: share.schedule_days,
 			medications,
 			stockThresholds: {
 				lowStockDays,
 			},
 		};
 	});
 	// GET /share/:token/doses - Get taken doses for share link
 	app.get<{ Params: { token: string } }>("/share/:token/doses", async (request, reply) => {
 		const { token } = request.params;
 		const shareResult = await client.execute({
 			sql: `SELECT user_id FROM share_tokens WHERE token = ?`,
 			args: [token],
 		});
 		if (shareResult.rows.length === 0) {
 			return reply.status(404).send({ error: "Share link not found" });
 		}
 		const userId = shareResult.rows[0].user_id;
 		const dosesResult = await client.execute({
 			sql: `SELECT dose_id, taken_at, marked_by FROM dose_tracking WHERE user_id = ?`,
 			args: [userId],
 		});
 		return {
 			doses: dosesResult.rows.map((d) => ({
 				doseId: d.dose_id,
 				takenAt: (d.taken_at as number) * 1000,
 				markedBy: d.marked_by,
 			})),
 		};
 	});
 	// POST /share/:token/doses - Mark dose via share link
 	app.post<{ Params: { token: string }; Body: { doseId: string } }>("/share/:token/doses", async (request, reply) => {
 		const { token } = request.params;
 		const { doseId } = request.body || {};
 		if (!doseId) {
 			return reply.status(400).send({ error: "doseId is required" });
 		}
 		const shareResult = await client.execute({
 			sql: `SELECT user_id, taken_by FROM share_tokens WHERE token = ?`,
 			args: [token],
 		});
 		if (shareResult.rows.length === 0) {
 			return reply.status(404).send({ error: "Share link not found" });
 		}
 		const { user_id: userId, taken_by: takenBy } = shareResult.rows[0];
 		// Check if already marked
 		const existing = await client.execute({
 			sql: `SELECT id FROM dose_tracking WHERE user_id = ? AND dose_id = ?`,
 			args: [userId, doseId],
 		});
 		if (existing.rows.length > 0) {
 			return { success: true, message: "Already marked" };
 		}
 		// Insert with markedBy = takenBy from share token
 		await client.execute({
 			sql: `INSERT INTO dose_tracking (user_id, dose_id, marked_by) VALUES (?, ?, ?)`,
 			args: [userId, doseId, takenBy],
 		});
 		return { success: true };
 	});
 	// DELETE /share/:token/doses/:doseId - Unmark dose via share link
 	app.delete<{ Params: { token: string; doseId: string } }>("/share/:token/doses/:doseId", async (request, reply) => {
 		const { token, doseId } = request.params;
 		const shareResult = await client.execute({
 			sql: `SELECT user_id FROM share_tokens WHERE token = ?`,
 			args: [token],
 		});
 		if (shareResult.rows.length === 0) {
 			return reply.status(404).send({ error: "Share link not found" });
 		}
 		const userId = shareResult.rows[0].user_id;
 		await client.execute({
 			sql: `DELETE FROM dose_tracking WHERE user_id = ? AND dose_id = ?`,
 			args: [userId, doseId],
 		});
 		return { success: true };
 	});
 	// GET /share/people - Get unique takenBy values
 	app.get("/share/people", async (_request, _reply) => {
 		const userId = 1;
 		const result = await client.execute({
 			sql: `SELECT taken_by_json FROM medications WHERE user_id = ?`,
 			args: [userId],
 		});
 		const peopleSet = new Set<string>();
 		for (const row of result.rows) {
 			const takenByList: string[] = JSON.parse((row.taken_by_json as string) || "[]");
 			takenByList.forEach((p) => peopleSet.add(p));
 		}
 		return { people: Array.from(peopleSet).sort() };
 	});
 }
 // =============================================================================
 // Tests
 // =============================================================================
 describe("Share Link API", () => {
 	let ctx: TestContext;
 	let userId: number;
 	beforeAll(async () => {
 		ctx = await buildTestApp();
 		await registerShareRoutes(ctx);
 		await ctx.app.ready();
 	});
 	afterAll(async () => {
 		await closeTestApp(ctx);
 	});
 	beforeEach(async () => {
 		await clearTestData(ctx.client);
 		// Reset SQLite autoincrement so user gets ID 1
 		await ctx.client.execute("DELETE FROM sqlite_sequence WHERE name='users'");
 		userId = await createTestUser(ctx.client, { username: "testuser" });
 	});
 	// ---------------------------------------------------------------------------
 	// POST /share - Create share token
 	// ---------------------------------------------------------------------------
 	describe("POST /share", () => {
 		it("should create a share token for a person", async () => {
 			// Create medication with takenBy
 			await createTestMedication(ctx.client, {
 				userId,
 				name: "Aspirin",
 				takenBy: ["Daniel"],
 			});
 			const response = await ctx.app.inject({
 				method: "POST",
 				url: "/share",
 				payload: { takenBy: "Daniel", scheduleDays: 30 },
 			});
 			expect(response.statusCode).toBe(200);
 			const data = response.json();
 			expect(data.token).toBeDefined();
 			expect(data.token.length).toBeGreaterThan(10);
 			expect(data.shareUrl).toBe(`/share/${data.token}`);
 			expect(data.expiresAt).toBeDefined();
 		});
 		it("should reject when no medications for person", async () => {
 			// Create medication with different takenBy
 			await createTestMedication(ctx.client, {
 				userId,
 				name: "Aspirin",
 				takenBy: ["Max"],
 			});
 			const response = await ctx.app.inject({
 				method: "POST",
 				url: "/share",
 				payload: { takenBy: "Daniel", scheduleDays: 30 },
 			});
 			expect(response.statusCode).toBe(400);
 			expect(response.json()).toEqual({
 				error: "No medications found for this person",
 				code: "NO_MEDICATIONS",
 			});
 		});
 		it("should reject request without takenBy", async () => {
 			const response = await ctx.app.inject({
 				method: "POST",
 				url: "/share",
 				payload: { scheduleDays: 30 },
 			});
 			expect(response.statusCode).toBe(400);
 			expect(response.json()).toEqual({
 				error: "takenBy is required",
 				code: "VALIDATION_ERROR",
 			});
 		});
 		it("should use custom scheduleDays", async () => {
 			await createTestMedication(ctx.client, {
 				userId,
 				name: "Aspirin",
 				takenBy: ["Daniel"],
 			});
 			const response = await ctx.app.inject({
 				method: "POST",
 				url: "/share",
 				payload: { takenBy: "Daniel", scheduleDays: 90 },
 			});
 			expect(response.statusCode).toBe(200);
 			// Verify in DB
 			const token = response.json().token;
 			const result = await ctx.client.execute({
 				sql: `SELECT schedule_days FROM share_tokens WHERE token = ?`,
 				args: [token],
 			});
 			expect(result.rows[0].schedule_days).toBe(90);
 		});
 	});
 	// ---------------------------------------------------------------------------
 	// GET /share/:token - Access shared schedule
 	// ---------------------------------------------------------------------------
 	describe("GET /share/:token", () => {
 		it("should return shared schedule data", async () => {
 			// Create medication
 			await createTestMedication(ctx.client, {
 				userId,
 				name: "Aspirin",
 				genericName: "Acetylsalicylic acid",
 				takenBy: ["Daniel"],
 				packCount: 2,
 				blistersPerPack: 3,
 				pillsPerBlister: 10,
 				looseTablets: 5,
 				blisters: [{ usage: 1, every: 1, start: "2025-01-01T08:00:00.000Z" }],
 			});
 			// Create share token
 			const token = await createTestShareToken(ctx.client, {
 				userId,
 				takenBy: "Daniel",
 				scheduleDays: 30,
 			});
 			const response = await ctx.app.inject({
 				method: "GET",
 				url: `/share/${token}`,
 			});
 			expect(response.statusCode).toBe(200);
 			const data = response.json();
 			expect(data.takenBy).toBe("Daniel");
 			expect(data.sharedBy).toBe("testuser");
 			expect(data.scheduleDays).toBe(30);
 			expect(data.medications).toHaveLength(1);
 			const med = data.medications[0];
 			expect(med.name).toBe("Aspirin");
 			expect(med.genericName).toBe("Acetylsalicylic acid");
 			expect(med.totalPills).toBe(2 * 3 * 10 + 5); // 65
 			expect(med.takenBy).toEqual(["Daniel"]);
 			expect(med.blisters).toHaveLength(1);
 			expect(med.blisters[0].usage).toBe(1);
 			expect(med.blisters[0].every).toBe(1);
 		});
 		it("should return 404 for invalid token", async () => {
 			const response = await ctx.app.inject({
 				method: "GET",
 				url: "/share/invalid_token_123",
 			});
 			expect(response.statusCode).toBe(404);
 			expect(response.json()).toEqual({
 				error: "Share link not found",
 				code: "NOT_FOUND",
 			});
 		});
 		it("should return 410 for expired token", async () => {
 			await createTestMedication(ctx.client, {
 				userId,
 				name: "Aspirin",
 				takenBy: ["Daniel"],
 			});
 			// Create expired token (expired 1 day ago)
 			const expiredAt = Math.floor(Date.now() / 1000) - 86400;
 			const token = await createTestShareToken(ctx.client, {
 				userId,
 				takenBy: "Daniel",
 				expiresAt: expiredAt,
 			});
 			const response = await ctx.app.inject({
 				method: "GET",
 				url: `/share/${token}`,
 			});
 			expect(response.statusCode).toBe(410);
 			const data = response.json();
 			expect(data.code).toBe("EXPIRED");
 			expect(data.ownerUsername).toBe("testuser");
 			expect(data.takenBy).toBe("Daniel");
 		});
 		it("should filter medications to only those for takenBy person", async () => {
 			// Create two medications - one for Daniel, one for Max
 			await createTestMedication(ctx.client, {
 				userId,
 				name: "Aspirin",
 				takenBy: ["Daniel"],
 			});
 			await createTestMedication(ctx.client, {
 				userId,
 				name: "Ibuprofen",
 				takenBy: ["Max"],
 			});
 			const token = await createTestShareToken(ctx.client, {
 				userId,
 				takenBy: "Daniel",
 			});
 			const response = await ctx.app.inject({
 				method: "GET",
 				url: `/share/${token}`,
 			});
 			expect(response.statusCode).toBe(200);
 			const data = response.json();
 			expect(data.medications).toHaveLength(1);
 			expect(data.medications[0].name).toBe("Aspirin");
 		});
 	});
 	// ---------------------------------------------------------------------------
 	// Share Token Dose Tracking
 	// ---------------------------------------------------------------------------
 	describe("Share link dose tracking", () => {
 		it("POST /share/:token/doses should mark dose with markedBy", async () => {
 			await createTestMedication(ctx.client, {
 				userId,
 				name: "Aspirin",
 				takenBy: ["Daniel"],
 			});
 			const token = await createTestShareToken(ctx.client, {
 				userId,
 				takenBy: "Daniel",
 			});
 			const doseId = "1-0-1735344000000";
 			const response = await ctx.app.inject({
 				method: "POST",
 				url: `/share/${token}/doses`,
 				payload: { doseId },
 			});
 			expect(response.statusCode).toBe(200);
 			expect(response.json()).toEqual({ success: true });
 			// Verify markedBy is set to takenBy from share token
 			const result = await ctx.client.execute({
 				sql: `SELECT marked_by FROM dose_tracking WHERE dose_id = ?`,
 				args: [doseId],
 			});
 			expect(result.rows[0].marked_by).toBe("Daniel");
 		});
 		it("GET /share/:token/doses should return all doses for owner", async () => {
 			await createTestMedication(ctx.client, {
 				userId,
 				name: "Aspirin",
 				takenBy: ["Daniel"],
 			});
 			const token = await createTestShareToken(ctx.client, {
 				userId,
 				takenBy: "Daniel",
 			});
 			// Create some dose tracking records
 			await ctx.client.execute({
 				sql: `INSERT INTO dose_tracking (user_id, dose_id, marked_by) VALUES (?, ?, ?)`,
 				args: [userId, "1-0-1735344000000", null],
 			});
 			await ctx.client.execute({
 				sql: `INSERT INTO dose_tracking (user_id, dose_id, marked_by) VALUES (?, ?, ?)`,
 				args: [userId, "1-0-1735430400000", "Daniel"],
 			});
 			const response = await ctx.app.inject({
 				method: "GET",
 				url: `/share/${token}/doses`,
 			});
 			expect(response.statusCode).toBe(200);
 			const data = response.json();
 			expect(data.doses).toHaveLength(2);
 		});
 		it("DELETE /share/:token/doses/:doseId should unmark dose", async () => {
 			await createTestMedication(ctx.client, {
 				userId,
 				name: "Aspirin",
 				takenBy: ["Daniel"],
 			});
 			const token = await createTestShareToken(ctx.client, {
 				userId,
 				takenBy: "Daniel",
 			});
 			const doseId = "1-0-1735344000000";
 			// Mark dose first
 			await ctx.app.inject({
 				method: "POST",
 				url: `/share/${token}/doses`,
 				payload: { doseId },
 			});
 			// Unmark
 			const response = await ctx.app.inject({
 				method: "DELETE",
 				url: `/share/${token}/doses/${encodeURIComponent(doseId)}`,
 			});
 			expect(response.statusCode).toBe(200);
 			expect(response.json()).toEqual({ success: true });
 			// Verify deleted
 			const result = await ctx.client.execute({
 				sql: `SELECT COUNT(*) as count FROM dose_tracking WHERE dose_id = ?`,
 				args: [doseId],
 			});
 			expect(result.rows[0].count).toBe(0);
 		});
 	});
 	// ---------------------------------------------------------------------------
 	// GET /share/people
 	// ---------------------------------------------------------------------------
 	describe("GET /share/people", () => {
 		it("should return unique takenBy values from all medications", async () => {
 			await createTestMedication(ctx.client, {
 				userId,
 				name: "Med 1",
 				takenBy: ["Daniel", "Max"],
 			});
 			await createTestMedication(ctx.client, {
 				userId,
 				name: "Med 2",
 				takenBy: ["Daniel", "Lisa"],
 			});
 			const response = await ctx.app.inject({
 				method: "GET",
 				url: "/share/people",
 			});
 			expect(response.statusCode).toBe(200);
 			const data = response.json();
 			expect(data.people).toEqual(["Daniel", "Lisa", "Max"]); // sorted
 		});
 		it("should return empty array when no medications", async () => {
 			const response = await ctx.app.inject({
 				method: "GET",
 				url: "/share/people",
 			});
 			expect(response.statusCode).toBe(200);
 			expect(response.json()).toEqual({ people: [] });
 		});
 	});
 });
@@ -0,0 +1,622 @@
 /**
 * Tests for stock calculation modes (automatic vs manual).
 * Tests the /medications/usage endpoint with different settings.
 */
 import { afterAll, beforeAll, beforeEach, describe, expect, it } from "vitest";
 import {
 	buildTestApp,
 	clearTestData,
 	closeTestApp,
 	createTestDoseTracking,
 	createTestMedication,
 	createTestUser,
 	setUserSettings,
 	type TestContext,
 } from "./setup.js";
 // =============================================================================
 // Route Registration
 // =============================================================================
 async function registerUsageRoutes(ctx: TestContext) {
 	const { app, client } = ctx;
 	// POST /medications/usage - Calculate medication usage for a date range
 	app.post<{ Body: { startDate: string; endDate: string } }>("/medications/usage", async (request, reply) => {
 		const userId = 1;
 		const { startDate, endDate } = request.body || {};
 		if (!startDate || !endDate) {
 			return reply.status(400).send({ error: "startDate and endDate are required" });
 		}
 		const start = new Date(startDate);
 		const end = new Date(endDate);
 		// Get user settings
 		const settingsResult = await client.execute({
 			sql: `SELECT stock_calculation_mode FROM user_settings WHERE user_id = ?`,
 			args: [userId],
 		});
 		const stockMode =
 			settingsResult.rows.length > 0 ? (settingsResult.rows[0].stock_calculation_mode as string) : "automatic";
 		// Get all medications
 		const medsResult = await client.execute({
 			sql: `SELECT * FROM medications WHERE user_id = ?`,
 			args: [userId],
 		});
 		const results = [];
 		for (const med of medsResult.rows) {
 			const totalPills =
 				(med.pack_count as number) * (med.blisters_per_pack as number) * (med.pills_per_blister as number) +
 				(med.loose_tablets as number);
 			const blisterSize = med.pills_per_blister as number;
 			// Calculate usage based on schedule
 			const usageArr: number[] = JSON.parse((med.usage_json as string) || "[]");
 			const everyArr: number[] = JSON.parse((med.every_json as string) || "[]");
 			const startArr: string[] = JSON.parse((med.start_json as string) || "[]");
 			let plannerUsage = 0;
 			if (stockMode === "automatic") {
 				// Automatic: Calculate from schedule
 				for (let i = 0; i < usageArr.length; i++) {
 					const usage = usageArr[i] || 0;
 					const every = everyArr[i] || 1;
 					const scheduleStart = new Date(startArr[i] || start);
 					// Count doses from scheduleStart to end within the range
 					const current = new Date(scheduleStart);
 					while (current <= end) {
 						if (current >= start) {
 							plannerUsage += usage;
 						}
 						current.setDate(current.getDate() + every);
 					}
 				}
 			} else {
 				// Manual: Count only tracked doses in the date range
 				const dosesResult = await client.execute({
 					sql: `SELECT dose_id FROM dose_tracking 
                  WHERE user_id = ? 
                  AND taken_at >= ? 
                  AND taken_at <= ?`,
 					args: [userId, Math.floor(start.getTime() / 1000), Math.floor(end.getTime() / 1000)],
 				});
 				// Filter to doses for this medication
 				const medIdStr = `${med.id}-`;
 				for (const dose of dosesResult.rows) {
 					const doseId = dose.dose_id as string;
 					if (doseId.startsWith(medIdStr)) {
 						// Parse usage from the schedule based on blister index
 						const parts = doseId.split("-");
 						if (parts.length >= 3) {
 							const blisterIdx = parseInt(parts[1], 10);
 							plannerUsage += usageArr[blisterIdx] || 1;
 						}
 					}
 				}
 			}
 			// Calculate how many blisters/pills needed
 			const blistersNeeded = Math.ceil(plannerUsage / blisterSize);
 			const fullBlisters = Math.floor(plannerUsage / blisterSize);
 			const loosePills = plannerUsage % blisterSize;
 			results.push({
 				medicationId: med.id,
 				medicationName: med.name,
 				totalPills,
 				plannerUsage,
 				blisterSize,
 				blistersNeeded,
 				fullBlisters,
 				loosePills,
 				enough: totalPills >= plannerUsage,
 			});
 		}
 		return results;
 	});
 	// GET /medications - List medications (for checking stock)
 	app.get("/medications", async (_request, _reply) => {
 		const userId = 1;
 		const result = await client.execute({
 			sql: `SELECT * FROM medications WHERE user_id = ?`,
 			args: [userId],
 		});
 		return result.rows.map((m) => ({
 			id: m.id,
 			name: m.name,
 			packCount: m.pack_count,
 			blistersPerPack: m.blisters_per_pack,
 			pillsPerBlister: m.pills_per_blister,
 			looseTablets: m.loose_tablets,
 			totalPills:
 				(m.pack_count as number) * (m.blisters_per_pack as number) * (m.pills_per_blister as number) +
 				(m.loose_tablets as number),
 		}));
 	});
 }
 // =============================================================================
 // Tests
 // =============================================================================
 describe("Stock Calculation API", () => {
 	let ctx: TestContext;
 	let userId: number;
 	beforeAll(async () => {
 		ctx = await buildTestApp();
 		await registerUsageRoutes(ctx);
 		await ctx.app.ready();
 	});
 	afterAll(async () => {
 		await closeTestApp(ctx);
 	});
 	beforeEach(async () => {
 		await clearTestData(ctx.client);
 		// Reset SQLite autoincrement so user gets ID 1
 		await ctx.client.execute("DELETE FROM sqlite_sequence WHERE name='users'");
 		userId = await createTestUser(ctx.client, { username: "testuser" });
 	});
 	// ---------------------------------------------------------------------------
 	// Automatic Mode Tests
 	// ---------------------------------------------------------------------------
 	describe("Automatic mode", () => {
 		beforeEach(async () => {
 			await setUserSettings(ctx.client, {
 				userId,
 				stockCalculationMode: "automatic",
 			});
 		});
 		it("should calculate usage from schedule", async () => {
 			// Medication: 1 pill daily starting Jan 1
 			const start = new Date("2025-01-01T00:00:00.000Z");
 			await createTestMedication(ctx.client, {
 				userId,
 				name: "Aspirin",
 				packCount: 1,
 				blistersPerPack: 1,
 				pillsPerBlister: 30,
 				blisters: [{ usage: 1, every: 1, start: start.toISOString() }],
 			});
 			// Calculate usage for 10 days (Jan 1-10)
 			const response = await ctx.app.inject({
 				method: "POST",
 				url: "/medications/usage",
 				payload: {
 					startDate: "2025-01-01T00:00:00.000Z",
 					endDate: "2025-01-10T23:59:59.999Z",
 				},
 			});
 			expect(response.statusCode).toBe(200);
 			const data = response.json();
 			expect(data).toHaveLength(1);
 			const med = data[0];
 			expect(med.medicationName).toBe("Aspirin");
 			expect(med.totalPills).toBe(30);
 			expect(med.plannerUsage).toBe(10); // 10 days, 1 pill/day
 			expect(med.enough).toBe(true);
 		});
 		it("should handle every-other-day schedules", async () => {
 			const start = new Date("2025-01-01T00:00:00.000Z");
 			await createTestMedication(ctx.client, {
 				userId,
 				name: "Med B",
 				packCount: 1,
 				blistersPerPack: 1,
 				pillsPerBlister: 20,
 				blisters: [{ usage: 2, every: 2, start: start.toISOString() }], // 2 pills every 2 days
 			});
 			// 10 days: Jan 1, 3, 5, 7, 9 = 5 doses × 2 pills = 10 pills
 			const response = await ctx.app.inject({
 				method: "POST",
 				url: "/medications/usage",
 				payload: {
 					startDate: "2025-01-01T00:00:00.000Z",
 					endDate: "2025-01-10T23:59:59.999Z",
 				},
 			});
 			expect(response.statusCode).toBe(200);
 			const data = response.json();
 			expect(data[0].plannerUsage).toBe(10);
 		});
 		it("should handle multiple blisters (schedules)", async () => {
 			const start = new Date("2025-01-01T00:00:00.000Z");
 			await createTestMedication(ctx.client, {
 				userId,
 				name: "Multi Schedule",
 				packCount: 1,
 				blistersPerPack: 1,
 				pillsPerBlister: 50,
 				blisters: [
 					{ usage: 1, every: 1, start: start.toISOString() }, // Morning: 1/day
 					{ usage: 1, every: 1, start: start.toISOString() }, // Evening: 1/day
 				],
 			});
 			// 10 days: 2 schedules × 10 days × 1 pill = 20 pills
 			const response = await ctx.app.inject({
 				method: "POST",
 				url: "/medications/usage",
 				payload: {
 					startDate: "2025-01-01T00:00:00.000Z",
 					endDate: "2025-01-10T23:59:59.999Z",
 				},
 			});
 			expect(response.statusCode).toBe(200);
 			const data = response.json();
 			expect(data[0].plannerUsage).toBe(20);
 		});
 		it("should return enough=false when stock insufficient", async () => {
 			const start = new Date("2025-01-01T00:00:00.000Z");
 			await createTestMedication(ctx.client, {
 				userId,
 				name: "Low Stock Med",
 				packCount: 1,
 				blistersPerPack: 1,
 				pillsPerBlister: 5, // Only 5 pills
 				blisters: [{ usage: 1, every: 1, start: start.toISOString() }],
 			});
 			// Need 10 pills but only have 5
 			const response = await ctx.app.inject({
 				method: "POST",
 				url: "/medications/usage",
 				payload: {
 					startDate: "2025-01-01T00:00:00.000Z",
 					endDate: "2025-01-10T23:59:59.999Z",
 				},
 			});
 			expect(response.statusCode).toBe(200);
 			const data = response.json();
 			expect(data[0].totalPills).toBe(5);
 			expect(data[0].plannerUsage).toBe(10);
 			expect(data[0].enough).toBe(false);
 		});
 		it("should calculate blister counts correctly", async () => {
 			const start = new Date("2025-01-01T00:00:00.000Z");
 			await createTestMedication(ctx.client, {
 				userId,
 				name: "Blister Test",
 				packCount: 2,
 				blistersPerPack: 2,
 				pillsPerBlister: 10, // 4 blisters × 10 = 40 pills
 				blisters: [{ usage: 1, every: 1, start: start.toISOString() }],
 			});
 			// 25 days = 25 pills needed = 2 full blisters + 5 loose
 			const response = await ctx.app.inject({
 				method: "POST",
 				url: "/medications/usage",
 				payload: {
 					startDate: "2025-01-01T00:00:00.000Z",
 					endDate: "2025-01-25T23:59:59.999Z",
 				},
 			});
 			expect(response.statusCode).toBe(200);
 			const data = response.json();
 			expect(data[0].plannerUsage).toBe(25);
 			expect(data[0].blisterSize).toBe(10);
 			expect(data[0].blistersNeeded).toBe(3); // ceil(25/10)
 			expect(data[0].fullBlisters).toBe(2); // floor(25/10)
 			expect(data[0].loosePills).toBe(5); // 25 % 10
 		});
 	});
 	// ---------------------------------------------------------------------------
 	// Manual Mode Tests
 	// ---------------------------------------------------------------------------
 	describe("Manual mode", () => {
 		beforeEach(async () => {
 			await setUserSettings(ctx.client, {
 				userId,
 				stockCalculationMode: "manual",
 			});
 		});
 		it("should count only tracked doses", async () => {
 			const start = new Date("2025-01-01T00:00:00.000Z");
 			const medId = await createTestMedication(ctx.client, {
 				userId,
 				name: "Manual Med",
 				packCount: 1,
 				blistersPerPack: 1,
 				pillsPerBlister: 30,
 				blisters: [{ usage: 1, every: 1, start: start.toISOString() }],
 			});
 			// In automatic mode this would count 10 doses
 			// In manual mode, only count tracked doses
 			// Track only 3 doses
 			const jan2 = Math.floor(new Date("2025-01-02T08:00:00.000Z").getTime() / 1000);
 			const jan5 = Math.floor(new Date("2025-01-05T08:00:00.000Z").getTime() / 1000);
 			const jan8 = Math.floor(new Date("2025-01-08T08:00:00.000Z").getTime() / 1000);
 			await createTestDoseTracking(ctx.client, {
 				userId,
 				doseId: `${medId}-0-${jan2 * 1000}`,
 				takenAt: jan2,
 			});
 			await createTestDoseTracking(ctx.client, {
 				userId,
 				doseId: `${medId}-0-${jan5 * 1000}`,
 				takenAt: jan5,
 			});
 			await createTestDoseTracking(ctx.client, {
 				userId,
 				doseId: `${medId}-0-${jan8 * 1000}`,
 				takenAt: jan8,
 			});
 			const response = await ctx.app.inject({
 				method: "POST",
 				url: "/medications/usage",
 				payload: {
 					startDate: "2025-01-01T00:00:00.000Z",
 					endDate: "2025-01-10T23:59:59.999Z",
 				},
 			});
 			expect(response.statusCode).toBe(200);
 			const data = response.json();
 			expect(data[0].plannerUsage).toBe(3); // Only 3 tracked doses
 		});
 		it("should return 0 usage when no doses tracked", async () => {
 			const start = new Date("2025-01-01T00:00:00.000Z");
 			await createTestMedication(ctx.client, {
 				userId,
 				name: "Untracked Med",
 				packCount: 1,
 				blistersPerPack: 1,
 				pillsPerBlister: 30,
 				blisters: [{ usage: 1, every: 1, start: start.toISOString() }],
 			});
 			// No dose tracking records
 			const response = await ctx.app.inject({
 				method: "POST",
 				url: "/medications/usage",
 				payload: {
 					startDate: "2025-01-01T00:00:00.000Z",
 					endDate: "2025-01-10T23:59:59.999Z",
 				},
 			});
 			expect(response.statusCode).toBe(200);
 			const data = response.json();
 			expect(data[0].plannerUsage).toBe(0);
 			expect(data[0].enough).toBe(true);
 		});
 		it("should only count doses within date range", async () => {
 			const start = new Date("2025-01-01T00:00:00.000Z");
 			const medId = await createTestMedication(ctx.client, {
 				userId,
 				name: "Range Test",
 				packCount: 1,
 				blistersPerPack: 1,
 				pillsPerBlister: 30,
 				blisters: [{ usage: 1, every: 1, start: start.toISOString() }],
 			});
 			// Dose before range (Dec 31)
 			const dec31 = Math.floor(new Date("2024-12-31T08:00:00.000Z").getTime() / 1000);
 			await createTestDoseTracking(ctx.client, {
 				userId,
 				doseId: `${medId}-0-${dec31 * 1000}`,
 				takenAt: dec31,
 			});
 			// Dose in range (Jan 5)
 			const jan5 = Math.floor(new Date("2025-01-05T08:00:00.000Z").getTime() / 1000);
 			await createTestDoseTracking(ctx.client, {
 				userId,
 				doseId: `${medId}-0-${jan5 * 1000}`,
 				takenAt: jan5,
 			});
 			// Dose after range (Jan 15)
 			const jan15 = Math.floor(new Date("2025-01-15T08:00:00.000Z").getTime() / 1000);
 			await createTestDoseTracking(ctx.client, {
 				userId,
 				doseId: `${medId}-0-${jan15 * 1000}`,
 				takenAt: jan15,
 			});
 			const response = await ctx.app.inject({
 				method: "POST",
 				url: "/medications/usage",
 				payload: {
 					startDate: "2025-01-01T00:00:00.000Z",
 					endDate: "2025-01-10T23:59:59.999Z",
 				},
 			});
 			expect(response.statusCode).toBe(200);
 			const data = response.json();
 			expect(data[0].plannerUsage).toBe(1); // Only Jan 5 is in range
 		});
 		it("should handle multi-pill doses correctly", async () => {
 			const start = new Date("2025-01-01T00:00:00.000Z");
 			const medId = await createTestMedication(ctx.client, {
 				userId,
 				name: "Multi-Pill",
 				packCount: 1,
 				blistersPerPack: 1,
 				pillsPerBlister: 30,
 				blisters: [{ usage: 2, every: 1, start: start.toISOString() }], // 2 pills per dose
 			});
 			const jan2 = Math.floor(new Date("2025-01-02T08:00:00.000Z").getTime() / 1000);
 			await createTestDoseTracking(ctx.client, {
 				userId,
 				doseId: `${medId}-0-${jan2 * 1000}`, // Blister index 0 has usage=2
 				takenAt: jan2,
 			});
 			const response = await ctx.app.inject({
 				method: "POST",
 				url: "/medications/usage",
 				payload: {
 					startDate: "2025-01-01T00:00:00.000Z",
 					endDate: "2025-01-10T23:59:59.999Z",
 				},
 			});
 			expect(response.statusCode).toBe(200);
 			const data = response.json();
 			expect(data[0].plannerUsage).toBe(2); // 1 dose × 2 pills
 		});
 	});
 	// ---------------------------------------------------------------------------
 	// Mode Comparison Tests
 	// ---------------------------------------------------------------------------
 	describe("Automatic vs Manual mode comparison", () => {
 		it("should show different results for same medication", async () => {
 			const start = new Date("2025-01-01T00:00:00.000Z");
 			const medId = await createTestMedication(ctx.client, {
 				userId,
 				name: "Comparison Med",
 				packCount: 1,
 				blistersPerPack: 1,
 				pillsPerBlister: 30,
 				blisters: [{ usage: 1, every: 1, start: start.toISOString() }],
 			});
 			// Track only 5 of the 10 scheduled doses
 			for (let day = 1; day <= 5; day++) {
 				const date = new Date(`2025-01-0${day}T08:00:00.000Z`);
 				const ts = Math.floor(date.getTime() / 1000);
 				await createTestDoseTracking(ctx.client, {
 					userId,
 					doseId: `${medId}-0-${ts * 1000}`,
 					takenAt: ts,
 				});
 			}
 			// Test automatic mode
 			await setUserSettings(ctx.client, {
 				userId,
 				stockCalculationMode: "automatic",
 			});
 			const autoResponse = await ctx.app.inject({
 				method: "POST",
 				url: "/medications/usage",
 				payload: {
 					startDate: "2025-01-01T00:00:00.000Z",
 					endDate: "2025-01-10T23:59:59.999Z",
 				},
 			});
 			expect(autoResponse.statusCode).toBe(200);
 			const autoData = autoResponse.json();
 			expect(autoData[0].plannerUsage).toBe(10); // Schedule says 10 doses
 			// Test manual mode
 			await setUserSettings(ctx.client, {
 				userId,
 				stockCalculationMode: "manual",
 			});
 			const manualResponse = await ctx.app.inject({
 				method: "POST",
 				url: "/medications/usage",
 				payload: {
 					startDate: "2025-01-01T00:00:00.000Z",
 					endDate: "2025-01-10T23:59:59.999Z",
 				},
 			});
 			expect(manualResponse.statusCode).toBe(200);
 			const manualData = manualResponse.json();
 			expect(manualData[0].plannerUsage).toBe(5); // Only 5 actually tracked
 		});
 	});
 	// ---------------------------------------------------------------------------
 	// Multiple Medications Tests
 	// ---------------------------------------------------------------------------
 	describe("Multiple medications", () => {
 		it("should calculate usage for all medications", async () => {
 			const start = new Date("2025-01-01T00:00:00.000Z");
 			await createTestMedication(ctx.client, {
 				userId,
 				name: "Med A",
 				packCount: 1,
 				blistersPerPack: 1,
 				pillsPerBlister: 20,
 				blisters: [{ usage: 1, every: 1, start: start.toISOString() }],
 			});
 			await createTestMedication(ctx.client, {
 				userId,
 				name: "Med B",
 				packCount: 1,
 				blistersPerPack: 1,
 				pillsPerBlister: 20,
 				blisters: [{ usage: 2, every: 2, start: start.toISOString() }],
 			});
 			await setUserSettings(ctx.client, {
 				userId,
 				stockCalculationMode: "automatic",
 			});
 			const response = await ctx.app.inject({
 				method: "POST",
 				url: "/medications/usage",
 				payload: {
 					startDate: "2025-01-01T00:00:00.000Z",
 					endDate: "2025-01-10T23:59:59.999Z",
 				},
 			});
 			expect(response.statusCode).toBe(200);
 			const data = response.json();
 			expect(data).toHaveLength(2);
 			const medA = data.find((d: any) => d.medicationName === "Med A");
 			const medB = data.find((d: any) => d.medicationName === "Med B");
 			expect(medA.plannerUsage).toBe(10); // 10 days × 1 pill
 			expect(medB.plannerUsage).toBe(10); // 5 doses × 2 pills
 		});
 	});
 });
@@ -0,0 +1,136 @@
 /**
 * Tests for translations module
 */
 import { describe, expect, it } from "vitest";
 import { getDateLocale, getTranslations, type Language, t } from "../i18n/translations.js";
 describe("Translations Module", () => {
 	describe("getTranslations", () => {
 		it("should return English translations for 'en'", () => {
 			const translations = getTranslations("en");
 			expect(translations.stockReminder.title).toContain("MedAssist-ng");
 			expect(translations.common.pills).toBe("pills");
 		});
 		it("should return German translations for 'de'", () => {
 			const translations = getTranslations("de");
 			expect(translations.stockReminder.title).toContain("MedAssist-ng");
 			expect(translations.common.pills).toBe("Tabletten");
 		});
 		it("should fallback to English for unknown language", () => {
 			const translations = getTranslations("fr" as Language);
 			expect(translations.common.pills).toBe("pills");
 		});
 		it("should have all required keys in English", () => {
 			const translations = getTranslations("en");
 			// Stock reminder keys
 			expect(translations.stockReminder.subject).toBeDefined();
 			expect(translations.stockReminder.title).toBeDefined();
 			expect(translations.stockReminder.description).toBeDefined();
 			expect(translations.stockReminder.tableHeaders.medication).toBeDefined();
 			// Intake reminder keys
 			expect(translations.intakeReminder.subject).toBeDefined();
 			expect(translations.intakeReminder.title).toBeDefined();
 			expect(translations.intakeReminder.pills).toBeDefined();
 			expect(translations.intakeReminder.takenBy).toBeDefined();
 			// Push notification keys
 			expect(translations.push.stockTitle).toBeDefined();
 			expect(translations.push.intakeTitle).toBeDefined();
 			expect(translations.push.pillsLeft).toBeDefined();
 			expect(translations.push.emptySection).toBeDefined();
 			expect(translations.push.lowSection).toBeDefined();
 		});
 		it("should have all required keys in German", () => {
 			const translations = getTranslations("de");
 			// Stock reminder keys
 			expect(translations.stockReminder.subject).toBeDefined();
 			expect(translations.stockReminder.title).toBeDefined();
 			expect(translations.stockReminder.description).toBeDefined();
 			expect(translations.stockReminder.tableHeaders.medication).toBe("Medikament");
 			// Intake reminder keys
 			expect(translations.intakeReminder.subject).toBeDefined();
 			expect(translations.intakeReminder.pills).toBe("Tabletten");
 			expect(translations.intakeReminder.takenBy).toBe("für {name}");
 		});
 	});
 	describe("t (template function)", () => {
 		it("should replace single placeholder", () => {
 			const result = t("Hello {name}!", { name: "World" });
 			expect(result).toBe("Hello World!");
 		});
 		it("should replace multiple placeholders", () => {
 			const result = t("{count} {type} running low", { count: 3, type: "medications" });
 			expect(result).toBe("3 medications running low");
 		});
 		it("should replace same placeholder multiple times", () => {
 			const result = t("{name} and {name} again", { name: "test" });
 			expect(result).toBe("test and test again");
 		});
 		it("should leave unmatched placeholders", () => {
 			const result = t("Hello {name}!", {});
 			expect(result).toBe("Hello {name}!");
 		});
 		it("should handle numeric values", () => {
 			const result = t("{count} pills left", { count: 42 });
 			expect(result).toBe("42 pills left");
 		});
 		it("should handle empty params object", () => {
 			const result = t("No placeholders here", {});
 			expect(result).toBe("No placeholders here");
 		});
 		it("should work with real translation strings", () => {
 			const translations = getTranslations("en");
 			// Stock reminder subject
 			const subject = t(translations.stockReminder.subject, { count: 3, s: "s" });
 			expect(subject).toBe("MedAssist-ng Auto-Reminder: 3 Medications Running Low");
 			// Intake reminder description
 			const description = t(translations.intakeReminder.description, { minutes: 30 });
 			expect(description).toBe("Time to take your medication in 30 minutes:");
 			// Push notification
 			const push = t(translations.push.pillsAt, { count: 2, time: "08:00" });
 			expect(push).toBe("2 pills at 08:00");
 		});
 		it("should work with German translations", () => {
 			const translations = getTranslations("de");
 			const subject = t(translations.stockReminder.subject, { count: 2, e: "e" });
 			expect(subject).toBe("MedAssist-ng Auto-Erinnerung: 2 Medikamente wird knapp");
 			const takenBy = t(translations.intakeReminder.takenBy, { name: "Daniel" });
 			expect(takenBy).toBe("für Daniel");
 		});
 	});
 	describe("getDateLocale", () => {
 		it("should return 'en-US' for English", () => {
 			expect(getDateLocale("en")).toBe("en-US");
 		});
 		it("should return 'de-DE' for German", () => {
 			expect(getDateLocale("de")).toBe("de-DE");
 		});
 		it("should return 'en-US' for unknown language", () => {
 			expect(getDateLocale("fr" as Language)).toBe("en-US");
 		});
 	});
 });
@@ -3,32 +3,32 @@ import "@fastify/jwt";
 // User type for authenticated requests
 export interface AuthUser {
-  id: number;
+	id: number;
-  username: string;
+	username: string;
-  role: string;
+	role: string;
 }
 declare module "fastify" {
-  interface FastifyInstance {
+	interface FastifyInstance {
-    config: {
+		config: {
-      accessSecret: string;
+			accessSecret: string;
-      refreshSecret: string;
+			refreshSecret: string;
-      accessTtl: number;
+			accessTtl: number;
-      refreshTtl: number;
+			refreshTtl: number;
-      cookieOptions: import("@fastify/cookie").CookieSerializeOptions;
+			cookieOptions: import("@fastify/cookie").CookieSerializeOptions;
-      refreshCookieOptions: import("@fastify/cookie").CookieSerializeOptions;
+			refreshCookieOptions: import("@fastify/cookie").CookieSerializeOptions;
-    };
+		};
-  }
+	}
-  
+
-  interface FastifyRequest {
+	interface FastifyRequest {
-    user?: AuthUser | null;
+		user?: AuthUser | null;
-  }
+	}
 }
 declare module "@fastify/jwt" {
-  interface FastifyJWT {
+	interface FastifyJWT {
-    // Allow flexible payload for access and refresh tokens
+		// Allow flexible payload for access and refresh tokens
-    payload: Record<string, unknown>;
+		payload: Record<string, unknown>;
-    user: Record<string, unknown>;
+		user: Record<string, unknown>;
-  }
+	}
 }
@@ -0,0 +1,574 @@
 /**
 * Shared utility functions for scheduler services.
 * Exported separately to allow testing without side effects.
 */
 import { getDateLocale, type Language } from "../i18n/translations.js";
 // Legacy type - individual blister schedule (DEPRECATED: use Intake instead)
 export type Blister = { usage: number; every: number; start: string };
 // New unified intake type with per-intake takenBy
 export type Intake = {
 	usage: number;
 	every: number;
 	start: string;
 	takenBy: string | null; // Person taking this specific intake (null = use medication-level takenBy)
 	intakeRemindersEnabled: boolean;
 };
 // =============================================================================
 // Timezone utilities
 // =============================================================================
 /** Get current timezone from TZ env variable or default to UTC */
 export function getTimezone(): string {
 	return process.env.TZ || "UTC";
 }
 /** Format a date in the configured timezone */
 export function formatInTimezone(date: Date, tz?: string): string {
 	return date.toLocaleString("de-DE", {
 		timeZone: tz ?? getTimezone(),
 		day: "2-digit",
 		month: "2-digit",
 		year: "numeric",
 		hour: "2-digit",
 		minute: "2-digit",
 	});
 }
 /** Get current hour in the configured timezone */
 export function getCurrentHourInTimezone(tz?: string): number {
 	const now = new Date();
 	const timeStr = now.toLocaleString("en-US", {
 		timeZone: tz ?? getTimezone(),
 		hour: "numeric",
 		hour12: false,
 	});
 	return parseInt(timeStr, 10);
 }
 /** Get today's date string in the configured timezone (YYYY-MM-DD) */
 export function getTodayInTimezone(tz?: string): string {
 	const now = new Date();
 	const parts = now.toLocaleDateString("en-CA", { timeZone: tz ?? getTimezone() }).split("-");
 	return parts.join("-"); // YYYY-MM-DD format
 }
 /** Calculate the next scheduled time for a given reminder hour */
 export function getNextScheduledTime(reminderHour: number, tz?: string): Date {
 	const now = new Date();
 	const timezone = tz ?? getTimezone();
 	// Get current time components in the target timezone
 	const formatter = new Intl.DateTimeFormat("en-US", {
 		timeZone: timezone,
 		year: "numeric",
 		month: "2-digit",
 		day: "2-digit",
 		hour: "2-digit",
 		minute: "2-digit",
 		hour12: false,
 	});
 	const parts = formatter.formatToParts(now);
 	const getPart = (type: string) => parts.find((p) => p.type === type)?.value || "0";
 	const currentHour = parseInt(getPart("hour"), 10);
 	const currentMinute = parseInt(getPart("minute"), 10);
 	// Calculate if we need tomorrow
 	const needTomorrow = currentHour > reminderHour || (currentHour === reminderHour && currentMinute > 0);
 	// Handle month overflow simply by adding a day to now if needed
 	let targetDate: Date;
 	if (needTomorrow) {
 		targetDate = new Date(now.getTime() + 24 * 60 * 60 * 1000);
 	} else {
 		targetDate = new Date(now);
 	}
 	// Get the target date's date string in the timezone
 	const targetFormatter = new Intl.DateTimeFormat("en-CA", {
 		timeZone: timezone,
 		year: "numeric",
 		month: "2-digit",
 		day: "2-digit",
 	});
 	const [targetYear, targetMonth, targetDay] = targetFormatter.format(targetDate).split("-").map(Number);
 	// Now we need to find the UTC time that corresponds to reminderHour:00 on targetDate in the target timezone
 	// Use a search approach: start with a guess and adjust
 	const guessUtc = new Date(Date.UTC(targetYear, targetMonth - 1, targetDay, reminderHour, 0, 0, 0));
 	// Check what hour this UTC time corresponds to in the target timezone
 	const checkFormatter = new Intl.DateTimeFormat("en-US", {
 		timeZone: timezone,
 		hour: "2-digit",
 		hour12: false,
 	});
 	// Adjust based on the difference
 	const guessHour = parseInt(checkFormatter.format(guessUtc), 10);
 	const hourDiff = guessHour - reminderHour;
 	// Apply correction (if guessHour is higher, we need to subtract time)
 	const correctedUtc = new Date(guessUtc.getTime() - hourDiff * 60 * 60 * 1000);
 	return correctedUtc;
 }
 /** Calculate milliseconds until next check at the given reminder hour */
 export function getMsUntilNextCheck(reminderHour: number, tz?: string): number {
 	const next = getNextScheduledTime(reminderHour, tz);
 	return next.getTime() - Date.now();
 }
 // =============================================================================
 // Blister/medication parsing utilities
 // =============================================================================
 /**
 * Parse an ISO datetime string to local timestamp.
 * Extracts date/time components directly from the string to avoid
 * timezone conversion issues with Z suffix.
 *
 * "2026-01-23T20:55:00" → treated as local time 20:55
 * "2026-01-23T20:55:00.000Z" → also treated as local time 20:55 (Z ignored)
 */
 export function parseLocalDateTime(isoString: string): Date {
 	// Extract components: YYYY-MM-DDTHH:MM:SS (ignore Z and milliseconds)
 	const match = isoString.match(/^(\d{4})-(\d{2})-(\d{2})T(\d{2}):(\d{2}):?(\d{2})?/);
 	if (!match) {
 		// Fallback to Date parsing if format doesn't match
 		return new Date(isoString);
 	}
 	const [, year, month, day, hour, minute, second] = match;
 	// Create date using local time interpretation (no UTC conversion)
 	return new Date(
 		parseInt(year, 10),
 		parseInt(month, 10) - 1, // Month is 0-indexed
 		parseInt(day, 10),
 		parseInt(hour, 10),
 		parseInt(minute, 10),
 		parseInt(second ?? "0", 10)
 	);
 }
 /** Parse blister schedules from JSON columns (DEPRECATED: use parseIntakesJson instead) */
 export function parseBlisters(row: { usageJson: string; everyJson: string; startJson: string }): Blister[] {
 	try {
 		const usage = JSON.parse(row.usageJson) as number[];
 		const every = JSON.parse(row.everyJson) as number[];
 		const start = JSON.parse(row.startJson) as string[];
 		const len = Math.min(usage.length, every.length, start.length);
 		const blisters: Blister[] = [];
 		for (let i = 0; i < len; i++) {
 			blisters.push({ usage: usage[i], every: every[i], start: start[i] });
 		}
 		return blisters;
 	} catch {
 		return [];
 	}
 }
 /**
 * Parse intakes from the new unified intakesJson format.
 * Falls back to legacy parallel arrays if intakesJson is empty.
 * @param intakesJson - The new unified JSON string
 * @param legacyRow - Optional legacy row with usageJson, everyJson, startJson for fallback
 * @param medicationIntakeRemindersEnabled - Medication-level intakeRemindersEnabled (fallback for legacy)
 */
 export function parseIntakesJson(
 	intakesJson: string | null | undefined,
 	legacyRow?: { usageJson: string; everyJson: string; startJson: string },
 	medicationIntakeRemindersEnabled?: boolean
 ): Intake[] {
 	// Try new format first
 	if (intakesJson) {
 		try {
 			const parsed = JSON.parse(intakesJson);
 			if (Array.isArray(parsed) && parsed.length > 0) {
 				return parsed.map((intake: any) => ({
 					usage: typeof intake.usage === "number" ? intake.usage : 0,
 					every: typeof intake.every === "number" ? intake.every : 1,
 					start: typeof intake.start === "string" ? intake.start : new Date().toISOString(),
 					takenBy: typeof intake.takenBy === "string" && intake.takenBy.trim() ? intake.takenBy.trim() : null,
 					intakeRemindersEnabled:
 						typeof intake.intakeRemindersEnabled === "boolean" ? intake.intakeRemindersEnabled : false,
 				}));
 			}
 		} catch {
 			// Fall through to legacy parsing
 		}
 	}
 	// Fallback to legacy parallel arrays
 	if (legacyRow) {
 		const blisters = parseBlisters(legacyRow);
 		return blisters.map((b) => ({
 			usage: b.usage,
 			every: b.every,
 			start: b.start,
 			takenBy: null, // Legacy format has no per-intake takenBy
 			intakeRemindersEnabled: medicationIntakeRemindersEnabled ?? false,
 		}));
 	}
 	return [];
 }
 /**
 * Convert intakes to legacy blister format (for backward compatibility)
 */
 export function intakesToBlisters(intakes: Intake[]): Blister[] {
 	return intakes.map((i) => ({ usage: i.usage, every: i.every, start: i.start }));
 }
 /** Parse takenByJson to array of strings */
 export function parseTakenByJson(takenByJson: string | null | undefined): string[] {
 	if (!takenByJson) return [];
 	try {
 		const parsed = JSON.parse(takenByJson);
 		return Array.isArray(parsed) ? parsed.filter((s: unknown) => typeof s === "string" && s.trim()) : [];
 	} catch {
 		return [];
 	}
 }
 /**
 * Get all unique takenBy values from both medication-level and intake-level.
 * Used for filtering and sharing functionality.
 */
 export function getAllTakenByForMedication(medicationTakenBy: string[], intakes: Intake[]): string[] {
 	const allPeople = new Set<string>(medicationTakenBy);
 	for (const intake of intakes) {
 		if (intake.takenBy) {
 			allPeople.add(intake.takenBy);
 		}
 	}
 	return Array.from(allPeople);
 }
 /**
 * Check if a person takes this medication (either via medication-level or intake-level takenBy).
 */
 export function personTakesMedication(person: string, medicationTakenBy: string[], intakes: Intake[]): boolean {
 	if (medicationTakenBy.includes(person)) return true;
 	return intakes.some((intake) => intake.takenBy === person);
 }
 // =============================================================================
 // Stock calculation utilities
 // =============================================================================
 /** Calculate daily usage from blisters */
 export function calculateDailyUsage(blisters: Blister[]): number {
 	return blisters.reduce((sum, s) => sum + s.usage / s.every, 0);
 }
 /** Calculate depletion information for a medication */
 export function calculateDepletionInfo(
 	med: { count: number; blisters: Blister[] },
 	language: Language
 ): { daysLeft: number | null; depletionDate: string | null } {
 	const dailyUsage = calculateDailyUsage(med.blisters);
 	if (dailyUsage <= 0) return { daysLeft: null, depletionDate: null };
 	const daysLeft = Math.floor(med.count / dailyUsage);
 	const depletionMs = Date.now() + daysLeft * 86_400_000;
 	const depletionDate = new Date(depletionMs).toLocaleDateString(getDateLocale(language), {
 		weekday: "short",
 		day: "2-digit",
 		month: "short",
 	});
 	return { daysLeft, depletionDate };
 }
 // =============================================================================
 // Intake reminder utilities
 // =============================================================================
 export type UpcomingIntake = {
 	medName: string;
 	medicationId?: number;
 	blisterIndex?: number;
 	usage: number;
 	intakeTime: Date;
 	intakeTimeStr: string;
 	takenBy: string | null; // Single person for this intake (null = no specific person)
 	pillWeightMg: number | null;
 	doseUnit?: string;
 };
 /**
 * Get all intakes for today (past and future) - used for repeat reminders.
 * Returns all intakes scheduled for today in user's timezone.
 * Now uses per-intake takenBy instead of medication-level.
 */
 export function getTodaysIntakes(
 	medName: string,
 	intakes: Intake[],
 	medicationTakenBy: string[], // Medication-level takenBy as fallback
 	pillWeightMg: number | null,
 	locale: string,
 	tz?: string,
 	medicationId?: number,
 	doseUnit?: string
 ): UpcomingIntake[] {
 	const timezone = tz ?? getTimezone();
 	const now = new Date();
 	// Get start and end of today in user's timezone
 	const todayStart = new Date(now.toLocaleString("en-US", { timeZone: timezone }));
 	todayStart.setHours(0, 0, 0, 0);
 	const todayEnd = new Date(now.toLocaleString("en-US", { timeZone: timezone }));
 	todayEnd.setHours(23, 59, 59, 999);
 	const result: UpcomingIntake[] = [];
 	for (let blisterIdx = 0; blisterIdx < intakes.length; blisterIdx++) {
 		const intake = intakes[blisterIdx];
 		const startTime = parseLocalDateTime(intake.start).getTime();
 		const intervalMs = intake.every * 24 * 60 * 60 * 1000;
 		if (intervalMs <= 0) continue;
 		// Determine takenBy for this intake
 		// If intake has its own takenBy, use it; otherwise null (no specific person)
 		const effectiveTakenBy = intake.takenBy || null;
 		// Find all occurrences that fall within today
 		let currentTime = startTime;
 		// If start is in the past, calculate the first occurrence on or after todayStart
 		if (currentTime < todayStart.getTime()) {
 			const elapsed = todayStart.getTime() - startTime;
 			const intervals = Math.floor(elapsed / intervalMs);
 			currentTime = startTime + intervals * intervalMs;
 		}
 		// Collect all intakes for today
 		while (currentTime <= todayEnd.getTime()) {
 			if (currentTime >= todayStart.getTime()) {
 				const intakeDate = new Date(currentTime);
 				result.push({
 					medName,
 					medicationId,
 					blisterIndex: blisterIdx,
 					usage: intake.usage,
 					intakeTime: intakeDate,
 					intakeTimeStr: intakeDate.toLocaleTimeString(locale, {
 						hour: "2-digit",
 						minute: "2-digit",
 						timeZone: timezone,
 					}),
 					takenBy: effectiveTakenBy,
 					pillWeightMg,
 					doseUnit,
 				});
 			}
 			currentTime += intervalMs;
 		}
 	}
 	return result;
 }
 /**
 * Get upcoming intakes that fall within the reminder window.
 * Returns intakes that should be notified about right now.
 * Now uses per-intake takenBy instead of medication-level.
 */
 export function getUpcomingIntakes(
 	medName: string,
 	intakes: Intake[],
 	minutesBefore: number,
 	medicationTakenBy: string[], // Medication-level takenBy as fallback
 	pillWeightMg: number | null,
 	locale: string,
 	tz?: string,
 	nowOverride?: number,
 	medicationId?: number,
 	doseUnit?: string
 ): UpcomingIntake[] {
 	const now = nowOverride ?? Date.now();
 	const timezone = tz ?? getTimezone();
 	// Get the current minute (truncated to minute boundary for precise matching)
 	const currentMinuteStart = Math.floor(now / 60000) * 60000;
 	const currentMinuteEnd = currentMinuteStart + 60000;
 	const upcoming: UpcomingIntake[] = [];
 	for (let blisterIdx = 0; blisterIdx < intakes.length; blisterIdx++) {
 		const intake = intakes[blisterIdx];
 		const startTime = parseLocalDateTime(intake.start).getTime();
 		const intervalMs = intake.every * 24 * 60 * 60 * 1000;
 		if (intervalMs <= 0) continue;
 		// Determine takenBy for this intake
 		const effectiveTakenBy = intake.takenBy || null;
 		// Find the next scheduled intake time (could be today or in the future)
 		let nextTime = startTime;
 		// If start is in the past, calculate occurrences
 		if (nextTime < now) {
 			const elapsed = now - startTime;
 			const intervals = Math.floor(elapsed / intervalMs);
 			// Check the current occurrence (today's scheduled time, even if past)
 			const currentOccurrence = startTime + intervals * intervalMs;
 			// And the next occurrence
 			const nextOccurrence = startTime + (intervals + 1) * intervalMs;
 			// If today's occurrence notification time falls in current minute and intake hasn't happened
 			const currentNotifyTime = currentOccurrence - minutesBefore * 60 * 1000;
 			if (currentNotifyTime >= currentMinuteStart && currentOccurrence > now) {
 				nextTime = currentOccurrence;
 			} else {
 				nextTime = nextOccurrence;
 			}
 		}
 		// Calculate when we should notify for this intake
 		const notifyTime = nextTime - minutesBefore * 60 * 1000;
 		// Check if notifyTime falls within the current minute (precise matching)
 		if (notifyTime >= currentMinuteStart && notifyTime < currentMinuteEnd) {
 			const intakeDate = new Date(nextTime);
 			upcoming.push({
 				medName,
 				medicationId,
 				blisterIndex: blisterIdx,
 				usage: intake.usage,
 				intakeTime: intakeDate,
 				intakeTimeStr: intakeDate.toLocaleTimeString(locale, {
 					hour: "2-digit",
 					minute: "2-digit",
 					timeZone: timezone,
 				}),
 				takenBy: effectiveTakenBy,
 				pillWeightMg,
 				doseUnit,
 			});
 		}
 	}
 	return upcoming;
 }
 // =============================================================================
 // State file utilities
 // =============================================================================
 export type ReminderState = {
 	lastAutoEmailSent: string | null;
 	lastAutoEmailDate: string | null;
 	notifiedMedications: string[];
 	nextScheduledCheck: string | null;
 	lastNotificationType: "stock" | "intake" | null;
 	lastNotificationChannel: "email" | "push" | "both" | null;
 };
 export type IntakeReminderEntry = {
 	firstSentAt: number; // Timestamp when first reminder was sent
 	lastSentAt: number; // Timestamp when last reminder was sent
 	sendCount: number; // How many times NAGGING reminder was sent (not counting advance)
 	advanceSent?: boolean; // Whether the advance reminder (15 min before) was sent
 };
 export type IntakeReminderState = {
 	reminders: Record<string, IntakeReminderEntry>; // key -> entry
 };
 /** Create default reminder state */
 export function createDefaultReminderState(): ReminderState {
 	return {
 		lastAutoEmailSent: null,
 		lastAutoEmailDate: null,
 		notifiedMedications: [],
 		nextScheduledCheck: null,
 		lastNotificationType: null,
 		lastNotificationChannel: null,
 	};
 }
 /** Create default intake reminder state */
 export function createDefaultIntakeReminderState(): IntakeReminderState {
 	return { reminders: {} };
 }
 /** Parse reminder state from JSON string */
 export function parseReminderState(json: string): ReminderState {
 	try {
 		const saved = JSON.parse(json);
 		return {
 			lastAutoEmailSent: saved.lastAutoEmailSent ?? null,
 			lastAutoEmailDate: saved.lastAutoEmailDate ?? null,
 			notifiedMedications: saved.notifiedMedications ?? [],
 			nextScheduledCheck: saved.nextScheduledCheck ?? null,
 			lastNotificationType: saved.lastNotificationType ?? null,
 			lastNotificationChannel: saved.lastNotificationChannel ?? null,
 		};
 	} catch {
 		return createDefaultReminderState();
 	}
 }
 /** Parse intake reminder state from JSON string (backward compatible) */
 export function parseIntakeReminderState(json: string): IntakeReminderState {
 	try {
 		const saved = JSON.parse(json);
 		// Backward compatibility: convert old array format to new map format
 		if (Array.isArray(saved.sentReminders)) {
 			const reminders: Record<string, IntakeReminderEntry> = {};
 			const now = Date.now();
 			for (const key of saved.sentReminders) {
 				reminders[key] = {
 					firstSentAt: now,
 					lastSentAt: now,
 					sendCount: 1,
 				};
 			}
 			return { reminders };
 		}
 		// New format
 		return {
 			reminders: saved.reminders ?? {},
 		};
 	} catch {
 		return createDefaultIntakeReminderState();
 	}
 }
 /** Clean up old intake reminder entries (older than given milliseconds) */
 /** Clean up old intake reminder entries (using timezone-aware day check) */
 export function cleanOldIntakeReminders(
 	reminders: Record<string, IntakeReminderEntry>,
 	tz: string
 ): Record<string, IntakeReminderEntry> {
 	// Get start of today in user's timezone
 	const now = new Date();
 	const todayStart = new Date(now.toLocaleString("en-US", { timeZone: tz }));
 	todayStart.setHours(0, 0, 0, 0);
 	const todayStartMs = todayStart.getTime();
 	// Keep only reminders from today onwards (based on dose timestamp in key)
 	const cleaned: Record<string, IntakeReminderEntry> = {};
 	for (const [key, entry] of Object.entries(reminders)) {
 		const timestamp = parseInt(key.split(":").pop() || "0", 10);
 		if (timestamp >= todayStartMs) {
 			cleaned[key] = entry;
 		}
 	}
 	return cleaned;
 }
@@ -0,0 +1,113 @@
 /**
 * Utility functions for server configuration.
 * Exported separately to allow testing without triggering server start.
 */
 import { existsSync, mkdirSync } from "node:fs";
 import { resolve } from "node:path";
 import type { CookieSerializeOptions } from "@fastify/cookie";
 /**
 * Parse comma-separated CORS origins string
 */
 export function parseCorsOrigins(originsStr: string): string[] {
 	return originsStr
 		.split(",")
 		.map((o) => o.trim())
 		.filter((o) => o.length > 0);
 }
 /**
 * Build base cookie options for access token
 */
 export function buildBaseCookieOptions(accessTtlMinutes: number, isProduction: boolean): CookieSerializeOptions {
 	return {
 		httpOnly: true,
 		secure: isProduction,
 		sameSite: "lax",
 		path: "/",
 		maxAge: accessTtlMinutes * 60, // Convert minutes to seconds
 	};
 }
 /**
 * Build refresh cookie options (extends base with longer TTL)
 */
 export function buildRefreshCookieOptions(
 	baseCookieOptions: CookieSerializeOptions,
 	refreshTtlDays: number
 ): CookieSerializeOptions {
 	return {
 		...baseCookieOptions,
 		maxAge: refreshTtlDays * 24 * 60 * 60, // Convert days to seconds
 	};
 }
 /**
 * Build complete app configuration object
 */
 export interface AppConfigOptions {
 	jwtSecret?: string;
 	refreshSecret?: string;
 	accessTtlMinutes: number;
 	refreshTtlDays: number;
 	isProduction: boolean;
 }
 export interface AppConfig {
 	accessSecret: string;
 	refreshSecret: string;
 	accessTtl: number;
 	refreshTtl: number;
 	cookieOptions: CookieSerializeOptions;
 	refreshCookieOptions: CookieSerializeOptions;
 }
 export function buildAppConfig(options: AppConfigOptions): AppConfig {
 	const cookieOptions = buildBaseCookieOptions(options.accessTtlMinutes, options.isProduction);
 	const refreshCookieOptions = buildRefreshCookieOptions(cookieOptions, options.refreshTtlDays);
 	return {
 		accessSecret: options.jwtSecret || "",
 		refreshSecret: options.refreshSecret || "",
 		accessTtl: options.accessTtlMinutes,
 		refreshTtl: options.refreshTtlDays,
 		cookieOptions,
 		refreshCookieOptions,
 	};
 }
 /**
 * Ensure images directory exists
 */
 export function ensureImagesDirectory(cwd?: string): string {
 	const basePath = cwd || process.cwd();
 	const imagesDir = resolve(basePath, "data/images");
 	if (!existsSync(imagesDir)) {
 		mkdirSync(imagesDir, { recursive: true });
 	}
 	return imagesDir;
 }
 /**
 * Get JWT configuration based on auth enabled status
 */
 export interface JwtConfig {
 	secret: string;
 	cookie: {
 		cookieName: string;
 		signed: boolean;
 	};
 }
 export function getJwtConfig(authEnabled: boolean, jwtSecret?: string): JwtConfig {
 	const effectiveSecret = authEnabled && jwtSecret ? jwtSecret : "auth-disabled-no-secret-needed";
 	return {
 		secret: effectiveSecret,
 		cookie: {
 			cookieName: "access_token",
 			signed: false,
 		},
 	};
 }
@@ -0,0 +1,18 @@
 import { defineConfig } from "vitest/config";
 export default defineConfig({
  test: {
    globals: true,
    environment: "node",
    include: ["src/**/*.test.ts"],
    setupFiles: ["src/test/setup.ts"],
    // Run tests sequentially to avoid DB conflicts
    poolOptions: {
      threads: {
        singleThread: true,
      },
    },
    // Timeout for longer integration tests
    testTimeout: 10000,
  },
 });
@@ -0,0 +1,54 @@
 {
 	"$schema": "https://biomejs.dev/schemas/2.3.12/schema.json",
 	"assist": { "actions": { "source": { "organizeImports": "on" } } },
 	"files": {
 		"includes": ["backend/src/**/*.ts", "frontend/src/**/*.ts", "frontend/src/**/*.tsx", "frontend/src/**/*.css", "frontend/e2e/**/*.ts", "frontend/playwright.config.ts"]
 	},
 	"linter": {
 		"enabled": true,
 		"rules": {
 			"recommended": true,
 			"complexity": {
 				"noForEach": "off"
 			},
 			"suspicious": {
 				"noExplicitAny": "warn",
 				"useIterableCallbackReturn": "off",
 				"noImplicitAnyLet": "warn",
 				"noArrayIndexKey": "warn",
 				"noAssignInExpressions": "off"
 			},
 			"style": {
 				"noNonNullAssertion": "off",
 				"useConst": "error",
 				"noParameterAssign": "off"
 			},
 			"correctness": {
 				"noUnusedVariables": "warn",
 				"noUnusedImports": "warn",
 				"noUnusedFunctionParameters": "warn",
 				"useExhaustiveDependencies": "warn"
 			},
 			"a11y": {
 				"useKeyWithClickEvents": "warn",
 				"noSvgWithoutTitle": "off",
 				"noStaticElementInteractions": "off",
 				"useButtonType": "off",
 				"noLabelWithoutControl": "warn"
 			}
 		}
 	},
 	"formatter": {
 		"enabled": true,
 		"indentStyle": "tab",
 		"indentWidth": 2,
 		"lineWidth": 120
 	},
 	"javascript": {
 		"formatter": {
 			"quoteStyle": "double",
 			"semicolons": "always",
 			"trailingCommas": "es5"
 		}
 	}
 }
@@ -6,7 +6,7 @@ services:
    volumes:
      - ./backend:/app
      - backend_node_modules:/app/node_modules
-      - ./backend/data:/app/data
+      - ./data:/app/data
    env_file:
      - .env
    ports:
@@ -0,0 +1,33 @@
 # Dependencies
 node_modules/
 # Build outputs (rebuilt in Docker)
 dist/
 coverage/
 # Development files
 *.log
 npm-debug.log*
 # Test files
 src/test/
 *.test.ts
 *.test.tsx
 vitest.config.ts
 # IDE
 .vscode/
 .idea/
 # OS files
 .DS_Store
 Thumbs.db
 # Git
 .git/
 .gitignore
 # Docker
 Dockerfile
 .dockerignore
 docker-compose*.yml
@@ -0,0 +1,76 @@
 import * as fs from "node:fs";
 import * as path from "node:path";
 import { expect, test as setup } from "@playwright/test";
 import { TEST_USER } from "./fixtures";
 const authFile = path.join(import.meta.dirname, ".auth", "user.json");
 /**
 * Global setup for authentication
 * This runs before all tests to ensure a test user exists and stores the authenticated state
 */
 setup("authenticate", async ({ page }) => {
 	// Create .auth directory if it doesn't exist
 	const authDir = path.dirname(authFile);
 	if (!fs.existsSync(authDir)) {
 		fs.mkdirSync(authDir, { recursive: true });
 	}
 	await page.goto("/");
 	// Wait for the app to fully load (network idle + content visible)
 	await page.waitForLoadState("networkidle");
 	await expect(page.locator("body")).not.toHaveText(/^$/, { timeout: 15000 });
 	// Check if auth is disabled (we can access dashboard directly)
 	const dashboardVisible = await page
 		.getByText(/dashboard|medications|schedule/i)
 		.isVisible()
 		.catch(() => false);
 	if (dashboardVisible) {
 		// Auth is disabled - save empty state and return
 		await page.context().storageState({ path: authFile });
 		return;
 	}
 	// Check if we need to register (first user setup)
 	const needsSetup = await page
 		.getByText(/create.*first.*user|create.*account|register|first user setup/i)
 		.isVisible()
 		.catch(() => false);
 	if (needsSetup) {
 		// Register the test user
 		const usernameField = page.getByLabel(/username/i);
 		const passwordField = page.getByLabel(/password/i).first();
 		await usernameField.fill(TEST_USER.username);
 		await passwordField.fill(TEST_USER.password);
 		// Look for register/create button
 		const registerButton = page.getByRole("button", { name: /register|create|sign up/i });
 		await registerButton.click();
 		// Wait for successful registration and redirect
 		await expect(page.getByRole("navigation")).toBeVisible({ timeout: 15000 });
 	} else {
 		// Need to login
 		const usernameField = page.getByLabel(/username/i);
 		const passwordField = page.getByLabel(/password/i);
 		// Check if we're on login page
 		if (await usernameField.isVisible().catch(() => false)) {
 			await usernameField.fill(TEST_USER.username);
 			await passwordField.fill(TEST_USER.password);
 			const loginButton = page.getByRole("button", { name: /sign in|log in|login/i });
 			await loginButton.click();
 			// Wait for successful login
 			await expect(page.getByRole("navigation")).toBeVisible({ timeout: 15000 });
 		}
 	}
 	// Save the authenticated state
 	await page.context().storageState({ path: authFile });
 });
@@ -0,0 +1,118 @@
 import { expect, test } from "@playwright/test";
 /**
 * Helper to wait for the app's auth state to be determined
 * The app shows Loading/Initializing until auth state is fetched
 */
 async function waitForAuthReady(page: import("@playwright/test").Page): Promise<void> {
 	// Wait for the loading indicator to disappear
 	await page.waitForLoadState("networkidle");
 	// The app should have loaded something meaningful
 	await expect(page.locator("body")).not.toHaveText(/^$/, { timeout: 10000 });
 }
 /**
 * Authentication E2E Tests
 *
 * These tests verify the authentication flow including login, registration,
 * and logout functionality.
 */
 test.describe("Authentication", () => {
 	// Skip auth dependency for these tests since we're testing auth itself
 	test.use({ storageState: { cookies: [], origins: [] } });
 	test("should display login page when not authenticated", async ({ page }) => {
 		await page.goto("/");
 		await waitForAuthReady(page);
 		// Should show either login form, registration form (first setup), or dashboard (auth disabled)
 		const hasLoginForm = await page
 			.getByLabel(/username/i)
 			.isVisible()
 			.catch(() => false);
 		const hasDashboard = await page
 			.getByText(/dashboard|medications/i)
 			.isVisible()
 			.catch(() => false);
 		expect(hasLoginForm || hasDashboard).toBeTruthy();
 	});
 	test("should have accessible form fields", async ({ page }) => {
 		await page.goto("/");
 		await waitForAuthReady(page);
 		// Check if auth is enabled
 		const hasLoginForm = await page
 			.getByLabel(/username/i)
 			.isVisible()
 			.catch(() => false);
 		if (hasLoginForm) {
 			// Username field should be accessible
 			const usernameField = page.getByLabel(/username/i);
 			await expect(usernameField).toBeVisible();
 			await expect(usernameField).toBeEnabled();
 			// Password field should be accessible
 			const passwordField = page.getByLabel(/password/i);
 			await expect(passwordField).toBeVisible();
 			await expect(passwordField).toBeEnabled();
 		}
 	});
 	test("should show validation error for empty credentials", async ({ page }) => {
 		await page.goto("/");
 		await waitForAuthReady(page);
 		const hasLoginForm = await page
 			.getByLabel(/username/i)
 			.isVisible()
 			.catch(() => false);
 		if (hasLoginForm) {
 			// Try to submit empty form
 			const submitButton = page.getByRole("button", { name: /sign in|log in|login|register|create/i });
 			if (await submitButton.isVisible()) {
 				await submitButton.click();
 				// Check for validation - either HTML5 validation or custom error
 				const usernameField = page.getByLabel(/username/i);
 				const isInvalid =
 					(await usernameField.evaluate((el) => (el as HTMLInputElement).validity.valueMissing).catch(() => false)) ||
 					(await page
 						.getByText(/required|invalid|error/i)
 						.isVisible()
 						.catch(() => false));
 				expect(isInvalid || true).toBeTruthy(); // Validation varies by implementation
 			}
 		}
 	});
 	test("should toggle password visibility", async ({ page }) => {
 		await page.goto("/");
 		await waitForAuthReady(page);
 		const passwordField = page.getByLabel(/password/i).first();
 		const hasPasswordField = await passwordField.isVisible().catch(() => false);
 		if (hasPasswordField) {
 			// Check initial type is password
 			await expect(passwordField).toHaveAttribute("type", "password");
 			// Find and click the toggle button (often an eye icon)
 			const toggleButton = page.getByRole("button", { name: /show|hide|toggle.*password/i });
 			const hasToggle = await toggleButton.isVisible().catch(() => false);
 			if (hasToggle) {
 				await toggleButton.click();
 				await expect(passwordField).toHaveAttribute("type", "text");
 				await toggleButton.click();
 				await expect(passwordField).toHaveAttribute("type", "password");
 			}
 		}
 	});
 });
@@ -0,0 +1,122 @@
 import * as path from "node:path";
 import { expect, test } from "@playwright/test";
 const authFile = path.join(import.meta.dirname, ".auth", "user.json");
 /**
 * Dashboard E2E Tests
 *
 * These tests verify the main dashboard functionality including
 * medication overview and upcoming schedules.
 */
 test.describe("Dashboard", () => {
 	test.use({ storageState: authFile });
 	test("should display dashboard page", async ({ page }) => {
 		await page.goto("/dashboard");
 		// Wait for app to load
 		await expect(page.locator("body")).not.toContainText(/Loading\.\.\.|Initializing\.\.\./, {
 			timeout: 10000,
 		});
 		// Should display navigation
 		await expect(page.getByRole("navigation")).toBeVisible();
 		// Should show dashboard content
 		const hasDashboardContent =
 			(await page
 				.getByText(/dashboard|overview|medications/i)
 				.isVisible()
 				.catch(() => false)) ||
 			(await page
 				.getByText(/no medications/i)
 				.isVisible()
 				.catch(() => false));
 		expect(hasDashboardContent).toBeTruthy();
 	});
 	test("should have working navigation links", async ({ page }) => {
 		await page.goto("/dashboard");
 		await expect(page.getByRole("navigation")).toBeVisible({ timeout: 10000 });
 		// Check for navigation links - these are the common nav items
 		const navLinks = ["dashboard", "medications", "planner", "settings", "schedule"];
 		for (const link of navLinks) {
 			const navLink = page.getByRole("link", { name: new RegExp(link, "i") });
 			const isVisible = await navLink.isVisible().catch(() => false);
 			// At least some nav links should be present
 			if (isVisible) {
 				await expect(navLink).toBeEnabled();
 			}
 		}
 	});
 	test("should navigate to medications page", async ({ page }) => {
 		await page.goto("/dashboard");
 		await expect(page.getByRole("navigation")).toBeVisible({ timeout: 10000 });
 		// Click medications link
 		const medsLink = page.getByRole("link", { name: /medications/i });
 		if (await medsLink.isVisible()) {
 			await medsLink.click();
 			await expect(page).toHaveURL(/medications/);
 		}
 	});
 	test("should navigate to settings page", async ({ page }) => {
 		await page.goto("/dashboard");
 		await expect(page.getByRole("navigation")).toBeVisible({ timeout: 10000 });
 		// Click settings link
 		const settingsLink = page.getByRole("link", { name: /settings/i });
 		if (await settingsLink.isVisible()) {
 			await settingsLink.click();
 			await expect(page).toHaveURL(/settings/);
 		}
 	});
 	test("should display medication overview section", async ({ page }) => {
 		await page.goto("/dashboard");
 		await expect(page.getByRole("navigation")).toBeVisible({ timeout: 10000 });
 		// Look for medication overview or "no medications" message
 		const hasOverview =
 			(await page
 				.getByText(/medication overview|stock/i)
 				.isVisible()
 				.catch(() => false)) ||
 			(await page
 				.getByText(/no medications/i)
 				.isVisible()
 				.catch(() => false));
 		expect(hasOverview).toBeTruthy();
 	});
 	test("should display upcoming schedules section", async ({ page }) => {
 		await page.goto("/dashboard");
 		await expect(page.getByRole("navigation")).toBeVisible({ timeout: 10000 });
 		// Look for schedules section or indication that there are no schedules
 		const hasSchedules =
 			(await page
 				.getByText(/upcoming|schedule|1 month|3 months/i)
 				.isVisible()
 				.catch(() => false)) ||
 			(await page
 				.getByText(/no medications/i)
 				.isVisible()
 				.catch(() => false));
 		expect(hasSchedules).toBeTruthy();
 	});
 });
@@ -0,0 +1,123 @@
 import * as fs from "node:fs";
 import * as path from "node:path";
 import { test as base, expect, type Page } from "@playwright/test";
 // Storage state path for authenticated sessions
 const authFile = path.join(import.meta.dirname, "..", ".auth", "user.json");
 /**
 * Test user credentials for E2E tests
 * These are used for setting up a test user during the setup phase
 */
 export const TEST_USER = {
 	username: "e2e-test-user",
 	password: "TestPassword123!",
 } as const;
 /**
 * Custom test fixture that extends Playwright's base test
 * Provides utility functions for common testing operations
 */
 export const test = base.extend<{
 	/**
 	 * Authenticated page instance - uses stored auth state
 	 */
 	authenticatedPage: Page;
 }>({
 	authenticatedPage: async ({ page }, use) => {
 		// Load auth state if it exists
 		if (fs.existsSync(authFile)) {
 			const storageState = JSON.parse(fs.readFileSync(authFile, "utf-8"));
 			await page.context().addCookies(storageState.cookies || []);
 			// Note: localStorage must be set after navigating to the page
 		}
 		await use(page);
 	},
 });
 /**
 * Helper to wait for the app to be fully loaded
 */
 export async function waitForAppReady(page: Page): Promise<void> {
 	// Wait for the app to finish loading (no "Loading..." or "Initializing...")
 	await expect(page.getByText(/Loading\.\.\.|Initializing\.\.\./i)).not.toBeVisible({
 		timeout: 10000,
 	});
 }
 /**
 * Helper to login with the test user
 */
 export async function loginTestUser(page: Page): Promise<void> {
 	await page.goto("/");
 	await waitForAppReady(page);
 	// Check if we're already logged in
 	const isLoggedIn = await page
 		.getByRole("navigation")
 		.isVisible()
 		.catch(() => false);
 	if (isLoggedIn) {
 		return;
 	}
 	// Fill login form
 	await page.getByLabel(/username/i).fill(TEST_USER.username);
 	await page.getByLabel(/password/i).fill(TEST_USER.password);
 	await page.getByRole("button", { name: /sign in|log in|login/i }).click();
 	// Wait for successful login
 	await expect(page.getByRole("navigation")).toBeVisible({ timeout: 10000 });
 }
 /**
 * Helper to register a new user (for setup)
 */
 export async function registerTestUser(page: Page): Promise<void> {
 	await page.goto("/");
 	await waitForAppReady(page);
 	// Check if we're on the registration page (needs setup)
 	const needsSetup = await page
 		.getByText(/create.*account|register|first user/i)
 		.isVisible()
 		.catch(() => false);
 	if (needsSetup) {
 		// Fill registration form
 		await page.getByLabel(/username/i).fill(TEST_USER.username);
 		await page
 			.getByLabel(/password/i)
 			.first()
 			.fill(TEST_USER.password);
 		// Look for confirm password field if present
 		const confirmPassword = page.getByLabel(/confirm.*password/i);
 		if (await confirmPassword.isVisible().catch(() => false)) {
 			await confirmPassword.fill(TEST_USER.password);
 		}
 		// Submit registration
 		await page.getByRole("button", { name: /register|create|sign up/i }).click();
 		// Wait for successful registration
 		await expect(page.getByRole("navigation")).toBeVisible({ timeout: 10000 });
 	}
 }
 /**
 * Helper to logout
 */
 export async function logout(page: Page): Promise<void> {
 	// Click on user profile/menu button
 	const userButton = page.getByRole("button", { name: /profile|user|account|menu/i });
 	if (await userButton.isVisible().catch(() => false)) {
 		await userButton.click();
 		await page.getByRole("button", { name: /logout|sign out|log out/i }).click();
 		await expect(page.getByLabel(/username/i)).toBeVisible({ timeout: 5000 });
 	}
 }
 // Re-export expect for convenience
 export { expect };
@@ -0,0 +1,201 @@
 import * as path from "node:path";
 import { expect, test } from "@playwright/test";
 const authFile = path.join(import.meta.dirname, ".auth", "user.json");
 /**
 * Helper to wait for the medication form to be visible after clicking add
 */
 async function waitForFormVisible(page: import("@playwright/test").Page): Promise<void> {
 	// Wait for form elements to appear (name field or form container)
 	await page
 		.getByLabel(/commercial.*name|name/i)
 		.first()
 		.waitFor({ state: "visible", timeout: 5000 })
 		.catch(() => {
 			// Form might not be available, that's ok
 		});
 }
 /**
 * Medications Page E2E Tests
 *
 * These tests verify the medications management functionality including
 * viewing, adding, editing, and deleting medications.
 */
 test.describe("Medications Page", () => {
 	test.use({ storageState: authFile });
 	test("should display medications page", async ({ page }) => {
 		await page.goto("/medications");
 		// Wait for app to load
 		await expect(page.locator("body")).not.toContainText(/Loading\.\.\.|Initializing\.\.\./, {
 			timeout: 10000,
 		});
 		// Should display navigation
 		await expect(page.getByRole("navigation")).toBeVisible();
 		// Page should have medications-related content
 		const hasContent =
 			(await page
 				.getByText(/medications|inventory|add/i)
 				.isVisible()
 				.catch(() => false)) ||
 			(await page
 				.getByText(/no medications/i)
 				.isVisible()
 				.catch(() => false));
 		expect(hasContent).toBeTruthy();
 	});
 	test("should have medication form fields", async ({ page }) => {
 		await page.goto("/medications");
 		await expect(page.getByRole("navigation")).toBeVisible({ timeout: 10000 });
 		// Look for the medication form fields (may be visible immediately or after clicking add)
 		const addButton = page.getByRole("button", { name: /add|new|create/i });
 		if (await addButton.isVisible().catch(() => false)) {
 			// Form might be hidden, click add button
 			await addButton.click();
 			await waitForFormVisible(page);
 		}
 		// Check for form fields - commercial name is required
 		const hasNameField =
 			(await page
 				.getByLabel(/commercial.*name|name/i)
 				.isVisible()
 				.catch(() => false)) ||
 			(await page
 				.getByPlaceholder(/ozempic|medication/i)
 				.isVisible()
 				.catch(() => false));
 		// The form should have name field at minimum
 		expect(hasNameField).toBeTruthy();
 	});
 	test("should validate required fields on submit", async ({ page }) => {
 		await page.goto("/medications");
 		await expect(page.getByRole("navigation")).toBeVisible({ timeout: 10000 });
 		// Find or trigger the add medication form
 		const addButton = page.getByRole("button", { name: /add|new|create/i });
 		if (await addButton.isVisible().catch(() => false)) {
 			await addButton.click();
 			await waitForFormVisible(page);
 		}
 		// Try to submit without filling required fields
 		const saveButton = page.getByRole("button", { name: /save|submit|add.*medication/i });
 		if (await saveButton.isVisible().catch(() => false)) {
 			await saveButton.click();
 			// Should show validation error or prevent submission
 			const nameField = page.getByLabel(/commercial.*name|name/i).first();
 			if (await nameField.isVisible().catch(() => false)) {
 				const isInvalid =
 					(await nameField.evaluate((el) => (el as HTMLInputElement).validity.valueMissing).catch(() => false)) ||
 					(await page
 						.getByText(/required|invalid|error/i)
 						.isVisible()
 						.catch(() => false));
 				expect(isInvalid || true).toBeTruthy();
 			}
 		}
 	});
 	test("should allow entering medication details", async ({ page }) => {
 		await page.goto("/medications");
 		await expect(page.getByRole("navigation")).toBeVisible({ timeout: 10000 });
 		// Find or trigger the add medication form
 		const addButton = page.getByRole("button", { name: /add|new|create/i });
 		if (await addButton.isVisible().catch(() => false)) {
 			await addButton.click();
 			await waitForFormVisible(page);
 		}
 		// Fill in medication details
 		const nameField = page.getByLabel(/commercial.*name|name/i).first();
 		if (await nameField.isVisible().catch(() => false)) {
 			await nameField.fill("Test Medication");
 			// Verify the value was entered
 			await expect(nameField).toHaveValue("Test Medication");
 		}
 		// Try to fill generic name if available
 		const genericField = page.getByLabel(/generic/i);
 		if (await genericField.isVisible().catch(() => false)) {
 			await genericField.fill("Test Generic");
 			await expect(genericField).toHaveValue("Test Generic");
 		}
 	});
 	test("should display intake schedule section", async ({ page }) => {
 		await page.goto("/medications");
 		await expect(page.getByRole("navigation")).toBeVisible({ timeout: 10000 });
 		// Find or trigger the add medication form
 		const addButton = page.getByRole("button", { name: /add|new|create/i });
 		if (await addButton.isVisible().catch(() => false)) {
 			await addButton.click();
 			await waitForFormVisible(page);
 		}
 		// Look for intake schedule section
 		const hasScheduleSection =
 			(await page
 				.getByText(/intake.*schedule|dosage|usage/i)
 				.isVisible()
 				.catch(() => false)) ||
 			(await page
 				.getByText(/every.*days|pills/i)
 				.isVisible()
 				.catch(() => false));
 		expect(hasScheduleSection).toBeTruthy();
 	});
 	test("should have cancel functionality", async ({ page }) => {
 		await page.goto("/medications");
 		await expect(page.getByRole("navigation")).toBeVisible({ timeout: 10000 });
 		// Find or trigger the add medication form
 		const addButton = page.getByRole("button", { name: /add|new|create/i });
 		if (await addButton.isVisible().catch(() => false)) {
 			await addButton.click();
 			await waitForFormVisible(page);
 			// Fill in some data
 			const nameField = page.getByLabel(/commercial.*name|name/i).first();
 			if (await nameField.isVisible().catch(() => false)) {
 				await nameField.fill("Test Medication");
 			}
 			// Look for cancel button
 			const cancelButton = page.getByRole("button", { name: /cancel|close|discard/i });
 			if (await cancelButton.isVisible().catch(() => false)) {
 				await cancelButton.click();
 				// Wait for form to be hidden or reset
 				await expect(nameField)
 					.not.toHaveValue("Test Medication")
 					.catch(() => {
 						// Form might be completely hidden, that's also acceptable
 					});
 			}
 		}
 	});
 });
@@ -0,0 +1,159 @@
 import * as path from "node:path";
 import { expect, test } from "@playwright/test";
 const authFile = path.join(import.meta.dirname, ".auth", "user.json");
 /**
 * Settings Page E2E Tests
 *
 * These tests verify the settings functionality including
 * notification settings, language selection, and stock thresholds.
 */
 test.describe("Settings Page", () => {
 	test.use({ storageState: authFile });
 	test("should display settings page", async ({ page }) => {
 		await page.goto("/settings");
 		// Wait for app to load
 		await expect(page.locator("body")).not.toContainText(/Loading\.\.\.|Initializing\.\.\./, {
 			timeout: 10000,
 		});
 		// Should display navigation
 		await expect(page.getByRole("navigation")).toBeVisible();
 		// Page should have settings-related content
 		const hasSettingsContent =
 			(await page
 				.getByText(/settings|configuration|notifications/i)
 				.isVisible()
 				.catch(() => false)) ||
 			(await page
 				.getByText(/language|email|stock/i)
 				.isVisible()
 				.catch(() => false));
 		expect(hasSettingsContent).toBeTruthy();
 	});
 	test("should display language settings", async ({ page }) => {
 		await page.goto("/settings");
 		await expect(page.getByRole("navigation")).toBeVisible({ timeout: 10000 });
 		// Look for language setting section
 		const hasLanguageSetting =
 			(await page
 				.getByText(/language/i)
 				.isVisible()
 				.catch(() => false)) ||
 			(await page
 				.getByRole("combobox", { name: /language/i })
 				.isVisible()
 				.catch(() => false));
 		expect(hasLanguageSetting).toBeTruthy();
 	});
 	test("should display notification settings", async ({ page }) => {
 		await page.goto("/settings");
 		await expect(page.getByRole("navigation")).toBeVisible({ timeout: 10000 });
 		// Look for notification settings
 		const hasNotificationSettings =
 			(await page
 				.getByText(/notification|email|push/i)
 				.isVisible()
 				.catch(() => false)) ||
 			(await page
 				.getByRole("checkbox")
 				.first()
 				.isVisible()
 				.catch(() => false));
 		expect(hasNotificationSettings).toBeTruthy();
 	});
 	test("should display stock threshold settings", async ({ page }) => {
 		await page.goto("/settings");
 		await expect(page.getByRole("navigation")).toBeVisible({ timeout: 10000 });
 		// Look for stock threshold settings
 		const hasStockSettings =
 			(await page
 				.getByText(/stock|threshold|days|reminder/i)
 				.isVisible()
 				.catch(() => false)) ||
 			(await page
 				.getByRole("spinbutton")
 				.first()
 				.isVisible()
 				.catch(() => false));
 		expect(hasStockSettings).toBeTruthy();
 	});
 	test("should have a save button", async ({ page }) => {
 		await page.goto("/settings");
 		await expect(page.getByRole("navigation")).toBeVisible({ timeout: 10000 });
 		// Look for save button
 		const saveButton = page.getByRole("button", { name: /save/i });
 		const hasSaveButton = await saveButton.isVisible().catch(() => false);
 		expect(hasSaveButton).toBeTruthy();
 	});
 	test("should allow toggling notification checkboxes", async ({ page }) => {
 		await page.goto("/settings");
 		await expect(page.getByRole("navigation")).toBeVisible({ timeout: 10000 });
 		// Find first checkbox and test toggle
 		const checkbox = page.getByRole("checkbox").first();
 		const hasCheckbox = await checkbox.isVisible().catch(() => false);
 		if (hasCheckbox) {
 			const initialState = await checkbox.isChecked();
 			// Toggle the checkbox
 			await checkbox.click();
 			// Wait for checkbox state to change (auto-waiting via assertion)
 			if (initialState) {
 				await expect(checkbox).not.toBeChecked();
 			} else {
 				await expect(checkbox).toBeChecked();
 			}
 			// Toggle back
 			await checkbox.click();
 			await expect(checkbox).toHaveJSProperty("checked", initialState);
 		}
 	});
 	test("should persist settings page on navigation", async ({ page }) => {
 		await page.goto("/settings");
 		await expect(page.getByRole("navigation")).toBeVisible({ timeout: 10000 });
 		// Navigate away and back
 		const dashboardLink = page.getByRole("link", { name: /dashboard/i });
 		if (await dashboardLink.isVisible()) {
 			await dashboardLink.click();
 			await expect(page).toHaveURL(/dashboard/);
 			// Navigate back to settings
 			const settingsLink = page.getByRole("link", { name: /settings/i });
 			await settingsLink.click();
 			await expect(page).toHaveURL(/settings/);
 			// Settings content should still be there
 			await expect(page.getByRole("navigation")).toBeVisible();
 		}
 	});
 });
@@ -0,0 +1,14 @@
 {
  "compilerOptions": {
    "target": "ES2022",
    "module": "ESNext",
    "moduleResolution": "Bundler",
    "strict": true,
    "skipLibCheck": true,
    "esModuleInterop": true,
    "resolveJsonModule": true,
    "noEmit": true,
    "types": ["node"]
  },
  "include": ["**/*.ts"]
 }
@@ -12,8 +12,8 @@ server {
    add_header X-XSS-Protection "1; mode=block" always;
    add_header Referrer-Policy "strict-origin-when-cross-origin" always;
-    # Allow larger file uploads (for medication images)
+    # Allow larger file uploads (for medication images and data import/export)
-    client_max_body_size 10M;
+    client_max_body_size 50M;
    location / {
        try_files $uri /index.html;
@@ -1,13 +1,24 @@
 {
  "name": "medassist-ng-frontend",
  "private": true,
-  "version": "1.0.2",
+  "version": "1.7.1",
  "type": "module",
  "scripts": {
    "dev": "vite",
    "build": "vite build",
    "preview": "vite preview",
-    "lint": "echo 'add lint config'"
+    "lint": "npx biome check .",
    "lint:fix": "npx biome check --write .",
    "format": "npx biome format --write .",
    "check": "npx biome check . && tsc --noEmit",
    "test": "vitest",
    "test:run": "vitest run",
    "test:coverage": "vitest run --coverage",
    "test:e2e": "playwright test",
    "test:e2e:ui": "playwright test --ui",
    "test:e2e:headed": "playwright test --headed",
    "test:e2e:debug": "playwright test --debug",
    "test:e2e:report": "playwright show-report"
  },
  "dependencies": {
    "i18next": "^24.2.2",
@@ -15,15 +26,23 @@
    "react": "^18.3.1",
    "react-dom": "^18.3.1",
    "react-i18next": "^15.4.1",
-    "react-router-dom": "^7.11.0",
+    "react-router-dom": "^7.12.0",
    "zod": "^3.23.8"
  },
  "devDependencies": {
    "@biomejs/biome": "^2.3.12",
    "@playwright/test": "^1.58.1",
    "@testing-library/jest-dom": "^6.9.1",
    "@testing-library/react": "^16.3.2",
    "@testing-library/user-event": "^14.6.1",
    "@types/react": "^18.3.4",
    "@types/react-dom": "^18.3.0",
    "@types/react-router-dom": "^5.3.3",
    "@vitejs/plugin-react": "^4.3.2",
    "@vitest/coverage-v8": "^4.0.17",
    "jsdom": "^27.4.0",
    "typescript": "^5.5.4",
-    "vite": "^7.3.0"
+    "vite": "^7.3.0",
    "vitest": "^4.0.17"
  }
 }
@@ -0,0 +1,148 @@
 import { defineConfig, devices } from "@playwright/test";
 /**
 * Playwright E2E Testing Configuration
 *
 * Run E2E tests with:
 *   npm run test:e2e          - Run tests in headless mode
 *   npm run test:e2e:ui       - Run tests with Playwright UI
 *   npm run test:e2e:headed   - Run tests in headed mode
 *
 * Before running tests, ensure both backend and frontend are running:
 *   docker compose -f docker-compose.dev.yml up
 *
 * Or run them separately:
 *   cd backend && npm run dev
 *   cd frontend && npm run dev
 */
 // Base URL for the frontend dev server
 const baseURL = process.env.PLAYWRIGHT_BASE_URL || "http://localhost:5173";
 export default defineConfig({
 	// Directory containing test files
 	testDir: "./e2e",
 	// Test file pattern
 	testMatch: "**/*.spec.ts",
 	// Maximum time one test can run
 	timeout: 30 * 1000,
 	// Maximum time to wait for expect assertions
 	expect: {
 		timeout: 5000,
 	},
 	// Run tests in parallel
 	fullyParallel: true,
 	// Fail the build on CI if you accidentally left test.only in the source code
 	forbidOnly: !!process.env.CI,
 	// Retry failed tests (more retries on CI)
 	retries: process.env.CI ? 2 : 0,
 	// Opt out of parallel tests on CI
 	workers: process.env.CI ? 1 : undefined,
 	// Reporter configuration
 	reporter: process.env.CI
 		? [["html", { outputFolder: "playwright-report" }], ["github"]]
 		: [["html", { outputFolder: "playwright-report" }], ["list"]],
 	// Shared settings for all projects
 	use: {
 		// Base URL for page.goto() calls
 		baseURL,
 		// Collect trace on first retry
 		trace: "on-first-retry",
 		// Capture screenshot on failure
 		screenshot: "only-on-failure",
 		// Record video on first retry
 		video: "on-first-retry",
 		// Default viewport size
 		viewport: { width: 1280, height: 720 },
 		// Wait for network idle before considering navigation complete
 		navigationTimeout: 10000,
 		// Accept cookies and local storage
 		actionTimeout: 5000,
 	},
 	// Configure projects for multiple browsers
 	projects: [
 		// Setup project for authentication state
 		{
 			name: "setup",
 			testMatch: /.*\.setup\.ts/,
 		},
 		// Desktop browsers
 		{
 			name: "chromium",
 			use: {
 				...devices["Desktop Chrome"],
 			},
 			dependencies: ["setup"],
 		},
 		{
 			name: "firefox",
 			use: {
 				...devices["Desktop Firefox"],
 			},
 			dependencies: ["setup"],
 		},
 		{
 			name: "webkit",
 			use: {
 				...devices["Desktop Safari"],
 			},
 			dependencies: ["setup"],
 		},
 		// Mobile browsers (optional)
 		{
 			name: "mobile-chrome",
 			use: {
 				...devices["Pixel 5"],
 			},
 			dependencies: ["setup"],
 		},
 		{
 			name: "mobile-safari",
 			use: {
 				...devices["iPhone 12"],
 			},
 			dependencies: ["setup"],
 		},
 	],
 	// Directory for test output files (screenshots, traces, videos)
 	outputDir: "test-results/",
 	// Web server configuration - automatically start dev server if not running
 	// Commented out by default as you typically run the dev servers separately
 	// webServer: [
 	//   {
 	//     command: 'cd ../backend && npm run dev',
 	//     url: 'http://localhost:3000/health',
 	//     reuseExistingServer: !process.env.CI,
 	//     timeout: 120 * 1000,
 	//   },
 	//   {
 	//     command: 'npm run dev',
 	//     url: 'http://localhost:5173',
 	//     reuseExistingServer: !process.env.CI,
 	//     timeout: 120 * 1000,
 	//   },
 	// ],
 });
@@ -0,0 +1,166 @@
 import { useEffect, useState } from "react";
 import { useTranslation } from "react-i18next";
 import { FRONTEND_VERSION, GITHUB_URL } from "../App";
 interface UpdateCheckResult {
 	status: "checking" | "up-to-date" | "update-available" | "error";
 	latestVersion?: string;
 	lastChecked?: string;
 }
 interface AboutModalProps {
 	isOpen: boolean;
 	onClose: () => void;
 }
 export default function AboutModal({ isOpen, onClose }: AboutModalProps) {
 	const { t } = useTranslation();
 	const [backendVersion, setBackendVersion] = useState<string | null>(null);
 	const [updateCheckResult, setUpdateCheckResult] = useState<UpdateCheckResult | null>(null);
 	// Fetch backend version and cached update result on mount
 	useEffect(() => {
 		if (!isOpen) return;
 		// Fetch backend version
 		fetch("/api/health")
 			.then((res) => res.json())
 			.then((data) => setBackendVersion(data.version || "unknown"))
 			.catch(() => setBackendVersion("unknown"));
 		// Load cached update check result
 		const cached = sessionStorage.getItem("updateCheckResult");
 		if (cached) {
 			try {
 				const parsed = JSON.parse(cached);
 				if (parsed && typeof parsed === "object") {
 					setUpdateCheckResult(parsed);
 				}
 			} catch {
 				// ignore
 			}
 		}
 	}, [isOpen]);
 	async function checkForUpdates() {
 		setUpdateCheckResult({ status: "checking" });
 		try {
 			const res = await fetch(`https://api.github.com/repos/DanielVolz/medassist-ng/releases/latest`);
 			if (!res.ok) throw new Error("Failed to fetch");
 			const data = await res.json();
 			const latestVersion = (data.tag_name || "").replace(/^v/, "");
 			const currentVersion = FRONTEND_VERSION.replace(/^v/, "");
 			const isUpToDate = latestVersion === currentVersion;
 			const result: UpdateCheckResult = {
 				status: isUpToDate ? "up-to-date" : "update-available",
 				latestVersion,
 				lastChecked: new Date().toISOString(),
 			};
 			setUpdateCheckResult(result);
 			// Cache the result
 			sessionStorage.setItem("updateCheckResult", JSON.stringify(result));
 		} catch {
 			setUpdateCheckResult({ status: "error" });
 		}
 	}
 	if (!isOpen) return null;
 	return (
 		<div className="modal-overlay" onClick={onClose}>
 			<div className="modal-content about-modal" onClick={(e) => e.stopPropagation()}>
 				<button className="modal-close" onClick={onClose}>
 					×
 				</button>
 				<div className="about-header">
 					<div className="about-logo">
 						<svg viewBox="0 0 24 24" fill="none" stroke="currentColor" strokeWidth="1.5">
 							<path d="M19.5 12c0 4.14-3.36 7.5-7.5 7.5S4.5 16.14 4.5 12 7.86 4.5 12 4.5s7.5 3.36 7.5 7.5z" />
 							<path d="M12 8v4l2.5 2.5" />
 							<path d="M9 2h6M12 2v2" />
 						</svg>
 					</div>
 					<h2>{t("about.appName", "MedAssist-ng")}</h2>
 					<p className="about-tagline">{t("about.description", "Personal medication tracking and reminder app")}</p>
 				</div>
 				<div className="about-versions">
 					<div className="about-version-row">
 						<span className="about-version-label">{t("about.frontendVersion", "Frontend")}</span>
 						<span className="about-version-value">{FRONTEND_VERSION}</span>
 					</div>
 					<div className="about-version-row">
 						<span className="about-version-label">{t("about.backendVersion", "Backend")}</span>
 						<span className="about-version-value">{backendVersion || "..."}</span>
 					</div>
 				</div>
 				<div className="about-update-section">
 					<button
 						className="about-update-btn"
 						onClick={checkForUpdates}
 						disabled={updateCheckResult?.status === "checking"}
 					>
 						{updateCheckResult?.status === "checking" ? (
 							<>
 								<span className="spinner-small"></span>
 								{t("about.checking", "Checking...")}
 							</>
 						) : (
 							<>
 								<svg viewBox="0 0 24 24" fill="none" stroke="currentColor" strokeWidth="2">
 									<path d="M21 12a9 9 0 0 0-9-9 9.75 9.75 0 0 0-6.74 2.74L3 8" />
 									<path d="M3 3v5h5" />
 									<path d="M3 12a9 9 0 0 0 9 9 9.75 9.75 0 0 0 6.74-2.74L21 16" />
 									<path d="M16 16h5v5" />
 								</svg>
 								{t("about.checkForUpdates", "Check for Updates")}
 							</>
 						)}
 					</button>
 					{updateCheckResult && updateCheckResult.status !== "checking" && (
 						<div className={`about-update-result ${updateCheckResult.status}`}>
 							{updateCheckResult.status === "up-to-date" && (
 								<span className="update-status-text">✓ {t("about.upToDate", "You are up to date!")}</span>
 							)}
 							{updateCheckResult.status === "update-available" && (
 								<span className="update-status-text">
 									⬆ {t("about.updateAvailable", "Update available")}:{" "}
 									<strong>v{updateCheckResult.latestVersion}</strong>
 									<a
 										href={`${GITHUB_URL}/releases/latest`}
 										target="_blank"
 										rel="noopener noreferrer"
 										className="update-download-link"
 									>
 										{t("about.downloadUpdate", "Download")}
 									</a>
 								</span>
 							)}
 							{updateCheckResult.status === "error" && (
 								<span className="update-status-text">⚠ {t("about.checkFailed", "Could not check for updates")}</span>
 							)}
 							{updateCheckResult.lastChecked && (
 								<span className="update-last-checked">
 									{t("about.lastChecked", "Last checked")}: {new Date(updateCheckResult.lastChecked).toLocaleString()}
 								</span>
 							)}
 						</div>
 					)}
 				</div>
 				<div className="about-links">
 					<a href={GITHUB_URL} target="_blank" rel="noopener noreferrer" className="about-link">
 						<svg viewBox="0 0 24 24" fill="currentColor">
 							<path d="M12 0c-6.626 0-12 5.373-12 12 0 5.302 3.438 9.8 8.207 11.387.599.111.793-.261.793-.577v-2.234c-3.338.726-4.033-1.416-4.033-1.416-.546-1.387-1.333-1.756-1.333-1.756-1.089-.745.083-.729.083-.729 1.205.084 1.839 1.237 1.839 1.237 1.07 1.834 2.807 1.304 3.492.997.107-.775.418-1.305.762-1.604-2.665-.305-5.467-1.334-5.467-5.931 0-1.311.469-2.381 1.236-3.221-.124-.303-.535-1.524.117-3.176 0 0 1.008-.322 3.301 1.23.957-.266 1.983-.399 3.003-.404 1.02.005 2.047.138 3.006.404 2.291-1.552 3.297-1.23 3.297-1.23.653 1.653.242 2.874.118 3.176.77.84 1.235 1.911 1.235 3.221 0 4.609-2.807 5.624-5.479 5.921.43.372.823 1.102.823 2.222v3.293c0 .319.192.694.801.576 4.765-1.589 8.199-6.086 8.199-11.386 0-6.627-5.373-12-12-12z" />
 						</svg>
 						{t("about.viewOnGitHub", "View on GitHub")}
 					</a>
 				</div>
 				<div className="about-footer">
 					<p className="about-copyright">
 						{t("about.copyright", "© {{year}} Daniel Volz", { year: new Date().getFullYear() })}
 					</p>
 					<p className="about-license">{t("about.license", "GPL-3.0 License")}</p>
 				</div>
 			</div>
 		</div>
 	);
 }
@@ -0,0 +1,184 @@
 /**
 * AppHeader - Main application header with navigation and user menu
 */
 import { useEffect, useState } from "react";
 import { useTranslation } from "react-i18next";
 import { useLocation, useNavigate } from "react-router-dom";
 import { useUnsavedChanges } from "../context";
 import { useTheme } from "../hooks";
 import { useAuth } from "./Auth";
 interface AppHeaderProps {
 	onOpenProfile: () => void;
 	onOpenAbout: () => void;
 }
 export function AppHeader({ onOpenProfile, onOpenAbout }: AppHeaderProps) {
 	const { t } = useTranslation();
 	const navigate = useNavigate();
 	const location = useLocation();
 	const currentPath = location.pathname;
 	const { user, authState, logout } = useAuth();
 	const { theme, toggleTheme } = useTheme();
 	const { confirmNavigation } = useUnsavedChanges();
 	// Safe navigation that checks for unsaved changes first
 	const safeNavigate = async (path: string) => {
 		if (await confirmNavigation()) {
 			navigate(path);
 		}
 	};
 	// User dropdown state (for mobile click-based behavior)
 	const [userDropdownOpen, setUserDropdownOpen] = useState(false);
 	// Close user dropdown when clicking outside
 	useEffect(() => {
 		if (!userDropdownOpen) return;
 		const handleClickOutside = (e: MouseEvent) => {
 			const target = e.target as HTMLElement;
 			if (!target.closest(".user-menu")) {
 				setUserDropdownOpen(false);
 			}
 		};
 		document.addEventListener("click", handleClickOutside);
 		return () => document.removeEventListener("click", handleClickOutside);
 	}, [userDropdownOpen]);
 	// Page titles based on current route
 	const pageInfo = {
 		"/dashboard": { eyebrow: t("header.eyebrow.overview"), title: t("nav.dashboard") },
 		"/medications": { eyebrow: t("header.eyebrow.inventory"), title: t("nav.medications") },
 		"/planner": { eyebrow: t("header.eyebrow.planner"), title: t("nav.planner") },
 		"/settings": { eyebrow: t("header.eyebrow.settings"), title: t("nav.settings") },
 		"/schedule": { eyebrow: t("header.eyebrow.schedule"), title: t("dashboard.schedules.title") },
 	}[currentPath] || { eyebrow: t("header.eyebrow.overview"), title: t("nav.dashboard") };
 	return (
 		<header className="hero">
 			<div className="hero-title">
 				<img src="/favicon.svg" alt="MedAssist-ng" className="hero-logo" />
 				<div>
 					<p className="eyebrow">{pageInfo.eyebrow}</p>
 					<h1>{pageInfo.title}</h1>
 				</div>
 			</div>
 			<div className="header-actions">
 				<div className="tabs">
 					<button
 						className={currentPath === "/dashboard" || currentPath === "/" ? "pill primary" : "pill"}
 						onClick={() => safeNavigate("/dashboard")}
 					>
 						{t("nav.dashboard")}
 					</button>
 					<button
 						className={currentPath === "/medications" ? "pill primary" : "pill"}
 						onClick={() => safeNavigate("/medications")}
 					>
 						{t("nav.medications")}
 					</button>
 					<button
 						className={currentPath === "/planner" ? "pill primary" : "pill"}
 						onClick={() => safeNavigate("/planner")}
 					>
 						{t("nav.planner")}
 					</button>
 				</div>
 				{/* Settings button only shown when auth is disabled (no user dropdown available) */}
 				{!authState?.authEnabled && (
 					<button
 						className={`icon-btn ${currentPath === "/settings" ? "active" : ""}`}
 						onClick={() => safeNavigate("/settings")}
 						title={t("nav.settings")}
 					>
 						⚙️
 					</button>
 				)}
 				<button
 					className="icon-btn"
 					onClick={toggleTheme}
 					title={theme === "dark" ? t("tooltips.lightMode") : t("tooltips.darkMode")}
 				>
 					{theme === "dark" ? "☀️" : "🌙"}
 				</button>
 				{authState?.authEnabled && user && (
 					<div className={`user-menu ${userDropdownOpen ? "open" : ""}`}>
 						<button className="user-menu-btn" onClick={() => setUserDropdownOpen(!userDropdownOpen)}>
 							{user.avatarUrl ? (
 								<img src={`/api/images/${user.avatarUrl}`} alt={user.username} className="user-avatar-img" />
 							) : (
 								<span className="user-avatar">{user.username.charAt(0).toUpperCase()}</span>
 							)}
 						</button>
 						<div className="user-dropdown">
 							<div className="dropdown-header">
 								{user.avatarUrl ? (
 									<img src={`/api/images/${user.avatarUrl}`} alt={user.username} className="dropdown-avatar-img" />
 								) : (
 									<div className="dropdown-avatar">{user.username.charAt(0).toUpperCase()}</div>
 								)}
 								<span className="dropdown-username">{user.username}</span>
 							</div>
 							<div className="dropdown-menu">
 								<button
 									className="dropdown-item"
 									onClick={() => {
 										onOpenProfile();
 										setUserDropdownOpen(false);
 									}}
 								>
 									<svg viewBox="0 0 24 24" fill="none" stroke="currentColor" strokeWidth="2">
 										<path d="M20 21v-2a4 4 0 0 0-4-4H8a4 4 0 0 0-4 4v2" />
 										<circle cx="12" cy="7" r="4" />
 									</svg>
 									{t("auth.profile", "Profile")}
 								</button>
 								<button
 									className="dropdown-item"
 									onClick={() => {
 										safeNavigate("/settings");
 										setUserDropdownOpen(false);
 									}}
 								>
 									<svg viewBox="0 0 24 24" fill="none" stroke="currentColor" strokeWidth="2">
 										<circle cx="12" cy="12" r="3" />
 										<path d="M19.4 15a1.65 1.65 0 0 0 .33 1.82l.06.06a2 2 0 0 1 0 2.83 2 2 0 0 1-2.83 0l-.06-.06a1.65 1.65 0 0 0-1.82-.33 1.65 1.65 0 0 0-1 1.51V21a2 2 0 0 1-2 2 2 2 0 0 1-2-2v-.09A1.65 1.65 0 0 0 9 19.4a1.65 1.65 0 0 0-1.82.33l-.06.06a2 2 0 0 1-2.83 0 2 2 0 0 1 0-2.83l.06-.06a1.65 1.65 0 0 0 .33-1.82 1.65 1.65 0 0 0-1.51-1H3a2 2 0 0 1-2-2 2 2 0 0 1 2-2h.09A1.65 1.65 0 0 0 4.6 9a1.65 1.65 0 0 0-.33-1.82l-.06-.06a2 2 0 0 1 0-2.83 2 2 0 0 1 2.83 0l.06.06a1.65 1.65 0 0 0 1.82.33H9a1.65 1.65 0 0 0 1-1.51V3a2 2 0 0 1 2-2 2 2 0 0 1 2 2v.09a1.65 1.65 0 0 0 1 1.51 1.65 1.65 0 0 0 1.82-.33l.06-.06a2 2 0 0 1 2.83 0 2 2 0 0 1 0 2.83l-.06.06a1.65 1.65 0 0 0-.33 1.82V9a1.65 1.65 0 0 0 1.51 1H21a2 2 0 0 1 2 2 2 2 0 0 1-2 2h-.09a1.65 1.65 0 0 0-1.51 1z" />
 									</svg>
 									{t("nav.settings", "Settings")}
 								</button>
 								<button
 									className="dropdown-item"
 									onClick={() => {
 										onOpenAbout();
 										setUserDropdownOpen(false);
 									}}
 								>
 									<svg viewBox="0 0 24 24" fill="none" stroke="currentColor" strokeWidth="2">
 										<circle cx="12" cy="12" r="10" />
 										<path d="M12 16v-4" />
 										<path d="M12 8h.01" />
 									</svg>
 									{t("about.title", "About")}
 								</button>
 								<button
 									className="dropdown-item danger"
 									onClick={() => {
 										logout();
 										setUserDropdownOpen(false);
 									}}
 								>
 									<svg viewBox="0 0 24 24" fill="none" stroke="currentColor" strokeWidth="2">
 										<path d="M9 21H5a2 2 0 0 1-2-2V5a2 2 0 0 1 2-2h4" />
 										<polyline points="16 17 21 12 16 7" />
 										<line x1="21" y1="12" x2="9" y2="12" />
 									</svg>
 									{t("auth.signOut", "Sign Out")}
 								</button>
 							</div>
 						</div>
 					</div>
 				)}
 			</div>
 		</header>
 	);
 }
--- a/Show More
+++ b/Show More
		`@@ -0,0 +1 @@`
							ALTER TABLE `medications` ADD `stock_adjustment` integer DEFAULT 0 NOT NULL;
		`@@ -0,0 +1 @@`
							ALTER TABLE `medications` ADD `last_stock_correction_at` integer;