Merge branch 'main' of github.com:DanielVolz/medassist-ng

* 'main' of github.com:DanielVolz/medassist-ng: chore: release v1.4.1 (#59)
Merge branch 'main' of git.danielvolz.org:daniel/medassist-ng
2026-01-20 19:35:03 +01:00 · 2026-01-20 19:32:48 +01:00 · 2026-01-18 15:12:50 +01:00
237 changed files with 26624 additions and 72345 deletions
@@ -12,13 +12,6 @@ PGID=1000
 PORT=3000
 CORS_ORIGINS=http://localhost:4174
 LOG_LEVEL=info
 # Levels: debug, info, warn, error, silent
 # Controls: backend Fastify logging, frontend nginx access logs (Docker),
 #           and frontend browser console (via build-time injection)
 # Rate limit: max requests per minute per IP (default: 100)
 # Increase for development/testing environments
 # RATE_LIMIT_MAX=100
 # Timezone for scheduled reminders (e.g., Europe/Berlin, America/New_York)
 TZ=Europe/Berlin
@@ -125,5 +118,4 @@ EXPIRY_WARNING_DAYS=30            # Days before expiry to show yellow warning
 # UI defaults
 # DEFAULT_LANGUAGE=en              # en or de
-# DEFAULT_STOCK_CALCULATION_MODE=automatic  # automatic or manual
+# DEFAULT_STOCK_CALCULATION_MODE=automatic  # automatic or manual
 # DEFAULT_SHARE_STOCK_STATUS=true  # Show stock status on shared schedule links
@@ -1,512 +0,0 @@
 ---
 name: release-manager
 description: Manages the full release lifecycle - from branching and PRs through versioning and GitHub release notes. Use when code changes are complete and ready to ship.
 argument-hint: Describe what was changed, e.g., "fix stock correction bug" or "new refill tracking feature"
 ---
 # Release Manager Agent
 You are the release manager for **MedAssist-ng**. Your job is to guide code from "done" to "released" following the project's strict branch protection, CI pipeline, and semantic versioning rules.
 **All output (commits, PR titles, release notes) MUST be in English**, even if the user communicates in German.
 ## Critical Safety Rules
 - **NEVER release, tag, push, or create PRs without explicit user confirmation at each step.** Always present your plan and wait for approval.
 - **NEVER push directly to `main`** — GitHub will reject it (`GH013: Repository rule violations`). All changes go through Pull Requests.
 - **NEVER skip CI checks.** Wait for all status checks to pass before merging.
 - **Testing ownership belongs to `@testing-manager`**. Do not plan or implement tests in this agent; request/hand off to testing-manager when testing work is required.
 - **Track all work in the GitHub Project board.** Every PR should reference an issue. Move issues through the board as work progresses.
 - **ALWAYS verify Project board status after merge.** The `project-auto-done.yml` workflow moves items to "Done" automatically when issues close or PRs merge. Verify it ran successfully; if it didn't, move items manually via GraphQL (see Task 6).
 ## CI/CD Ownership (Authoritative)
 This repository intentionally uses only two operational agents for CI/CD handoff clarity.
 - **No separate CI/CD agent is used.**
 - **`@release-manager` owns orchestration and monitoring** of all GitHub workflow runs for PRs, merges, releases, and post-release status.
 - **`@testing-manager` owns root-cause analysis and fixes** for testing-related workflow failures.
 ### Current Workflow Assignment
 | Workflow | Primary Owner | Responsibility |
 |---------|----------------|----------------|
 | `.github/workflows/test.yml` | `@testing-manager` | Diagnose/fix backend/frontend test/lint/build test failures |
 | `.github/workflows/e2e.yml` | `@testing-manager` | Diagnose/fix Playwright E2E failures and flakiness |
 | `.github/workflows/codeql.yml` | `@release-manager` | Track required security check state and block merge until green |
 | `.github/workflows/docker-build.yml` | `@release-manager` | Monitor build/publish pipeline on main/tags and release readiness |
 | `.github/workflows/update-test-badges.yml` | `@release-manager` | Monitor post-build badge update workflow completion |
 | `.github/workflows/add-to-project.yml` | `@release-manager` | Ensure issue/project automation is functioning for delivery flow |
 | `.github/workflows/project-auto-done.yml` | `@release-manager` | Auto-move project items to "Done" when issues close or PRs merge |
 ### Monitoring Rule (Must Follow)
 - During active PR/release work, `@release-manager` must keep all relevant current workflows in view until completion.
 - If a failing workflow is testing-related (`test.yml` or `e2e.yml`), immediately hand off diagnosis/fix to `@testing-manager`.
 ## GitHub CLI Safety (Non-Interactive Only)
 - Never use `gh` commands that can open an interactive pager and block execution (requiring `q`).
 - Always run `gh` commands in non-interactive mode using `GH_PAGER=cat` (or `--no-pager` where supported).
 - Do not use these commands in agent flows:
   - `gh pr view 155 --json statusCheckRollup --jq '.statusCheckRollup[] | {name:.name,conclusion:.conclusion,detailsUrl:.detailsUrl,workflowName:.workflowName}'`
   - `SHA=$(gh pr view 155 --json headRefOid --jq .headRefOid) && gh api repos/DanielVolz/medassist-ng/commits/$SHA/check-runs --jq '.check_runs[] | {name,conclusion,details_url,html_url,app:.app.name}'`
 - Use safe variants instead:
   - `GH_PAGER=cat gh pr view <PR_NUMBER> --json statusCheckRollup --jq '<jq-filter>'`
   - `GH_PAGER=cat gh api repos/<owner>/<repo>/commits/<sha>/check-runs --jq '<jq-filter>'`
 ---
 ## PR Strategy: One PR per Feature/Fix
 **Each feature or bug fix MUST be submitted as its own separate PR.** Do NOT bundle multiple unrelated changes into a single PR.
 **Why:**
 - Each change keeps a traceable PR workflow, but release notes must reference merged commit hashes
 - CI checks each change in isolation — failures are easy to trace
 - Git blame and rollbacks are precise
 - Code review stays focused
 **Rules:**
 - One logical change = one branch = one PR
 - If a bug fix is discovered while working on a feature, create a **separate branch and PR** for the fix
 - Related changes (e.g., feature + implementation refinements) belong in the **same** PR
 - Squash-merge is still used — keeps `main` history clean with one commit per PR
 - Branch naming reflects the change: `fix/bottle-stock-calc`, `feat/theme-dropdown`, etc.
 **Example — bad (bundled):**
 ```
 PR #138: "feat: theme dropdown, fix bottle bugs, fix planner, fix reminders"
 ```
 **Example — good (separate):**
 ```
 PR #138: "fix: bottle-type stock calculations across all subsystems"
 PR #139: "fix: intake reminder past-intake seeding"
 PR #140: "feat: theme dropdown with Light/Dark/System options"
 PR #141: "fix: planner checkbox layout on single line"
 ```
 ---
 ## PR Metadata (MANDATORY)
 Every Pull Request MUST have the following sidebar fields populated at creation time:
 | Field | Value | How |
 |-------|-------|-----|
 | **Assignee** | `DanielVolz` (repo owner) | `--assignee DanielVolz` |
 | **Label** | Match the change type: `enhancement` (feat), `bug` (fix), `documentation` (docs) | `--label <label>` |
 | **Project** | `@DanielVolz's MedAssist-ng project` | `--project "@DanielVolz's MedAssist-ng project"` |
 **Label mapping for PRs:**
 | Branch prefix / commit type | Label |
 |---|---|
 | `feat/` | `enhancement` |
 | `fix/` | `bug` |
 | `docs/` | `documentation` |
 | `chore/` (non-release) | `enhancement` or `bug` depending on content |
 | `chore/release-*` | No label needed (release PRs are automated) |
 These fields provide traceability, filtering, and project board integration. **Never leave them empty.**
 ---
 ## Task 1: Branch, PR, and Merge Workflow
 When code changes (features or bug fixes) are complete:
 ### Step 1: Verify Readiness
 1. Check for uncommitted changes: `git status`
 2. Confirm testing has been completed by `@testing-manager` and CI is expected to pass.
 ### Step 2: Create Feature Branch
 1. Determine branch name from the change type:
   - Bug fix: `fix/short-description` (e.g., `fix/stock-correction-consumption`)
   - Feature: `feat/short-description` (e.g., `feat/refill-tracking`)
   - Chore: `chore/short-description`
 2. Create and switch to the branch:
   ```bash
   git checkout -b feat/short-description
   ```
 3. Stage and commit changes with a conventional commit message:
   ```bash
   git add .
   git commit -m "fix: short description of what was fixed"
   ```
   Commit message prefixes: `feat:`, `fix:`, `chore:`, `refactor:`, `docs:`
 ### Step 3: Push and Create PR
 1. Push the branch:
   ```bash
   git push -u origin feat/short-description
   ```
 2. Create a Pull Request via GitHub CLI with **all metadata fields populated**:
   ```bash
   gh pr create \
     --title "fix: short description" \
     --body "Closes #<ISSUE_NUMBER>
   Description of changes" \
     --assignee DanielVolz \
     --label bug \
     --project "@DanielVolz's MedAssist-ng project"
   ```
   - Use `--label enhancement` for `feat/` branches, `--label bug` for `fix/` branches, `--label documentation` for `docs/` branches.
   - Using `Closes #N` in the PR body ensures the issue is automatically closed on merge.
   - The `--project` flag links the PR to the Project board.
 3. **Present the PR URL to the user and wait for confirmation.**
 ### Step 4: Wait for CI and Merge
 1. Monitor CI status:
   ```bash
   gh pr checks <PR_NUMBER> --watch
   ```
   Required checks: all repository-required checks must pass.
 2. If CI fails: analyze the failure, fix it, push again, and re-check.
 3. Once CI is green, **ask the user for merge confirmation**, then:
   ```bash
   gh pr merge <PR_NUMBER> --squash --delete-branch
   ```
 4. Switch back to main and pull:
   ```bash
   git checkout main
   git pull origin main
   ```
 ---
 ## Task 2: Determine Version Number
 When the user wants to create a release:
 ### Step 1: Check Current Version
 ```bash
 grep '"version"' backend/package.json
 ```
 Also check the latest git tag:
 ```bash
 git tag --sort=-v:refname | head -5
 ```
 ### Step 2: Analyze Changes Since Last Release
 ```bash
 git log $(git describe --tags --abbrev=0)..HEAD --oneline
 ```
 Read through the commits to understand what changed.
 ### Step 3: Select SemVer Level
 Apply these rules strictly:
 | Change Type | Version Bump | Example |
 |------------|-------------|---------|
 | Bug fixes only, no new features | **patch** | `1.4.2` → `1.4.3` |
 | New features (backward compatible) | **minor** | `1.4.2` → `1.5.0` |
 | Breaking changes (DB schema without migration, removed ENV vars, changed API) | **major** | `1.4.2` → `2.0.0` |
 **Guidelines:**
 - When in doubt between patch and minor, prefer **minor** if any user-visible behavior is new.
 - Bug fixes that also introduce small UX improvements = **patch**.
 - Multiple bug fixes in one release = still **patch**.
 - New UI sections, new API endpoints, new settings = **minor**.
 - If a user can run `docker compose pull && docker compose up -d` without changing anything → NOT a breaking change.
 **Present your version recommendation to the user with reasoning and wait for confirmation.**
 ---
 ## Task 3: Execute Release
 Use the release script — it is **fully non-interactive** (no y/N prompts) and handles the entire flow automatically:
 ```bash
 ./scripts/release.sh <patch|minor|major|x.y.z>
 ```
 The script performs these steps in order:
 1. Checks out and updates `main`
 2. Creates release branch `chore/release-X.Y.Z`
 3. Bumps version in `backend/package.json` and `frontend/package.json`
 4. Commits, pushes, and creates a PR
 5. Waits for CI checks (with retry logic — polls every 15s, waits up to 10 minutes)
 6. Merges the PR (squash + delete branch)
 7. Creates a signed tag `vX.Y.Z` and pushes it
 **The script auto-detects the git remote** (`origin` or `github`) and uses it consistently.
 **CI wait behavior:** GitHub Actions can take 10-30 seconds before checks appear on a new PR. The script waits 20 seconds initially, then polls every 15 seconds until checks are registered, then watches them to completion. Maximum wait is 10 minutes.
 **On failure:** If CI fails, the script exits with an error. The release branch and PR remain open for inspection. Fix the issue, push to the branch, and the PR will re-run CI. Then merge manually or re-run the script.
 ### Version Files (MANDATORY)
 The version number is displayed in the **About modal** (Settings → About) as a single unified app version. This version is a **clickable link** pointing to the corresponding GitHub release (`https://github.com/DanielVolz/medassist-ng/releases/tag/vX.Y.Z`). The version is read from:
 - **`backend/package.json`** → Backend version, returned by `/health` endpoint
 - **`frontend/package.json`** → Frontend version, injected at build time via Vite's `__APP_VERSION__` define and used to construct the release link
 **Both files MUST be updated to the new version before tagging a release.** If forgotten:
 - The About modal will show the old version
 - The version link will point to a non-existent GitHub release page
 ### Manual Release (if script is not available)
 1. Create release branch:
   ```bash
   git checkout main && git pull origin main
   git checkout -b chore/release-X.Y.Z
   ```
 2. Update versions in **both** `backend/package.json` and `frontend/package.json` to `X.Y.Z`
 3. Commit, push, create PR, wait for CI, merge (same as Task 1)
 4. Create signed tag:
   ```bash
   git checkout main && git pull origin main
   git tag -s "vX.Y.Z" -m "Release vX.Y.Z"
   git push origin "vX.Y.Z"
   ```
 ### After Tagging
 - The `docker-build.yml` workflow automatically builds and pushes Docker images to GHCR with both versioned tags (`1.8.7`, `1.8`) and `latest`.
 - The `update-test-badges.yml` workflow runs automatically after a successful Docker build to update README badges.
 - Track progress: `https://github.com/DanielVolz/medassist-ng/actions`
 ---
 ## Task 4: Write Release Notes
 When the user asks to write release notes (MANDATORY for minor/major releases):
 ### Step 1: Gather Changes
 ```bash
 git log vPREVIOUS..vNEW --oneline
 ```
 Read the actual code changes (not just commit messages) to understand what was added or fixed.
 ### Step 2: Write Release Notes
 **Release title:** Use just `vX.Y.Z` (e.g., `v1.4.1`), NOT "Release vX.Y.Z".
 **Required structure:**
 1. **"What's New"** (1-2 sentences): Brief intro explaining the main change
 2. **"New Features" / "Bug Fixes" / "Improvements"**: Grouped bullet points with **bold feature names** and descriptions
 3. **"Where to Find It"**: Tell users where they can access the new feature or see the fix
 4. **Breaking Changes Warning** (if applicable): See below
 **Style guidelines:**
 - Use `### Heading` for sections
 - Use **bold** for feature names in bullet points
 - Keep descriptions on the same line as the feature name
 - **No emojis** — do not use emoji in headings or bullet points
 - **Include commit references** — each bullet point must end with a short commit hash (e.g., `(ab12cd3)`) that links to the commit URL.
 - **Do not use PR references** in release notes (no `#123` or PR URLs in bullet references).
 - Always end with "Where to Find It" section
 - End with: `**Full Changelog**: https://github.com/DanielVolz/medassist-ng/compare/vPREV...vNEW`
 **ONLY include user-relevant changes.** DO NOT include:
 - Technical implementation details (new columns, endpoints, database changes)
 - Internal API changes (unless breaking)
 - Emojis anywhere in the release notes
 - .gitignore changes or other developer-only file changes
 - AI/Copilot instruction updates
 - CI/CD workflow changes (unless affecting users)
 - Code refactoring without user-visible changes
 ### Example: Good Release Notes
 ```markdown
 ## What's New
 This release introduces a medication refill tracking feature and improves the mobile user experience.
 ### New Features
 - **Medication Refill**: Track when you refill your medications with a single click. Add full packs or individual pills and view complete refill history. (ab12cd3)
 - **Automatic Stock Updates**: Stock levels are automatically recalculated after each refill. (ab12cd3)
 - **Refill History**: Each medication shows a complete history of all refills with timestamps. (de34f56)
 ### Improvements
 - **Centered Tooltips**: Info tooltips now display centered on screen for better readability. (f7890ab)
 - **Touch-friendly**: Tooltips close automatically when scrolling on touch devices. (f7890ab)
 ### Where to Find It
 The refill button appears in the medication detail modal and in the edit form for each medication.
 **Full Changelog**: https://github.com/DanielVolz/medassist-ng/compare/v1.2.3...v1.3.0
 ```
 ### Breaking Changes Warning
 If the update breaks existing configurations or stored data, it MUST be prominently warned:
 **Breaking Changes include:**
 - Database schema changes without automatic migration
 - Removed or renamed ENV variables
 - Changed API endpoints
 - Incompatible `.env` format changes
 - Loss of stored data after update
 **Format:**
 ```markdown
 ## ⚠️ BREAKING CHANGES - Please read before updating!
 **Database migration required**: This update changes the database schema.
 Existing installations need to:
 1. Create backup of `data/` folder
 2. Stop containers
 3. Perform update
 4. If issues occur: Rollback using backup
 **ENV variables changed**:
 - `OLD_VAR` was renamed to `NEW_VAR`
 - `REMOVED_VAR` is no longer supported
 ```
 **What is NOT a Breaking Change:**
 - ✅ New optional columns with DEFAULT values
 - ✅ New ENV variables (with sensible defaults)
 - ✅ New features that don't affect existing data
 - ✅ Bug fixes that correct behavior
 ### Step 3: Publish
 Present the release notes to the user. They will copy them to the GitHub release page or ask you to publish via:
 ```bash
 gh release create vX.Y.Z --title "vX.Y.Z" --notes "RELEASE_NOTES_HERE"
 ```
 ---
 ## Task 5: README Update Check (MANDATORY for new features)
 When the release includes **new features** (minor or major version bump), you MUST check whether the `README.md` needs to be updated **before** executing the release.
 ### What to check
 - New ENV variables or changed defaults
 - New API endpoints or changed routes
 - New UI features, pages, or settings
 - Changed setup/install steps or Docker configuration
 - New dependencies or changed architecture
 - New screenshots needed for new UI features
 ### Workflow
 1. Review the changes included in the release
 2. If any README-relevant changes are found, **present the proposed README updates to the user and wait for approval** before proceeding
 3. If the README update is approved, commit it to the feature branch (or create a separate `docs/update-readme` branch) **before** running the release script
 4. Do NOT silently update the README — always ask first
 > **Note:** For patch releases (bug fixes only), a README check is not required unless the fix changes documented behavior.
 ---
 ## Task 6: GitHub Project Management
 All work is tracked in the [GitHub Project board](https://github.com/users/DanielVolz/projects/1) (Project ID: `PVT_kwHOADH82s4BO2OT`).
 ### Board Columns (Status)
 | Column | Color | Description |
 |--------|-------|-------------|
 | Triage | Purple | New issues needing review |
 | Backlog | Green | Accepted, not yet started |
 | Ready | Blue | Ready to be picked up |
 | In progress | Yellow | Currently being worked on |
 | Done | Orange | Completed |
 ### Custom Fields
 | Field | Options | Usage |
 |-------|---------|-------|
 | **Type** | Bug (red), Feature (green), Chore (gray), Documentation (blue) | Categorize the work |
 | **Priority** | High (red), Medium (orange), Low (yellow) | Set urgency |
 | **Size** | XS, S, M, L, XL | Estimate effort |
 ### Workflow During PRs
 1. **Before creating a PR**: Check if a corresponding issue exists on the Project board. If not, create one:
   ```bash
   gh issue create --title "fix: description" --label bug
   ```
   Issues with `enhancement`, `bug`, or `triage` labels are **automatically added** to the board.
 2. **When creating a PR**: Always reference the issue with `Closes #N` in the PR body so the issue is automatically **closed** on merge. Note: this does NOT move the Project board status — that must be done manually (see step 3).
 3. **After merge — verify automation**: The `project-auto-done.yml` workflow automatically moves project items to "Done" when issues close or PRs merge. After merge, verify it ran:
   ```bash
   GH_PAGER=cat gh issue view <ISSUE_NUMBER> --json state,projectItems --jq '{state, projects: [.projectItems[] | {title: .title, status: .status.name}]}'
   ```
   **Manual fallback** — if the workflow fails or the item wasn't moved, use GraphQL:
   ```bash
   GH_PAGER=cat gh api graphql -f query='mutation {
     updateProjectV2ItemFieldValue(input: {
       projectId: "PVT_kwHOADH82s4BO2OT"
       itemId: "<ITEM_ID>"
       fieldId: "PVTSSF_lAHOADH82s4BO2OTzg9bdkE"
       value: { singleSelectOptionId: "ca45af98" }
     }) { projectV2Item { id } }
   }'
   ```
   **Known Project field IDs (Status):**
   | Status | Option ID |
   |--------|-----------|
   | Triage | `826183f5` |
   | Backlog | `c7cb819e` |
   | Ready | `13307944` |
   | In progress | `732e285e` |
   | Done | `ca45af98` |
   Status field ID: `PVTSSF_lAHOADH82s4BO2OTzg9bdkE`
 ### Issue Labels
 | Label | Applied by | Purpose |
 |-------|-----------|--------|
 | `enhancement` | Feature request template | New features |
 | `bug` | Bug report template | Bug fixes |
 | `triage` | Both templates | Needs review |
 All three labels trigger the `add-to-project.yml` workflow, which automatically adds the issue to the Project board.
 ---
 ## Complete Workflow Summary
 ```
 Code complete & validated by testing-manager
        ↓
 1. Ensure a GitHub issue exists (create if not)
 2. Create feature branch (fix/... or feat/...)
 3. Commit, push, create PR (with "Closes #N" in body, assignee, label, project)
 4. Wait for CI (all required checks)
 5. Merge PR to main (squash + delete branch)
 6. Verify issue moved to "Done" on Project board (automated by `project-auto-done.yml`; fallback: GraphQL, see Task 6)
        ↓
 Ready for release?
        ↓
 7. Check current version (git tag + package.json)
 8. Analyze changes → determine SemVer level
 9. If minor/major: check README.md for needed updates (Task 5)
 10. Run ./scripts/release.sh <patch|minor|major>
    (or manually: branch → version bump → PR → CI → merge → tag)
        ↓
 11. Write release notes (mandatory for minor/major)
 12. Publish GitHub release
        ↓
 Docker images built automatically via CI
 ```
@@ -1,120 +0,0 @@
 ---
 name: testing-manager
 description: Owns testing strategy, test implementation, local validation, and CI test triage for backend, frontend, and Playwright E2E.
 argument-hint: Describe what to test, e.g., "add tests for stock warning fix" or "analyze failing Playwright checks"
 ---
 # Testing Manager Agent
 You are the testing manager for **MedAssist-ng**. Your job is to ensure every feature and bug fix is validated with the right tests, that CI test failures are diagnosed and fixed at the root cause, and that test coverage quality does not regress.
 **All output (test code, comments, notes) MUST be in English**, even if the user communicates in German.
 ## Critical Testing Rules
 - **Tests are mandatory**: Every new feature and every bug fix MUST have corresponding tests.
 - **Fix bugs, don't test around them**: If behavior is incorrect, fix the implementation first, then write tests for correct behavior.
 - **Run tests non-interactively**: Use `CI=true` where required to avoid watch-mode hangs.
 - **Never start interactive report servers**: Do not run commands that wait for manual input (for example Playwright HTML report server: `Serving HTML report ... Press Ctrl+C to quit`). Always use finite, non-interactive commands and reporters.
 - **No remote git operations**: Do not push, merge, create PRs, tags, or releases. Hand over to `@release-manager` when ready.
 - **Keep scope focused**: Do not fix unrelated failures unless explicitly requested.
 ## CI/CD Ownership Boundary
 - **`@testing-manager` owns testing workflows only**: `.github/workflows/test.yml` and `.github/workflows/e2e.yml`.
 - **`@release-manager` owns orchestration/monitoring** of full workflow lifecycle and all non-testing workflows.
 - If a failure is outside testing scope (`codeql`, `docker-build`, `update-test-badges`, `add-to-project`), report and hand off to `@release-manager`.
 ## Test Stack & Locations
 - **Backend**: Vitest 2.1 + v8 coverage
 - **Frontend unit/integration**: Vitest
 - **E2E**: Playwright
 Primary locations:
 - Backend tests: `backend/src/test/*.test.ts`
 - Frontend tests: `frontend/src/test/**`
 - Playwright E2E: `frontend/e2e/**`
 ## Required Test Workflow
 1. Identify changed behavior and expected outcomes.
 2. Add/update tests near the affected feature.
 3. Run the smallest relevant subset first.
 4. Expand to broader suites if subset passes.
 5. Report what was run, what passed, and any remaining known failures.
 ## Commands
 ### Backend
 ```bash
 cd backend && CI=true npm test
 cd backend && CI=true npm run test:coverage
 cd backend && CI=true npm test -- -t "test name"
 ```
 ### Frontend
 ```bash
 cd frontend && CI=true npm test
 cd frontend && npm run lint
 cd frontend && npm run build
 ```
 ### Playwright E2E
 ```bash
 cd frontend && npm run test:e2e
 cd frontend && npm run test:e2e -- --project=chromium
 # Never use interactive UI/headed/report-server commands in agent runs.
 # Do not use: npm run test:e2e:ui, npm run test:e2e:headed, npx playwright show-report
 ```
 ## Backend Test Patterns
 - Prefer using test utilities from backend test setup (e.g. `buildTestApp`, helper factories).
 - Validate both status codes and response payloads.
 - Add regression tests for every fixed bug.
 - Keep tests deterministic and isolated.
 ## E2E Test Patterns
 - Use stable selectors and explicit assertions.
 - Avoid flaky timing assumptions; prefer waiting for concrete UI states.
 - For auth-sensitive flows, handle both auth-enabled and auth-disabled environments when applicable.
 - For CI triage, inspect failed run logs first, then reproduce locally with targeted specs.
 ## CI Failure Triage
 When test checks fail:
 1. Retrieve exact failed jobs and logs.
 2. Categorize failure: lint/format, environment/proxy, flaky selectors, app bug.
 3. Fix root cause.
 4. Re-run focused tests locally.
 5. Re-run broader checks if needed.
 6. Hand off for PR/merge via `@release-manager`.
 ## CI/CD Testing Context
 - PR validation includes backend tests and frontend build/lint checks.
 - E2E runs in GitHub Actions through `.github/workflows/e2e.yml`.
 - Docker build and badge update workflows run after merge/tag and may include test-related verification.
 ### Testing Workflow Focus (Current)
 | Workflow | Testing-Manager Action |
 |---------|------------------------|
 | `.github/workflows/test.yml` | Investigate failures, implement fixes, revalidate locally |
 | `.github/workflows/e2e.yml` | Investigate failures/flakes, stabilize tests, revalidate locally |
 ## Done Criteria
 Testing work is complete when:
 - Required tests exist and validate intended behavior.
 - Relevant local test commands pass.
 - CI test failures are resolved or clearly documented with rationale.
 - No temporary debugging files remain in the workspace.
@@ -1,77 +1,586 @@
 # MedAssist-ng - AI Coding Instructions
-## Purpose
+## General Rules
-Use `AGENTS.md` as the canonical governance source. Read the referenced skill files before starting any task.
+- **English is the primary language**: All code, comments, documentation, commit messages, PR descriptions, and GitHub releases MUST be written in English. The user may communicate in German, but all project artifacts must be in English.
 - **NEVER release without explicit permission**: Do NOT create tags, releases, or version bumps unless the user explicitly asks for it. Always wait for explicit confirmation before any release action.
 - **NEVER create PRs without explicit permission**: Do NOT create Pull Requests, push branches, or merge code unless the user explicitly asks for it. Always present changes and wait for the user to confirm before any git operations that affect the remote repository.
 - **No temporary files**: Delete temporary scripts/files immediately after use. Do not commit temporary debug scripts, test files, or one-off utilities to the repository.
 - **Clean workspace**: Always clean up after yourself. If you create a file for a specific task, delete it once done.
-## Project Orientation (Read First)
+## Architecture Overview
- **Product**: MedAssist-ng is a medication planner with stock tracking, reminders (email/push), refill history, and schedule sharing.
+MedAssist-ng is a **medication tracking and planning app** with a monorepo structure:
 - **Tech stack**: React + TypeScript + Vite (`frontend/`), Fastify + TypeScript + Drizzle + SQLite (`backend/`).
 - **Request path**: Frontend uses `/api/*` only; backend route handlers live in `backend/src/routes/`.
 - **Primary backend modules**:
 	- Auth/SSO: `backend/src/routes/auth.ts`, `backend/src/routes/oidc.ts`, `backend/src/plugins/auth.ts`
 	- Medications/data: `backend/src/routes/medications.ts`, `backend/src/db/schema.ts`
 	- Reminders: `backend/src/services/reminder-scheduler.ts`, `backend/src/routes/planner.ts`, `backend/src/routes/settings.ts`
 - **Primary frontend modules**:
 	- Pages: `frontend/src/pages/`
 	- Shared app state: `frontend/src/context/AppContext.tsx`
 	- Domain hooks: `frontend/src/hooks/`
 	- Translations: `frontend/src/i18n/en.json`, `frontend/src/i18n/de.json`
-Use this orientation for quick navigation before applying the rules below.
+- **Backend**: Fastify 5 + TypeScript + SQLite (Drizzle ORM) at `backend/`
 - **Frontend**: React 18 + Vite + TypeScript at `frontend/`
 - **Database**: SQLite with migrations in `backend/src/db/migrations/`
 - **Deployment**: Docker Compose with separate dev containers
 - **i18n**: English (en) and German (de) via react-i18next
-## Always-On Rules
+### Data Flow
 ```
 Frontend (React) → /api/* proxy → Backend (Fastify) → SQLite
                   ↓ (Vite rewrites /api to /)
 ```
- English only for project artifacts.
+The Vite proxy at `frontend/vite.config.ts` rewrites `/api/*` to `/` - so frontend calls `/api/medications` but backend route is just `/medications`.
 - **NEVER run remote git commands** — no `git push`, no `gh pr create/merge`, no `gh release`, no `git tag`. Prepare locally, then hand off to `@release-manager`.
 - Testing work belongs to `@testing-manager`.
 - PR/release/CI orchestration belongs to `@release-manager`.
 - Keep changes local, focused, and consistent with existing UI/API patterns.
 - **Hard PR scope + size rule**: one cohesive objective per PR; if scope drifts or diff becomes large (target <= 500 changed lines, hard split at ~800+), split into logical follow-up PRs instead of bundling.
 - Remove obsolete code when re-implementing — never leave dead code behind.
 - **Document behavioral discoveries**: When you discover or clarify how a feature works (e.g., what triggers notifications, how thresholds interact, which code paths exist), **always** add or update the relevant section in `doku/APP_BEHAVIOR.md`. This is mandatory — do not rely on conversation context alone.
-## MedAssist Essentials
+## Development Commands
- Frontend calls backend through `/api/*`.
+```bash
- DB changes must stay backward-compatible (schema default + alter migration + null-safe reads).
+# Start dev environment (preferred)
 docker compose -f docker-compose.dev.yml up
---
+# Or run services separately:
 cd backend && npm run dev      # tsx watch on port 3000
 cd frontend && npm run dev     # Vite on port 5173
-## Skills (MANDATORY — read before every task)
+# Production
 docker compose up -d
-Before starting any task, identify which skills apply and **read their full SKILL.md file** for detailed rules.
+# Database migrations
 cd backend && npm run migrate
-| Skill | Trigger | File |
+# Run tests
-|---|---|---|
+cd backend && npm test              # Run all tests
-| **Architecture Guard** | API endpoints, frontend API calls, routing, code placement | `.github/skills/medassist-architecture-guard/SKILL.md` |
+cd backend && npm run test:coverage # Run with coverage report
-| **DB Compatibility** | Persisted data, schema changes, migrations | `.github/skills/medassist-db-compat-check/SKILL.md` |
+```
 | **i18n Enforcer** ⚠️ | Any user-facing text in frontend or backend | `.github/skills/medassist-i18n-enforcer/SKILL.md` |
 | **UI Consistency** | UI flows, modals, buttons, forms, settings | `.github/skills/medassist-ui-consistency/SKILL.md` |
 | **Frontend Polish** | Visual quality improvements | `.github/skills/medassist-frontend-polish/SKILL.md` |
 | **Security Sanity** | Backend routes, auth, file handling, external input | `.github/skills/medassist-security-sanity/SKILL.md` |
 | **Observability Guard** | Services, schedulers, startup, failure handling | `.github/skills/medassist-observability-guard/SKILL.md` |
 | **Config Change Guard** | `.env`, Docker, Vite proxy, runtime defaults | `.github/skills/medassist-config-change-guard/SKILL.md` |
 | **Doc Sync Guard** | Behavior changes, setup, env vars, workflows | `.github/skills/medassist-doc-sync-guard/SKILL.md` |
 | **Testing Handoff** | Writing/running tests, CI test failures | `.github/skills/medassist-testing-handoff/SKILL.md` |
 | **Release Handoff** | Branch push, PR, merge, tagging, release | `.github/skills/medassist-release-handoff/SKILL.md` |
 | **Skill Quality Review** | Creating/modifying skills | `.github/skills/medassist-skill-quality-review/SKILL.md` |
-### Non-negotiable parity rules (always apply)
+## Testing (MANDATORY)
-1. **Desktop + Mobile Parity**: Medication edit has two paths — `MedicationsPage.tsx` (desktop) and `MobileEditModal` (mobile). **Always update BOTH**.
+> ⚠️ **IMPORTANT**: Every new feature MUST be covered by tests!
-2. **Notification Dual Code Paths**: Notifications have two code paths — `backend/src/services/reminder-scheduler.ts` (scheduler) and `backend/src/routes/planner.ts` (manual). **Always update BOTH**.
+> Pull Requests without tests for new features will not be accepted.
---
+### Test Framework
 - **Vitest 2.1** with v8 Coverage
 - Tests in `backend/src/test/*.test.ts`
 - Coverage goal: At least equal or better coverage after changes
-## Delegation
+### Test Structure
 | File | Tests |
 |------|-------|
 | `routes.test.ts` | API endpoints (Auth, Medications, Doses, Settings, Share, Planner) |
 | `services.test.ts` | Scheduler utilities (Timezone, Blisters, Usage calculation) |
 | `db.test.ts` | Database schema and operations |
- **Testing handoff → `@testing-manager`**: test planning, writing, execution, CI test triage.
+### Writing Tests
 - **Release handoff → `@release-manager`**: PR/release orchestration, merge flow, workflow monitoring.
-## Key References
+```typescript
 // Backend Test Example (backend/src/test/example.test.ts)
 import { describe, it, expect, beforeAll, afterAll } from 'vitest';
 import { createTestApp, createTestUser } from './routes.test'; // Test-Utilities
- Canonical governance: `AGENTS.md`
+describe('Feature Name', () => {
- Skill files: `.github/skills/*/SKILL.md`
+  let app: FastifyInstance;
- Specialist agents: `.github/agents/testing-manager.agent.md`, `.github/agents/release-manager.agent.md`
+  let authToken: string;
  beforeAll(async () => {
    app = await createTestApp();
    const user = await createTestUser(app);
    authToken = user.token;
  });
  afterAll(async () => {
    await app.close();
  });
  it('should do something specific', async () => {
    const response = await app.inject({
      method: 'GET',
      url: '/endpoint',
      headers: { Authorization: `Bearer ${authToken}` }
    });
    expect(response.statusCode).toBe(200);
    expect(response.json()).toHaveProperty('expectedField');
  });
 });
 ```
 ### Test Commands
 ```bash
 cd backend
 CI=true npm test            # Run tests once (ALWAYS run this way!)
 CI=true npm run test:coverage  # With coverage report
 npm test -- --watch         # Watch mode for manual development
 npm test -- -t "test name"  # Run single test
 ```
 > ⚠️ **IMPORTANT for AI agents**: ALWAYS run tests with `CI=true`!
 > Without `CI=true`, Vitest runs in watch mode and waits for input.
 ## CI/CD Pipeline (GitHub Actions)
 ### Workflow Overview
 ```
 Pull Request created
        ↓
 ┌─────────────────────────────────────┐
 │  test.yml                           │
 │  ├─ backend-test (parallel)         │
 │  │   ├─ npm ci                      │
 │  │   ├─ tsc --noEmit (Type-Check)   │
 │  │   └─ npm run test:coverage       │
 │  └─ frontend-build (parallel)       │
 │      ├─ npm ci                      │
 │      └─ npm run build               │
 └─────────────────────────────────────┘
        ↓ Tests must pass
    PR can be merged
        ↓
 Push to main / Tag created
        ↓
 ┌─────────────────────────────────────┐
 │  docker-build.yml                   │
 │  ├─ backend-test (parallel)         │
 │  ├─ frontend-build (parallel)       │
 │  └─ build-and-push (after tests)    │
 │      ├─ Build Docker images         │
 │      └─ Push to GHCR                │
 └─────────────────────────────────────┘
 ```
 ### Branch Protection
 > ⚠️ **IMPORTANT**: The `main` branch is protected!  
 > Direct pushing to `main` is **not possible** - GitHub will reject the push.  
 > All changes must go through Pull Requests.
 - **main** branch is protected (Repository Rules)
 - Direct pushing is rejected by GitHub with: `GH013: Repository rule violations`
 - PRs require:
  - ✅ `backend-test` Status Check passed
  - ✅ `frontend-build` Status Check passed
 - After successful merge, the feature branch is automatically deleted
 **Workflow for changes:**
 ```bash
 # 1. Create feature branch
 git checkout -b feat/my-feature
 # 2. Commit and push changes
 git add . && git commit -m "feat: Description"
 git push -u origin feat/my-feature
 # 3. Create PR (via GitHub CLI or Web)
 gh pr create --title "My Feature" --body "Description"
 # 4. Wait until CI is green, then merge
 gh pr merge --squash --delete-branch
 ```
 ### Workflow Files
 | File | Trigger | Purpose |
 |------|---------|--------|
 | `.github/workflows/test.yml` | Pull Requests | Run tests, block PR on failures |
 | `.github/workflows/docker-build.yml` | Push to main, Tags | Tests + Build and push Docker images |
 ### Adding New Code - Checklist
 1. ✅ Implement feature
 2. ✅ Write tests for the feature
 3. ✅ Run `npm run test:coverage` locally
 4. ✅ Coverage must not decrease
 5. ✅ Create and push feature branch
 6. ✅ Create Pull Request
 7. ✅ Wait until CI is green
 8. ✅ Merge PR (branch is automatically deleted)
 ## GitHub Releases
 > ⚠️ **IMPORTANT**: All GitHub Releases must be written in **English**!
 ### Release Workflow (MANDATORY for minor/major releases)
 The `main` branch is protected - releases must go through the automated release script.
 **Release Process:**
 ```bash
 # 1. Run release script (creates PR, waits for CI, merges, creates tag)
 ./scripts/release.sh [patch|minor|major]
 # 2. GitHub Actions creates a DRAFT release automatically
 # 3. User asks AI to write release notes:
 #    "Write the release notes for vX.Y.Z"
 # 4. AI writes descriptive release notes following the style guide below
 # 5. User publishes the draft release with the written notes
 ```
 > ⚠️ **MANDATORY for minor and major releases**: The AI assistant MUST write proper descriptive release notes!
 > Do NOT just publish the auto-generated commit list. Follow the process above.
 **AI Assistant Release Notes Workflow:**
 1. When user asks to write release notes for a version:
   - Check commits since previous tag: `git log vPREV..vNEW --oneline`
   - Read through the changes to understand what was added/fixed
   - Write release notes following the style guide below
   - Present the notes to the user for copying to GitHub
 ### Creating Release Notes
 > ⚠️ **MANDATORY**: GitHub Releases MUST contain a written message!
 > Not just auto-generated commit lists, but a brief descriptive text.
 **Keep it informative but concise.** Users want to know what changed and where to find it.
 **Required structure of release notes:**
 1. **"What's New"** (1-2 sentences): Brief intro explaining the main change
 2. **"New Features" / "Improvements"**: Grouped bullet points with **bold feature names** and descriptions
 3. **"Where to Find It"**: Tell users where they can access the new feature
 4. **Breaking Changes Warning** (if applicable): See below
 **Style guidelines:**
 - Use `### Heading` for sections (New Features, Improvements, Security, etc.)
 - Use **bold** for feature names in bullet points
 - Keep descriptions on the same line as the feature name
 - Minimal emoji usage (sparingly, not on every line)
 - Always end with "Where to Find It" section
 **DO NOT include:**
 - ❌ Technical implementation details (new columns, endpoints, database changes)
 - ❌ Number of tests added
 - ❌ Internal API changes (unless breaking)
 - ❌ Excessive emoji on every bullet point
 **Example of good release notes:**
 ```markdown
 ## What's New
 This release introduces a medication refill tracking feature and improves the mobile user experience.
 ### New Features
 - **Medication Refill**: Track when you refill your medications with a single click. Add full packs or individual pills and view complete refill history.
 - **Automatic Stock Updates**: Stock levels are automatically recalculated after each refill.
 - **Refill History**: Each medication shows a complete history of all refills with timestamps.
 ### Mobile Improvements
 - **Centered Tooltips**: Info tooltips now display centered on screen for better readability.
 - **Touch-friendly**: Tooltips close automatically when scrolling on touch devices.
 ### Where to Find It
 The refill button appears in the medication detail modal and in the edit form for each medication.
 **Full Changelog**: https://github.com/DanielVolz/medassist-ng/compare/v1.2.3...v1.3.0
 ```
 ### Breaking Changes Warning (CRITICAL!)
 > ⚠️ **MANDATORY**: If an update breaks existing configurations or stored data, it MUST be prominently warned about in the release notes!
 **Breaking Changes include:**
 - Database schema changes without automatic migration
 - Removed or renamed ENV variables
 - Changed API endpoints
 - Incompatible `.env` format changes
 - Loss of stored data after update
 **Format for Breaking Changes:**
 ```markdown
 ## ⚠️ BREAKING CHANGES - Please read before updating!
 **Database migration required**: This update changes the database schema. 
 Existing installations need to:
 1. Create backup of `data/` folder
 2. Stop containers
 3. Perform update
 4. If issues occur: Rollback using backup
 **ENV variables changed**: 
 - `OLD_VAR` was renamed to `NEW_VAR`
 - `REMOVED_VAR` is no longer supported
 **Medication data**: Intake schedules with only one time entry will be automatically 
 migrated. Please verify all times are correct after update.
 ```
 **What is NOT a Breaking Change:**
 - ✅ New optional columns with DEFAULT values
 - ✅ New ENV variables (with sensible defaults)
 - ✅ New features that don't affect existing data
 - ✅ Bug fixes that correct behavior
 **Rule of thumb**: If a user can simply run `docker compose pull && docker compose up -d` 
 without adjusting anything → Not a Breaking Change.
 ## Key Patterns
 ### Backend Routes (`backend/src/routes/`)
 | Route File | Endpoints |
 |------------|-----------|
 | `auth.ts` | `/auth/login`, `/auth/register`, `/auth/logout`, `/auth/refresh`, `/auth/me` |
 | `medications.ts` | CRUD `/medications`, `/medications/:id/image` |
 | `doses.ts` | `/doses/taken` - track dose intake |
 | `planner.ts` | `/medications/usage` - calculate usage for date range |
 | `settings.ts` | `/settings` - user settings CRUD |
 | `share.ts` | `/share` - create share tokens, `/share/:token` - public access |
 | `health.ts` | `/health` - health check endpoint |
 ### Backend Services (`backend/src/services/`)
 | Service | Description |
 |---------|-------------|
 | `reminder-scheduler.ts` | Stock reminder emails/push notifications |
 | `intake-reminder-scheduler.ts` | Intake reminder notifications |
 ### Frontend (`frontend/src/App.tsx`)
 - Single-file React app with all components and state
 - Uses React Router for navigation
 - API calls use `/api/` prefix (proxied by Vite)
 - Medication scheduling logic with intake schedules (multiple time entries per medication)
 ## Frontend Components & Views
 ### Routes / Pages
 | Route | Description |
 |-------|-------------|
 | `/dashboard` | Main view with Coverage Cards + Upcoming Schedules timeline |
 | `/medications` | Medications list + New/Edit form with all fields |
 | `/planner` | Usage planner - calculate needed pills for date range |
 | `/settings` | App settings: notifications, email, thresholds, language |
 | `/schedule` | Full schedule view (simplified, no coverage cards) |
 | `/share/:token` | Public share link for "taken by" user schedule |
 ### Key React Components (in App.tsx)
 | Component | Description |
 |-----------|-------------|
 | `App` | Root component with BrowserRouter |
 | `AppRouter` | Handles auth check, renders AppContent or Auth |
 | `AppContent` | Main app shell with navigation, header, all routes |
 | `SharedSchedule` | Public share page for medication schedules by person |
 | `MedicationAvatar` | Round avatar with medication image or colored initial |
 ### Dashboard Sections
 | Section | Description |
 |---------|-------------|
 | **Coverage Cards** | Stock status cards per medication: days left, blisters, status (Normal/Warning/Critical) |
 | **Upcoming Schedules** | Timeline grouped by day, collapsible days, dose tracking |
 ### Schedule/Timeline Elements
 | Element | CSS Class | Description |
 |---------|-----------|-------------|
 | Past days toggle | `.past-days-toggle` | Click to show/hide past days |
 | Day container | `.day-block` | Container for one day, collapsible |
 | Today highlight | `.day-block.today` | Blue border/background for current day |
 | Past day | `.day-block.past` | Dashed border, reduced opacity |
 | All taken | `.day-block.all-taken` | Green styling when all doses taken |
 | Day header | `.day-divider` | Date header with collapse toggle arrow |
 | Collapse icon | `.day-collapse-icon` | ▶/▼ arrow for expand/collapse |
 | Day summary | `.day-summary` | Shows "X/Y" doses taken or "✓ All taken" |
 | Medication row | `.time-row` | One medication's doses for that day |
 | Dose item | `.dose-item` | Individual dose with time, amount, take/undo button |
 | Dose taken | `.dose-item.taken` | Green background when dose is marked taken |
 | Dose overdue | `.dose-item.overdue` | Styling for past untaken doses |
 | Dose future | `.dose-item.future` | Disabled button for future days |
 ### Medication Form (New/Edit)
 | Field | Description |
 |-------|-------------|
 | Commercial Name | Main medication name (required) |
 | Generic Name | Scientific/generic name (optional) |
 | Taken By | Person taking the medication (optional, enables filtering/sharing) |
 | Packs | Number of full packs |
 | Blisters per Pack | Strips/blisters in each pack |
 | Pills per Blister | Tablets per strip |
 | Loose Pills | Extra pills not in blisters |
 | Pill Weight (mg) | Weight per pill for dose calculation display |
 | Expiry Date | Medication expiration |
 | Notes | Free text notes |
 | Image Upload | Medication photo (preview for new, direct upload for edit) |
 | **Intake Schedule** | One or more intake entries defining usage pattern |
 ### Intake Schedule
 Each blister defines a recurring intake:
 - **Usage (Pills)**: How many pills per dose
 - **Every (Days)**: Interval (1 = daily, 7 = weekly)
 - **Start (Date/Time)**: When the schedule starts (determines past/future doses)
 - **Remind checkbox**: Enable intake reminders (🔔)
 ### Modals
 | Modal | Trigger | Content |
 |-------|---------|---------|
 | Medication Detail | Click on coverage card or medication row | Full medication info, stock, schedule preview, edit/delete/ICS buttons |
 | Image Lightbox | Click medication image | Full-size medication image |
 | Share Dialog | "Share" button on schedules | Generate share link for specific "taken by" person |
 | User Schedule Filter | Click on "taken by" badge | Filter schedule by person |
 ### Settings Sections
 | Section | Settings |
 |---------|----------|
 | General | Language toggle (EN/DE) |
 | Stock Thresholds | Warning days, critical days, expiry warning days |
 | Email Notifications | Enable, email address, stock/intake toggles |
 | Push Notifications (Shoutrrr) | Enable, URL (ntfy/gotify/etc), stock/intake toggles |
 | Reminder Settings | Days before, repeat daily, skip for taken, repeat/nagging |
 | SMTP | Email config (read-only from .env) |
 ### Settings ENV Defaults
 All user settings can be pre-configured via ENV variables (see `.env.example`).
 These are only used as **defaults when a new user is created**.
 Once a user saves settings in the app, their saved values take precedence over ENV.
 | ENV Variable | Setting | Default |
 |--------------|---------|---------|
 | `DEFAULT_EMAIL_ENABLED` | Email notifications | false |
 | `DEFAULT_SHOUTRRR_ENABLED` | Push notifications | false |
 | `DEFAULT_SHOUTRRR_URL` | ntfy/gotify URL | (empty) |
 | `DEFAULT_REPEAT_REMINDERS_ENABLED` | Nagging reminders | false |
 | `DEFAULT_REMINDER_REPEAT_INTERVAL_MINUTES` | Nag interval | 30 |
 | `DEFAULT_MAX_NAGGING_REMINDERS` | Max nags | 5 |
 | `DEFAULT_LOW_STOCK_DAYS` | Low stock threshold | 30 |
 | `DEFAULT_LANGUAGE` | UI language | en |
 ## Database Schema (`backend/src/db/schema.ts`)
 | Table | Description |
 |-------|-------------|
 | `users` | User accounts with password hash, auth provider, timestamps |
 | `medications` | Per-user medications with inventory, schedules as JSON arrays |
 | `userSettings` | Per-user settings: notifications, thresholds, language |
 | `refreshTokens` | JWT refresh tokens for auth rotation |
 | `shareTokens` | Public share links by takenBy person |
 | `doseTracking` | Tracks when doses are marked as taken |
 ### Key Medication Fields
 ```typescript
 {
  name, genericName, takenByJson,        // Identity (takenByJson is JSON array)
  packCount, blistersPerPack, pillsPerBlister, looseTablets,  // Inventory
  pillWeightMg,                          // For mg display
  usageJson, everyJson, startJson,       // Intake schedules as JSON arrays
  imageUrl, expiryDate, notes,           // Optional metadata
  intakeRemindersEnabled                 // Per-med reminder toggle
 }
 ```
 ### Dose ID Format
 Dose IDs follow the pattern: `{medicationId}-{blisterIndex}-{timestampMs}`
 Example: `5-0-1735344000000` = Medication 5, Blister 0, timestamp
 ## State Management (AppContent)
 ### Key State Variables
 | State | Purpose |
 |-------|---------|
 | `meds` | Array of all user's medications |
 | `form` | Current medication form data |
 | `editingId` | ID of medication being edited (null for new) |
 | `pendingImage` / `pendingImagePreview` | Image upload for new medications |
 | `settings` / `savedSettings` | User settings current vs saved |
 | `scheduleDays` | How many days to show (30/90/180) |
 | `showPastDays` | Toggle for past days visibility |
 | `takenDoses` | Set of dose IDs that are marked taken |
 | `manuallyCollapsedDays` / `manuallyExpandedDays` | Day collapse state |
 | `selectedMed` | Medication shown in detail modal |
 | `selectedUser` | Filter schedule by "taken by" person |
 ### Key Computed Values (useMemo)
 | Value | Purpose |
 |-------|---------|
 | `schedule` | All scheduled events from `buildSchedulePreview()` |
 | `groupedSchedule` | Events grouped by day |
 | `pastDays` / `futureDays` | Split groupedSchedule by today |
 | `coverage` | Stock coverage calculations |
 | `coverageByMed` / `depletionByMed` | Coverage lookups |
 ## Conventions
 - **TypeScript**: Strict mode, ESM modules (`"type": "module"`)
 - **Styling**: CSS custom properties in `frontend/src/styles.css`, dark/light theme via `data-theme`
 - **API responses**: Return objects directly, Fastify serializes to JSON
 - **Environment**: Copy `.env.example` → `.env`, secrets must be 10+ chars
 - **i18n**: All UI text via `t('key')` function, translations in `frontend/src/i18n/*.json`
 ## Database Schema Changes (IMPORTANT: Backward Compatibility!)
 > ⚠️ **CRITICAL**: The app MUST remain backward compatible with older databases!
 > Users upgrade their Docker containers but keep their existing DB.
 > The app must NOT crash if old columns are missing.
 ### ⚠️ MANDATORY for EVERY New Feature
 **Before implementing ANY feature that touches user data or settings:**
 1. **Check if new DB columns are needed** - Does the feature require storing new data?
 2. **If YES → Follow ALL steps below** - Schema.ts + Drizzle migration + ALTER migration + NULL-safe code
 3. **NEVER skip the ALTER migration** - This is the #1 cause of production 500 errors!
 **Common mistake:** Adding a column to `schema.ts` and forgetting the ALTER migration in `client.ts`.
 The Drizzle migration only works for NEW databases. Existing production databases need the ALTER migration!
 ### Schema Management with Drizzle Kit
 The database schema uses **Drizzle Kit** for migrations. There is a **single source of truth**:
 - **`backend/src/db/schema.ts`** - Drizzle ORM schema definitions (TypeScript)
 - **`backend/drizzle/`** - Generated SQL migrations (auto-generated from schema.ts)
 **DO NOT manually edit migration files!** They are generated from schema.ts.
 ### Adding New Columns
 1. **Add to schema.ts** with DEFAULT value:
   ```typescript
   maxNaggingReminders: integer("max_nagging_reminders").notNull().default(5),
   ```
 2. **Generate migration**:
   ```bash
   cd backend && npx drizzle-kit generate --name add_column_name
   ```
 3. **Add backward-compatible ALTER migration** in `client.ts` `runAlterMigrations()`:
   ```typescript
   `ALTER TABLE user_settings ADD COLUMN max_nagging_reminders integer NOT NULL DEFAULT 5`,
   ```
 4. **NULL-safe reading** in routes:
   ```typescript
   maxNaggingReminders: settings.maxNaggingReminders ?? 5,
   ```
 ### Rules for New Columns
 1. **ALWAYS with DEFAULT value**: New columns must have `NOT NULL DEFAULT <value>`
 2. **NULL-safe in code**: All queries must use `?? defaultValue` or `?? false`
 3. **Generate migration**: Run `npx drizzle-kit generate` after schema changes
 4. **Add ALTER migration**: For backward compatibility with existing DBs
 ### What is NOT Allowed
 - ❌ Deleting or renaming columns (breaks old DBs)
 - ❌ `NOT NULL` without `DEFAULT` (INSERT fails)
 - ❌ Reading columns without fallback in code
 - ❌ Manually editing migration SQL files
 - ❌ Documenting "delete DB" as a solution
 ### When Backward Compatibility is NOT Possible
 If a breaking change is unavoidable:
 1. **Explicitly communicate**: Document in release notes
 2. **Migration script**: Provide automatic upgrade script
 3. **Version check**: App should check DB version and warn
 ## File Locations
 | Purpose | Location |
 |---------|----------|
 | Backend entry | `backend/src/index.ts` |
 | Database schema | `backend/src/db/schema.ts` |
 | Drizzle migrations | `backend/drizzle/*.sql` |
 | Drizzle config | `backend/drizzle.config.ts` |
 | Backend routes | `backend/src/routes/*.ts` |
 | Backend services | `backend/src/services/*.ts` |
 | Frontend app | `frontend/src/App.tsx` |
 | Frontend auth | `frontend/src/components/Auth.tsx` |
 | Styles | `frontend/src/styles.css` |
 | i18n English | `frontend/src/i18n/en.json` |
 | i18n German | `frontend/src/i18n/de.json` |
 | Docker prod | `docker-compose.yml` |
 | Docker dev | `docker-compose.dev.yml` |
 | Env template | `.env.example` |
@@ -1,53 +0,0 @@
 version: 2
 updates:
  # Backend dependencies
  - package-ecosystem: "npm"
    directory: "/backend"
    schedule:
      interval: "weekly"
      day: "monday"
    open-pull-requests-limit: 10
    labels:
      - "dependencies"
    groups:
      minor-and-patch:
        update-types:
          - "minor"
          - "patch"
  # Frontend dependencies
  - package-ecosystem: "npm"
    directory: "/frontend"
    schedule:
      interval: "weekly"
      day: "monday"
    open-pull-requests-limit: 10
    labels:
      - "dependencies"
    groups:
      minor-and-patch:
        update-types:
          - "minor"
          - "patch"
  # Root dev dependencies
  - package-ecosystem: "npm"
    directory: "/"
    schedule:
      interval: "weekly"
      day: "monday"
    open-pull-requests-limit: 5
    labels:
      - "dependencies"
  # GitHub Actions
  - package-ecosystem: "github-actions"
    directory: "/"
    schedule:
      interval: "weekly"
      day: "monday"
    open-pull-requests-limit: 5
    labels:
      - "dependencies"
      - "ci"
@@ -1,28 +0,0 @@
 # MedAssist Agent Skills
 This directory contains project skills for VS Code Copilot.
 Each skill lives in its own folder and must include a `SKILL.md` file.
 ## Global Rule Reminder
 When re-implementing a feature or fix path, remove obsolete/unused code immediately.
 Do not leave dead code behind.
 Also follow the canonical global engineering rules in `AGENTS.md`.
 Use one governance source to avoid duplicated or conflicting policy text.
 ## Skills
 - `medassist-karpathy-core` — enforce assumption clarity, simplicity, surgical diffs, and verifiable execution.
 - `medassist-architecture-guard` — enforce frontend/backend boundary and `/api/*` data-flow conventions.
 - `medassist-db-compat-check` — enforce backward-compatible SQLite/Drizzle schema changes.
 - `medassist-i18n-enforcer` — enforce translation-key-only UI copy with EN/DE parity.
 - `medassist-ui-consistency` — enforce non-negotiable UI guardrails and component/style reuse.
 - `medassist-frontend-polish` — apply tasteful visual refinement after consistency guardrails are met.
 - `medassist-security-sanity` — apply baseline security checks for backend and input/auth-sensitive changes.
 - `medassist-config-change-guard` — validate env, Docker, proxy, and runtime-config compatibility.
 - `medassist-doc-sync-guard` — ensure docs stay aligned with behavior/setup/config changes.
 - `medassist-observability-guard` — preserve actionable logging, health checks, and failure visibility.
 - `medassist-skill-quality-review` — review skill quality, trigger clarity, and governance alignment.
 - `medassist-testing-handoff` — delegate testing and CI test-failure triage to `@testing-manager`.
 - `medassist-release-handoff` — delegate PR/merge/release actions to `@release-manager`.
@@ -1,35 +0,0 @@
 ---
 name: medassist-architecture-guard
 description: Guard MedAssist architectural boundaries and route/data-flow conventions when changing backend or frontend code, including equivalent requests phrased in German.
 ---
 # Skill Instructions
 Use this skill when a task touches API endpoints, frontend API calls, routing, or code placement.
 ## Goals
 - Keep responsibilities in the correct layer.
 - Preserve MedAssist proxy and routing conventions.
 - Prevent architecture drift and cross-layer anti-patterns.
 ## Required Checks
 1. Frontend network calls use `/api/*` paths.
 2. Backend routes are implemented under `backend/src/routes/` with matching service logic in `backend/src/services/` when needed.
 3. No frontend-only logic is moved into backend and no backend-only logic is embedded in UI components.
 4. Type definitions are shared through existing project structure (`types/`, route DTO patterns) without creating duplicate source-of-truth models.
 ## MedAssist-Specific Guardrails
 - Respect Vite proxy behavior: frontend calls `/api/*`, backend exposes `/...` routes.
 - Keep app shell and routing patterns aligned with existing frontend pages/components.
 - Prefer minimal, local changes over broad restructures.
 ## Response Format
 When this skill is used, summarize:
 - Which architectural checks were applied
 - Which files are affected
 - Any boundary risks found and how they were resolved
@@ -1,43 +0,0 @@
 ---
 name: medassist-config-change-guard
 description: Validate MedAssist configuration changes across env vars, Docker compose, proxy settings, and runtime defaults, including equivalent requests phrased in German.
 ---
 # Skill Instructions
 Use this skill when changes touch `.env`, Docker files, Vite proxy settings, runtime defaults, or app startup behavior.
 ## Objective
 Prevent configuration drift and broken local/CI environments.
 ## Required Checks
 1. New/changed config has safe defaults.
 2. Env changes are backward-compatible where feasible.
 3. Docker/dev runtime changes remain consistent across services.
 4. Frontend/backend URL/proxy conventions remain valid (`/api/*`).
 5. Documentation reflects configuration changes.
 ## Files to Prioritize
 - `.env.example`
 - `docker-compose.yml`
 - `docker-compose.dev.yml`
 - `frontend/vite.config.ts`
 - Relevant package scripts and startup files
 ## Anti-Patterns
 - Hidden required env vars with no defaults.
 - Inconsistent host/port/proxy settings across environments.
 - Config changes without doc updates.
 ## Response Format
 Report:
 - Config files reviewed
 - Compatibility impact (none/low/high)
 - Required follow-up updates
 - Final readiness recommendation
@@ -1,40 +0,0 @@
 ---
 name: medassist-db-compat-check
 description: Enforce backward-compatible database changes for MedAssist SQLite and Drizzle migrations, including equivalent requests phrased in German.
 ---
 # Skill Instructions
 Use this skill for any feature or fix that adds or reads persisted data.
 ## Mandatory Sequence
 For every new persisted field/column:
 1. Add the column in `backend/src/db/schema.ts` with `NOT NULL DEFAULT <value>`.
 2. Generate migration with Drizzle Kit.
 3. Add matching `ALTER TABLE` logic in `backend/src/db/client.ts` inside `runAlterMigrations()`.
 4. Read values null-safe in routes/services (`?? defaultValue`).
 ## Hard Rules
 - Never remove or rename existing columns.
 - Never add non-null columns without defaults.
 - Never read newly added fields without fallback.
 - Never manually edit generated Drizzle SQL migrations.
 ## Verification Checklist
 - Schema update exists.
 - Generated migration exists.
 - Alter migration for existing DBs exists.
 - Runtime reads are fallback-safe.
 ## Response Format
 Report these items explicitly:
 - New/changed columns
 - Added alter-migration statements
 - Null-safe read locations
 - Remaining migration risk (if any)
@@ -1,39 +0,0 @@
 ---
 name: medassist-doc-sync-guard
 description: Ensure MedAssist documentation stays aligned with behavior changes in APIs, configuration, setup, and operations, including equivalent requests phrased in German.
 ---
 # Skill Instructions
 Use this skill when code changes alter behavior, setup steps, environment variables, user workflows, or operational commands.
 ## Objective
 Keep docs consistent with actual product behavior and avoid stale setup/run guidance.
 ## Required Checks
 1. If API behavior changed, verify relevant docs are updated.
 2. If ENV/config changed, update documented variables/defaults.
 3. If workflow/commands changed, update setup/run instructions.
 4. If user-facing behavior changed, update user-facing description.
 ## Candidate Documentation Files
 - `README.md`
 - `docs/PROJECT_SETUP.md`
 - `docs/TECH_STACK.md`
 ## Anti-Patterns
 - Shipping behavior changes without docs updates.
 - Updating docs with speculative/unverified commands.
 - Duplicating conflicting instructions across files.
 ## Response Format
 Return:
 - Doc files that should change
 - Proposed update summary per file
 - Any intentionally skipped docs and reason
@@ -1,67 +0,0 @@
 ---
 name: medassist-frontend-polish
 description: Improve frontend visual quality within the existing MedAssist design system, without introducing new themes, font stacks, or disruptive UI patterns, including equivalent requests phrased in German.
 ---
 # Skill Instructions
 Use this skill when the user wants UI improvements, better styling, or a more polished frontend, but the feature must stay consistent with MedAssist product UX.
 ## Scope
 This is the **visual enhancement skill**.
 It refines quality *within* existing product conventions.
 Apply `medassist-ui-consistency` rules first, then use this skill for tasteful polish.
 ## Do Not Use This Skill For
 - Replacing base UI patterns/components with new ones.
 - New design-system direction, visual identity, or broad layout language changes.
 - Marketing/brand-experiment pages that intentionally break product conventions.
 ## Objective
 Deliver production-grade visual refinement that feels intentionally designed while remaining fully consistent with existing MedAssist components, spacing, typography, and interaction patterns.
 ## Strict Constraints
 - Reuse existing components and patterns first (`ConfirmModal`, `MedicationAvatar`, existing form/button/layout patterns).
 - Do not introduce new global theme systems, font families, or visual identity changes.
 - Do not invent new UX flows, pages, or interaction models unless explicitly requested.
 - Keep frontend text i18n-safe: use `t("...")` and EN/DE keys.
 - Respect accessibility and readability over decorative effects.
 ## Allowed Enhancements
 - Better spacing rhythm and visual hierarchy.
 - Cleaner grouping, alignment, and density adjustments.
 - Improved states (hover, focus, disabled, loading) using existing style language.
 - Subtle transitions/micro-interactions that do not distract and do not change behavior.
 - Consistent empty/error/success presentation using existing UI conventions.
 ## Not Allowed
 - Random aesthetic overhauls.
 - New color systems or hardcoded ad-hoc colors that break current theme tokens.
 - Heavy animation, parallax, or attention-stealing motion.
 - Typography experiments that diverge from current product style.
 - "Creative" layout changes that reduce usability or consistency.
 ## Implementation Workflow
 1. Confirm `medassist-ui-consistency` guardrails are satisfied.
 2. Identify existing components and CSS patterns to reuse.
 3. Define the smallest visual changes that improve clarity and quality.
 4. Apply refinements in-place without changing core behavior.
 5. Validate consistency across neighboring views/components.
 6. Ensure i18n and accessibility are preserved.
 ## Response Format
 When using this skill, report:
 - Reused components and style primitives
 - Specific polish improvements applied
 - Any trade-offs/constraints respected
 - Confirmation that no new design system or disruptive UX pattern was introduced
@@ -1,31 +0,0 @@
 ---
 name: medassist-i18n-enforcer
 description: Enforce MedAssist i18n rules so UI copy is always translation-key based for English and German, including equivalent requests phrased in German.
 ---
 # Skill Instructions
 Use this skill when changing frontend UI text, form labels, alerts, dialogs, or page content.
 ## Rules
 - Do not hardcode new user-facing strings in React components.
 - Use translation keys via `t("...")`.
 - Add or update matching keys in:
  - `frontend/src/i18n/en.json`
  - `frontend/src/i18n/de.json`
 - Keep semantic key naming consistent with existing namespaces.
 ## Validation
 1. Every new UI string has a key.
 2. English and German entries are both present.
 3. No fallback-to-English hardcoded text remains in JSX.
 ## Response Format
 List:
 - New keys added
 - Files where keys were used
 - Any intentionally unchanged text and reason
@@ -1,41 +0,0 @@
 ---
 name: medassist-observability-guard
 description: Ensure MedAssist changes preserve actionable logging, health checks, and clear operational error visibility, including equivalent requests phrased in German.
 ---
 # Skill Instructions
 Use this skill when changes affect backend services, schedulers, integrations, startup flow, or failure handling.
 ## Objective
 Maintain operational visibility so failures are detectable, diagnosable, and actionable.
 ## Required Checks
 1. Critical paths keep clear error reporting.
 2. Health-check behavior remains intact and meaningful.
 3. Logs contain actionable context without leaking secrets.
 4. Errors are surfaced with enough detail for debugging.
 5. Silent failure paths are avoided.
 ## MedAssist Focus Areas
 - `backend/src/index.ts`
 - `backend/src/routes/health.ts`
 - `backend/src/services/*`
 - Scheduler and notification flows
 ## Anti-Patterns
 - Swallowed exceptions.
 - Generic logs with no context.
 - Missing visibility for background failures.
 ## Response Format
 Return:
 - Observability touchpoints reviewed
 - Gaps found and suggested fixes
 - Operational risk level
@@ -1,30 +0,0 @@
 ---
 name: medassist-release-handoff
 description: Enforce MedAssist release ownership by preventing remote git/release actions by normal agents and delegating to release-manager, including equivalent requests phrased in German.
 ---
 # Skill Instructions
 Use this skill when a request includes branch push, PR creation, merge, tagging, release notes publishing, or release orchestration.
 ## Ownership Rules
 - Remote git/release actions are owned by `@release-manager`.
 - Normal agent/Copilot must not perform:
  - `git push`
  - PR creation/merge
  - tag/release creation
 ## Required Behavior
 1. Perform local code edits only.
 2. Summarize local changes clearly.
 3. Provide handoff instruction to `@release-manager` for shipping steps.
 ## Response Format
 When this skill applies, return:
 - "Release handoff required"
 - Delegate target: `@release-manager`
 - Shipping checklist (branch, PR, CI, merge, release)
@@ -1,43 +0,0 @@
 ---
 name: medassist-security-sanity
 description: Apply baseline security checks to MedAssist code changes, especially for backend routes, auth flows, and input handling, including equivalent requests phrased in German.
 ---
 # Skill Instructions
 Use this skill when a change touches backend routes, auth/session logic, file handling, imports/exports, or external input.
 ## Objective
 Prevent common security regressions with fast, practical checks during implementation.
 ## Required Checks
 1. Validate and sanitize external input at API boundaries.
 2. Enforce auth/authz server-side for protected actions.
 3. Ensure secrets/tokens are never hardcoded or logged.
 4. Avoid information leakage in error responses.
 5. Keep permission-sensitive operations explicit and auditable.
 ## MedAssist Focus Areas
 - Route handlers in `backend/src/routes/`.
 - Auth-related code in `backend/src/plugins/` and auth routes.
 - Data import/export and sharing endpoints.
 - File/image upload and serving paths.
 ## Anti-Patterns
 - Trusting frontend-only checks.
 - Accepting unchecked query/body/path input.
 - Returning raw internal errors to clients.
 - Weak defaults for sensitive operations.
 ## Response Format
 Report:
 - Security-sensitive files reviewed
 - Findings by severity (critical/major/minor)
 - Concrete remediation actions
 - Residual risk (if any)
@@ -1,42 +0,0 @@
 ---
 name: medassist-skill-quality-review
 description: Review MedAssist skills for trigger quality, scope boundaries, and conflicts with AGENTS governance, including equivalent requests phrased in German.
 ---
 # Skill Instructions
 Use this skill when creating or modifying any skill under `.github/skills/`.
 ## Objective
 Keep skills discoverable, non-overlapping, and aligned with canonical governance in `AGENTS.md`.
 ## Required Checks
 1. Frontmatter has clear `name` and specific `description` trigger language.
 2. Scope boundaries are explicit (`when to use` / `do not use`).
 3. No conflicts with `AGENTS.md` ownership rules.
 4. No policy duplication that can drift from canonical governance.
 5. References to related skills are explicit where workflows chain.
 ## Quality Signals
 - Trigger phrases are concrete and task-shaped.
 - Instructions are concise, actionable, and deterministic.
 - Response format is clear and useful for downstream handoff.
 ## Anti-Patterns
 - Vague descriptions that match everything.
 - Duplicate skills with overlapping responsibilities.
 - Contradictory ownership guidance.
 - Long policy blocks copied from other files.
 ## Response Format
 Return:
 - Scope/trigger issues found
 - Overlap/conflict findings
 - Suggested minimal edits
 - Final pass/fail recommendation
@@ -1,31 +0,0 @@
 ---
 name: medassist-testing-handoff
 description: Enforce MedAssist testing ownership by delegating test planning, execution, and CI test failure triage to testing-manager, including equivalent requests phrased in German.
 ---
 # Skill Instructions
 Use this skill whenever a task includes writing tests, running tests, or diagnosing test-related CI failures.
 ## Ownership Rules
 - Test planning, implementation, and execution are owned by `@testing-manager`.
 - CI test-failure triage (`test.yml`, `e2e.yml`) is owned by `@testing-manager`.
 - Normal coding agent should hand off testing tasks instead of executing testing workflows directly.
 ## Handoff Template
 Use this structure for delegation:
 1. Scope: feature/fix and affected files
 2. Expected behavior
 3. Suggested test layers (unit/integration/e2e)
 4. CI failure context (if applicable)
 ## Response Format
 When triggered, output:
 - "Testing handoff required"
 - Delegate target: `@testing-manager`
 - Minimal handoff brief (scope + expected behavior)
@@ -1,42 +0,0 @@
 ---
 name: medassist-ui-consistency
 description: Enforce non-negotiable MedAssist UI guardrails by reusing existing components, styles, and interaction patterns, including equivalent requests phrased in German.
 ---
 # Skill Instructions
 Use this skill when implementing or editing UI flows, modals, buttons, forms, schedule views, or settings screens.
 ## Scope
 This is the **guardrail skill** for UI work.
 Use it to enforce consistency and prevent design drift.
 Use `medassist-frontend-polish` only after these guardrails are satisfied.
 ## Do Not Use This Skill For
 - Creative visual redesign requests where no product consistency constraints apply.
 - Marketing-style one-off pages outside MedAssist product UI conventions.
 ## Rules
 - Reuse existing components (for example `ConfirmModal`, `MedicationAvatar`) before creating new primitives.
 - Keep spacing, typography, and button styles aligned with existing patterns.
 - Avoid custom inline modal/button patterns that diverge from project design.
 - Prefer extending existing CSS classes/styles instead of introducing parallel styling systems.
 ## Decision Heuristics
 1. If an equivalent component exists, reuse it.
 2. If small variant is needed, extend existing styles minimally.
 3. If a new component is unavoidable, match existing naming and structure conventions.
 ## Response Format
 Provide:
 - Reused components/styles
 - Any new UI element and why reuse was not possible
 - Consistency risks reviewed
 - Confirmation that `medassist-frontend-polish` constraints remain compatible (if polish work is also requested)
@@ -1,19 +0,0 @@
 name: Add to Project
 on:
  issues:
    types: [opened, labeled]
 permissions: {}
 jobs:
  add-to-project:
    name: Add issue to project
    runs-on: ubuntu-latest
    steps:
      - uses: actions/add-to-project@v1.0.2
        with:
          project-url: ${{ vars.PROJECT_URL }}
          github-token: ${{ secrets.ADD_TO_PROJECT_PAT }}
          labeled: enhancement, bug, triage
          label-operator: OR
@@ -3,30 +3,8 @@ name: "CodeQL"
 on:
  push:
    branches: [main]
    paths:
      - '**.js'
      - '**.ts'
      - '**.tsx'
      - '**.jsx'
      - 'backend/package.json'
      - 'backend/package-lock.json'
      - 'frontend/package.json'
      - 'frontend/package-lock.json'
      - '.github/codeql/**'
      - '.github/workflows/codeql.yml'
  pull_request:
    branches: [main]
    paths:
      - '**.js'
      - '**.ts'
      - '**.tsx'
      - '**.jsx'
      - 'backend/package.json'
      - 'backend/package-lock.json'
      - 'frontend/package.json'
      - 'frontend/package-lock.json'
      - '.github/codeql/**'
      - '.github/workflows/codeql.yml'
  schedule:
    - cron: "0 6 * * 1" # Weekly on Monday at 6am UTC
  workflow_dispatch: # Allow manual trigger
@@ -47,18 +25,18 @@ jobs:
    steps:
      - name: Checkout repository
-        uses: actions/checkout@v6
+        uses: actions/checkout@v4
      - name: Initialize CodeQL
-        uses: github/codeql-action/init@v4
+        uses: github/codeql-action/init@v3
        with:
          languages: ${{ matrix.language }}
          config-file: ./.github/codeql/codeql-config.yml
      - name: Autobuild
-        uses: github/codeql-action/autobuild@v4
+        uses: github/codeql-action/autobuild@v3
      - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v4
+        uses: github/codeql-action/analyze@v3
        with:
          category: "/language:${{ matrix.language }}"
@@ -3,6 +3,11 @@ name: Build and Push Docker Images
 on:
  push:
    branches: [main]
    paths:
      - 'backend/**'
      - 'frontend/**'
      - 'docker-compose*.yml'
      - '.github/workflows/docker-build.yml'
    tags: ['v*']
  workflow_dispatch:
    inputs:
@@ -20,16 +25,50 @@ env:
 jobs:
  # =============================================================================
-  # Build and Push Docker Images
+  # Run Tests First
-  # Triggered on pushes to main (tagged as "main") and version tags (v*).
+  # =============================================================================
-  # Tests are NOT run here — branch protection on main requires all PR checks
+  backend-test:
-  # (backend-test + frontend-build from test.yml) to pass before merge.
+    name: Backend Tests
-  # Tags are created from main, so code is already tested.
+    runs-on: ubuntu-latest
-  #
+    permissions:
-  # main push  → "main" tag only (for testing before release)
+      contents: read
-  # Tag builds → semver tags (e.g., 1.9.0, 1.9) plus "latest"
+    defaults:
      run:
        working-directory: backend
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-node@v4
        with:
          node-version: '22'
          cache: 'npm'
          cache-dependency-path: backend/package-lock.json
      - run: npm ci
      - run: npx tsc --noEmit
      - run: npm run test:run
  frontend-build:
    name: Frontend Build
    runs-on: ubuntu-latest
    permissions:
      contents: read
    defaults:
      run:
        working-directory: frontend
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-node@v4
        with:
          node-version: '22'
          cache: 'npm'
          cache-dependency-path: frontend/package-lock.json
      - run: npm ci
      - run: npm run build
  # =============================================================================
  # Build and Push Docker Images (only after tests pass)
  # =============================================================================
  build-and-push:
    needs: [backend-test, frontend-build]
    runs-on: ubuntu-latest
    permissions:
      contents: read
@@ -45,7 +84,7 @@ jobs:
    steps:
      - name: Checkout repository
-        uses: actions/checkout@v6
+        uses: actions/checkout@v4
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
@@ -67,10 +106,10 @@ jobs:
            type=semver,pattern={{version}}
            type=semver,pattern={{major}}.{{minor}}
            type=raw,value=${{ github.event.inputs.tag || 'latest' }},enable=${{ github.event_name == 'workflow_dispatch' }}
-            type=raw,value=latest,enable=${{ startsWith(github.ref, 'refs/tags/v') }}
+            type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' }}
      - name: Build and push
-        uses: docker/build-push-action@v6
+        uses: docker/build-push-action@v5
        with:
          context: ${{ matrix.context }}
          push: true
@@ -94,32 +133,17 @@ jobs:
    steps:
      - name: Checkout repository
-        uses: actions/checkout@v6
+        uses: actions/checkout@v4
        with:
          fetch-depth: 0  # Fetch all history for changelog generation
      - name: Check if release exists
        id: check_release
        run: |
          CURRENT_TAG=${GITHUB_REF#refs/tags/}
          if gh release view "$CURRENT_TAG" &>/dev/null; then
            echo "exists=true" >> $GITHUB_OUTPUT
            echo "Release $CURRENT_TAG already exists, skipping creation"
          else
            echo "exists=false" >> $GITHUB_OUTPUT
          fi
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
      - name: Get previous tag
        if: steps.check_release.outputs.exists == 'false'
        id: prev_tag
        run: |
          PREV_TAG=$(git describe --tags --abbrev=0 HEAD^ 2>/dev/null || echo "")
          echo "tag=${PREV_TAG}" >> $GITHUB_OUTPUT
      - name: Generate changelog
        if: steps.check_release.outputs.exists == 'false'
        id: changelog
        run: |
          CURRENT_TAG=${GITHUB_REF#refs/tags/}
@@ -148,7 +172,6 @@ jobs:
          echo "**Full Changelog**: https://github.com/${{ github.repository }}/compare/${PREV_TAG}...${CURRENT_TAG}" >> changelog.md
      - name: Create GitHub Release
        if: steps.check_release.outputs.exists == 'false'
        uses: softprops/action-gh-release@v2
        with:
          body_path: changelog.md
@@ -1,70 +0,0 @@
 name: E2E Tests
 on:
  pull_request:
    branches: [main]
    paths:
      - 'frontend/**'
      - 'backend/**'
      - '.github/workflows/e2e.yml'
 # Minimal permissions for security
 permissions:
  contents: read
 jobs:
  e2e:
    name: Playwright E2E
    runs-on: ubuntu-latest
    timeout-minutes: 15
    permissions:
      contents: read
    steps:
      - name: Checkout repository
        uses: actions/checkout@v6
      - name: Setup Node.js
        uses: actions/setup-node@v6
        with:
          node-version: '22'
          cache: 'npm'
          cache-dependency-path: |
            backend/package-lock.json
            frontend/package-lock.json
      - name: Install backend dependencies
        working-directory: backend
        run: npm ci
      - name: Install frontend dependencies
        working-directory: frontend
        run: npm ci
      - name: Install Playwright browsers
        working-directory: frontend
        run: npx playwright install --with-deps chromium
      - name: Run E2E tests (Chromium only)
        working-directory: frontend
        run: npx playwright test --project=chromium
        env:
          CI: true
          JWT_SECRET: e2e-test-secret-that-is-long-enough
          SESSION_SECRET: e2e-test-session-secret-long-enough
      - name: Upload Playwright report
        uses: actions/upload-artifact@v6
        if: always()
        with:
          name: playwright-report
          path: frontend/playwright-report/
          retention-days: 7
      - name: Upload test results
        uses: actions/upload-artifact@v6
        if: always()
        with:
          name: playwright-results
          path: frontend/test-results/
          retention-days: 7
@@ -1,105 +0,0 @@
 name: Move Done in Project
 on:
  issues:
    types: [closed]
  pull_request:
    types: [closed]
 permissions: {}
 jobs:
  move-to-done:
    name: Move to Done
    runs-on: ubuntu-latest
    if: >-
      (github.event_name == 'issues' && github.event.issue.state_reason == 'completed') ||
      (github.event_name == 'pull_request' && github.event.pull_request.merged == true)
    steps:
      - name: Move project item to Done
        uses: actions/github-script@v8
        with:
          github-token: ${{ secrets.ADD_TO_PROJECT_PAT }}
          script: |
            const projectId = 'PVT_kwHOADH82s4BO2OT';
            const statusFieldId = 'PVTSSF_lAHOADH82s4BO2OTzg9bdkE';
            const doneOptionId = 'ca45af98';
            // Determine content ID (issue or PR node ID)
            const nodeId = context.payload.issue?.node_id || context.payload.pull_request?.node_id;
            const number = context.payload.issue?.number || context.payload.pull_request?.number;
            const type = context.payload.issue ? 'issue' : 'pull_request';
            console.log(`Processing ${type} #${number} (${nodeId})`);
            // Find the project item by content node ID
            const result = await github.graphql(`
              query($nodeId: ID!) {
                node(id: $nodeId) {
                  ... on Issue {
                    projectItems(first: 10) {
                      nodes {
                        id
                        project { id }
                        fieldValueByName(name: "Status") {
                          ... on ProjectV2ItemFieldSingleSelectValue {
                            name
                            optionId
                          }
                        }
                      }
                    }
                  }
                  ... on PullRequest {
                    projectItems(first: 10) {
                      nodes {
                        id
                        project { id }
                        fieldValueByName(name: "Status") {
                          ... on ProjectV2ItemFieldSingleSelectValue {
                            name
                            optionId
                          }
                        }
                      }
                    }
                  }
                }
              }
            `, { nodeId });
            const items = result.node?.projectItems?.nodes || [];
            const projectItem = items.find(item => item.project.id === projectId);
            if (!projectItem) {
              console.log(`${type} #${number} is not in the project board — skipping.`);
              return;
            }
            const currentStatus = projectItem.fieldValueByName?.name || 'unknown';
            if (currentStatus === 'Done') {
              console.log(`${type} #${number} is already "Done" — skipping.`);
              return;
            }
            console.log(`Moving ${type} #${number} from "${currentStatus}" to "Done"...`);
            await github.graphql(`
              mutation($projectId: ID!, $itemId: ID!, $fieldId: ID!, $optionId: String!) {
                updateProjectV2ItemFieldValue(input: {
                  projectId: $projectId
                  itemId: $itemId
                  fieldId: $fieldId
                  value: { singleSelectOptionId: $optionId }
                }) {
                  projectV2Item { id }
                }
              }
            `, {
              projectId,
              itemId: projectItem.id,
              fieldId: statusFieldId,
              optionId: doneOptionId
            });
            console.log(`Successfully moved ${type} #${number} to "Done".`);
@@ -0,0 +1,78 @@
 name: Create Release
 on:
  push:
    tags: ['v*']
 permissions:
  contents: write
 jobs:
  release:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          fetch-depth: 0
      - name: Get version info
        id: version
        run: |
          CURRENT_TAG=${GITHUB_REF#refs/tags/}
          VERSION=${CURRENT_TAG#v}
          echo "tag=$CURRENT_TAG" >> $GITHUB_OUTPUT
          echo "version=$VERSION" >> $GITHUB_OUTPUT
          # Get previous tag
          PREV_TAG=$(git tag --sort=-v:refname | grep -A1 "^${CURRENT_TAG}$" | tail -1)
          if [ "$PREV_TAG" = "$CURRENT_TAG" ]; then
            PREV_TAG=""
          fi
          echo "previous_tag=$PREV_TAG" >> $GITHUB_OUTPUT
      - name: Generate release template
        run: |
          cat > release_notes.md << 'EOF'
          ## What's New
          <!-- 
          Write 1-2 sentences describing the main changes in this release.
          Example: This release introduces a medication refill tracking feature and improves the mobile user experience.
          -->
          ### New Features
          <!-- List new features with **bold** names and descriptions -->
          - **Feature Name**: Description of the feature
          ### Improvements
          <!-- List improvements and fixes -->
          - **Improvement**: Description
          ### Where to Find It
          <!-- Tell users where they can access new features -->
          ---
          ## Docker Images
          ```bash
          docker pull ghcr.io/danielvolz/medassist-ng-backend:${{ steps.version.outputs.version }}
          docker pull ghcr.io/danielvolz/medassist-ng-frontend:${{ steps.version.outputs.version }}
          ```
          **Full Changelog**: https://github.com/DanielVolz/medassist-ng/compare/${{ steps.version.outputs.previous_tag }}...${{ steps.version.outputs.tag }}
          EOF
      - name: Create Draft Release
        uses: softprops/action-gh-release@v1
        with:
          body_path: release_notes.md
          draft: true
          generate_release_notes: false
          name: "Release ${{ steps.version.outputs.tag }}"
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -10,38 +10,10 @@ permissions:
 jobs:
  # =============================================================================
-  # Detect which paths changed to skip unnecessary jobs
+  # Backend Tests
  # =============================================================================
  changes:
    name: Detect Changes
    runs-on: ubuntu-latest
    permissions:
      contents: read
      pull-requests: read
    outputs:
      backend: ${{ steps.filter.outputs.backend }}
      frontend: ${{ steps.filter.outputs.frontend }}
    steps:
      - uses: dorny/paths-filter@v3
        id: filter
        with:
          filters: |
            backend:
              - 'backend/**'
              - 'biome.json'
              - '.github/workflows/test.yml'
            frontend:
              - 'frontend/**'
              - 'biome.json'
              - '.github/workflows/test.yml'
  # =============================================================================
  # Backend Tests (skipped if no backend-related files changed)
  # =============================================================================
  backend-test:
    name: Backend Tests
    needs: changes
    if: needs.changes.outputs.backend == 'true'
    runs-on: ubuntu-latest
    permissions:
      contents: read
@@ -51,10 +23,10 @@ jobs:
    steps:
      - name: Checkout repository
-        uses: actions/checkout@v6
+        uses: actions/checkout@v4
      - name: Setup Node.js
-        uses: actions/setup-node@v6
+        uses: actions/setup-node@v4
        with:
          node-version: '22'
          cache: 'npm'
@@ -63,9 +35,6 @@ jobs:
      - name: Install dependencies
        run: npm ci
      - name: Lint
        run: npm run lint
      - name: TypeScript type check
        run: npx tsc --noEmit
@@ -73,7 +42,7 @@ jobs:
        run: npm run test:coverage
      - name: Upload coverage report
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v4
        if: always()
        with:
          name: backend-coverage
@@ -81,12 +50,10 @@ jobs:
          retention-days: 7
  # =============================================================================
-  # Frontend Tests & Build (skipped if no frontend-related files changed)
+  # Frontend Build Validation
  # =============================================================================
  frontend-build:
    name: Frontend Build
    needs: changes
    if: needs.changes.outputs.frontend == 'true'
    runs-on: ubuntu-latest
    permissions:
      contents: read
@@ -96,10 +63,10 @@ jobs:
    steps:
      - name: Checkout repository
-        uses: actions/checkout@v6
+        uses: actions/checkout@v4
      - name: Setup Node.js
-        uses: actions/setup-node@v6
+        uses: actions/setup-node@v4
        with:
          node-version: '22'
          cache: 'npm'
@@ -108,19 +75,5 @@ jobs:
      - name: Install dependencies
        run: npm ci
      - name: Lint
        run: npm run lint
      - name: Run tests with coverage
        run: npm run test:coverage
      - name: TypeScript type check & build
        run: npm run build
      - name: Upload coverage report
        uses: actions/upload-artifact@v6
        if: always()
        with:
          name: frontend-coverage
          path: frontend/coverage/
          retention-days: 7
@@ -1,111 +0,0 @@
 name: Update Test Badges
 on:
  workflow_dispatch:
  workflow_run:
    workflows: ["Build and Push Docker Images"]
    types: [completed]
    branches: [main]
 permissions:
  contents: write
 # Prevent parallel badge workflows from racing each other
 concurrency:
  group: update-test-badges
  cancel-in-progress: true
 jobs:
  update-badges:
    name: Update Test Count Badges
    runs-on: ubuntu-latest
    # Only run after successful docker builds, not failed ones
    if: ${{ github.event_name == 'workflow_dispatch' || github.event.workflow_run.conclusion == 'success' }}
    steps:
      - name: Checkout repository
        uses: actions/checkout@v6
        with:
          token: ${{ secrets.BADGE_TOKEN || secrets.GITHUB_TOKEN }}
      - name: Setup Node.js
        uses: actions/setup-node@v6
        with:
          node-version: '22'
          cache: 'npm'
          cache-dependency-path: '**/package-lock.json'
      - name: Install backend dependencies
        working-directory: backend
        run: npm ci
      - name: Install frontend dependencies
        working-directory: frontend
        run: npm ci
      - name: Run backend tests and capture count
        id: backend-tests
        working-directory: backend
        timeout-minutes: 5
        env:
          CI: true
        run: |
          OUTPUT=$(npm run test:run 2>&1) || true
          echo "$OUTPUT"
          # Strip ANSI escape codes, then extract "Tests  X passed" from output
          CLEAN=$(echo "$OUTPUT" | sed 's/\x1b\[[0-9;]*m//g')
          PASSED=$(echo "$CLEAN" | grep -oP 'Tests\s+\K\d+(?=\s+passed)' | tail -1)
          echo "count=$PASSED" >> $GITHUB_OUTPUT
      - name: Run frontend tests and capture count
        id: frontend-tests
        working-directory: frontend
        timeout-minutes: 5
        env:
          CI: true
        run: |
          OUTPUT=$(npm run test:run 2>&1) || true
          echo "$OUTPUT"
          # Strip ANSI escape codes, then extract "Tests  X passed" from output
          CLEAN=$(echo "$OUTPUT" | sed 's/\x1b\[[0-9;]*m//g')
          PASSED=$(echo "$CLEAN" | grep -oP 'Tests\s+\K\d+(?=\s+passed)' | tail -1)
          echo "count=$PASSED" >> $GITHUB_OUTPUT
      - name: Update README badges
        run: |
          BACKEND_COUNT="${{ steps.backend-tests.outputs.count }}"
          FRONTEND_COUNT="${{ steps.frontend-tests.outputs.count }}"
          echo "Backend tests: $BACKEND_COUNT"
          echo "Frontend tests: $FRONTEND_COUNT"
          # Only update if we got valid counts
          if [[ -n "$BACKEND_COUNT" && -n "$FRONTEND_COUNT" ]]; then
            # URL encode the slash for shields.io
            BACKEND_BADGE="https://img.shields.io/badge/Backend_Tests-${BACKEND_COUNT}%2F${BACKEND_COUNT}-brightgreen?logo=vitest"
            FRONTEND_BADGE="https://img.shields.io/badge/Frontend_Tests-${FRONTEND_COUNT}%2F${FRONTEND_COUNT}-brightgreen?logo=vitest"
            # Update README using sed
            sed -i "s|https://img.shields.io/badge/Backend_Tests-[^\"]*|$BACKEND_BADGE|g" README.md
            sed -i "s|https://img.shields.io/badge/Frontend_Tests-[^\"]*|$FRONTEND_BADGE|g" README.md
            echo "Updated badges in README.md"
          else
            echo "Could not extract test counts, skipping update"
            exit 0
          fi
      - name: Commit and push badge updates
        run: |
          git config user.name "github-actions[bot]"
          git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
          git add README.md
          if git diff --cached --quiet; then
            echo "No badge changes to commit"
          else
            git commit -m "chore: update test count badges [skip ci]"
            # Rebase on latest main to avoid push rejection when concurrent
            # badge workflows or other [skip ci] commits land between checkout and push
            git pull --rebase origin main
            git push
          fi
@@ -18,12 +18,6 @@ build/
 coverage/
 .nyc_output/
 # Playwright
 /frontend/playwright-report/
 /frontend/test-results/
 /frontend/e2e/.auth/
 /frontend/blob-report/
 # ===================
 # Environment
 # ===================
@@ -77,8 +71,3 @@ Thumbs.db
 *.local
 .cache/
 .turbo/
 .roo/
 .roomodes
 AGENTS.md
 docs/TECH_STACK.md
 doku
@@ -1 +0,0 @@
 npx lint-staged
@@ -1,8 +1,5 @@
 {
  "vitest.root": "backend",
  "vitest.enable": true,
-  "vitest.commandLine": "npm test --",
+  "vitest.commandLine": "npm test --"
  "chat.tools.terminal.autoApprove": {
    "test": true
  }
 }
@@ -1,49 +0,0 @@
 {
  "version": "2.0.0",
  "tasks": [
    {
      "label": "E2E stable",
      "type": "shell",
      "command": "npm",
      "args": ["run", "test:e2e"],
      "options": {
        "cwd": "${workspaceFolder}/frontend"
      },
      "group": "test",
      "problemMatcher": []
    },
    {
      "label": "E2E stable + merged video",
      "type": "shell",
      "command": "npm",
      "args": ["run", "test:e2e:with-video"],
      "options": {
        "cwd": "${workspaceFolder}/frontend"
      },
      "group": "test",
      "problemMatcher": []
    },
    {
      "label": "E2E all browsers",
      "type": "shell",
      "command": "npm",
      "args": ["run", "test:e2e:all"],
      "options": {
        "cwd": "${workspaceFolder}/frontend"
      },
      "group": "test",
      "problemMatcher": []
    },
    {
      "label": "E2E all browsers + merged video",
      "type": "shell",
      "command": "npm",
      "args": ["run", "test:e2e:all:with-video"],
      "options": {
        "cwd": "${workspaceFolder}/frontend"
      },
      "group": "test",
      "problemMatcher": []
    }
  ]
 }
@@ -17,11 +17,6 @@
  <img src="https://img.shields.io/badge/Docker-Ready-2496ED?logo=docker" alt="Docker" />
 </p>
 <p align="center">
  <img src="https://img.shields.io/badge/Backend_Tests-569%2F569-brightgreen?logo=vitest" alt="Backend Tests 454/454" />
  <img src="https://img.shields.io/badge/Frontend_Tests-777%2F777-brightgreen?logo=vitest" alt="Frontend Tests 611/611" />
 </p>
 ### 🤖 AI-Generated Code
 > This app was 100% coded with Claude Opus 4.5. Use at your own risk.
@@ -120,10 +115,9 @@ Share your medication schedule with others via a public link.
 </details>
 ### Smart Inventory
- Track exact stock: packs, blisters, bottles, and loose pills
+- Track exact stock: packs, blisters, and loose pills
 - Display remaining days of supply
 - Automatic calculation based on intake schedule
 - Manual stock correction supports partial blisters and loose pills
 ### Medication Refill
 - One-click refill with pack or loose pill options
@@ -133,7 +127,6 @@ Share your medication schedule with others via a public link.
 ### Flexible Schedules
 - Daily, weekly, or custom intervals per medication
 - Independent schedules for each medication
 - Optional timeline filters for dashboard and shared schedule views
 ### Stock Alerts & Reminders
 - Notifications before stock runs out
@@ -143,11 +136,6 @@ Share your medication schedule with others via a public link.
 ### Trip Planner
 - Calculate how many pills you need for a trip or date range
 - Plan ahead for vacations, business trips, or hospital stays
 - Send demand reports via email or push notification
 ### Reports
 - Generate medication reports as PDF, Markdown, or plain text
 - Include intake history, refill history, and prescription details
 ### Multi-Person Support
 - Manage medications for multiple people
@@ -219,7 +207,7 @@ Generate secrets with: `openssl rand -hex 32`
 | `OIDC_ISSUER_URL` | — | OIDC provider URL |
 | `OIDC_CLIENT_ID` | — | Client ID from OIDC provider |
 | `OIDC_CLIENT_SECRET` | — | Client secret from OIDC provider |
-| `OIDC_REDIRECT_URI` | — | Full callback URL (e.g., `https://your-domain.com/api/auth/oidc/callback`) |
+| `OIDC_REDIRECT_URI` | — | Callback URL |
 | `OIDC_SCOPES` | `openid profile email` | Scopes to request |
 | `OIDC_USERNAME_CLAIM` | `preferred_username` | Claim for username |
 | `OIDC_AUTO_CREATE_USERS` | `true` | Auto-create users on first SSO login |
@@ -261,14 +249,6 @@ Configure push notifications in Settings → Push, or set defaults via environme
 | `DEFAULT_SHOUTRRR_STOCK_REMINDERS` | `true` | Send stock warnings via push |
 | `DEFAULT_SHOUTRRR_INTAKE_REMINDERS` | `true` | Send intake reminders via push |
 ### Default User Settings
 These defaults are applied when a new user is created. Once a user saves settings in the app, their values take precedence.
 | Variable | Default | Description |
 |----------|---------|-------------|
 | `DEFAULT_SHARE_STOCK_STATUS` | `true` | Show stock status (Normal/Low/Critical) on shared schedule links |
 #### URL Examples
 **ntfy** (free, self-hostable):
@@ -1,35 +0,0 @@
 # Dependencies
 node_modules/
 # Build outputs
 dist/
 coverage/
 # Development files
 *.log
 npm-debug.log*
 # Test files
 src/test/
 *.test.ts
 vitest.config.ts
 # Local data (mounted as volume in production)
 data/
 # IDE
 .vscode/
 .idea/
 # OS files
 .DS_Store
 Thumbs.db
 # Git
 .git/
 .gitignore
 # Docker
 Dockerfile
 .dockerignore
 docker-compose*.yml
@@ -5,6 +5,6 @@ export default defineConfig({
  out: "./drizzle",
  dialect: "sqlite",
  dbCredentials: {
-    url: process.env.DATABASE_URL || "./data/medassist-ng.db",
+    url: process.env.DATABASE_URL || "./data/medassist.db",
  },
 });
@@ -1,3 +0,0 @@
 ALTER TABLE `medications` ADD `dismissed_until` text;--> statement-breakpoint
 ALTER TABLE `user_settings` ADD `last_reminder_med_name` text;--> statement-breakpoint
 ALTER TABLE `user_settings` ADD `last_reminder_taken_by` text;
@@ -1,3 +0,0 @@
 -- Add package type support (blister vs bottle)
 ALTER TABLE medications ADD COLUMN package_type TEXT DEFAULT 'blister' NOT NULL;
 ALTER TABLE medications ADD COLUMN total_pills INTEGER;
@@ -1,3 +0,0 @@
 -- Add dose_unit column and intakes JSON array for per-intake takenBy support
 ALTER TABLE `medications` ADD `dose_unit` text(20) DEFAULT 'mg';--> statement-breakpoint
 ALTER TABLE `medications` ADD `intakes_json` text DEFAULT '[]' NOT NULL;
@@ -1,3 +0,0 @@
 ALTER TABLE `user_settings` ADD `last_stock_reminder_sent` text;--> statement-breakpoint
 ALTER TABLE `user_settings` ADD `last_stock_reminder_channel` text;--> statement-breakpoint
 ALTER TABLE `user_settings` ADD `last_stock_reminder_med_names` text;
@@ -1 +0,0 @@
 ALTER TABLE `user_settings` ADD `share_stock_status` integer DEFAULT true NOT NULL;
@@ -1,2 +0,0 @@
 ALTER TABLE `medications` ADD `is_obsolete` integer DEFAULT false NOT NULL;
 ALTER TABLE `medications` ADD `obsolete_at` integer;
@@ -1,8 +0,0 @@
 ALTER TABLE `medications` ADD `prescription_enabled` integer NOT NULL DEFAULT 0;
 ALTER TABLE `medications` ADD `prescription_authorized_refills` integer;
 ALTER TABLE `medications` ADD `prescription_remaining_refills` integer;
 ALTER TABLE `medications` ADD `prescription_low_refill_threshold` integer NOT NULL DEFAULT 1;
 ALTER TABLE `medications` ADD `prescription_expiry_date` text;
 ALTER TABLE `user_settings` ADD `email_prescription_reminders` integer NOT NULL DEFAULT 1;
 ALTER TABLE `user_settings` ADD `shoutrrr_prescription_reminders` integer NOT NULL DEFAULT 1;
@@ -1 +0,0 @@
 ALTER TABLE `medications` ADD `medication_start_date` text DEFAULT '' NOT NULL;
@@ -1 +0,0 @@
 ALTER TABLE `dose_tracking` ADD `taken_source` text DEFAULT 'manual' NOT NULL;
@@ -1,855 +0,0 @@
 {
  "version": "6",
  "dialect": "sqlite",
  "id": "4f1d8273-1e60-4da1-9bfc-bd51c2784836",
  "prevId": "098ee506-e43d-4ccb-bee5-c387905695ab",
  "tables": {
    "dose_tracking": {
      "name": "dose_tracking",
      "columns": {
        "id": {
          "name": "id",
          "type": "integer",
          "primaryKey": true,
          "notNull": true,
          "autoincrement": true
        },
        "user_id": {
          "name": "user_id",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "dose_id": {
          "name": "dose_id",
          "type": "text(255)",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "taken_at": {
          "name": "taken_at",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "(strftime('%s','now'))"
        },
        "marked_by": {
          "name": "marked_by",
          "type": "text(100)",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "dismissed": {
          "name": "dismissed",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": false
        }
      },
      "indexes": {},
      "foreignKeys": {
        "dose_tracking_user_id_users_id_fk": {
          "name": "dose_tracking_user_id_users_id_fk",
          "tableFrom": "dose_tracking",
          "tableTo": "users",
          "columnsFrom": [
            "user_id"
          ],
          "columnsTo": [
            "id"
          ],
          "onDelete": "cascade",
          "onUpdate": "no action"
        }
      },
      "compositePrimaryKeys": {},
      "uniqueConstraints": {},
      "checkConstraints": {}
    },
    "medications": {
      "name": "medications",
      "columns": {
        "id": {
          "name": "id",
          "type": "integer",
          "primaryKey": true,
          "notNull": true,
          "autoincrement": true
        },
        "user_id": {
          "name": "user_id",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "name": {
          "name": "name",
          "type": "text(100)",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "generic_name": {
          "name": "generic_name",
          "type": "text(100)",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "taken_by_json": {
          "name": "taken_by_json",
          "type": "text",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "'[]'"
        },
        "pack_count": {
          "name": "pack_count",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 1
        },
        "blisters_per_pack": {
          "name": "blisters_per_pack",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 1
        },
        "pills_per_blister": {
          "name": "pills_per_blister",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 1
        },
        "loose_tablets": {
          "name": "loose_tablets",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 0
        },
        "stock_adjustment": {
          "name": "stock_adjustment",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 0
        },
        "last_stock_correction_at": {
          "name": "last_stock_correction_at",
          "type": "integer",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "pill_weight_mg": {
          "name": "pill_weight_mg",
          "type": "integer",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "usage_json": {
          "name": "usage_json",
          "type": "text",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "'[]'"
        },
        "every_json": {
          "name": "every_json",
          "type": "text",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "'[]'"
        },
        "start_json": {
          "name": "start_json",
          "type": "text",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "'[]'"
        },
        "image_url": {
          "name": "image_url",
          "type": "text",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "expiry_date": {
          "name": "expiry_date",
          "type": "text",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "notes": {
          "name": "notes",
          "type": "text",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "intake_reminders_enabled": {
          "name": "intake_reminders_enabled",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": false
        },
        "dismissed_until": {
          "name": "dismissed_until",
          "type": "text",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "updated_at": {
          "name": "updated_at",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "CURRENT_TIMESTAMP"
        }
      },
      "indexes": {},
      "foreignKeys": {
        "medications_user_id_users_id_fk": {
          "name": "medications_user_id_users_id_fk",
          "tableFrom": "medications",
          "tableTo": "users",
          "columnsFrom": [
            "user_id"
          ],
          "columnsTo": [
            "id"
          ],
          "onDelete": "cascade",
          "onUpdate": "no action"
        }
      },
      "compositePrimaryKeys": {},
      "uniqueConstraints": {},
      "checkConstraints": {}
    },
    "refill_history": {
      "name": "refill_history",
      "columns": {
        "id": {
          "name": "id",
          "type": "integer",
          "primaryKey": true,
          "notNull": true,
          "autoincrement": true
        },
        "medication_id": {
          "name": "medication_id",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "user_id": {
          "name": "user_id",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "packs_added": {
          "name": "packs_added",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 0
        },
        "loose_pills_added": {
          "name": "loose_pills_added",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 0
        },
        "refill_date": {
          "name": "refill_date",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "(strftime('%s','now'))"
        }
      },
      "indexes": {},
      "foreignKeys": {
        "refill_history_medication_id_medications_id_fk": {
          "name": "refill_history_medication_id_medications_id_fk",
          "tableFrom": "refill_history",
          "tableTo": "medications",
          "columnsFrom": [
            "medication_id"
          ],
          "columnsTo": [
            "id"
          ],
          "onDelete": "cascade",
          "onUpdate": "no action"
        },
        "refill_history_user_id_users_id_fk": {
          "name": "refill_history_user_id_users_id_fk",
          "tableFrom": "refill_history",
          "tableTo": "users",
          "columnsFrom": [
            "user_id"
          ],
          "columnsTo": [
            "id"
          ],
          "onDelete": "cascade",
          "onUpdate": "no action"
        }
      },
      "compositePrimaryKeys": {},
      "uniqueConstraints": {},
      "checkConstraints": {}
    },
    "refresh_tokens": {
      "name": "refresh_tokens",
      "columns": {
        "id": {
          "name": "id",
          "type": "integer",
          "primaryKey": true,
          "notNull": true,
          "autoincrement": true
        },
        "user_id": {
          "name": "user_id",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "token_id": {
          "name": "token_id",
          "type": "text(255)",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "expires_at": {
          "name": "expires_at",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "rotated_at": {
          "name": "rotated_at",
          "type": "integer",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "revoked": {
          "name": "revoked",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": false
        },
        "created_at": {
          "name": "created_at",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "CURRENT_TIMESTAMP"
        }
      },
      "indexes": {
        "refresh_tokens_token_id_unique": {
          "name": "refresh_tokens_token_id_unique",
          "columns": [
            "token_id"
          ],
          "isUnique": true
        }
      },
      "foreignKeys": {
        "refresh_tokens_user_id_users_id_fk": {
          "name": "refresh_tokens_user_id_users_id_fk",
          "tableFrom": "refresh_tokens",
          "tableTo": "users",
          "columnsFrom": [
            "user_id"
          ],
          "columnsTo": [
            "id"
          ],
          "onDelete": "cascade",
          "onUpdate": "no action"
        }
      },
      "compositePrimaryKeys": {},
      "uniqueConstraints": {},
      "checkConstraints": {}
    },
    "share_tokens": {
      "name": "share_tokens",
      "columns": {
        "id": {
          "name": "id",
          "type": "integer",
          "primaryKey": true,
          "notNull": true,
          "autoincrement": true
        },
        "user_id": {
          "name": "user_id",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "token": {
          "name": "token",
          "type": "text(64)",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "taken_by": {
          "name": "taken_by",
          "type": "text(100)",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "schedule_days": {
          "name": "schedule_days",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 30
        },
        "created_at": {
          "name": "created_at",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "CURRENT_TIMESTAMP"
        },
        "expires_at": {
          "name": "expires_at",
          "type": "integer",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        }
      },
      "indexes": {
        "share_tokens_token_unique": {
          "name": "share_tokens_token_unique",
          "columns": [
            "token"
          ],
          "isUnique": true
        }
      },
      "foreignKeys": {
        "share_tokens_user_id_users_id_fk": {
          "name": "share_tokens_user_id_users_id_fk",
          "tableFrom": "share_tokens",
          "tableTo": "users",
          "columnsFrom": [
            "user_id"
          ],
          "columnsTo": [
            "id"
          ],
          "onDelete": "cascade",
          "onUpdate": "no action"
        }
      },
      "compositePrimaryKeys": {},
      "uniqueConstraints": {},
      "checkConstraints": {}
    },
    "user_settings": {
      "name": "user_settings",
      "columns": {
        "id": {
          "name": "id",
          "type": "integer",
          "primaryKey": true,
          "notNull": true,
          "autoincrement": true
        },
        "user_id": {
          "name": "user_id",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "email_enabled": {
          "name": "email_enabled",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": false
        },
        "notification_email": {
          "name": "notification_email",
          "type": "text",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "email_stock_reminders": {
          "name": "email_stock_reminders",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": true
        },
        "email_intake_reminders": {
          "name": "email_intake_reminders",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": true
        },
        "shoutrrr_enabled": {
          "name": "shoutrrr_enabled",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": false
        },
        "shoutrrr_url": {
          "name": "shoutrrr_url",
          "type": "text",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "shoutrrr_stock_reminders": {
          "name": "shoutrrr_stock_reminders",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": true
        },
        "shoutrrr_intake_reminders": {
          "name": "shoutrrr_intake_reminders",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": true
        },
        "reminder_days_before": {
          "name": "reminder_days_before",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 7
        },
        "repeat_daily_reminders": {
          "name": "repeat_daily_reminders",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": false
        },
        "skip_reminders_for_taken_doses": {
          "name": "skip_reminders_for_taken_doses",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": false
        },
        "repeat_reminders_enabled": {
          "name": "repeat_reminders_enabled",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": false
        },
        "reminder_repeat_interval_minutes": {
          "name": "reminder_repeat_interval_minutes",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 30
        },
        "max_nagging_reminders": {
          "name": "max_nagging_reminders",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 5
        },
        "low_stock_days": {
          "name": "low_stock_days",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 30
        },
        "normal_stock_days": {
          "name": "normal_stock_days",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 90
        },
        "high_stock_days": {
          "name": "high_stock_days",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 180
        },
        "expiry_warning_days": {
          "name": "expiry_warning_days",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 90
        },
        "language": {
          "name": "language",
          "type": "text(10)",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "'en'"
        },
        "stock_calculation_mode": {
          "name": "stock_calculation_mode",
          "type": "text(20)",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "'automatic'"
        },
        "last_auto_email_sent": {
          "name": "last_auto_email_sent",
          "type": "text",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "last_notification_type": {
          "name": "last_notification_type",
          "type": "text",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "last_notification_channel": {
          "name": "last_notification_channel",
          "type": "text",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "last_reminder_med_name": {
          "name": "last_reminder_med_name",
          "type": "text",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "last_reminder_taken_by": {
          "name": "last_reminder_taken_by",
          "type": "text",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "updated_at": {
          "name": "updated_at",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "CURRENT_TIMESTAMP"
        }
      },
      "indexes": {
        "user_settings_user_id_unique": {
          "name": "user_settings_user_id_unique",
          "columns": [
            "user_id"
          ],
          "isUnique": true
        }
      },
      "foreignKeys": {
        "user_settings_user_id_users_id_fk": {
          "name": "user_settings_user_id_users_id_fk",
          "tableFrom": "user_settings",
          "tableTo": "users",
          "columnsFrom": [
            "user_id"
          ],
          "columnsTo": [
            "id"
          ],
          "onDelete": "cascade",
          "onUpdate": "no action"
        }
      },
      "compositePrimaryKeys": {},
      "uniqueConstraints": {},
      "checkConstraints": {}
    },
    "users": {
      "name": "users",
      "columns": {
        "id": {
          "name": "id",
          "type": "integer",
          "primaryKey": true,
          "notNull": true,
          "autoincrement": true
        },
        "username": {
          "name": "username",
          "type": "text(100)",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "password_hash": {
          "name": "password_hash",
          "type": "text(255)",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "avatar_url": {
          "name": "avatar_url",
          "type": "text(255)",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "auth_provider": {
          "name": "auth_provider",
          "type": "text(50)",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "'local'"
        },
        "oidc_subject": {
          "name": "oidc_subject",
          "type": "text(255)",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "is_active": {
          "name": "is_active",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": true
        },
        "last_login_at": {
          "name": "last_login_at",
          "type": "integer",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "created_at": {
          "name": "created_at",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "CURRENT_TIMESTAMP"
        },
        "updated_at": {
          "name": "updated_at",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "CURRENT_TIMESTAMP"
        }
      },
      "indexes": {
        "users_username_unique": {
          "name": "users_username_unique",
          "columns": [
            "username"
          ],
          "isUnique": true
        }
      },
      "foreignKeys": {},
      "compositePrimaryKeys": {},
      "uniqueConstraints": {},
      "checkConstraints": {}
    }
  },
  "views": {},
  "enums": {},
  "_meta": {
    "schemas": {},
    "tables": {},
    "columns": {}
  },
  "internal": {
    "indexes": {}
  }
 }
@@ -1,886 +0,0 @@
 {
  "version": "6",
  "dialect": "sqlite",
  "id": "fb61e5fd-152d-4e61-8836-e2fd1d28e3f0",
  "prevId": "4f1d8273-1e60-4da1-9bfc-bd51c2784836",
  "tables": {
    "dose_tracking": {
      "name": "dose_tracking",
      "columns": {
        "id": {
          "name": "id",
          "type": "integer",
          "primaryKey": true,
          "notNull": true,
          "autoincrement": true
        },
        "user_id": {
          "name": "user_id",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "dose_id": {
          "name": "dose_id",
          "type": "text(255)",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "taken_at": {
          "name": "taken_at",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "(strftime('%s','now'))"
        },
        "marked_by": {
          "name": "marked_by",
          "type": "text(100)",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "dismissed": {
          "name": "dismissed",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": false
        }
      },
      "indexes": {},
      "foreignKeys": {
        "dose_tracking_user_id_users_id_fk": {
          "name": "dose_tracking_user_id_users_id_fk",
          "tableFrom": "dose_tracking",
          "tableTo": "users",
          "columnsFrom": [
            "user_id"
          ],
          "columnsTo": [
            "id"
          ],
          "onDelete": "cascade",
          "onUpdate": "no action"
        }
      },
      "compositePrimaryKeys": {},
      "uniqueConstraints": {},
      "checkConstraints": {}
    },
    "medications": {
      "name": "medications",
      "columns": {
        "id": {
          "name": "id",
          "type": "integer",
          "primaryKey": true,
          "notNull": true,
          "autoincrement": true
        },
        "user_id": {
          "name": "user_id",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "name": {
          "name": "name",
          "type": "text(100)",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "generic_name": {
          "name": "generic_name",
          "type": "text(100)",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "taken_by_json": {
          "name": "taken_by_json",
          "type": "text",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "'[]'"
        },
        "package_type": {
          "name": "package_type",
          "type": "text(20)",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "'blister'"
        },
        "pack_count": {
          "name": "pack_count",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 1
        },
        "blisters_per_pack": {
          "name": "blisters_per_pack",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 1
        },
        "pills_per_blister": {
          "name": "pills_per_blister",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 1
        },
        "total_pills": {
          "name": "total_pills",
          "type": "integer",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "loose_tablets": {
          "name": "loose_tablets",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 0
        },
        "stock_adjustment": {
          "name": "stock_adjustment",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 0
        },
        "last_stock_correction_at": {
          "name": "last_stock_correction_at",
          "type": "integer",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "pill_weight_mg": {
          "name": "pill_weight_mg",
          "type": "integer",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "dose_unit": {
          "name": "dose_unit",
          "type": "text(20)",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false,
          "default": "'mg'"
        },
        "usage_json": {
          "name": "usage_json",
          "type": "text",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "'[]'"
        },
        "every_json": {
          "name": "every_json",
          "type": "text",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "'[]'"
        },
        "start_json": {
          "name": "start_json",
          "type": "text",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "'[]'"
        },
        "intakes_json": {
          "name": "intakes_json",
          "type": "text",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "'[]'"
        },
        "image_url": {
          "name": "image_url",
          "type": "text",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "expiry_date": {
          "name": "expiry_date",
          "type": "text",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "notes": {
          "name": "notes",
          "type": "text",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "intake_reminders_enabled": {
          "name": "intake_reminders_enabled",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": false
        },
        "dismissed_until": {
          "name": "dismissed_until",
          "type": "text",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "updated_at": {
          "name": "updated_at",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "CURRENT_TIMESTAMP"
        }
      },
      "indexes": {},
      "foreignKeys": {
        "medications_user_id_users_id_fk": {
          "name": "medications_user_id_users_id_fk",
          "tableFrom": "medications",
          "tableTo": "users",
          "columnsFrom": [
            "user_id"
          ],
          "columnsTo": [
            "id"
          ],
          "onDelete": "cascade",
          "onUpdate": "no action"
        }
      },
      "compositePrimaryKeys": {},
      "uniqueConstraints": {},
      "checkConstraints": {}
    },
    "refill_history": {
      "name": "refill_history",
      "columns": {
        "id": {
          "name": "id",
          "type": "integer",
          "primaryKey": true,
          "notNull": true,
          "autoincrement": true
        },
        "medication_id": {
          "name": "medication_id",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "user_id": {
          "name": "user_id",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "packs_added": {
          "name": "packs_added",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 0
        },
        "loose_pills_added": {
          "name": "loose_pills_added",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 0
        },
        "refill_date": {
          "name": "refill_date",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "(strftime('%s','now'))"
        }
      },
      "indexes": {},
      "foreignKeys": {
        "refill_history_medication_id_medications_id_fk": {
          "name": "refill_history_medication_id_medications_id_fk",
          "tableFrom": "refill_history",
          "tableTo": "medications",
          "columnsFrom": [
            "medication_id"
          ],
          "columnsTo": [
            "id"
          ],
          "onDelete": "cascade",
          "onUpdate": "no action"
        },
        "refill_history_user_id_users_id_fk": {
          "name": "refill_history_user_id_users_id_fk",
          "tableFrom": "refill_history",
          "tableTo": "users",
          "columnsFrom": [
            "user_id"
          ],
          "columnsTo": [
            "id"
          ],
          "onDelete": "cascade",
          "onUpdate": "no action"
        }
      },
      "compositePrimaryKeys": {},
      "uniqueConstraints": {},
      "checkConstraints": {}
    },
    "refresh_tokens": {
      "name": "refresh_tokens",
      "columns": {
        "id": {
          "name": "id",
          "type": "integer",
          "primaryKey": true,
          "notNull": true,
          "autoincrement": true
        },
        "user_id": {
          "name": "user_id",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "token_id": {
          "name": "token_id",
          "type": "text(255)",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "expires_at": {
          "name": "expires_at",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "rotated_at": {
          "name": "rotated_at",
          "type": "integer",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "revoked": {
          "name": "revoked",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": false
        },
        "created_at": {
          "name": "created_at",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "CURRENT_TIMESTAMP"
        }
      },
      "indexes": {
        "refresh_tokens_token_id_unique": {
          "name": "refresh_tokens_token_id_unique",
          "columns": [
            "token_id"
          ],
          "isUnique": true
        }
      },
      "foreignKeys": {
        "refresh_tokens_user_id_users_id_fk": {
          "name": "refresh_tokens_user_id_users_id_fk",
          "tableFrom": "refresh_tokens",
          "tableTo": "users",
          "columnsFrom": [
            "user_id"
          ],
          "columnsTo": [
            "id"
          ],
          "onDelete": "cascade",
          "onUpdate": "no action"
        }
      },
      "compositePrimaryKeys": {},
      "uniqueConstraints": {},
      "checkConstraints": {}
    },
    "share_tokens": {
      "name": "share_tokens",
      "columns": {
        "id": {
          "name": "id",
          "type": "integer",
          "primaryKey": true,
          "notNull": true,
          "autoincrement": true
        },
        "user_id": {
          "name": "user_id",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "token": {
          "name": "token",
          "type": "text(64)",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "taken_by": {
          "name": "taken_by",
          "type": "text(100)",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "schedule_days": {
          "name": "schedule_days",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 30
        },
        "created_at": {
          "name": "created_at",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "CURRENT_TIMESTAMP"
        },
        "expires_at": {
          "name": "expires_at",
          "type": "integer",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        }
      },
      "indexes": {
        "share_tokens_token_unique": {
          "name": "share_tokens_token_unique",
          "columns": [
            "token"
          ],
          "isUnique": true
        }
      },
      "foreignKeys": {
        "share_tokens_user_id_users_id_fk": {
          "name": "share_tokens_user_id_users_id_fk",
          "tableFrom": "share_tokens",
          "tableTo": "users",
          "columnsFrom": [
            "user_id"
          ],
          "columnsTo": [
            "id"
          ],
          "onDelete": "cascade",
          "onUpdate": "no action"
        }
      },
      "compositePrimaryKeys": {},
      "uniqueConstraints": {},
      "checkConstraints": {}
    },
    "user_settings": {
      "name": "user_settings",
      "columns": {
        "id": {
          "name": "id",
          "type": "integer",
          "primaryKey": true,
          "notNull": true,
          "autoincrement": true
        },
        "user_id": {
          "name": "user_id",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "email_enabled": {
          "name": "email_enabled",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": false
        },
        "notification_email": {
          "name": "notification_email",
          "type": "text",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "email_stock_reminders": {
          "name": "email_stock_reminders",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": true
        },
        "email_intake_reminders": {
          "name": "email_intake_reminders",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": true
        },
        "shoutrrr_enabled": {
          "name": "shoutrrr_enabled",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": false
        },
        "shoutrrr_url": {
          "name": "shoutrrr_url",
          "type": "text",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "shoutrrr_stock_reminders": {
          "name": "shoutrrr_stock_reminders",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": true
        },
        "shoutrrr_intake_reminders": {
          "name": "shoutrrr_intake_reminders",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": true
        },
        "reminder_days_before": {
          "name": "reminder_days_before",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 7
        },
        "repeat_daily_reminders": {
          "name": "repeat_daily_reminders",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": false
        },
        "skip_reminders_for_taken_doses": {
          "name": "skip_reminders_for_taken_doses",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": false
        },
        "repeat_reminders_enabled": {
          "name": "repeat_reminders_enabled",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": false
        },
        "reminder_repeat_interval_minutes": {
          "name": "reminder_repeat_interval_minutes",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 30
        },
        "max_nagging_reminders": {
          "name": "max_nagging_reminders",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 5
        },
        "low_stock_days": {
          "name": "low_stock_days",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 30
        },
        "normal_stock_days": {
          "name": "normal_stock_days",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 90
        },
        "high_stock_days": {
          "name": "high_stock_days",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 180
        },
        "expiry_warning_days": {
          "name": "expiry_warning_days",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 90
        },
        "language": {
          "name": "language",
          "type": "text(10)",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "'en'"
        },
        "stock_calculation_mode": {
          "name": "stock_calculation_mode",
          "type": "text(20)",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "'automatic'"
        },
        "last_auto_email_sent": {
          "name": "last_auto_email_sent",
          "type": "text",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "last_notification_type": {
          "name": "last_notification_type",
          "type": "text",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "last_notification_channel": {
          "name": "last_notification_channel",
          "type": "text",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "last_reminder_med_name": {
          "name": "last_reminder_med_name",
          "type": "text",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "last_reminder_taken_by": {
          "name": "last_reminder_taken_by",
          "type": "text",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "updated_at": {
          "name": "updated_at",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "CURRENT_TIMESTAMP"
        }
      },
      "indexes": {
        "user_settings_user_id_unique": {
          "name": "user_settings_user_id_unique",
          "columns": [
            "user_id"
          ],
          "isUnique": true
        }
      },
      "foreignKeys": {
        "user_settings_user_id_users_id_fk": {
          "name": "user_settings_user_id_users_id_fk",
          "tableFrom": "user_settings",
          "tableTo": "users",
          "columnsFrom": [
            "user_id"
          ],
          "columnsTo": [
            "id"
          ],
          "onDelete": "cascade",
          "onUpdate": "no action"
        }
      },
      "compositePrimaryKeys": {},
      "uniqueConstraints": {},
      "checkConstraints": {}
    },
    "users": {
      "name": "users",
      "columns": {
        "id": {
          "name": "id",
          "type": "integer",
          "primaryKey": true,
          "notNull": true,
          "autoincrement": true
        },
        "username": {
          "name": "username",
          "type": "text(100)",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "password_hash": {
          "name": "password_hash",
          "type": "text(255)",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "avatar_url": {
          "name": "avatar_url",
          "type": "text(255)",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "auth_provider": {
          "name": "auth_provider",
          "type": "text(50)",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "'local'"
        },
        "oidc_subject": {
          "name": "oidc_subject",
          "type": "text(255)",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "is_active": {
          "name": "is_active",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": true
        },
        "last_login_at": {
          "name": "last_login_at",
          "type": "integer",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "created_at": {
          "name": "created_at",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "CURRENT_TIMESTAMP"
        },
        "updated_at": {
          "name": "updated_at",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "CURRENT_TIMESTAMP"
        }
      },
      "indexes": {
        "users_username_unique": {
          "name": "users_username_unique",
          "columns": [
            "username"
          ],
          "isUnique": true
        }
      },
      "foreignKeys": {},
      "compositePrimaryKeys": {},
      "uniqueConstraints": {},
      "checkConstraints": {}
    }
  },
  "views": {},
  "enums": {},
  "_meta": {
    "schemas": {},
    "tables": {},
    "columns": {}
  },
  "internal": {
    "indexes": {}
  }
 }
@@ -1,907 +0,0 @@
 {
  "version": "6",
  "dialect": "sqlite",
  "id": "7cd75e33-b3d8-4930-a60b-2a0a9f644c6d",
  "prevId": "fb61e5fd-152d-4e61-8836-e2fd1d28e3f0",
  "tables": {
    "dose_tracking": {
      "name": "dose_tracking",
      "columns": {
        "id": {
          "name": "id",
          "type": "integer",
          "primaryKey": true,
          "notNull": true,
          "autoincrement": true
        },
        "user_id": {
          "name": "user_id",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "dose_id": {
          "name": "dose_id",
          "type": "text(255)",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "taken_at": {
          "name": "taken_at",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "(strftime('%s','now'))"
        },
        "marked_by": {
          "name": "marked_by",
          "type": "text(100)",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "dismissed": {
          "name": "dismissed",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": false
        }
      },
      "indexes": {},
      "foreignKeys": {
        "dose_tracking_user_id_users_id_fk": {
          "name": "dose_tracking_user_id_users_id_fk",
          "tableFrom": "dose_tracking",
          "tableTo": "users",
          "columnsFrom": [
            "user_id"
          ],
          "columnsTo": [
            "id"
          ],
          "onDelete": "cascade",
          "onUpdate": "no action"
        }
      },
      "compositePrimaryKeys": {},
      "uniqueConstraints": {},
      "checkConstraints": {}
    },
    "medications": {
      "name": "medications",
      "columns": {
        "id": {
          "name": "id",
          "type": "integer",
          "primaryKey": true,
          "notNull": true,
          "autoincrement": true
        },
        "user_id": {
          "name": "user_id",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "name": {
          "name": "name",
          "type": "text(100)",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "generic_name": {
          "name": "generic_name",
          "type": "text(100)",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "taken_by_json": {
          "name": "taken_by_json",
          "type": "text",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "'[]'"
        },
        "package_type": {
          "name": "package_type",
          "type": "text(20)",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "'blister'"
        },
        "pack_count": {
          "name": "pack_count",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 1
        },
        "blisters_per_pack": {
          "name": "blisters_per_pack",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 1
        },
        "pills_per_blister": {
          "name": "pills_per_blister",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 1
        },
        "total_pills": {
          "name": "total_pills",
          "type": "integer",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "loose_tablets": {
          "name": "loose_tablets",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 0
        },
        "stock_adjustment": {
          "name": "stock_adjustment",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 0
        },
        "last_stock_correction_at": {
          "name": "last_stock_correction_at",
          "type": "integer",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "pill_weight_mg": {
          "name": "pill_weight_mg",
          "type": "integer",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "dose_unit": {
          "name": "dose_unit",
          "type": "text(20)",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false,
          "default": "'mg'"
        },
        "usage_json": {
          "name": "usage_json",
          "type": "text",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "'[]'"
        },
        "every_json": {
          "name": "every_json",
          "type": "text",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "'[]'"
        },
        "start_json": {
          "name": "start_json",
          "type": "text",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "'[]'"
        },
        "intakes_json": {
          "name": "intakes_json",
          "type": "text",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "'[]'"
        },
        "image_url": {
          "name": "image_url",
          "type": "text",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "expiry_date": {
          "name": "expiry_date",
          "type": "text",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "notes": {
          "name": "notes",
          "type": "text",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "intake_reminders_enabled": {
          "name": "intake_reminders_enabled",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": false
        },
        "dismissed_until": {
          "name": "dismissed_until",
          "type": "text",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "updated_at": {
          "name": "updated_at",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "CURRENT_TIMESTAMP"
        }
      },
      "indexes": {},
      "foreignKeys": {
        "medications_user_id_users_id_fk": {
          "name": "medications_user_id_users_id_fk",
          "tableFrom": "medications",
          "tableTo": "users",
          "columnsFrom": [
            "user_id"
          ],
          "columnsTo": [
            "id"
          ],
          "onDelete": "cascade",
          "onUpdate": "no action"
        }
      },
      "compositePrimaryKeys": {},
      "uniqueConstraints": {},
      "checkConstraints": {}
    },
    "refill_history": {
      "name": "refill_history",
      "columns": {
        "id": {
          "name": "id",
          "type": "integer",
          "primaryKey": true,
          "notNull": true,
          "autoincrement": true
        },
        "medication_id": {
          "name": "medication_id",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "user_id": {
          "name": "user_id",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "packs_added": {
          "name": "packs_added",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 0
        },
        "loose_pills_added": {
          "name": "loose_pills_added",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 0
        },
        "refill_date": {
          "name": "refill_date",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "(strftime('%s','now'))"
        }
      },
      "indexes": {},
      "foreignKeys": {
        "refill_history_medication_id_medications_id_fk": {
          "name": "refill_history_medication_id_medications_id_fk",
          "tableFrom": "refill_history",
          "tableTo": "medications",
          "columnsFrom": [
            "medication_id"
          ],
          "columnsTo": [
            "id"
          ],
          "onDelete": "cascade",
          "onUpdate": "no action"
        },
        "refill_history_user_id_users_id_fk": {
          "name": "refill_history_user_id_users_id_fk",
          "tableFrom": "refill_history",
          "tableTo": "users",
          "columnsFrom": [
            "user_id"
          ],
          "columnsTo": [
            "id"
          ],
          "onDelete": "cascade",
          "onUpdate": "no action"
        }
      },
      "compositePrimaryKeys": {},
      "uniqueConstraints": {},
      "checkConstraints": {}
    },
    "refresh_tokens": {
      "name": "refresh_tokens",
      "columns": {
        "id": {
          "name": "id",
          "type": "integer",
          "primaryKey": true,
          "notNull": true,
          "autoincrement": true
        },
        "user_id": {
          "name": "user_id",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "token_id": {
          "name": "token_id",
          "type": "text(255)",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "expires_at": {
          "name": "expires_at",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "rotated_at": {
          "name": "rotated_at",
          "type": "integer",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "revoked": {
          "name": "revoked",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": false
        },
        "created_at": {
          "name": "created_at",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "CURRENT_TIMESTAMP"
        }
      },
      "indexes": {
        "refresh_tokens_token_id_unique": {
          "name": "refresh_tokens_token_id_unique",
          "columns": [
            "token_id"
          ],
          "isUnique": true
        }
      },
      "foreignKeys": {
        "refresh_tokens_user_id_users_id_fk": {
          "name": "refresh_tokens_user_id_users_id_fk",
          "tableFrom": "refresh_tokens",
          "tableTo": "users",
          "columnsFrom": [
            "user_id"
          ],
          "columnsTo": [
            "id"
          ],
          "onDelete": "cascade",
          "onUpdate": "no action"
        }
      },
      "compositePrimaryKeys": {},
      "uniqueConstraints": {},
      "checkConstraints": {}
    },
    "share_tokens": {
      "name": "share_tokens",
      "columns": {
        "id": {
          "name": "id",
          "type": "integer",
          "primaryKey": true,
          "notNull": true,
          "autoincrement": true
        },
        "user_id": {
          "name": "user_id",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "token": {
          "name": "token",
          "type": "text(64)",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "taken_by": {
          "name": "taken_by",
          "type": "text(100)",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "schedule_days": {
          "name": "schedule_days",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 30
        },
        "created_at": {
          "name": "created_at",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "CURRENT_TIMESTAMP"
        },
        "expires_at": {
          "name": "expires_at",
          "type": "integer",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        }
      },
      "indexes": {
        "share_tokens_token_unique": {
          "name": "share_tokens_token_unique",
          "columns": [
            "token"
          ],
          "isUnique": true
        }
      },
      "foreignKeys": {
        "share_tokens_user_id_users_id_fk": {
          "name": "share_tokens_user_id_users_id_fk",
          "tableFrom": "share_tokens",
          "tableTo": "users",
          "columnsFrom": [
            "user_id"
          ],
          "columnsTo": [
            "id"
          ],
          "onDelete": "cascade",
          "onUpdate": "no action"
        }
      },
      "compositePrimaryKeys": {},
      "uniqueConstraints": {},
      "checkConstraints": {}
    },
    "user_settings": {
      "name": "user_settings",
      "columns": {
        "id": {
          "name": "id",
          "type": "integer",
          "primaryKey": true,
          "notNull": true,
          "autoincrement": true
        },
        "user_id": {
          "name": "user_id",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "email_enabled": {
          "name": "email_enabled",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": false
        },
        "notification_email": {
          "name": "notification_email",
          "type": "text",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "email_stock_reminders": {
          "name": "email_stock_reminders",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": true
        },
        "email_intake_reminders": {
          "name": "email_intake_reminders",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": true
        },
        "shoutrrr_enabled": {
          "name": "shoutrrr_enabled",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": false
        },
        "shoutrrr_url": {
          "name": "shoutrrr_url",
          "type": "text",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "shoutrrr_stock_reminders": {
          "name": "shoutrrr_stock_reminders",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": true
        },
        "shoutrrr_intake_reminders": {
          "name": "shoutrrr_intake_reminders",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": true
        },
        "reminder_days_before": {
          "name": "reminder_days_before",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 7
        },
        "repeat_daily_reminders": {
          "name": "repeat_daily_reminders",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": false
        },
        "skip_reminders_for_taken_doses": {
          "name": "skip_reminders_for_taken_doses",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": false
        },
        "repeat_reminders_enabled": {
          "name": "repeat_reminders_enabled",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": false
        },
        "reminder_repeat_interval_minutes": {
          "name": "reminder_repeat_interval_minutes",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 30
        },
        "max_nagging_reminders": {
          "name": "max_nagging_reminders",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 5
        },
        "low_stock_days": {
          "name": "low_stock_days",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 30
        },
        "normal_stock_days": {
          "name": "normal_stock_days",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 90
        },
        "high_stock_days": {
          "name": "high_stock_days",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 180
        },
        "expiry_warning_days": {
          "name": "expiry_warning_days",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 90
        },
        "language": {
          "name": "language",
          "type": "text(10)",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "'en'"
        },
        "stock_calculation_mode": {
          "name": "stock_calculation_mode",
          "type": "text(20)",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "'automatic'"
        },
        "last_auto_email_sent": {
          "name": "last_auto_email_sent",
          "type": "text",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "last_notification_type": {
          "name": "last_notification_type",
          "type": "text",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "last_notification_channel": {
          "name": "last_notification_channel",
          "type": "text",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "last_reminder_med_name": {
          "name": "last_reminder_med_name",
          "type": "text",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "last_reminder_taken_by": {
          "name": "last_reminder_taken_by",
          "type": "text",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "last_stock_reminder_sent": {
          "name": "last_stock_reminder_sent",
          "type": "text",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "last_stock_reminder_channel": {
          "name": "last_stock_reminder_channel",
          "type": "text",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "last_stock_reminder_med_names": {
          "name": "last_stock_reminder_med_names",
          "type": "text",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "updated_at": {
          "name": "updated_at",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "CURRENT_TIMESTAMP"
        }
      },
      "indexes": {
        "user_settings_user_id_unique": {
          "name": "user_settings_user_id_unique",
          "columns": [
            "user_id"
          ],
          "isUnique": true
        }
      },
      "foreignKeys": {
        "user_settings_user_id_users_id_fk": {
          "name": "user_settings_user_id_users_id_fk",
          "tableFrom": "user_settings",
          "tableTo": "users",
          "columnsFrom": [
            "user_id"
          ],
          "columnsTo": [
            "id"
          ],
          "onDelete": "cascade",
          "onUpdate": "no action"
        }
      },
      "compositePrimaryKeys": {},
      "uniqueConstraints": {},
      "checkConstraints": {}
    },
    "users": {
      "name": "users",
      "columns": {
        "id": {
          "name": "id",
          "type": "integer",
          "primaryKey": true,
          "notNull": true,
          "autoincrement": true
        },
        "username": {
          "name": "username",
          "type": "text(100)",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "password_hash": {
          "name": "password_hash",
          "type": "text(255)",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "avatar_url": {
          "name": "avatar_url",
          "type": "text(255)",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "auth_provider": {
          "name": "auth_provider",
          "type": "text(50)",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "'local'"
        },
        "oidc_subject": {
          "name": "oidc_subject",
          "type": "text(255)",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "is_active": {
          "name": "is_active",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": true
        },
        "last_login_at": {
          "name": "last_login_at",
          "type": "integer",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "created_at": {
          "name": "created_at",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "CURRENT_TIMESTAMP"
        },
        "updated_at": {
          "name": "updated_at",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "CURRENT_TIMESTAMP"
        }
      },
      "indexes": {
        "users_username_unique": {
          "name": "users_username_unique",
          "columns": [
            "username"
          ],
          "isUnique": true
        }
      },
      "foreignKeys": {},
      "compositePrimaryKeys": {},
      "uniqueConstraints": {},
      "checkConstraints": {}
    }
  },
  "views": {},
  "enums": {},
  "_meta": {
    "schemas": {},
    "tables": {},
    "columns": {}
  },
  "internal": {
    "indexes": {}
  }
 }
@@ -1,915 +0,0 @@
 {
  "version": "6",
  "dialect": "sqlite",
  "id": "b6f1ee4b-cc31-4060-a4d4-bcd4fdc5bd87",
  "prevId": "7cd75e33-b3d8-4930-a60b-2a0a9f644c6d",
  "tables": {
    "dose_tracking": {
      "name": "dose_tracking",
      "columns": {
        "id": {
          "name": "id",
          "type": "integer",
          "primaryKey": true,
          "notNull": true,
          "autoincrement": true
        },
        "user_id": {
          "name": "user_id",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "dose_id": {
          "name": "dose_id",
          "type": "text(255)",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "taken_at": {
          "name": "taken_at",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "(strftime('%s','now'))"
        },
        "marked_by": {
          "name": "marked_by",
          "type": "text(100)",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "dismissed": {
          "name": "dismissed",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": false
        }
      },
      "indexes": {},
      "foreignKeys": {
        "dose_tracking_user_id_users_id_fk": {
          "name": "dose_tracking_user_id_users_id_fk",
          "tableFrom": "dose_tracking",
          "tableTo": "users",
          "columnsFrom": [
            "user_id"
          ],
          "columnsTo": [
            "id"
          ],
          "onDelete": "cascade",
          "onUpdate": "no action"
        }
      },
      "compositePrimaryKeys": {},
      "uniqueConstraints": {},
      "checkConstraints": {}
    },
    "medications": {
      "name": "medications",
      "columns": {
        "id": {
          "name": "id",
          "type": "integer",
          "primaryKey": true,
          "notNull": true,
          "autoincrement": true
        },
        "user_id": {
          "name": "user_id",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "name": {
          "name": "name",
          "type": "text(100)",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "generic_name": {
          "name": "generic_name",
          "type": "text(100)",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "taken_by_json": {
          "name": "taken_by_json",
          "type": "text",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "'[]'"
        },
        "package_type": {
          "name": "package_type",
          "type": "text(20)",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "'blister'"
        },
        "pack_count": {
          "name": "pack_count",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 1
        },
        "blisters_per_pack": {
          "name": "blisters_per_pack",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 1
        },
        "pills_per_blister": {
          "name": "pills_per_blister",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 1
        },
        "total_pills": {
          "name": "total_pills",
          "type": "integer",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "loose_tablets": {
          "name": "loose_tablets",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 0
        },
        "stock_adjustment": {
          "name": "stock_adjustment",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 0
        },
        "last_stock_correction_at": {
          "name": "last_stock_correction_at",
          "type": "integer",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "pill_weight_mg": {
          "name": "pill_weight_mg",
          "type": "integer",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "dose_unit": {
          "name": "dose_unit",
          "type": "text(20)",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false,
          "default": "'mg'"
        },
        "usage_json": {
          "name": "usage_json",
          "type": "text",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "'[]'"
        },
        "every_json": {
          "name": "every_json",
          "type": "text",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "'[]'"
        },
        "start_json": {
          "name": "start_json",
          "type": "text",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "'[]'"
        },
        "intakes_json": {
          "name": "intakes_json",
          "type": "text",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "'[]'"
        },
        "image_url": {
          "name": "image_url",
          "type": "text",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "expiry_date": {
          "name": "expiry_date",
          "type": "text",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "notes": {
          "name": "notes",
          "type": "text",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "intake_reminders_enabled": {
          "name": "intake_reminders_enabled",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": false
        },
        "dismissed_until": {
          "name": "dismissed_until",
          "type": "text",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "updated_at": {
          "name": "updated_at",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "CURRENT_TIMESTAMP"
        }
      },
      "indexes": {},
      "foreignKeys": {
        "medications_user_id_users_id_fk": {
          "name": "medications_user_id_users_id_fk",
          "tableFrom": "medications",
          "tableTo": "users",
          "columnsFrom": [
            "user_id"
          ],
          "columnsTo": [
            "id"
          ],
          "onDelete": "cascade",
          "onUpdate": "no action"
        }
      },
      "compositePrimaryKeys": {},
      "uniqueConstraints": {},
      "checkConstraints": {}
    },
    "refill_history": {
      "name": "refill_history",
      "columns": {
        "id": {
          "name": "id",
          "type": "integer",
          "primaryKey": true,
          "notNull": true,
          "autoincrement": true
        },
        "medication_id": {
          "name": "medication_id",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "user_id": {
          "name": "user_id",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "packs_added": {
          "name": "packs_added",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 0
        },
        "loose_pills_added": {
          "name": "loose_pills_added",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 0
        },
        "refill_date": {
          "name": "refill_date",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "(strftime('%s','now'))"
        }
      },
      "indexes": {},
      "foreignKeys": {
        "refill_history_medication_id_medications_id_fk": {
          "name": "refill_history_medication_id_medications_id_fk",
          "tableFrom": "refill_history",
          "tableTo": "medications",
          "columnsFrom": [
            "medication_id"
          ],
          "columnsTo": [
            "id"
          ],
          "onDelete": "cascade",
          "onUpdate": "no action"
        },
        "refill_history_user_id_users_id_fk": {
          "name": "refill_history_user_id_users_id_fk",
          "tableFrom": "refill_history",
          "tableTo": "users",
          "columnsFrom": [
            "user_id"
          ],
          "columnsTo": [
            "id"
          ],
          "onDelete": "cascade",
          "onUpdate": "no action"
        }
      },
      "compositePrimaryKeys": {},
      "uniqueConstraints": {},
      "checkConstraints": {}
    },
    "refresh_tokens": {
      "name": "refresh_tokens",
      "columns": {
        "id": {
          "name": "id",
          "type": "integer",
          "primaryKey": true,
          "notNull": true,
          "autoincrement": true
        },
        "user_id": {
          "name": "user_id",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "token_id": {
          "name": "token_id",
          "type": "text(255)",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "expires_at": {
          "name": "expires_at",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "rotated_at": {
          "name": "rotated_at",
          "type": "integer",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "revoked": {
          "name": "revoked",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": false
        },
        "created_at": {
          "name": "created_at",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "CURRENT_TIMESTAMP"
        }
      },
      "indexes": {
        "refresh_tokens_token_id_unique": {
          "name": "refresh_tokens_token_id_unique",
          "columns": [
            "token_id"
          ],
          "isUnique": true
        }
      },
      "foreignKeys": {
        "refresh_tokens_user_id_users_id_fk": {
          "name": "refresh_tokens_user_id_users_id_fk",
          "tableFrom": "refresh_tokens",
          "tableTo": "users",
          "columnsFrom": [
            "user_id"
          ],
          "columnsTo": [
            "id"
          ],
          "onDelete": "cascade",
          "onUpdate": "no action"
        }
      },
      "compositePrimaryKeys": {},
      "uniqueConstraints": {},
      "checkConstraints": {}
    },
    "share_tokens": {
      "name": "share_tokens",
      "columns": {
        "id": {
          "name": "id",
          "type": "integer",
          "primaryKey": true,
          "notNull": true,
          "autoincrement": true
        },
        "user_id": {
          "name": "user_id",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "token": {
          "name": "token",
          "type": "text(64)",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "taken_by": {
          "name": "taken_by",
          "type": "text(100)",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "schedule_days": {
          "name": "schedule_days",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 30
        },
        "created_at": {
          "name": "created_at",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "CURRENT_TIMESTAMP"
        },
        "expires_at": {
          "name": "expires_at",
          "type": "integer",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        }
      },
      "indexes": {
        "share_tokens_token_unique": {
          "name": "share_tokens_token_unique",
          "columns": [
            "token"
          ],
          "isUnique": true
        }
      },
      "foreignKeys": {
        "share_tokens_user_id_users_id_fk": {
          "name": "share_tokens_user_id_users_id_fk",
          "tableFrom": "share_tokens",
          "tableTo": "users",
          "columnsFrom": [
            "user_id"
          ],
          "columnsTo": [
            "id"
          ],
          "onDelete": "cascade",
          "onUpdate": "no action"
        }
      },
      "compositePrimaryKeys": {},
      "uniqueConstraints": {},
      "checkConstraints": {}
    },
    "user_settings": {
      "name": "user_settings",
      "columns": {
        "id": {
          "name": "id",
          "type": "integer",
          "primaryKey": true,
          "notNull": true,
          "autoincrement": true
        },
        "user_id": {
          "name": "user_id",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "email_enabled": {
          "name": "email_enabled",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": false
        },
        "notification_email": {
          "name": "notification_email",
          "type": "text",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "email_stock_reminders": {
          "name": "email_stock_reminders",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": true
        },
        "email_intake_reminders": {
          "name": "email_intake_reminders",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": true
        },
        "shoutrrr_enabled": {
          "name": "shoutrrr_enabled",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": false
        },
        "shoutrrr_url": {
          "name": "shoutrrr_url",
          "type": "text",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "shoutrrr_stock_reminders": {
          "name": "shoutrrr_stock_reminders",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": true
        },
        "shoutrrr_intake_reminders": {
          "name": "shoutrrr_intake_reminders",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": true
        },
        "reminder_days_before": {
          "name": "reminder_days_before",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 7
        },
        "repeat_daily_reminders": {
          "name": "repeat_daily_reminders",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": false
        },
        "skip_reminders_for_taken_doses": {
          "name": "skip_reminders_for_taken_doses",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": false
        },
        "repeat_reminders_enabled": {
          "name": "repeat_reminders_enabled",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": false
        },
        "reminder_repeat_interval_minutes": {
          "name": "reminder_repeat_interval_minutes",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 30
        },
        "max_nagging_reminders": {
          "name": "max_nagging_reminders",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 5
        },
        "low_stock_days": {
          "name": "low_stock_days",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 30
        },
        "normal_stock_days": {
          "name": "normal_stock_days",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 90
        },
        "high_stock_days": {
          "name": "high_stock_days",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 180
        },
        "expiry_warning_days": {
          "name": "expiry_warning_days",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": 90
        },
        "language": {
          "name": "language",
          "type": "text(10)",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "'en'"
        },
        "stock_calculation_mode": {
          "name": "stock_calculation_mode",
          "type": "text(20)",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "'automatic'"
        },
        "share_stock_status": {
          "name": "share_stock_status",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": true
        },
        "last_auto_email_sent": {
          "name": "last_auto_email_sent",
          "type": "text",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "last_notification_type": {
          "name": "last_notification_type",
          "type": "text",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "last_notification_channel": {
          "name": "last_notification_channel",
          "type": "text",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "last_reminder_med_name": {
          "name": "last_reminder_med_name",
          "type": "text",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "last_reminder_taken_by": {
          "name": "last_reminder_taken_by",
          "type": "text",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "last_stock_reminder_sent": {
          "name": "last_stock_reminder_sent",
          "type": "text",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "last_stock_reminder_channel": {
          "name": "last_stock_reminder_channel",
          "type": "text",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "last_stock_reminder_med_names": {
          "name": "last_stock_reminder_med_names",
          "type": "text",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "updated_at": {
          "name": "updated_at",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "CURRENT_TIMESTAMP"
        }
      },
      "indexes": {
        "user_settings_user_id_unique": {
          "name": "user_settings_user_id_unique",
          "columns": [
            "user_id"
          ],
          "isUnique": true
        }
      },
      "foreignKeys": {
        "user_settings_user_id_users_id_fk": {
          "name": "user_settings_user_id_users_id_fk",
          "tableFrom": "user_settings",
          "tableTo": "users",
          "columnsFrom": [
            "user_id"
          ],
          "columnsTo": [
            "id"
          ],
          "onDelete": "cascade",
          "onUpdate": "no action"
        }
      },
      "compositePrimaryKeys": {},
      "uniqueConstraints": {},
      "checkConstraints": {}
    },
    "users": {
      "name": "users",
      "columns": {
        "id": {
          "name": "id",
          "type": "integer",
          "primaryKey": true,
          "notNull": true,
          "autoincrement": true
        },
        "username": {
          "name": "username",
          "type": "text(100)",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false
        },
        "password_hash": {
          "name": "password_hash",
          "type": "text(255)",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "avatar_url": {
          "name": "avatar_url",
          "type": "text(255)",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "auth_provider": {
          "name": "auth_provider",
          "type": "text(50)",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "'local'"
        },
        "oidc_subject": {
          "name": "oidc_subject",
          "type": "text(255)",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "is_active": {
          "name": "is_active",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": true
        },
        "last_login_at": {
          "name": "last_login_at",
          "type": "integer",
          "primaryKey": false,
          "notNull": false,
          "autoincrement": false
        },
        "created_at": {
          "name": "created_at",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "CURRENT_TIMESTAMP"
        },
        "updated_at": {
          "name": "updated_at",
          "type": "integer",
          "primaryKey": false,
          "notNull": true,
          "autoincrement": false,
          "default": "CURRENT_TIMESTAMP"
        }
      },
      "indexes": {
        "users_username_unique": {
          "name": "users_username_unique",
          "columns": [
            "username"
          ],
          "isUnique": true
        }
      },
      "foreignKeys": {},
      "compositePrimaryKeys": {},
      "uniqueConstraints": {},
      "checkConstraints": {}
    }
  },
  "views": {},
  "enums": {},
  "_meta": {
    "schemas": {},
    "tables": {},
    "columns": {}
  },
  "internal": {
    "indexes": {}
  }
 }
@@ -22,62 +22,6 @@
      "when": 1768736677092,
      "tag": "0002_add_last_stock_correction_at",
      "breakpoints": true
    },
    {
      "idx": 3,
      "version": "6",
      "when": 1769354512857,
      "tag": "0003_add_reminder_info_columns",
      "breakpoints": true
    },
    {
      "idx": 4,
      "version": "6",
      "when": 1769886564000,
      "tag": "0004_add_package_type",
      "breakpoints": true
    },
    {
      "idx": 5,
      "version": "6",
      "when": 1769893708813,
      "tag": "0005_add_intakes_json",
      "breakpoints": true
    },
    {
      "idx": 6,
      "version": "6",
      "when": 1770626907896,
      "tag": "0006_add_stock_reminder_tracking",
      "breakpoints": true
    },
    {
      "idx": 7,
      "version": "6",
      "when": 1770659669121,
      "tag": "0007_add_share_stock_status",
      "breakpoints": true
    },
    {
      "idx": 8,
      "version": "6",
      "when": 1771160400000,
      "tag": "0008_add_obsolete_medications",
      "breakpoints": true
    },
    {
      "idx": 9,
      "version": "6",
      "when": 1771164000000,
      "tag": "0009_add_medication_start_date",
      "breakpoints": true
    },
    {
      "idx": 10,
      "version": "6",
      "when": 1771694832866,
      "tag": "0010_mean_spot",
      "breakpoints": true
    }
  ]
 }
@@ -1,6 +1,6 @@
 {
  "name": "medassist-ng-backend",
-  "version": "1.15.0",
+  "version": "1.4.1",
  "private": true,
  "type": "module",
  "scripts": {
@@ -10,38 +10,33 @@
    "migrate": "tsx src/db/migrate.ts",
    "test": "vitest",
    "test:run": "vitest run",
-    "test:coverage": "vitest run --coverage",
+    "test:coverage": "vitest run --coverage"
    "lint": "npx biome check .",
    "lint:fix": "npx biome check --write .",
    "format": "npx biome format --write .",
    "check": "npx biome check . && tsc --noEmit"
  },
  "dependencies": {
-    "@fastify/cookie": "^11.0.2",
+    "@fastify/cookie": "^10.0.1",
-    "@fastify/cors": "^11.2.0",
+    "@fastify/cors": "^10.0.1",
    "@fastify/helmet": "^13.0.2",
    "@fastify/jwt": "^10.0.0",
-    "@fastify/multipart": "^9.4.0",
+    "@fastify/multipart": "^9.3.0",
    "@fastify/rate-limit": "^10.3.0",
    "@fastify/sensible": "^6.0.4",
-    "@fastify/static": "^9.0.0",
+    "@fastify/static": "^8.3.0",
-    "@libsql/client": "^0.17.0",
+    "@libsql/client": "^0.10.0",
-    "argon2": "^0.44.0",
+    "argon2": "^0.40.0",
-    "dotenv": "^17.3.1",
+    "dotenv": "^16.4.5",
    "drizzle-orm": "^0.45.1",
-    "fastify": "^5.7.4",
+    "fastify": "^5.0.0",
-    "nodemailer": "^8.0.1",
+    "nodemailer": "^7.0.11",
-    "openid-client": "^6.8.2",
+    "openid-client": "^6.8.1",
    "zod": "^3.23.8"
  },
  "devDependencies": {
-    "@biomejs/biome": "^2.4.1",
+    "@types/node": "^22.7.4",
-    "@types/node": "^25.2.3",
+    "@types/nodemailer": "^6.4.21",
    "@types/nodemailer": "^7.0.10",
    "@types/supertest": "^6.0.2",
-    "@vitest/coverage-v8": "^4.0.18",
+    "@vitest/coverage-v8": "^4.0.16",
-    "drizzle-kit": "^0.31.9",
+    "drizzle-kit": "^0.31.8",
-    "supertest": "^7.2.2",
+    "supertest": "^7.0.0",
    "tsx": "^4.19.0",
    "typescript": "^5.5.4",
    "vitest": "^4.0.16"
@@ -1,35 +1,144 @@
-import { existsSync, statSync } from "node:fs";
+import { createClient, Client } from "@libsql/client";
 import { type Client, createClient } from "@libsql/client";
 import dotenv from "dotenv";
 import { drizzle } from "drizzle-orm/libsql";
-import { log } from "../utils/logger.js";
+import { migrate } from "drizzle-orm/libsql/migrator";
-// Import utilities from db-utils (side-effect-free)
+import { existsSync, mkdirSync, accessSync, constants, statSync, writeFileSync } from "fs";
-import {
+import { resolve, dirname } from "path";
-	ensureDataDirectory,
+import { fileURLToPath } from "url";
-	ensureDefaultUser,
+import dotenv from "dotenv";
 	getDbPaths,
 	repairOrphanedDoseIds,
 	repairTrailingHyphenDoseIds,
 	runAlterMigrations,
 	runDrizzleMigrations,
 } from "./db-utils.js";
-// Re-export all utilities so existing imports from client.ts keep working
+dotenv.config({ path: process.env.DOTENV_PATH || ".env" });
 export {
 	buildDbUrl,
 	ensureDataDirectory,
 	ensureDefaultUser,
 	getDataDir,
 	getDbPaths,
 	repairOrphanedDoseIds,
 	repairTrailingHyphenDoseIds,
 	runAlterMigrations,
 	runDrizzleMigrations,
 } from "./db-utils.js";
-// Load .env: try cwd first, then parent dir (for local dev running from backend/)
+// Get migrations folder path (relative to this file's location)
-const envPath = process.env.DOTENV_PATH || (existsSync(".env") ? ".env" : "../.env");
+const __filename = fileURLToPath(import.meta.url);
-dotenv.config({ path: envPath });
+const __dirname = dirname(__filename);
 const migrationsFolder = resolve(__dirname, "../../drizzle");
 // =============================================================================
 // Exported utility functions for testing
 // =============================================================================
 /** Build the database URL from a path */
 export function buildDbUrl(dbPath: string): string {
  return `file:${dbPath}`;
 }
 /** Get data directory and database path */
 export function getDbPaths(cwd: string = process.cwd()): { dataDir: string; dbPath: string; url: string } {
  const dataDir = resolve(cwd, "data");
  const dbPath = resolve(dataDir, "medassist-ng.db");
  const url = buildDbUrl(dbPath);
  return { dataDir, dbPath, url };
 }
 /** Ensure data directory exists and is writable */
 export function ensureDataDirectory(dataDir: string): { success: boolean; error?: string } {
  try {
    if (!existsSync(dataDir)) {
      mkdirSync(dataDir, { recursive: true });
    }
    // Check if directory is writable
    accessSync(dataDir, constants.W_OK);
    // Try to create a test file to verify write access
    const testFile = resolve(dataDir, ".write-test");
    writeFileSync(testFile, "test");
    return { success: true };
  } catch (err: any) {
    return { success: false, error: err.message };
  }
 }
 /** Run drizzle-kit migrations on the database */
 export async function runDrizzleMigrations(database: ReturnType<typeof drizzle>): Promise<{ success: boolean; error?: string }> {
  try {
    await migrate(database, { migrationsFolder });
    return { success: true };
  } catch (err: any) {
    return { success: false, error: err.message };
  }
 }
 /** Run ALTER TABLE migrations for backward compatibility with older databases */
 export async function runAlterMigrations(client: Client): Promise<{ success: boolean; errors: string[] }> {
  const errors: string[] = [];
  // These add new columns to existing tables (silently fail if column already exists)
  const alterMigrations = [
    // Added in v1.x - repeat reminders and nagging settings
    `ALTER TABLE user_settings ADD COLUMN skip_reminders_for_taken_doses integer NOT NULL DEFAULT 0`,
    `ALTER TABLE user_settings ADD COLUMN repeat_reminders_enabled integer NOT NULL DEFAULT 0`,
    `ALTER TABLE user_settings ADD COLUMN reminder_repeat_interval_minutes integer NOT NULL DEFAULT 30`,
    `ALTER TABLE user_settings ADD COLUMN max_nagging_reminders integer NOT NULL DEFAULT 5`,
    // Added in v1.2.3 - dismiss missed doses without deducting stock
    `ALTER TABLE dose_tracking ADD COLUMN dismissed integer NOT NULL DEFAULT 0`,
    // Added in v1.3.x - stock calculation mode (automatic/manual)
    `ALTER TABLE user_settings ADD COLUMN stock_calculation_mode text NOT NULL DEFAULT 'automatic'`,
    // Added for stock correction - hidden offset that doesn't affect looseTablets
    `ALTER TABLE medications ADD COLUMN stock_adjustment integer NOT NULL DEFAULT 0`,
    // Added for stock correction - timestamp to ignore consumed doses before correction
    `ALTER TABLE medications ADD COLUMN last_stock_correction_at integer`,
  ];
  for (const sql of alterMigrations) {
    try {
      await client.execute(sql);
    } catch (e: any) {
      // Silently ignore "duplicate column" errors - column already exists
      if (!e.message?.includes("duplicate column")) {
        errors.push(e.message);
      }
    }
  }
  // Create tables that might be missing (silently fail if already exists)
  const createTableMigrations = [
    // Added in v1.3.x - refill history tracking
    `CREATE TABLE IF NOT EXISTS refill_history (
      id INTEGER PRIMARY KEY AUTOINCREMENT,
      medication_id INTEGER NOT NULL REFERENCES medications(id) ON DELETE CASCADE,
      user_id INTEGER NOT NULL REFERENCES users(id) ON DELETE CASCADE,
      packs_added INTEGER NOT NULL DEFAULT 0,
      loose_pills_added INTEGER NOT NULL DEFAULT 0,
      refill_date INTEGER NOT NULL DEFAULT (strftime('%s','now'))
    )`,
  ];
  for (const sql of createTableMigrations) {
    try {
      await client.execute(sql);
    } catch (e: any) {
      // Silently ignore "table already exists" errors
      if (!e.message?.includes("already exists")) {
        errors.push(e.message);
      }
    }
  }
  return { success: errors.length === 0, errors };
 }
 /** Ensure default user exists for auth-disabled mode */
 export async function ensureDefaultUser(client: Client, authEnabled: boolean): Promise<boolean> {
  if (authEnabled) {
    return false; // No default user needed
  }
  try {
    const result = await client.execute("SELECT id FROM users WHERE id = 1");
    if (result.rows.length === 0) {
      await client.execute(
        "INSERT INTO users (id, username, auth_provider) VALUES (1, 'default', 'local')"
      );
      return true; // Created
    }
    return false; // Already exists
  } catch (e: any) {
    console.error(`[DB] Error creating default user:`, e.message);
    return false;
  }
 }
 // =============================================================================
 // Database initialization (runs on import)
@@ -38,83 +147,63 @@ dotenv.config({ path: envPath });
 // Use absolute path to ensure it works in Docker
 const { dataDir, dbPath, url } = getDbPaths();
-log.debug(`[DB] Data directory: ${dataDir}`);
+console.log(`[DB] Data directory: ${dataDir}`);
-log.debug(`[DB] Database path: ${dbPath}`);
+console.log(`[DB] Database path: ${dbPath}`);
-log.debug(`[DB] Database URL: ${url}`);
+console.log(`[DB] Database URL: ${url}`);
 // Ensure data directory exists and is writable
 const dirResult = ensureDataDirectory(dataDir);
 if (!dirResult.success) {
-	log.error(`[DB] ERROR: Cannot access data directory: ${dirResult.error}`);
+  console.error(`[DB] ERROR: Cannot access data directory: ${dirResult.error}`);
-	log.error(`[DB] Please ensure the volume mount has correct permissions.`);
+  console.error(`[DB] Please ensure the volume mount has correct permissions.`);
-	log.error(`[DB] Try running on host: sudo chown -R 1000:1000 ${dataDir}`);
+  console.error(`[DB] Try running on host: sudo chown -R 1000:1000 ${dataDir}`);
-	process.exit(1);
+  process.exit(1);
 } else {
-	log.debug(`[DB] Data directory is writable`);
+  console.log(`[DB] Data directory is writable`);
-
+  
-	// Log directory stats
+  // Log directory stats
-	const stats = statSync(dataDir);
+  const stats = statSync(dataDir);
-	log.debug(`[DB] Directory permissions: ${stats.mode.toString(8)}`);
+  console.log(`[DB] Directory permissions: ${stats.mode.toString(8)}`);
-	log.debug(`[DB] Directory UID: ${stats.uid}, GID: ${stats.gid}`);
+  console.log(`[DB] Directory UID: ${stats.uid}, GID: ${stats.gid}`);
-	log.debug(`[DB] Write test successful`);
+  console.log(`[DB] Write test successful`);
 }
 let client: Client;
 try {
-	client = createClient({ url });
+  client = createClient({ url });
-	log.debug(`[DB] Database client created successfully`);
+  console.log(`[DB] Database client created successfully`);
-} catch (err: unknown) {
+} catch (err: any) {
-	log.error(`[DB] ERROR: Failed to create database client: ${(err as Error).message}`);
+  console.error(`[DB] ERROR: Failed to create database client: ${err.message}`);
-	log.error(`[DB] Database path: ${dbPath}`);
+  console.error(`[DB] Database path: ${dbPath}`);
-	process.exit(1);
+  process.exit(1);
 }
 export const db = drizzle(client);
 // Auto-run migrations (self-healing database)
 async function runMigrations() {
-	// Run drizzle-kit generated migrations
+  // Run drizzle-kit generated migrations
-	log.info(`[DB] Running migrations...`);
+  console.log(`[DB] Running drizzle migrations from: ${migrationsFolder}`);
-	const migrateResult = await runDrizzleMigrations(db);
+  const migrateResult = await runDrizzleMigrations(db);
-	if (!migrateResult.success) {
+  if (!migrateResult.success) {
-		log.error(`[DB] Migration error: ${migrateResult.error}`);
+    console.error(`[DB] Migration error:`, migrateResult.error);
-	} else if (migrateResult.warning) {
+  } else {
-		log.warn(`[DB] Migration warning: ${migrateResult.warning}`);
+    console.log(`[DB] Drizzle migrations completed`);
-	} else {
+  }
 		log.debug(`[DB] Drizzle migrations completed`);
 	}
-	// Run ALTER TABLE migrations for backward compatibility
+  // Run ALTER TABLE migrations for backward compatibility
-	const alterResult = await runAlterMigrations(client);
+  const alterResult = await runAlterMigrations(client);
-	if (alterResult.errors.length > 0) {
+  if (alterResult.errors.length > 0) {
-		alterResult.errors.forEach((err) => log.error(`[DB] ALTER migration error: ${err}`));
+    alterResult.errors.forEach(err => console.error(`[DB] ALTER migration error:`, err));
-	}
+  }
-	log.debug(`[DB] Tables verified/created`);
+  console.log(`[DB] Tables verified/created`);
-	// Repair dose IDs with trailing hyphens (from frontend takenBy bug)
+  // If auth is disabled, ensure a default user exists (ID=1)
-	const trailingResult = await repairTrailingHyphenDoseIds(client);
+  const authEnabled = process.env.AUTH_ENABLED === "true";
-	if (trailingResult.repaired > 0) {
+  const created = await ensureDefaultUser(client, authEnabled);
-		log.info(`[DB] Repaired ${trailingResult.repaired} dose IDs with trailing hyphens`);
+  if (created) {
-	}
+    console.log(`[DB] Created default user for auth-disabled mode`);
-	if (trailingResult.errors.length > 0) {
+  }
 		trailingResult.errors.forEach((err) => log.error(`[DB] Trailing-hyphen repair error: ${err}`));
 	}
 	// Repair orphaned dose tracking IDs from past schedule changes
 	const repairResult = await repairOrphanedDoseIds(client);
 	if (repairResult.repaired > 0) {
 		log.info(`[DB] Repaired ${repairResult.repaired} orphaned dose tracking IDs`);
 	}
 	if (repairResult.errors.length > 0) {
 		repairResult.errors.forEach((err) => log.error(`[DB] Dose repair error: ${err}`));
 	}
 	// If auth is disabled, ensure a default user exists (ID=1)
 	const authEnabled = process.env.AUTH_ENABLED === "true";
 	const created = await ensureDefaultUser(client, authEnabled);
 	if (created) {
 		log.info(`[DB] Created default user for auth-disabled mode`);
 	}
 }
 // Export promise so server can await it before starting
@@ -1,399 +0,0 @@
 /**
 * Pure utility functions for database operations.
 * Separated from client.ts to allow importing without triggering
 * top-level database initialization side effects.
 */
 import { accessSync, constants, existsSync, mkdirSync, writeFileSync } from "node:fs";
 import { dirname, resolve } from "node:path";
 import { fileURLToPath } from "node:url";
 import type { Client } from "@libsql/client";
 import type { drizzle } from "drizzle-orm/libsql";
 import { migrate } from "drizzle-orm/libsql/migrator";
 import { parseIntakesJson, parseLocalDateTime } from "../utils/scheduler-utils.js";
 // Get migrations folder path (relative to this file's location)
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = dirname(__filename);
 const migrationsFolder = resolve(__dirname, "../../drizzle");
 // =============================================================================
 // Path & Directory utilities
 // =============================================================================
 /**
 * Get the data directory path.
 *
 * Resolution order:
 * 1. DATA_DIR env var (set by docker-compose for containers)
 * 2. Monorepo detection: if ../docker-compose.yml exists, we're in backend/
 *    subdirectory → use ../data (project root's data folder)
 * 3. Fallback: resolve(cwd, "data") (running from project root or standalone)
 */
 export function getDataDir(cwd: string = process.cwd()): string {
 	// Docker containers set DATA_DIR explicitly
 	if (process.env.DATA_DIR) return resolve(process.env.DATA_DIR);
 	// Local dev: detect if we're in backend/ subdirectory of the monorepo
 	if (existsSync(resolve(cwd, "..", "docker-compose.yml"))) {
 		return resolve(cwd, "..", "data");
 	}
 	// Default: data/ relative to cwd (running from project root)
 	return resolve(cwd, "data");
 }
 /** Build the database URL from a path */
 export function buildDbUrl(dbPath: string): string {
 	return `file:${dbPath}`;
 }
 /** Get data directory and database path */
 export function getDbPaths(cwd: string = process.cwd()): { dataDir: string; dbPath: string; url: string } {
 	const dataDir = getDataDir(cwd);
 	const dbPath = resolve(dataDir, "medassist-ng.db");
 	const url = buildDbUrl(dbPath);
 	return { dataDir, dbPath, url };
 }
 /** Ensure data directory exists and is writable */
 export function ensureDataDirectory(dataDir: string): { success: boolean; error?: string } {
 	try {
 		if (!existsSync(dataDir)) {
 			mkdirSync(dataDir, { recursive: true });
 		}
 		// Check if directory is writable
 		accessSync(dataDir, constants.W_OK);
 		// Try to create a test file to verify write access
 		const testFile = resolve(dataDir, ".write-test");
 		writeFileSync(testFile, "test");
 		return { success: true };
 	} catch (err: unknown) {
 		return { success: false, error: (err as Error).message };
 	}
 }
 // =============================================================================
 // Migration utilities
 // =============================================================================
 /** Run drizzle-kit migrations on the database */
 export async function runDrizzleMigrations(
 	database: ReturnType<typeof drizzle>
 ): Promise<{ success: boolean; error?: string; warning?: string }> {
 	try {
 		await migrate(database, { migrationsFolder });
 		return { success: true };
 	} catch (err: unknown) {
 		// If the error is about existing schema objects, the DB is already up-to-date
 		// This happens when ALTER migrations in client.ts have already added the columns,
 		// or when tables were created before drizzle migrations were introduced
 		if ((err as Error).message?.includes("duplicate column") || (err as Error).message?.includes("already exists")) {
 			return { success: true, warning: `Schema already up-to-date: ${(err as Error).message}` };
 		}
 		return { success: false, error: (err as Error).message };
 	}
 }
 /** Run ALTER TABLE migrations for backward compatibility with older databases */
 export async function runAlterMigrations(client: Client): Promise<{ success: boolean; errors: string[] }> {
 	const errors: string[] = [];
 	// These add new columns to existing tables (silently fail if column already exists)
 	const alterMigrations = [
 		// Added in v1.x - repeat reminders and nagging settings
 		`ALTER TABLE user_settings ADD COLUMN skip_reminders_for_taken_doses integer NOT NULL DEFAULT 0`,
 		`ALTER TABLE user_settings ADD COLUMN repeat_reminders_enabled integer NOT NULL DEFAULT 0`,
 		`ALTER TABLE user_settings ADD COLUMN reminder_repeat_interval_minutes integer NOT NULL DEFAULT 30`,
 		`ALTER TABLE user_settings ADD COLUMN max_nagging_reminders integer NOT NULL DEFAULT 5`,
 		// Added in v1.2.3 - dismiss missed doses without deducting stock
 		`ALTER TABLE dose_tracking ADD COLUMN dismissed integer NOT NULL DEFAULT 0`,
 		// Added for intake automation auditability (manual vs automatic taken)
 		`ALTER TABLE dose_tracking ADD COLUMN taken_source text NOT NULL DEFAULT 'manual'`,
 		// Added in v1.3.x - stock calculation mode (automatic/manual)
 		`ALTER TABLE user_settings ADD COLUMN stock_calculation_mode text NOT NULL DEFAULT 'automatic'`,
 		// Added for stock correction - hidden offset that doesn't affect looseTablets
 		`ALTER TABLE medications ADD COLUMN stock_adjustment integer NOT NULL DEFAULT 0`,
 		// Added for stock correction - timestamp to ignore consumed doses before correction
 		`ALTER TABLE medications ADD COLUMN last_stock_correction_at integer`,
 		// Added in v1.5.1 - dismiss past doses until date (robust against timestamp changes)
 		`ALTER TABLE medications ADD COLUMN dismissed_until text`,
 		// Added for soft-archiving medications (without deleting history)
 		`ALTER TABLE medications ADD COLUMN is_obsolete integer NOT NULL DEFAULT 0`,
 		`ALTER TABLE medications ADD COLUMN obsolete_at integer`,
 		// Added for explicit medication lifecycle start date
 		`ALTER TABLE medications ADD COLUMN medication_start_date text NOT NULL DEFAULT ''`,
 		// Added for more detailed reminder info display
 		`ALTER TABLE user_settings ADD COLUMN last_reminder_med_name text`,
 		`ALTER TABLE user_settings ADD COLUMN last_reminder_taken_by text`,
 		// Added for package type support (blister vs bottle)
 		`ALTER TABLE medications ADD COLUMN package_type text NOT NULL DEFAULT 'blister'`,
 		`ALTER TABLE medications ADD COLUMN total_pills integer`,
 		// Added for dose unit selection (mg, g, mcg, ml, IU, etc.)
 		`ALTER TABLE medications ADD COLUMN dose_unit text DEFAULT 'mg'`,
 		// Added for intake-level takenBy: unified intakes structure
 		`ALTER TABLE medications ADD COLUMN intakes_json text NOT NULL DEFAULT '[]'`,
 		// Added for separate stock reminder tracking
 		`ALTER TABLE user_settings ADD COLUMN last_stock_reminder_sent text`,
 		`ALTER TABLE user_settings ADD COLUMN last_stock_reminder_channel text`,
 		`ALTER TABLE user_settings ADD COLUMN last_stock_reminder_med_names text`,
 		// Added for share stock visibility toggle
 		`ALTER TABLE user_settings ADD COLUMN share_stock_status integer NOT NULL DEFAULT 1`,
 		// Added for timeline visibility toggles (dashboard + shared schedule)
 		`ALTER TABLE user_settings ADD COLUMN upcoming_today_only integer NOT NULL DEFAULT 0`,
 		`ALTER TABLE user_settings ADD COLUMN share_schedule_today_only integer NOT NULL DEFAULT 0`,
 		`ALTER TABLE user_settings ADD COLUMN swap_dashboard_main_sections integer NOT NULL DEFAULT 0`,
 		// Added for prescription refill tracking and reminders
 		`ALTER TABLE medications ADD COLUMN prescription_enabled integer NOT NULL DEFAULT 0`,
 		`ALTER TABLE medications ADD COLUMN prescription_authorized_refills integer`,
 		`ALTER TABLE medications ADD COLUMN prescription_remaining_refills integer`,
 		`ALTER TABLE medications ADD COLUMN prescription_low_refill_threshold integer NOT NULL DEFAULT 1`,
 		`ALTER TABLE medications ADD COLUMN prescription_expiry_date text`,
 		`ALTER TABLE user_settings ADD COLUMN email_prescription_reminders integer NOT NULL DEFAULT 1`,
 		`ALTER TABLE user_settings ADD COLUMN shoutrrr_prescription_reminders integer NOT NULL DEFAULT 1`,
 		`ALTER TABLE user_settings ADD COLUMN last_prescription_reminder_sent text`,
 		`ALTER TABLE user_settings ADD COLUMN last_prescription_reminder_channel text`,
 		`ALTER TABLE user_settings ADD COLUMN last_prescription_reminder_med_names text`,
 		// Added for refill history prescription tracking
 		`ALTER TABLE refill_history ADD COLUMN used_prescription integer NOT NULL DEFAULT 0`,
 	];
 	for (const sql of alterMigrations) {
 		try {
 			await client.execute(sql);
 		} catch (e: unknown) {
 			// Silently ignore "duplicate column" errors - column already exists
 			if (!(e as Error).message?.includes("duplicate column")) {
 				errors.push((e as Error).message);
 			}
 		}
 	}
 	// Create tables that might be missing (silently fail if already exists)
 	const createTableMigrations = [
 		// Added in v1.3.x - refill history tracking
 		`CREATE TABLE IF NOT EXISTS refill_history (
      id INTEGER PRIMARY KEY AUTOINCREMENT,
      medication_id INTEGER NOT NULL REFERENCES medications(id) ON DELETE CASCADE,
      user_id INTEGER NOT NULL REFERENCES users(id) ON DELETE CASCADE,
      packs_added INTEGER NOT NULL DEFAULT 0,
      loose_pills_added INTEGER NOT NULL DEFAULT 0,
      refill_date INTEGER NOT NULL DEFAULT (strftime('%s','now'))
    )`,
 	];
 	for (const sql of createTableMigrations) {
 		try {
 			await client.execute(sql);
 		} catch (e: unknown) {
 			// Silently ignore "table already exists" errors
 			if (!(e as Error).message?.includes("already exists")) {
 				errors.push((e as Error).message);
 			}
 		}
 	}
 	// Create indexes that might be missing (silently fail if already exists)
 	const createIndexMigrations = [
 		// Added in v1.6.x - case-insensitive unique usernames
 		`CREATE UNIQUE INDEX IF NOT EXISTS users_username_lower_unique ON users(lower(username))`,
 	];
 	for (const sql of createIndexMigrations) {
 		try {
 			await client.execute(sql);
 		} catch (e: unknown) {
 			// Silently ignore "already exists" errors
 			if (!(e as Error).message?.includes("already exists")) {
 				errors.push((e as Error).message);
 			}
 		}
 	}
 	return { success: errors.length === 0, errors };
 }
 // =============================================================================
 // User utilities
 // =============================================================================
 /** Ensure default user exists for auth-disabled mode */
 export async function ensureDefaultUser(client: Client, authEnabled: boolean): Promise<boolean> {
 	if (authEnabled) {
 		return false; // No default user needed
 	}
 	try {
 		const result = await client.execute("SELECT id FROM users WHERE id = 1");
 		if (result.rows.length === 0) {
 			await client.execute("INSERT INTO users (id, username, auth_provider) VALUES (1, 'default', 'local')");
 			return true; // Created
 		}
 		return false; // Already exists
 	} catch (e: unknown) {
 		console.error(`[DB] Error creating default user:`, (e as Error).message);
 		return false;
 	}
 }
 // =============================================================================
 // Startup repair: fix orphaned dose tracking IDs from past schedule changes
 // =============================================================================
 const MS_PER_DAY = 86_400_000;
 /**
 * Repair dose IDs that have a trailing hyphen caused by a frontend bug where
 * `[].toString()` produced an empty string, resulting in IDs like "5-0-1729123200000-"
 * instead of "5-0-1729123200000". This strips trailing hyphens from all dose IDs.
 *
 * This function is idempotent - safe to run on every startup.
 */
 export async function repairTrailingHyphenDoseIds(client: Client): Promise<{ repaired: number; errors: string[] }> {
 	const errors: string[] = [];
 	let repaired = 0;
 	try {
 		const result = await client.execute(
 			"UPDATE dose_tracking SET dose_id = RTRIM(dose_id, '-') WHERE dose_id LIKE '%-'"
 		);
 		repaired = result.rowsAffected;
 	} catch (e: unknown) {
 		errors.push(`Trailing-hyphen repair failed: ${(e as Error).message}`);
 	}
 	return { repaired, errors };
 }
 /**
 * Repair orphaned dose tracking IDs that no longer match the current intake schedule.
 * This fixes dose IDs that became invalid when a medication's schedule was changed
 * BEFORE the on-edit migration (PR #103) was introduced.
 *
 * For each medication, generates all valid schedule dateOnlyMs values from each intake's
 * start date up to today, then checks all dose_tracking entries. Any dose whose timestamp
 * doesn't match a valid schedule date is remapped to the nearest valid date.
 *
 * This function is idempotent - safe to run on every startup.
 */
 export async function repairOrphanedDoseIds(client: Client): Promise<{ repaired: number; errors: string[] }> {
 	const errors: string[] = [];
 	let repaired = 0;
 	try {
 		// Get all medications
 		const medsResult = await client.execute(
 			"SELECT id, intakes_json, usage_json, every_json, start_json, intake_reminders_enabled FROM medications"
 		);
 		if (medsResult.rows.length === 0) return { repaired, errors };
 		// Get all dose tracking entries
 		const dosesResult = await client.execute("SELECT id, dose_id FROM dose_tracking");
 		if (dosesResult.rows.length === 0) return { repaired, errors };
 		// Build a map of medId → dose entries for quick lookup
 		const dosesByMed = new Map<number, Array<{ id: number; doseId: string }>>();
 		for (const row of dosesResult.rows) {
 			const doseId = row.dose_id as string;
 			const parts = doseId.split("-");
 			if (parts.length < 3) continue;
 			const medId = parseInt(parts[0], 10);
 			if (Number.isNaN(medId)) continue;
 			if (!dosesByMed.has(medId)) dosesByMed.set(medId, []);
 			dosesByMed.get(medId)!.push({ id: row.id as number, doseId });
 		}
 		const now = new Date();
 		const today = new Date(now.getFullYear(), now.getMonth(), now.getDate());
 		for (const med of medsResult.rows) {
 			const medId = med.id as number;
 			const medDoses = dosesByMed.get(medId);
 			if (!medDoses || medDoses.length === 0) continue;
 			// Parse intakes
 			const intakes = parseIntakesJson(
 				med.intakes_json as string | null,
 				{
 					usageJson: (med.usage_json as string) || "[]",
 					everyJson: (med.every_json as string) || "[]",
 					startJson: (med.start_json as string) || "[]",
 				},
 				(med.intake_reminders_enabled as number) === 1
 			);
 			if (intakes.length === 0) continue;
 			// For each intake index, build the set of valid dateOnlyMs values
 			const validDatesByIntake = new Map<number, Set<number>>();
 			for (let idx = 0; idx < intakes.length; idx++) {
 				const intake = intakes[idx];
 				const start = parseLocalDateTime(intake.start);
 				const every = intake.every;
 				if (every <= 0 || Number.isNaN(start.getTime())) continue;
 				const validDates = new Set<number>();
 				for (let d = new Date(start); d <= today; d.setDate(d.getDate() + every)) {
 					validDates.add(new Date(d.getFullYear(), d.getMonth(), d.getDate()).getTime());
 				}
 				validDatesByIntake.set(idx, validDates);
 			}
 			// Check each dose entry
 			for (const dose of medDoses) {
 				const parts = dose.doseId.split("-");
 				if (parts.length < 3) continue;
 				const intakeIdx = parseInt(parts[1], 10);
 				const dateOnlyMs = parseInt(parts[2], 10);
 				if (Number.isNaN(intakeIdx) || Number.isNaN(dateOnlyMs)) continue;
 				const validDates = validDatesByIntake.get(intakeIdx);
 				if (!validDates) continue; // Unknown intake index - skip
 				// Check if this dose's timestamp is valid
 				if (validDates.has(dateOnlyMs)) continue; // Already valid - nothing to do
 				// Orphaned dose - find the nearest valid schedule date
 				const intake = intakes[intakeIdx];
 				if (!intake) continue;
 				const halfInterval = (intake.every * MS_PER_DAY) / 2;
 				let bestMatch: number | null = null;
 				let bestDist = Infinity;
 				for (const validDate of validDates) {
 					const dist = Math.abs(validDate - dateOnlyMs);
 					if (dist < bestDist && dist <= halfInterval) {
 						bestDist = dist;
 						bestMatch = validDate;
 					}
 				}
 				if (bestMatch !== null) {
 					// Rebuild dose ID with new timestamp, preserving person suffix
 					const personSuffix = parts.length > 3 ? `-${parts.slice(3).join("-")}` : "";
 					const newDoseId = `${medId}-${intakeIdx}-${bestMatch}${personSuffix}`;
 					try {
 						await client.execute({
 							sql: "UPDATE dose_tracking SET dose_id = ? WHERE id = ?",
 							args: [newDoseId, dose.id],
 						});
 						repaired++;
 					} catch (e: unknown) {
 						errors.push(`Failed to repair dose ${dose.id}: ${(e as Error).message}`);
 					}
 				}
 			}
 		}
 	} catch (e: unknown) {
 		errors.push(`Repair failed: ${(e as Error).message}`);
 	}
 	return { repaired, errors };
 }
@@ -1,14 +1,11 @@
-import { existsSync } from "node:fs";
+import { createClient, Client } from "@libsql/client";
 import { dirname, resolve } from "node:path";
 import { fileURLToPath } from "node:url";
 import { type Client, createClient } from "@libsql/client";
 import dotenv from "dotenv";
 import { drizzle } from "drizzle-orm/libsql";
 import { migrate } from "drizzle-orm/libsql/migrator";
 import dotenv from "dotenv";
 import { resolve, dirname } from "path";
 import { fileURLToPath } from "url";
-// Load .env: try cwd first, then parent dir (for local dev running from backend/)
+dotenv.config({ path: process.env.DOTENV_PATH || ".env" });
 const envPath = process.env.DOTENV_PATH || (existsSync(".env") ? ".env" : "../.env");
 dotenv.config({ path: envPath });
 // Get migrations folder path (relative to this file's location)
 const __filename = fileURLToPath(import.meta.url);
@@ -21,39 +18,37 @@ const migrationsFolder = resolve(__dirname, "../../drizzle");
 /** Split SQL string into individual statements (for backwards compatibility with tests) */
 export function splitSQLStatements(sql: string): string[] {
-	return sql.split(";").filter((s) => s.trim().length > 0);
+  return sql.split(';').filter(s => s.trim().length > 0);
 }
 /** Execute drizzle migrations on a database */
-export async function executeMigration(
+export async function executeMigration(client: Client): Promise<{ success: boolean; executed: number; errors: string[] }> {
-	client: Client
+  const errors: string[] = [];
-): Promise<{ success: boolean; executed: number; errors: string[] }> {
+  const db = drizzle(client);
 	const errors: string[] = [];
 	const db = drizzle(client);
-	try {
+  try {
-		await migrate(db, { migrationsFolder });
+    await migrate(db, { migrationsFolder });
-
+    
-		// Count tables as a proxy for "executed" statements
+    // Count tables as a proxy for "executed" statements
-		const tables = await client.execute(
+    const tables = await client.execute(
-			"SELECT COUNT(*) as count FROM sqlite_master WHERE type='table' AND name NOT LIKE 'sqlite_%' AND name NOT LIKE '__drizzle%'"
+      "SELECT COUNT(*) as count FROM sqlite_master WHERE type='table' AND name NOT LIKE 'sqlite_%' AND name NOT LIKE '__drizzle%'"
-		);
+    );
-		const executed = Number(tables.rows[0].count) || 0;
+    const executed = Number(tables.rows[0].count) || 0;
-
+    
-		return { success: true, executed, errors };
+    return { success: true, executed, errors };
-	} catch (err: unknown) {
+  } catch (err: any) {
-		errors.push((err as Error).message);
+    errors.push(err.message);
-		return { success: false, executed: 0, errors };
+    return { success: false, executed: 0, errors };
-	}
+  }
 }
 /** Get a preview of statement (first N characters) */
 export function getStatementPreview(stmt: string, maxLength: number = 50): string {
-	const trimmed = stmt.trim();
+  const trimmed = stmt.trim();
-	if (trimmed.length <= maxLength) {
+  if (trimmed.length <= maxLength) {
-		return trimmed;
+    return trimmed;
-	}
+  }
-	return `${trimmed.substring(0, maxLength)}...`;
+  return trimmed.substring(0, maxLength) + "...";
 }
 // =============================================================================
@@ -63,25 +58,25 @@ export function getStatementPreview(stmt: string, maxLength: number = 50): strin
 const url = "file:./data/medassist-ng.db";
 async function main() {
-	console.log("[DB] Starting database setup...");
+  console.log("Starting database setup...");
-	console.log("[DB] Database URL:", url);
+  console.log("Database URL:", url);
-	console.log("[DB] Migrations folder:", migrationsFolder);
+  console.log("Migrations folder:", migrationsFolder);
  const client = createClient({ url });
  const db = drizzle(client);
  console.log("Running drizzle migrations...");
  await migrate(db, { migrationsFolder });
-	const client = createClient({ url });
+  console.log("Database setup complete!");
-	const db = drizzle(client);
+  process.exit(0);
 	console.log("[DB] Running drizzle migrations...");
 	await migrate(db, { migrationsFolder });
 	console.log("[DB] Database setup complete!");
 	process.exit(0);
 }
 // Only run main() if this file is executed directly (not imported)
 const isMainModule = import.meta.url === `file://${process.argv[1]}`;
 if (isMainModule) {
-	main().catch((err) => {
+  main().catch((err) => {
-		console.error("Migration failed:", err);
+    console.error("Migration failed:", err);
-		process.exit(1);
+    process.exit(1);
-	});
+  });
 }
@@ -8,8 +8,8 @@
 * Each statement creates a table if it doesn't exist.
 */
 export function getTableCreationSQL(): string[] {
-	return [
+  return [
-		`CREATE TABLE IF NOT EXISTS users (
+    `CREATE TABLE IF NOT EXISTS users (
      id integer PRIMARY KEY AUTOINCREMENT,
      username text NOT NULL UNIQUE,
      password_hash text,
@@ -21,7 +21,7 @@ export function getTableCreationSQL(): string[] {
      created_at integer NOT NULL DEFAULT (strftime('%s','now')),
      updated_at integer NOT NULL DEFAULT (strftime('%s','now'))
    )`,
-		`CREATE TABLE IF NOT EXISTS medications (
+    `CREATE TABLE IF NOT EXISTS medications (
      id integer PRIMARY KEY AUTOINCREMENT,
      user_id integer NOT NULL,
      name text NOT NULL,
@@ -42,7 +42,7 @@ export function getTableCreationSQL(): string[] {
      updated_at integer NOT NULL DEFAULT (strftime('%s','now')),
      FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE
    )`,
-		`CREATE TABLE IF NOT EXISTS user_settings (
+    `CREATE TABLE IF NOT EXISTS user_settings (
      id integer PRIMARY KEY AUTOINCREMENT,
      user_id integer NOT NULL UNIQUE,
      email_enabled integer NOT NULL DEFAULT 0,
@@ -65,25 +65,13 @@ export function getTableCreationSQL(): string[] {
      expiry_warning_days integer NOT NULL DEFAULT 90,
      language text NOT NULL DEFAULT 'en',
      stock_calculation_mode text NOT NULL DEFAULT 'automatic',
      share_stock_status integer NOT NULL DEFAULT 1,
      upcoming_today_only integer NOT NULL DEFAULT 0,
      share_schedule_today_only integer NOT NULL DEFAULT 0,
      swap_dashboard_main_sections integer NOT NULL DEFAULT 0,
      last_auto_email_sent text,
      last_notification_type text,
      last_notification_channel text,
      last_reminder_med_name text,
      last_reminder_taken_by text,
      last_stock_reminder_sent text,
      last_stock_reminder_channel text,
      last_stock_reminder_med_names text,
      last_prescription_reminder_sent text,
      last_prescription_reminder_channel text,
      last_prescription_reminder_med_names text,
      updated_at integer NOT NULL DEFAULT (strftime('%s','now')),
      FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE
    )`,
-		`CREATE TABLE IF NOT EXISTS refresh_tokens (
+    `CREATE TABLE IF NOT EXISTS refresh_tokens (
      id integer PRIMARY KEY AUTOINCREMENT,
      user_id integer NOT NULL,
      token_id text NOT NULL UNIQUE,
@@ -93,7 +81,7 @@ export function getTableCreationSQL(): string[] {
      created_at integer NOT NULL DEFAULT (strftime('%s','now')),
      FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE
    )`,
-		`CREATE TABLE IF NOT EXISTS share_tokens (
+    `CREATE TABLE IF NOT EXISTS share_tokens (
      id integer PRIMARY KEY AUTOINCREMENT,
      user_id integer NOT NULL,
      token text NOT NULL UNIQUE,
@@ -103,7 +91,7 @@ export function getTableCreationSQL(): string[] {
      expires_at integer,
      FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE
    )`,
-		`CREATE TABLE IF NOT EXISTS dose_tracking (
+    `CREATE TABLE IF NOT EXISTS dose_tracking (
      id integer PRIMARY KEY AUTOINCREMENT,
      user_id integer NOT NULL,
      dose_id text NOT NULL,
@@ -112,7 +100,7 @@ export function getTableCreationSQL(): string[] {
      dismissed integer NOT NULL DEFAULT 0,
      FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE
    )`,
-		`CREATE TABLE IF NOT EXISTS refill_history (
+    `CREATE TABLE IF NOT EXISTS refill_history (
      id integer PRIMARY KEY AUTOINCREMENT,
      medication_id integer NOT NULL,
      user_id integer NOT NULL,
@@ -122,5 +110,5 @@ export function getTableCreationSQL(): string[] {
      FOREIGN KEY (medication_id) REFERENCES medications(id) ON DELETE CASCADE,
      FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE
    )`,
-	];
+  ];
 }
@@ -1,185 +1,134 @@
 import { sqliteTable, text, integer } from "drizzle-orm/sqlite-core";
 import { sql } from "drizzle-orm";
 import { integer, sqliteTable, text } from "drizzle-orm/sqlite-core";
 // =============================================================================
 // Users - Simple auth, no roles (every user is equal)
 // =============================================================================
 export const users = sqliteTable("users", {
-	id: integer("id").primaryKey({ autoIncrement: true }),
+  id: integer("id").primaryKey({ autoIncrement: true }),
-	username: text("username", { length: 100 }).notNull().unique(),
+  username: text("username", { length: 100 }).notNull().unique(),
-	passwordHash: text("password_hash", { length: 255 }),
+  passwordHash: text("password_hash", { length: 255 }),
-	avatarUrl: text("avatar_url", { length: 255 }),
+  avatarUrl: text("avatar_url", { length: 255 }),
-	authProvider: text("auth_provider", { length: 50 }).notNull().default("local"),
+  authProvider: text("auth_provider", { length: 50 }).notNull().default("local"),
-	oidcSubject: text("oidc_subject", { length: 255 }), // OIDC provider's unique user ID (sub claim)
+  oidcSubject: text("oidc_subject", { length: 255 }),  // OIDC provider's unique user ID (sub claim)
-	isActive: integer("is_active", { mode: "boolean" }).notNull().default(true),
+  isActive: integer("is_active", { mode: "boolean" }).notNull().default(true),
-	lastLoginAt: integer("last_login_at", { mode: "timestamp" }),
+  lastLoginAt: integer("last_login_at", { mode: "timestamp" }),
-	createdAt: integer("created_at", { mode: "timestamp" }).notNull().default(sql`CURRENT_TIMESTAMP`),
+  createdAt: integer("created_at", { mode: "timestamp" }).notNull().default(sql`CURRENT_TIMESTAMP`),
-	updatedAt: integer("updated_at", { mode: "timestamp" }).notNull().default(sql`CURRENT_TIMESTAMP`),
+  updatedAt: integer("updated_at", { mode: "timestamp" }).notNull().default(sql`CURRENT_TIMESTAMP`),
 });
 // =============================================================================
 // Medications - Per user
 // =============================================================================
 export const medications = sqliteTable("medications", {
-	id: integer("id").primaryKey({ autoIncrement: true }),
+  id: integer("id").primaryKey({ autoIncrement: true }),
-	userId: integer("user_id")
+  userId: integer("user_id").notNull().references(() => users.id, { onDelete: "cascade" }),
-		.notNull()
+  name: text("name", { length: 100 }).notNull(),
-		.references(() => users.id, { onDelete: "cascade" }),
+  genericName: text("generic_name", { length: 100 }),
-	name: text("name", { length: 100 }).notNull(),
+  takenByJson: text("taken_by_json").notNull().default("[]"), // JSON array of person names
-	genericName: text("generic_name", { length: 100 }),
+  packCount: integer("pack_count").notNull().default(1),
-	takenByJson: text("taken_by_json").notNull().default("[]"), // JSON array of person names
+  blistersPerPack: integer("blisters_per_pack").notNull().default(1),
-	packageType: text("package_type", { length: 20 }).notNull().default("blister"), // 'blister' or 'bottle'
+  pillsPerBlister: integer("pills_per_blister").notNull().default(1),
-	packCount: integer("pack_count").notNull().default(1),
+  looseTablets: integer("loose_tablets").notNull().default(0), // TRUE loose pills (user-entered)
-	blistersPerPack: integer("blisters_per_pack").notNull().default(1),
+  stockAdjustment: integer("stock_adjustment").notNull().default(0), // Hidden offset from stock corrections
-	pillsPerBlister: integer("pills_per_blister").notNull().default(1),
+  lastStockCorrectionAt: integer("last_stock_correction_at", { mode: "timestamp" }), // When stock was last corrected - consumed doses before this don't count
-	totalPills: integer("total_pills"), // For bottle type: total capacity of the container
+  pillWeightMg: integer("pill_weight_mg"),
-	looseTablets: integer("loose_tablets").notNull().default(0), // For blister: extra loose pills; for bottle: current stock
+  usageJson: text("usage_json").notNull().default("[]"),
-	stockAdjustment: integer("stock_adjustment").notNull().default(0), // Hidden offset from stock corrections
+  everyJson: text("every_json").notNull().default("[]"),
-	lastStockCorrectionAt: integer("last_stock_correction_at", { mode: "timestamp" }), // When stock was last corrected - consumed doses before this don't count
+  startJson: text("start_json").notNull().default("[]"),
-	pillWeightMg: integer("pill_weight_mg"),
+  imageUrl: text("image_url"),
-	doseUnit: text("dose_unit", { length: 20 }).default("mg"), // Unit for the dose (mg, g, mcg, ml, IU, etc.)
+  expiryDate: text("expiry_date"),
-	usageJson: text("usage_json").notNull().default("[]"), // DEPRECATED: Use intakesJson instead
+  notes: text("notes"),
-	everyJson: text("every_json").notNull().default("[]"), // DEPRECATED: Use intakesJson instead
+  intakeRemindersEnabled: integer("intake_reminders_enabled", { mode: "boolean" }).notNull().default(false),
-	startJson: text("start_json").notNull().default("[]"), // DEPRECATED: Use intakesJson instead
+  updatedAt: integer("updated_at", { mode: "timestamp" }).notNull().default(sql`CURRENT_TIMESTAMP`),
 	// New unified intakes structure: [{usage, every, start, takenBy, intakeRemindersEnabled}]
 	intakesJson: text("intakes_json").notNull().default("[]"),
 	imageUrl: text("image_url"),
 	expiryDate: text("expiry_date"),
 	notes: text("notes"),
 	intakeRemindersEnabled: integer("intake_reminders_enabled", { mode: "boolean" }).notNull().default(false),
 	medicationStartDate: text("medication_start_date").notNull().default(""),
 	isObsolete: integer("is_obsolete", { mode: "boolean" }).notNull().default(false),
 	obsoleteAt: integer("obsolete_at", { mode: "timestamp" }),
 	prescriptionEnabled: integer("prescription_enabled", { mode: "boolean" }).notNull().default(false),
 	prescriptionAuthorizedRefills: integer("prescription_authorized_refills"),
 	prescriptionRemainingRefills: integer("prescription_remaining_refills"),
 	prescriptionLowRefillThreshold: integer("prescription_low_refill_threshold").notNull().default(1),
 	prescriptionExpiryDate: text("prescription_expiry_date"),
 	dismissedUntil: text("dismissed_until"), // ISO date string (e.g. "2026-01-23") - all past doses until this date are dismissed
 	updatedAt: integer("updated_at", { mode: "timestamp" }).notNull().default(sql`CURRENT_TIMESTAMP`),
 });
 // =============================================================================
 // User Settings - Per user (email, push, thresholds, language)
 // =============================================================================
 export const userSettings = sqliteTable("user_settings", {
-	id: integer("id").primaryKey({ autoIncrement: true }),
+  id: integer("id").primaryKey({ autoIncrement: true }),
-	userId: integer("user_id")
+  userId: integer("user_id").notNull().unique().references(() => users.id, { onDelete: "cascade" }),
-		.notNull()
+  // Email notifications
-		.unique()
+  emailEnabled: integer("email_enabled", { mode: "boolean" }).notNull().default(false),
-		.references(() => users.id, { onDelete: "cascade" }),
+  notificationEmail: text("notification_email"),
-	// Email notifications
+  emailStockReminders: integer("email_stock_reminders", { mode: "boolean" }).notNull().default(true),
-	emailEnabled: integer("email_enabled", { mode: "boolean" }).notNull().default(false),
+  emailIntakeReminders: integer("email_intake_reminders", { mode: "boolean" }).notNull().default(true),
-	notificationEmail: text("notification_email"),
+  // Push notifications (shoutrrr/ntfy)
-	emailStockReminders: integer("email_stock_reminders", { mode: "boolean" }).notNull().default(true),
+  shoutrrrEnabled: integer("shoutrrr_enabled", { mode: "boolean" }).notNull().default(false),
-	emailIntakeReminders: integer("email_intake_reminders", { mode: "boolean" }).notNull().default(true),
+  shoutrrrUrl: text("shoutrrr_url"),
-	emailPrescriptionReminders: integer("email_prescription_reminders", { mode: "boolean" }).notNull().default(true),
+  shoutrrrStockReminders: integer("shoutrrr_stock_reminders", { mode: "boolean" }).notNull().default(true),
-	// Push notifications (shoutrrr/ntfy)
+  shoutrrrIntakeReminders: integer("shoutrrr_intake_reminders", { mode: "boolean" }).notNull().default(true),
-	shoutrrrEnabled: integer("shoutrrr_enabled", { mode: "boolean" }).notNull().default(false),
+  // Reminder settings
-	shoutrrrUrl: text("shoutrrr_url"),
+  reminderDaysBefore: integer("reminder_days_before").notNull().default(7),
-	shoutrrrStockReminders: integer("shoutrrr_stock_reminders", { mode: "boolean" }).notNull().default(true),
+  repeatDailyReminders: integer("repeat_daily_reminders", { mode: "boolean" }).notNull().default(false),
-	shoutrrrIntakeReminders: integer("shoutrrr_intake_reminders", { mode: "boolean" }).notNull().default(true),
+  skipRemindersForTakenDoses: integer("skip_reminders_for_taken_doses", { mode: "boolean" }).notNull().default(false),
-	shoutrrrPrescriptionReminders: integer("shoutrrr_prescription_reminders", { mode: "boolean" })
+  repeatRemindersEnabled: integer("repeat_reminders_enabled", { mode: "boolean" }).notNull().default(false),
-		.notNull()
+  reminderRepeatIntervalMinutes: integer("reminder_repeat_interval_minutes").notNull().default(30),
-		.default(true),
+  maxNaggingReminders: integer("max_nagging_reminders").notNull().default(5),
-	// Reminder settings
+  // Stock thresholds (days)
-	reminderDaysBefore: integer("reminder_days_before").notNull().default(7),
+  lowStockDays: integer("low_stock_days").notNull().default(30),
-	repeatDailyReminders: integer("repeat_daily_reminders", { mode: "boolean" }).notNull().default(false),
+  normalStockDays: integer("normal_stock_days").notNull().default(90),
-	skipRemindersForTakenDoses: integer("skip_reminders_for_taken_doses", { mode: "boolean" }).notNull().default(false),
+  highStockDays: integer("high_stock_days").notNull().default(180),
-	repeatRemindersEnabled: integer("repeat_reminders_enabled", { mode: "boolean" }).notNull().default(false),
+  expiryWarningDays: integer("expiry_warning_days").notNull().default(90),
-	reminderRepeatIntervalMinutes: integer("reminder_repeat_interval_minutes").notNull().default(30),
+  // UI preferences
-	maxNaggingReminders: integer("max_nagging_reminders").notNull().default(5),
+  language: text("language", { length: 10 }).notNull().default("en"),
-	// Stock thresholds (days)
+  // Stock calculation mode: "automatic" (schedule-based) or "manual" (only marked doses)
-	lowStockDays: integer("low_stock_days").notNull().default(30),
+  stockCalculationMode: text("stock_calculation_mode", { length: 20 }).notNull().default("automatic"),
-	normalStockDays: integer("normal_stock_days").notNull().default(90),
+  // Last notification tracking
-	highStockDays: integer("high_stock_days").notNull().default(180),
+  lastAutoEmailSent: text("last_auto_email_sent"),
-	expiryWarningDays: integer("expiry_warning_days").notNull().default(90),
+  lastNotificationType: text("last_notification_type"),
-	// UI preferences
+  lastNotificationChannel: text("last_notification_channel"),
-	language: text("language", { length: 10 }).notNull().default("en"),
+  // Timestamps
-	// Stock calculation mode: "automatic" (schedule-based) or "manual" (only marked doses)
+  updatedAt: integer("updated_at", { mode: "timestamp" }).notNull().default(sql`CURRENT_TIMESTAMP`),
 	stockCalculationMode: text("stock_calculation_mode", { length: 20 }).notNull().default("automatic"),
 	// Whether shared schedule links show stock status (Critical/Low/Normal) to intake users
 	shareStockStatus: integer("share_stock_status", { mode: "boolean" }).notNull().default(true),
 	// UI timeline visibility preferences
 	upcomingTodayOnly: integer("upcoming_today_only", { mode: "boolean" }).notNull().default(false),
 	shareScheduleTodayOnly: integer("share_schedule_today_only", { mode: "boolean" }).notNull().default(false),
 	swapDashboardMainSections: integer("swap_dashboard_main_sections", { mode: "boolean" }).notNull().default(false),
 	// Last notification tracking (intake reminders)
 	lastAutoEmailSent: text("last_auto_email_sent"),
 	lastNotificationType: text("last_notification_type"),
 	lastNotificationChannel: text("last_notification_channel"),
 	lastReminderMedName: text("last_reminder_med_name"),
 	lastReminderTakenBy: text("last_reminder_taken_by"),
 	// Last stock reminder tracking (separate from intake)
 	lastStockReminderSent: text("last_stock_reminder_sent"),
 	lastStockReminderChannel: text("last_stock_reminder_channel"),
 	lastStockReminderMedNames: text("last_stock_reminder_med_names"),
 	// Last prescription reminder tracking (separate from stock/intake)
 	lastPrescriptionReminderSent: text("last_prescription_reminder_sent"),
 	lastPrescriptionReminderChannel: text("last_prescription_reminder_channel"),
 	lastPrescriptionReminderMedNames: text("last_prescription_reminder_med_names"),
 	// Timestamps
 	updatedAt: integer("updated_at", { mode: "timestamp" }).notNull().default(sql`CURRENT_TIMESTAMP`),
 });
 // =============================================================================
 // Refresh Tokens - For JWT rotation
 // =============================================================================
 export const refreshTokens = sqliteTable("refresh_tokens", {
-	id: integer("id").primaryKey({ autoIncrement: true }),
+  id: integer("id").primaryKey({ autoIncrement: true }),
-	userId: integer("user_id")
+  userId: integer("user_id").notNull().references(() => users.id, { onDelete: "cascade" }),
-		.notNull()
+  tokenId: text("token_id", { length: 255 }).notNull().unique(),
-		.references(() => users.id, { onDelete: "cascade" }),
+  expiresAt: integer("expires_at", { mode: "timestamp" }).notNull(),
-	tokenId: text("token_id", { length: 255 }).notNull().unique(),
+  rotatedAt: integer("rotated_at", { mode: "timestamp" }),
-	expiresAt: integer("expires_at", { mode: "timestamp" }).notNull(),
+  revoked: integer("revoked", { mode: "boolean" }).notNull().default(false),
-	rotatedAt: integer("rotated_at", { mode: "timestamp" }),
+  createdAt: integer("created_at", { mode: "timestamp" }).notNull().default(sql`CURRENT_TIMESTAMP`),
 	revoked: integer("revoked", { mode: "boolean" }).notNull().default(false),
 	createdAt: integer("created_at", { mode: "timestamp" }).notNull().default(sql`CURRENT_TIMESTAMP`),
 });
 // =============================================================================
 // Share Tokens - For public schedule sharing by takenBy person
 // =============================================================================
 export const shareTokens = sqliteTable("share_tokens", {
-	id: integer("id").primaryKey({ autoIncrement: true }),
+  id: integer("id").primaryKey({ autoIncrement: true }),
-	userId: integer("user_id")
+  userId: integer("user_id").notNull().references(() => users.id, { onDelete: "cascade" }),
-		.notNull()
+  token: text("token", { length: 64 }).notNull().unique(),
-		.references(() => users.id, { onDelete: "cascade" }),
+  takenBy: text("taken_by", { length: 100 }).notNull(),
-	token: text("token", { length: 64 }).notNull().unique(),
+  scheduleDays: integer("schedule_days").notNull().default(30),
-	takenBy: text("taken_by", { length: 100 }).notNull(),
+  createdAt: integer("created_at", { mode: "timestamp" }).notNull().default(sql`CURRENT_TIMESTAMP`),
-	scheduleDays: integer("schedule_days").notNull().default(30),
+  expiresAt: integer("expires_at", { mode: "timestamp" }), // NULL = never expires
 	createdAt: integer("created_at", { mode: "timestamp" }).notNull().default(sql`CURRENT_TIMESTAMP`),
 	expiresAt: integer("expires_at", { mode: "timestamp" }), // NULL = never expires
 });
 // =============================================================================
 // Dose Tracking - Tracks when doses are marked as taken
 // =============================================================================
 export const doseTracking = sqliteTable("dose_tracking", {
-	id: integer("id").primaryKey({ autoIncrement: true }),
+  id: integer("id").primaryKey({ autoIncrement: true }),
-	userId: integer("user_id")
+  userId: integer("user_id").notNull().references(() => users.id, { onDelete: "cascade" }),
-		.notNull()
+  doseId: text("dose_id", { length: 255 }).notNull(), // e.g. "med-5-1-86400000-1735200000000"
-		.references(() => users.id, { onDelete: "cascade" }),
+  takenAt: integer("taken_at", { mode: "timestamp" }).notNull().default(sql`(strftime('%s','now'))`),
-	doseId: text("dose_id", { length: 255 }).notNull(), // e.g. "med-5-1-86400000-1735200000000"
+  markedBy: text("marked_by", { length: 100 }), // null = user, "Daniel" = via share link
-	takenAt: integer("taken_at", { mode: "timestamp" }).notNull().default(sql`(strftime('%s','now'))`),
+  dismissed: integer("dismissed", { mode: "boolean" }).notNull().default(false), // true = missed dose acknowledged without taking
 	markedBy: text("marked_by", { length: 100 }), // null = user, "Daniel" = via share link
 	takenSource: text("taken_source", { length: 20 }).notNull().default("manual"), // manual or automatic
 	dismissed: integer("dismissed", { mode: "boolean" }).notNull().default(false), // true = missed dose acknowledged without taking
 });
 // =============================================================================
 // Refill History - Tracks when medication stock was refilled
 // =============================================================================
 export const refillHistory = sqliteTable("refill_history", {
-	id: integer("id").primaryKey({ autoIncrement: true }),
+  id: integer("id").primaryKey({ autoIncrement: true }),
-	medicationId: integer("medication_id")
+  medicationId: integer("medication_id").notNull().references(() => medications.id, { onDelete: "cascade" }),
-		.notNull()
+  userId: integer("user_id").notNull().references(() => users.id, { onDelete: "cascade" }),
-		.references(() => medications.id, { onDelete: "cascade" }),
+  packsAdded: integer("packs_added").notNull().default(0),
-	userId: integer("user_id")
+  loosePillsAdded: integer("loose_pills_added").notNull().default(0),
-		.notNull()
+  refillDate: integer("refill_date", { mode: "timestamp" }).notNull().default(sql`(strftime('%s','now'))`),
 		.references(() => users.id, { onDelete: "cascade" }),
 	packsAdded: integer("packs_added").notNull().default(0),
 	loosePillsAdded: integer("loose_pills_added").notNull().default(0),
 	usedPrescription: integer("used_prescription", { mode: "boolean" }).notNull().default(false),
 	refillDate: integer("refill_date", { mode: "timestamp" }).notNull().default(sql`(strftime('%s','now'))`),
 });
@@ -1,500 +1,193 @@
 // Backend translations for notifications
 export type Language = "en" | "de";
 /**
 * Map timezone to region code (ISO 3166-1 alpha-2).
 * This allows combining app language with regional formatting.
 */
 const TIMEZONE_TO_REGION: Record<string, string> = {
 	// Europe
 	"Europe/Berlin": "DE",
 	"Europe/Vienna": "AT",
 	"Europe/Zurich": "CH",
 	"Europe/London": "GB",
 	"Europe/Dublin": "IE",
 	"Europe/Paris": "FR",
 	"Europe/Madrid": "ES",
 	"Europe/Rome": "IT",
 	"Europe/Amsterdam": "NL",
 	"Europe/Brussels": "BE",
 	"Europe/Warsaw": "PL",
 	"Europe/Prague": "CZ",
 	"Europe/Stockholm": "SE",
 	"Europe/Oslo": "NO",
 	"Europe/Copenhagen": "DK",
 	"Europe/Helsinki": "FI",
 	"Europe/Athens": "GR",
 	"Europe/Lisbon": "PT",
 	"Europe/Moscow": "RU",
 	"Europe/Kiev": "UA",
 	"Europe/Kyiv": "UA",
 	"Europe/Budapest": "HU",
 	"Europe/Bucharest": "RO",
 	// Americas
 	"America/New_York": "US",
 	"America/Chicago": "US",
 	"America/Denver": "US",
 	"America/Los_Angeles": "US",
 	"America/Phoenix": "US",
 	"America/Toronto": "CA",
 	"America/Vancouver": "CA",
 	"America/Mexico_City": "MX",
 	"America/Sao_Paulo": "BR",
 	"America/Buenos_Aires": "AR",
 	// Asia/Pacific
 	"Asia/Tokyo": "JP",
 	"Asia/Shanghai": "CN",
 	"Asia/Hong_Kong": "HK",
 	"Asia/Singapore": "SG",
 	"Asia/Seoul": "KR",
 	"Asia/Dubai": "AE",
 	"Asia/Kolkata": "IN",
 	"Australia/Sydney": "AU",
 	"Australia/Melbourne": "AU",
 	"Pacific/Auckland": "NZ",
 };
 /**
 * Get region code from TZ environment variable.
 */
 function getRegionFromTimezone(): string | undefined {
 	const tz = process.env.TZ;
 	if (!tz) return undefined;
 	return TIMEZONE_TO_REGION[tz];
 }
 type TranslationKeys = {
-	// Stock reminder (shared across email + push)
+  // Stock reminder email
-	stockReminder: {
+  stockReminder: {
-		subject: string;
+    subject: string;
-		title: string;
+    title: string;
-		description: string;
+    description: string;
-		descriptionEmpty: string;
+    alertSingle: string;
-		descriptionMixed: string;
+    alertMultiple: string;
-		alertSingle: string;
+    tableHeaders: {
-		alertMultiple: string;
+      medication: string;
-		alertEmptySingle: string;
+      pills: string;
-		alertEmptyMultiple: string;
+      days: string;
-		alertLowSingle: string;
+      runsOut: string;
-		alertLowMultiple: string;
+    };
-		alertLowStockSingle: string;
+    footer: string;
-		alertLowStockMultiple: string;
+    repeatDailyNote: string;
-		descriptionLow: string;
+  };
-		tableHeaders: {
+  // Intake reminder email
-			medication: string;
+  intakeReminder: {
-			pills: string;
+    subject: string;
-			days: string;
+    title: string;
-			runsOut: string;
+    description: string;
-		};
+    alertSingle: string;
-		now: string;
+    alertMultiple: string;
-		repeatDailyNote: string;
+    tableHeaders: {
-	};
+      medication: string;
-	// Intake reminder email
+      dosage: string;
-	intakeReminder: {
+      time: string;
-		subject: string;
+    };
-		title: string;
+    pills: string;
-		description: string;
+    takenBy: string;
-		alertSingle: string;
+    footer: string;
-		alertMultiple: string;
+  };
-		tableHeaders: {
+  // Push notifications
-			medication: string;
+  push: {
-			dosage: string;
+    stockTitle: string;
-			time: string;
+    stockTitleMultiple: string;
-		};
+    intakeTitle: string;
-		pills: string;
+    pillsLeft: string;
-		takenBy: string;
+    daysLeft: string;
-	};
+    pillsAt: string;
-	// Push notifications
+    repeatDailyNote: string;
-	push: {
+    empty: string;
-		stockTitle: string;
+    low: string;
-		stockTitleMultiple: string;
+    reorderNow: string;
-		intakeTitle: string;
+    emptySection: string;
-		pillsLeft: string;
+    lowSection: string;
-		daysLeft: string;
+  };
-		pillsAt: string;
+  // Common
-		repeatDailyNote: string;
+  common: {
-		empty: string;
+    pill: string;
-		low: string;
+    pills: string;
-		critical: string;
+    day: string;
-		lowStock: string;
+    days: string;
-		reorderNow: string;
+    soon: string;
-		emptySection: string;
+  };
 		lowSection: string;
 		criticalSection: string;
 		lowStockSection: string;
 	};
 	// Prescription reminder (shared across email + push)
 	prescriptionReminder: {
 		subjectSingle: string;
 		subjectMultiple: string;
 		pushTitleLow: string;
 		pushTitleEmpty: string;
 		pushEmpty: string;
 		pushEmptySingle: string;
 		pushLow: string;
 		pushLowSingle: string;
 		pushRenewNow: string;
 		pushEmptySection: string;
 		pushLowSection: string;
 		pushRefillsLeft: string;
 		title: string;
 		titleEmpty: string;
 		descriptionLow: string;
 		descriptionEmpty: string;
 		alertLowSingle: string;
 		alertLowMultiple: string;
 		alertEmptySingle: string;
 		alertEmptyMultiple: string;
 		line: string;
 		lineEmpty: string;
 		expiresSuffix: string;
 		repeatDailyNote: string;
 		tableHeaders: {
 			medication: string;
 			refillsLeft: string;
 			reminderThreshold: string;
 			prescriptionExpires: string;
 		};
 	};
 	// Demand calculator email
 	demandCalculator: {
 		subject: string;
 		title: string;
 		description: string;
 		summaryOutOfStock: string;
 		summaryAllOk: string;
 		tableHeaders: {
 			medication: string;
 			usage: string;
 			needed: string;
 			prescriptionRefills: string;
 			available: string;
 			status: string;
 		};
 		statusEnough: string;
 		statusEmpty: string;
 		prescriptionNotApplicable: string;
 	};
 	// Common
 	common: {
 		pill: string;
 		pills: string;
 		blister: string;
 		blisters: string;
 		day: string;
 		days: string;
 		soon: string;
 		footer: string;
 	};
 };
 const translations: Record<Language, TranslationKeys> = {
-	en: {
+  en: {
-		stockReminder: {
+    stockReminder: {
-			subject: "MedAssist-ng: ⚠️ {count} Medication{s} Running Critically Low",
+      subject: "MedAssist-ng Auto-Reminder: {count} Medication{s} Running Low",
-			title: "⚠️ MedAssist-ng: Automatic Reorder Reminder",
+      title: "⚠️ MedAssist-ng - Automatic Reorder Reminder",
-			description: "The following medications are running critically low and need to be reordered:",
+      description: "The following medications are running low and need to be reordered:",
-			descriptionEmpty: "The following medications are empty and need to be reordered immediately:",
+      alertSingle: "⚠️ 1 medication running low!",
-			descriptionMixed: "The following medications need to be reordered:",
+      alertMultiple: "⚠️ {count} medications running low!",
-			alertSingle: "⚠️ 1 medication running critically low!",
+      tableHeaders: {
-			alertMultiple: "⚠️ {count} medications running critically low!",
+        medication: "Medication",
-			alertEmptySingle: "🚨 1 medication empty - reorder immediately!",
+        pills: "Pills",
-			alertEmptyMultiple: "🚨 {count} medications empty - reorder immediately!",
+        days: "Days",
-			alertLowSingle: "⚠️ 1 medication running critically low",
+        runsOut: "Runs Out",
-			alertLowMultiple: "⚠️ {count} medications running critically low",
+      },
-			alertLowStockSingle: "⚠️ 1 medication running low",
+      footer: "🤖 Automatic reminder from MedAssist-ng",
-			alertLowStockMultiple: "⚠️ {count} medications running low",
+      repeatDailyNote: "You are receiving this daily reminder because 'Repeat Daily' is enabled in settings.",
-			descriptionLow: "The following medications are running low and should be reordered soon:",
+    },
-			tableHeaders: {
+    intakeReminder: {
-				medication: "Medication",
+      subject: "MedAssist-ng: Medication Reminder - {medications}",
-				pills: "Pills",
+      title: "💊 MedAssist-ng - Intake Reminder",
-				days: "Days",
+      description: "Time to take your medication in {minutes} minutes:",
-				runsOut: "Runs Out",
+      alertSingle: "💊 1 medication scheduled",
-			},
+      alertMultiple: "💊 {count} medications scheduled",
-			now: "NOW",
+      tableHeaders: {
-			repeatDailyNote: "You are receiving this daily reminder because 'Repeat Daily' is enabled in settings.",
+        medication: "Medication",
-		},
+        dosage: "Dosage",
-		intakeReminder: {
+        time: "Time",
-			subject: "MedAssist-ng: Medication Reminder - {medications}",
+      },
-			title: "💊 MedAssist-ng - Intake Reminder",
+      pills: "pills",
-			description: "Time to take your medication in {minutes} minutes:",
+      takenBy: "for {name}",
-			alertSingle: "💊 1 medication scheduled",
+      footer: "🤖 Automatic reminder from MedAssist-ng",
-			alertMultiple: "💊 {count} medications scheduled",
+    },
-			tableHeaders: {
+    push: {
-				medication: "Medication",
+      stockTitle: "MedAssist-ng: 1 Medication Running Low",
-				dosage: "Dosage",
+      stockTitleMultiple: "MedAssist-ng: {count} Medications Running Low",
-				time: "Time",
+      intakeTitle: "💊 Medication Reminder in {minutes} min",
-			},
+      pillsLeft: "{count} pills",
-			pills: "pills",
+      daysLeft: "{count} days left",
-			takenBy: "for {name}",
+      pillsAt: "{count} pills at {time}",
-		},
+      repeatDailyNote: "(Daily reminder enabled)",
-		push: {
+      empty: "Empty",
-			stockTitle: "MedAssist-ng: 1 Medication Running Critically Low",
+      low: "Low",
-			stockTitleMultiple: "MedAssist-ng: {count} Medications Running Critically Low",
+      reorderNow: "Reorder Now!",
-			intakeTitle: "💊 Reminder: Medication intake in {minutes} min",
+      emptySection: "EMPTY (reorder immediately)",
-			pillsLeft: "{count} pills",
+      lowSection: "RUNNING LOW (reorder soon)",
-			daysLeft: "{count} days left",
+    },
-			pillsAt: "{count} pills at {time}",
+    common: {
-			repeatDailyNote: "(Daily reminder enabled)",
+      pill: "pill",
-			empty: "Empty",
+      pills: "pills",
-			low: "Critical",
+      day: "day",
-			critical: "Critical",
+      days: "days",
-			lowStock: "Low",
+      soon: "soon",
-			reorderNow: "Reorder Now!",
+    },
-			emptySection: "Empty (reorder immediately)",
+  },
-			lowSection: "Running critically low",
+  de: {
-			criticalSection: "Running critically low",
+    stockReminder: {
-			lowStockSection: "Running low",
+      subject: "MedAssist-ng Auto-Erinnerung: {count} Medikament{e} wird knapp",
-		},
+      title: "⚠️ MedAssist-ng - Automatische Nachbestell-Erinnerung",
-		prescriptionReminder: {
+      description: "Die folgenden Medikamente gehen zur Neige und sollten nachbestellt werden:",
-			subjectSingle: "MedAssist-ng: 🚨 Prescription Refill Reminder",
+      alertSingle: "⚠️ 1 Medikament wird knapp!",
-			subjectMultiple: "MedAssist-ng: 🚨 {count} Prescriptions Need Renewal Soon",
+      alertMultiple: "⚠️ {count} Medikamente werden knapp!",
-			pushTitleLow: "💊 MedAssist-ng: {count} prescriptions are running low",
+      tableHeaders: {
-			pushTitleEmpty: "💊 MedAssist-ng: {count} prescriptions need renewal now",
+        medication: "Medikament",
-			pushEmpty: "prescriptions out of refills",
+        pills: "Tabletten",
-			pushEmptySingle: "prescription out of refills",
+        days: "Tage",
-			pushLow: "prescriptions low on refills",
+        runsOut: "Aufgebraucht",
-			pushLowSingle: "prescription low on refills",
+      },
-			pushRenewNow: "Renew Now!",
+      footer: "🤖 Automatische Erinnerung von MedAssist-ng",
-			pushEmptySection: "Prescriptions with no refills left",
+      repeatDailyNote: "Sie erhalten diese tägliche Erinnerung, weil 'Täglich wiederholen' in den Einstellungen aktiviert ist.",
-			pushLowSection: "Prescriptions running low on refills",
+    },
-			pushRefillsLeft: "{count} refill(s) remaining on this prescription",
+    intakeReminder: {
-			title: "⚠️ MedAssist-ng - Prescription Reminder",
+      subject: "MedAssist-ng: Einnahme-Erinnerung - {medications}",
-			titleEmpty: "🚨 MedAssist-ng - Prescription Reminder",
+      title: "💊 MedAssist-ng - Einnahme-Erinnerung",
-			descriptionLow: "Some prescriptions are low on remaining refills.",
+      description: "Zeit für Ihre Medikamente in {minutes} Minuten:",
-			descriptionEmpty: "Some prescriptions have no refills left. Contact your doctor for renewal.",
+      alertSingle: "💊 1 Medikament geplant",
-			alertLowSingle: "⚠️ 1 prescription is low on refills",
+      alertMultiple: "💊 {count} Medikamente geplant",
-			alertLowMultiple: "⚠️ {count} prescriptions are low on refills",
+      tableHeaders: {
-			alertEmptySingle: "🚨 1 prescription needs renewal now",
+        medication: "Medikament",
-			alertEmptyMultiple: "🚨 {count} prescriptions need renewal now",
+        dosage: "Dosis",
-			line: "{name}: {refills} refill(s) remaining on this prescription{expirySuffix}",
+        time: "Uhrzeit",
-			lineEmpty: "{name}: no refills remaining on this prescription{expirySuffix}",
+      },
-			expiresSuffix: ", expires {date}",
+      pills: "Tabletten",
-			repeatDailyNote: "You are receiving this daily reminder because 'Repeat Daily' is enabled in settings.",
+      takenBy: "für {name}",
-			tableHeaders: {
+      footer: "🤖 Automatische Erinnerung von MedAssist-ng",
-				medication: "Medication",
+    },
-				refillsLeft: "Prescription refills left",
+    push: {
-				reminderThreshold: "Reminder threshold",
+      stockTitle: "MedAssist-ng: 1 Medikament wird knapp",
-				prescriptionExpires: "Prescription expires",
+      stockTitleMultiple: "MedAssist-ng: {count} Medikamente werden knapp",
-			},
+      intakeTitle: "💊 Einnahme-Erinnerung in {minutes} Min.",
-		},
+      pillsLeft: "{count} Tabletten",
-		demandCalculator: {
+      daysLeft: "{count} Tage übrig",
-			subject: "MedAssist-ng: Supply Overview ({from} - {until})",
+      pillsAt: "{count} Tabletten um {time}",
-			title: "MedAssist-ng: Demand Calculator",
+      repeatDailyNote: "(Tägliche Erinnerung aktiviert)",
-			description: "Supply overview from {from} to {until}",
+      empty: "Leer",
-			summaryOutOfStock: "⚠️ {count} medication{s} will be out of stock during this period.",
+      low: "Knapp",
-			summaryAllOk: "✓ All medications have sufficient supply for this period.",
+      reorderNow: "Jetzt nachbestellen!",
-			tableHeaders: {
+      emptySection: "LEER (sofort nachbestellen)",
-				medication: "Medication",
+      lowSection: "WIRD KNAPP (bald nachbestellen)",
-				usage: "Usage",
+    },
-				needed: "Blisters needed",
+    common: {
-				prescriptionRefills: "Prescription refills",
+      pill: "Tablette",
-				available: "Available",
+      pills: "Tabletten",
-				status: "Status",
+      day: "Tag",
-			},
+      days: "Tage",
-			statusEnough: "✓ Enough",
+      soon: "bald",
-			statusEmpty: "✗ Empty",
+    },
-			prescriptionNotApplicable: "–",
+  },
 		},
 		common: {
 			pill: "pill",
 			pills: "pills",
 			blister: "blister",
 			blisters: "blisters",
 			day: "day",
 			days: "days",
 			soon: "soon",
 			footer: "🤖 Sent from MedAssist-ng",
 		},
 	},
 	de: {
 		stockReminder: {
 			subject: "MedAssist-ng: ⚠️ {count} Medikament{e} kritisch niedrig",
 			title: "⚠️ MedAssist-ng: Automatische Nachbestell-Erinnerung",
 			description: "Die folgenden Medikamente sind kritisch niedrig und sollten nachbestellt werden:",
 			descriptionEmpty: "Die folgenden Medikamente sind leer und müssen sofort nachbestellt werden:",
 			descriptionMixed: "Die folgenden Medikamente müssen nachbestellt werden:",
 			alertSingle: "⚠️ 1 Medikament kritisch niedrig!",
 			alertMultiple: "⚠️ {count} Medikamente kritisch niedrig!",
 			alertEmptySingle: "🚨 1 Medikament leer - sofort nachbestellen!",
 			alertEmptyMultiple: "🚨 {count} Medikamente leer - sofort nachbestellen!",
 			alertLowSingle: "⚠️ 1 Medikament kritisch niedrig",
 			alertLowMultiple: "⚠️ {count} Medikamente kritisch niedrig",
 			alertLowStockSingle: "⚠️ 1 Medikament niedrig",
 			alertLowStockMultiple: "⚠️ {count} Medikamente niedrig",
 			descriptionLow: "Die folgenden Medikamente werden knapp und sollten bald nachbestellt werden:",
 			tableHeaders: {
 				medication: "Medikament",
 				pills: "Tabletten",
 				days: "Tage",
 				runsOut: "Aufgebraucht",
 			},
 			now: "JETZT",
 			repeatDailyNote:
 				"Sie erhalten diese tägliche Erinnerung, weil 'Täglich wiederholen' in den Einstellungen aktiviert ist.",
 		},
 		intakeReminder: {
 			subject: "MedAssist-ng: Einnahme-Erinnerung - {medications}",
 			title: "💊 MedAssist-ng - Einnahme-Erinnerung",
 			description: "Zeit für Ihre Medikamente in {minutes} Minuten:",
 			alertSingle: "💊 1 Medikament geplant",
 			alertMultiple: "💊 {count} Medikamente geplant",
 			tableHeaders: {
 				medication: "Medikament",
 				dosage: "Dosis",
 				time: "Uhrzeit",
 			},
 			pills: "Tabletten",
 			takenBy: "für {name}",
 		},
 		push: {
 			stockTitle: "MedAssist-ng: 1 Medikament kritisch niedrig",
 			stockTitleMultiple: "MedAssist-ng: {count} Medikamente kritisch niedrig",
 			intakeTitle: "💊 Erinnerung: Medikamenteneinnahme in {minutes} Min.",
 			pillsLeft: "{count} Tabletten",
 			daysLeft: "{count} Tage übrig",
 			pillsAt: "{count} Tabletten um {time}",
 			repeatDailyNote: "(Tägliche Erinnerung aktiviert)",
 			empty: "Leer",
 			low: "Kritisch",
 			critical: "Kritisch",
 			lowStock: "Niedrig",
 			reorderNow: "Jetzt nachbestellen!",
 			emptySection: "Leer (sofort nachbestellen)",
 			lowSection: "Kritisch niedrig",
 			criticalSection: "Kritisch niedrig",
 			lowStockSection: "Niedrig",
 		},
 		prescriptionReminder: {
 			subjectSingle: "MedAssist-ng: 🚨 Rezept-Nachfüll-Erinnerung",
 			subjectMultiple: "MedAssist-ng: 🚨 {count} Rezepte müssen bald erneuert werden",
 			pushTitleLow: "💊 MedAssist-ng: {count} Rezept(e) haben nur noch wenige Nachfüllungen",
 			pushTitleEmpty: "💊 MedAssist-ng: {count} Rezept(e) müssen jetzt erneuert werden",
 			pushEmpty: "Rezepte ohne verbleibende Nachfüllung",
 			pushEmptySingle: "Rezept ohne verbleibende Nachfüllung",
 			pushLow: "Rezepte mit wenigen verbleibenden Nachfüllungen",
 			pushLowSingle: "Rezept mit wenigen verbleibenden Nachfüllungen",
 			pushRenewNow: "Jetzt erneuern!",
 			pushEmptySection: "Rezepte ohne Nachfüllungen",
 			pushLowSection: "Rezepte mit bald aufgebrauchten Nachfüllungen",
 			pushRefillsLeft: "{count} Nachfüllung(en) für dieses Rezept übrig",
 			title: "⚠️ MedAssist-ng - Rezept-Erinnerung",
 			titleEmpty: "🚨 MedAssist-ng - Rezept-Erinnerung",
 			descriptionLow: "Einige Rezepte haben nur noch wenige Nachfüllungen.",
 			descriptionEmpty:
 				"Einige Rezepte haben keine Nachfüllungen mehr. Bitte kontaktieren Sie Ihren Arzt für eine Erneuerung.",
 			alertLowSingle: "⚠️ 1 Rezept ist bei den Nachfüllungen niedrig",
 			alertLowMultiple: "⚠️ {count} Rezepte sind bei den Nachfüllungen niedrig",
 			alertEmptySingle: "🚨 1 Rezept muss jetzt erneuert werden",
 			alertEmptyMultiple: "🚨 {count} Rezepte müssen jetzt erneuert werden",
 			line: "{name}: {refills} Nachfüllung(en) für dieses Rezept übrig{expirySuffix}",
 			lineEmpty: "{name}: keine Nachfüllung mehr für dieses Rezept{expirySuffix}",
 			expiresSuffix: ", läuft ab {date}",
 			repeatDailyNote:
 				"Sie erhalten diese tägliche Erinnerung, weil 'Täglich wiederholen' in den Einstellungen aktiviert ist.",
 			tableHeaders: {
 				medication: "Medikament",
 				refillsLeft: "Rezept-Nachfüllungen übrig",
 				reminderThreshold: "Erinnerungsschwelle",
 				prescriptionExpires: "Rezeptablauf",
 			},
 		},
 		demandCalculator: {
 			subject: "MedAssist-ng: Bestandsübersicht ({from} - {until})",
 			title: "MedAssist-ng: Bedarfsrechner",
 			description: "Bestandsübersicht von {from} bis {until}",
 			summaryOutOfStock: "⚠️ {count} Medikament{e} wird im Zeitraum nicht ausreichen.",
 			summaryAllOk: "✓ Alle Medikamente reichen für diesen Zeitraum.",
 			tableHeaders: {
 				medication: "Medikament",
 				usage: "Verbrauch",
 				needed: "Blister benötigt",
 				prescriptionRefills: "Rezept-Nachfüllungen",
 				available: "Verfügbar",
 				status: "Status",
 			},
 			statusEnough: "✓ Ausreichend",
 			statusEmpty: "✗ Leer",
 			prescriptionNotApplicable: "–",
 		},
 		common: {
 			pill: "Tablette",
 			pills: "Tabletten",
 			blister: "Blister",
 			blisters: "Blister",
 			day: "Tag",
 			days: "Tage",
 			soon: "bald",
 			footer: "🤖 Gesendet von MedAssist-ng",
 		},
 	},
 };
 export function getTranslations(language: Language): TranslationKeys {
-	return translations[language] || translations.en;
+  return translations[language] || translations.en;
 }
 // Helper function to replace placeholders in strings
 export function t(template: string, params: Record<string, string | number> = {}): string {
-	let result = template;
+  let result = template;
-	for (const [key, value] of Object.entries(params)) {
+  for (const [key, value] of Object.entries(params)) {
-		result = result.replace(new RegExp(`\\{${key}\\}`, "g"), String(value));
+    result = result.replace(new RegExp(`\\{${key}\\}`, "g"), String(value));
-	}
+  }
-	return result;
+  return result;
 }
-/**
+// Get date locale for toLocaleDateString
 * Get locale for formatting based on language and timezone region.
 * Combines language (en/de) with region from timezone (DE/US/etc.)
 * Example: lang=en + TZ=Europe/Berlin → en-DE (English text, German format = 24h time)
 */
 export function getDateLocale(language: Language): string {
-	const region = getRegionFromTimezone();
+  switch (language) {
-
+    case "de":
-	if (region) {
+      return "de-DE";
-		return `${language}-${region}`;
+    case "en":
-	}
+    default:
-
+      return "en-US";
-	// Fallback: use language default
+  }
 	switch (language) {
 		case "de":
 			return "de-DE";
 		default:
 			return "en-US";
 	}
 }
 /**
 * Get the app URL from the first CORS_ORIGINS entry.
 * Falls back to empty string if not set.
 */
 export function getAppUrl(): string {
 	const origins = process.env.CORS_ORIGINS || "";
 	return origins.split(",")[0]?.trim() || "";
 }
 /**
 * Get the unified footer as HTML with MedAssist-ng as a link to the instance.
 * @param variant - 'planner' uses the Medication Planner footer text
 */
 export function getFooterHtml(language: Language): string {
 	const tr = getTranslations(language);
 	const appUrl = getAppUrl();
 	const appName = appUrl
 		? `<a href="${appUrl}" style="color: #6b7280; text-decoration: underline;">MedAssist-ng</a>`
 		: "MedAssist-ng";
 	return tr.common.footer.replace("MedAssist-ng", appName);
 }
 /**
 * Get the unified footer as plain text.
 * @param variant - 'planner' uses the Medication Planner footer text
 */
 export function getFooterPlain(language: Language): string {
 	const tr = getTranslations(language);
 	const appUrl = getAppUrl();
 	if (appUrl) {
 		return `${tr.common.footer} (${appUrl})`;
 	}
 	return tr.common.footer;
 }
@@ -1,173 +1,168 @@
-import { existsSync } from "node:fs";
+import Fastify, { FastifyInstance } from "fastify";
 import { resolve } from "node:path";
 import cookie from "@fastify/cookie";
 import cors from "@fastify/cors";
 import helmet from "@fastify/helmet";
-import jwt from "@fastify/jwt";
+import cors from "@fastify/cors";
 import fastifyMultipart from "@fastify/multipart";
 import rateLimit from "@fastify/rate-limit";
 import sensible from "@fastify/sensible";
 import cookie from "@fastify/cookie";
 import jwt from "@fastify/jwt";
 import fastifyMultipart from "@fastify/multipart";
 import fastifyStatic from "@fastify/static";
-import Fastify, { type FastifyInstance } from "fastify";
+import { resolve } from "path";
-import { migrationsReady } from "./db/client.js";
+import { existsSync } from "fs";
 import { getDataDir } from "./db/db-utils.js";
 import { env } from "./plugins/env.js";
 import { migrationsReady } from "./db/client.js";
 import { healthRoutes } from "./routes/health.js";
 import { authRoutes } from "./routes/auth.js";
 import { oidcRoutes } from "./routes/oidc.js";
 import { medicationRoutes } from "./routes/medications.js";
 import { settingsRoutes } from "./routes/settings.js";
 import { plannerRoutes } from "./routes/planner.js";
 import { shareRoutes } from "./routes/share.js";
 import { doseRoutes } from "./routes/doses.js";
 import { exportRoutes } from "./routes/export.js";
 import { healthRoutes } from "./routes/health.js";
 import { medicationRoutes } from "./routes/medications.js";
 import { oidcRoutes } from "./routes/oidc.js";
 import { plannerRoutes } from "./routes/planner.js";
 import { refillRoutes } from "./routes/refills.js";
 import { reportRoutes } from "./routes/report.js";
 import { settingsRoutes } from "./routes/settings.js";
 import { shareRoutes } from "./routes/share.js";
 import { startIntakeReminderScheduler } from "./services/intake-reminder-scheduler.js";
 import { startReminderScheduler } from "./services/reminder-scheduler.js";
 import { startIntakeReminderScheduler } from "./services/intake-reminder-scheduler.js";
 // Re-export utilities from server-config for external use
 export {
-	buildAppConfig,
+  parseCorsOrigins,
-	buildBaseCookieOptions,
+  buildBaseCookieOptions,
-	buildRefreshCookieOptions,
+  buildRefreshCookieOptions,
-	ensureImagesDirectory,
+  buildAppConfig,
-	getJwtConfig,
+  ensureImagesDirectory,
-	parseCorsOrigins,
+  getJwtConfig,
 } from "./utils/server-config.js";
 import {
-	buildAppConfig,
+  parseCorsOrigins,
-	buildBaseCookieOptions,
+  buildBaseCookieOptions,
-	buildRefreshCookieOptions,
+  buildRefreshCookieOptions,
-	ensureImagesDirectory,
+  buildAppConfig,
-	getJwtConfig,
+  ensureImagesDirectory,
-	parseCorsOrigins,
+  getJwtConfig,
 } from "./utils/server-config.js";
 /** Create and configure Fastify app (without starting) */
 export async function createApp(options?: {
-	logLevel?: string;
+  logLevel?: string;
-	corsOrigins?: string[];
+  corsOrigins?: string[];
-	authEnabled?: boolean;
+  authEnabled?: boolean;
-	jwtSecret?: string;
+  jwtSecret?: string;
-	refreshSecret?: string;
+  refreshSecret?: string;
-	cookieSecret?: string;
+  cookieSecret?: string;
-	accessTtlMinutes?: number;
+  accessTtlMinutes?: number;
-	refreshTtlDays?: number;
+  refreshTtlDays?: number;
-	isProduction?: boolean;
+  isProduction?: boolean;
-	imagesDir?: string;
+  imagesDir?: string;
 }): Promise<FastifyInstance> {
-	const opts = {
+  const opts = {
-		logLevel: options?.logLevel ?? "info",
+    logLevel: options?.logLevel ?? "info",
-		corsOrigins: options?.corsOrigins ?? ["http://localhost:5173"],
+    corsOrigins: options?.corsOrigins ?? ["http://localhost:5173"],
-		authEnabled: options?.authEnabled ?? false,
+    authEnabled: options?.authEnabled ?? false,
-		jwtSecret: options?.jwtSecret,
+    jwtSecret: options?.jwtSecret,
-		refreshSecret: options?.refreshSecret,
+    refreshSecret: options?.refreshSecret,
-		cookieSecret: options?.cookieSecret ?? "dev-cookie-secret",
+    cookieSecret: options?.cookieSecret ?? "dev-cookie-secret",
-		accessTtlMinutes: options?.accessTtlMinutes ?? 15,
+    accessTtlMinutes: options?.accessTtlMinutes ?? 15,
-		refreshTtlDays: options?.refreshTtlDays ?? 7,
+    refreshTtlDays: options?.refreshTtlDays ?? 7,
-		isProduction: options?.isProduction ?? false,
+    isProduction: options?.isProduction ?? false,
-		imagesDir: options?.imagesDir ?? resolve(getDataDir(), "images"),
+    imagesDir: options?.imagesDir ?? resolve(process.cwd(), "data/images"),
-	};
+  };
-	const app = Fastify({
+  const app = Fastify({
-		logger: { level: opts.logLevel },
+    logger: { level: opts.logLevel },
-	});
+  });
-	// Build config
+  // Build config
-	const appConfig = buildAppConfig({
+  const appConfig = buildAppConfig({
-		jwtSecret: opts.jwtSecret,
+    jwtSecret: opts.jwtSecret,
-		refreshSecret: opts.refreshSecret,
+    refreshSecret: opts.refreshSecret,
-		accessTtlMinutes: opts.accessTtlMinutes,
+    accessTtlMinutes: opts.accessTtlMinutes,
-		refreshTtlDays: opts.refreshTtlDays,
+    refreshTtlDays: opts.refreshTtlDays,
-		isProduction: opts.isProduction,
+    isProduction: opts.isProduction,
-	});
+  });
-	app.decorate("config", appConfig);
+  app.decorate("config", appConfig);
-	// Register plugins
+  // Register plugins
-	await app.register(sensible);
+  await app.register(sensible);
-	await app.register(helmet);
+  await app.register(helmet);
-	await app.register(cors, { origin: opts.corsOrigins, credentials: true });
+  await app.register(cors, { origin: opts.corsOrigins, credentials: true });
-	await app.register(rateLimit, { max: 300, timeWindow: "1 minute" });
+  await app.register(rateLimit, { max: 100, timeWindow: "1 minute" });
-	await app.register(cookie, { secret: opts.cookieSecret });
+  await app.register(cookie, { secret: opts.cookieSecret });
-	// JWT plugin
+  // JWT plugin
-	const jwtConfig = getJwtConfig(opts.authEnabled, opts.jwtSecret);
+  const jwtConfig = getJwtConfig(opts.authEnabled, opts.jwtSecret);
-	await app.register(jwt, jwtConfig);
+  await app.register(jwt, jwtConfig);
-	await app.register(fastifyMultipart, { limits: { fileSize: 10 * 1024 * 1024 } });
+  await app.register(fastifyMultipart, { limits: { fileSize: 10 * 1024 * 1024 } });
  // Only register static if directory exists
  if (existsSync(opts.imagesDir)) {
    await app.register(fastifyStatic, {
      root: opts.imagesDir,
      prefix: "/images/",
      decorateReply: false,
    });
  }
-	// Only register static if directory exists
+  // Register routes
-	if (existsSync(opts.imagesDir)) {
+  await app.register(healthRoutes);
-		await app.register(fastifyStatic, {
+  await app.register(authRoutes);
-			root: opts.imagesDir,
+  await app.register(oidcRoutes);
-			prefix: "/images/",
+  await app.register(medicationRoutes);
-			decorateReply: false,
+  await app.register(settingsRoutes);
-		});
+  await app.register(plannerRoutes);
-	}
+  await app.register(shareRoutes);
  await app.register(doseRoutes);
  await app.register(exportRoutes);
  await app.register(refillRoutes);
-	// Register routes
+  return app;
 	await app.register(healthRoutes);
 	await app.register(authRoutes);
 	await app.register(oidcRoutes);
 	await app.register(medicationRoutes);
 	await app.register(settingsRoutes);
 	await app.register(plannerRoutes);
 	await app.register(shareRoutes);
 	await app.register(doseRoutes);
 	await app.register(exportRoutes);
 	await app.register(refillRoutes);
 	await app.register(reportRoutes);
 	return app;
 }
 // =============================================================================
 // Server initialization (runs on import)
 // =============================================================================
 import { log } from "./utils/logger.js";
 // Wait for database migrations before anything else
 await migrationsReady;
-log.info("[DB] Migrations complete, starting server...");
+console.log("[DB] Migrations complete, starting server...");
 // Ensure images directory exists
 const imagesDir = ensureImagesDirectory();
 const app = Fastify({
-	logger: {
+  logger: {
-		level: env.LOG_LEVEL,
+    level: env.LOG_LEVEL,
-	},
+  },
 });
 const origins = parseCorsOrigins(env.CORS_ORIGINS);
 // Auth token TTLs (hardcoded - no need for user configuration)
-const accessTtlMinutes = env.ACCESS_TOKEN_TTL_MINUTES; // Access token TTL
+const accessTtlMinutes = env.ACCESS_TOKEN_TTL_MINUTES;  // Access token TTL
-const refreshTtlDays = env.REFRESH_TOKEN_TTL_DAYS; // Refresh token TTL
+const refreshTtlDays = env.REFRESH_TOKEN_TTL_DAYS;      // Refresh token TTL
 const baseCookieOptions = buildBaseCookieOptions(accessTtlMinutes, env.NODE_ENV === "production");
 const refreshCookieOptions = buildRefreshCookieOptions(baseCookieOptions, refreshTtlDays);
 // Config decorator - only include secrets if auth is enabled
 app.decorate("config", {
-	accessSecret: env.JWT_SECRET ?? "",
+  accessSecret: env.JWT_SECRET ?? "",
-	refreshSecret: env.REFRESH_SECRET ?? "",
+  refreshSecret: env.REFRESH_SECRET ?? "",
-	accessTtl: accessTtlMinutes,
+  accessTtl: accessTtlMinutes,
-	refreshTtl: refreshTtlDays,
+  refreshTtl: refreshTtlDays,
-	cookieOptions: baseCookieOptions,
+  cookieOptions: baseCookieOptions,
-	refreshCookieOptions,
+  refreshCookieOptions,
 });
 await app.register(sensible);
 await app.register(helmet);
 await app.register(cors, { origin: origins, credentials: true });
 await app.register(rateLimit, {
-	max: Number(process.env.RATE_LIMIT_MAX) || 100,
+  max: 100,
-	timeWindow: "1 minute",
+  timeWindow: "1 minute",
 });
 await app.register(cookie, { secret: env.COOKIE_SECRET ?? "dev-cookie-secret" });
@@ -177,9 +172,9 @@ await app.register(jwt, jwtConfig);
 await app.register(fastifyMultipart, { limits: { fileSize: 10 * 1024 * 1024 } }); // 10MB limit
 await app.register(fastifyStatic, {
-	root: imagesDir,
+  root: imagesDir,
-	prefix: "/images/",
+  prefix: "/images/",
-	decorateReply: false,
+  decorateReply: false,
 });
 await app.register(healthRoutes);
@@ -192,30 +187,27 @@ await app.register(shareRoutes);
 await app.register(doseRoutes);
 await app.register(exportRoutes);
 await app.register(refillRoutes);
 await app.register(reportRoutes);
 const start = async () => {
-	try {
+  try {
-		await app.listen({ port: env.PORT, host: "0.0.0.0" });
+    await app.listen({ port: env.PORT, host: "0.0.0.0" });
-		app.log.info(`Server running on ${env.PORT}`);
+    app.log.info(`Server running on ${env.PORT}`);
-
+    
-		// Start the automatic reminder scheduler
+    // Start the automatic reminder scheduler
-		startReminderScheduler({
+    startReminderScheduler({
-			info: (msg) => app.log.info(msg),
+      info: (msg) => app.log.info(msg),
-			debug: (msg) => app.log.debug(msg),
+      error: (msg) => app.log.error(msg),
-			error: (msg) => app.log.error(msg),
+    });
-		});
+    
-
+    // Start the intake reminder scheduler (checks every minute)
-		// Start the intake reminder scheduler (checks every minute)
+    startIntakeReminderScheduler({
-		startIntakeReminderScheduler({
+      info: (msg) => app.log.info(msg),
-			info: (msg) => app.log.info(msg),
+      error: (msg) => app.log.error(msg),
-			debug: (msg) => app.log.debug(msg),
+    });
-			error: (msg) => app.log.error(msg),
+  } catch (err) {
-		});
+    app.log.error(err);
-	} catch (err) {
+    process.exit(1);
-		app.log.error(err);
+  }
 		process.exit(1);
 	}
 };
 start();
@@ -1,8 +1,8 @@
-import { count, eq, sql } from "drizzle-orm";
+import { FastifyInstance, FastifyRequest, FastifyReply } from "fastify";
-import type { FastifyInstance, FastifyReply, FastifyRequest } from "fastify";
+import { env } from "./env.js";
 import { db } from "../db/client.js";
 import { users } from "../db/schema.js";
-import { env } from "./env.js";
+import { sql, count, eq } from "drizzle-orm";
 // =============================================================================
 // Anonymous User - Used when AUTH_ENABLED=false
@@ -17,66 +17,67 @@ let anonymousUserVerified = false;
 * Uses a fixed ID (999999999) that will never collide with auto-increment IDs.
 */
 export async function getAnonymousUserId(): Promise<number> {
-	// Return cached if already verified
+  // Return cached if already verified
-	if (anonymousUserVerified) {
+  if (anonymousUserVerified) {
-		return ANONYMOUS_USER_ID;
+    return ANONYMOUS_USER_ID;
-	}
+  }
-	// Check if anonymous user exists
+  // Check if anonymous user exists
-	const [existing] = await db.select().from(users).where(eq(users.id, ANONYMOUS_USER_ID));
+  const [existing] = await db.select().from(users).where(eq(users.id, ANONYMOUS_USER_ID));
  if (existing) {
    anonymousUserVerified = true;
    return ANONYMOUS_USER_ID;
  }
-	if (existing) {
+  // Create anonymous user with fixed ID (SQLite allows explicit ID)
-		anonymousUserVerified = true;
+  await db.run(sql`
 		return ANONYMOUS_USER_ID;
 	}
 	// Create anonymous user with fixed ID (SQLite allows explicit ID)
 	await db.run(sql`
    INSERT INTO users (id, username, password_hash, auth_provider, is_active, created_at, updated_at)
    VALUES (${ANONYMOUS_USER_ID}, ${ANONYMOUS_USERNAME}, NULL, 'anonymous', 1, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP)
  `);
-	anonymousUserVerified = true;
+  anonymousUserVerified = true;
-
+  console.log(`Created anonymous user with fixed ID ${ANONYMOUS_USER_ID} for no-auth mode`);
-	return ANONYMOUS_USER_ID;
+  
  return ANONYMOUS_USER_ID;
 }
 // =============================================================================
 // Auth State - Computed at runtime
 // =============================================================================
 export interface AuthState {
-	authEnabled: boolean;
+  authEnabled: boolean;
-	registrationEnabled: boolean;
+  registrationEnabled: boolean;
-	localAuthEnabled: boolean;
+  localAuthEnabled: boolean;
-	oidcEnabled: boolean;
+  oidcEnabled: boolean;
-	oidcProviderName: string;
+  oidcProviderName: string;
-	hasUsers: boolean;
+  hasUsers: boolean;
-	needsSetup: boolean;
+  needsSetup: boolean;
 }
 export async function getAuthState(): Promise<AuthState> {
-	// Count only real users (not the anonymous user with fixed ID)
+  // Count only real users (not the anonymous user with fixed ID)
-	const [result] = await db.select({ count: count() }).from(users).where(sql`${users.id} != ${ANONYMOUS_USER_ID}`);
+  const [result] = await db.select({ count: count() }).from(users).where(sql`${users.id} != ${ANONYMOUS_USER_ID}`);
-	const hasUsers = result.count > 0;
+  const hasUsers = result.count > 0;
-
+  
-	return {
+  return {
-		authEnabled: env.AUTH_ENABLED,
+    authEnabled: env.AUTH_ENABLED,
-		// Registration: enabled via ENV OR no users exist (first-time setup)
+    // Registration: enabled via ENV OR no users exist (first-time setup)
-		registrationEnabled: env.REGISTRATION_ENABLED || !hasUsers,
+    registrationEnabled: env.REGISTRATION_ENABLED || !hasUsers,
-		localAuthEnabled: env.AUTH_ENABLED, // Password auth available when auth is enabled
+    localAuthEnabled: env.AUTH_ENABLED,  // Password auth available when auth is enabled
-		oidcEnabled: env.OIDC_ENABLED,
+    oidcEnabled: env.OIDC_ENABLED,
-		oidcProviderName: env.OIDC_PROVIDER_NAME,
+    oidcProviderName: env.OIDC_PROVIDER_NAME,
-		hasUsers,
+    hasUsers,
-		needsSetup: env.AUTH_ENABLED && !hasUsers,
+    needsSetup: env.AUTH_ENABLED && !hasUsers,
-	};
+  };
 }
 // =============================================================================
 // Request User Type (no roles - all users are equal)
 // =============================================================================
 export interface RequestUser {
-	id: number;
+  id: number;
-	username: string;
+  username: string;
 }
 // =============================================================================
@@ -86,81 +87,78 @@ export interface RequestUser {
 /**
 * Optional auth - verifies JWT if present, but doesn't require it
 */
-export async function optionalAuth(request: FastifyRequest, _reply: FastifyReply) {
+export async function optionalAuth(request: FastifyRequest, reply: FastifyReply) {
-	if (!env.AUTH_ENABLED) {
+  if (!env.AUTH_ENABLED) {
-		return;
+    return;
-	}
+  }
-	const token = request.cookies.access_token;
+  const token = request.cookies.access_token;
-	if (!token) {
+  if (!token) {
-		return;
+    return;
-	}
+  }
-	try {
+  try {
-		const decoded = await request.jwtVerify<{ sub: number; username: string }>();
+    const decoded = await request.jwtVerify<{ sub: number; username: string }>();
-		const [user] = await db.select().from(users).where(sql`${users.id} = ${decoded.sub}`);
+    const [user] = await db.select().from(users).where(sql`${users.id} = ${decoded.sub}`);
-		if (user?.isActive) {
+    if (user && user.isActive) {
-			request.user = {
+      request.user = {
-				id: user.id,
+        id: user.id,
-				username: user.username,
+        username: user.username,
-			};
+      };
-		}
+    }
-	} catch {
+  } catch {
-		// Invalid token, continue as anonymous
+    // Invalid token, continue as anonymous
-	}
+  }
 }
 /**
 * Required auth - requires valid JWT when auth is enabled
 */
 export async function requireAuth(request: FastifyRequest, reply: FastifyReply) {
-	if (!env.AUTH_ENABLED) {
+  if (!env.AUTH_ENABLED) {
-		return;
+    return;
-	}
+  }
-	const token = request.cookies.access_token;
+  const token = request.cookies.access_token;
-	if (!token) {
+  if (!token) {
-		reply.status(401).send({ error: "Authentication required", code: "AUTH_REQUIRED" });
+    reply.status(401).send({ error: "Authentication required", code: "AUTH_REQUIRED" });
-		throw new Error("AUTH_REQUIRED");
+    throw new Error("AUTH_REQUIRED");
-	}
+  }
-	try {
+  try {
-		const decoded = await request.jwtVerify<{ sub: number; username: string }>();
+    const decoded = await request.jwtVerify<{ sub: number; username: string }>();
-		const [user] = await db.select().from(users).where(sql`${users.id} = ${decoded.sub}`);
+    const [user] = await db.select().from(users).where(sql`${users.id} = ${decoded.sub}`);
    if (!user) {
      reply.status(401).send({ error: "User not found", code: "USER_NOT_FOUND" });
      throw new Error("USER_NOT_FOUND");
    }
    if (!user.isActive) {
      reply.status(401).send({ error: "Account disabled", code: "ACCOUNT_DISABLED" });
      throw new Error("ACCOUNT_DISABLED");
    }
-		if (!user) {
+    request.user = {
-			reply.status(401).send({ error: "User not found", code: "USER_NOT_FOUND" });
+      id: user.id,
-			throw new Error("USER_NOT_FOUND");
+      username: user.username,
-		}
+    };
-
+  } catch (err: any) {
-		if (!user.isActive) {
+    // Re-throw our own errors
-			reply.status(401).send({ error: "Account disabled", code: "ACCOUNT_DISABLED" });
+    if (err?.message === "AUTH_REQUIRED" || err?.message === "USER_NOT_FOUND" || err?.message === "ACCOUNT_DISABLED") {
-			throw new Error("ACCOUNT_DISABLED");
+      throw err;
-		}
+    }
-
+    // JWT verification failed
-		request.user = {
+    reply.status(401).send({ error: "Invalid or expired token", code: "INVALID_TOKEN" });
-			id: user.id,
+    throw new Error("INVALID_TOKEN");
-			username: user.username,
+  }
 		};
 	} catch (err: unknown) {
 		// Re-throw our own errors
 		if (
 			err instanceof Error &&
 			(err.message === "AUTH_REQUIRED" || err.message === "USER_NOT_FOUND" || err.message === "ACCOUNT_DISABLED")
 		) {
 			throw err;
 		}
 		// JWT verification failed
 		reply.status(401).send({ error: "Invalid or expired token", code: "INVALID_TOKEN" });
 		throw new Error("INVALID_TOKEN");
 	}
 }
 /**
 * Auth state endpoint plugin
 */
 export async function authPlugin(app: FastifyInstance) {
-	app.get("/auth/state", async () => {
+  app.get("/auth/state", async () => {
-		return getAuthState();
+    return getAuthState();
-	});
+  });
 }
@@ -1,68 +1,45 @@
 import { existsSync } from "node:fs";
 import dotenv from "dotenv";
 import { z } from "zod";
 import dotenv from "dotenv";
-// Load .env: try cwd first, then parent dir (for local dev running from backend/)
+dotenv.config({ path: process.env.DOTENV_PATH || ".env" });
 const envPath = process.env.DOTENV_PATH || (existsSync(".env") ? ".env" : "../.env");
 dotenv.config({ path: envPath });
 const EnvSchema = z.object({
-	NODE_ENV: z.enum(["development", "production", "test"]).default("production"),
+  NODE_ENV: z.enum(["development", "production", "test"]).default("production"),
-	PORT: z
+  PORT: z.string().transform((v) => parseInt(v, 10)).default("3000"),
-		.string()
+  CORS_ORIGINS: z.string().default("http://localhost:5173,http://localhost:4173"),
-		.transform((v) => parseInt(v, 10))
+  LOG_LEVEL: z.string().default("info"),
-		.default("3000"),
+  
-	CORS_ORIGINS: z.string().default("http://localhost:5173,http://localhost:4173"),
+  // ==========================================================================
-	LOG_LEVEL: z.string().default("info"),
+  // Auth Configuration
  // ==========================================================================
  // Master switch: Enable/disable authentication (default: disabled for easy setup)
  AUTH_ENABLED: z.string().transform((v) => v === "true").default("false"),
  // Allow new user registrations (auto-enabled if no users exist)
  REGISTRATION_ENABLED: z.string().transform((v) => v === "true").default("false"),
  // Disable local auth when using SSO only
-	// ==========================================================================
+  
-	// Auth Configuration
+  // JWT Secrets - only required when AUTH_ENABLED=true
-	// ==========================================================================
+  JWT_SECRET: z.string().min(10).optional(),
-	// Master switch: Enable/disable authentication (default: disabled for easy setup)
+  REFRESH_SECRET: z.string().min(10).optional(),
-	AUTH_ENABLED: z
+  COOKIE_SECRET: z.string().min(10).optional(),
-		.string()
+  
-		.transform((v) => v === "true")
+  // Token TTL settings
-		.default("false"),
+  ACCESS_TOKEN_TTL_MINUTES: z.string().transform((v) => parseInt(v, 10)).default("15"),
-	// Allow new user registrations (auto-enabled if no users exist)
+  REFRESH_TOKEN_TTL_DAYS: z.string().transform((v) => parseInt(v, 10)).default("7"),
 	REGISTRATION_ENABLED: z
 		.string()
 		.transform((v) => v === "true")
 		.default("false"),
 	// Disable local auth when using SSO only
-	// JWT Secrets - only required when AUTH_ENABLED=true
+  // ==========================================================================
-	JWT_SECRET: z.string().min(10).optional(),
+  // OIDC SSO Configuration (Pocket ID, Authelia, etc.)
-	REFRESH_SECRET: z.string().min(10).optional(),
+  // ==========================================================================
-	COOKIE_SECRET: z.string().min(10).optional(),
+  OIDC_ENABLED: z.string().transform((v) => v === "true").default("false"),
-
+  OIDC_ISSUER_URL: z.string().url().optional(),  // e.g., https://auth.example.com
-	// Token TTL settings
+  OIDC_CLIENT_ID: z.string().optional(),
-	ACCESS_TOKEN_TTL_MINUTES: z
+  OIDC_CLIENT_SECRET: z.string().optional(),
-		.string()
+  OIDC_REDIRECT_URI: z.string().url().optional(),  // e.g., https://medassist.example.com/api/auth/oidc/callback
-		.transform((v) => parseInt(v, 10))
+  OIDC_SCOPES: z.string().default("openid profile email"),
-		.default("15"),
+  OIDC_AUTO_CREATE_USERS: z.string().transform((v) => v === "true").default("true"),
-	REFRESH_TOKEN_TTL_DAYS: z
+  OIDC_USERNAME_CLAIM: z.string().default("preferred_username"),  // or 'email', 'sub'
-		.string()
+  OIDC_PROVIDER_NAME: z.string().default("SSO"),  // Display name for UI button
 		.transform((v) => parseInt(v, 10))
 		.default("7"),
 	// ==========================================================================
 	// OIDC SSO Configuration (Pocket ID, Authelia, etc.)
 	// ==========================================================================
 	OIDC_ENABLED: z
 		.string()
 		.transform((v) => v === "true")
 		.default("false"),
 	OIDC_ISSUER_URL: z.string().url().optional(), // e.g., https://auth.example.com
 	OIDC_CLIENT_ID: z.string().optional(),
 	OIDC_CLIENT_SECRET: z.string().optional(),
 	OIDC_REDIRECT_URI: z.string().url().optional(), // e.g., https://medassist.example.com/api/auth/oidc/callback
 	OIDC_SCOPES: z.string().default("openid profile email"),
 	OIDC_AUTO_CREATE_USERS: z
 		.string()
 		.transform((v) => v === "true")
 		.default("true"),
 	OIDC_USERNAME_CLAIM: z.string().default("preferred_username"), // or 'email', 'sub'
 	OIDC_PROVIDER_NAME: z.string().default("SSO"), // Display name for UI button
 });
 export type Env = z.infer<typeof EnvSchema>;
@@ -70,62 +47,62 @@ export type Env = z.infer<typeof EnvSchema>;
 // Parse and validate
 let parsed: z.infer<typeof EnvSchema>;
 try {
-	parsed = EnvSchema.parse(process.env);
+  parsed = EnvSchema.parse(process.env);
 } catch (err) {
-	console.error("=".repeat(60));
+  console.error("=".repeat(60));
-	console.error("ENVIRONMENT CONFIGURATION ERROR");
+  console.error("ENVIRONMENT CONFIGURATION ERROR");
-	console.error("=".repeat(60));
+  console.error("=".repeat(60));
-	console.error(err);
+  console.error(err);
-	console.error("\nPlease check your .env file or environment variables.");
+  console.error("\nPlease check your .env file or environment variables.");
-	console.error("=".repeat(60));
+  console.error("=".repeat(60));
-	process.exit(1);
+  process.exit(1);
 }
 // Validate that secrets are provided when auth is enabled
 if (parsed.AUTH_ENABLED) {
-	const missing: string[] = [];
+  const missing: string[] = [];
-	if (!parsed.JWT_SECRET) missing.push("JWT_SECRET");
+  if (!parsed.JWT_SECRET) missing.push("JWT_SECRET");
-	if (!parsed.REFRESH_SECRET) missing.push("REFRESH_SECRET");
+  if (!parsed.REFRESH_SECRET) missing.push("REFRESH_SECRET");
-	if (!parsed.COOKIE_SECRET) missing.push("COOKIE_SECRET");
+  if (!parsed.COOKIE_SECRET) missing.push("COOKIE_SECRET");
-
+  
-	if (missing.length > 0) {
+  if (missing.length > 0) {
-		console.error("=".repeat(60));
+    console.error("=".repeat(60));
-		console.error("AUTHENTICATION CONFIGURATION ERROR");
+    console.error("AUTHENTICATION CONFIGURATION ERROR");
-		console.error("=".repeat(60));
+    console.error("=".repeat(60));
-		console.error(`AUTH_ENABLED=true but missing required secrets: ${missing.join(", ")}`);
+    console.error(`AUTH_ENABLED=true but missing required secrets: ${missing.join(", ")}`);
-		console.error("");
+    console.error("");
-		console.error("To fix this, either:");
+    console.error("To fix this, either:");
-		console.error("  1. Set these environment variables with secure random values:");
+    console.error("  1. Set these environment variables with secure random values:");
-		console.error("     Generate with: openssl rand -hex 32");
+    console.error("     Generate with: openssl rand -hex 32");
-		console.error("");
+    console.error("");
-		console.error("  2. Or disable authentication by removing AUTH_ENABLED=true");
+    console.error("  2. Or disable authentication by removing AUTH_ENABLED=true");
-		console.error("=".repeat(60));
+    console.error("=".repeat(60));
-		process.exit(1);
+    process.exit(1);
-	}
+  }
 }
 // Validate OIDC configuration when enabled
 if (parsed.OIDC_ENABLED) {
-	const missing: string[] = [];
+  const missing: string[] = [];
-	if (!parsed.OIDC_ISSUER_URL) missing.push("OIDC_ISSUER_URL");
+  if (!parsed.OIDC_ISSUER_URL) missing.push("OIDC_ISSUER_URL");
-	if (!parsed.OIDC_CLIENT_ID) missing.push("OIDC_CLIENT_ID");
+  if (!parsed.OIDC_CLIENT_ID) missing.push("OIDC_CLIENT_ID");
-	if (!parsed.OIDC_CLIENT_SECRET) missing.push("OIDC_CLIENT_SECRET");
+  if (!parsed.OIDC_CLIENT_SECRET) missing.push("OIDC_CLIENT_SECRET");
-	if (!parsed.OIDC_REDIRECT_URI) missing.push("OIDC_REDIRECT_URI");
+  if (!parsed.OIDC_REDIRECT_URI) missing.push("OIDC_REDIRECT_URI");
-
+  
-	if (missing.length > 0) {
+  if (missing.length > 0) {
-		console.error("=".repeat(60));
+    console.error("=".repeat(60));
-		console.error("OIDC CONFIGURATION ERROR");
+    console.error("OIDC CONFIGURATION ERROR");
-		console.error("=".repeat(60));
+    console.error("=".repeat(60));
-		console.error(`OIDC_ENABLED=true but missing required settings: ${missing.join(", ")}`);
+    console.error(`OIDC_ENABLED=true but missing required settings: ${missing.join(", ")}`);
-		console.error("");
+    console.error("");
-		console.error("Required OIDC settings:");
+    console.error("Required OIDC settings:");
-		console.error("  OIDC_ISSUER_URL=https://your-oidc-provider.com");
+    console.error("  OIDC_ISSUER_URL=https://your-oidc-provider.com");
-		console.error("  OIDC_CLIENT_ID=your-client-id");
+    console.error("  OIDC_CLIENT_ID=your-client-id");
-		console.error("  OIDC_CLIENT_SECRET=your-client-secret");
+    console.error("  OIDC_CLIENT_SECRET=your-client-secret");
-		console.error("  OIDC_REDIRECT_URI=https://your-app.com/api/auth/oidc/callback");
+    console.error("  OIDC_REDIRECT_URI=https://your-app.com/api/auth/oidc/callback");
-		console.error("=".repeat(60));
+    console.error("=".repeat(60));
-		process.exit(1);
+    process.exit(1);
-	}
+  }
 }
 export const env = parsed;
@@ -1,9 +1,9 @@
-import { and, eq } from "drizzle-orm";
+import { FastifyInstance } from "fastify";
 import type { FastifyInstance, FastifyReply, FastifyRequest } from "fastify";
 import { z } from "zod";
 import { db } from "../db/client.js";
 import { doseTracking, shareTokens } from "../db/schema.js";
-import { getAnonymousUserId, requireAuth } from "../plugins/auth.js";
+import { eq, and, inArray } from "drizzle-orm";
 import { requireAuth, getAnonymousUserId } from "../plugins/auth.js";
 import { env } from "../plugins/env.js";
 import type { AuthUser } from "../types/fastify.js";
@@ -11,300 +11,324 @@ import type { AuthUser } from "../types/fastify.js";
 // Validation Schemas
 // =============================================================================
 const markDoseSchema = z.object({
-	doseId: z.string().min(1, "doseId is required"),
+  doseId: z.string().min(1, "doseId is required"),
 });
 const shareDoseSchema = z.object({
-	doseId: z.string().min(1, "doseId is required"),
+  doseId: z.string().min(1, "doseId is required"),
 });
 const dismissDosesSchema = z.object({
-	doseIds: z.array(z.string().min(1)).min(1, "At least one doseId is required"),
+  doseIds: z.array(z.string().min(1)).min(1, "At least one doseId is required"),
 });
 // Helper to get user ID from request
 // Returns anonymous user ID when auth is disabled
-async function getUserId(request: FastifyRequest, reply: FastifyReply): Promise<number> {
+async function getUserId(request: any, reply: any): Promise<number> {
-	// If auth is disabled, use the anonymous user
+  // If auth is disabled, use the anonymous user
-	if (!env.AUTH_ENABLED) {
+  if (!env.AUTH_ENABLED) {
-		return getAnonymousUserId();
+    return getAnonymousUserId();
-	}
+  }
-
+  
-	const authUser = request.user as unknown as AuthUser | null;
+  const authUser = request.user as unknown as AuthUser | null;
-	if (!authUser) {
+  if (!authUser) {
-		reply.status(401).send({ error: "Not authenticated" });
+    reply.status(401).send({ error: "Not authenticated" });
-		throw new Error("AUTH_REQUIRED");
+    throw new Error("AUTH_REQUIRED");
-	}
+  }
-	return authUser.id;
+  return authUser.id;
 }
 // =============================================================================
 // Dose Tracking Routes
 // =============================================================================
 export async function doseRoutes(app: FastifyInstance) {
-	// ---------------------------------------------------------------------------
+  // ---------------------------------------------------------------------------
-	// GET /doses/taken - PROTECTED: Get all taken doses for the user
+  // GET /doses/taken - PROTECTED: Get all taken doses for the user
-	// ---------------------------------------------------------------------------
+  // ---------------------------------------------------------------------------
-	app.get("/doses/taken", { preHandler: requireAuth }, async (request, reply) => {
+  app.get(
-		const userId = await getUserId(request, reply);
+    "/doses/taken",
    { preHandler: requireAuth },
    async (request, reply) => {
      const userId = await getUserId(request, reply);
-		// Get all taken doses for this user (no time limit)
+      // Get all taken doses for this user (no time limit)
-		const doses = await db.select().from(doseTracking).where(eq(doseTracking.userId, userId));
+      const doses = await db.select()
        .from(doseTracking)
        .where(eq(doseTracking.userId, userId));
-		return {
+      return {
-			doses: doses.map((d) => ({
+        doses: doses.map((d) => ({
-				doseId: d.doseId,
+          doseId: d.doseId,
-				takenAt: d.takenAt?.getTime() ?? Date.now(),
+          takenAt: d.takenAt?.getTime() ?? Date.now(),
-				markedBy: d.markedBy,
+          markedBy: d.markedBy,
-				takenSource: d.takenSource ?? "manual",
+          dismissed: d.dismissed ?? false,
-				dismissed: d.dismissed ?? false,
+        })),
-			})),
+      };
-		};
+    }
-	});
+  );
-	// ---------------------------------------------------------------------------
+  // ---------------------------------------------------------------------------
-	// POST /doses/taken - PROTECTED: Mark a dose as taken
+  // POST /doses/taken - PROTECTED: Mark a dose as taken
-	// ---------------------------------------------------------------------------
+  // ---------------------------------------------------------------------------
-	app.post<{ Body: z.infer<typeof markDoseSchema> }>(
+  app.post<{ Body: z.infer<typeof markDoseSchema> }>(
-		"/doses/taken",
+    "/doses/taken",
-		{ preHandler: requireAuth },
+    { preHandler: requireAuth },
-		async (request, reply) => {
+    async (request, reply) => {
-			const userId = await getUserId(request, reply);
+      const userId = await getUserId(request, reply);
-			const parsed = markDoseSchema.safeParse(request.body);
+      const parsed = markDoseSchema.safeParse(request.body);
-			if (!parsed.success) {
+      if (!parsed.success) {
-				return reply.status(400).send({
+        return reply.status(400).send({
-					error: parsed.error.errors[0]?.message ?? "Invalid input",
+          error: parsed.error.errors[0]?.message ?? "Invalid input",
-				});
+        });
-			}
+      }
-			const { doseId } = parsed.data;
+      const { doseId } = parsed.data;
-			// Check if already marked
+      // Check if already marked
-			const [existing] = await db
+      const [existing] = await db.select()
-				.select()
+        .from(doseTracking)
-				.from(doseTracking)
+        .where(
-				.where(and(eq(doseTracking.userId, userId), eq(doseTracking.doseId, doseId)));
+          and(
            eq(doseTracking.userId, userId),
            eq(doseTracking.doseId, doseId)
          )
        );
-			if (existing) {
+      if (existing) {
-				return { success: true, message: "Already marked" };
+        return { success: true, message: "Already marked" };
-			}
+      }
-			// Insert new record
+      // Insert new record
-			await db.insert(doseTracking).values({
+      await db.insert(doseTracking).values({
-				userId,
+        userId,
-				doseId,
+        doseId,
-				markedBy: null, // Marked by the user themselves
+        markedBy: null, // Marked by the user themselves
-				takenSource: "manual",
+      });
 			});
-			return { success: true };
+      return { success: true };
-		}
+    }
-	);
+  );
-	// ---------------------------------------------------------------------------
+  // ---------------------------------------------------------------------------
-	// DELETE /doses/taken/:doseId - PROTECTED: Unmark a dose
+  // DELETE /doses/taken/:doseId - PROTECTED: Unmark a dose
-	// ---------------------------------------------------------------------------
+  // ---------------------------------------------------------------------------
-	app.delete<{ Params: { doseId: string } }>(
+  app.delete<{ Params: { doseId: string } }>(
-		"/doses/taken/:doseId",
+    "/doses/taken/:doseId",
-		{ preHandler: requireAuth },
+    { preHandler: requireAuth },
-		async (request, reply) => {
+    async (request, reply) => {
-			const userId = await getUserId(request, reply);
+      const userId = await getUserId(request, reply);
-			const { doseId } = request.params;
+      const { doseId } = request.params;
-			// Check if this dose was dismissed
+      await db.delete(doseTracking).where(
-			const [existing] = await db
+        and(
-				.select()
+          eq(doseTracking.userId, userId),
-				.from(doseTracking)
+          eq(doseTracking.doseId, doseId)
-				.where(and(eq(doseTracking.userId, userId), eq(doseTracking.doseId, doseId)));
+        )
      );
-			if (existing?.dismissed) {
+      return { success: true };
-				// Already dismissed - keep the record as-is
+    }
-				// The dose stays dismissed, we just acknowledge the undo request
+  );
 			} else {
 				// Not dismissed - delete the record entirely
 				await db.delete(doseTracking).where(and(eq(doseTracking.userId, userId), eq(doseTracking.doseId, doseId)));
 			}
-			return { success: true };
+  // ---------------------------------------------------------------------------
-		}
+  // POST /doses/dismiss - PROTECTED: Dismiss missed doses without deducting stock
-	);
+  // ---------------------------------------------------------------------------
  app.post<{ Body: z.infer<typeof dismissDosesSchema> }>(
    "/doses/dismiss",
    { preHandler: requireAuth },
    async (request, reply) => {
      const userId = await getUserId(request, reply);
-	// ---------------------------------------------------------------------------
+      const parsed = dismissDosesSchema.safeParse(request.body);
-	// POST /doses/dismiss - PROTECTED: Dismiss missed doses without deducting stock
+      if (!parsed.success) {
-	// ---------------------------------------------------------------------------
+        return reply.status(400).send({
-	app.post<{ Body: z.infer<typeof dismissDosesSchema> }>(
+          error: parsed.error.errors[0]?.message ?? "Invalid input",
-		"/doses/dismiss",
+        });
-		{ preHandler: requireAuth },
+      }
 		async (request, reply) => {
 			const userId = await getUserId(request, reply);
-			const parsed = dismissDosesSchema.safeParse(request.body);
+      const { doseIds } = parsed.data;
 			if (!parsed.success) {
 				return reply.status(400).send({
 					error: parsed.error.errors[0]?.message ?? "Invalid input",
 				});
 			}
-			const { doseIds } = parsed.data;
+      // Insert dismissed records for each dose that doesn't exist yet
      let dismissedCount = 0;
      for (const doseId of doseIds) {
        // Check if already exists (taken or dismissed)
        const [existing] = await db.select()
          .from(doseTracking)
          .where(
            and(
              eq(doseTracking.userId, userId),
              eq(doseTracking.doseId, doseId)
            )
          );
-			// Insert dismissed records for each dose that doesn't exist yet
+        if (existing) {
-			let dismissedCount = 0;
+          // Already exists - update to dismissed if not already
-			for (const doseId of doseIds) {
+          if (!existing.dismissed) {
-				// Check if already exists (taken or dismissed)
+            await db.update(doseTracking)
-				const [existing] = await db
+              .set({ dismissed: true })
-					.select()
+              .where(
-					.from(doseTracking)
+                and(
-					.where(and(eq(doseTracking.userId, userId), eq(doseTracking.doseId, doseId)));
+                  eq(doseTracking.userId, userId),
                  eq(doseTracking.doseId, doseId)
                )
              );
            dismissedCount++;
          }
        } else {
          // Create new dismissed record
          await db.insert(doseTracking).values({
            userId,
            doseId,
            markedBy: null,
            dismissed: true,
          });
          dismissedCount++;
        }
      }
-				if (existing) {
+      return { success: true, dismissedCount };
-					// Already exists - update to dismissed if not already
+    }
-					if (!existing.dismissed) {
+  );
 						await db
 							.update(doseTracking)
 							.set({ dismissed: true })
 							.where(and(eq(doseTracking.userId, userId), eq(doseTracking.doseId, doseId)));
 						dismissedCount++;
 					}
 				} else {
 					// Create new dismissed record
 					await db.insert(doseTracking).values({
 						userId,
 						doseId,
 						markedBy: null,
 						dismissed: true,
 					});
 					dismissedCount++;
 				}
 			}
-			return { success: true, dismissedCount };
+  // ---------------------------------------------------------------------------
-		}
+  // DELETE /doses/dismiss - PROTECTED: Clear all dismissed doses (un-dismiss)
-	);
+  // ---------------------------------------------------------------------------
  app.delete(
    "/doses/dismiss",
    { preHandler: requireAuth },
    async (request, reply) => {
      const userId = await getUserId(request, reply);
-	// ---------------------------------------------------------------------------
+      // Delete all dismissed-only records (not taken ones)
-	// DELETE /doses/dismiss - PROTECTED: Clear all dismissed doses (un-dismiss)
+      // For taken+dismissed, just remove the dismissed flag
-	// ---------------------------------------------------------------------------
+      const dismissed = await db.select()
-	app.delete("/doses/dismiss", { preHandler: requireAuth }, async (request, reply) => {
+        .from(doseTracking)
-		const userId = await getUserId(request, reply);
+        .where(
          and(
            eq(doseTracking.userId, userId),
            eq(doseTracking.dismissed, true)
          )
        );
-		// Delete all dismissed-only records (not taken ones)
+      for (const d of dismissed) {
-		// For taken+dismissed, just remove the dismissed flag
+        if (d.markedBy !== null || d.takenAt) {
-		const dismissed = await db
+          // This was also marked as taken - just remove dismissed flag
-			.select()
+          await db.update(doseTracking)
-			.from(doseTracking)
+            .set({ dismissed: false })
-			.where(and(eq(doseTracking.userId, userId), eq(doseTracking.dismissed, true)));
+            .where(eq(doseTracking.id, d.id));
        } else {
          // This was only dismissed - delete it
          await db.delete(doseTracking)
            .where(eq(doseTracking.id, d.id));
        }
      }
-		for (const d of dismissed) {
+      return { success: true, clearedCount: dismissed.length };
-			if (d.markedBy !== null || d.takenAt) {
+    }
-				// This was also marked as taken - just remove dismissed flag
+  );
 				await db.update(doseTracking).set({ dismissed: false }).where(eq(doseTracking.id, d.id));
 			} else {
 				// This was only dismissed - delete it
 				await db.delete(doseTracking).where(eq(doseTracking.id, d.id));
 			}
 		}
-		return { success: true, clearedCount: dismissed.length };
+  // ---------------------------------------------------------------------------
-	});
+  // GET /share/:token/doses - PUBLIC: Get taken doses for a share link
  // ---------------------------------------------------------------------------
  app.get<{ Params: { token: string } }>(
    "/share/:token/doses",
    async (request, reply) => {
      const { token } = request.params;
-	// ---------------------------------------------------------------------------
+      // Find share token
-	// GET /share/:token/doses - PUBLIC: Get taken doses for a share link
+      const [share] = await db.select().from(shareTokens).where(eq(shareTokens.token, token));
-	// ---------------------------------------------------------------------------
+      if (!share) {
-	app.get<{ Params: { token: string } }>("/share/:token/doses", async (request, reply) => {
+        return reply.notFound("Share link not found");
-		const { token } = request.params;
+      }
-		// Find share token
+      // Get all taken doses for this user (no time limit)
-		const [share] = await db.select().from(shareTokens).where(eq(shareTokens.token, token));
+      const doses = await db.select()
-		if (!share) {
+        .from(doseTracking)
-			return reply.notFound("Share link not found");
+        .where(eq(doseTracking.userId, share.userId));
 		}
-		// Get all taken doses for this user (no time limit)
+      return {
-		const doses = await db.select().from(doseTracking).where(eq(doseTracking.userId, share.userId));
+        doses: doses.map((d) => ({
          doseId: d.doseId,
          takenAt: d.takenAt?.getTime() ?? Date.now(),
          markedBy: d.markedBy,
          dismissed: d.dismissed ?? false,
        })),
      };
    }
  );
-		return {
+  // ---------------------------------------------------------------------------
-			doses: doses.map((d) => ({
+  // POST /share/:token/doses - PUBLIC: Mark a dose as taken via share link
-				doseId: d.doseId,
+  // ---------------------------------------------------------------------------
-				takenAt: d.takenAt?.getTime() ?? Date.now(),
+  app.post<{ Params: { token: string }; Body: z.infer<typeof shareDoseSchema> }>(
-				markedBy: d.markedBy,
+    "/share/:token/doses",
-				takenSource: d.takenSource ?? "manual",
+    async (request, reply) => {
-				dismissed: d.dismissed ?? false,
+      const { token } = request.params;
 			})),
 		};
 	});
-	// ---------------------------------------------------------------------------
+      const parsed = shareDoseSchema.safeParse(request.body);
-	// POST /share/:token/doses - PUBLIC: Mark a dose as taken via share link
+      if (!parsed.success) {
-	// ---------------------------------------------------------------------------
+        return reply.status(400).send({
-	app.post<{ Params: { token: string }; Body: z.infer<typeof shareDoseSchema> }>(
+          error: parsed.error.errors[0]?.message ?? "Invalid input",
-		"/share/:token/doses",
+        });
-		async (request, reply) => {
+      }
 			const { token } = request.params;
-			const parsed = shareDoseSchema.safeParse(request.body);
+      const { doseId } = parsed.data;
 			if (!parsed.success) {
 				return reply.status(400).send({
 					error: parsed.error.errors[0]?.message ?? "Invalid input",
 				});
 			}
-			const { doseId } = parsed.data;
+      // Find share token
      const [share] = await db.select().from(shareTokens).where(eq(shareTokens.token, token));
      if (!share) {
        return reply.notFound("Share link not found");
      }
-			// Find share token
+      // Check if already marked
-			const [share] = await db.select().from(shareTokens).where(eq(shareTokens.token, token));
+      const [existing] = await db.select()
-			if (!share) {
+        .from(doseTracking)
-				return reply.notFound("Share link not found");
+        .where(
-			}
+          and(
            eq(doseTracking.userId, share.userId),
            eq(doseTracking.doseId, doseId)
          )
        );
-			// Check if already marked
+      if (existing) {
-			const [existing] = await db
+        return { success: true, message: "Already marked" };
-				.select()
+      }
 				.from(doseTracking)
 				.where(and(eq(doseTracking.userId, share.userId), eq(doseTracking.doseId, doseId)));
-			if (existing) {
+      // Insert new record - marked by the takenBy person
-				return { success: true, message: "Already marked" };
+      await db.insert(doseTracking).values({
-			}
+        userId: share.userId,
        doseId,
        markedBy: share.takenBy, // e.g. "Daniel"
      });
-			// Insert new record - marked by the takenBy person
+      return { success: true };
-			await db.insert(doseTracking).values({
+    }
-				userId: share.userId,
+  );
 				doseId,
 				markedBy: share.takenBy, // e.g. "Daniel"
 				takenSource: "manual",
 			});
-			return { success: true };
+  // ---------------------------------------------------------------------------
-		}
+  // DELETE /share/:token/doses/:doseId - PUBLIC: Unmark a dose via share link
-	);
+  // ---------------------------------------------------------------------------
  app.delete<{ Params: { token: string; doseId: string } }>(
    "/share/:token/doses/:doseId",
    async (request, reply) => {
      const { token, doseId } = request.params;
-	// ---------------------------------------------------------------------------
+      // Find share token
-	// DELETE /share/:token/doses/:doseId - PUBLIC: Unmark a dose via share link
+      const [share] = await db.select().from(shareTokens).where(eq(shareTokens.token, token));
-	// ---------------------------------------------------------------------------
+      if (!share) {
-	app.delete<{ Params: { token: string; doseId: string } }>("/share/:token/doses/:doseId", async (request, reply) => {
+        return reply.notFound("Share link not found");
-		const { token, doseId } = request.params;
+      }
-		// Find share token
+      await db.delete(doseTracking).where(
-		const [share] = await db.select().from(shareTokens).where(eq(shareTokens.token, token));
+        and(
-		if (!share) {
+          eq(doseTracking.userId, share.userId),
-			return reply.notFound("Share link not found");
+          eq(doseTracking.doseId, doseId)
-		}
+        )
      );
-		// Check if this dose was dismissed
+      return { success: true };
-		const [existing] = await db
+    }
-			.select()
+  );
 			.from(doseTracking)
 			.where(and(eq(doseTracking.userId, share.userId), eq(doseTracking.doseId, doseId)));
 		if (existing?.dismissed) {
 			// Already dismissed - keep the record as-is
 		} else {
 			// Not dismissed - delete the record entirely
 			await db.delete(doseTracking).where(and(eq(doseTracking.userId, share.userId), eq(doseTracking.doseId, doseId)));
 		}
 		return { success: true };
 	});
 }
@@ -1,7 +1,7 @@
-import { readFileSync } from "node:fs";
+import { FastifyInstance } from "fastify";
-import { dirname, resolve } from "node:path";
+import { readFileSync } from "fs";
-import { fileURLToPath } from "node:url";
+import { resolve, dirname } from "path";
-import type { FastifyInstance } from "fastify";
+import { fileURLToPath } from "url";
 // Read version from package.json at startup
 const __dirname = dirname(fileURLToPath(import.meta.url));
@@ -10,11 +10,10 @@ const packageJson = JSON.parse(readFileSync(packageJsonPath, "utf-8"));
 const backendVersion = packageJson.version || "unknown";
 export async function healthRoutes(app: FastifyInstance) {
-	// Exempt from rate limit - lightweight health check
+  app.get("/health", async () => ({
-	app.get("/health", { config: { rateLimit: false } }, async () => ({
+    status: "ok",
-		status: "ok",
+    version: backendVersion,
-		version: backendVersion,
+    smtpConfigured: Boolean(process.env.SMTP_HOST),
-		smtpConfigured: Boolean(process.env.SMTP_HOST),
+    shoutrrrConfigured: Boolean(process.env.SHOUTRRR_URL),
-		shoutrrrConfigured: Boolean(process.env.SHOUTRRR_URL),
+  }));
 	}));
 }
@@ -1,9 +1,9 @@
-import { createHash, randomBytes } from "node:crypto";
+import { FastifyInstance, FastifyReply, FastifyRequest } from "fastify";
 import { eq, sql } from "drizzle-orm";
 import type { FastifyInstance, FastifyReply } from "fastify";
 import * as client from "openid-client";
 import { randomBytes, createHash } from "crypto";
 import { db } from "../db/client.js";
-import { refreshTokens, users } from "../db/schema.js";
+import { users, refreshTokens } from "../db/schema.js";
 import { eq, sql } from "drizzle-orm";
 import { env } from "../plugins/env.js";
 // =============================================================================
@@ -12,293 +12,299 @@ import { env } from "../plugins/env.js";
 let oidcConfig: client.Configuration | null = null;
 async function getOIDCConfig(): Promise<client.Configuration> {
-	if (oidcConfig) return oidcConfig;
+  if (oidcConfig) return oidcConfig;
  if (!env.OIDC_ISSUER_URL || !env.OIDC_CLIENT_ID || !env.OIDC_CLIENT_SECRET) {
    throw new Error("OIDC not configured");
  }
-	if (!env.OIDC_ISSUER_URL || !env.OIDC_CLIENT_ID || !env.OIDC_CLIENT_SECRET) {
+  oidcConfig = await client.discovery(
-		throw new Error("OIDC not configured");
+    new URL(env.OIDC_ISSUER_URL),
-	}
+    env.OIDC_CLIENT_ID,
-
+    env.OIDC_CLIENT_SECRET
-	oidcConfig = await client.discovery(new URL(env.OIDC_ISSUER_URL), env.OIDC_CLIENT_ID, env.OIDC_CLIENT_SECRET);
+  );
-
+  
-	return oidcConfig;
+  return oidcConfig;
 }
 // =============================================================================
 // PKCE Helpers
 // =============================================================================
 function generateCodeVerifier(): string {
-	return randomBytes(32).toString("base64url");
+  return randomBytes(32).toString("base64url");
 }
 function generateCodeChallenge(verifier: string): string {
-	return createHash("sha256").update(verifier).digest("base64url");
+  return createHash("sha256").update(verifier).digest("base64url");
 }
 function generateState(): string {
-	return randomBytes(16).toString("hex");
+  return randomBytes(16).toString("hex");
 }
 // =============================================================================
 // Helpers
 // =============================================================================
 function getFrontendUrl(): string {
-	return env.CORS_ORIGINS.split(",")[0] || "http://localhost:5173";
+  return env.CORS_ORIGINS.split(",")[0] || "http://localhost:5173";
 }
 // =============================================================================
 // OIDC Routes
 // =============================================================================
 export async function oidcRoutes(app: FastifyInstance) {
-	if (!env.OIDC_ENABLED) {
+  if (!env.OIDC_ENABLED) {
-		// Register a disabled route that returns an error
+    // Register a disabled route that returns an error
-		app.get("/auth/oidc/login", async (_request, reply) => {
+    app.get("/auth/oidc/login", async (request, reply) => {
-			return reply.status(400).send({ error: "OIDC authentication is not enabled" });
+      return reply.status(400).send({ error: "OIDC authentication is not enabled" });
-		});
+    });
-		app.get("/auth/oidc/callback", async (_request, reply) => {
+    app.get("/auth/oidc/callback", async (request, reply) => {
-			return reply.status(400).send({ error: "OIDC authentication is not enabled" });
+      return reply.status(400).send({ error: "OIDC authentication is not enabled" });
-		});
+    });
-		return;
+    return;
-	}
+  }
-	// ---------------------------------------------------------------------------
+  // ---------------------------------------------------------------------------
-	// GET /auth/oidc/login - Initiates OIDC flow
+  // GET /auth/oidc/login - Initiates OIDC flow
-	// ---------------------------------------------------------------------------
+  // ---------------------------------------------------------------------------
-	app.get("/auth/oidc/login", async (_request, reply) => {
+  app.get("/auth/oidc/login", async (request, reply) => {
-		try {
+    try {
-			const config = await getOIDCConfig();
+      const config = await getOIDCConfig();
      // Generate PKCE values
      const codeVerifier = generateCodeVerifier();
      const codeChallenge = generateCodeChallenge(codeVerifier);
      const state = generateState();
      // Store PKCE verifier and state in signed cookies (short-lived)
      reply.setCookie("oidc_code_verifier", codeVerifier, {
        httpOnly: true,
        secure: env.NODE_ENV === "production",
        sameSite: "lax",
        path: "/",
        maxAge: 600, // 10 minutes
        signed: true,
      });
      reply.setCookie("oidc_state", state, {
        httpOnly: true,
        secure: env.NODE_ENV === "production",
        sameSite: "lax",
        path: "/",
        maxAge: 600,
        signed: true,
      });
      // Build authorization URL
      const redirectUri = env.OIDC_REDIRECT_URI!;
      const scope = env.OIDC_SCOPES;
      const authUrl = client.buildAuthorizationUrl(config, {
        redirect_uri: redirectUri,
        scope,
        state,
        code_challenge: codeChallenge,
        code_challenge_method: "S256",
      });
      return reply.redirect(authUrl.href);
    } catch (err: any) {
      console.error("[OIDC] Login error:", err);
      return reply.redirect(`${getFrontendUrl()}/?error=oidc_init_failed`);
    }
  });
-			// Generate PKCE values
+  // ---------------------------------------------------------------------------
-			const codeVerifier = generateCodeVerifier();
+  // GET /auth/oidc/callback - Handles callback from OIDC provider
-			const codeChallenge = generateCodeChallenge(codeVerifier);
+  // ---------------------------------------------------------------------------
-			const state = generateState();
+  app.get<{ Querystring: { code?: string; state?: string; error?: string; error_description?: string } }>(
-
+    "/auth/oidc/callback",
-			// Store PKCE verifier and state in signed cookies (short-lived)
+    async (request, reply) => {
-			reply.setCookie("oidc_code_verifier", codeVerifier, {
+      const { code, state, error, error_description } = request.query;
-				httpOnly: true,
+      
-				secure: env.NODE_ENV === "production",
+      // Handle OIDC provider errors
-				sameSite: "lax",
+      if (error) {
-				path: "/",
+        console.error(`[OIDC] Provider error: ${error} - ${error_description}`);
-				maxAge: 600, // 10 minutes
+        return reply.redirect(`${getFrontendUrl()}/?error=oidc_${error}`);
-				signed: true,
+      }
-			});
+      
-
+      if (!code || !state) {
-			reply.setCookie("oidc_state", state, {
+        return reply.redirect(`${getFrontendUrl()}/?error=oidc_missing_params`);
-				httpOnly: true,
+      }
-				secure: env.NODE_ENV === "production",
+      
-				sameSite: "lax",
+      // Verify state
-				path: "/",
+      const storedState = request.unsignCookie(request.cookies.oidc_state || "");
-				maxAge: 600,
+      if (!storedState.valid || storedState.value !== state) {
-				signed: true,
+        console.error("[OIDC] State mismatch");
-			});
+        return reply.redirect(`${getFrontendUrl()}/?error=oidc_state_mismatch`);
-
+      }
-			// Build authorization URL
+      
-			const redirectUri = env.OIDC_REDIRECT_URI!;
+      // Get code verifier
-			const scope = env.OIDC_SCOPES;
+      const storedVerifier = request.unsignCookie(request.cookies.oidc_code_verifier || "");
-
+      if (!storedVerifier.valid || !storedVerifier.value) {
-			const authUrl = client.buildAuthorizationUrl(config, {
+        console.error("[OIDC] Missing code verifier");
-				redirect_uri: redirectUri,
+        return reply.redirect(`${getFrontendUrl()}/?error=oidc_missing_verifier`);
-				scope,
+      }
-				state,
+      
-				code_challenge: codeChallenge,
+      try {
-				code_challenge_method: "S256",
+        const config = await getOIDCConfig();
-			});
+        const redirectUri = env.OIDC_REDIRECT_URI!;
-
+        
-			return reply.redirect(authUrl.href);
+        // Exchange code for tokens
-		} catch (err: unknown) {
+        const tokens = await client.authorizationCodeGrant(config, new URL(request.url, `http://${request.headers.host}`), {
-			console.error("[OIDC] Login error:", err);
+          pkceCodeVerifier: storedVerifier.value,
-			return reply.redirect(`${getFrontendUrl()}/?error=oidc_init_failed`);
+          expectedState: state,
-		}
+        });
-	});
+        
-
+        // Get user info
-	// ---------------------------------------------------------------------------
+        const sub = tokens.claims()?.sub;
-	// GET /auth/oidc/callback - Handles callback from OIDC provider
+        if (!sub) {
-	// ---------------------------------------------------------------------------
+          console.error("[OIDC] Missing sub claim in token");
-	app.get<{ Querystring: { code?: string; state?: string; error?: string; error_description?: string } }>(
+          return reply.redirect(`${getFrontendUrl()}/?error=oidc_missing_sub`);
-		"/auth/oidc/callback",
+        }
-		async (request, reply) => {
+        const userInfo = await client.fetchUserInfo(config, tokens.access_token, sub);
-			const { code, state, error, error_description } = request.query;
+        
-
+        // Extract username from configured claim
-			// Handle OIDC provider errors
+        const usernameClaim = env.OIDC_USERNAME_CLAIM;
-			if (error) {
+        let username = (userInfo as any)[usernameClaim] || userInfo.preferred_username || userInfo.email || userInfo.sub;
-				console.error(`[OIDC] Provider error: ${error} - ${error_description}`);
+        const oidcSubject = userInfo.sub;
-				return reply.redirect(`${getFrontendUrl()}/?error=oidc_${error}`);
+        
-			}
+        if (!username || !oidcSubject) {
-
+          console.error("[OIDC] Missing required user info:", { username, oidcSubject });
-			if (!code || !state) {
+          return reply.redirect(`${getFrontendUrl()}/?error=oidc_missing_user_info`);
-				return reply.redirect(`${getFrontendUrl()}/?error=oidc_missing_params`);
+        }
-			}
+        
-
+        // Clean cookies
-			// Verify state
+        reply.clearCookie("oidc_code_verifier", { path: "/" });
-			const storedState = request.unsignCookie(request.cookies.oidc_state || "");
+        reply.clearCookie("oidc_state", { path: "/" });
-			if (!storedState.valid || storedState.value !== state) {
+        
-				console.error("[OIDC] State mismatch");
+        // Find or create user
-				return reply.redirect(`${getFrontendUrl()}/?error=oidc_state_mismatch`);
+        let user = await findOrCreateOIDCUser(username, oidcSubject, reply);
-			}
+        
-
+        if (!user) {
-			// Get code verifier
+          return reply.redirect(`${getFrontendUrl()}/?error=oidc_user_creation_failed`);
-			const storedVerifier = request.unsignCookie(request.cookies.oidc_code_verifier || "");
+        }
-			if (!storedVerifier.valid || !storedVerifier.value) {
+        
-				console.error("[OIDC] Missing code verifier");
+        // Update last login
-				return reply.redirect(`${getFrontendUrl()}/?error=oidc_missing_verifier`);
+        await db.update(users)
-			}
+          .set({ lastLoginAt: new Date() })
-
+          .where(eq(users.id, user.id));
-			try {
+        
-				const config = await getOIDCConfig();
+        // Issue JWT tokens (same as local auth)
-				const redirectUri = env.OIDC_REDIRECT_URI!;
+        const accessToken = await generateAccessToken(app, user.id, user.username);
-
+        const { refreshToken, tokenId, expiresAt } = await generateRefreshToken(app, user.id);
-				// Exchange code for tokens
+        
-				// Build complete callback URL with query parameters for validation
+        // Store refresh token
-				const callbackUrl = new URL(redirectUri);
+        await db.insert(refreshTokens).values({
-				callbackUrl.search = new URLSearchParams(request.query as Record<string, string>).toString();
+          userId: user.id,
-
+          tokenId,
-				const tokens = await client.authorizationCodeGrant(config, callbackUrl, {
+          expiresAt,
-					pkceCodeVerifier: storedVerifier.value,
+        });
-					expectedState: state,
+        
-				});
+        // Set cookies (use app's centralized cookie options)
-
+        console.log(`[OIDC] Setting cookies for user ${user.username}, NODE_ENV=${env.NODE_ENV}, secure=${app.config.cookieOptions.secure}`);
-				// Get user info
+        setAuthCookies(app, reply, accessToken, refreshToken);
-				const sub = tokens.claims()?.sub;
+        
-				if (!sub) {
+        // Redirect to frontend dashboard
-					console.error("[OIDC] Missing sub claim in token");
+        // In dev: CORS_ORIGINS contains the frontend URL
-					return reply.redirect(`${getFrontendUrl()}/?error=oidc_missing_sub`);
+        const frontendUrl = env.CORS_ORIGINS.split(",")[0] || "http://localhost:5173";
-				}
+        return reply.redirect(`${frontendUrl}/dashboard`);
-				const userInfo = await client.fetchUserInfo(config, tokens.access_token, sub);
+        
-
+      } catch (err: any) {
-				// Extract username from configured claim
+        console.error("[OIDC] Callback error:", err);
-				const usernameClaim = env.OIDC_USERNAME_CLAIM;
+        return reply.redirect(`${getFrontendUrl()}/?error=oidc_callback_failed`);
-				const username =
+      }
-					(userInfo as Record<string, string>)[usernameClaim] ||
+    }
-					userInfo.preferred_username ||
+  );
 					userInfo.email ||
 					userInfo.sub;
 				const oidcSubject = userInfo.sub;
 				if (!username || !oidcSubject) {
 					console.error("[OIDC] Missing required user info:", { username, oidcSubject });
 					return reply.redirect(`${getFrontendUrl()}/?error=oidc_missing_user_info`);
 				}
 				// Clean cookies
 				reply.clearCookie("oidc_code_verifier", { path: "/" });
 				reply.clearCookie("oidc_state", { path: "/" });
 				// Find or create user
 				const user = await findOrCreateOIDCUser(username, oidcSubject, reply);
 				if (!user) {
 					return reply.redirect(`${getFrontendUrl()}/?error=oidc_user_creation_failed`);
 				}
 				// Update last login
 				await db.update(users).set({ lastLoginAt: new Date() }).where(eq(users.id, user.id));
 				// Issue JWT tokens (same as local auth)
 				const accessToken = await generateAccessToken(app, user.id, user.username);
 				const { refreshToken, tokenId, expiresAt } = await generateRefreshToken(app, user.id);
 				// Store refresh token
 				await db.insert(refreshTokens).values({
 					userId: user.id,
 					tokenId,
 					expiresAt,
 				});
 				// Set cookies (use app's centralized cookie options)
 				request.log.debug(
 					`[OIDC] Setting cookies for user ${user.username}, NODE_ENV=${env.NODE_ENV}, secure=${app.config.cookieOptions.secure}`
 				);
 				setAuthCookies(app, reply, accessToken, refreshToken);
 				// Redirect to frontend dashboard
 				// In dev: CORS_ORIGINS contains the frontend URL
 				const frontendUrl = env.CORS_ORIGINS.split(",")[0] || "http://localhost:5173";
 				return reply.redirect(`${frontendUrl}/dashboard`);
 			} catch (err: unknown) {
 				console.error("[OIDC] Callback error:", err);
 				return reply.redirect(`${getFrontendUrl()}/?error=oidc_callback_failed`);
 			}
 		}
 	);
 }
 // =============================================================================
 // User Management
 // =============================================================================
 async function findOrCreateOIDCUser(
-	username: string,
+  username: string, 
-	oidcSubject: string,
+  oidcSubject: string,
-	_reply: FastifyReply
+  reply: FastifyReply
 ): Promise<{ id: number; username: string } | null> {
-	// First, try to find user by OIDC subject (most reliable)
+  
-	const [existingBySubject] = await db.select().from(users).where(eq(users.oidcSubject, oidcSubject));
+  // First, try to find user by OIDC subject (most reliable)
-
+  const [existingBySubject] = await db.select()
-	if (existingBySubject) {
+    .from(users)
-		return { id: existingBySubject.id, username: existingBySubject.username };
+    .where(eq(users.oidcSubject, oidcSubject));
-	}
+  
-
+  if (existingBySubject) {
-	// Check if username already exists (potential collision)
+    return { id: existingBySubject.id, username: existingBySubject.username };
-	const [existingByUsername] = await db.select().from(users).where(sql`lower(${users.username}) = lower(${username})`);
+  }
-
+  
-	if (existingByUsername) {
+  // Check if username already exists (potential collision)
-		// Username collision! Check if it's a local user without OIDC linked
+  const [existingByUsername] = await db.select()
-		if (existingByUsername.authProvider === "local" && !existingByUsername.oidcSubject) {
+    .from(users)
-			// Local user exists without SSO - link this OIDC account to existing user
+    .where(eq(users.username, username));
-			await db.update(users).set({ oidcSubject: oidcSubject }).where(eq(users.id, existingByUsername.id));
+  
-			// Linked OIDC to existing local user
+  if (existingByUsername) {
-			return { id: existingByUsername.id, username: existingByUsername.username };
+    // Username collision! Check if it's a local user without OIDC linked
-		} else if (existingByUsername.oidcSubject && existingByUsername.oidcSubject !== oidcSubject) {
+    if (existingByUsername.authProvider === "local" && !existingByUsername.oidcSubject) {
-			// User already has a DIFFERENT OIDC subject - create new user with suffix
+      // Local user exists without SSO - link this OIDC account to existing user
-			username = `${username}_sso`;
+      await db.update(users)
-			// Username collision (different OIDC subject), use suffixed name
+        .set({ oidcSubject: oidcSubject })
-		}
+        .where(eq(users.id, existingByUsername.id));
-	}
+      console.log(`[OIDC] Linked OIDC to existing local user: ${username}`);
-
+      return { id: existingByUsername.id, username: existingByUsername.username };
-	// Check if auto-create is enabled
+    } else if (existingByUsername.oidcSubject && existingByUsername.oidcSubject !== oidcSubject) {
-	if (!env.OIDC_AUTO_CREATE_USERS) {
+      // User already has a DIFFERENT OIDC subject - create new user with suffix
-		console.error(`[OIDC] User creation disabled and user not found: ${username}`);
+      username = `${username}_sso`;
-		return null;
+      console.log(`[OIDC] Username collision (different OIDC subject), using: ${username}`);
-	}
+    }
-
+  }
-	// Create new OIDC user
+  
-	const [newUser] = await db
+  // Check if auto-create is enabled
-		.insert(users)
+  if (!env.OIDC_AUTO_CREATE_USERS) {
-		.values({
+    console.error(`[OIDC] User creation disabled and user not found: ${username}`);
-			username,
+    return null;
-			passwordHash: null,
+  }
-			authProvider: "oidc",
+  
-			oidcSubject: oidcSubject,
+  // Create new OIDC user
-			isActive: true,
+  const [newUser] = await db.insert(users)
-		})
+    .values({
-		.returning({ id: users.id, username: users.username });
+      username,
-
+      passwordHash: null,
-	// New OIDC user created
+      authProvider: "oidc",
-	return newUser;
+      oidcSubject: oidcSubject,
      isActive: true,
    })
    .returning({ id: users.id, username: users.username });
  console.log(`[OIDC] Created new user: ${newUser.username} (ID: ${newUser.id})`);
  return newUser;
 }
 // =============================================================================
 // JWT Token Generation (reused from auth.ts logic)
 // =============================================================================
 async function generateAccessToken(app: FastifyInstance, userId: number, username: string): Promise<string> {
-	return app.jwt.sign({ sub: userId, username }, { expiresIn: `${env.ACCESS_TOKEN_TTL_MINUTES}m` });
+  return app.jwt.sign(
    { sub: userId, username },
    { expiresIn: `${env.ACCESS_TOKEN_TTL_MINUTES}m` }
  );
 }
 async function generateRefreshToken(
-	app: FastifyInstance,
+  app: FastifyInstance, 
-	userId: number
+  userId: number
 ): Promise<{ refreshToken: string; tokenId: string; expiresAt: Date }> {
-	const tokenId = randomBytes(32).toString("hex");
+  const tokenId = randomBytes(32).toString("hex");
-	const expiresAt = new Date(Date.now() + env.REFRESH_TOKEN_TTL_DAYS * 24 * 60 * 60 * 1000);
+  const expiresAt = new Date(Date.now() + env.REFRESH_TOKEN_TTL_DAYS * 24 * 60 * 60 * 1000);
-
+  
-	const refreshToken = app.jwt.sign(
+  const refreshToken = app.jwt.sign(
-		{ sub: userId, jti: tokenId, type: "refresh" },
+    { sub: userId, jti: tokenId, type: "refresh" },
-		{ expiresIn: `${env.REFRESH_TOKEN_TTL_DAYS}d` }
+    { expiresIn: `${env.REFRESH_TOKEN_TTL_DAYS}d` }
-	);
+  );
-
+  
-	return { refreshToken, tokenId, expiresAt };
+  return { refreshToken, tokenId, expiresAt };
 }
 function setAuthCookies(app: FastifyInstance, reply: FastifyReply, accessToken: string, refreshToken: string) {
-	// Use the same cookie options as regular auth for consistency
+  // Use the same cookie options as regular auth for consistency
-	reply.setCookie("access_token", accessToken, app.config.cookieOptions);
+  reply.setCookie("access_token", accessToken, app.config.cookieOptions);
-	reply.setCookie("refresh_token", refreshToken, app.config.refreshCookieOptions);
+  reply.setCookie("refresh_token", refreshToken, app.config.refreshCookieOptions);
 }
@@ -1,176 +1,124 @@
-import { and, desc, eq } from "drizzle-orm";
+import { FastifyInstance } from "fastify";
 import type { FastifyInstance, FastifyReply, FastifyRequest } from "fastify";
 import { z } from "zod";
 import { db } from "../db/client.js";
 import { medications, refillHistory } from "../db/schema.js";
-import { getAnonymousUserId, requireAuth } from "../plugins/auth.js";
+import { eq, and, desc } from "drizzle-orm";
 import { requireAuth, getAnonymousUserId } from "../plugins/auth.js";
 import { env } from "../plugins/env.js";
 import type { AuthUser } from "../types/fastify.js";
-const refillSchema = z
+const refillSchema = z.object({
-	.object({
+  packsAdded: z.number().int().min(0).default(0),
-		packsAdded: z.number().int().min(0).default(0),
+  loosePillsAdded: z.number().int().min(0).default(0),
-		loosePillsAdded: z.number().int().min(0).default(0),
+}).refine(data => data.packsAdded > 0 || data.loosePillsAdded > 0, {
-		usePrescription: z.boolean().default(false),
+  message: "Must add at least one pack or some loose pills",
-	})
+});
 	.refine((data) => data.packsAdded > 0 || data.loosePillsAdded > 0, {
 		message: "Must add at least one pack or some loose pills",
 	});
 export async function refillRoutes(app: FastifyInstance) {
-	// All refill routes require auth
+  // All refill routes require auth
-	app.addHook("preHandler", requireAuth);
+  app.addHook("preHandler", requireAuth);
-	// Helper to get user ID from request
+  // Helper to get user ID from request
-	async function getUserId(request: FastifyRequest, reply: FastifyReply): Promise<number> {
+  async function getUserId(request: any, reply: any): Promise<number> {
-		if (!env.AUTH_ENABLED) {
+    if (!env.AUTH_ENABLED) {
-			return getAnonymousUserId();
+      return getAnonymousUserId();
-		}
+    }
-		const authUser = request.user as unknown as AuthUser | null;
+    const authUser = request.user as unknown as AuthUser | null;
-		if (!authUser) {
+    if (!authUser) {
-			reply.status(401).send({ error: "User not authenticated", code: "AUTH_REQUIRED" });
+      reply.status(401).send({ error: "User not authenticated", code: "AUTH_REQUIRED" });
-			throw new Error("AUTH_REQUIRED");
+      throw new Error("AUTH_REQUIRED");
-		}
+    }
-		return authUser.id;
+    return authUser.id;
-	}
+  }
-	// POST /medications/:id/refill - Add stock to medication
+  // POST /medications/:id/refill - Add stock to medication
-	app.post<{ Params: { id: string } }>("/medications/:id/refill", async (req, reply) => {
+  app.post<{ Params: { id: string } }>("/medications/:id/refill", async (req, reply) => {
-		const parsed = refillSchema.safeParse(req.body);
+    const parsed = refillSchema.safeParse(req.body);
-		if (!parsed.success) return reply.status(400).send(parsed.error.format());
+    if (!parsed.success) return reply.status(400).send(parsed.error.format());
-		const medId = Number(req.params.id);
+    const medId = Number(req.params.id);
-		if (Number.isNaN(medId)) return reply.badRequest("Invalid medication id");
+    if (Number.isNaN(medId)) return reply.badRequest("Invalid medication id");
-		const userId = await getUserId(req, reply);
+    const userId = await getUserId(req, reply);
-		// Verify ownership
+    // Verify ownership
-		const [med] = await db
+    const [med] = await db.select().from(medications).where(
-			.select()
+      and(eq(medications.id, medId), eq(medications.userId, userId))
-			.from(medications)
+    );
-			.where(and(eq(medications.id, medId), eq(medications.userId, userId)));
+    if (!med) return reply.notFound("Medication not found");
 		if (!med) return reply.notFound("Medication not found");
-		const { packsAdded, loosePillsAdded, usePrescription } = parsed.data;
+    const { packsAdded, loosePillsAdded } = parsed.data;
 		const isBottle = (med.packageType ?? "blister") === "bottle";
 		const effectivePacksAdded = isBottle ? 0 : packsAdded;
 		const effectiveLoosePillsAdded = loosePillsAdded;
 		const remainingPrescriptionRefills = med.prescriptionRemainingRefills ?? 0;
-		if (effectivePacksAdded < 1 && effectiveLoosePillsAdded < 1) {
+    // Update medication stock
-			return reply.status(400).send({ error: "Must add at least one pack or some loose pills" });
+    const newPackCount = med.packCount + packsAdded;
-		}
+    const newLooseTablets = med.looseTablets + loosePillsAdded;
-		if (usePrescription) {
+    await db.update(medications)
-			if (!(med.prescriptionEnabled ?? false)) {
+      .set({
-				return reply.status(400).send({ error: "Prescription refill is not enabled for this medication" });
+        packCount: newPackCount,
-			}
+        looseTablets: newLooseTablets,
-			if (remainingPrescriptionRefills <= 0) {
+        updatedAt: new Date(),
-				return reply.status(409).send({ error: "No remaining prescription refills" });
+      })
-			}
+      .where(and(eq(medications.id, medId), eq(medications.userId, userId)));
 			if (!isBottle && effectivePacksAdded > remainingPrescriptionRefills) {
 				return reply.status(409).send({ error: "Packs to add exceed remaining prescription refills" });
 			}
 		}
-		// Update medication stock
+    // Create refill history entry
-		const newPackCount = med.packCount + effectivePacksAdded;
+    const [refill] = await db.insert(refillHistory)
-		const newLooseTablets = med.looseTablets + effectiveLoosePillsAdded;
+      .values({
        medicationId: medId,
        userId,
        packsAdded,
        loosePillsAdded,
      })
      .returning();
-		let consumedRefills = 0;
+    // Calculate pills added for response
-		if (usePrescription) {
+    const pillsPerPack = med.blistersPerPack * med.pillsPerBlister;
-			consumedRefills = isBottle ? 1 : effectivePacksAdded;
+    const totalPillsAdded = (packsAdded * pillsPerPack) + loosePillsAdded;
 		}
 		const newRemainingRefills = usePrescription
 			? Math.max(0, remainingPrescriptionRefills - consumedRefills)
 			: (med.prescriptionRemainingRefills ?? null);
-		await db
+    return {
-			.update(medications)
+      success: true,
-			.set({
+      refill: {
-				packCount: newPackCount,
+        id: refill.id,
-				looseTablets: newLooseTablets,
+        packsAdded,
-				prescriptionRemainingRefills: newRemainingRefills,
+        loosePillsAdded,
-				updatedAt: new Date(),
+        totalPillsAdded,
-			})
+        refillDate: refill.refillDate,
-			.where(and(eq(medications.id, medId), eq(medications.userId, userId)));
+      },
      newStock: {
        packCount: newPackCount,
        looseTablets: newLooseTablets,
        totalPills: newPackCount * pillsPerPack + newLooseTablets,
      },
    };
  });
-		// Create refill history entry
+  // GET /medications/:id/refills - Get refill history for a medication
-		const [refill] = await db
+  app.get<{ Params: { id: string } }>("/medications/:id/refills", async (req, reply) => {
-			.insert(refillHistory)
+    const medId = Number(req.params.id);
-			.values({
+    if (Number.isNaN(medId)) return reply.badRequest("Invalid medication id");
 				medicationId: medId,
 				userId,
 				packsAdded: effectivePacksAdded,
 				loosePillsAdded: effectiveLoosePillsAdded,
 				usedPrescription: usePrescription,
 			})
 			.returning();
-		// Calculate pills added for response (packageType-aware)
+    const userId = await getUserId(req, reply);
 		const pillsPerPack = isBottle ? 0 : med.blistersPerPack * med.pillsPerBlister;
 		const totalPillsAdded = isBottle
 			? effectiveLoosePillsAdded
 			: effectivePacksAdded * pillsPerPack + effectiveLoosePillsAdded;
 		const newTotalPills = isBottle
 			? newLooseTablets + (med.stockAdjustment ?? 0)
 			: newPackCount * pillsPerPack + newLooseTablets + (med.stockAdjustment ?? 0);
-		return {
+    // Verify ownership
-			success: true,
+    const [med] = await db.select().from(medications).where(
-			refill: {
+      and(eq(medications.id, medId), eq(medications.userId, userId))
-				id: refill.id,
+    );
-				packsAdded: effectivePacksAdded,
+    if (!med) return reply.notFound("Medication not found");
 				loosePillsAdded: effectiveLoosePillsAdded,
 				totalPillsAdded,
 				refillDate: refill.refillDate,
 			},
 			newStock: {
 				packCount: newPackCount,
 				looseTablets: newLooseTablets,
 				totalPills: newTotalPills,
 			},
 			prescription: {
 				used: usePrescription,
 				remainingRefills: newRemainingRefills,
 				authorizedRefills: med.prescriptionAuthorizedRefills ?? null,
 				lowRefillThreshold: med.prescriptionLowRefillThreshold ?? 1,
 				enabled: med.prescriptionEnabled ?? false,
 			},
 		};
 	});
-	// GET /medications/:id/refills - Get refill history for a medication
+    // Get refill history, newest first
-	app.get<{ Params: { id: string } }>("/medications/:id/refills", async (req, reply) => {
+    const refills = await db.select()
-		const medId = Number(req.params.id);
+      .from(refillHistory)
-		if (Number.isNaN(medId)) return reply.badRequest("Invalid medication id");
+      .where(eq(refillHistory.medicationId, medId))
      .orderBy(desc(refillHistory.refillDate));
-		const userId = await getUserId(req, reply);
+    const pillsPerPack = med.blistersPerPack * med.pillsPerBlister;
-		// Verify ownership
+    return refills.map(r => ({
-		const [med] = await db
+      id: r.id,
-			.select()
+      packsAdded: r.packsAdded,
-			.from(medications)
+      loosePillsAdded: r.loosePillsAdded,
-			.where(and(eq(medications.id, medId), eq(medications.userId, userId)));
+      totalPillsAdded: (r.packsAdded * pillsPerPack) + r.loosePillsAdded,
-		if (!med) return reply.notFound("Medication not found");
+      refillDate: r.refillDate,
-
+    }));
-		// Get refill history, newest first
+  });
 		const refills = await db
 			.select()
 			.from(refillHistory)
 			.where(eq(refillHistory.medicationId, medId))
 			.orderBy(desc(refillHistory.refillDate));
 		const isBottle = (med.packageType ?? "blister") === "bottle";
 		const pillsPerPack = isBottle ? 0 : med.blistersPerPack * med.pillsPerBlister;
 		return refills.map((r) => ({
 			id: r.id,
 			packsAdded: r.packsAdded,
 			loosePillsAdded: r.loosePillsAdded,
 			totalPillsAdded: isBottle ? r.loosePillsAdded : r.packsAdded * pillsPerPack + r.loosePillsAdded,
 			usedPrescription: r.usedPrescription ?? false,
 			refillDate: r.refillDate,
 		}));
 	});
 }
@@ -1,113 +0,0 @@
 import { eq } from "drizzle-orm";
 import type { FastifyInstance, FastifyReply, FastifyRequest } from "fastify";
 import { z } from "zod";
 import { db } from "../db/client.js";
 import { doseTracking, medications, refillHistory } from "../db/schema.js";
 import { getAnonymousUserId, requireAuth } from "../plugins/auth.js";
 import { env } from "../plugins/env.js";
 import type { AuthUser } from "../types/fastify.js";
 const reportDataSchema = z.object({
 	medicationIds: z.array(z.number().int().positive()).min(1).max(100),
 });
 export async function reportRoutes(app: FastifyInstance) {
 	app.addHook("preHandler", requireAuth);
 	async function getUserId(request: FastifyRequest, reply: FastifyReply): Promise<number> {
 		if (!env.AUTH_ENABLED) {
 			return getAnonymousUserId();
 		}
 		const authUser = request.user as unknown as AuthUser | null;
 		if (!authUser) {
 			reply.status(401).send({ error: "User not authenticated", code: "AUTH_REQUIRED" });
 			throw new Error("AUTH_REQUIRED");
 		}
 		return authUser.id;
 	}
 	// POST /medications/report-data - Get aggregated dose/refill data for report generation
 	app.post("/medications/report-data", async (req, reply) => {
 		const parsed = reportDataSchema.safeParse(req.body);
 		if (!parsed.success) return reply.status(400).send(parsed.error.format());
 		const userId = await getUserId(req, reply);
 		const { medicationIds } = parsed.data;
 		// Verify all medications belong to this user
 		const userMeds = await db.select({ id: medications.id }).from(medications).where(eq(medications.userId, userId));
 		const userMedIds = new Set(userMeds.map((m) => m.id));
 		for (const id of medicationIds) {
 			if (!userMedIds.has(id)) {
 				return reply.status(403).send({ error: "Access denied to medication" });
 			}
 		}
 		// Fetch dose tracking for all requested medications
 		// doseId format: "{medicationId}-{blisterIndex}-{dateMs}" or "{medicationId}-{blisterIndex}-{dateMs}-{takenBy}"
 		const allDoses = await db
 			.select({
 				doseId: doseTracking.doseId,
 				takenAt: doseTracking.takenAt,
 				dismissed: doseTracking.dismissed,
 				takenSource: doseTracking.takenSource,
 			})
 			.from(doseTracking)
 			.where(eq(doseTracking.userId, userId));
 		// Group doses by medication ID
 		const dosesByMed = new Map<number, { takenAt: Date; dismissed: boolean; takenSource: string }[]>();
 		for (const dose of allDoses) {
 			const medId = Number.parseInt(dose.doseId.split("-")[0], 10);
 			if (Number.isNaN(medId) || !medicationIds.includes(medId)) continue;
 			if (!dosesByMed.has(medId)) dosesByMed.set(medId, []);
 			dosesByMed.get(medId)!.push({
 				takenAt: dose.takenAt,
 				dismissed: dose.dismissed,
 				takenSource: dose.takenSource ?? "manual",
 			});
 		}
 		// Fetch refill history for requested medications
 		const result: Record<
 			number,
 			{
 				dosesTaken: number;
 				automaticDosesTaken: number;
 				dosesDismissed: number;
 				firstDoseAt: string | null;
 				lastDoseAt: string | null;
 				refills: { packsAdded: number; loosePillsAdded: number; usedPrescription: boolean; refillDate: string }[];
 			}
 		> = {};
 		for (const medId of medicationIds) {
 			const doses = dosesByMed.get(medId) ?? [];
 			const takenDoses = doses.filter((d) => !d.dismissed);
 			const automaticTakenDoses = takenDoses.filter((d) => d.takenSource === "automatic");
 			const dismissedDoses = doses.filter((d) => d.dismissed);
 			const sortedTaken = takenDoses.map((d) => d.takenAt.getTime()).sort((a, b) => a - b);
 			// Get refills for this medication
 			const refills = await db.select().from(refillHistory).where(eq(refillHistory.medicationId, medId));
 			result[medId] = {
 				dosesTaken: takenDoses.length,
 				automaticDosesTaken: automaticTakenDoses.length,
 				dosesDismissed: dismissedDoses.length,
 				firstDoseAt: sortedTaken.length > 0 ? new Date(sortedTaken[0]).toISOString() : null,
 				lastDoseAt: sortedTaken.length > 0 ? new Date(sortedTaken[sortedTaken.length - 1]).toISOString() : null,
 				refills: refills.map((r) => ({
 					packsAdded: r.packsAdded,
 					loosePillsAdded: r.loosePillsAdded,
 					usedPrescription: r.usedPrescription ?? false,
 					refillDate: r.refillDate instanceof Date ? r.refillDate.toISOString() : String(r.refillDate),
 				})),
 			};
 		}
 		return result;
 	});
 }
@@ -1,18 +1,12 @@
-import { randomBytes } from "node:crypto";
+import { FastifyInstance } from "fastify";
 import { eq } from "drizzle-orm";
 import type { FastifyInstance, FastifyReply, FastifyRequest } from "fastify";
 import { z } from "zod";
 import { randomBytes } from "crypto";
 import { db } from "../db/client.js";
 import { medications, shareTokens, userSettings, users } from "../db/schema.js";
-import { getAnonymousUserId, requireAuth } from "../plugins/auth.js";
+import { eq, and, sql } from "drizzle-orm";
 import { requireAuth, optionalAuth, getAnonymousUserId } from "../plugins/auth.js";
 import { env } from "../plugins/env.js";
 import type { AuthUser } from "../types/fastify.js";
 import {
 	getAllTakenByForMedication,
 	parseIntakesJson,
 	parseTakenByJson,
 	personTakesMedication,
 } from "../utils/scheduler-utils.js";
 // Share token validity: 1 year in milliseconds
 const SHARE_TOKEN_VALIDITY_MS = 365 * 24 * 60 * 60 * 1000;
@@ -21,239 +15,212 @@ const SHARE_TOKEN_VALIDITY_MS = 365 * 24 * 60 * 60 * 1000;
 // Validation Schemas
 // =============================================================================
 const createShareSchema = z.object({
-	takenBy: z.string().min(1, "takenBy is required"),
+  takenBy: z.string().min(1, "takenBy is required"),
-	scheduleDays: z.number().int().min(1).max(365).default(30),
+  scheduleDays: z.number().int().min(1).max(365).default(30),
 });
 // Helper to get user ID from request
 // Returns anonymous user ID when auth is disabled
-async function getUserId(request: FastifyRequest, reply: FastifyReply): Promise<number> {
+async function getUserId(request: any, reply: any): Promise<number> {
-	// If auth is disabled, use the anonymous user
+  // If auth is disabled, use the anonymous user
-	if (!env.AUTH_ENABLED) {
+  if (!env.AUTH_ENABLED) {
-		return getAnonymousUserId();
+    return getAnonymousUserId();
-	}
+  }
  const authUser = request.user as unknown as AuthUser | null;
  if (!authUser) {
    reply.status(401).send({ error: "Not authenticated" });
    throw new Error("AUTH_REQUIRED");
  }
  return authUser.id;
 }
-	const authUser = request.user as unknown as AuthUser | null;
+// Helper to parse takenByJson
-	if (!authUser) {
+function parseTakenByJson(takenByJson: string | null | undefined): string[] {
-		reply.status(401).send({ error: "Not authenticated" });
+  if (!takenByJson) return [];
-		throw new Error("AUTH_REQUIRED");
+  try {
-	}
+    const parsed = JSON.parse(takenByJson);
-	return authUser.id;
+    return Array.isArray(parsed) ? parsed.filter((s: unknown) => typeof s === "string" && s.trim()) : [];
  } catch {
    return [];
  }
 }
 // =============================================================================
 // Share Routes
 // =============================================================================
 export async function shareRoutes(app: FastifyInstance) {
-	// ---------------------------------------------------------------------------
+  // ---------------------------------------------------------------------------
-	// GET /share/:token - PUBLIC: Get shared schedule by token
+  // GET /share/:token - PUBLIC: Get shared schedule by token
-	// ---------------------------------------------------------------------------
+  // ---------------------------------------------------------------------------
-	app.get<{ Params: { token: string } }>("/share/:token", async (request, reply) => {
+  app.get<{ Params: { token: string } }>("/share/:token", async (request, reply) => {
-		const { token } = request.params;
+    const { token } = request.params;
-		// Find share token
+    // Find share token
-		const [share] = await db.select().from(shareTokens).where(eq(shareTokens.token, token));
+    const [share] = await db.select().from(shareTokens).where(eq(shareTokens.token, token));
-		if (!share) {
+    if (!share) {
-			return reply.status(404).send({
+      return reply.status(404).send({ 
-				error: "Share link not found",
+        error: "Share link not found",
-				code: "NOT_FOUND",
+        code: "NOT_FOUND"
-			});
+      });
-		}
+    }
-		// Check if token has expired
+    // Check if token has expired
-		if (share.expiresAt && share.expiresAt.getTime() < Date.now()) {
+    if (share.expiresAt && share.expiresAt.getTime() < Date.now()) {
-			// Get the username of the owner to show in the expired message
+      // Get the username of the owner to show in the expired message
-			const [owner] = await db.select({ username: users.username }).from(users).where(eq(users.id, share.userId));
+      const [owner] = await db.select({ username: users.username }).from(users).where(eq(users.id, share.userId));
-			return reply.status(410).send({
+      return reply.status(410).send({
-				error: "Share link has expired",
+        error: "Share link has expired",
-				code: "EXPIRED",
+        code: "EXPIRED",
-				ownerUsername: owner?.username ?? "the owner",
+        ownerUsername: owner?.username ?? "the owner",
-				takenBy: share.takenBy,
+        takenBy: share.takenBy,
-				expiredAt: share.expiresAt.toISOString(),
+        expiredAt: share.expiresAt.toISOString(),
-			});
+      });
-		}
+    }
-		// Get user settings for stock thresholds
+    // Get user settings for stock thresholds
-		const [settings] = await db.select().from(userSettings).where(eq(userSettings.userId, share.userId));
+    const [settings] = await db.select().from(userSettings).where(eq(userSettings.userId, share.userId));
-		// Get the username of the owner who created this share link
+    // Get the username of the owner who created this share link
-		const [owner] = await db.select({ username: users.username }).from(users).where(eq(users.id, share.userId));
+    const [owner] = await db.select({ username: users.username }).from(users).where(eq(users.id, share.userId));
-		// Get medications for this user filtered by takenBy (search in JSON array)
+    // Get medications for this user filtered by takenBy (search in JSON array)
-		// Use SQLite JSON function to check if takenBy is in the array
+    // Use SQLite JSON function to check if takenBy is in the array
-		const allMeds = await db.select().from(medications).where(eq(medications.userId, share.userId));
+    const allMeds = await db.select().from(medications).where(eq(medications.userId, share.userId));
    // Filter medications where takenByJson array contains the share.takenBy value
    const meds = allMeds.filter((med) => {
      const takenByArray = parseTakenByJson(med.takenByJson);
      return takenByArray.includes(share.takenBy);
    });
-		// Filter medications where takenBy matches either medication-level OR any intake-level takenBy
+    // Parse blisters and build schedule data
-		const meds = allMeds.filter((med) => {
+    const medicationsWithBlisters = meds.map((med) => {
-			const takenByArray = parseTakenByJson(med.takenByJson);
+      let blisters: { usage: number; every: number; start: string }[] = [];
-			const intakes = parseIntakesJson(
+      try {
-				med.intakesJson,
+        const usageArr = JSON.parse(med.usageJson || "[]");
-				{ usageJson: med.usageJson, everyJson: med.everyJson, startJson: med.startJson },
+        const everyArr = JSON.parse(med.everyJson || "[]");
-				med.intakeRemindersEnabled ?? false
+        const startArr = JSON.parse(med.startJson || "[]");
-			);
+        blisters = usageArr.map((usage: number, i: number) => ({
-			return personTakesMedication(share.takenBy, takenByArray, intakes);
+          usage,
-		});
+          every: everyArr[i] ?? 1,
          start: startArr[i] ?? new Date().toISOString(),
        }));
      } catch {
        blisters = [];
      }
-		// Parse blisters and build schedule data
+      // Parse takenBy JSON array
-		const medicationsWithBlisters = meds.map((med) => {
+      const takenByArray = parseTakenByJson(med.takenByJson);
 			// Parse intakes from new format, falling back to legacy
 			const intakes = parseIntakesJson(
 				med.intakesJson,
 				{ usageJson: med.usageJson, everyJson: med.everyJson, startJson: med.startJson },
 				med.intakeRemindersEnabled ?? false
 			);
-			// Convert to legacy blisters format for backward compat
+      const totalPills = med.packCount * med.blistersPerPack * med.pillsPerBlister + med.looseTablets + (med.stockAdjustment ?? 0);
-			const blisters = intakes.map((i) => ({
+      return {
-				usage: i.usage,
+        id: med.id,
-				every: i.every,
+        name: med.name,
-				start: i.start,
+        genericName: med.genericName,
-			}));
+        pillWeightMg: med.pillWeightMg,
        imageUrl: med.imageUrl,
        totalPills,
        packCount: med.packCount,
        blistersPerPack: med.blistersPerPack,
        looseTablets: med.looseTablets,
        pillsPerBlister: med.pillsPerBlister,
        takenBy: takenByArray,
        blisters,
      };
    });
-			// Parse takenBy JSON array
+    return {
-			const takenByArray = parseTakenByJson(med.takenByJson);
+      takenBy: share.takenBy,
      sharedBy: owner?.username ?? null,
      scheduleDays: share.scheduleDays,
      medications: medicationsWithBlisters,
      stockThresholds: {
        lowStockDays: settings?.lowStockDays ?? 30,
      },
    };
  });
-			const totalPills =
+  // ---------------------------------------------------------------------------
-				(med.packageType ?? "blister") === "bottle"
+  // POST /share - PROTECTED: Create a new share link
-					? med.looseTablets + (med.stockAdjustment ?? 0)
+  // ---------------------------------------------------------------------------
-					: med.packCount * med.blistersPerPack * med.pillsPerBlister + med.looseTablets + (med.stockAdjustment ?? 0);
+  app.post<{ Body: z.infer<typeof createShareSchema> }>(
-			return {
+    "/share",
-				id: med.id,
+    { preHandler: requireAuth },
-				name: med.name,
+    async (request, reply) => {
-				genericName: med.genericName,
+      const userId = await getUserId(request, reply);
 				pillWeightMg: med.pillWeightMg,
 				doseUnit: med.doseUnit ?? "mg",
 				imageUrl: med.imageUrl,
 				totalPills,
 				packageType: med.packageType ?? "blister",
 				packCount: med.packCount,
 				blistersPerPack: med.blistersPerPack,
 				looseTablets: med.looseTablets,
 				pillsPerBlister: med.pillsPerBlister,
 				takenBy: takenByArray,
 				intakes, // New unified format with per-intake takenBy
 				blisters, // Legacy format for backward compat
 				dismissedUntil: med.dismissedUntil,
 				updatedAt: med.updatedAt, // For filtering out doses from previous schedule configurations
 				lastStockCorrectionAt: med.lastStockCorrectionAt?.getTime() ?? null,
 				stockAdjustment: med.stockAdjustment ?? 0,
 			};
 		});
-		return {
+      const parsed = createShareSchema.safeParse(request.body);
-			takenBy: share.takenBy,
+      if (!parsed.success) {
-			sharedBy: owner?.username ?? null,
+        return reply.status(400).send({
-			scheduleDays: share.scheduleDays,
+          error: parsed.error.errors[0]?.message ?? "Invalid input",
-			medications: medicationsWithBlisters,
+          code: "VALIDATION_ERROR",
-			stockThresholds: {
+        });
-				lowStockDays: settings?.lowStockDays ?? 30,
+      }
 				normalStockDays: settings?.normalStockDays ?? 60,
 				highStockDays: settings?.highStockDays ?? 90,
 				reminderDaysBefore: settings?.reminderDaysBefore ?? 7,
 				expiryWarningDays: settings?.expiryWarningDays ?? 90,
 			},
 			stockCalculationMode: (settings?.stockCalculationMode as "automatic" | "manual") ?? "automatic",
 			shareStockStatus: settings?.shareStockStatus ?? true,
 			upcomingTodayOnly: settings?.upcomingTodayOnly ?? false,
 			shareScheduleTodayOnly: settings?.shareScheduleTodayOnly ?? false,
 		};
 	});
-	// ---------------------------------------------------------------------------
+      const { takenBy, scheduleDays } = parsed.data;
 	// POST /share - PROTECTED: Create a new share link
 	// ---------------------------------------------------------------------------
 	app.post<{ Body: z.infer<typeof createShareSchema> }>(
 		"/share",
 		{ preHandler: requireAuth },
 		async (request, reply) => {
 			const userId = await getUserId(request, reply);
-			const parsed = createShareSchema.safeParse(request.body);
+      // Check if user has medications for this takenBy (search in JSON array)
-			if (!parsed.success) {
+      const allMeds = await db.select().from(medications).where(eq(medications.userId, userId));
-				return reply.status(400).send({
+      const medsForPerson = allMeds.filter((med) => {
-					error: parsed.error.errors[0]?.message ?? "Invalid input",
+        const takenByArray = parseTakenByJson(med.takenByJson);
-					code: "VALIDATION_ERROR",
+        return takenByArray.includes(takenBy);
-				});
+      });
 			}
-			const { takenBy, scheduleDays } = parsed.data;
+      if (medsForPerson.length === 0) {
        return reply.status(400).send({
          error: "No medications found for this person",
          code: "NO_MEDICATIONS",
        });
      }
-			// Check if user has medications for this takenBy (search in both medication-level and intake-level)
+      // Generate unique token (8 bytes = 16 hex chars)
-			const allMeds = await db.select().from(medications).where(eq(medications.userId, userId));
+      const token = randomBytes(8).toString("hex");
-			const medsForPerson = allMeds.filter((med) => {
+      
-				const takenByArray = parseTakenByJson(med.takenByJson);
+      // Set expiration date (1 year from now)
-				const intakes = parseIntakesJson(
+      const expiresAt = new Date(Date.now() + SHARE_TOKEN_VALIDITY_MS);
 					med.intakesJson,
 					{ usageJson: med.usageJson, everyJson: med.everyJson, startJson: med.startJson },
 					med.intakeRemindersEnabled ?? false
 				);
 				return personTakesMedication(takenBy, takenByArray, intakes);
 			});
-			if (medsForPerson.length === 0) {
+      // Create share token
-				return reply.status(400).send({
+      await db.insert(shareTokens).values({
-					error: "No medications found for this person",
+        userId: userId,
-					code: "NO_MEDICATIONS",
+        token,
-				});
+        takenBy,
-			}
+        scheduleDays,
        expiresAt,
      });
-			// Generate unique token (8 bytes = 16 hex chars)
+      return {
-			const token = randomBytes(8).toString("hex");
+        token,
        shareUrl: `/share/${token}`,
        expiresAt: expiresAt.toISOString(),
      };
    }
  );
-			// Set expiration date (1 year from now)
+  // ---------------------------------------------------------------------------
-			const expiresAt = new Date(Date.now() + SHARE_TOKEN_VALIDITY_MS);
+  // GET /share/people - PROTECTED: Get list of unique takenBy values
  // ---------------------------------------------------------------------------
  app.get(
    "/share/people",
    { preHandler: requireAuth },
    async (request, reply) => {
      const userId = await getUserId(request, reply);
-			// Create share token
+      // Get all unique takenBy values for this user (from JSON arrays)
-			await db.insert(shareTokens).values({
+      const meds = await db.select({ takenByJson: medications.takenByJson })
-				userId: userId,
+        .from(medications)
-				token,
+        .where(eq(medications.userId, userId));
 				takenBy,
 				scheduleDays,
 				expiresAt,
 			});
-			return {
+      // Collect all unique person names from all takenByJson arrays
-				token,
+      const allPeople = new Set<string>();
-				shareUrl: `/share/${token}`,
+      for (const med of meds) {
-				expiresAt: expiresAt.toISOString(),
+        const takenByArray = parseTakenByJson(med.takenByJson);
-			};
+        for (const person of takenByArray) {
-		}
+          if (person) allPeople.add(person);
-	);
+        }
      }
-	// ---------------------------------------------------------------------------
+      return { people: [...allPeople].sort() };
-	// GET /share/people - PROTECTED: Get list of unique takenBy values
+    }
-	// ---------------------------------------------------------------------------
+  );
 	app.get("/share/people", { preHandler: requireAuth }, async (request, reply) => {
 		const userId = await getUserId(request, reply);
 		// Get all unique takenBy values for this user (from both medication-level and intake-level)
 		const meds = await db
 			.select({
 				takenByJson: medications.takenByJson,
 				intakesJson: medications.intakesJson,
 				usageJson: medications.usageJson,
 				everyJson: medications.everyJson,
 				startJson: medications.startJson,
 				intakeRemindersEnabled: medications.intakeRemindersEnabled,
 			})
 			.from(medications)
 			.where(eq(medications.userId, userId));
 		// Collect all unique person names from medication-level AND intake-level takenBy
 		const allPeople = new Set<string>();
 		for (const med of meds) {
 			const takenByArray = parseTakenByJson(med.takenByJson);
 			const intakes = parseIntakesJson(
 				med.intakesJson,
 				{ usageJson: med.usageJson, everyJson: med.everyJson, startJson: med.startJson },
 				med.intakeRemindersEnabled ?? false
 			);
 			const allForMed = getAllTakenByForMedication(takenByArray, intakes);
 			for (const person of allForMed) {
 				if (person) allPeople.add(person);
 			}
 		}
 		return { people: [...allPeople].sort() };
 	});
 }
@@ -1,125 +0,0 @@
 import { afterEach, describe, expect, it, vi } from "vitest";
 type ClientTestOptions = {
 	dirWritable?: boolean;
 	authEnabled?: boolean;
 };
 async function loadDbClientModule(options: ClientTestOptions = {}) {
 	const { dirWritable = true, authEnabled = false } = options;
 	vi.resetModules();
 	vi.restoreAllMocks();
 	process.env.AUTH_ENABLED = authEnabled ? "true" : "false";
 	process.env.DOTENV_PATH = "/tmp/medassist-nonexistent.env";
 	const existsSync = vi.fn().mockReturnValue(false);
 	const statSync = vi.fn().mockReturnValue({ mode: 0o40755, uid: 1000, gid: 1000 });
 	vi.doMock("node:fs", () => ({ existsSync, statSync }));
 	const dotenvConfig = vi.fn();
 	vi.doMock("dotenv", () => ({ default: { config: dotenvConfig } }));
 	const createClient = vi.fn().mockReturnValue({ execute: vi.fn() });
 	vi.doMock("@libsql/client", () => ({ createClient }));
 	const drizzle = vi.fn().mockReturnValue({ __db: true });
 	vi.doMock("drizzle-orm/libsql", () => ({ drizzle }));
 	const ensureDataDirectory = vi
 		.fn()
 		.mockReturnValue(dirWritable ? { success: true } : { success: false, error: "permission denied" });
 	const getDbPaths = vi.fn().mockReturnValue({
 		dataDir: "/tmp/medassist-data",
 		dbPath: "/tmp/medassist-data/medassist.db",
 		url: "file:/tmp/medassist-data/medassist.db",
 	});
 	const runDrizzleMigrations = vi.fn().mockResolvedValue({ success: true });
 	const runAlterMigrations = vi.fn().mockResolvedValue({ errors: [] });
 	const repairTrailingHyphenDoseIds = vi.fn().mockResolvedValue({ repaired: 0, errors: [] });
 	const repairOrphanedDoseIds = vi.fn().mockResolvedValue({ repaired: 0, errors: [] });
 	const ensureDefaultUser = vi.fn().mockResolvedValue(false);
 	vi.doMock("../db/db-utils.js", () => ({
 		buildDbUrl: vi.fn(),
 		getDataDir: vi.fn(),
 		ensureDataDirectory,
 		getDbPaths,
 		runDrizzleMigrations,
 		runAlterMigrations,
 		repairTrailingHyphenDoseIds,
 		repairOrphanedDoseIds,
 		ensureDefaultUser,
 	}));
 	const log = {
 		debug: vi.fn(),
 		info: vi.fn(),
 		warn: vi.fn(),
 		error: vi.fn(),
 	};
 	vi.doMock("../utils/logger.js", () => ({ log }));
 	const exitSpy = vi.spyOn(process, "exit").mockImplementation(((code?: number) => {
 		throw new Error(`process.exit:${code ?? 0}`);
 	}) as never);
 	const modulePromise = import("../db/client.js");
 	return {
 		modulePromise,
 		mocks: {
 			existsSync,
 			statSync,
 			dotenvConfig,
 			createClient,
 			drizzle,
 			ensureDataDirectory,
 			getDbPaths,
 			runDrizzleMigrations,
 			runAlterMigrations,
 			repairTrailingHyphenDoseIds,
 			repairOrphanedDoseIds,
 			ensureDefaultUser,
 			log,
 			exitSpy,
 		},
 	};
 }
 afterEach(() => {
 	vi.restoreAllMocks();
 });
 describe("db/client bootstrap", () => {
 	it("initializes db and runs migrations when directory is writable", async () => {
 		const { modulePromise, mocks } = await loadDbClientModule({ dirWritable: true, authEnabled: false });
 		const mod = await modulePromise;
 		expect(mod.db).toBeTruthy();
 		expect(mod.migrationsReady).toBeInstanceOf(Promise);
 		await mod.migrationsReady;
 		expect(mocks.ensureDataDirectory).toHaveBeenCalledWith("/tmp/medassist-data");
 		expect(mocks.createClient).toHaveBeenCalledWith({ url: "file:/tmp/medassist-data/medassist.db" });
 		expect(mocks.runDrizzleMigrations).toHaveBeenCalledTimes(1);
 		expect(mocks.runAlterMigrations).toHaveBeenCalledTimes(1);
 		expect(mocks.repairTrailingHyphenDoseIds).toHaveBeenCalledTimes(1);
 		expect(mocks.repairOrphanedDoseIds).toHaveBeenCalledTimes(1);
 		expect(mocks.ensureDefaultUser).toHaveBeenCalledWith(expect.anything(), false);
 	});
 	it("passes auth-enabled flag to ensureDefaultUser", async () => {
 		const { modulePromise, mocks } = await loadDbClientModule({ dirWritable: true, authEnabled: true });
 		const mod = await modulePromise;
 		await mod.migrationsReady;
 		expect(mocks.ensureDefaultUser).toHaveBeenCalledWith(expect.anything(), true);
 	});
 	it("exits when data directory is not writable", async () => {
 		const { modulePromise } = await loadDbClientModule({ dirWritable: false });
 		await expect(modulePromise).rejects.toThrow("process.exit:1");
 	});
 });
@@ -1,76 +0,0 @@
 import { afterAll, beforeEach, describe, expect, it, vi } from "vitest";
 const ORIGINAL_ENV = { ...process.env };
 describe("plugins/env runtime validation", () => {
 	beforeEach(() => {
 		vi.resetModules();
 		vi.restoreAllMocks();
 		process.env = {
 			...ORIGINAL_ENV,
 			DOTENV_PATH: "/tmp/medassist-nonexistent.env",
 		};
 	});
 	afterAll(() => {
 		process.env = ORIGINAL_ENV;
 	});
 	it("loads with defaults when auth and oidc are disabled", async () => {
 		delete process.env.AUTH_ENABLED;
 		delete process.env.OIDC_ENABLED;
 		delete process.env.JWT_SECRET;
 		delete process.env.REFRESH_SECRET;
 		delete process.env.COOKIE_SECRET;
 		const mod = await import("../plugins/env.js");
 		expect(mod.env.AUTH_ENABLED).toBe(false);
 		expect(mod.env.OIDC_ENABLED).toBe(false);
 		expect(mod.env.PORT).toBe(3000);
 	});
 	it("exits when auth is enabled but secrets are missing", async () => {
 		process.env.AUTH_ENABLED = "true";
 		delete process.env.JWT_SECRET;
 		delete process.env.REFRESH_SECRET;
 		delete process.env.COOKIE_SECRET;
 		vi.spyOn(process, "exit").mockImplementation(((code?: number) => {
 			throw new Error(`process.exit:${code ?? 0}`);
 		}) as never);
 		await expect(import("../plugins/env.js")).rejects.toThrow("process.exit:1");
 	});
 	it("exits when oidc is enabled but required settings are missing", async () => {
 		process.env.AUTH_ENABLED = "false";
 		process.env.OIDC_ENABLED = "true";
 		delete process.env.OIDC_ISSUER_URL;
 		delete process.env.OIDC_CLIENT_ID;
 		delete process.env.OIDC_CLIENT_SECRET;
 		delete process.env.OIDC_REDIRECT_URI;
 		vi.spyOn(process, "exit").mockImplementation(((code?: number) => {
 			throw new Error(`process.exit:${code ?? 0}`);
 		}) as never);
 		await expect(import("../plugins/env.js")).rejects.toThrow("process.exit:1");
 	});
 	it("loads when auth and oidc settings are complete", async () => {
 		process.env.AUTH_ENABLED = "true";
 		process.env.JWT_SECRET = "jwt-secret-for-runtime-test";
 		process.env.REFRESH_SECRET = "refresh-secret-runtime-test";
 		process.env.COOKIE_SECRET = "cookie-secret-runtime-test";
 		process.env.OIDC_ENABLED = "true";
 		process.env.OIDC_ISSUER_URL = "https://auth.example.com";
 		process.env.OIDC_CLIENT_ID = "medassist";
 		process.env.OIDC_CLIENT_SECRET = "super-secret-client";
 		process.env.OIDC_REDIRECT_URI = "https://app.example.com/api/auth/oidc/callback";
 		const mod = await import("../plugins/env.js");
 		expect(mod.env.AUTH_ENABLED).toBe(true);
 		expect(mod.env.OIDC_ENABLED).toBe(true);
 		expect(mod.env.OIDC_CLIENT_ID).toBe("medassist");
 	});
 });
@@ -1,386 +1,365 @@
-import { describe, expect, it, vi } from "vitest";
+import { describe, it, expect, vi, beforeEach, afterEach } from "vitest";
 import { z } from "zod";
 // Mock process.exit to prevent tests from exiting
 const mockExit = vi.fn();
-vi.spyOn(process, "exit").mockImplementation(mockExit as unknown as (...args: unknown[]) => never);
+vi.spyOn(process, "exit").mockImplementation(mockExit as any);
 // Re-create the schema from env.ts for testing
 const EnvSchema = z.object({
-	NODE_ENV: z.enum(["development", "production", "test"]).default("production"),
+  NODE_ENV: z.enum(["development", "production", "test"]).default("production"),
-	PORT: z
+  PORT: z.string().transform((v) => parseInt(v, 10)).default("3000"),
-		.string()
+  CORS_ORIGINS: z.string().default("http://localhost:5173,http://localhost:4173"),
-		.transform((v) => parseInt(v, 10))
+  LOG_LEVEL: z.string().default("info"),
-		.default("3000"),
+  AUTH_ENABLED: z.string().transform((v) => v === "true").default("false"),
-	CORS_ORIGINS: z.string().default("http://localhost:5173,http://localhost:4173"),
+  REGISTRATION_ENABLED: z.string().transform((v) => v === "true").default("false"),
-	LOG_LEVEL: z.string().default("info"),
+  JWT_SECRET: z.string().min(10).optional(),
-	AUTH_ENABLED: z
+  REFRESH_SECRET: z.string().min(10).optional(),
-		.string()
+  COOKIE_SECRET: z.string().min(10).optional(),
-		.transform((v) => v === "true")
+  ACCESS_TOKEN_TTL_MINUTES: z.string().transform((v) => parseInt(v, 10)).default("15"),
-		.default("false"),
+  REFRESH_TOKEN_TTL_DAYS: z.string().transform((v) => parseInt(v, 10)).default("7"),
-	REGISTRATION_ENABLED: z
+  OIDC_ENABLED: z.string().transform((v) => v === "true").default("false"),
-		.string()
+  OIDC_ISSUER_URL: z.string().url().optional(),
-		.transform((v) => v === "true")
+  OIDC_CLIENT_ID: z.string().optional(),
-		.default("false"),
+  OIDC_CLIENT_SECRET: z.string().optional(),
-	JWT_SECRET: z.string().min(10).optional(),
+  OIDC_REDIRECT_URI: z.string().url().optional(),
-	REFRESH_SECRET: z.string().min(10).optional(),
+  OIDC_SCOPES: z.string().default("openid profile email"),
-	COOKIE_SECRET: z.string().min(10).optional(),
+  OIDC_AUTO_CREATE_USERS: z.string().transform((v) => v === "true").default("true"),
-	ACCESS_TOKEN_TTL_MINUTES: z
+  OIDC_USERNAME_CLAIM: z.string().default("preferred_username"),
-		.string()
+  OIDC_PROVIDER_NAME: z.string().default("SSO"),
 		.transform((v) => parseInt(v, 10))
 		.default("15"),
 	REFRESH_TOKEN_TTL_DAYS: z
 		.string()
 		.transform((v) => parseInt(v, 10))
 		.default("7"),
 	OIDC_ENABLED: z
 		.string()
 		.transform((v) => v === "true")
 		.default("false"),
 	OIDC_ISSUER_URL: z.string().url().optional(),
 	OIDC_CLIENT_ID: z.string().optional(),
 	OIDC_CLIENT_SECRET: z.string().optional(),
 	OIDC_REDIRECT_URI: z.string().url().optional(),
 	OIDC_SCOPES: z.string().default("openid profile email"),
 	OIDC_AUTO_CREATE_USERS: z
 		.string()
 		.transform((v) => v === "true")
 		.default("true"),
 	OIDC_USERNAME_CLAIM: z.string().default("preferred_username"),
 	OIDC_PROVIDER_NAME: z.string().default("SSO"),
 });
 // Validation functions from env.ts
 function validateAuthSecrets(parsed: z.infer<typeof EnvSchema>): string[] {
-	const missing: string[] = [];
+  const missing: string[] = [];
-	if (parsed.AUTH_ENABLED) {
+  if (parsed.AUTH_ENABLED) {
-		if (!parsed.JWT_SECRET) missing.push("JWT_SECRET");
+    if (!parsed.JWT_SECRET) missing.push("JWT_SECRET");
-		if (!parsed.REFRESH_SECRET) missing.push("REFRESH_SECRET");
+    if (!parsed.REFRESH_SECRET) missing.push("REFRESH_SECRET");
-		if (!parsed.COOKIE_SECRET) missing.push("COOKIE_SECRET");
+    if (!parsed.COOKIE_SECRET) missing.push("COOKIE_SECRET");
-	}
+  }
-	return missing;
+  return missing;
 }
 function validateOidcConfig(parsed: z.infer<typeof EnvSchema>): string[] {
-	const missing: string[] = [];
+  const missing: string[] = [];
-	if (parsed.OIDC_ENABLED) {
+  if (parsed.OIDC_ENABLED) {
-		if (!parsed.OIDC_ISSUER_URL) missing.push("OIDC_ISSUER_URL");
+    if (!parsed.OIDC_ISSUER_URL) missing.push("OIDC_ISSUER_URL");
-		if (!parsed.OIDC_CLIENT_ID) missing.push("OIDC_CLIENT_ID");
+    if (!parsed.OIDC_CLIENT_ID) missing.push("OIDC_CLIENT_ID");
-		if (!parsed.OIDC_CLIENT_SECRET) missing.push("OIDC_CLIENT_SECRET");
+    if (!parsed.OIDC_CLIENT_SECRET) missing.push("OIDC_CLIENT_SECRET");
-		if (!parsed.OIDC_REDIRECT_URI) missing.push("OIDC_REDIRECT_URI");
+    if (!parsed.OIDC_REDIRECT_URI) missing.push("OIDC_REDIRECT_URI");
-	}
+  }
-	return missing;
+  return missing;
 }
 describe("EnvSchema", () => {
-	describe("default values", () => {
+  describe("default values", () => {
-		it("should use default values when env vars are empty", () => {
+    it("should use default values when env vars are empty", () => {
-			const result = EnvSchema.parse({});
+      const result = EnvSchema.parse({});
      expect(result.NODE_ENV).toBe("production");
      expect(result.PORT).toBe(3000);
      expect(result.CORS_ORIGINS).toBe("http://localhost:5173,http://localhost:4173");
      expect(result.LOG_LEVEL).toBe("info");
      expect(result.AUTH_ENABLED).toBe(false);
      expect(result.REGISTRATION_ENABLED).toBe(false);
      expect(result.ACCESS_TOKEN_TTL_MINUTES).toBe(15);
      expect(result.REFRESH_TOKEN_TTL_DAYS).toBe(7);
      expect(result.OIDC_ENABLED).toBe(false);
      expect(result.OIDC_SCOPES).toBe("openid profile email");
      expect(result.OIDC_AUTO_CREATE_USERS).toBe(true);
      expect(result.OIDC_USERNAME_CLAIM).toBe("preferred_username");
      expect(result.OIDC_PROVIDER_NAME).toBe("SSO");
    });
  });
-			expect(result.NODE_ENV).toBe("production");
+  describe("NODE_ENV validation", () => {
-			expect(result.PORT).toBe(3000);
+    it("should accept development", () => {
-			expect(result.CORS_ORIGINS).toBe("http://localhost:5173,http://localhost:4173");
+      const result = EnvSchema.parse({ NODE_ENV: "development" });
-			expect(result.LOG_LEVEL).toBe("info");
+      expect(result.NODE_ENV).toBe("development");
-			expect(result.AUTH_ENABLED).toBe(false);
+    });
 			expect(result.REGISTRATION_ENABLED).toBe(false);
 			expect(result.ACCESS_TOKEN_TTL_MINUTES).toBe(15);
 			expect(result.REFRESH_TOKEN_TTL_DAYS).toBe(7);
 			expect(result.OIDC_ENABLED).toBe(false);
 			expect(result.OIDC_SCOPES).toBe("openid profile email");
 			expect(result.OIDC_AUTO_CREATE_USERS).toBe(true);
 			expect(result.OIDC_USERNAME_CLAIM).toBe("preferred_username");
 			expect(result.OIDC_PROVIDER_NAME).toBe("SSO");
 		});
 	});
-	describe("NODE_ENV validation", () => {
+    it("should accept production", () => {
-		it("should accept development", () => {
+      const result = EnvSchema.parse({ NODE_ENV: "production" });
-			const result = EnvSchema.parse({ NODE_ENV: "development" });
+      expect(result.NODE_ENV).toBe("production");
-			expect(result.NODE_ENV).toBe("development");
+    });
 		});
-		it("should accept production", () => {
+    it("should accept test", () => {
-			const result = EnvSchema.parse({ NODE_ENV: "production" });
+      const result = EnvSchema.parse({ NODE_ENV: "test" });
-			expect(result.NODE_ENV).toBe("production");
+      expect(result.NODE_ENV).toBe("test");
-		});
+    });
-		it("should accept test", () => {
+    it("should reject invalid NODE_ENV values", () => {
-			const result = EnvSchema.parse({ NODE_ENV: "test" });
+      expect(() => EnvSchema.parse({ NODE_ENV: "staging" })).toThrow();
-			expect(result.NODE_ENV).toBe("test");
+      expect(() => EnvSchema.parse({ NODE_ENV: "invalid" })).toThrow();
-		});
+    });
  });
-		it("should reject invalid NODE_ENV values", () => {
+  describe("PORT transformation", () => {
-			expect(() => EnvSchema.parse({ NODE_ENV: "staging" })).toThrow();
+    it("should transform string PORT to number", () => {
-			expect(() => EnvSchema.parse({ NODE_ENV: "invalid" })).toThrow();
+      const result = EnvSchema.parse({ PORT: "8080" });
-		});
+      expect(result.PORT).toBe(8080);
-	});
+    });
-	describe("PORT transformation", () => {
+    it("should use default port when not provided", () => {
-		it("should transform string PORT to number", () => {
+      const result = EnvSchema.parse({});
-			const result = EnvSchema.parse({ PORT: "8080" });
+      expect(result.PORT).toBe(3000);
-			expect(result.PORT).toBe(8080);
+    });
-		});
+  });
-		it("should use default port when not provided", () => {
+  describe("boolean transformations", () => {
-			const result = EnvSchema.parse({});
+    it("should transform AUTH_ENABLED=true to boolean true", () => {
-			expect(result.PORT).toBe(3000);
+      const result = EnvSchema.parse({ AUTH_ENABLED: "true" });
-		});
+      expect(result.AUTH_ENABLED).toBe(true);
-	});
+    });
-	describe("boolean transformations", () => {
+    it("should transform AUTH_ENABLED=false to boolean false", () => {
-		it("should transform AUTH_ENABLED=true to boolean true", () => {
+      const result = EnvSchema.parse({ AUTH_ENABLED: "false" });
-			const result = EnvSchema.parse({ AUTH_ENABLED: "true" });
+      expect(result.AUTH_ENABLED).toBe(false);
-			expect(result.AUTH_ENABLED).toBe(true);
+    });
 		});
-		it("should transform AUTH_ENABLED=false to boolean false", () => {
+    it("should treat non-true string as false", () => {
-			const result = EnvSchema.parse({ AUTH_ENABLED: "false" });
+      const result = EnvSchema.parse({ AUTH_ENABLED: "yes" });
-			expect(result.AUTH_ENABLED).toBe(false);
+      expect(result.AUTH_ENABLED).toBe(false);
-		});
+    });
-		it("should treat non-true string as false", () => {
+    it("should transform REGISTRATION_ENABLED correctly", () => {
-			const result = EnvSchema.parse({ AUTH_ENABLED: "yes" });
+      expect(EnvSchema.parse({ REGISTRATION_ENABLED: "true" }).REGISTRATION_ENABLED).toBe(true);
-			expect(result.AUTH_ENABLED).toBe(false);
+      expect(EnvSchema.parse({ REGISTRATION_ENABLED: "false" }).REGISTRATION_ENABLED).toBe(false);
-		});
+    });
-		it("should transform REGISTRATION_ENABLED correctly", () => {
+    it("should transform OIDC_ENABLED correctly", () => {
-			expect(EnvSchema.parse({ REGISTRATION_ENABLED: "true" }).REGISTRATION_ENABLED).toBe(true);
+      expect(EnvSchema.parse({ OIDC_ENABLED: "true" }).OIDC_ENABLED).toBe(true);
-			expect(EnvSchema.parse({ REGISTRATION_ENABLED: "false" }).REGISTRATION_ENABLED).toBe(false);
+      expect(EnvSchema.parse({ OIDC_ENABLED: "false" }).OIDC_ENABLED).toBe(false);
-		});
+    });
-		it("should transform OIDC_ENABLED correctly", () => {
+    it("should transform OIDC_AUTO_CREATE_USERS correctly", () => {
-			expect(EnvSchema.parse({ OIDC_ENABLED: "true" }).OIDC_ENABLED).toBe(true);
+      expect(EnvSchema.parse({ OIDC_AUTO_CREATE_USERS: "true" }).OIDC_AUTO_CREATE_USERS).toBe(true);
-			expect(EnvSchema.parse({ OIDC_ENABLED: "false" }).OIDC_ENABLED).toBe(false);
+      expect(EnvSchema.parse({ OIDC_AUTO_CREATE_USERS: "false" }).OIDC_AUTO_CREATE_USERS).toBe(false);
-		});
+    });
  });
-		it("should transform OIDC_AUTO_CREATE_USERS correctly", () => {
+  describe("JWT secret validation", () => {
-			expect(EnvSchema.parse({ OIDC_AUTO_CREATE_USERS: "true" }).OIDC_AUTO_CREATE_USERS).toBe(true);
+    it("should accept JWT_SECRET with 10+ characters", () => {
-			expect(EnvSchema.parse({ OIDC_AUTO_CREATE_USERS: "false" }).OIDC_AUTO_CREATE_USERS).toBe(false);
+      const result = EnvSchema.parse({ JWT_SECRET: "1234567890" });
-		});
+      expect(result.JWT_SECRET).toBe("1234567890");
-	});
+    });
-	describe("JWT secret validation", () => {
+    it("should reject JWT_SECRET with less than 10 characters", () => {
-		it("should accept JWT_SECRET with 10+ characters", () => {
+      expect(() => EnvSchema.parse({ JWT_SECRET: "123456789" })).toThrow();
-			const result = EnvSchema.parse({ JWT_SECRET: "1234567890" });
+    });
 			expect(result.JWT_SECRET).toBe("1234567890");
 		});
-		it("should reject JWT_SECRET with less than 10 characters", () => {
+    it("should allow optional JWT_SECRET", () => {
-			expect(() => EnvSchema.parse({ JWT_SECRET: "123456789" })).toThrow();
+      const result = EnvSchema.parse({});
-		});
+      expect(result.JWT_SECRET).toBeUndefined();
    });
  });
-		it("should allow optional JWT_SECRET", () => {
+  describe("TTL transformations", () => {
-			const result = EnvSchema.parse({});
+    it("should transform ACCESS_TOKEN_TTL_MINUTES to number", () => {
-			expect(result.JWT_SECRET).toBeUndefined();
+      const result = EnvSchema.parse({ ACCESS_TOKEN_TTL_MINUTES: "30" });
-		});
+      expect(result.ACCESS_TOKEN_TTL_MINUTES).toBe(30);
-	});
+    });
-	describe("TTL transformations", () => {
+    it("should transform REFRESH_TOKEN_TTL_DAYS to number", () => {
-		it("should transform ACCESS_TOKEN_TTL_MINUTES to number", () => {
+      const result = EnvSchema.parse({ REFRESH_TOKEN_TTL_DAYS: "14" });
-			const result = EnvSchema.parse({ ACCESS_TOKEN_TTL_MINUTES: "30" });
+      expect(result.REFRESH_TOKEN_TTL_DAYS).toBe(14);
-			expect(result.ACCESS_TOKEN_TTL_MINUTES).toBe(30);
+    });
-		});
+  });
-		it("should transform REFRESH_TOKEN_TTL_DAYS to number", () => {
+  describe("OIDC URL validation", () => {
-			const result = EnvSchema.parse({ REFRESH_TOKEN_TTL_DAYS: "14" });
+    it("should accept valid OIDC_ISSUER_URL", () => {
-			expect(result.REFRESH_TOKEN_TTL_DAYS).toBe(14);
+      const result = EnvSchema.parse({ OIDC_ISSUER_URL: "https://auth.example.com" });
-		});
+      expect(result.OIDC_ISSUER_URL).toBe("https://auth.example.com");
-	});
+    });
-	describe("OIDC URL validation", () => {
+    it("should reject invalid OIDC_ISSUER_URL", () => {
-		it("should accept valid OIDC_ISSUER_URL", () => {
+      expect(() => EnvSchema.parse({ OIDC_ISSUER_URL: "not-a-url" })).toThrow();
-			const result = EnvSchema.parse({ OIDC_ISSUER_URL: "https://auth.example.com" });
+    });
 			expect(result.OIDC_ISSUER_URL).toBe("https://auth.example.com");
 		});
-		it("should reject invalid OIDC_ISSUER_URL", () => {
+    it("should accept valid OIDC_REDIRECT_URI", () => {
-			expect(() => EnvSchema.parse({ OIDC_ISSUER_URL: "not-a-url" })).toThrow();
+      const result = EnvSchema.parse({ OIDC_REDIRECT_URI: "https://app.example.com/callback" });
-		});
+      expect(result.OIDC_REDIRECT_URI).toBe("https://app.example.com/callback");
    });
-		it("should accept valid OIDC_REDIRECT_URI", () => {
+    it("should reject invalid OIDC_REDIRECT_URI", () => {
-			const result = EnvSchema.parse({ OIDC_REDIRECT_URI: "https://app.example.com/callback" });
+      expect(() => EnvSchema.parse({ OIDC_REDIRECT_URI: "invalid" })).toThrow();
-			expect(result.OIDC_REDIRECT_URI).toBe("https://app.example.com/callback");
+    });
-		});
+  });
-		it("should reject invalid OIDC_REDIRECT_URI", () => {
+  describe("CORS_ORIGINS parsing", () => {
-			expect(() => EnvSchema.parse({ OIDC_REDIRECT_URI: "invalid" })).toThrow();
+    it("should accept comma-separated origins", () => {
-		});
+      const result = EnvSchema.parse({ CORS_ORIGINS: "http://a.com,http://b.com" });
-	});
+      expect(result.CORS_ORIGINS).toBe("http://a.com,http://b.com");
    });
-	describe("CORS_ORIGINS parsing", () => {
+    it("should accept single origin", () => {
-		it("should accept comma-separated origins", () => {
+      const result = EnvSchema.parse({ CORS_ORIGINS: "http://localhost:3000" });
-			const result = EnvSchema.parse({ CORS_ORIGINS: "http://a.com,http://b.com" });
+      expect(result.CORS_ORIGINS).toBe("http://localhost:3000");
-			expect(result.CORS_ORIGINS).toBe("http://a.com,http://b.com");
+    });
-		});
+  });
 		it("should accept single origin", () => {
 			const result = EnvSchema.parse({ CORS_ORIGINS: "http://localhost:3000" });
 			expect(result.CORS_ORIGINS).toBe("http://localhost:3000");
 		});
 	});
 });
 describe("Auth validation", () => {
-	it("should require secrets when AUTH_ENABLED=true", () => {
+  it("should require secrets when AUTH_ENABLED=true", () => {
-		const parsed = EnvSchema.parse({ AUTH_ENABLED: "true" });
+    const parsed = EnvSchema.parse({ AUTH_ENABLED: "true" });
-		const missing = validateAuthSecrets(parsed);
+    const missing = validateAuthSecrets(parsed);
-		expect(missing).toContain("JWT_SECRET");
+    expect(missing).toContain("JWT_SECRET");
-		expect(missing).toContain("REFRESH_SECRET");
+    expect(missing).toContain("REFRESH_SECRET");
-		expect(missing).toContain("COOKIE_SECRET");
+    expect(missing).toContain("COOKIE_SECRET");
-	});
+  });
-	it("should not require secrets when AUTH_ENABLED=false", () => {
+  it("should not require secrets when AUTH_ENABLED=false", () => {
-		const parsed = EnvSchema.parse({ AUTH_ENABLED: "false" });
+    const parsed = EnvSchema.parse({ AUTH_ENABLED: "false" });
-		const missing = validateAuthSecrets(parsed);
+    const missing = validateAuthSecrets(parsed);
-		expect(missing).toHaveLength(0);
+    expect(missing).toHaveLength(0);
-	});
+  });
-	it("should pass validation with all secrets provided", () => {
+  it("should pass validation with all secrets provided", () => {
-		const parsed = EnvSchema.parse({
+    const parsed = EnvSchema.parse({
-			AUTH_ENABLED: "true",
+      AUTH_ENABLED: "true",
-			JWT_SECRET: "super-secret-jwt-key-12345",
+      JWT_SECRET: "super-secret-jwt-key-12345",
-			REFRESH_SECRET: "super-secret-refresh-key-12345",
+      REFRESH_SECRET: "super-secret-refresh-key-12345",
-			COOKIE_SECRET: "super-secret-cookie-key-12345",
+      COOKIE_SECRET: "super-secret-cookie-key-12345",
-		});
+    });
-		const missing = validateAuthSecrets(parsed);
+    const missing = validateAuthSecrets(parsed);
-		expect(missing).toHaveLength(0);
+    expect(missing).toHaveLength(0);
-	});
+  });
-	it("should identify which specific secrets are missing", () => {
+  it("should identify which specific secrets are missing", () => {
-		const parsed = EnvSchema.parse({
+    const parsed = EnvSchema.parse({
-			AUTH_ENABLED: "true",
+      AUTH_ENABLED: "true",
-			JWT_SECRET: "super-secret-jwt-key-12345",
+      JWT_SECRET: "super-secret-jwt-key-12345",
-			// REFRESH_SECRET missing
+      // REFRESH_SECRET missing
-			COOKIE_SECRET: "super-secret-cookie-key-12345",
+      COOKIE_SECRET: "super-secret-cookie-key-12345",
-		});
+    });
-		const missing = validateAuthSecrets(parsed);
+    const missing = validateAuthSecrets(parsed);
-		expect(missing).toHaveLength(1);
+    expect(missing).toHaveLength(1);
-		expect(missing).toContain("REFRESH_SECRET");
+    expect(missing).toContain("REFRESH_SECRET");
-	});
+  });
 });
 describe("OIDC validation", () => {
-	it("should require all OIDC settings when OIDC_ENABLED=true", () => {
+  it("should require all OIDC settings when OIDC_ENABLED=true", () => {
-		const parsed = EnvSchema.parse({ OIDC_ENABLED: "true" });
+    const parsed = EnvSchema.parse({ OIDC_ENABLED: "true" });
-		const missing = validateOidcConfig(parsed);
+    const missing = validateOidcConfig(parsed);
-		expect(missing).toContain("OIDC_ISSUER_URL");
+    expect(missing).toContain("OIDC_ISSUER_URL");
-		expect(missing).toContain("OIDC_CLIENT_ID");
+    expect(missing).toContain("OIDC_CLIENT_ID");
-		expect(missing).toContain("OIDC_CLIENT_SECRET");
+    expect(missing).toContain("OIDC_CLIENT_SECRET");
-		expect(missing).toContain("OIDC_REDIRECT_URI");
+    expect(missing).toContain("OIDC_REDIRECT_URI");
-	});
+  });
-	it("should not require OIDC settings when OIDC_ENABLED=false", () => {
+  it("should not require OIDC settings when OIDC_ENABLED=false", () => {
-		const parsed = EnvSchema.parse({ OIDC_ENABLED: "false" });
+    const parsed = EnvSchema.parse({ OIDC_ENABLED: "false" });
-		const missing = validateOidcConfig(parsed);
+    const missing = validateOidcConfig(parsed);
-		expect(missing).toHaveLength(0);
+    expect(missing).toHaveLength(0);
-	});
+  });
-	it("should pass validation with all OIDC settings provided", () => {
+  it("should pass validation with all OIDC settings provided", () => {
-		const parsed = EnvSchema.parse({
+    const parsed = EnvSchema.parse({
-			OIDC_ENABLED: "true",
+      OIDC_ENABLED: "true",
-			OIDC_ISSUER_URL: "https://auth.example.com",
+      OIDC_ISSUER_URL: "https://auth.example.com",
-			OIDC_CLIENT_ID: "my-client-id",
+      OIDC_CLIENT_ID: "my-client-id",
-			OIDC_CLIENT_SECRET: "my-client-secret",
+      OIDC_CLIENT_SECRET: "my-client-secret",
-			OIDC_REDIRECT_URI: "https://app.example.com/callback",
+      OIDC_REDIRECT_URI: "https://app.example.com/callback",
-		});
+    });
-		const missing = validateOidcConfig(parsed);
+    const missing = validateOidcConfig(parsed);
-		expect(missing).toHaveLength(0);
+    expect(missing).toHaveLength(0);
-	});
+  });
-	it("should identify which specific OIDC settings are missing", () => {
+  it("should identify which specific OIDC settings are missing", () => {
-		const parsed = EnvSchema.parse({
+    const parsed = EnvSchema.parse({
-			OIDC_ENABLED: "true",
+      OIDC_ENABLED: "true",
-			OIDC_ISSUER_URL: "https://auth.example.com",
+      OIDC_ISSUER_URL: "https://auth.example.com",
-			OIDC_CLIENT_ID: "my-client-id",
+      OIDC_CLIENT_ID: "my-client-id",
-			// OIDC_CLIENT_SECRET missing
+      // OIDC_CLIENT_SECRET missing
-			// OIDC_REDIRECT_URI missing
+      // OIDC_REDIRECT_URI missing
-		});
+    });
-		const missing = validateOidcConfig(parsed);
+    const missing = validateOidcConfig(parsed);
-		expect(missing).toHaveLength(2);
+    expect(missing).toHaveLength(2);
-		expect(missing).toContain("OIDC_CLIENT_SECRET");
+    expect(missing).toContain("OIDC_CLIENT_SECRET");
-		expect(missing).toContain("OIDC_REDIRECT_URI");
+    expect(missing).toContain("OIDC_REDIRECT_URI");
-	});
+  });
 });
 describe("Full configuration scenarios", () => {
-	it("should parse minimal config (auth disabled)", () => {
+  it("should parse minimal config (auth disabled)", () => {
-		const result = EnvSchema.parse({});
+    const result = EnvSchema.parse({});
-		expect(result.AUTH_ENABLED).toBe(false);
+    expect(result.AUTH_ENABLED).toBe(false);
-		expect(result.OIDC_ENABLED).toBe(false);
+    expect(result.OIDC_ENABLED).toBe(false);
-	});
+  });
-	it("should parse full production config with auth enabled", () => {
+  it("should parse full production config with auth enabled", () => {
-		const env = {
+    const env = {
-			NODE_ENV: "production",
+      NODE_ENV: "production",
-			PORT: "8080",
+      PORT: "8080",
-			CORS_ORIGINS: "https://myapp.com",
+      CORS_ORIGINS: "https://myapp.com",
-			LOG_LEVEL: "warn",
+      LOG_LEVEL: "warn",
-			AUTH_ENABLED: "true",
+      AUTH_ENABLED: "true",
-			REGISTRATION_ENABLED: "false",
+      REGISTRATION_ENABLED: "false",
-			JWT_SECRET: "production-jwt-secret-key-12345",
+      JWT_SECRET: "production-jwt-secret-key-12345",
-			REFRESH_SECRET: "production-refresh-secret-key-12345",
+      REFRESH_SECRET: "production-refresh-secret-key-12345",
-			COOKIE_SECRET: "production-cookie-secret-key-12345",
+      COOKIE_SECRET: "production-cookie-secret-key-12345",
-			ACCESS_TOKEN_TTL_MINUTES: "30",
+      ACCESS_TOKEN_TTL_MINUTES: "30",
-			REFRESH_TOKEN_TTL_DAYS: "14",
+      REFRESH_TOKEN_TTL_DAYS: "14",
-		};
+    };
    const result = EnvSchema.parse(env);
    expect(result.NODE_ENV).toBe("production");
    expect(result.PORT).toBe(8080);
    expect(result.CORS_ORIGINS).toBe("https://myapp.com");
    expect(result.LOG_LEVEL).toBe("warn");
    expect(result.AUTH_ENABLED).toBe(true);
    expect(result.REGISTRATION_ENABLED).toBe(false);
    expect(result.ACCESS_TOKEN_TTL_MINUTES).toBe(30);
    expect(result.REFRESH_TOKEN_TTL_DAYS).toBe(14);
    // Should pass auth validation
    const missing = validateAuthSecrets(result);
    expect(missing).toHaveLength(0);
  });
-		const result = EnvSchema.parse(env);
+  it("should parse config with OIDC SSO enabled", () => {
    const env = {
      AUTH_ENABLED: "true",
      JWT_SECRET: "production-jwt-secret-key-12345",
      REFRESH_SECRET: "production-refresh-secret-key-12345",
      COOKIE_SECRET: "production-cookie-secret-key-12345",
      OIDC_ENABLED: "true",
      OIDC_ISSUER_URL: "https://authelia.example.com",
      OIDC_CLIENT_ID: "medassist",
      OIDC_CLIENT_SECRET: "super-secret-oidc-secret",
      OIDC_REDIRECT_URI: "https://medassist.example.com/api/auth/oidc/callback",
      OIDC_SCOPES: "openid profile email groups",
      OIDC_USERNAME_CLAIM: "email",
      OIDC_PROVIDER_NAME: "Authelia",
    };
    const result = EnvSchema.parse(env);
    expect(result.OIDC_ENABLED).toBe(true);
    expect(result.OIDC_ISSUER_URL).toBe("https://authelia.example.com");
    expect(result.OIDC_SCOPES).toBe("openid profile email groups");
    expect(result.OIDC_USERNAME_CLAIM).toBe("email");
    expect(result.OIDC_PROVIDER_NAME).toBe("Authelia");
    // Should pass both validations
    expect(validateAuthSecrets(result)).toHaveLength(0);
    expect(validateOidcConfig(result)).toHaveLength(0);
  });
-		expect(result.NODE_ENV).toBe("production");
+  it("should parse development config", () => {
-		expect(result.PORT).toBe(8080);
+    const env = {
-		expect(result.CORS_ORIGINS).toBe("https://myapp.com");
+      NODE_ENV: "development",
-		expect(result.LOG_LEVEL).toBe("warn");
+      PORT: "3000",
-		expect(result.AUTH_ENABLED).toBe(true);
+      LOG_LEVEL: "debug",
-		expect(result.REGISTRATION_ENABLED).toBe(false);
+      AUTH_ENABLED: "false",
-		expect(result.ACCESS_TOKEN_TTL_MINUTES).toBe(30);
+    };
-		expect(result.REFRESH_TOKEN_TTL_DAYS).toBe(14);
+    
-
+    const result = EnvSchema.parse(env);
-		// Should pass auth validation
+    
-		const missing = validateAuthSecrets(result);
+    expect(result.NODE_ENV).toBe("development");
-		expect(missing).toHaveLength(0);
+    expect(result.LOG_LEVEL).toBe("debug");
-	});
+    expect(result.AUTH_ENABLED).toBe(false);
-
+  });
 	it("should parse config with OIDC SSO enabled", () => {
 		const env = {
 			AUTH_ENABLED: "true",
 			JWT_SECRET: "production-jwt-secret-key-12345",
 			REFRESH_SECRET: "production-refresh-secret-key-12345",
 			COOKIE_SECRET: "production-cookie-secret-key-12345",
 			OIDC_ENABLED: "true",
 			OIDC_ISSUER_URL: "https://authelia.example.com",
 			OIDC_CLIENT_ID: "medassist",
 			OIDC_CLIENT_SECRET: "super-secret-oidc-secret",
 			OIDC_REDIRECT_URI: "https://medassist.example.com/api/auth/oidc/callback",
 			OIDC_SCOPES: "openid profile email groups",
 			OIDC_USERNAME_CLAIM: "email",
 			OIDC_PROVIDER_NAME: "Authelia",
 		};
 		const result = EnvSchema.parse(env);
 		expect(result.OIDC_ENABLED).toBe(true);
 		expect(result.OIDC_ISSUER_URL).toBe("https://authelia.example.com");
 		expect(result.OIDC_SCOPES).toBe("openid profile email groups");
 		expect(result.OIDC_USERNAME_CLAIM).toBe("email");
 		expect(result.OIDC_PROVIDER_NAME).toBe("Authelia");
 		// Should pass both validations
 		expect(validateAuthSecrets(result)).toHaveLength(0);
 		expect(validateOidcConfig(result)).toHaveLength(0);
 	});
 	it("should parse development config", () => {
 		const env = {
 			NODE_ENV: "development",
 			PORT: "3000",
 			LOG_LEVEL: "debug",
 			AUTH_ENABLED: "false",
 		};
 		const result = EnvSchema.parse(env);
 		expect(result.NODE_ENV).toBe("development");
 		expect(result.LOG_LEVEL).toBe("debug");
 		expect(result.AUTH_ENABLED).toBe(false);
 	});
 });
@@ -1,151 +0,0 @@
 import cookie from "@fastify/cookie";
 import Fastify from "fastify";
 import { afterEach, describe, expect, it, vi } from "vitest";
 type OidcMocks = {
 	discovery: ReturnType<typeof vi.fn>;
 	buildAuthorizationUrl: ReturnType<typeof vi.fn>;
 };
 async function buildOidcApp(envOverrides: Record<string, unknown>) {
 	vi.resetModules();
 	const env = {
 		OIDC_ENABLED: true,
 		OIDC_ISSUER_URL: "https://issuer.example.com",
 		OIDC_CLIENT_ID: "medassist-client",
 		OIDC_CLIENT_SECRET: "medassist-client-secret",
 		OIDC_REDIRECT_URI: "https://app.example.com/api/auth/oidc/callback",
 		OIDC_SCOPES: "openid profile email",
 		OIDC_AUTO_CREATE_USERS: true,
 		OIDC_USERNAME_CLAIM: "preferred_username",
 		OIDC_PROVIDER_NAME: "SSO",
 		NODE_ENV: "test",
 		CORS_ORIGINS: "http://localhost:5173",
 		ACCESS_TOKEN_TTL_MINUTES: 15,
 		REFRESH_TOKEN_TTL_DAYS: 7,
 		...envOverrides,
 	};
 	vi.doMock("../plugins/env.js", () => ({ env }));
 	vi.doMock("../db/client.js", () => ({
 		db: {
 			select: vi.fn(() => ({ from: vi.fn(() => ({ where: vi.fn().mockResolvedValue([]) })) })),
 			insert: vi.fn(() => ({
 				values: vi.fn(() => ({ returning: vi.fn().mockResolvedValue([{ id: 1, username: "sso-user" }]) })),
 			})),
 			update: vi.fn(() => ({ set: vi.fn(() => ({ where: vi.fn().mockResolvedValue(undefined) })) })),
 		},
 	}));
 	const discovery = vi.fn().mockResolvedValue({ issuer: "https://issuer.example.com" });
 	const buildAuthorizationUrl = vi.fn().mockImplementation((_cfg, params) => {
 		const state = typeof params?.state === "string" ? params.state : "state";
 		return new URL(`https://issuer.example.com/authorize?state=${state}`);
 	});
 	vi.doMock("openid-client", () => ({
 		discovery,
 		buildAuthorizationUrl,
 		authorizationCodeGrant: vi.fn(),
 		fetchUserInfo: vi.fn(),
 	}));
 	const { oidcRoutes } = await import("../routes/oidc.js");
 	const app = Fastify({ logger: false });
 	await app.register(cookie, { secret: "test-cookie-secret" });
 	app.decorate("config", {
 		accessSecret: "test-jwt-secret-12345",
 		refreshSecret: "test-refresh-secret-12345",
 		accessTtl: 15 * 60,
 		refreshTtl: 7 * 24 * 60 * 60,
 		cookieOptions: { httpOnly: true, sameSite: "lax", secure: false, path: "/" },
 		refreshCookieOptions: { httpOnly: true, sameSite: "lax", secure: false, path: "/auth" },
 	});
 	await app.register(oidcRoutes);
 	await app.ready();
 	return {
 		app,
 		mocks: { discovery, buildAuthorizationUrl } as OidcMocks,
 	};
 }
 afterEach(() => {
 	vi.restoreAllMocks();
 });
 describe("OIDC routes", () => {
 	it("returns 400 on login and callback when oidc is disabled", async () => {
 		const { app } = await buildOidcApp({ OIDC_ENABLED: false });
 		try {
 			const login = await app.inject({ method: "GET", url: "/auth/oidc/login" });
 			const callback = await app.inject({ method: "GET", url: "/auth/oidc/callback" });
 			expect(login.statusCode).toBe(400);
 			expect(callback.statusCode).toBe(400);
 		} finally {
 			await app.close();
 		}
 	});
 	it("redirects to provider and sets PKCE cookies on /auth/oidc/login", async () => {
 		const { app, mocks } = await buildOidcApp({ OIDC_ENABLED: true });
 		try {
 			const res = await app.inject({ method: "GET", url: "/auth/oidc/login" });
 			expect(res.statusCode).toBe(302);
 			expect(res.headers.location).toContain("https://issuer.example.com/authorize");
 			expect(res.cookies.some((c) => c.name === "oidc_code_verifier")).toBe(true);
 			expect(res.cookies.some((c) => c.name === "oidc_state")).toBe(true);
 			expect(mocks.discovery).toHaveBeenCalledTimes(1);
 			expect(mocks.buildAuthorizationUrl).toHaveBeenCalledTimes(1);
 		} finally {
 			await app.close();
 		}
 	});
 	it("redirects with provider error when callback contains error params", async () => {
 		const { app } = await buildOidcApp({ OIDC_ENABLED: true });
 		try {
 			const res = await app.inject({
 				method: "GET",
 				url: "/auth/oidc/callback?error=access_denied&error_description=user_cancelled",
 			});
 			expect(res.statusCode).toBe(302);
 			expect(res.headers.location).toBe("http://localhost:5173/?error=oidc_access_denied");
 		} finally {
 			await app.close();
 		}
 	});
 	it("redirects when callback is missing required params", async () => {
 		const { app } = await buildOidcApp({ OIDC_ENABLED: true });
 		try {
 			const res = await app.inject({ method: "GET", url: "/auth/oidc/callback" });
 			expect(res.statusCode).toBe(302);
 			expect(res.headers.location).toBe("http://localhost:5173/?error=oidc_missing_params");
 		} finally {
 			await app.close();
 		}
 	});
 	it("redirects when callback state validation fails", async () => {
 		const { app } = await buildOidcApp({ OIDC_ENABLED: true });
 		try {
 			const res = await app.inject({
 				method: "GET",
 				url: "/auth/oidc/callback?code=abc123&state=state123",
 			});
 			expect(res.statusCode).toBe(302);
 			expect(res.headers.location).toBe("http://localhost:5173/?error=oidc_state_mismatch");
 		} finally {
 			await app.close();
 		}
 	});
 });
@@ -2,14 +2,14 @@
 * Tests for /medications/:id/refill and /medications/:id/refills API endpoints.
 * Tests adding refills to medication stock and retrieving refill history.
 */
-import { afterAll, beforeAll, beforeEach, describe, expect, it } from "vitest";
+import { describe, it, expect, beforeAll, afterAll, beforeEach } from "vitest";
 import {
-	buildTestApp,
+  buildTestApp,
-	clearTestData,
+  closeTestApp,
-	closeTestApp,
+  clearTestData,
-	createTestMedication,
+  createTestUser,
-	createTestUser,
+  createTestMedication,
-	type TestContext,
+  TestContext,
 } from "./setup.js";
 // Store userId at module level so routes can access it
@@ -20,98 +20,96 @@ let currentUserId = 1;
 // =============================================================================
 async function registerRefillRoutes(ctx: TestContext) {
-	const { app, client } = ctx;
+  const { app, client } = ctx;
-	// POST /medications/:id/refill - Add stock and record history
+  // POST /medications/:id/refill - Add stock and record history
-	app.post<{ Params: { id: string }; Body: { packsAdded?: number; loosePillsAdded?: number } }>(
+  app.post<{ Params: { id: string }; Body: { packsAdded?: number; loosePillsAdded?: number } }>(
-		"/medications/:id/refill",
+    "/medications/:id/refill",
-		async (request, reply) => {
+    async (request, reply) => {
-			const userId = currentUserId;
+      const userId = currentUserId;
-			const medId = parseInt(request.params.id, 10);
+      const medId = parseInt(request.params.id, 10);
-			const { packsAdded = 0, loosePillsAdded = 0 } = request.body || {};
+      const { packsAdded = 0, loosePillsAdded = 0 } = request.body || {};
-			// Validate input
+      // Validate input
-			if (packsAdded < 0 || loosePillsAdded < 0) {
+      if (packsAdded < 0 || loosePillsAdded < 0) {
-				return reply.status(400).send({ error: "packsAdded and loosePillsAdded must be non-negative" });
+        return reply.status(400).send({ error: "packsAdded and loosePillsAdded must be non-negative" });
-			}
+      }
-			if (packsAdded === 0 && loosePillsAdded === 0) {
+      if (packsAdded === 0 && loosePillsAdded === 0) {
-				return reply
+        return reply.status(400).send({ error: "At least one of packsAdded or loosePillsAdded must be greater than 0" });
-					.status(400)
+      }
 					.send({ error: "At least one of packsAdded or loosePillsAdded must be greater than 0" });
 			}
-			// Check medication exists and belongs to user
+      // Check medication exists and belongs to user
-			const medResult = await client.execute({
+      const medResult = await client.execute({
-				sql: `SELECT id, pack_count, loose_tablets, blisters_per_pack, pills_per_blister 
+        sql: `SELECT id, pack_count, loose_tablets, blisters_per_pack, pills_per_blister 
              FROM medications WHERE id = ? AND user_id = ?`,
-				args: [medId, userId],
+        args: [medId, userId],
-			});
+      });
-			if (medResult.rows.length === 0) {
+      if (medResult.rows.length === 0) {
-				return reply.status(404).send({ error: "Medication not found" });
+        return reply.status(404).send({ error: "Medication not found" });
-			}
+      }
-			const med = medResult.rows[0];
+      const med = medResult.rows[0];
-			const newPackCount = (med.pack_count as number) + packsAdded;
+      const newPackCount = (med.pack_count as number) + packsAdded;
-			const newLooseTablets = (med.loose_tablets as number) + loosePillsAdded;
+      const newLooseTablets = (med.loose_tablets as number) + loosePillsAdded;
-			const pillsPerPack = (med.blisters_per_pack as number) * (med.pills_per_blister as number);
+      const pillsPerPack = (med.blisters_per_pack as number) * (med.pills_per_blister as number);
-			const totalPillsAdded = packsAdded * pillsPerPack + loosePillsAdded;
+      const totalPillsAdded = packsAdded * pillsPerPack + loosePillsAdded;
-			// Update medication stock
+      // Update medication stock
-			await client.execute({
+      await client.execute({
-				sql: `UPDATE medications SET pack_count = ?, loose_tablets = ? WHERE id = ?`,
+        sql: `UPDATE medications SET pack_count = ?, loose_tablets = ? WHERE id = ?`,
-				args: [newPackCount, newLooseTablets, medId],
+        args: [newPackCount, newLooseTablets, medId],
-			});
+      });
-			// Record refill history
+      // Record refill history
-			await client.execute({
+      await client.execute({
-				sql: `INSERT INTO refill_history (medication_id, user_id, packs_added, loose_pills_added) 
+        sql: `INSERT INTO refill_history (medication_id, user_id, packs_added, loose_pills_added) 
              VALUES (?, ?, ?, ?)`,
-				args: [medId, userId, packsAdded, loosePillsAdded],
+        args: [medId, userId, packsAdded, loosePillsAdded],
-			});
+      });
-			return {
+      return {
-				success: true,
+        success: true,
-				pillsAdded: totalPillsAdded,
+        pillsAdded: totalPillsAdded,
-				newPackCount,
+        newPackCount,
-				newLooseTablets,
+        newLooseTablets,
-			};
+      };
-		}
+    }
-	);
+  );
-	// GET /medications/:id/refills - Get refill history
+  // GET /medications/:id/refills - Get refill history
-	app.get<{ Params: { id: string } }>("/medications/:id/refills", async (request, reply) => {
+  app.get<{ Params: { id: string } }>("/medications/:id/refills", async (request, reply) => {
-		const userId = currentUserId;
+    const userId = currentUserId;
-		const medId = parseInt(request.params.id, 10);
+    const medId = parseInt(request.params.id, 10);
-		// Check medication exists and belongs to user
+    // Check medication exists and belongs to user
-		const medResult = await client.execute({
+    const medResult = await client.execute({
-			sql: `SELECT id FROM medications WHERE id = ? AND user_id = ?`,
+      sql: `SELECT id FROM medications WHERE id = ? AND user_id = ?`,
-			args: [medId, userId],
+      args: [medId, userId],
-		});
+    });
-		if (medResult.rows.length === 0) {
+    if (medResult.rows.length === 0) {
-			return reply.status(404).send({ error: "Medication not found" });
+      return reply.status(404).send({ error: "Medication not found" });
-		}
+    }
-		// Get refill history, newest first
+    // Get refill history, newest first
-		const refillResult = await client.execute({
+    const refillResult = await client.execute({
-			sql: `SELECT id, packs_added, loose_pills_added, refill_date 
+      sql: `SELECT id, packs_added, loose_pills_added, refill_date 
            FROM refill_history 
            WHERE medication_id = ? AND user_id = ?
            ORDER BY refill_date DESC`,
-			args: [medId, userId],
+      args: [medId, userId],
-		});
+    });
-		return {
+    return {
-			refills: refillResult.rows.map((r) => ({
+      refills: refillResult.rows.map((r) => ({
-				id: r.id,
+        id: r.id,
-				packsAdded: r.packs_added,
+        packsAdded: r.packs_added,
-				loosePillsAdded: r.loose_pills_added,
+        loosePillsAdded: r.loose_pills_added,
-				refillDate: r.refill_date,
+        refillDate: r.refill_date,
-			})),
+      })),
-		};
+    };
-	});
+  });
 }
 // =============================================================================
@@ -119,278 +117,278 @@ async function registerRefillRoutes(ctx: TestContext) {
 // =============================================================================
 describe("Refill API", () => {
-	let ctx: TestContext;
+  let ctx: TestContext;
-	let userId: number;
+  let userId: number;
-	let medId: number;
+  let medId: number;
-	beforeAll(async () => {
+  beforeAll(async () => {
-		ctx = await buildTestApp();
+    ctx = await buildTestApp();
-		await registerRefillRoutes(ctx);
+    await registerRefillRoutes(ctx);
-		await ctx.app.ready();
+    await ctx.app.ready();
-	});
+  });
-	afterAll(async () => {
+  afterAll(async () => {
-		await closeTestApp(ctx);
+    await closeTestApp(ctx);
-	});
+  });
-	beforeEach(async () => {
+  beforeEach(async () => {
-		await clearTestData(ctx.client);
+    await clearTestData(ctx.client);
-		// Create test user
+    // Create test user
-		userId = await createTestUser(ctx.client, { username: "testuser" });
+    userId = await createTestUser(ctx.client, { username: "testuser" });
-		// Update the module-level userId so routes use the correct one
+    // Update the module-level userId so routes use the correct one
-		currentUserId = userId;
+    currentUserId = userId;
-		// Create a test medication with 1 pack (10 blisters × 10 pills = 100 pills/pack)
+    // Create a test medication with 1 pack (10 blisters × 10 pills = 100 pills/pack)
-		medId = await createTestMedication(ctx.client, {
+    medId = await createTestMedication(ctx.client, {
-			userId,
+      userId,
-			name: "Test Med",
+      name: "Test Med",
-			packCount: 1,
+      packCount: 1,
-			blistersPerPack: 10,
+      blistersPerPack: 10,
-			pillsPerBlister: 10,
+      pillsPerBlister: 10,
-			looseTablets: 5,
+      looseTablets: 5,
-		});
+    });
-	});
+  });
-	// ---------------------------------------------------------------------------
+  // ---------------------------------------------------------------------------
-	// POST /medications/:id/refill
+  // POST /medications/:id/refill
-	// ---------------------------------------------------------------------------
+  // ---------------------------------------------------------------------------
-	describe("POST /medications/:id/refill", () => {
+  describe("POST /medications/:id/refill", () => {
-		it("should add packs to medication stock", async () => {
+    it("should add packs to medication stock", async () => {
-			const response = await ctx.app.inject({
+      const response = await ctx.app.inject({
-				method: "POST",
+        method: "POST",
-				url: `/medications/${medId}/refill`,
+        url: `/medications/${medId}/refill`,
-				payload: { packsAdded: 2 },
+        payload: { packsAdded: 2 },
-			});
+      });
-			expect(response.statusCode).toBe(200);
+      expect(response.statusCode).toBe(200);
-			const data = response.json();
+      const data = response.json();
-			expect(data.success).toBe(true);
+      expect(data.success).toBe(true);
-			expect(data.pillsAdded).toBe(200); // 2 packs × 100 pills
+      expect(data.pillsAdded).toBe(200); // 2 packs × 100 pills
-			expect(data.newPackCount).toBe(3); // 1 + 2
+      expect(data.newPackCount).toBe(3); // 1 + 2
-			// Verify in database
+      // Verify in database
-			const result = await ctx.client.execute({
+      const result = await ctx.client.execute({
-				sql: `SELECT pack_count FROM medications WHERE id = ?`,
+        sql: `SELECT pack_count FROM medications WHERE id = ?`,
-				args: [medId],
+        args: [medId],
-			});
+      });
-			expect(result.rows[0].pack_count).toBe(3);
+      expect(result.rows[0].pack_count).toBe(3);
-		});
+    });
-		it("should add loose pills to medication stock", async () => {
+    it("should add loose pills to medication stock", async () => {
-			const response = await ctx.app.inject({
+      const response = await ctx.app.inject({
-				method: "POST",
+        method: "POST",
-				url: `/medications/${medId}/refill`,
+        url: `/medications/${medId}/refill`,
-				payload: { loosePillsAdded: 15 },
+        payload: { loosePillsAdded: 15 },
-			});
+      });
-			expect(response.statusCode).toBe(200);
+      expect(response.statusCode).toBe(200);
-			const data = response.json();
+      const data = response.json();
-			expect(data.success).toBe(true);
+      expect(data.success).toBe(true);
-			expect(data.pillsAdded).toBe(15);
+      expect(data.pillsAdded).toBe(15);
-			expect(data.newLooseTablets).toBe(20); // 5 + 15
+      expect(data.newLooseTablets).toBe(20); // 5 + 15
-			// Verify in database
+      // Verify in database
-			const result = await ctx.client.execute({
+      const result = await ctx.client.execute({
-				sql: `SELECT loose_tablets FROM medications WHERE id = ?`,
+        sql: `SELECT loose_tablets FROM medications WHERE id = ?`,
-				args: [medId],
+        args: [medId],
-			});
+      });
-			expect(result.rows[0].loose_tablets).toBe(20);
+      expect(result.rows[0].loose_tablets).toBe(20);
-		});
+    });
-		it("should add both packs and loose pills", async () => {
+    it("should add both packs and loose pills", async () => {
-			const response = await ctx.app.inject({
+      const response = await ctx.app.inject({
-				method: "POST",
+        method: "POST",
-				url: `/medications/${medId}/refill`,
+        url: `/medications/${medId}/refill`,
-				payload: { packsAdded: 1, loosePillsAdded: 10 },
+        payload: { packsAdded: 1, loosePillsAdded: 10 },
-			});
+      });
-			expect(response.statusCode).toBe(200);
+      expect(response.statusCode).toBe(200);
-			const data = response.json();
+      const data = response.json();
-			expect(data.success).toBe(true);
+      expect(data.success).toBe(true);
-			expect(data.pillsAdded).toBe(110); // 1 pack (100) + 10 loose
+      expect(data.pillsAdded).toBe(110); // 1 pack (100) + 10 loose
-			expect(data.newPackCount).toBe(2);
+      expect(data.newPackCount).toBe(2);
-			expect(data.newLooseTablets).toBe(15);
+      expect(data.newLooseTablets).toBe(15);
-		});
+    });
-		it("should record refill in history", async () => {
+    it("should record refill in history", async () => {
-			await ctx.app.inject({
+      await ctx.app.inject({
-				method: "POST",
+        method: "POST",
-				url: `/medications/${medId}/refill`,
+        url: `/medications/${medId}/refill`,
-				payload: { packsAdded: 2, loosePillsAdded: 5 },
+        payload: { packsAdded: 2, loosePillsAdded: 5 },
-			});
+      });
-			// Check history
+      // Check history
-			const result = await ctx.client.execute({
+      const result = await ctx.client.execute({
-				sql: `SELECT packs_added, loose_pills_added FROM refill_history WHERE medication_id = ?`,
+        sql: `SELECT packs_added, loose_pills_added FROM refill_history WHERE medication_id = ?`,
-				args: [medId],
+        args: [medId],
-			});
+      });
-			expect(result.rows.length).toBe(1);
+      expect(result.rows.length).toBe(1);
-			expect(result.rows[0].packs_added).toBe(2);
+      expect(result.rows[0].packs_added).toBe(2);
-			expect(result.rows[0].loose_pills_added).toBe(5);
+      expect(result.rows[0].loose_pills_added).toBe(5);
-		});
+    });
-		it("should reject refill with zero amounts", async () => {
+    it("should reject refill with zero amounts", async () => {
-			const response = await ctx.app.inject({
+      const response = await ctx.app.inject({
-				method: "POST",
+        method: "POST",
-				url: `/medications/${medId}/refill`,
+        url: `/medications/${medId}/refill`,
-				payload: { packsAdded: 0, loosePillsAdded: 0 },
+        payload: { packsAdded: 0, loosePillsAdded: 0 },
-			});
+      });
-			expect(response.statusCode).toBe(400);
+      expect(response.statusCode).toBe(400);
-			expect(response.json().error).toContain("At least one");
+      expect(response.json().error).toContain("At least one");
-		});
+    });
-		it("should reject refill with negative amounts", async () => {
+    it("should reject refill with negative amounts", async () => {
-			const response = await ctx.app.inject({
+      const response = await ctx.app.inject({
-				method: "POST",
+        method: "POST",
-				url: `/medications/${medId}/refill`,
+        url: `/medications/${medId}/refill`,
-				payload: { packsAdded: -1 },
+        payload: { packsAdded: -1 },
-			});
+      });
-			expect(response.statusCode).toBe(400);
+      expect(response.statusCode).toBe(400);
-			expect(response.json().error).toContain("non-negative");
+      expect(response.json().error).toContain("non-negative");
-		});
+    });
-		it("should return 404 for non-existent medication", async () => {
+    it("should return 404 for non-existent medication", async () => {
-			const response = await ctx.app.inject({
+      const response = await ctx.app.inject({
-				method: "POST",
+        method: "POST",
-				url: `/medications/99999/refill`,
+        url: `/medications/99999/refill`,
-				payload: { packsAdded: 1 },
+        payload: { packsAdded: 1 },
-			});
+      });
-			expect(response.statusCode).toBe(404);
+      expect(response.statusCode).toBe(404);
-			expect(response.json().error).toBe("Medication not found");
+      expect(response.json().error).toBe("Medication not found");
-		});
+    });
-	});
+  });
-	// ---------------------------------------------------------------------------
+  // ---------------------------------------------------------------------------
-	// GET /medications/:id/refills
+  // GET /medications/:id/refills
-	// ---------------------------------------------------------------------------
+  // ---------------------------------------------------------------------------
-	describe("GET /medications/:id/refills", () => {
+  describe("GET /medications/:id/refills", () => {
-		it("should return empty array when no refills", async () => {
+    it("should return empty array when no refills", async () => {
-			const response = await ctx.app.inject({
+      const response = await ctx.app.inject({
-				method: "GET",
+        method: "GET",
-				url: `/medications/${medId}/refills`,
+        url: `/medications/${medId}/refills`,
-			});
+      });
-			expect(response.statusCode).toBe(200);
+      expect(response.statusCode).toBe(200);
-			expect(response.json()).toEqual({ refills: [] });
+      expect(response.json()).toEqual({ refills: [] });
-		});
+    });
-		it("should return refill history newest first", async () => {
+    it("should return refill history newest first", async () => {
-			// Add two refills with different values so we can identify them
+      // Add two refills with different values so we can identify them
-			await ctx.app.inject({
+      await ctx.app.inject({
-				method: "POST",
+        method: "POST",
-				url: `/medications/${medId}/refill`,
+        url: `/medications/${medId}/refill`,
-				payload: { packsAdded: 1, loosePillsAdded: 0 },
+        payload: { packsAdded: 1, loosePillsAdded: 0 },
-			});
+      });
-			// Increase delay to ensure different timestamps (SQLite datetime has second precision)
+      // Increase delay to ensure different timestamps (SQLite datetime has second precision)
-			await new Promise((r) => setTimeout(r, 1100));
+      await new Promise((r) => setTimeout(r, 1100));
-			await ctx.app.inject({
+      await ctx.app.inject({
-				method: "POST",
+        method: "POST",
-				url: `/medications/${medId}/refill`,
+        url: `/medications/${medId}/refill`,
-				payload: { packsAdded: 0, loosePillsAdded: 20 },
+        payload: { packsAdded: 0, loosePillsAdded: 20 },
-			});
+      });
-			const response = await ctx.app.inject({
+      const response = await ctx.app.inject({
-				method: "GET",
+        method: "GET",
-				url: `/medications/${medId}/refills`,
+        url: `/medications/${medId}/refills`,
-			});
+      });
-			expect(response.statusCode).toBe(200);
+      expect(response.statusCode).toBe(200);
-			const data = response.json();
+      const data = response.json();
-			expect(data.refills).toHaveLength(2);
+      expect(data.refills).toHaveLength(2);
      // Newest first (loose pills - added second)
      expect(data.refills[0].packsAdded).toBe(0);
      expect(data.refills[0].loosePillsAdded).toBe(20);
      // Older (packs - added first)
      expect(data.refills[1].packsAdded).toBe(1);
      expect(data.refills[1].loosePillsAdded).toBe(0);
-			// Newest first (loose pills - added second)
+      // Each entry should have an id and refillDate
-			expect(data.refills[0].packsAdded).toBe(0);
+      for (const refill of data.refills) {
-			expect(data.refills[0].loosePillsAdded).toBe(20);
+        expect(refill.id).toBeTypeOf("number");
        expect(refill.refillDate).toBeTruthy();
      }
    });
-			// Older (packs - added first)
+    it("should return 404 for non-existent medication", async () => {
-			expect(data.refills[1].packsAdded).toBe(1);
+      const response = await ctx.app.inject({
-			expect(data.refills[1].loosePillsAdded).toBe(0);
+        method: "GET",
        url: `/medications/99999/refills`,
      });
-			// Each entry should have an id and refillDate
+      expect(response.statusCode).toBe(404);
-			for (const refill of data.refills) {
+      expect(response.json().error).toBe("Medication not found");
-				expect(refill.id).toBeTypeOf("number");
+    });
-				expect(refill.refillDate).toBeTruthy();
+  });
 			}
 		});
-		it("should return 404 for non-existent medication", async () => {
+  // ---------------------------------------------------------------------------
-			const response = await ctx.app.inject({
+  // Cascade Delete Tests
-				method: "GET",
+  // ---------------------------------------------------------------------------
 				url: `/medications/99999/refills`,
 			});
-			expect(response.statusCode).toBe(404);
+  describe("Cascade Delete", () => {
-			expect(response.json().error).toBe("Medication not found");
+    it("should delete refill history when medication is deleted", async () => {
-		});
+      // Add a refill
-	});
+      await ctx.app.inject({
        method: "POST",
        url: `/medications/${medId}/refill`,
        payload: { packsAdded: 1 },
      });
-	// ---------------------------------------------------------------------------
+      // Verify refill exists
-	// Cascade Delete Tests
+      let result = await ctx.client.execute({
-	// ---------------------------------------------------------------------------
+        sql: `SELECT COUNT(*) as count FROM refill_history WHERE medication_id = ?`,
        args: [medId],
      });
      expect(result.rows[0].count).toBe(1);
-	describe("Cascade Delete", () => {
+      // Delete medication
-		it("should delete refill history when medication is deleted", async () => {
+      await ctx.client.execute({
-			// Add a refill
+        sql: `DELETE FROM medications WHERE id = ?`,
-			await ctx.app.inject({
+        args: [medId],
-				method: "POST",
+      });
 				url: `/medications/${medId}/refill`,
 				payload: { packsAdded: 1 },
 			});
-			// Verify refill exists
+      // Verify refill history was cascade deleted
-			let result = await ctx.client.execute({
+      result = await ctx.client.execute({
-				sql: `SELECT COUNT(*) as count FROM refill_history WHERE medication_id = ?`,
+        sql: `SELECT COUNT(*) as count FROM refill_history WHERE medication_id = ?`,
-				args: [medId],
+        args: [medId],
-			});
+      });
-			expect(result.rows[0].count).toBe(1);
+      expect(result.rows[0].count).toBe(0);
    });
-			// Delete medication
+    it("should delete refill history when user is deleted", async () => {
-			await ctx.client.execute({
+      // Add a refill
-				sql: `DELETE FROM medications WHERE id = ?`,
+      await ctx.app.inject({
-				args: [medId],
+        method: "POST",
-			});
+        url: `/medications/${medId}/refill`,
        payload: { packsAdded: 1 },
      });
-			// Verify refill history was cascade deleted
+      // Verify refill exists
-			result = await ctx.client.execute({
+      let result = await ctx.client.execute({
-				sql: `SELECT COUNT(*) as count FROM refill_history WHERE medication_id = ?`,
+        sql: `SELECT COUNT(*) as count FROM refill_history WHERE user_id = ?`,
-				args: [medId],
+        args: [userId],
-			});
+      });
-			expect(result.rows[0].count).toBe(0);
+      expect(result.rows[0].count).toBe(1);
 		});
-		it("should delete refill history when user is deleted", async () => {
+      // Delete user
-			// Add a refill
+      await ctx.client.execute({
-			await ctx.app.inject({
+        sql: `DELETE FROM users WHERE id = ?`,
-				method: "POST",
+        args: [userId],
-				url: `/medications/${medId}/refill`,
+      });
 				payload: { packsAdded: 1 },
 			});
-			// Verify refill exists
+      // Verify refill history was cascade deleted
-			let result = await ctx.client.execute({
+      result = await ctx.client.execute({
-				sql: `SELECT COUNT(*) as count FROM refill_history WHERE user_id = ?`,
+        sql: `SELECT COUNT(*) as count FROM refill_history WHERE user_id = ?`,
-				args: [userId],
+        args: [userId],
-			});
+      });
-			expect(result.rows[0].count).toBe(1);
+      expect(result.rows[0].count).toBe(0);
-
+    });
-			// Delete user
+  });
 			await ctx.client.execute({
 				sql: `DELETE FROM users WHERE id = ?`,
 				args: [userId],
 			});
 			// Verify refill history was cascade deleted
 			result = await ctx.client.execute({
 				sql: `SELECT COUNT(*) as count FROM refill_history WHERE user_id = ?`,
 				args: [userId],
 			});
 			expect(result.rows[0].count).toBe(0);
 		});
 	});
 });
@@ -1,422 +0,0 @@
 import { dirname, resolve } from "node:path";
 import { fileURLToPath } from "node:url";
 import { migrate } from "drizzle-orm/libsql/migrator";
 import Fastify, { type FastifyInstance } from "fastify";
 import { afterAll, beforeAll, beforeEach, describe, expect, it, vi } from "vitest";
 import { runAlterMigrations } from "../db/db-utils.js";
 const { testClient, testDb, mockedEnv, nodemailerSendMail, fetchMock } = vi.hoisted(() => {
 	const { createClient } = require("@libsql/client");
 	const { drizzle } = require("drizzle-orm/libsql");
 	const client = createClient({ url: ":memory:" });
 	const db = drizzle(client);
 	const env = {
 		AUTH_ENABLED: false,
 		OIDC_ENABLED: false,
 		OIDC_PROVIDER_NAME: "SSO",
 		NODE_ENV: "test",
 	};
 	return {
 		testClient: client,
 		testDb: db,
 		mockedEnv: env,
 		nodemailerSendMail: vi.fn(),
 		fetchMock: vi.fn(),
 	};
 });
 vi.mock("../db/client.js", () => ({
 	db: testDb,
 	migrationsReady: Promise.resolve(),
 }));
 vi.mock("../plugins/env.js", () => ({ env: mockedEnv }));
 vi.mock("../plugins/auth.js", () => ({
 	requireAuth: async () => {},
 	getAnonymousUserId: async () => 1,
 }));
 vi.mock("nodemailer", () => ({
 	default: {
 		createTransport: () => ({
 			sendMail: nodemailerSendMail,
 		}),
 	},
 }));
 const { settingsRoutes, sendShoutrrrNotification } = await import("../routes/settings.js");
 const { exportRoutes } = await import("../routes/export.js");
 const { reportRoutes } = await import("../routes/report.js");
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = dirname(__filename);
 const migrationsFolder = resolve(__dirname, "../../drizzle");
 async function clearTables() {
 	await testClient.execute("DELETE FROM refill_history");
 	await testClient.execute("DELETE FROM dose_tracking");
 	await testClient.execute("DELETE FROM share_tokens");
 	await testClient.execute("DELETE FROM user_settings");
 	await testClient.execute("DELETE FROM medications");
 	await testClient.execute("DELETE FROM users");
 }
 async function seedAnonymousUser() {
 	await testClient.execute({
 		sql: "INSERT INTO users (id, username, auth_provider, is_active) VALUES (?, ?, ?, 1)",
 		args: [1, "anon", "anonymous"],
 	});
 }
 async function seedMedication(name = "Aspirin") {
 	const result = await testClient.execute({
 		sql: `INSERT INTO medications (
      user_id, name, generic_name, taken_by_json, package_type,
      pack_count, blisters_per_pack, pills_per_blister, loose_tablets,
      usage_json, every_json, start_json, intakes_json,
      stock_adjustment, intake_reminders_enabled
    ) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?) RETURNING id`,
 		args: [
 			1,
 			name,
 			"Acetylsalicylic acid",
 			JSON.stringify(["Daniel"]),
 			"blister",
 			2,
 			2,
 			10,
 			3,
 			JSON.stringify([1]),
 			JSON.stringify([1]),
 			JSON.stringify(["2026-01-01T08:00:00.000Z"]),
 			JSON.stringify([
 				{ usage: 1, every: 1, start: "2026-01-01T08:00:00.000Z", takenBy: "Daniel", intakeRemindersEnabled: true },
 			]),
 			0,
 			1,
 		],
 	});
 	return result.rows[0].id as number;
 }
 describe("Real route coverage: settings/export/report", () => {
 	let app: FastifyInstance;
 	beforeAll(async () => {
 		await migrate(testDb, { migrationsFolder });
 		await runAlterMigrations(testClient);
 		app = Fastify({ logger: false });
 		await app.register(settingsRoutes);
 		await app.register(exportRoutes);
 		await app.register(reportRoutes);
 		await app.ready();
 	});
 	afterAll(async () => {
 		await app.close();
 		testClient.close();
 	});
 	beforeEach(async () => {
 		vi.clearAllMocks();
 		vi.stubGlobal("fetch", fetchMock);
 		await clearTables();
 		await seedAnonymousUser();
 		delete process.env.SMTP_HOST;
 		delete process.env.SMTP_USER;
 		delete process.env.SMTP_TOKEN;
 		delete process.env.SMTP_PASS;
 		delete process.env.SMTP_FROM;
 		delete process.env.SMTP_PORT;
 		delete process.env.SMTP_SECURE;
 	});
 	it("GET /settings creates defaults for anonymous user", async () => {
 		const response = await app.inject({ method: "GET", url: "/settings" });
 		expect(response.statusCode).toBe(200);
 		const body = response.json();
 		expect(body.language).toBe("en");
 		expect(body.shareStockStatus).toBe(true);
 		expect(body.upcomingTodayOnly).toBe(false);
 		expect(body.shareScheduleTodayOnly).toBe(false);
 	});
 	it("PUT /settings disables repeatDailyReminders when no stock reminder channel exists", async () => {
 		const response = await app.inject({
 			method: "PUT",
 			url: "/settings",
 			payload: {
 				emailEnabled: false,
 				notificationEmail: "",
 				reminderDaysBefore: 7,
 				repeatDailyReminders: true,
 				lowStockDays: 30,
 				normalStockDays: 90,
 				highStockDays: 180,
 				shoutrrrEnabled: false,
 				shoutrrrUrl: "",
 				emailStockReminders: true,
 				emailIntakeReminders: true,
 				emailPrescriptionReminders: true,
 				shoutrrrStockReminders: true,
 				shoutrrrIntakeReminders: true,
 				shoutrrrPrescriptionReminders: true,
 				skipRemindersForTakenDoses: false,
 				repeatRemindersEnabled: false,
 				reminderRepeatIntervalMinutes: 30,
 				maxNaggingReminders: 5,
 				language: "en",
 				stockCalculationMode: "automatic",
 				shareStockStatus: true,
 				upcomingTodayOnly: false,
 				shareScheduleTodayOnly: false,
 				swapDashboardMainSections: false,
 			},
 		});
 		expect(response.statusCode).toBe(200);
 		const stored = await testClient.execute({
 			sql: "SELECT repeat_daily_reminders FROM user_settings WHERE user_id = 1",
 		});
 		expect(stored.rows[0].repeat_daily_reminders).toBe(0);
 	});
 	it("PUT /settings/language validates supported language", async () => {
 		const response = await app.inject({
 			method: "PUT",
 			url: "/settings/language",
 			payload: { language: "fr" },
 		});
 		expect(response.statusCode).toBe(400);
 		expect(response.json().error).toBe("Invalid language");
 	});
 	it("POST /settings/test-email fails when SMTP is not configured", async () => {
 		const response = await app.inject({
 			method: "POST",
 			url: "/settings/test-email",
 			payload: { email: "person@example.com" },
 		});
 		expect(response.statusCode).toBe(400);
 		expect(response.json().error).toBe("SMTP not configured");
 	});
 	it("POST /settings/test-email sends email when SMTP is configured", async () => {
 		process.env.SMTP_HOST = "smtp.example.com";
 		process.env.SMTP_USER = "mailer@example.com";
 		process.env.SMTP_TOKEN = "secret";
 		nodemailerSendMail.mockResolvedValue(undefined);
 		const response = await app.inject({
 			method: "POST",
 			url: "/settings/test-email",
 			payload: { email: "person@example.com" },
 		});
 		expect(response.statusCode).toBe(200);
 		expect(nodemailerSendMail).toHaveBeenCalledTimes(1);
 	});
 	it("POST /settings/test-shoutrrr validates URL presence", async () => {
 		const response = await app.inject({
 			method: "POST",
 			url: "/settings/test-shoutrrr",
 			payload: { url: "" },
 		});
 		expect(response.statusCode).toBe(400);
 	});
 	it("sendShoutrrrNotification blocks localhost/private targets", async () => {
 		const result = await sendShoutrrrNotification("http://127.0.0.1/hook", "test", "message");
 		expect(result.success).toBe(false);
 		expect(result.error).toContain("not allowed");
 	});
 	it("sendShoutrrrNotification handles ntfy auth and safe URL reconstruction", async () => {
 		fetchMock.mockResolvedValue({ ok: true });
 		const result = await sendShoutrrrNotification("ntfy://user:pass@ntfy.sh/mytopic", "Title ä", "Message");
 		expect(result.success).toBe(true);
 		expect(fetchMock).toHaveBeenCalledWith(
 			"https://ntfy.sh/mytopic",
 			expect.objectContaining({
 				headers: expect.objectContaining({
 					Authorization: expect.stringMatching(/^Basic /),
 				}),
 				method: "POST",
 				redirect: "error",
 			})
 		);
 	});
 	it("sendShoutrrrNotification uses JSON payload for webhook URLs", async () => {
 		fetchMock.mockResolvedValue({ ok: true });
 		const result = await sendShoutrrrNotification("https://hooks.slack.com/services/a/b/c", "Title", "Body");
 		expect(result.success).toBe(true);
 		const call = fetchMock.mock.calls[0];
 		expect(call[1].headers["Content-Type"]).toBe("application/json");
 		expect(JSON.parse(call[1].body)).toMatchObject({ title: "Title", message: "Body" });
 	});
 	it("POST /medications/report-data returns 403 for meds not owned by user", async () => {
 		await seedMedication("Owned Med");
 		const response = await app.inject({
 			method: "POST",
 			url: "/medications/report-data",
 			payload: { medicationIds: [9999] },
 		});
 		expect(response.statusCode).toBe(403);
 	});
 	it("POST /medications/report-data aggregates doses and refills", async () => {
 		const medId = await seedMedication("Report Med");
 		await testClient.execute({
 			sql: "INSERT INTO dose_tracking (user_id, dose_id, taken_at, dismissed) VALUES (?, ?, ?, ?)",
 			args: [1, `${medId}-0-1700000000000-Daniel`, 1700000000, 0],
 		});
 		await testClient.execute({
 			sql: "INSERT INTO dose_tracking (user_id, dose_id, taken_at, dismissed) VALUES (?, ?, ?, ?)",
 			args: [1, `${medId}-0-1700000600000-Daniel`, 1700000600, 1],
 		});
 		await testClient.execute({
 			sql: "INSERT INTO refill_history (medication_id, user_id, packs_added, loose_pills_added, used_prescription, refill_date) VALUES (?, ?, ?, ?, ?, ?)",
 			args: [medId, 1, 1, 2, 1, 1700001200],
 		});
 		const response = await app.inject({
 			method: "POST",
 			url: "/medications/report-data",
 			payload: { medicationIds: [medId] },
 		});
 		expect(response.statusCode).toBe(200);
 		const body = response.json();
 		expect(body[medId].dosesTaken).toBe(1);
 		expect(body[medId].dosesDismissed).toBe(1);
 		expect(body[medId].refills).toHaveLength(1);
 	});
 	it("GET /export includes medications, settings, doseHistory and refillHistory", async () => {
 		const medId = await seedMedication("Export Med");
 		await testClient.execute({
 			sql: "INSERT INTO dose_tracking (user_id, dose_id, taken_at, marked_by) VALUES (?, ?, ?, ?)",
 			args: [1, `${medId}-0-1700000000000-Daniel`, 1700000000, "Daniel"],
 		});
 		await testClient.execute({
 			sql: "INSERT INTO refill_history (medication_id, user_id, packs_added, loose_pills_added, used_prescription, refill_date) VALUES (?, ?, ?, ?, ?, ?)",
 			args: [medId, 1, 1, 3, 0, 1700000000],
 		});
 		await testClient.execute({
 			sql: "INSERT INTO user_settings (user_id, email_enabled, notification_email, share_stock_status, language) VALUES (?, ?, ?, ?, ?)",
 			args: [1, 1, "x@example.com", 1, "de"],
 		});
 		await testClient.execute({
 			sql: "INSERT INTO share_tokens (user_id, token, taken_by, schedule_days) VALUES (?, ?, ?, ?)",
 			args: [1, "abc123", "Daniel", 30],
 		});
 		const response = await app.inject({
 			method: "GET",
 			url: "/export?includeSensitive=true&includeImages=false",
 		});
 		expect(response.statusCode).toBe(200);
 		const body = response.json();
 		expect(body.medications).toHaveLength(1);
 		expect(body.doseHistory).toHaveLength(1);
 		expect(body.refillHistory).toHaveLength(1);
 		expect(body.settings.language).toBe("de");
 		expect(body.shareLinks).toHaveLength(1);
 	});
 	it("POST /import validates payload and imports minimal valid structure", async () => {
 		const invalid = await app.inject({
 			method: "POST",
 			url: "/import",
 			payload: { foo: "bar" },
 		});
 		expect(invalid.statusCode).toBe(400);
 		const validImport = {
 			version: "1.1",
 			exportedAt: new Date().toISOString(),
 			includeSensitiveData: false,
 			medications: [
 				{
 					_exportId: "med-1",
 					name: "Imported Med",
 					genericName: null,
 					takenBy: ["Daniel"],
 					inventory: {
 						packCount: 1,
 						blistersPerPack: 1,
 						pillsPerBlister: 10,
 						totalPills: null,
 						looseTablets: 0,
 						stockAdjustment: 0,
 						packageType: "blister",
 					},
 					pillWeightMg: null,
 					doseUnit: "mg",
 					schedules: [{ usage: 1, every: 1, start: "2026-01-01T08:00:00.000Z", remind: false, takenBy: "Daniel" }],
 					medicationStartDate: "",
 					expiryDate: null,
 					notes: null,
 					intakeRemindersEnabled: false,
 					isObsolete: false,
 					obsoleteAt: null,
 					prescriptionEnabled: false,
 					prescriptionAuthorizedRefills: null,
 					prescriptionRemainingRefills: null,
 					prescriptionLowRefillThreshold: 1,
 					prescriptionExpiryDate: null,
 					dismissedUntil: null,
 					image: null,
 					lastStockCorrectionAt: null,
 				},
 			],
 			doseHistory: [],
 			refillHistory: [],
 			settings: {
 				emailEnabled: false,
 				notificationEmail: null,
 				emailStockReminders: true,
 				emailIntakeReminders: true,
 				emailPrescriptionReminders: true,
 				shoutrrrEnabled: false,
 				shoutrrrUrl: null,
 				shoutrrrStockReminders: true,
 				shoutrrrIntakeReminders: true,
 				shoutrrrPrescriptionReminders: true,
 				reminderDaysBefore: 7,
 				repeatDailyReminders: false,
 				skipRemindersForTakenDoses: false,
 				repeatRemindersEnabled: false,
 				reminderRepeatIntervalMinutes: 30,
 				maxNaggingReminders: 5,
 				lowStockDays: 30,
 				normalStockDays: 90,
 				highStockDays: 180,
 				expiryWarningDays: 30,
 				language: "en",
 				stockCalculationMode: "automatic",
 				shareStockStatus: true,
 			},
 			shareLinks: [],
 		};
 		const valid = await app.inject({
 			method: "POST",
 			url: "/import",
 			payload: validImport,
 		});
 		expect(valid.statusCode).toBe(200);
 		expect(valid.json().imported.medications).toBe(1);
 		const rows = await testClient.execute({
 			sql: "SELECT name FROM medications WHERE user_id = 1",
 		});
 		expect(rows.rows[0].name).toBe("Imported Med");
 	});
 });
@@ -1,517 +1,499 @@
-import { existsSync, rmSync } from "node:fs";
+import { describe, it, expect, vi, beforeEach, afterEach } from "vitest";
-import { tmpdir } from "node:os";
+import Fastify from "fastify";
 import { resolve } from "node:path";
 import cookie from "@fastify/cookie";
 import cors from "@fastify/cors";
 import sensible from "@fastify/sensible";
-import Fastify, { type FastifyInstance } from "fastify";
+import cookie from "@fastify/cookie";
-import { afterEach, describe, expect, it } from "vitest";
+import { mkdirSync, rmSync, existsSync } from "fs";
 import { resolve } from "path";
 import { tmpdir } from "os";
 // Import from utils to avoid index.ts import side effects (server start)
 import {
-	buildAppConfig,
+  parseCorsOrigins,
-	buildBaseCookieOptions,
+  buildBaseCookieOptions,
-	buildRefreshCookieOptions,
+  buildRefreshCookieOptions,
-	ensureImagesDirectory,
+  buildAppConfig,
-	getJwtConfig,
+  ensureImagesDirectory,
-	parseCorsOrigins,
+  getJwtConfig,
 } from "../utils/server-config.js";
 describe("Index.ts Utility Functions", () => {
-	describe("parseCorsOrigins", () => {
+  describe("parseCorsOrigins", () => {
-		it("should parse comma-separated origins", () => {
+    it("should parse comma-separated origins", () => {
-			const origins = parseCorsOrigins("http://localhost:5173,http://localhost:4173");
+      const origins = parseCorsOrigins("http://localhost:5173,http://localhost:4173");
-			expect(origins).toHaveLength(2);
+      expect(origins).toHaveLength(2);
-			expect(origins[0]).toBe("http://localhost:5173");
+      expect(origins[0]).toBe("http://localhost:5173");
-			expect(origins[1]).toBe("http://localhost:4173");
+      expect(origins[1]).toBe("http://localhost:4173");
-		});
+    });
-		it("should handle single origin", () => {
+    it("should handle single origin", () => {
-			const origins = parseCorsOrigins("https://myapp.example.com");
+      const origins = parseCorsOrigins("https://myapp.example.com");
-			expect(origins).toHaveLength(1);
+      expect(origins).toHaveLength(1);
-			expect(origins[0]).toBe("https://myapp.example.com");
+      expect(origins[0]).toBe("https://myapp.example.com");
-		});
+    });
-		it("should filter out empty strings", () => {
+    it("should filter out empty strings", () => {
-			const origins = parseCorsOrigins("http://localhost:5173,,http://localhost:4173,");
+      const origins = parseCorsOrigins("http://localhost:5173,,http://localhost:4173,");
-			expect(origins).toHaveLength(2);
+      expect(origins).toHaveLength(2);
-		});
+    });
-		it("should trim whitespace", () => {
+    it("should trim whitespace", () => {
-			const origins = parseCorsOrigins(" http://localhost:5173 , http://localhost:4173 ");
+      const origins = parseCorsOrigins(" http://localhost:5173 , http://localhost:4173 ");
-			expect(origins).toEqual(["http://localhost:5173", "http://localhost:4173"]);
+      expect(origins).toEqual(["http://localhost:5173", "http://localhost:4173"]);
-		});
+    });
-		it("should return empty array for empty string", () => {
+    it("should return empty array for empty string", () => {
-			const origins = parseCorsOrigins("");
+      const origins = parseCorsOrigins("");
-			expect(origins).toHaveLength(0);
+      expect(origins).toHaveLength(0);
-		});
+    });
-	});
+  });
-	describe("buildBaseCookieOptions", () => {
+  describe("buildBaseCookieOptions", () => {
-		it("should set secure=true in production", () => {
+    it("should set secure=true in production", () => {
-			const options = buildBaseCookieOptions(15, true);
+      const options = buildBaseCookieOptions(15, true);
-			expect(options.secure).toBe(true);
+      expect(options.secure).toBe(true);
-			expect(options.httpOnly).toBe(true);
+      expect(options.httpOnly).toBe(true);
-			expect(options.sameSite).toBe("lax");
+      expect(options.sameSite).toBe("lax");
-			expect(options.path).toBe("/");
+      expect(options.path).toBe("/");
-		});
+    });
-		it("should set secure=false in development", () => {
+    it("should set secure=false in development", () => {
-			const options = buildBaseCookieOptions(15, false);
+      const options = buildBaseCookieOptions(15, false);
-			expect(options.secure).toBe(false);
+      expect(options.secure).toBe(false);
-		});
+    });
-		it("should calculate maxAge in seconds from minutes", () => {
+    it("should calculate maxAge in seconds from minutes", () => {
-			const options = buildBaseCookieOptions(15, false);
+      const options = buildBaseCookieOptions(15, false);
-			expect(options.maxAge).toBe(15 * 60); // 900 seconds
+      expect(options.maxAge).toBe(15 * 60); // 900 seconds
-		});
+    });
-		it("should handle custom TTL values", () => {
+    it("should handle custom TTL values", () => {
-			const options = buildBaseCookieOptions(30, false);
+      const options = buildBaseCookieOptions(30, false);
-			expect(options.maxAge).toBe(30 * 60); // 1800 seconds
+      expect(options.maxAge).toBe(30 * 60); // 1800 seconds
-		});
+    });
-	});
+  });
-	describe("buildRefreshCookieOptions", () => {
+  describe("buildRefreshCookieOptions", () => {
-		it("should extend base options with longer maxAge", () => {
+    it("should extend base options with longer maxAge", () => {
-			const base = buildBaseCookieOptions(15, false);
+      const base = buildBaseCookieOptions(15, false);
-			const refresh = buildRefreshCookieOptions(base, 7);
+      const refresh = buildRefreshCookieOptions(base, 7);
      expect(refresh.httpOnly).toBe(true);
      expect(refresh.sameSite).toBe("lax");
      expect(refresh.maxAge).toBe(7 * 24 * 60 * 60); // 7 days in seconds
    });
-			expect(refresh.httpOnly).toBe(true);
+    it("should calculate 14 days correctly", () => {
-			expect(refresh.sameSite).toBe("lax");
+      const base = buildBaseCookieOptions(15, false);
-			expect(refresh.maxAge).toBe(7 * 24 * 60 * 60); // 7 days in seconds
+      const refresh = buildRefreshCookieOptions(base, 14);
-		});
+      expect(refresh.maxAge).toBe(14 * 24 * 60 * 60); // 1209600 seconds
    });
-		it("should calculate 14 days correctly", () => {
+    it("should preserve secure flag from base", () => {
-			const base = buildBaseCookieOptions(15, false);
+      const base = buildBaseCookieOptions(15, true);
-			const refresh = buildRefreshCookieOptions(base, 14);
+      const refresh = buildRefreshCookieOptions(base, 7);
-			expect(refresh.maxAge).toBe(14 * 24 * 60 * 60); // 1209600 seconds
+      expect(refresh.secure).toBe(true);
-		});
+    });
  });
-		it("should preserve secure flag from base", () => {
+  describe("buildAppConfig", () => {
-			const base = buildBaseCookieOptions(15, true);
+    it("should build complete config object", () => {
-			const refresh = buildRefreshCookieOptions(base, 7);
+      const config = buildAppConfig({
-			expect(refresh.secure).toBe(true);
+        jwtSecret: "test-jwt-secret",
-		});
+        refreshSecret: "test-refresh-secret",
-	});
+        accessTtlMinutes: 15,
        refreshTtlDays: 7,
        isProduction: false,
      });
-	describe("buildAppConfig", () => {
+      expect(config.accessSecret).toBe("test-jwt-secret");
-		it("should build complete config object", () => {
+      expect(config.refreshSecret).toBe("test-refresh-secret");
-			const config = buildAppConfig({
+      expect(config.accessTtl).toBe(15);
-				jwtSecret: "test-jwt-secret",
+      expect(config.refreshTtl).toBe(7);
-				refreshSecret: "test-refresh-secret",
+      expect(config.cookieOptions).toBeDefined();
-				accessTtlMinutes: 15,
+      expect(config.refreshCookieOptions).toBeDefined();
-				refreshTtlDays: 7,
+    });
 				isProduction: false,
 			});
-			expect(config.accessSecret).toBe("test-jwt-secret");
+    it("should use empty strings for missing secrets", () => {
-			expect(config.refreshSecret).toBe("test-refresh-secret");
+      const config = buildAppConfig({
-			expect(config.accessTtl).toBe(15);
+        accessTtlMinutes: 15,
-			expect(config.refreshTtl).toBe(7);
+        refreshTtlDays: 7,
-			expect(config.cookieOptions).toBeDefined();
+        isProduction: false,
-			expect(config.refreshCookieOptions).toBeDefined();
+      });
 		});
-		it("should use empty strings for missing secrets", () => {
+      expect(config.accessSecret).toBe("");
-			const config = buildAppConfig({
+      expect(config.refreshSecret).toBe("");
-				accessTtlMinutes: 15,
+    });
 				refreshTtlDays: 7,
 				isProduction: false,
 			});
-			expect(config.accessSecret).toBe("");
+    it("should set secure cookies in production", () => {
-			expect(config.refreshSecret).toBe("");
+      const config = buildAppConfig({
-		});
+        accessTtlMinutes: 15,
        refreshTtlDays: 7,
        isProduction: true,
      });
-		it("should set secure cookies in production", () => {
+      expect(config.cookieOptions.secure).toBe(true);
-			const config = buildAppConfig({
+      expect(config.refreshCookieOptions.secure).toBe(true);
-				accessTtlMinutes: 15,
+    });
-				refreshTtlDays: 7,
+  });
 				isProduction: true,
 			});
-			expect(config.cookieOptions.secure).toBe(true);
+  describe("ensureImagesDirectory", () => {
-			expect(config.refreshCookieOptions.secure).toBe(true);
+    const testDir = resolve(tmpdir(), `test-images-dir-${Date.now()}`);
 		});
 	});
-	describe("ensureImagesDirectory", () => {
+    afterEach(() => {
-		const testDir = resolve(tmpdir(), `test-images-dir-${Date.now()}`);
+      try {
        if (existsSync(testDir)) {
          rmSync(testDir, { recursive: true, force: true });
        }
      } catch {
        // ignore cleanup errors
      }
    });
-		afterEach(() => {
+    it("should create directory if it does not exist", () => {
-			try {
+      const imagesDir = ensureImagesDirectory(testDir);
-				if (existsSync(testDir)) {
+      expect(existsSync(imagesDir)).toBe(true);
-					rmSync(testDir, { recursive: true, force: true });
+      expect(imagesDir).toContain("data/images");
-				}
+    });
 			} catch {
 				// ignore cleanup errors
 			}
 		});
-		it("should create directory if it does not exist", () => {
+    it("should return path if directory already exists", () => {
-			const imagesDir = ensureImagesDirectory(testDir);
+      const firstCall = ensureImagesDirectory(testDir);
-			expect(existsSync(imagesDir)).toBe(true);
+      const secondCall = ensureImagesDirectory(testDir);
-			expect(imagesDir).toContain("data/images");
+      expect(firstCall).toBe(secondCall);
-		});
+    });
  });
-		it("should return path if directory already exists", () => {
+  describe("getJwtConfig", () => {
-			const firstCall = ensureImagesDirectory(testDir);
+    it("should return real secret when auth enabled with secret", () => {
-			const secondCall = ensureImagesDirectory(testDir);
+      const config = getJwtConfig(true, "my-super-secret");
-			expect(firstCall).toBe(secondCall);
+      expect(config.secret).toBe("my-super-secret");
-		});
+      expect(config.cookie.cookieName).toBe("access_token");
-	});
+      expect(config.cookie.signed).toBe(false);
    });
-	describe("getJwtConfig", () => {
+    it("should return dummy secret when auth disabled", () => {
-		it("should return real secret when auth enabled with secret", () => {
+      const config = getJwtConfig(false, undefined);
-			const config = getJwtConfig(true, "my-super-secret");
+      expect(config.secret).toBe("auth-disabled-no-secret-needed");
-			expect(config.secret).toBe("my-super-secret");
+    });
 			expect(config.cookie.cookieName).toBe("access_token");
 			expect(config.cookie.signed).toBe(false);
 		});
-		it("should return dummy secret when auth disabled", () => {
+    it("should return dummy secret when auth enabled but no secret", () => {
-			const config = getJwtConfig(false, undefined);
+      const config = getJwtConfig(true, undefined);
-			expect(config.secret).toBe("auth-disabled-no-secret-needed");
+      expect(config.secret).toBe("auth-disabled-no-secret-needed");
-		});
+    });
-		it("should return dummy secret when auth enabled but no secret", () => {
+    it("should return dummy secret when auth enabled with empty secret", () => {
-			const config = getJwtConfig(true, undefined);
+      const config = getJwtConfig(true, "");
-			expect(config.secret).toBe("auth-disabled-no-secret-needed");
+      expect(config.secret).toBe("auth-disabled-no-secret-needed");
-		});
+    });
-
+  });
 		it("should return dummy secret when auth enabled with empty secret", () => {
 			const config = getJwtConfig(true, "");
 			expect(config.secret).toBe("auth-disabled-no-secret-needed");
 		});
 	});
 });
 // Test the server bootstrap logic without starting the actual server
 describe("Server Bootstrap", () => {
-	describe("Fastify App Configuration", () => {
+  describe("Fastify App Configuration", () => {
-		it("should create a Fastify instance with logger", async () => {
+    it("should create a Fastify instance with logger", async () => {
-			const app = Fastify({
+      const app = Fastify({
-				logger: {
+        logger: {
-					level: "silent", // Disable logging for tests
+          level: "silent", // Disable logging for tests
-				},
+        },
-			});
+      });
-			expect(app).toBeDefined();
+      expect(app).toBeDefined();
-			expect(app.log).toBeDefined();
+      expect(app.log).toBeDefined();
      await app.close();
    });
-			await app.close();
+    it("should register sensible plugin", async () => {
-		});
+      const app = Fastify({ logger: false });
      await app.register(sensible);
      // Sensible adds error helpers
      expect(app.httpErrors).toBeDefined();
      expect(app.httpErrors.notFound).toBeDefined();
      await app.close();
    });
-		it("should register sensible plugin", async () => {
+    it("should register cors plugin with multiple origins", async () => {
-			const app = Fastify({ logger: false });
+      const origins = ["http://localhost:5173", "http://localhost:4173"];
-			await app.register(sensible);
+      
      const app = Fastify({ logger: false });
      await app.register(cors, { origin: origins, credentials: true });
      // Add a test route
      app.get("/test", async () => ({ ok: true }));
      await app.ready();
      // Test CORS headers
      const response = await app.inject({
        method: "GET",
        url: "/test",
        headers: {
          origin: "http://localhost:5173",
        },
      });
      expect(response.headers["access-control-allow-origin"]).toBe("http://localhost:5173");
      expect(response.headers["access-control-allow-credentials"]).toBe("true");
      await app.close();
    });
-			// Sensible adds error helpers
+    it("should register cookie plugin", async () => {
-			expect(app.httpErrors).toBeDefined();
+      const app = Fastify({ logger: false });
-			expect(app.httpErrors.notFound).toBeDefined();
+      await app.register(cookie, { secret: "test-cookie-secret" });
      // Add a test route that sets a cookie
      app.get("/set-cookie", async (request, reply) => {
        reply.setCookie("test", "value", { path: "/" });
        return { ok: true };
      });
      await app.ready();
      const response = await app.inject({
        method: "GET",
        url: "/set-cookie",
      });
      expect(response.headers["set-cookie"]).toBeDefined();
      await app.close();
    });
  });
-			await app.close();
+  describe("Config Decorator", () => {
-		});
+    it("should create config with auth settings", async () => {
      const app = Fastify({ logger: false });
      const accessTtlMinutes = 15;
      const refreshTtlDays = 7;
      const baseCookieOptions = {
        httpOnly: true,
        sameSite: "lax" as const,
        secure: false, // test environment
        path: "/",
        maxAge: accessTtlMinutes * 60,
      };
      const refreshCookieOptions = {
        ...baseCookieOptions,
        maxAge: refreshTtlDays * 24 * 60 * 60,
      };
      app.decorate("config", {
        accessSecret: "test-jwt-secret",
        refreshSecret: "test-refresh-secret",
        accessTtl: accessTtlMinutes,
        refreshTtl: refreshTtlDays,
        cookieOptions: baseCookieOptions,
        refreshCookieOptions,
      });
      expect((app as any).config.accessTtl).toBe(15);
      expect((app as any).config.refreshTtl).toBe(7);
      expect((app as any).config.cookieOptions.httpOnly).toBe(true);
      expect((app as any).config.refreshCookieOptions.maxAge).toBe(7 * 24 * 60 * 60);
      await app.close();
    });
-		it("should register cors plugin with multiple origins", async () => {
+    it("should calculate cookie maxAge correctly", () => {
-			const origins = ["http://localhost:5173", "http://localhost:4173"];
+      const accessTtlMinutes = 30;
      const refreshTtlDays = 14;
      const accessMaxAge = accessTtlMinutes * 60;
      const refreshMaxAge = refreshTtlDays * 24 * 60 * 60;
      expect(accessMaxAge).toBe(1800); // 30 minutes in seconds
      expect(refreshMaxAge).toBe(1209600); // 14 days in seconds
    });
  });
-			const app = Fastify({ logger: false });
+  describe("CORS Origins Parsing", () => {
-			await app.register(cors, { origin: origins, credentials: true });
+    it("should parse comma-separated origins", () => {
      const originsEnv = "http://localhost:5173,http://localhost:4173";
      const origins = originsEnv.split(",").map((o) => o.trim()).filter(Boolean);
      expect(origins).toHaveLength(2);
      expect(origins[0]).toBe("http://localhost:5173");
      expect(origins[1]).toBe("http://localhost:4173");
    });
-			// Add a test route
+    it("should handle single origin", () => {
-			app.get("/test", async () => ({ ok: true }));
+      const originsEnv = "https://myapp.example.com";
      const origins = originsEnv.split(",").map((o) => o.trim()).filter(Boolean);
      expect(origins).toHaveLength(1);
      expect(origins[0]).toBe("https://myapp.example.com");
    });
-			await app.ready();
+    it("should filter out empty strings", () => {
      const originsEnv = "http://localhost:5173,,http://localhost:4173,";
      const origins = originsEnv.split(",").map((o) => o.trim()).filter(Boolean);
      expect(origins).toHaveLength(2);
    });
-			// Test CORS headers
+    it("should trim whitespace", () => {
-			const response = await app.inject({
+      const originsEnv = " http://localhost:5173 , http://localhost:4173 ";
-				method: "GET",
+      const origins = originsEnv.split(",").map((o) => o.trim()).filter(Boolean);
-				url: "/test",
+      
-				headers: {
+      expect(origins).toEqual(["http://localhost:5173", "http://localhost:4173"]);
-					origin: "http://localhost:5173",
+    });
-				},
+  });
 			});
-			expect(response.headers["access-control-allow-origin"]).toBe("http://localhost:5173");
+  describe("Route Registration", () => {
-			expect(response.headers["access-control-allow-credentials"]).toBe("true");
+    it("should register multiple route plugins", async () => {
      const app = Fastify({ logger: false });
      // Mock route plugins
      const healthRoutes = async (app: any) => {
        app.get("/health", async () => ({ status: "ok" }));
      };
      const authRoutes = async (app: any) => {
        app.post("/auth/login", async () => ({ token: "mock" }));
      };
      const medicationRoutes = async (app: any) => {
        app.get("/medications", async () => []);
      };
      await app.register(healthRoutes);
      await app.register(authRoutes);
      await app.register(medicationRoutes);
      await app.ready();
      // Verify routes are registered
      const routes = app.printRoutes();
      expect(routes).toContain("health");
      expect(routes).toContain("auth/login");
      expect(routes).toContain("medications");
      await app.close();
    });
  });
-			await app.close();
+  describe("Server Startup", () => {
-		});
+    it("should listen on specified port", async () => {
      const app = Fastify({ logger: false });
      app.get("/test", async () => ({ ok: true }));
      // Use port 0 to get a random available port
      const address = await app.listen({ port: 0, host: "127.0.0.1" });
      expect(address).toContain("127.0.0.1");
      await app.close();
    });
-		it("should register cookie plugin", async () => {
+    it("should handle listen errors gracefully", async () => {
-			const app = Fastify({ logger: false });
+      const app = Fastify({ logger: false });
-			await app.register(cookie, { secret: "test-cookie-secret" });
+      
      // Try to listen on an invalid port
      await expect(
        app.listen({ port: -1, host: "127.0.0.1" })
      ).rejects.toThrow();
      await app.close();
    });
  });
-			// Add a test route that sets a cookie
+  describe("Images Directory", () => {
-			app.get("/set-cookie", async (_request, reply) => {
+    it("should construct images directory path correctly", () => {
-				reply.setCookie("test", "value", { path: "/" });
+      const resolve = (base: string, ...paths: string[]) => {
-				return { ok: true };
+        return [base, ...paths].join("/").replace(/\/+/g, "/");
-			});
+      };
-
+      
-			await app.ready();
+      const cwd = "/app";
-
+      const imagesDir = resolve(cwd, "data/images");
-			const response = await app.inject({
+      
-				method: "GET",
+      expect(imagesDir).toBe("/app/data/images");
-				url: "/set-cookie",
+    });
-			});
+  });
 			expect(response.headers["set-cookie"]).toBeDefined();
 			await app.close();
 		});
 	});
 	describe("Config Decorator", () => {
 		it("should create config with auth settings", async () => {
 			const app = Fastify({ logger: false });
 			const accessTtlMinutes = 15;
 			const refreshTtlDays = 7;
 			const baseCookieOptions = {
 				httpOnly: true,
 				sameSite: "lax" as const,
 				secure: false, // test environment
 				path: "/",
 				maxAge: accessTtlMinutes * 60,
 			};
 			const refreshCookieOptions = {
 				...baseCookieOptions,
 				maxAge: refreshTtlDays * 24 * 60 * 60,
 			};
 			app.decorate("config", {
 				accessSecret: "test-jwt-secret",
 				refreshSecret: "test-refresh-secret",
 				accessTtl: accessTtlMinutes,
 				refreshTtl: refreshTtlDays,
 				cookieOptions: baseCookieOptions,
 				refreshCookieOptions,
 			});
 			const appWithConfig = app as unknown as {
 				config: {
 					accessTtl: number;
 					refreshTtl: number;
 					cookieOptions: { httpOnly: boolean };
 					refreshCookieOptions: { maxAge: number };
 				};
 			};
 			expect(appWithConfig.config.accessTtl).toBe(15);
 			expect(appWithConfig.config.refreshTtl).toBe(7);
 			expect(appWithConfig.config.cookieOptions.httpOnly).toBe(true);
 			expect(appWithConfig.config.refreshCookieOptions.maxAge).toBe(7 * 24 * 60 * 60);
 			await app.close();
 		});
 		it("should calculate cookie maxAge correctly", () => {
 			const accessTtlMinutes = 30;
 			const refreshTtlDays = 14;
 			const accessMaxAge = accessTtlMinutes * 60;
 			const refreshMaxAge = refreshTtlDays * 24 * 60 * 60;
 			expect(accessMaxAge).toBe(1800); // 30 minutes in seconds
 			expect(refreshMaxAge).toBe(1209600); // 14 days in seconds
 		});
 	});
 	describe("CORS Origins Parsing", () => {
 		it("should parse comma-separated origins", () => {
 			const originsEnv = "http://localhost:5173,http://localhost:4173";
 			const origins = originsEnv
 				.split(",")
 				.map((o) => o.trim())
 				.filter(Boolean);
 			expect(origins).toHaveLength(2);
 			expect(origins[0]).toBe("http://localhost:5173");
 			expect(origins[1]).toBe("http://localhost:4173");
 		});
 		it("should handle single origin", () => {
 			const originsEnv = "https://myapp.example.com";
 			const origins = originsEnv
 				.split(",")
 				.map((o) => o.trim())
 				.filter(Boolean);
 			expect(origins).toHaveLength(1);
 			expect(origins[0]).toBe("https://myapp.example.com");
 		});
 		it("should filter out empty strings", () => {
 			const originsEnv = "http://localhost:5173,,http://localhost:4173,";
 			const origins = originsEnv
 				.split(",")
 				.map((o) => o.trim())
 				.filter(Boolean);
 			expect(origins).toHaveLength(2);
 		});
 		it("should trim whitespace", () => {
 			const originsEnv = " http://localhost:5173 , http://localhost:4173 ";
 			const origins = originsEnv
 				.split(",")
 				.map((o) => o.trim())
 				.filter(Boolean);
 			expect(origins).toEqual(["http://localhost:5173", "http://localhost:4173"]);
 		});
 	});
 	describe("Route Registration", () => {
 		it("should register multiple route plugins", async () => {
 			const app = Fastify({ logger: false });
 			// Mock route plugins
 			const healthRoutes = async (app: FastifyInstance) => {
 				app.get("/health", async () => ({ status: "ok" }));
 			};
 			const authRoutes = async (app: FastifyInstance) => {
 				app.post("/auth/login", async () => ({ token: "mock" }));
 			};
 			const medicationRoutes = async (app: FastifyInstance) => {
 				app.get("/medications", async () => []);
 			};
 			await app.register(healthRoutes);
 			await app.register(authRoutes);
 			await app.register(medicationRoutes);
 			await app.ready();
 			// Verify routes are registered
 			const routes = app.printRoutes();
 			expect(routes).toContain("health");
 			expect(routes).toContain("auth/login");
 			expect(routes).toContain("medications");
 			await app.close();
 		});
 	});
 	describe("Server Startup", () => {
 		it("should listen on specified port", async () => {
 			const app = Fastify({ logger: false });
 			app.get("/test", async () => ({ ok: true }));
 			// Use port 0 to get a random available port
 			const address = await app.listen({ port: 0, host: "127.0.0.1" });
 			expect(address).toContain("127.0.0.1");
 			await app.close();
 		});
 		it("should handle listen errors gracefully", async () => {
 			const app = Fastify({ logger: false });
 			// Try to listen on an invalid port
 			await expect(app.listen({ port: -1, host: "127.0.0.1" })).rejects.toThrow();
 			await app.close();
 		});
 	});
 	describe("Images Directory", () => {
 		it("should construct images directory path correctly", () => {
 			const resolve = (base: string, ...paths: string[]) => {
 				return [base, ...paths].join("/").replace(/\/+/g, "/");
 			};
 			const cwd = "/app";
 			const imagesDir = resolve(cwd, "data/images");
 			expect(imagesDir).toBe("/app/data/images");
 		});
 	});
 });
 describe("Cookie Options", () => {
-	describe("Production vs Development", () => {
+  describe("Production vs Development", () => {
-		it("should set secure=true in production", () => {
+    it("should set secure=true in production", () => {
-			const isProduction = true;
+      const isProduction = true;
      const cookieOptions = {
        httpOnly: true,
        sameSite: "lax" as const,
        secure: isProduction,
        path: "/",
      };
      expect(cookieOptions.secure).toBe(true);
    });
-			const cookieOptions = {
+    it("should set secure=false in development", () => {
-				httpOnly: true,
+      const isProduction = false;
-				sameSite: "lax" as const,
+      
-				secure: isProduction,
+      const cookieOptions = {
-				path: "/",
+        httpOnly: true,
-			};
+        sameSite: "lax" as const,
-
+        secure: isProduction,
-			expect(cookieOptions.secure).toBe(true);
+        path: "/",
-		});
+      };
-
+      
-		it("should set secure=false in development", () => {
+      expect(cookieOptions.secure).toBe(false);
-			const isProduction = false;
+    });
-
+  });
 			const cookieOptions = {
 				httpOnly: true,
 				sameSite: "lax" as const,
 				secure: isProduction,
 				path: "/",
 			};
 			expect(cookieOptions.secure).toBe(false);
 		});
 	});
 });
 describe("Rate Limiting", () => {
-	it("should configure rate limit settings", () => {
+  it("should configure rate limit settings", () => {
-		const rateLimitConfig = {
+    const rateLimitConfig = {
-			max: 300,
+      max: 100,
-			timeWindow: "1 minute",
+      timeWindow: "1 minute",
-		};
+    };
-
+    
-		expect(rateLimitConfig.max).toBe(300);
+    expect(rateLimitConfig.max).toBe(100);
-		expect(rateLimitConfig.timeWindow).toBe("1 minute");
+    expect(rateLimitConfig.timeWindow).toBe("1 minute");
-	});
+  });
 });
 describe("JWT Configuration", () => {
-	it("should configure JWT with auth enabled", () => {
+  it("should configure JWT with auth enabled", () => {
-		const authEnabled = true;
+    const authEnabled = true;
-		const jwtSecret = "my-super-secret-jwt-key";
+    const jwtSecret = "my-super-secret-jwt-key";
    const jwtConfig = {
      secret: authEnabled && jwtSecret ? jwtSecret : "auth-disabled-no-secret-needed",
      cookie: { cookieName: "access_token", signed: false },
    };
    expect(jwtConfig.secret).toBe(jwtSecret);
    expect(jwtConfig.cookie.cookieName).toBe("access_token");
    expect(jwtConfig.cookie.signed).toBe(false);
  });
-		const jwtConfig = {
+  it("should use dummy secret with auth disabled", () => {
-			secret: authEnabled && jwtSecret ? jwtSecret : "auth-disabled-no-secret-needed",
+    const authEnabled = false;
-			cookie: { cookieName: "access_token", signed: false },
+    const jwtSecret = undefined;
-		};
+    
-
+    const jwtConfig = {
-		expect(jwtConfig.secret).toBe(jwtSecret);
+      secret: authEnabled && jwtSecret ? jwtSecret : "auth-disabled-no-secret-needed",
-		expect(jwtConfig.cookie.cookieName).toBe("access_token");
+      cookie: { cookieName: "access_token", signed: false },
-		expect(jwtConfig.cookie.signed).toBe(false);
+    };
-	});
+    
-
+    expect(jwtConfig.secret).toBe("auth-disabled-no-secret-needed");
-	it("should use dummy secret with auth disabled", () => {
+  });
 		const authEnabled = false;
 		const jwtSecret = undefined;
 		const jwtConfig = {
 			secret: authEnabled && jwtSecret ? jwtSecret : "auth-disabled-no-secret-needed",
 			cookie: { cookieName: "access_token", signed: false },
 		};
 		expect(jwtConfig.secret).toBe("auth-disabled-no-secret-needed");
 	});
 });
 describe("Multipart Configuration", () => {
-	it("should set file size limit to 10MB", () => {
+  it("should set file size limit to 10MB", () => {
-		const fileSizeLimit = 10 * 1024 * 1024;
+    const fileSizeLimit = 10 * 1024 * 1024;
-
+    
-		expect(fileSizeLimit).toBe(10485760);
+    expect(fileSizeLimit).toBe(10485760);
-	});
+  });
 });
@@ -2,17 +2,17 @@
 * Test setup and utilities for MedAssist backend API tests.
 * Uses in-memory SQLite for isolation between test files.
 */
-
+import Fastify, { FastifyInstance } from "fastify";
 import { dirname, resolve } from "node:path";
 import { fileURLToPath } from "node:url";
 import cookie from "@fastify/cookie";
 import jwt from "@fastify/jwt";
 import fastifyMultipart from "@fastify/multipart";
 import sensible from "@fastify/sensible";
-import { type Client, createClient } from "@libsql/client";
+import fastifyMultipart from "@fastify/multipart";
 import { createClient, Client } from "@libsql/client";
 import { drizzle } from "drizzle-orm/libsql";
 import { migrate } from "drizzle-orm/libsql/migrator";
-import Fastify, { type FastifyInstance } from "fastify";
+import { beforeAll, afterAll, beforeEach } from "vitest";
 import { resolve, dirname } from "path";
 import { fileURLToPath } from "url";
 // Get migrations folder path
 const __filename = fileURLToPath(import.meta.url);
@@ -26,9 +26,9 @@ export type TestDb = ReturnType<typeof drizzle>;
 // Test App Builder
 // =============================================================================
 export interface TestContext {
-	app: FastifyInstance;
+  app: FastifyInstance;
-	db: TestDb;
+  db: TestDb;
-	client: Client;
+  client: Client;
 }
 /**
@@ -36,43 +36,43 @@ export interface TestContext {
 * Each test file gets its own isolated database.
 */
 export async function buildTestApp(): Promise<TestContext> {
-	// Create in-memory SQLite database
+  // Create in-memory SQLite database
-	const client = createClient({ url: ":memory:" });
+  const client = createClient({ url: ":memory:" });
-	const db = drizzle(client);
+  const db = drizzle(client);
-	// Run schema creation
+  // Run schema creation
-	await runTestMigrations(client);
+  await runTestMigrations(client);
-	// Create Fastify app with minimal plugins
+  // Create Fastify app with minimal plugins
-	const app = Fastify({ logger: false });
+  const app = Fastify({ logger: false });
-	await app.register(sensible);
+  await app.register(sensible);
-	await app.register(cookie, { secret: "test-cookie-secret" });
+  await app.register(cookie, { secret: "test-cookie-secret" });
-	await app.register(jwt, {
+  await app.register(jwt, {
-		secret: "test-jwt-secret",
+    secret: "test-jwt-secret",
-		cookie: { cookieName: "access_token", signed: false },
+    cookie: { cookieName: "access_token", signed: false },
-	});
+  });
-	await app.register(fastifyMultipart, { limits: { fileSize: 10 * 1024 * 1024 } });
+  await app.register(fastifyMultipart, { limits: { fileSize: 10 * 1024 * 1024 } });
-	// Decorate config (matches index.ts structure)
+  // Decorate config (matches index.ts structure)
-	app.decorate("config", {
+  app.decorate("config", {
-		accessSecret: "test-jwt-secret",
+    accessSecret: "test-jwt-secret",
-		refreshSecret: "test-refresh-secret",
+    refreshSecret: "test-refresh-secret",
-		accessTtl: 15,
+    accessTtl: 15,
-		refreshTtl: 7,
+    refreshTtl: 7,
-		cookieOptions: { httpOnly: true, sameSite: "lax", secure: false, path: "/" },
+    cookieOptions: { httpOnly: true, sameSite: "lax", secure: false, path: "/" },
-		refreshCookieOptions: { httpOnly: true, sameSite: "lax", secure: false, path: "/" },
+    refreshCookieOptions: { httpOnly: true, sameSite: "lax", secure: false, path: "/" },
-	});
+  });
-	return { app, db, client };
+  return { app, db, client };
 }
 /**
 * Create test database schema using drizzle-kit migrations
 */
 async function runTestMigrations(client: Client): Promise<void> {
-	const db = drizzle(client);
+  const db = drizzle(client);
-	await migrate(db, { migrationsFolder });
+  await migrate(db, { migrationsFolder });
 }
 // =============================================================================
@@ -80,174 +80,193 @@ async function runTestMigrations(client: Client): Promise<void> {
 // =============================================================================
 export interface CreateUserOptions {
-	username?: string;
+  username?: string;
-	authProvider?: string;
+  authProvider?: string;
 }
 /**
 * Create a test user and return the ID
 */
-export async function createTestUser(client: Client, options: CreateUserOptions = {}): Promise<number> {
+export async function createTestUser(
-	const { username = `user_${Date.now()}`, authProvider = "local" } = options;
+  client: Client,
  options: CreateUserOptions = {}
 ): Promise<number> {
  const { username = `user_${Date.now()}`, authProvider = "local" } = options;
-	const result = await client.execute({
+  const result = await client.execute({
-		sql: `INSERT INTO users (username, auth_provider) VALUES (?, ?) RETURNING id`,
+    sql: `INSERT INTO users (username, auth_provider) VALUES (?, ?) RETURNING id`,
-		args: [username, authProvider],
+    args: [username, authProvider],
-	});
+  });
-	return result.rows[0].id as number;
+  return result.rows[0].id as number;
 }
 export interface CreateMedicationOptions {
-	userId: number;
+  userId: number;
-	name?: string;
+  name?: string;
-	genericName?: string;
+  genericName?: string;
-	takenBy?: string[];
+  takenBy?: string[];
-	packCount?: number;
+  packCount?: number;
-	blistersPerPack?: number;
+  blistersPerPack?: number;
-	pillsPerBlister?: number;
+  pillsPerBlister?: number;
-	looseTablets?: number;
+  looseTablets?: number;
-	pillWeightMg?: number;
+  pillWeightMg?: number;
-	expiryDate?: string | null;
+  expiryDate?: string | null;
-	notes?: string | null;
+  notes?: string | null;
-	intakeRemindersEnabled?: boolean;
+  intakeRemindersEnabled?: boolean;
-	/** Array of { usage, every, start } for each blister schedule */
+  /** Array of { usage, every, start } for each blister schedule */
-	blisters?: Array<{ usage: number; every: number; start: string }>;
+  blisters?: Array<{ usage: number; every: number; start: string }>;
 }
 /**
 * Create a test medication and return the ID
 */
-export async function createTestMedication(client: Client, options: CreateMedicationOptions): Promise<number> {
+export async function createTestMedication(
-	const {
+  client: Client,
-		userId,
+  options: CreateMedicationOptions
-		name = "Test Medication",
+): Promise<number> {
-		genericName = null,
+  const {
-		takenBy = [],
+    userId,
-		packCount = 1,
+    name = "Test Medication",
-		blistersPerPack = 1,
+    genericName = null,
-		pillsPerBlister = 10,
+    takenBy = [],
-		looseTablets = 0,
+    packCount = 1,
-		pillWeightMg = null,
+    blistersPerPack = 1,
-		expiryDate = null,
+    pillsPerBlister = 10,
-		notes = null,
+    looseTablets = 0,
-		intakeRemindersEnabled = false,
+    pillWeightMg = null,
-		blisters = [{ usage: 1, every: 1, start: new Date().toISOString() }],
+    expiryDate = null,
-	} = options;
+    notes = null,
    intakeRemindersEnabled = false,
    blisters = [{ usage: 1, every: 1, start: new Date().toISOString() }],
  } = options;
-	// Extract arrays from blisters
+  // Extract arrays from blisters
-	const usageJson = JSON.stringify(blisters.map((b) => b.usage));
+  const usageJson = JSON.stringify(blisters.map((b) => b.usage));
-	const everyJson = JSON.stringify(blisters.map((b) => b.every));
+  const everyJson = JSON.stringify(blisters.map((b) => b.every));
-	const startJson = JSON.stringify(blisters.map((b) => b.start));
+  const startJson = JSON.stringify(blisters.map((b) => b.start));
-	const takenByJson = JSON.stringify(takenBy);
+  const takenByJson = JSON.stringify(takenBy);
-	const result = await client.execute({
+  const result = await client.execute({
-		sql: `INSERT INTO medications (
+    sql: `INSERT INTO medications (
      user_id, name, generic_name, taken_by_json,
      pack_count, blisters_per_pack, pills_per_blister, loose_tablets,
      pill_weight_mg, usage_json, every_json, start_json, expiry_date, notes, intake_reminders_enabled
    ) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?) RETURNING id`,
-		args: [
+    args: [
-			userId,
+      userId,
-			name,
+      name,
-			genericName,
+      genericName,
-			takenByJson,
+      takenByJson,
-			packCount,
+      packCount,
-			blistersPerPack,
+      blistersPerPack,
-			pillsPerBlister,
+      pillsPerBlister,
-			looseTablets,
+      looseTablets,
-			pillWeightMg,
+      pillWeightMg,
-			usageJson,
+      usageJson,
-			everyJson,
+      everyJson,
-			startJson,
+      startJson,
-			expiryDate,
+      expiryDate,
-			notes,
+      notes,
-			intakeRemindersEnabled ? 1 : 0,
+      intakeRemindersEnabled ? 1 : 0,
-		],
+    ],
-	});
+  });
-	return result.rows[0].id as number;
+  return result.rows[0].id as number;
 }
 export interface CreateShareTokenOptions {
-	userId: number;
+  userId: number;
-	takenBy: string;
+  takenBy: string;
-	token?: string;
+  token?: string;
-	scheduleDays?: number;
+  scheduleDays?: number;
-	expiresAt?: number | null;
+  expiresAt?: number | null;
 }
 /**
 * Create a test share token and return the token string
 */
-export async function createTestShareToken(client: Client, options: CreateShareTokenOptions): Promise<string> {
+export async function createTestShareToken(
-	const { userId, takenBy, token = `test_token_${Date.now()}`, scheduleDays = 30, expiresAt = null } = options;
+  client: Client,
  options: CreateShareTokenOptions
 ): Promise<string> {
  const {
    userId,
    takenBy,
    token = `test_token_${Date.now()}`,
    scheduleDays = 30,
    expiresAt = null,
  } = options;
-	await client.execute({
+  await client.execute({
-		sql: `INSERT INTO share_tokens (user_id, token, taken_by, schedule_days, expires_at)
+    sql: `INSERT INTO share_tokens (user_id, token, taken_by, schedule_days, expires_at)
          VALUES (?, ?, ?, ?, ?)`,
-		args: [userId, token, takenBy, scheduleDays, expiresAt],
+    args: [userId, token, takenBy, scheduleDays, expiresAt],
-	});
+  });
-	return token;
+  return token;
 }
 export interface CreateDoseTrackingOptions {
-	userId: number;
+  userId: number;
-	doseId: string;
+  doseId: string;
-	markedBy?: string | null;
+  markedBy?: string | null;
-	takenAt?: number;
+  takenAt?: number;
 }
 /**
 * Create a dose tracking record
 */
-export async function createTestDoseTracking(client: Client, options: CreateDoseTrackingOptions): Promise<void> {
+export async function createTestDoseTracking(
-	const { userId, doseId, markedBy = null, takenAt = Math.floor(Date.now() / 1000) } = options;
+  client: Client,
  options: CreateDoseTrackingOptions
 ): Promise<void> {
  const {
    userId,
    doseId,
    markedBy = null,
    takenAt = Math.floor(Date.now() / 1000),
  } = options;
-	await client.execute({
+  await client.execute({
-		sql: `INSERT INTO dose_tracking (user_id, dose_id, marked_by, taken_at)
+    sql: `INSERT INTO dose_tracking (user_id, dose_id, marked_by, taken_at)
          VALUES (?, ?, ?, ?)`,
-		args: [userId, doseId, markedBy, takenAt],
+    args: [userId, doseId, markedBy, takenAt],
-	});
+  });
 }
 export interface UpdateUserSettingsOptions {
-	userId: number;
+  userId: number;
-	stockCalculationMode?: "automatic" | "manual";
+  stockCalculationMode?: "automatic" | "manual";
-	lowStockDays?: number;
+  lowStockDays?: number;
 	shareStockStatus?: boolean;
 }
 /**
 * Create or update user settings
 */
-export async function setUserSettings(client: Client, options: UpdateUserSettingsOptions): Promise<void> {
+export async function setUserSettings(
-	const { userId, stockCalculationMode = "automatic", lowStockDays = 30, shareStockStatus } = options;
+  client: Client,
  options: UpdateUserSettingsOptions
 ): Promise<void> {
  const { userId, stockCalculationMode = "automatic", lowStockDays = 30 } = options;
-	// Check if settings exist
+  // Check if settings exist
-	const existing = await client.execute({
+  const existing = await client.execute({
-		sql: `SELECT id FROM user_settings WHERE user_id = ?`,
+    sql: `SELECT id FROM user_settings WHERE user_id = ?`,
-		args: [userId],
+    args: [userId],
-	});
+  });
-	if (existing.rows.length > 0) {
+  if (existing.rows.length > 0) {
-		await client.execute({
+    await client.execute({
-			sql: `UPDATE user_settings SET stock_calculation_mode = ?, low_stock_days = ?${shareStockStatus !== undefined ? ", share_stock_status = ?" : ""} WHERE user_id = ?`,
+      sql: `UPDATE user_settings SET stock_calculation_mode = ?, low_stock_days = ? WHERE user_id = ?`,
-			args:
+      args: [stockCalculationMode, lowStockDays, userId],
-				shareStockStatus !== undefined
+    });
-					? [stockCalculationMode, lowStockDays, shareStockStatus ? 1 : 0, userId]
+  } else {
-					: [stockCalculationMode, lowStockDays, userId],
+    await client.execute({
-		});
+      sql: `INSERT INTO user_settings (user_id, stock_calculation_mode, low_stock_days) VALUES (?, ?, ?)`,
-	} else {
+      args: [userId, stockCalculationMode, lowStockDays],
-		await client.execute({
+    });
-			sql: `INSERT INTO user_settings (user_id, stock_calculation_mode, low_stock_days${shareStockStatus !== undefined ? ", share_stock_status" : ""}) VALUES (?, ?, ?${shareStockStatus !== undefined ? ", ?" : ""})`,
+  }
 			args:
 				shareStockStatus !== undefined
 					? [userId, stockCalculationMode, lowStockDays, shareStockStatus ? 1 : 0]
 					: [userId, stockCalculationMode, lowStockDays],
 		});
 	}
 }
 // =============================================================================
@@ -258,22 +277,22 @@ export async function setUserSettings(client: Client, options: UpdateUserSetting
 * Close test app and database connections
 */
 export async function closeTestApp(ctx: TestContext): Promise<void> {
-	await ctx.app.close();
+  await ctx.app.close();
-	ctx.client.close();
+  ctx.client.close();
 }
 /**
 * Clear all data from test database (between tests)
 */
 export async function clearTestData(client: Client): Promise<void> {
-	// Order matters due to foreign keys
+  // Order matters due to foreign keys
-	await client.execute("DELETE FROM refill_history");
+  await client.execute("DELETE FROM refill_history");
-	await client.execute("DELETE FROM dose_tracking");
+  await client.execute("DELETE FROM dose_tracking");
-	await client.execute("DELETE FROM share_tokens");
+  await client.execute("DELETE FROM share_tokens");
-	await client.execute("DELETE FROM refresh_tokens");
+  await client.execute("DELETE FROM refresh_tokens");
-	await client.execute("DELETE FROM user_settings");
+  await client.execute("DELETE FROM user_settings");
-	await client.execute("DELETE FROM medications");
+  await client.execute("DELETE FROM medications");
-	await client.execute("DELETE FROM users");
+  await client.execute("DELETE FROM users");
 }
 // =============================================================================
@@ -1,350 +0,0 @@
 import { dirname, resolve } from "node:path";
 import { fileURLToPath } from "node:url";
 import { migrate } from "drizzle-orm/libsql/migrator";
 import Fastify, { type FastifyInstance } from "fastify";
 import { afterAll, beforeAll, beforeEach, describe, expect, it, vi } from "vitest";
 import { runAlterMigrations } from "../db/db-utils.js";
 const { testClient, testDb, mockedEnv } = vi.hoisted(() => {
 	const { createClient } = require("@libsql/client");
 	const { drizzle } = require("drizzle-orm/libsql");
 	const client = createClient({ url: ":memory:" });
 	const db = drizzle(client);
 	return {
 		testClient: client,
 		testDb: db,
 		mockedEnv: {
 			AUTH_ENABLED: false,
 			OIDC_ENABLED: false,
 			OIDC_PROVIDER_NAME: "SSO",
 			NODE_ENV: "test",
 		},
 	};
 });
 vi.mock("../db/client.js", () => ({
 	db: testDb,
 	migrationsReady: Promise.resolve(),
 }));
 vi.mock("../plugins/env.js", () => ({ env: mockedEnv }));
 vi.mock("../plugins/auth.js", () => ({
 	requireAuth: async () => {},
 	getAnonymousUserId: async () => 1,
 }));
 const { medicationRoutes } = await import("../routes/medications.js");
 const { getMedicationsNeedingReminderForTests } = await import("../services/reminder-scheduler.js");
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = dirname(__filename);
 const migrationsFolder = resolve(__dirname, "../../drizzle");
 async function clearTables() {
 	await testClient.execute("DELETE FROM refill_history");
 	await testClient.execute("DELETE FROM dose_tracking");
 	await testClient.execute("DELETE FROM share_tokens");
 	await testClient.execute("DELETE FROM user_settings");
 	await testClient.execute("DELETE FROM medications");
 	await testClient.execute("DELETE FROM users");
 }
 async function seedAnonymousUser() {
 	await testClient.execute({
 		sql: "INSERT INTO users (id, username, auth_provider, is_active) VALUES (?, ?, ?, 1)",
 		args: [1, "anon", "anonymous"],
 	});
 }
 async function setStockMode(mode: "automatic" | "manual") {
 	await testClient.execute({
 		sql: `INSERT INTO user_settings (user_id, stock_calculation_mode, reminder_days_before, low_stock_days, language)
              VALUES (?, ?, 7, 365, 'en')`,
 		args: [1, mode],
 	});
 }
 async function createMedication(options: {
 	name: string;
 	packCount?: number;
 	blistersPerPack?: number;
 	pillsPerBlister?: number;
 	looseTablets?: number;
 	stockAdjustment?: number;
 	lastStockCorrectionAt?: number | null;
 	isObsolete?: boolean;
 	takenBy?: string[];
 	intakes: Array<{ usage: number; every: number; start: string; takenBy?: string | null }>;
 }) {
 	const {
 		name,
 		packCount = 1,
 		blistersPerPack = 1,
 		pillsPerBlister = 10,
 		looseTablets = 0,
 		stockAdjustment = 0,
 		lastStockCorrectionAt = null,
 		isObsolete = false,
 		takenBy = [],
 		intakes,
 	} = options;
 	const usageJson = JSON.stringify(intakes.map((i) => i.usage));
 	const everyJson = JSON.stringify(intakes.map((i) => i.every));
 	const startJson = JSON.stringify(intakes.map((i) => i.start));
 	const intakesJson = JSON.stringify(
 		intakes.map((i) => ({
 			usage: i.usage,
 			every: i.every,
 			start: i.start,
 			takenBy: i.takenBy ?? null,
 			intakeRemindersEnabled: false,
 		}))
 	);
 	const result = await testClient.execute({
 		sql: `INSERT INTO medications (
        user_id, name, taken_by_json, package_type,
        pack_count, blisters_per_pack, pills_per_blister, loose_tablets,
        stock_adjustment, last_stock_correction_at,
        usage_json, every_json, start_json, intakes_json,
        is_obsolete, intake_reminders_enabled
      ) VALUES (?, ?, ?, 'blister', ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, 0)
      RETURNING id`,
 		args: [
 			1,
 			name,
 			JSON.stringify(takenBy),
 			packCount,
 			blistersPerPack,
 			pillsPerBlister,
 			looseTablets,
 			stockAdjustment,
 			lastStockCorrectionAt,
 			usageJson,
 			everyJson,
 			startJson,
 			intakesJson,
 			isObsolete ? 1 : 0,
 		],
 	});
 	return Number(result.rows[0].id);
 }
 async function markDoseTaken(options: {
 	medicationId: number;
 	blisterIdx: number;
 	doseDateOnlyMs: number;
 	takenAtMs: number;
 	personSuffix?: string;
 }) {
 	const { medicationId, blisterIdx, doseDateOnlyMs, takenAtMs, personSuffix } = options;
 	const baseId = `${medicationId}-${blisterIdx}-${doseDateOnlyMs}`;
 	const doseId = personSuffix ? `${baseId}-${personSuffix}` : baseId;
 	await testClient.execute({
 		sql: "INSERT INTO dose_tracking (user_id, dose_id, taken_at, dismissed) VALUES (?, ?, ?, 0)",
 		args: [1, doseId, Math.floor(takenAtMs / 1000)],
 	});
 }
 async function getUsageRow(app: FastifyInstance, startDate: string, endDate: string, medicationName: string) {
 	const response = await app.inject({
 		method: "POST",
 		url: "/medications/usage",
 		payload: { startDate, endDate },
 	});
 	expect(response.statusCode).toBe(200);
 	const rows = response.json();
 	const row = rows.find((r: { medicationName: string }) => r.medicationName === medicationName);
 	expect(row).toBeDefined();
 	return row;
 }
 function toDateOnlyMs(date: Date) {
 	return new Date(date.getFullYear(), date.getMonth(), date.getDate()).getTime();
 }
 describe("Stock semantics parity (planner usage vs scheduler)", () => {
 	let app: FastifyInstance;
 	beforeAll(async () => {
 		await migrate(testDb, { migrationsFolder });
 		await runAlterMigrations(testClient);
 		app = Fastify({ logger: false });
 		await app.register(medicationRoutes);
 		await app.ready();
 	});
 	afterAll(async () => {
 		await app.close();
 		testClient.close();
 	});
 	beforeEach(async () => {
 		await clearTables();
 		await seedAnonymousUser();
 	});
 	it("keeps automatic mode current stock in sync", async () => {
 		await setStockMode("automatic");
 		const medName = "Auto Sync";
 		await createMedication({
 			name: medName,
 			packCount: 1,
 			blistersPerPack: 1,
 			pillsPerBlister: 10,
 			intakes: [{ usage: 1, every: 1, start: "2026-01-01T08:00:00" }],
 		});
 		const usageRow = await getUsageRow(app, "2026-01-01T00:00:00.000Z", "2026-01-31T23:59:59.999Z", medName);
 		const lowStock = await getMedicationsNeedingReminderForTests(1, 7, 365, "en", "automatic");
 		const schedulerRow = lowStock.find((r) => r.name === medName);
 		expect(schedulerRow).toBeDefined();
 		expect(usageRow.currentPills).toBe(usageRow.totalPills);
 		expect(usageRow.currentPills).toBe(schedulerRow!.medsLeft);
 	});
 	it("keeps manual mode current stock in sync and does not auto-consume", async () => {
 		await setStockMode("manual");
 		const medName = "Manual Sync";
 		await createMedication({
 			name: medName,
 			packCount: 1,
 			blistersPerPack: 1,
 			pillsPerBlister: 10,
 			intakes: [{ usage: 1, every: 1, start: "2026-01-01T08:00:00" }],
 		});
 		const usageRow = await getUsageRow(app, "2026-01-01T00:00:00.000Z", "2026-01-31T23:59:59.999Z", medName);
 		const lowStock = await getMedicationsNeedingReminderForTests(1, 7, 365, "en", "manual");
 		const schedulerRow = lowStock.find((r) => r.name === medName);
 		expect(schedulerRow).toBeDefined();
 		expect(usageRow.currentPills).toBe(10);
 		expect(usageRow.currentPills).toBe(schedulerRow!.medsLeft);
 	});
 	it("respects lastStockCorrectionAt cutoff in manual mode by takenAt", async () => {
 		await setStockMode("manual");
 		const medName = "Manual Correction";
 		const correctionMs = new Date("2026-01-05T12:00:00.000Z").getTime();
 		const medicationId = await createMedication({
 			name: medName,
 			packCount: 1,
 			blistersPerPack: 1,
 			pillsPerBlister: 10,
 			lastStockCorrectionAt: correctionMs,
 			intakes: [{ usage: 1, every: 1, start: "2026-01-01T08:00:00" }],
 		});
 		const jan5DateOnly = toDateOnlyMs(new Date("2026-01-05T00:00:00.000Z"));
 		const jan6DateOnly = toDateOnlyMs(new Date("2026-01-06T00:00:00.000Z"));
 		await markDoseTaken({
 			medicationId,
 			blisterIdx: 0,
 			doseDateOnlyMs: jan5DateOnly,
 			takenAtMs: new Date("2026-01-05T10:00:00.000Z").getTime(),
 		});
 		await markDoseTaken({
 			medicationId,
 			blisterIdx: 0,
 			doseDateOnlyMs: jan6DateOnly,
 			takenAtMs: new Date("2026-01-06T10:00:00.000Z").getTime(),
 		});
 		const usageRow = await getUsageRow(app, "2026-01-01T00:00:00.000Z", "2026-01-31T23:59:59.999Z", medName);
 		const lowStock = await getMedicationsNeedingReminderForTests(1, 7, 365, "en", "manual");
 		const schedulerRow = lowStock.find((r) => r.name === medName);
 		expect(schedulerRow).toBeDefined();
 		expect(usageRow.currentPills).toBe(schedulerRow!.medsLeft);
 	});
 	it("counts early taken dose in automatic mode without drift", async () => {
 		await setStockMode("automatic");
 		const medName = "Early Taken";
 		const now = new Date();
 		const tomorrow = new Date(now);
 		tomorrow.setDate(now.getDate() + 1);
 		tomorrow.setHours(20, 0, 0, 0);
 		const medicationId = await createMedication({
 			name: medName,
 			packCount: 1,
 			blistersPerPack: 1,
 			pillsPerBlister: 10,
 			intakes: [{ usage: 1, every: 1, start: tomorrow.toISOString().slice(0, 19) }],
 		});
 		const tomorrowDateOnly = toDateOnlyMs(tomorrow);
 		await markDoseTaken({
 			medicationId,
 			blisterIdx: 0,
 			doseDateOnlyMs: tomorrowDateOnly,
 			takenAtMs: now.getTime(),
 		});
 		const rangeStart = new Date(now);
 		rangeStart.setDate(now.getDate() - 1);
 		const rangeEnd = new Date(now);
 		rangeEnd.setDate(now.getDate() + 7);
 		const usageRow = await getUsageRow(app, rangeStart.toISOString(), rangeEnd.toISOString(), medName);
 		const lowStock = await getMedicationsNeedingReminderForTests(1, 7, 365, "en", "automatic");
 		const schedulerRow = lowStock.find((r) => r.name === medName);
 		expect(schedulerRow).toBeDefined();
 		expect(usageRow.currentPills).toBe(9);
 		expect(usageRow.currentPills).toBe(schedulerRow!.medsLeft);
 	});
 	it("handles mixed intake-level and fallback takenBy consistently", async () => {
 		await setStockMode("automatic");
 		const medName = "Mixed TakenBy";
 		await createMedication({
 			name: medName,
 			packCount: 2,
 			blistersPerPack: 1,
 			pillsPerBlister: 10,
 			takenBy: ["Alice", "Bob"],
 			intakes: [
 				{ usage: 1, every: 1, start: "2026-01-01T08:00:00", takenBy: "Alice" },
 				{ usage: 1, every: 1, start: "2026-01-01T20:00:00", takenBy: null },
 			],
 		});
 		const usageRow = await getUsageRow(app, "2026-01-01T00:00:00.000Z", "2026-01-31T23:59:59.999Z", medName);
 		const lowStock = await getMedicationsNeedingReminderForTests(1, 7, 365, "en", "automatic");
 		const schedulerRow = lowStock.find((r) => r.name === medName);
 		expect(schedulerRow).toBeDefined();
 		expect(usageRow.currentPills).toBe(schedulerRow!.medsLeft);
 		expect(usageRow.currentPills).toBeLessThan(20);
 	});
 	it("excludes obsolete medications from planner usage and scheduler", async () => {
 		await setStockMode("automatic");
 		await createMedication({
 			name: "Obsolete Med",
 			isObsolete: true,
 			packCount: 1,
 			blistersPerPack: 1,
 			pillsPerBlister: 10,
 			intakes: [{ usage: 1, every: 1, start: "2026-01-01T08:00:00" }],
 		});
 		const response = await app.inject({
 			method: "POST",
 			url: "/medications/usage",
 			payload: { startDate: "2026-01-01T00:00:00.000Z", endDate: "2026-01-31T23:59:59.999Z" },
 		});
 		expect(response.statusCode).toBe(200);
 		expect(response.json().some((r: { medicationName: string }) => r.medicationName === "Obsolete Med")).toBe(false);
 		const lowStock = await getMedicationsNeedingReminderForTests(1, 7, 365, "en", "automatic");
 		expect(lowStock.some((r) => r.name === "Obsolete Med")).toBe(false);
 	});
 });
@@ -1,136 +1,136 @@
 /**
 * Tests for translations module
 */
-import { describe, expect, it } from "vitest";
+import { describe, it, expect } from "vitest";
-import { getDateLocale, getTranslations, type Language, t } from "../i18n/translations.js";
+import { getTranslations, t, getDateLocale, type Language } from "../i18n/translations.js";
 describe("Translations Module", () => {
-	describe("getTranslations", () => {
+  describe("getTranslations", () => {
-		it("should return English translations for 'en'", () => {
+    it("should return English translations for 'en'", () => {
-			const translations = getTranslations("en");
+      const translations = getTranslations("en");
-			expect(translations.stockReminder.title).toContain("MedAssist-ng");
+      expect(translations.stockReminder.title).toContain("MedAssist-ng");
-			expect(translations.common.pills).toBe("pills");
+      expect(translations.common.pills).toBe("pills");
-		});
+    });
-		it("should return German translations for 'de'", () => {
+    it("should return German translations for 'de'", () => {
-			const translations = getTranslations("de");
+      const translations = getTranslations("de");
-			expect(translations.stockReminder.title).toContain("MedAssist-ng");
+      expect(translations.stockReminder.title).toContain("MedAssist-ng");
-			expect(translations.common.pills).toBe("Tabletten");
+      expect(translations.common.pills).toBe("Tabletten");
-		});
+    });
-		it("should fallback to English for unknown language", () => {
+    it("should fallback to English for unknown language", () => {
-			const translations = getTranslations("fr" as Language);
+      const translations = getTranslations("fr" as Language);
-			expect(translations.common.pills).toBe("pills");
+      expect(translations.common.pills).toBe("pills");
-		});
+    });
-		it("should have all required keys in English", () => {
+    it("should have all required keys in English", () => {
-			const translations = getTranslations("en");
+      const translations = getTranslations("en");
      // Stock reminder keys
      expect(translations.stockReminder.subject).toBeDefined();
      expect(translations.stockReminder.title).toBeDefined();
      expect(translations.stockReminder.description).toBeDefined();
      expect(translations.stockReminder.tableHeaders.medication).toBeDefined();
      // Intake reminder keys
      expect(translations.intakeReminder.subject).toBeDefined();
      expect(translations.intakeReminder.title).toBeDefined();
      expect(translations.intakeReminder.pills).toBeDefined();
      expect(translations.intakeReminder.takenBy).toBeDefined();
      // Push notification keys
      expect(translations.push.stockTitle).toBeDefined();
      expect(translations.push.intakeTitle).toBeDefined();
      expect(translations.push.pillsLeft).toBeDefined();
      expect(translations.push.emptySection).toBeDefined();
      expect(translations.push.lowSection).toBeDefined();
    });
-			// Stock reminder keys
+    it("should have all required keys in German", () => {
-			expect(translations.stockReminder.subject).toBeDefined();
+      const translations = getTranslations("de");
-			expect(translations.stockReminder.title).toBeDefined();
+      
-			expect(translations.stockReminder.description).toBeDefined();
+      // Stock reminder keys
-			expect(translations.stockReminder.tableHeaders.medication).toBeDefined();
+      expect(translations.stockReminder.subject).toBeDefined();
      expect(translations.stockReminder.title).toBeDefined();
      expect(translations.stockReminder.description).toBeDefined();
      expect(translations.stockReminder.tableHeaders.medication).toBe("Medikament");
      // Intake reminder keys
      expect(translations.intakeReminder.subject).toBeDefined();
      expect(translations.intakeReminder.pills).toBe("Tabletten");
      expect(translations.intakeReminder.takenBy).toBe("für {name}");
    });
  });
-			// Intake reminder keys
+  describe("t (template function)", () => {
-			expect(translations.intakeReminder.subject).toBeDefined();
+    it("should replace single placeholder", () => {
-			expect(translations.intakeReminder.title).toBeDefined();
+      const result = t("Hello {name}!", { name: "World" });
-			expect(translations.intakeReminder.pills).toBeDefined();
+      expect(result).toBe("Hello World!");
-			expect(translations.intakeReminder.takenBy).toBeDefined();
+    });
-			// Push notification keys
+    it("should replace multiple placeholders", () => {
-			expect(translations.push.stockTitle).toBeDefined();
+      const result = t("{count} {type} running low", { count: 3, type: "medications" });
-			expect(translations.push.intakeTitle).toBeDefined();
+      expect(result).toBe("3 medications running low");
-			expect(translations.push.pillsLeft).toBeDefined();
+    });
 			expect(translations.push.emptySection).toBeDefined();
 			expect(translations.push.lowSection).toBeDefined();
 		});
-		it("should have all required keys in German", () => {
+    it("should replace same placeholder multiple times", () => {
-			const translations = getTranslations("de");
+      const result = t("{name} and {name} again", { name: "test" });
      expect(result).toBe("test and test again");
    });
-			// Stock reminder keys
+    it("should leave unmatched placeholders", () => {
-			expect(translations.stockReminder.subject).toBeDefined();
+      const result = t("Hello {name}!", {});
-			expect(translations.stockReminder.title).toBeDefined();
+      expect(result).toBe("Hello {name}!");
-			expect(translations.stockReminder.description).toBeDefined();
+    });
 			expect(translations.stockReminder.tableHeaders.medication).toBe("Medikament");
-			// Intake reminder keys
+    it("should handle numeric values", () => {
-			expect(translations.intakeReminder.subject).toBeDefined();
+      const result = t("{count} pills left", { count: 42 });
-			expect(translations.intakeReminder.pills).toBe("Tabletten");
+      expect(result).toBe("42 pills left");
-			expect(translations.intakeReminder.takenBy).toBe("für {name}");
+    });
 		});
 	});
-	describe("t (template function)", () => {
+    it("should handle empty params object", () => {
-		it("should replace single placeholder", () => {
+      const result = t("No placeholders here", {});
-			const result = t("Hello {name}!", { name: "World" });
+      expect(result).toBe("No placeholders here");
-			expect(result).toBe("Hello World!");
+    });
 		});
-		it("should replace multiple placeholders", () => {
+    it("should work with real translation strings", () => {
-			const result = t("{count} {type} running critically low", { count: 3, type: "medications" });
+      const translations = getTranslations("en");
-			expect(result).toBe("3 medications running critically low");
+      
-		});
+      // Stock reminder subject
      const subject = t(translations.stockReminder.subject, { count: 3, s: "s" });
      expect(subject).toBe("MedAssist-ng Auto-Reminder: 3 Medications Running Low");
      // Intake reminder description
      const description = t(translations.intakeReminder.description, { minutes: 30 });
      expect(description).toBe("Time to take your medication in 30 minutes:");
      // Push notification
      const push = t(translations.push.pillsAt, { count: 2, time: "08:00" });
      expect(push).toBe("2 pills at 08:00");
    });
-		it("should replace same placeholder multiple times", () => {
+    it("should work with German translations", () => {
-			const result = t("{name} and {name} again", { name: "test" });
+      const translations = getTranslations("de");
-			expect(result).toBe("test and test again");
+      
-		});
+      const subject = t(translations.stockReminder.subject, { count: 2, e: "e" });
      expect(subject).toBe("MedAssist-ng Auto-Erinnerung: 2 Medikamente wird knapp");
      const takenBy = t(translations.intakeReminder.takenBy, { name: "Daniel" });
      expect(takenBy).toBe("für Daniel");
    });
  });
-		it("should leave unmatched placeholders", () => {
+  describe("getDateLocale", () => {
-			const result = t("Hello {name}!", {});
+    it("should return 'en-US' for English", () => {
-			expect(result).toBe("Hello {name}!");
+      expect(getDateLocale("en")).toBe("en-US");
-		});
+    });
-		it("should handle numeric values", () => {
+    it("should return 'de-DE' for German", () => {
-			const result = t("{count} pills left", { count: 42 });
+      expect(getDateLocale("de")).toBe("de-DE");
-			expect(result).toBe("42 pills left");
+    });
 		});
-		it("should handle empty params object", () => {
+    it("should return 'en-US' for unknown language", () => {
-			const result = t("No placeholders here", {});
+      expect(getDateLocale("fr" as Language)).toBe("en-US");
-			expect(result).toBe("No placeholders here");
+    });
-		});
+  });
 		it("should work with real translation strings", () => {
 			const translations = getTranslations("en");
 			// Stock reminder subject
 			const subject = t(translations.stockReminder.subject, { count: 3, s: "s" });
 			expect(subject).toBe("MedAssist-ng: ⚠️ 3 Medications Running Critically Low");
 			// Intake reminder description
 			const description = t(translations.intakeReminder.description, { minutes: 30 });
 			expect(description).toBe("Time to take your medication in 30 minutes:");
 			// Push notification
 			const push = t(translations.push.pillsAt, { count: 2, time: "08:00" });
 			expect(push).toBe("2 pills at 08:00");
 		});
 		it("should work with German translations", () => {
 			const translations = getTranslations("de");
 			const subject = t(translations.stockReminder.subject, { count: 2, e: "e" });
 			expect(subject).toBe("MedAssist-ng: ⚠️ 2 Medikamente kritisch niedrig");
 			const takenBy = t(translations.intakeReminder.takenBy, { name: "Daniel" });
 			expect(takenBy).toBe("für Daniel");
 		});
 	});
 	describe("getDateLocale", () => {
 		it("should return 'en-US' for English", () => {
 			expect(getDateLocale("en")).toBe("en-US");
 		});
 		it("should return 'de-DE' for German", () => {
 			expect(getDateLocale("de")).toBe("de-DE");
 		});
 		it("should return 'en-US' for unknown language", () => {
 			expect(getDateLocale("fr" as Language)).toBe("en-US");
 		});
 	});
 });
@@ -3,32 +3,32 @@ import "@fastify/jwt";
 // User type for authenticated requests
 export interface AuthUser {
-	id: number;
+  id: number;
-	username: string;
+  username: string;
-	role: string;
+  role: string;
 }
 declare module "fastify" {
-	interface FastifyInstance {
+  interface FastifyInstance {
-		config: {
+    config: {
-			accessSecret: string;
+      accessSecret: string;
-			refreshSecret: string;
+      refreshSecret: string;
-			accessTtl: number;
+      accessTtl: number;
-			refreshTtl: number;
+      refreshTtl: number;
-			cookieOptions: import("@fastify/cookie").CookieSerializeOptions;
+      cookieOptions: import("@fastify/cookie").CookieSerializeOptions;
-			refreshCookieOptions: import("@fastify/cookie").CookieSerializeOptions;
+      refreshCookieOptions: import("@fastify/cookie").CookieSerializeOptions;
-		};
+    };
-	}
+  }
-
+  
-	interface FastifyRequest {
+  interface FastifyRequest {
-		user?: AuthUser | null;
+    user?: AuthUser | null;
-	}
+  }
 }
 declare module "@fastify/jwt" {
-	interface FastifyJWT {
+  interface FastifyJWT {
-		// Allow flexible payload for access and refresh tokens
+    // Allow flexible payload for access and refresh tokens
-		payload: Record<string, unknown>;
+    payload: Record<string, unknown>;
-		user: Record<string, unknown>;
+    user: Record<string, unknown>;
-	}
+  }
 }
@@ -1,46 +0,0 @@
 /**
 * Simple startup logger that respects LOG_LEVEL environment variable.
 * Used for code that runs before Fastify is initialized (db/client.ts, migrations).
 * Once Fastify is running, use app.log instead.
 */
 const LOG_LEVELS: Record<string, number> = {
 	silent: 60,
 	fatal: 60,
 	error: 50,
 	warn: 40,
 	info: 30,
 	debug: 20,
 	trace: 10,
 };
 function getLevel(): number {
 	const envLevel = (process.env.LOG_LEVEL || "info").toLowerCase();
 	return LOG_LEVELS[envLevel] ?? LOG_LEVELS.info;
 }
 function shouldLog(level: string): boolean {
 	return LOG_LEVELS[level] >= getLevel();
 }
 export const log = {
 	debug(msg: string): void {
 		if (shouldLog("debug")) console.log(msg);
 	},
 	info(msg: string): void {
 		if (shouldLog("info")) console.log(msg);
 	},
 	warn(msg: string): void {
 		if (shouldLog("warn")) console.warn(msg);
 	},
 	error(msg: string): void {
 		if (shouldLog("error")) console.error(msg);
 	},
 };
 /** Logger interface for services that receive a logger from the caller */
 export type ServiceLogger = {
 	info: (msg: string) => void;
 	debug: (msg: string) => void;
 	error: (msg: string) => void;
 };
@@ -5,259 +5,146 @@
 import { getDateLocale, type Language } from "../i18n/translations.js";
 // Legacy type - individual blister schedule (DEPRECATED: use Intake instead)
 export type Blister = { usage: number; every: number; start: string };
 // New unified intake type with per-intake takenBy
 export type Intake = {
 	usage: number;
 	every: number;
 	start: string;
 	takenBy: string | null; // Person taking this specific intake (null = use medication-level takenBy)
 	intakeRemindersEnabled: boolean;
 };
 // =============================================================================
 // Timezone utilities
 // =============================================================================
 /** Get current timezone from TZ env variable or default to UTC */
 export function getTimezone(): string {
-	return process.env.TZ || "UTC";
+  return process.env.TZ || "UTC";
 }
 /** Format a date in the configured timezone */
 export function formatInTimezone(date: Date, tz?: string): string {
-	return date.toLocaleString("de-DE", {
+  return date.toLocaleString("de-DE", { 
-		timeZone: tz ?? getTimezone(),
+    timeZone: tz ?? getTimezone(),
-		day: "2-digit",
+    day: "2-digit",
-		month: "2-digit",
+    month: "2-digit",
-		year: "numeric",
+    year: "numeric",
-		hour: "2-digit",
+    hour: "2-digit",
-		minute: "2-digit",
+    minute: "2-digit"
-	});
+  });
 }
 /** Get current hour in the configured timezone */
 export function getCurrentHourInTimezone(tz?: string): number {
-	const now = new Date();
+  const now = new Date();
-	const timeStr = now.toLocaleString("en-US", {
+  const timeStr = now.toLocaleString("en-US", { 
-		timeZone: tz ?? getTimezone(),
+    timeZone: tz ?? getTimezone(), 
-		hour: "numeric",
+    hour: "numeric", 
-		hour12: false,
+    hour12: false 
-	});
+  });
-	return parseInt(timeStr, 10);
+  return parseInt(timeStr, 10);
 }
 /** Get today's date string in the configured timezone (YYYY-MM-DD) */
 export function getTodayInTimezone(tz?: string): string {
-	const now = new Date();
+  const now = new Date();
-	const parts = now.toLocaleDateString("en-CA", { timeZone: tz ?? getTimezone() }).split("-");
+  const parts = now.toLocaleDateString("en-CA", { timeZone: tz ?? getTimezone() }).split("-");
-	return parts.join("-"); // YYYY-MM-DD format
+  return parts.join("-"); // YYYY-MM-DD format
 }
 /** Calculate the next scheduled time for a given reminder hour */
 export function getNextScheduledTime(reminderHour: number, tz?: string): Date {
-	const now = new Date();
+  const now = new Date();
-	const timezone = tz ?? getTimezone();
+  const timezone = tz ?? getTimezone();
-
+  
-	// Get current time components in the target timezone
+  // Get current time components in the target timezone
-	const formatter = new Intl.DateTimeFormat("en-US", {
+  const formatter = new Intl.DateTimeFormat("en-US", {
-		timeZone: timezone,
+    timeZone: timezone,
-		year: "numeric",
+    year: "numeric",
-		month: "2-digit",
+    month: "2-digit",
-		day: "2-digit",
+    day: "2-digit",
-		hour: "2-digit",
+    hour: "2-digit",
-		minute: "2-digit",
+    minute: "2-digit",
-		hour12: false,
+    hour12: false
-	});
+  });
-
+  
-	const parts = formatter.formatToParts(now);
+  const parts = formatter.formatToParts(now);
-	const getPart = (type: string) => parts.find((p) => p.type === type)?.value || "0";
+  const getPart = (type: string) => parts.find(p => p.type === type)?.value || "0";
-
+  
-	const currentHour = parseInt(getPart("hour"), 10);
+  const currentHour = parseInt(getPart("hour"), 10);
-	const currentMinute = parseInt(getPart("minute"), 10);
+  const currentMinute = parseInt(getPart("minute"), 10);
-
+  
-	// Calculate if we need tomorrow
+  // Calculate if we need tomorrow
-	const needTomorrow = currentHour > reminderHour || (currentHour === reminderHour && currentMinute > 0);
+  const needTomorrow = currentHour > reminderHour || (currentHour === reminderHour && currentMinute > 0);
-
+  
-	// Handle month overflow simply by adding a day to now if needed
+  // Handle month overflow simply by adding a day to now if needed
-	let targetDate: Date;
+  let targetDate: Date;
-	if (needTomorrow) {
+  if (needTomorrow) {
-		targetDate = new Date(now.getTime() + 24 * 60 * 60 * 1000);
+    targetDate = new Date(now.getTime() + 24 * 60 * 60 * 1000);
-	} else {
+  } else {
-		targetDate = new Date(now);
+    targetDate = new Date(now);
-	}
+  }
-
+  
-	// Get the target date's date string in the timezone
+  // Get the target date's date string in the timezone
-	const targetFormatter = new Intl.DateTimeFormat("en-CA", {
+  const targetFormatter = new Intl.DateTimeFormat("en-CA", {
-		timeZone: timezone,
+    timeZone: timezone,
-		year: "numeric",
+    year: "numeric",
-		month: "2-digit",
+    month: "2-digit",
-		day: "2-digit",
+    day: "2-digit"
-	});
+  });
-	const [targetYear, targetMonth, targetDay] = targetFormatter.format(targetDate).split("-").map(Number);
+  const [targetYear, targetMonth, targetDay] = targetFormatter.format(targetDate).split("-").map(Number);
-
+  
-	// Now we need to find the UTC time that corresponds to reminderHour:00 on targetDate in the target timezone
+  // Now we need to find the UTC time that corresponds to reminderHour:00 on targetDate in the target timezone
-	// Use a search approach: start with a guess and adjust
+  // Use a search approach: start with a guess and adjust
-	const guessUtc = new Date(Date.UTC(targetYear, targetMonth - 1, targetDay, reminderHour, 0, 0, 0));
+  const guessUtc = new Date(Date.UTC(targetYear, targetMonth - 1, targetDay, reminderHour, 0, 0, 0));
-
+  
-	// Check what hour this UTC time corresponds to in the target timezone
+  // Check what hour this UTC time corresponds to in the target timezone
-	const checkFormatter = new Intl.DateTimeFormat("en-US", {
+  const checkFormatter = new Intl.DateTimeFormat("en-US", {
-		timeZone: timezone,
+    timeZone: timezone,
-		hour: "2-digit",
+    hour: "2-digit",
-		hour12: false,
+    hour12: false
-	});
+  });
-
+  
-	// Adjust based on the difference
+  // Adjust based on the difference
-	const guessHour = parseInt(checkFormatter.format(guessUtc), 10);
+  const guessHour = parseInt(checkFormatter.format(guessUtc), 10);
-	const hourDiff = guessHour - reminderHour;
+  const hourDiff = guessHour - reminderHour;
-
+  
-	// Apply correction (if guessHour is higher, we need to subtract time)
+  // Apply correction (if guessHour is higher, we need to subtract time)
-	const correctedUtc = new Date(guessUtc.getTime() - hourDiff * 60 * 60 * 1000);
+  const correctedUtc = new Date(guessUtc.getTime() - hourDiff * 60 * 60 * 1000);
-
+  
-	return correctedUtc;
+  return correctedUtc;
 }
 /** Calculate milliseconds until next check at the given reminder hour */
 export function getMsUntilNextCheck(reminderHour: number, tz?: string): number {
-	const next = getNextScheduledTime(reminderHour, tz);
+  const next = getNextScheduledTime(reminderHour, tz);
-	return next.getTime() - Date.now();
+  return next.getTime() - Date.now();
 }
 // =============================================================================
 // Blister/medication parsing utilities
 // =============================================================================
-/**
+/** Parse blister schedules from JSON columns */
 * Parse an ISO datetime string to local timestamp.
 * Extracts date/time components directly from the string to avoid
 * timezone conversion issues with Z suffix.
 *
 * "2026-01-23T20:55:00" → treated as local time 20:55
 * "2026-01-23T20:55:00.000Z" → also treated as local time 20:55 (Z ignored)
 */
 export function parseLocalDateTime(isoString: string): Date {
 	// Extract components: YYYY-MM-DDTHH:MM:SS (ignore Z and milliseconds)
 	const match = isoString.match(/^(\d{4})-(\d{2})-(\d{2})T(\d{2}):(\d{2}):?(\d{2})?/);
 	if (!match) {
 		// Fallback to Date parsing if format doesn't match
 		return new Date(isoString);
 	}
 	const [, year, month, day, hour, minute, second] = match;
 	// Create date using local time interpretation (no UTC conversion)
 	return new Date(
 		parseInt(year, 10),
 		parseInt(month, 10) - 1, // Month is 0-indexed
 		parseInt(day, 10),
 		parseInt(hour, 10),
 		parseInt(minute, 10),
 		parseInt(second ?? "0", 10)
 	);
 }
 /** Parse blister schedules from JSON columns (DEPRECATED: use parseIntakesJson instead) */
 export function parseBlisters(row: { usageJson: string; everyJson: string; startJson: string }): Blister[] {
-	try {
+  try {
-		const usage = JSON.parse(row.usageJson) as number[];
+    const usage = JSON.parse(row.usageJson) as number[];
-		const every = JSON.parse(row.everyJson) as number[];
+    const every = JSON.parse(row.everyJson) as number[];
-		const start = JSON.parse(row.startJson) as string[];
+    const start = JSON.parse(row.startJson) as string[];
-		const len = Math.min(usage.length, every.length, start.length);
+    const len = Math.min(usage.length, every.length, start.length);
-		const blisters: Blister[] = [];
+    const blisters: Blister[] = [];
-		for (let i = 0; i < len; i++) {
+    for (let i = 0; i < len; i++) {
-			blisters.push({ usage: usage[i], every: every[i], start: start[i] });
+      blisters.push({ usage: usage[i], every: every[i], start: start[i] });
-		}
+    }
-		return blisters;
+    return blisters;
-	} catch {
+  } catch {
-		return [];
+    return [];
-	}
+  }
 }
 /**
 * Parse intakes from the new unified intakesJson format.
 * Falls back to legacy parallel arrays if intakesJson is empty.
 * @param intakesJson - The new unified JSON string
 * @param legacyRow - Optional legacy row with usageJson, everyJson, startJson for fallback
 * @param medicationIntakeRemindersEnabled - Medication-level intakeRemindersEnabled (fallback for legacy)
 */
 export function parseIntakesJson(
 	intakesJson: string | null | undefined,
 	legacyRow?: { usageJson: string; everyJson: string; startJson: string },
 	medicationIntakeRemindersEnabled?: boolean
 ): Intake[] {
 	// Try new format first
 	if (intakesJson) {
 		try {
 			const parsed = JSON.parse(intakesJson);
 			if (Array.isArray(parsed) && parsed.length > 0) {
 				return parsed.map((intake: Record<string, unknown>) => ({
 					usage: typeof intake.usage === "number" ? intake.usage : 0,
 					every: typeof intake.every === "number" ? intake.every : 1,
 					start: typeof intake.start === "string" ? intake.start : new Date().toISOString(),
 					takenBy: typeof intake.takenBy === "string" && intake.takenBy.trim() ? intake.takenBy.trim() : null,
 					intakeRemindersEnabled:
 						typeof intake.intakeRemindersEnabled === "boolean" ? intake.intakeRemindersEnabled : false,
 				}));
 			}
 		} catch {
 			// Fall through to legacy parsing
 		}
 	}
 	// Fallback to legacy parallel arrays
 	if (legacyRow) {
 		const blisters = parseBlisters(legacyRow);
 		return blisters.map((b) => ({
 			usage: b.usage,
 			every: b.every,
 			start: b.start,
 			takenBy: null, // Legacy format has no per-intake takenBy
 			intakeRemindersEnabled: medicationIntakeRemindersEnabled ?? false,
 		}));
 	}
 	return [];
 }
 /**
 * Convert intakes to legacy blister format (for backward compatibility)
 */
 export function intakesToBlisters(intakes: Intake[]): Blister[] {
 	return intakes.map((i) => ({ usage: i.usage, every: i.every, start: i.start }));
 }
 /** Parse takenByJson to array of strings */
 export function parseTakenByJson(takenByJson: string | null | undefined): string[] {
-	if (!takenByJson) return [];
+  if (!takenByJson) return [];
-	try {
+  try {
-		const parsed = JSON.parse(takenByJson);
+    const parsed = JSON.parse(takenByJson);
-		return Array.isArray(parsed) ? parsed.filter((s: unknown) => typeof s === "string" && s.trim()) : [];
+    return Array.isArray(parsed) ? parsed.filter((s: unknown) => typeof s === "string" && s.trim()) : [];
-	} catch {
+  } catch {
-		return [];
+    return [];
-	}
+  }
 }
 /**
 * Get all unique takenBy values from both medication-level and intake-level.
 * Used for filtering and sharing functionality.
 */
 export function getAllTakenByForMedication(medicationTakenBy: string[], intakes: Intake[]): string[] {
 	const allPeople = new Set<string>(medicationTakenBy);
 	for (const intake of intakes) {
 		if (intake.takenBy) {
 			allPeople.add(intake.takenBy);
 		}
 	}
 	return Array.from(allPeople);
 }
 /**
 * Check if a person takes this medication (either via medication-level or intake-level takenBy).
 */
 export function personTakesMedication(person: string, medicationTakenBy: string[], intakes: Intake[]): boolean {
 	if (medicationTakenBy.includes(person)) return true;
 	return intakes.some((intake) => intake.takenBy === person);
 }
 // =============================================================================
@@ -266,26 +153,26 @@ export function personTakesMedication(person: string, medicationTakenBy: string[
 /** Calculate daily usage from blisters */
 export function calculateDailyUsage(blisters: Blister[]): number {
-	return blisters.reduce((sum, s) => sum + s.usage / s.every, 0);
+  return blisters.reduce((sum, s) => sum + s.usage / s.every, 0);
 }
 /** Calculate depletion information for a medication */
 export function calculateDepletionInfo(
-	med: { count: number; blisters: Blister[] },
+  med: { count: number; blisters: Blister[] }, 
-	language: Language
+  language: Language
 ): { daysLeft: number | null; depletionDate: string | null } {
-	const dailyUsage = calculateDailyUsage(med.blisters);
+  const dailyUsage = calculateDailyUsage(med.blisters);
-	if (dailyUsage <= 0) return { daysLeft: null, depletionDate: null };
+  if (dailyUsage <= 0) return { daysLeft: null, depletionDate: null };
-
+  
-	const daysLeft = Math.floor(med.count / dailyUsage);
+  const daysLeft = Math.floor(med.count / dailyUsage);
-	const depletionMs = Date.now() + daysLeft * 86_400_000;
+  const depletionMs = Date.now() + daysLeft * 86_400_000;
-	const depletionDate = new Date(depletionMs).toLocaleDateString(getDateLocale(language), {
+  const depletionDate = new Date(depletionMs).toLocaleDateString(getDateLocale(language), {
-		weekday: "short",
+    weekday: "short",
-		day: "2-digit",
+    day: "2-digit",
-		month: "short",
+    month: "short",
-	});
+  });
-
+  
-	return { daysLeft, depletionDate };
+  return { daysLeft, depletionDate };
 }
 // =============================================================================
@@ -293,187 +180,152 @@ export function calculateDepletionInfo(
 // =============================================================================
 export type UpcomingIntake = {
-	medName: string;
+  medName: string;
-	medicationId?: number;
+  usage: number;
-	blisterIndex?: number;
+  intakeTime: Date;
-	usage: number;
+  intakeTimeStr: string;
-	intakeTime: Date;
+  takenBy: string[];
-	intakeTimeStr: string;
+  pillWeightMg: number | null;
 	takenBy: string | null; // Single person for this intake (null = no specific person)
 	pillWeightMg: number | null;
 	doseUnit?: string;
 };
-/**
+/** 
 * Get all intakes for today (past and future) - used for repeat reminders.
 * Returns all intakes scheduled for today in user's timezone.
 * Now uses per-intake takenBy instead of medication-level.
 */
 export function getTodaysIntakes(
-	medName: string,
+  medName: string, 
-	intakes: Intake[],
+  blisters: Blister[], 
-	_medicationTakenBy: string[], // Medication-level takenBy as fallback
+  takenBy: string[], 
-	pillWeightMg: number | null,
+  pillWeightMg: number | null, 
-	locale: string,
+  locale: string,
-	tz?: string,
+  tz?: string
 	medicationId?: number,
 	doseUnit?: string
 ): UpcomingIntake[] {
-	const timezone = tz ?? getTimezone();
+  const timezone = tz ?? getTimezone();
-	const now = new Date();
+  const now = new Date();
-
+  
-	// Get start and end of today in user's timezone
+  // Get start and end of today in user's timezone
-	const todayStart = new Date(now.toLocaleString("en-US", { timeZone: timezone }));
+  const todayStart = new Date(now.toLocaleString("en-US", { timeZone: timezone }));
-	todayStart.setHours(0, 0, 0, 0);
+  todayStart.setHours(0, 0, 0, 0);
-
+  
-	const todayEnd = new Date(now.toLocaleString("en-US", { timeZone: timezone }));
+  const todayEnd = new Date(now.toLocaleString("en-US", { timeZone: timezone }));
-	todayEnd.setHours(23, 59, 59, 999);
+  todayEnd.setHours(23, 59, 59, 999);
-
+  
-	const result: UpcomingIntake[] = [];
+  const intakes: UpcomingIntake[] = [];
-
+  
-	for (let blisterIdx = 0; blisterIdx < intakes.length; blisterIdx++) {
+  for (const blister of blisters) {
-		const intake = intakes[blisterIdx];
+    const startTime = new Date(blister.start).getTime();
-		const startTime = parseLocalDateTime(intake.start).getTime();
+    const intervalMs = blister.every * 24 * 60 * 60 * 1000;
-		const intervalMs = intake.every * 24 * 60 * 60 * 1000;
+    
-
+    if (intervalMs <= 0) continue;
-		if (intervalMs <= 0) continue;
+    
-
+    // Find all occurrences that fall within today
-		// Determine takenBy for this intake
+    let currentTime = startTime;
-		// If intake has its own takenBy, use it; otherwise null (no specific person)
+    
-		const effectiveTakenBy = intake.takenBy || null;
+    // If start is in the past, calculate the first occurrence on or after todayStart
-
+    if (currentTime < todayStart.getTime()) {
-		// Find all occurrences that fall within today
+      const elapsed = todayStart.getTime() - startTime;
-		let currentTime = startTime;
+      const intervals = Math.floor(elapsed / intervalMs);
-
+      currentTime = startTime + intervals * intervalMs;
-		// If start is in the past, calculate the first occurrence on or after todayStart
+    }
-		if (currentTime < todayStart.getTime()) {
+    
-			const elapsed = todayStart.getTime() - startTime;
+    // Collect all intakes for today
-			const intervals = Math.floor(elapsed / intervalMs);
+    while (currentTime <= todayEnd.getTime()) {
-			currentTime = startTime + intervals * intervalMs;
+      if (currentTime >= todayStart.getTime()) {
-		}
+        const intakeDate = new Date(currentTime);
-
+        intakes.push({
-		// Collect all intakes for today
+          medName,
-		while (currentTime <= todayEnd.getTime()) {
+          usage: blister.usage,
-			if (currentTime >= todayStart.getTime()) {
+          intakeTime: intakeDate,
-				const intakeDate = new Date(currentTime);
+          intakeTimeStr: intakeDate.toLocaleTimeString(locale, { 
-				result.push({
+            hour: "2-digit", 
-					medName,
+            minute: "2-digit",
-					medicationId,
+            timeZone: timezone
-					blisterIndex: blisterIdx,
+          }),
-					usage: intake.usage,
+          takenBy,
-					intakeTime: intakeDate,
+          pillWeightMg,
-					intakeTimeStr: intakeDate.toLocaleTimeString(locale, {
+        });
-						hour: "2-digit",
+      }
-						minute: "2-digit",
+      currentTime += intervalMs;
-						timeZone: timezone,
+    }
-					}),
+  }
-					takenBy: effectiveTakenBy,
+  
-					pillWeightMg,
+  return intakes;
 					doseUnit,
 				});
 			}
 			currentTime += intervalMs;
 		}
 	}
 	return result;
 }
-/**
+/** 
 * Get upcoming intakes that fall within the reminder window.
 * Returns intakes that should be notified about right now.
 * Now uses per-intake takenBy instead of medication-level.
 */
 export function getUpcomingIntakes(
-	medName: string,
+  medName: string, 
-	intakes: Intake[],
+  blisters: Blister[], 
-	minutesBefore: number,
+  minutesBefore: number, 
-	_medicationTakenBy: string[], // Medication-level takenBy as fallback
+  takenBy: string[], 
-	pillWeightMg: number | null,
+  pillWeightMg: number | null, 
-	locale: string,
+  locale: string,
-	tz?: string,
+  tz?: string,
-	nowOverride?: number,
+  nowOverride?: number
 	medicationId?: number,
 	doseUnit?: string
 ): UpcomingIntake[] {
-	const now = nowOverride ?? Date.now();
+  const now = nowOverride ?? Date.now();
-	const timezone = tz ?? getTimezone();
+  const timezone = tz ?? getTimezone();
-
+  
-	// Get the current minute (truncated to minute boundary for precise matching)
+  // Window to detect if "now" is the right time to send reminder
-	const currentMinuteStart = Math.floor(now / 60000) * 60000;
+  // We check if the notify time (intake - minutesBefore) falls within current minute ±1
-	const currentMinuteEnd = currentMinuteStart + 60000;
+  const windowStart = now - 2 * 60 * 1000; // 2 minutes ago (catch slightly late checks)
-
+  const windowEnd = now + 1 * 60 * 1000; // 1 minute from now
-	const upcoming: UpcomingIntake[] = [];
+  
-
+  const upcoming: UpcomingIntake[] = [];
-	for (let blisterIdx = 0; blisterIdx < intakes.length; blisterIdx++) {
+  
-		const intake = intakes[blisterIdx];
+  for (const blister of blisters) {
-		const startTime = parseLocalDateTime(intake.start).getTime();
+    const startTime = new Date(blister.start).getTime();
-		const intervalMs = intake.every * 24 * 60 * 60 * 1000;
+    const intervalMs = blister.every * 24 * 60 * 60 * 1000;
-
+    
-		if (intervalMs <= 0) continue;
+    if (intervalMs <= 0) continue;
-
+    
-		// Determine takenBy for this intake
+    // Find the next scheduled intake time (could be today or in the future)
-		const effectiveTakenBy = intake.takenBy || null;
+    let nextTime = startTime;
-
+    
-		// Find the next scheduled intake time (could be today or in the future)
+    // If start is in the past, calculate occurrences
-		let nextTime = startTime;
+    if (nextTime < now) {
-
+      const elapsed = now - startTime;
-		// If start is in the past, calculate occurrences
+      const intervals = Math.floor(elapsed / intervalMs);
-		if (nextTime < now) {
+      
-			const elapsed = now - startTime;
+      // Check the current occurrence (today's scheduled time, even if past)
-			const intervals = Math.floor(elapsed / intervalMs);
+      const currentOccurrence = startTime + intervals * intervalMs;
-
+      // And the next occurrence
-			// Check the current occurrence (today's scheduled time, even if past)
+      const nextOccurrence = startTime + (intervals + 1) * intervalMs;
-			const currentOccurrence = startTime + intervals * intervalMs;
+      
-			// And the next occurrence
+      // If today's occurrence is within the reminder window, use it
-			const nextOccurrence = startTime + (intervals + 1) * intervalMs;
+      // (intake hasn't happened yet, we should remind)
-
+      const currentNotifyTime = currentOccurrence - minutesBefore * 60 * 1000;
-			// If today's occurrence notification time falls in current minute and intake hasn't happened
+      if (currentNotifyTime >= windowStart && currentOccurrence > now) {
-			const currentNotifyTime = currentOccurrence - minutesBefore * 60 * 1000;
+        nextTime = currentOccurrence;
-			if (currentNotifyTime >= currentMinuteStart && currentOccurrence > now) {
+      } else {
-				nextTime = currentOccurrence;
+        nextTime = nextOccurrence;
-			} else if (currentNotifyTime < currentMinuteStart && currentOccurrence > now) {
+      }
-				// CATCH-UP: The notify window was missed (e.g. due to system sleep/restart)
+    }
-				// but the intake time is still in the future — include it so the advance
+    
-				// reminder can still be sent rather than falling into a dead zone.
+    // Calculate when we should notify for this intake
-				nextTime = currentOccurrence;
+    const notifyTime = nextTime - minutesBefore * 60 * 1000;
-			} else {
+    
-				nextTime = nextOccurrence;
+    if (notifyTime >= windowStart && notifyTime <= windowEnd) {
-			}
+      const intakeDate = new Date(nextTime);
-		}
+      upcoming.push({
-
+        medName,
-		// Calculate when we should notify for this intake
+        usage: blister.usage,
-		const notifyTime = nextTime - minutesBefore * 60 * 1000;
+        intakeTime: intakeDate,
-
+        intakeTimeStr: intakeDate.toLocaleTimeString(locale, { 
-		// Match if:
+          hour: "2-digit", 
-		// 1. notifyTime falls within the current minute (normal case), OR
+          minute: "2-digit",
-		// 2. notifyTime is in the past but intakeTime is still in the future (catch-up
+          timeZone: timezone
-		//    for missed advance reminder window — e.g. scheduler was down during the
+        }),
-		//    exact notification minute due to system sleep, restart, or heavy load)
+        takenBy,
-		const isInCurrentMinute = notifyTime >= currentMinuteStart && notifyTime < currentMinuteEnd;
+        pillWeightMg,
-		const isMissedButStillUpcoming = notifyTime < currentMinuteStart && nextTime > now;
+      });
-
+    }
-		if (isInCurrentMinute || isMissedButStillUpcoming) {
+  }
-			const intakeDate = new Date(nextTime);
+  
-			upcoming.push({
+  return upcoming;
 				medName,
 				medicationId,
 				blisterIndex: blisterIdx,
 				usage: intake.usage,
 				intakeTime: intakeDate,
 				intakeTimeStr: intakeDate.toLocaleTimeString(locale, {
 					hour: "2-digit",
 					minute: "2-digit",
 					timeZone: timezone,
 				}),
 				takenBy: effectiveTakenBy,
 				pillWeightMg,
 				doseUnit,
 			});
 		}
 	}
 	return upcoming;
 }
 // =============================================================================
@@ -481,106 +333,102 @@ export function getUpcomingIntakes(
 // =============================================================================
 export type ReminderState = {
-	lastAutoEmailSent: string | null;
+  lastAutoEmailSent: string | null;
-	lastAutoEmailDate: string | null;
+  lastAutoEmailDate: string | null;
-	notifiedMedications: string[];
+  notifiedMedications: string[];
-	nextScheduledCheck: string | null;
+  nextScheduledCheck: string | null;
-	lastNotificationType: "stock" | "intake" | "prescription" | null;
+  lastNotificationType: "stock" | "intake" | null;
-	lastNotificationChannel: "email" | "push" | "both" | null;
+  lastNotificationChannel: "email" | "push" | "both" | null;
 };
 export type IntakeReminderEntry = {
-	firstSentAt: number; // Timestamp when first reminder was sent
+  firstSentAt: number;   // Timestamp when first reminder was sent
-	lastSentAt: number; // Timestamp when last reminder was sent
+  lastSentAt: number;    // Timestamp when last reminder was sent  
-	sendCount: number; // How many times NAGGING reminder was sent (not counting advance)
+  sendCount: number;     // How many times reminder was sent
 	advanceSent?: boolean; // Whether the advance reminder (15 min before) was sent
 };
 export type IntakeReminderState = {
-	reminders: Record<string, IntakeReminderEntry>; // key -> entry
+  reminders: Record<string, IntakeReminderEntry>;  // key -> entry
 };
 /** Create default reminder state */
 export function createDefaultReminderState(): ReminderState {
-	return {
+  return {
-		lastAutoEmailSent: null,
+    lastAutoEmailSent: null,
-		lastAutoEmailDate: null,
+    lastAutoEmailDate: null,
-		notifiedMedications: [],
+    notifiedMedications: [],
-		nextScheduledCheck: null,
+    nextScheduledCheck: null,
-		lastNotificationType: null,
+    lastNotificationType: null,
-		lastNotificationChannel: null,
+    lastNotificationChannel: null,
-	};
+  };
 }
 /** Create default intake reminder state */
 export function createDefaultIntakeReminderState(): IntakeReminderState {
-	return { reminders: {} };
+  return { reminders: {} };
 }
 /** Parse reminder state from JSON string */
 export function parseReminderState(json: string): ReminderState {
-	try {
+  try {
-		const saved = JSON.parse(json);
+    const saved = JSON.parse(json);
-		return {
+    return {
-			lastAutoEmailSent: saved.lastAutoEmailSent ?? null,
+      lastAutoEmailSent: saved.lastAutoEmailSent ?? null,
-			lastAutoEmailDate: saved.lastAutoEmailDate ?? null,
+      lastAutoEmailDate: saved.lastAutoEmailDate ?? null,
-			notifiedMedications: saved.notifiedMedications ?? [],
+      notifiedMedications: saved.notifiedMedications ?? [],
-			nextScheduledCheck: saved.nextScheduledCheck ?? null,
+      nextScheduledCheck: saved.nextScheduledCheck ?? null,
-			lastNotificationType: saved.lastNotificationType ?? null,
+      lastNotificationType: saved.lastNotificationType ?? null,
-			lastNotificationChannel: saved.lastNotificationChannel ?? null,
+      lastNotificationChannel: saved.lastNotificationChannel ?? null,
-		};
+    };
-	} catch {
+  } catch {
-		return createDefaultReminderState();
+    return createDefaultReminderState();
-	}
+  }
 }
 /** Parse intake reminder state from JSON string (backward compatible) */
 export function parseIntakeReminderState(json: string): IntakeReminderState {
-	try {
+  try {
-		const saved = JSON.parse(json);
+    const saved = JSON.parse(json);
-
+    
-		// Backward compatibility: convert old array format to new map format
+    // Backward compatibility: convert old array format to new map format
-		if (Array.isArray(saved.sentReminders)) {
+    if (Array.isArray(saved.sentReminders)) {
-			const reminders: Record<string, IntakeReminderEntry> = {};
+      const reminders: Record<string, IntakeReminderEntry> = {};
-			const now = Date.now();
+      const now = Date.now();
-			for (const key of saved.sentReminders) {
+      for (const key of saved.sentReminders) {
-				reminders[key] = {
+        reminders[key] = {
-					firstSentAt: now,
+          firstSentAt: now,
-					lastSentAt: now,
+          lastSentAt: now,
-					sendCount: 1,
+          sendCount: 1,
-				};
+        };
-			}
+      }
-			return { reminders };
+      return { reminders };
-		}
+    }
-
+    
-		// New format
+    // New format
-		return {
+    return {
-			reminders: saved.reminders ?? {},
+      reminders: saved.reminders ?? {},
-		};
+    };
-	} catch {
+  } catch {
-		return createDefaultIntakeReminderState();
+    return createDefaultIntakeReminderState();
-	}
+  }
 }
 /** Clean up old intake reminder entries (older than given milliseconds) */
 /** Clean up old intake reminder entries (using timezone-aware day check) */
-export function cleanOldIntakeReminders(
+export function cleanOldIntakeReminders(reminders: Record<string, IntakeReminderEntry>, tz: string): Record<string, IntakeReminderEntry> {
-	reminders: Record<string, IntakeReminderEntry>,
+  // Get start of today in user's timezone
-	tz: string
+  const now = new Date();
-): Record<string, IntakeReminderEntry> {
+  const todayStart = new Date(now.toLocaleString("en-US", { timeZone: tz }));
-	// Get start of today in user's timezone
+  todayStart.setHours(0, 0, 0, 0);
-	const now = new Date();
+  const todayStartMs = todayStart.getTime();
-	const todayStart = new Date(now.toLocaleString("en-US", { timeZone: tz }));
+  
-	todayStart.setHours(0, 0, 0, 0);
+  // Keep only reminders from today onwards (based on dose timestamp in key)
-	const todayStartMs = todayStart.getTime();
+  const cleaned: Record<string, IntakeReminderEntry> = {};
-
+  for (const [key, entry] of Object.entries(reminders)) {
-	// Keep only reminders from today onwards (based on dose timestamp in key)
+    const timestamp = parseInt(key.split(":").pop() || "0", 10);
-	const cleaned: Record<string, IntakeReminderEntry> = {};
+    if (timestamp >= todayStartMs) {
-	for (const [key, entry] of Object.entries(reminders)) {
+      cleaned[key] = entry;
-		const timestamp = parseInt(key.split(":").pop() || "0", 10);
+    }
-		if (timestamp >= todayStartMs) {
+  }
-			cleaned[key] = entry;
+  return cleaned;
 		}
 	}
 	return cleaned;
 }
@@ -3,111 +3,123 @@
 * Exported separately to allow testing without triggering server start.
 */
-import { existsSync, mkdirSync } from "node:fs";
+import { existsSync, mkdirSync } from "fs";
-import { resolve } from "node:path";
+import { resolve } from "path";
 import type { CookieSerializeOptions } from "@fastify/cookie";
 import { getDataDir } from "../db/db-utils.js";
 /**
 * Parse comma-separated CORS origins string
 */
 export function parseCorsOrigins(originsStr: string): string[] {
-	return originsStr
+  return originsStr
-		.split(",")
+    .split(",")
-		.map((o) => o.trim())
+    .map((o) => o.trim())
-		.filter((o) => o.length > 0);
+    .filter((o) => o.length > 0);
 }
 /**
 * Build base cookie options for access token
 */
-export function buildBaseCookieOptions(accessTtlMinutes: number, isProduction: boolean): CookieSerializeOptions {
+export function buildBaseCookieOptions(
-	return {
+  accessTtlMinutes: number,
-		httpOnly: true,
+  isProduction: boolean
-		secure: isProduction,
+): CookieSerializeOptions {
-		sameSite: "lax",
+  return {
-		path: "/",
+    httpOnly: true,
-		maxAge: accessTtlMinutes * 60, // Convert minutes to seconds
+    secure: isProduction,
-	};
+    sameSite: "lax",
    path: "/",
    maxAge: accessTtlMinutes * 60, // Convert minutes to seconds
  };
 }
 /**
 * Build refresh cookie options (extends base with longer TTL)
 */
 export function buildRefreshCookieOptions(
-	baseCookieOptions: CookieSerializeOptions,
+  baseCookieOptions: CookieSerializeOptions,
-	refreshTtlDays: number
+  refreshTtlDays: number
 ): CookieSerializeOptions {
-	return {
+  return {
-		...baseCookieOptions,
+    ...baseCookieOptions,
-		maxAge: refreshTtlDays * 24 * 60 * 60, // Convert days to seconds
+    maxAge: refreshTtlDays * 24 * 60 * 60, // Convert days to seconds
-	};
+  };
 }
 /**
 * Build complete app configuration object
 */
 export interface AppConfigOptions {
-	jwtSecret?: string;
+  jwtSecret?: string;
-	refreshSecret?: string;
+  refreshSecret?: string;
-	accessTtlMinutes: number;
+  accessTtlMinutes: number;
-	refreshTtlDays: number;
+  refreshTtlDays: number;
-	isProduction: boolean;
+  isProduction: boolean;
 }
 export interface AppConfig {
-	accessSecret: string;
+  accessSecret: string;
-	refreshSecret: string;
+  refreshSecret: string;
-	accessTtl: number;
+  accessTtl: number;
-	refreshTtl: number;
+  refreshTtl: number;
-	cookieOptions: CookieSerializeOptions;
+  cookieOptions: CookieSerializeOptions;
-	refreshCookieOptions: CookieSerializeOptions;
+  refreshCookieOptions: CookieSerializeOptions;
 }
 export function buildAppConfig(options: AppConfigOptions): AppConfig {
-	const cookieOptions = buildBaseCookieOptions(options.accessTtlMinutes, options.isProduction);
+  const cookieOptions = buildBaseCookieOptions(
-	const refreshCookieOptions = buildRefreshCookieOptions(cookieOptions, options.refreshTtlDays);
+    options.accessTtlMinutes,
    options.isProduction
  );
  const refreshCookieOptions = buildRefreshCookieOptions(
    cookieOptions,
    options.refreshTtlDays
  );
-	return {
+  return {
-		accessSecret: options.jwtSecret || "",
+    accessSecret: options.jwtSecret || "",
-		refreshSecret: options.refreshSecret || "",
+    refreshSecret: options.refreshSecret || "",
-		accessTtl: options.accessTtlMinutes,
+    accessTtl: options.accessTtlMinutes,
-		refreshTtl: options.refreshTtlDays,
+    refreshTtl: options.refreshTtlDays,
-		cookieOptions,
+    cookieOptions,
-		refreshCookieOptions,
+    refreshCookieOptions,
-	};
+  };
 }
 /**
 * Ensure images directory exists
 */
 export function ensureImagesDirectory(cwd?: string): string {
-	const imagesDir = resolve(getDataDir(cwd), "images");
+  const basePath = cwd || process.cwd();
-	if (!existsSync(imagesDir)) {
+  const imagesDir = resolve(basePath, "data/images");
-		mkdirSync(imagesDir, { recursive: true });
+  if (!existsSync(imagesDir)) {
-	}
+    mkdirSync(imagesDir, { recursive: true });
-	return imagesDir;
+  }
  return imagesDir;
 }
 /**
 * Get JWT configuration based on auth enabled status
 */
 export interface JwtConfig {
-	secret: string;
+  secret: string;
-	cookie: {
+  cookie: {
-		cookieName: string;
+    cookieName: string;
-		signed: boolean;
+    signed: boolean;
-	};
+  };
 }
 export function getJwtConfig(authEnabled: boolean, jwtSecret?: string): JwtConfig {
-	const effectiveSecret = authEnabled && jwtSecret ? jwtSecret : "auth-disabled-no-secret-needed";
+  const effectiveSecret =
    authEnabled && jwtSecret
      ? jwtSecret
      : "auth-disabled-no-secret-needed";
-	return {
+  return {
-		secret: effectiveSecret,
+    secret: effectiveSecret,
-		cookie: {
+    cookie: {
-			cookieName: "access_token",
+      cookieName: "access_token",
-			signed: false,
+      signed: false,
-		},
+    },
-	};
+  };
 }
@@ -14,25 +14,5 @@ export default defineConfig({
    },
    // Timeout for longer integration tests
    testTimeout: 10000,
    coverage: {
      provider: "v8",
      reporter: ["text", "json", "html"],
      include: ["src/**/*.ts"],
      exclude: [
        "src/test/**",
        "src/**/*.d.ts",
        "src/**/index.ts",
        "src/services/**",
        "src/utils/logger.ts",
      ],
      thresholds: {
        global: {
          lines: 60,
          functions: 65,
          branches: 50,
          statements: 60,
        },
      },
    },
  },
 });
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Daniel Volz	dbd2661498	Merge branch 'main' of github.com:DanielVolz/medassist-ng * 'main' of github.com:DanielVolz/medassist-ng: chore: release v1.4.1 (#59)	2026-01-20 19:35:03 +01:00
Daniel Volz	bafde8f689	Merge branch 'main' of git.danielvolz.org:daniel/medassist-ng * 'main' of git.danielvolz.org:daniel/medassist-ng: chore: release v1.4.0	2026-01-20 19:32:48 +01:00
Daniel Volz	8fc9fac8f5	chore: release v1.4.0	2026-01-18 15:12:50 +01:00
		`@@ -1 +0,0 @@`
			ALTER TABLE `user_settings` ADD `share_stock_status` integer DEFAULT true NOT NULL;
		`@@ -1,2 +0,0 @@`
			ALTER TABLE `medications` ADD `is_obsolete` integer DEFAULT false NOT NULL;
			ALTER TABLE `medications` ADD `obsolete_at` integer;
		`@@ -1 +0,0 @@`
			ALTER TABLE `medications` ADD `medication_start_date` text DEFAULT '' NOT NULL;
		`@@ -1 +0,0 @@`
			ALTER TABLE `dose_tracking` ADD `taken_source` text DEFAULT 'manual' NOT NULL;