chore: release v1.25.0

Release version bump for v1.25.0
chore: update test count badges [skip ci]
2026-05-11 21:39:00 +02:00 · 2026-05-11 19:34:12 +00:00 · 2026-05-11 21:29:59 +02:00 · 2026-05-11 17:03:33 +02:00 · 2026-05-11 17:03:28 +02:00 · 2026-05-11 17:03:21 +02:00
130 changed files with 10801 additions and 2996 deletions
@@ -11,35 +11,31 @@ PGID=1000

 PORT=3000
 CORS_ORIGINS=http://localhost:4174
-LOG_LEVEL=warn

-# Levels: debug, info, warn, error, silent
-# Controls: backend Fastify logging, frontend nginx access logs (Docker),
-#           and frontend browser console (via build-time injection)
-#
-# Behavior per level:
-#   debug  — all app logs + all HTTP request logs (including polling endpoints)
-#   info   — all app logs + HTTP request logs, EXCEPT high-frequency polling
-#            (GET /doses/taken, GET /share/:token/doses, GET /health are hidden)
-#   warn   — only warnings and errors
-#   error  — only errors
-#   silent — no logs
+# Server default timezone for scheduled reminders.
+# Users can override this in Settings -> Timezone.
+TZ=Europe/Berlin
+
+# Public base URL used for notification action links.
+# Required for intake reminder action buttons.
+# PUBLIC_APP_URL=https://medassist.example.com
+# If this uses a non-local host, include that origin in CORS_ORIGINS.
+
+# Log level: debug, info, warn, error, silent
+LOG_LEVEL=info

 # Rate limit: max requests per minute per IP (default: 100)
 # Increase for development/testing environments
 # RATE_LIMIT_MAX=100

 # API documentation UI + OpenAPI JSON
-# Default behavior: enabled outside production, disabled in production
-# When enabled, docs are available on /docs and /docs/json.
+# Docs are served on /docs and /docs/json.
+# Default behavior: enabled outside production, disabled in production.
 # Recommended:
-#   development/staging: OPENAPI_DOCS_ENABLED=true
-#   production: leave unset, or set OPENAPI_DOCS_ENABLED=false
+#   development, staging: OPENAPI_DOCS_ENABLED=true
+#   production: leave unset or set OPENAPI_DOCS_ENABLED=false
 # OPENAPI_DOCS_ENABLED=true

-# Timezone for scheduled reminders (e.g., Europe/Berlin, America/New_York)
-TZ=Europe/Berlin
-
 # =============================================================================
 # Authentication (optional - disabled by default for easy setup)
 # =============================================================================
@@ -124,7 +120,7 @@ EXPIRY_WARNING_DAYS=30            # Days before expiry to show yellow warning
 # DEFAULT_EMAIL_INTAKE_REMINDERS=true
 # DEFAULT_EMAIL_PRESCRIPTION_REMINDERS=true

-# Push notifications (ntfy/gotify via Shoutrrr)
+# Push notifications (Shoutrrr URL)
 # DEFAULT_SHOUTRRR_ENABLED=false
 # DEFAULT_SHOUTRRR_URL=
 # DEFAULT_SHOUTRRR_STOCK_REMINDERS=true
@@ -148,6 +144,6 @@ EXPIRY_WARNING_DAYS=30            # Days before expiry to show yellow warning
 # UI defaults
 # DEFAULT_LANGUAGE=en              # en or de
 # DEFAULT_STOCK_CALCULATION_MODE=automatic  # automatic or manual
-# DEFAULT_SHARE_STOCK_STATUS=true  # Show stock status on shared schedule links
+# DEFAULT_SHARE_MEDICATION_OVERVIEW=false  # Show medication overview on shared schedule links
 # DEFAULT_UPCOMING_TODAY_ONLY=false
-# DEFAULT_SHARE_SCHEDULE_TODAY_ONLY=false
+# DEFAULT_SHARE_SCHEDULE_TODAY_ONLY=false
@@ -245,29 +245,10 @@ Apply these rules strictly:

 ## Task 3: Execute Release

-Use the release script — it is **fully non-interactive** (no y/N prompts) and handles the entire flow automatically:
-
-```bash
-./scripts/release.sh <patch|minor|major|x.y.z>
-```
-
-The script performs these steps in order:
-1. Checks out and updates `main`
-2. Creates release branch `chore/release-X.Y.Z`
-3. Bumps version in `backend/package.json` and `frontend/package.json`
-4. Commits, pushes, and creates a PR
-5. Waits for CI checks (with retry logic — polls every 15s, waits up to 10 minutes)
-6. Merges the PR (squash + delete branch)
-7. Creates a signed tag `vX.Y.Z` and pushes it
+Use the manual release flow. The repository no longer uses a public release helper script.

 **Release precondition:** never start the release flow from a dirty or stale mixed workspace. If the repository root contains unrelated/stale diffs, first switch to a clean base that matches the authoritative remote main.

-**The script auto-detects the git remote** (`origin` or `github`) and uses it consistently.
-
-**CI wait behavior:** GitHub Actions can take 10-30 seconds before checks appear on a new PR. The script waits 20 seconds initially, then polls every 15 seconds until checks are registered, then watches them to completion. Maximum wait is 10 minutes.
-
-**On failure:** If CI fails, the script exits with an error. The release branch and PR remain open for inspection. Fix the issue, push to the branch, and the PR will re-run CI. Then merge manually or re-run the script.
-
 ### Version Files (MANDATORY)

 The version number is displayed in the **About modal** (Settings → About) as a single unified app version. This version is a **clickable link** pointing to the corresponding GitHub release (`https://github.com/DanielVolz/medassist-ng/releases/tag/vX.Y.Z`). The version is read from:
@@ -279,7 +260,7 @@ The version number is displayed in the **About modal** (Settings → About) as a
 - The About modal will show the old version
 - The version link will point to a non-existent GitHub release page

-### Manual Release (if script is not available)
+### Manual Release

 1. Create release branch:
   ```bash
@@ -523,8 +504,7 @@ Ready for release?
 7. Check current version (git tag + package.json)
 8. Analyze changes → determine SemVer level
 9. If minor/major: check README.md for needed updates (Task 5)
-10. Run ./scripts/release.sh <patch|minor|major>
-    (or manually: branch → version bump → PR → CI → merge → tag)
+10. Run the manual release flow: branch → version bump → PR → CI → merge → tag
        ↓
 11. Write release notes (mandatory for minor/major)
 12. Publish GitHub release
@@ -1,18 +1,25 @@
 # MedAssist-ng - Copilot Entry Point

-## VERY IMPORTANT
+## VERY IMPORTANT - Prioritized Constraints

+**First: Update Memory and Reports**
 - Always keep agent work memory updated in `doku/memory_notes.md` so progress and decisions remain recoverable across context loss.
+  - If `doku/memory_notes.md` is missing, create it immediately.
 - Always keep a user-facing work report updated in `doku/report.md` so completed work is easy to review.
+  - If `doku/report.md` is missing, create it immediately.
 - This memory/report rule replaces the previous `doku/APP_BEHAVIOR.md` persistence requirement.

-Use `AGENTS.md` as the single source of truth for all governance, workflow, and skill rules.
+**Second: Follow Governance Rules**
+- Consult `AGENTS.md` for governance, workflow, and skill rules when that file exists in the workspace.
+
+When `AGENTS.md` exists in the workspace, use it as the single source of truth for governance, workflow, and skill rules.

 ## Required Startup Steps

-1. Read `AGENTS.md` first.
-2. Identify triggered skills from `AGENTS.md` and read each referenced `SKILL.md` before making changes.
+1. Read `AGENTS.md` first when it exists in the workspace.
+2. If `AGENTS.md` exists, identify triggered skills from it and read each referenced `SKILL.md` before making changes.
 3. Follow delegation boundaries exactly (`@testing-manager` for testing, `@release-manager` for release orchestration).
+4. When work moves into a different thematic area, create or switch to a dedicated local branch or worktree before editing code, and reuse the same branch/worktree for follow-up work inside that same theme.

 ## Scope

@@ -11,7 +11,7 @@ jobs:
    name: Add issue to project
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/add-to-project@v1.0.2
+      - uses: actions/add-to-project@v2.0.0
        with:
          project-url: ${{ vars.PROJECT_URL }}
          github-token: ${{ secrets.ADD_TO_PROJECT_PAT }}
@@ -20,7 +20,7 @@ jobs:
    steps:
      - name: Read Dependabot metadata
        id: metadata
-        uses: dependabot/fetch-metadata@v2
+        uses: dependabot/fetch-metadata@v3
        with:
          github-token: ${{ secrets.GITHUB_TOKEN }}

@@ -196,7 +196,7 @@ jobs:

      - name: Create GitHub Release
        if: steps.check_release.outputs.exists == 'false'
-        uses: softprops/action-gh-release@v2
+        uses: softprops/action-gh-release@v3
        with:
          tag_name: ${{ steps.current_tag.outputs.value }}
          target_commitish: ${{ github.sha }}
@@ -17,7 +17,7 @@ jobs:
      (github.event_name == 'pull_request' && github.event.pull_request.merged == true)
    steps:
      - name: Move project item to Done
-        uses: actions/github-script@v8
+        uses: actions/github-script@v9
        with:
          github-token: ${{ secrets.ADD_TO_PROJECT_PAT }}
          script: |
@@ -12,7 +12,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Sync fields
-        uses: actions/github-script@v8
+        uses: actions/github-script@v9
        with:
          github-token: ${{ secrets.ADD_TO_PROJECT_PAT }}
          script: |
@@ -15,7 +15,7 @@ jobs:
    steps:
      - name: Build weekly summary
        id: summary
-        uses: actions/github-script@v8
+        uses: actions/github-script@v9
        with:
          github-token: ${{ secrets.GITHUB_TOKEN }}
          script: |
@@ -59,7 +59,7 @@ jobs:
            core.setOutput('body', body);

      - name: Publish report issue
-        uses: actions/github-script@v8
+        uses: actions/github-script@v9
        with:
          github-token: ${{ secrets.GITHUB_TOKEN }}
          script: |
@@ -67,12 +67,12 @@ Thumbs.db
 .idea/
 *.sublime-project
 *.sublime-workspace
+/.vscode/settings.json

-# Keep shared VS Code settings
-# .vscode/ is NOT ignored - settings.json is useful for the team
+# Keep shared VS Code workspace files, but ignore personal editor settings.

 # ===================
-# Misc
+# Local-only workspace artifacts (never upstream)
 # ===================
 *.local
 .cache/
@@ -82,19 +82,37 @@ Thumbs.db
 .claude/
 AGENTS.md
 docs/TECH_STACK.md
-doku/
-doku/memory_notes.md
-doku/report.md
-plan/
+/doku/
+/plan/
+/.planning/
 .copilot-tracking/
 .playwright-cli/
+.agents/
+skills-lock.json

 # ===================
-# Local Spec Kit artifacts
+# Local Spec Kit workspace state
 # ===================
 .specify/
 specs/
 docs/SPEC_KIT.md
 .github/agents/medassist-feature-orchestrator.agent.md
 .github/agents/speckit.*.agent.md
-.github/prompts/speckit.*.prompt.md
+.github/prompts/speckit.*.prompt.md
+.github/skills/accessibility/
+.github/skills/frontend-design/
+.github/skills/nodejs-backend-patterns/
+.github/skills/nodejs-best-practices/
+.github/skills/seo/
+.playwright-mcp
+
+# Local GSD/copilot generated workspace artifacts (not for upstream)
+.github/agents/copilot-instructions.md
+.github/agents/gsd-*.agent.md
+.github/agents/medassist-feature-orchestrator.agent.md
+.github/agents/speckit.*.agent.md
+.github/get-shit-done/
+.github/gsd-file-manifest.json
+.github/prompts/speckit.*.prompt.md
+.github/skills/gsd-*/
+ops/medtest/
@@ -0,0 +1,168 @@
+<!-- refreshed: 2026-04-30 -->
+# Architecture
+
+**Analysis Date:** 2026-04-30
+
+## System Overview
+
+```text
+┌─────────────────────────────────────────────────────────────┐
+│                    Frontend SPA (React)                     │
+├──────────────────┬──────────────────┬───────────────────────┤
+│ App Shell/Routes │ Shared State     │ Feature Pages          │
+│ `frontend/src/   │ `frontend/src/   │ `frontend/src/pages/`  │
+│ App.tsx`         │ context/`        │                         │
+└────────┬─────────┴────────┬─────────┴──────────┬────────────┘
+         │                  │                     │
+         ▼                  ▼                     ▼
+┌─────────────────────────────────────────────────────────────┐
+│                  Backend API (Fastify)                      │
+│ `backend/src/index.ts` + `backend/src/routes/`             │
+└─────────────────────────────────────────────────────────────┘
+         │
+         ▼
+┌─────────────────────────────────────────────────────────────┐
+│ SQLite Persistence + Migration Layer                         │
+│ `backend/src/db/schema.ts` + `backend/src/db/client.ts`    │
+└─────────────────────────────────────────────────────────────┘
+```
+
+## Component Responsibilities
+
+| Component | Responsibility | File |
+|-----------|----------------|------|
+| Frontend bootstrap | Mount providers/router and start app tree | `frontend/src/main.tsx` |
+| App router/shell | Public share routes, authenticated shell routes, global modal composition | `frontend/src/App.tsx` |
+| Frontend orchestration | Compose domain hooks and expose app-level state/actions | `frontend/src/context/AppContext.tsx` |
+| API proxy boundary | Rewrite `/api/*` requests to backend root routes | `frontend/vite.config.ts` |
+| Backend composition root | Register plugins/routes, await migrations, start schedulers | `backend/src/index.ts` |
+| Route handlers | HTTP contracts, validation, auth hooks, response shaping | `backend/src/routes/*.ts` |
+| Domain services | Shared domain logic and scheduler behavior | `backend/src/services/*.ts` |
+| Persistence | Table definitions + compatibility migration/runtime initialization | `backend/src/db/schema.ts`, `backend/src/db/client.ts` |
+
+## Pattern Overview
+
+**Overall:** Layered modular monolith (single frontend SPA + single backend process)
+
+**Key Characteristics:**
+- Frontend uses React Router + context/hook composition (`frontend/src/App.tsx`, `frontend/src/context/AppContext.tsx`).
+- Backend uses route modules with shared service modules (`backend/src/routes/medications.ts`, `backend/src/services/medications-service.ts`).
+- Data persistence is centralized in Drizzle schema + startup migrations (`backend/src/db/schema.ts`, `backend/src/db/client.ts`).
+
+## Layers
+
+**Frontend Presentation + Orchestration:**
+- Purpose: Render UI, route navigation, manage client state, invoke API.
+- Location: `frontend/src/main.tsx`, `frontend/src/App.tsx`, `frontend/src/pages/`, `frontend/src/context/`, `frontend/src/hooks/`.
+- Contains: pages, modals, app shell, hook-based API callers.
+- Depends on: backend `/api/*`, i18n, shared frontend utils/types.
+- Used by: browser clients.
+
+**Backend HTTP/API Layer:**
+- Purpose: Expose REST endpoints, authenticate/authorize requests, validate input, map to service/db logic.
+- Location: `backend/src/index.ts`, `backend/src/routes/`, `backend/src/plugins/`.
+- Contains: Fastify app setup, route registration, auth middleware.
+- Depends on: services, db client/schema, env plugin.
+- Used by: frontend SPA and API consumers.
+
+**Domain Services Layer:**
+- Purpose: Reusable business logic for scheduling, notifications, stock math, parsing.
+- Location: `backend/src/services/`, `backend/src/utils/`.
+- Contains: reminder scheduler, notification builders/delivery, medication helpers.
+- Depends on: db models and utilities.
+- Used by: routes and startup process.
+
+**Persistence Layer:**
+- Purpose: Define DB schema and keep existing SQLite instances compatible.
+- Location: `backend/src/db/schema.ts`, `backend/src/db/client.ts`, `backend/drizzle/`.
+- Contains: tables, migration execution, backward-compatible alter migrations.
+- Depends on: Drizzle + libsql client.
+- Used by: routes/services.
+
+## Data Flow
+
+### Primary Request Path
+
+1. Frontend page triggers API call via `/api/*` fetch (`frontend/src/pages/PlannerPage.tsx:307`).
+2. Vite proxy rewrites `/api` prefix to backend route root (`frontend/vite.config.ts:23`, `frontend/vite.config.ts:26`).
+3. Fastify route handles request under `/planner/send-email` with auth + validation (`backend/src/routes/planner.ts:141`, `backend/src/routes/planner.ts:158`).
+4. Route loads user settings and dispatches channel delivery helpers (`backend/src/routes/planner.ts:221`, `backend/src/routes/planner.ts:432`, `backend/src/routes/planner.ts:829`).
+
+### Public Share Flow
+
+1. Frontend routes public token URL to shared schedule view (`frontend/src/App.tsx:35`).
+2. Shared schedule component fetches token payload from `/api/share/:token` (`frontend/src/components/SharedSchedule.tsx:311`).
+3. Backend public share route reads token/settings and returns filtered medication schedule (`backend/src/routes/share.ts:125`, `backend/src/routes/share.ts:156`).
+
+**State Management:**
+- Frontend: context-centric state aggregation (`frontend/src/context/AppContext.tsx:248`, `frontend/src/context/AppContext.tsx:1020`).
+- Backend: DB-backed state with runtime scheduler state persisted through notification state utilities (`backend/src/services/reminder-scheduler.ts:42`).
+
+## Key Abstractions
+
+**Auth Context + Guards:**
+- Purpose: unify session/API-key auth across protected routes.
+- Examples: `backend/src/plugins/auth.ts`, `backend/src/routes/settings.ts`.
+- Pattern: route-level `preHandler` guard plus request decoration (`backend/src/routes/settings.ts:138`, `backend/src/plugins/auth.ts:236`).
+
+**Notification Delivery Contract:**
+- Purpose: keep route-triggered and scheduler-triggered notifications consistent.
+- Examples: `backend/src/routes/planner.ts`, `backend/src/services/reminder-scheduler.ts`, `backend/src/services/notifications/delivery.ts`.
+- Pattern: shared builders/delivery/state helpers imported into both paths (`backend/src/routes/planner.ts:23`, `backend/src/services/reminder-scheduler.ts:39`).
+
+**Frontend App Context Aggregator:**
+- Purpose: centralize shared medication/settings/dose/share/refill state for page/modal consumers.
+- Examples: `frontend/src/context/AppContext.tsx`, `frontend/src/context/ShareContext.tsx`.
+- Pattern: compose domain hooks, expose typed value via provider (`frontend/src/context/AppContext.tsx:248`, `frontend/src/context/AppContext.tsx:1020`).
+
+## Entry Points
+
+**Frontend bootstrap:**
+- Location: `frontend/src/main.tsx`
+- Triggers: browser loads `index.html`.
+- Responsibilities: initialize theme/provider stack and router (`frontend/src/main.tsx:12`, `frontend/src/main.tsx:15`).
+
+**Backend process entry:**
+- Location: `backend/src/index.ts`
+- Triggers: `npm run dev`/`npm start` in backend package.
+- Responsibilities: await migrations, register routes, start HTTP listener and schedulers (`backend/src/index.ts:231`, `backend/src/index.ts:305`, `backend/src/index.ts:309`, `backend/src/index.ts:334`).
+
+## Architectural Constraints
+
+- **Threading:** Single Node.js event loop process with in-process schedulers started at runtime (`backend/src/index.ts:309`, `backend/src/index.ts:323`).
+- **Global state:** Module/global singletons exist in auth and context layers (`backend/src/plugins/auth.ts:15`, `frontend/src/context/AppContext.tsx:222`).
+- **Circular imports:** Not detected from sampled route/service/db/frontend orchestration files.
+- **API boundary:** Frontend network calls must use `/api/*` so proxy rewrite applies (`frontend/vite.config.ts:23`, `frontend/vite.config.ts:26`).
+
+## Anti-Patterns
+
+### Duplicated Backend App Wiring
+
+**What happens:** Route/plugin registration appears in both `createApp(...)` and top-level startup path.
+**Why it's wrong:** Two bootstrap paths increase divergence risk when new routes/plugins are added in one path but not the other.
+**Do this instead:** Keep a single shared app-construction function used by both test/runtime startup paths (`backend/src/index.ts:133`, `backend/src/index.ts:207`, `backend/src/index.ts:289`).
+
+### Oversized Frontend Orchestration Context
+
+**What happens:** `AppContext` aggregates many unrelated concerns (medications, settings, doses, sharing, import/export, modal history) in one large provider.
+**Why it's wrong:** High coupling and broad rerender surface make safe changes harder and increase regression risk.
+**Do this instead:** Preserve existing provider contract, but move new domain concerns into focused hooks/providers and re-export through composition only when needed (`frontend/src/context/AppContext.tsx`, file size ~1035 lines).
+
+## Error Handling
+
+**Strategy:** Fail fast at route boundary with explicit status codes and schema validation, then log context-rich errors.
+
+**Patterns:**
+- Route validation + immediate 400 responses for invalid input (`backend/src/routes/medications.ts:76`, `backend/src/routes/medications.ts:584`).
+- Planner routes return explicit channel/config errors (`backend/src/routes/planner.ts:204`, `backend/src/routes/planner.ts:509`).
+- Frontend captures network errors and maps them to normalized error codes for UI handling (`frontend/src/hooks/useMedications.ts:80`).
+
+## Cross-Cutting Concerns
+
+**Logging:** Fastify logger options configured centrally with environment-aware formatting (`backend/src/index.ts:66`, `backend/src/index.ts:161`).
+**Validation:** Zod validation for medication payloads and explicit OpenAPI schema contracts in routes (`backend/src/routes/medications.ts:76`, `backend/src/routes/planner.ts:157`).
+**Authentication:** Route-level auth hooks and dual API-key/session handling (`backend/src/routes/planner.ts:141`, `backend/src/plugins/auth.ts:113`, `backend/src/plugins/auth.ts:236`).
+
+---
+
+*Architecture analysis: 2026-04-30*
@@ -0,0 +1,122 @@
+# Codebase Concerns
+
+**Analysis Date:** 2026-04-30
+
+## Tech Debt
+
+**Backend startup duplication and config drift:**
+- Issue: `backend/src/index.ts` contains two parallel server setup paths (the exported `createApp(...)` flow and the top-level runtime bootstrap). Plugin/route registration and rate-limit defaults are duplicated in both branches.
+- Files: `backend/src/index.ts`
+- Impact: Configuration behavior can diverge between test/programmatic app construction and production startup (for example, `createApp` uses fixed `rateLimit` max `300`, while runtime startup uses `process.env.RATE_LIMIT_MAX` fallback `100`).
+- Fix approach: Extract one canonical app-construction function and let both runtime startup and tests consume it; remove duplicated registration blocks.
+
+**Notification architecture leakage and duplicated composition logic:**
+- Issue: Notification delivery service code imports a route-layer helper (`sendShoutrrrNotification`) from settings routes, and large HTML/text reminder composition blocks are duplicated across manual and automatic reminder paths.
+- Files: `backend/src/services/notifications/delivery.ts`, `backend/src/routes/settings.ts`, `backend/src/routes/planner.ts`, `backend/src/services/reminder-scheduler.ts`
+- Impact: Layer boundary violations increase coupling, and duplicated notification formatting logic makes behavior regressions likely when changing message content or channel behavior.
+- Fix approach: Move `sendShoutrrrNotification` to a service-layer module, make routes call service APIs only, and centralize email/push payload builders for planner + scheduler flows.
+
+**Migration artifact ambiguity in drizzle numbering:**
+- Issue: There are two migration files with `0008_` prefix, but the journal tracks only one `0008` tag and then jumps to `0009`.
+- Files: `backend/drizzle/0008_add_obsolete_medications.sql`, `backend/drizzle/0008_add_prescription_tracking.sql`, `backend/drizzle/meta/_journal.json`
+- Impact: Developer confusion and higher risk of migration-order mistakes during future schema changes.
+- Fix approach: Align migration file names and journal tags so each migration number is unique and journal order is obvious.
+
+**Monolithic UI/editor and route modules with broad lint suppressions:**
+- Issue: Core interaction files are very large and rely on file-level `biome-ignore-all` suppressions for multiple rule categories.
+- Files: `frontend/src/pages/MedicationsPage.tsx`, `frontend/src/components/MobileEditModal.tsx`, `frontend/src/components/SharedSchedule.tsx`, `frontend/src/components/MedDetailModal.tsx`, `backend/src/routes/medications.ts`
+- Impact: Refactors become high-risk; local regressions are harder to isolate; suppressed rule categories hide legitimate quality issues in future edits.
+- Fix approach: Split by domain slices (state orchestration vs rendering vs helper transforms), then replace file-level suppressions with narrow, local exceptions only where justified.
+
+## Known Bugs
+
+**Environment-dependent behavior mismatch between test app factory and runtime app:**
+- Symptoms: Programmatic app creation and runtime startup can apply different operational defaults (rate limiting and selected config pathways).
+- Files: `backend/src/index.ts`
+- Trigger: Using `createApp(...)` in tests/integration contexts while production startup uses the top-level runtime branch.
+- Workaround: Explicitly pass runtime-equivalent options into `createApp(...)` in tests until startup construction is unified.
+
+## Security Considerations
+
+**Server-side outbound notification surface is broad and sensitive to parser correctness:**
+- Risk: The app performs server-side HTTP requests to user-configurable notification URLs, including multiple protocol handlers (`pushover://`, `telegram://`, `gotify://`, generic webhook URLs).
+- Files: `backend/src/routes/settings.ts`
+- Current mitigation: URL sanitation/validation and hostname checks are present (`sanitizeNotificationUrl`, `validateNotificationHostname` usage in route logic).
+- Recommendations: Add focused security regression tests for sanitizer bypasses and callback URL edge cases, and keep all outbound request execution in a dedicated service layer.
+
+**Auth-off bootstrap path creates implicit default user state:**
+- Risk: In auth-disabled mode, startup creates/relies on a default user path automatically.
+- Files: `backend/src/db/client.ts`
+- Current mitigation: Controlled by `AUTH_ENABLED` environment setting.
+- Recommendations: Add startup log warnings when running without auth outside development and enforce explicit environment confirmation in deployment templates.
+
+## Performance Bottlenecks
+
+**Reminder scheduling uses repeated full scans over users and medication/dose datasets:**
+- Problem: Reminder checks iterate all user settings and compute stock/prescription reminders with repeated in-memory loops over medication and dose collections.
+- Files: `backend/src/services/reminder-scheduler.ts`, `backend/src/utils/scheduler-utils.ts`
+- Cause: Polling/check strategy prioritizes correctness and compatibility over incremental indexing.
+- Improvement path: Introduce incremental candidate selection (changed-medication windows, per-user next-check indices) and reduce repeated whole-set scans.
+
+**Intake reminder scheduler polls every minute and may scale linearly with active schedules:**
+- Problem: Intake reminder check loop runs continuously at 60s interval and processes all due reminders/users each tick.
+- Files: `backend/src/services/intake-reminder-scheduler.ts`
+- Cause: Fixed-interval scheduler (`CHECK_INTERVAL_MS = 60 * 1000`) with loop-driven due-item selection.
+- Improvement path: Move toward next-due-time scheduling or bucketing strategy; keep minute polling as fallback only.
+
+## Fragile Areas
+
+**Reminder state persistence and lock handling mix sync file IO with best-effort catches:**
+- Files: `backend/src/services/notifications/state.ts`, `backend/src/services/reminder-scheduler.ts`
+- Why fragile: Reminder state writes are synchronous file writes and some read paths swallow errors (`catch {}`), while lock/state files are local filesystem coordination primitives.
+- Safe modification: Keep file format backward-compatible, add explicit error telemetry, and add tests for concurrent/failed write scenarios before changing scheduler state logic.
+- Test coverage: No direct tests detected for `notifications/delivery.ts` and only limited direct state-function assertions.
+
+**Desktop/mobile medication edit parity depends on two large independent UI paths:**
+- Files: `frontend/src/pages/MedicationsPage.tsx`, `frontend/src/components/MobileEditModal.tsx`, `frontend/src/components/medications/MedicationEditCoordinator.tsx`
+- Why fragile: The same editing domain is implemented in separate surfaces, each with dense UI logic and custom interaction handling.
+- Safe modification: Apply shared form-section components first, then update desktop and mobile in the same change; validate both paths with targeted tests.
+- Test coverage: Coverage exists (`MedicationEditCoordinator`, `MobileEditModal`, `MedicationDialogs` tests), but parity regressions remain a recurring risk due to file size/complexity.
+
+## Scaling Limits
+
+**Current reminder architecture is single-node/local-state oriented:**
+- Current capacity: Scheduler state and lock coordination are local files under data directory (`reminder-state.json`, `scheduler-locks/*`).
+- Limit: Horizontal multi-instance scaling can duplicate work or require externalized coordination.
+- Scaling path: Move reminder state/locks to DB or distributed lock backend and make scheduler execution leader-aware.
+
+**SQLite file-backed persistence constrains concurrent write scaling:**
+- Current capacity: Single SQLite file with local filesystem path resolution.
+- Limit: Higher write concurrency and distributed deployments will hit filesystem/database locking and throughput limits.
+- Scaling path: Keep SQLite for local/small deployments; define migration path to managed DB for larger multi-user workloads.
+
+## Dependencies at Risk
+
+**Route-to-service coupling in notification stack:**
+- Risk: Service-layer delivery module depends on route-layer helper import.
+- Impact: Refactors of route modules can break unrelated notification infrastructure and complicate testing boundaries.
+- Migration plan: Move shared notification send helpers into `backend/src/services/notifications/*` and keep route modules thin.
+
+## Missing Critical Features
+
+**Risk-driven scheduler stress/integration test suite for state-lock edge cases:**
+- Problem: Complex scheduler/state code paths rely on file coordination and mixed channel delivery outcomes, but dedicated stress/chaos-style verification is limited.
+- Blocks: High-confidence scaling and reliability changes in reminder subsystems.
+
+## Test Coverage Gaps
+
+**Notification delivery abstraction lacks direct unit tests:**
+- What's not tested: Direct behavior of SMTP transport creation/result validation and push delivery helpers in the dedicated delivery module.
+- Files: `backend/src/services/notifications/delivery.ts`
+- Risk: Regressions in recipient validation, SMTP response handling, or provider fallback can ship unnoticed.
+- Priority: High
+
+**Reminder state persistence/locking has limited direct verification:**
+- What's not tested: Corrupted file recovery, concurrent state writes, and lock stale-file behavior under failure modes.
+- Files: `backend/src/services/notifications/state.ts`, `backend/src/services/reminder-scheduler.ts`
+- Risk: Duplicate sends or missed sends after crashes/restarts are difficult to detect early.
+- Priority: High
+
+---
+
+*Concerns audit: 2026-04-30*
@@ -0,0 +1,116 @@
+# Coding Conventions
+
+**Analysis Date:** 2026-04-30
+
+## Naming Patterns
+
+**Files:**
+- Frontend React components and pages use PascalCase file names (for example `frontend/src/components/MobileEditModal.tsx`, `frontend/src/pages/MedicationsPage.tsx`).
+- Hooks use `useX` camelCase naming in files and symbols (for example `frontend/src/hooks/useMedications.ts`, `frontend/src/hooks/useScheduleController.ts`).
+- Backend routes/services use kebab-case file names with domain suffixes (for example `backend/src/routes/medications.ts`, `backend/src/services/medications-service.ts`).
+- Test files use `*.test.ts` or `*.test.tsx` in dedicated test folders (for example `backend/src/test/planner.test.ts`, `frontend/src/test/components/MobileEditModal.test.tsx`).
+
+**Functions:**
+- Use camelCase names for functions and methods (for example `parseIntakesWithUnits` in `backend/src/services/medications-service.ts`, `loadMeds` in `frontend/src/hooks/useMedications.ts`).
+- Use verb-first names for side-effect operations (`loadMeds`, `deleteMed`, `uploadMedImage` in `frontend/src/hooks/useMedications.ts`).
+
+**Variables:**
+- Use camelCase for local variables and state (`refillHistoryExpanded`, `scheduleDays`, `showFutureDays` in `frontend/src/context/AppContext.tsx`).
+- Constant maps and singleton keys use UPPER_SNAKE_CASE (`LOG_LEVELS` in `backend/src/utils/logger.ts`, `APP_CONTEXT_SINGLETON_KEY` in `frontend/src/context/AppContext.tsx`).
+
+**Types:**
+- Type aliases and interfaces use PascalCase (`AppContextValue` in `frontend/src/context/AppContext.tsx`, `TestContext` in `backend/src/test/setup.ts`).
+- Return-shape interfaces use `UseXReturn` convention for hooks (`UseMedicationsReturn` in `frontend/src/hooks/useMedications.ts`).
+
+## Code Style
+
+**Formatting:**
+- Tool used: Biome (`biome.json`, scripts in `frontend/package.json`, `backend/package.json`, `package.json`).
+- Key settings from `biome.json`:
+  - `indentStyle: tab`
+  - `indentWidth: 2`
+  - `lineWidth: 120`
+  - JavaScript quote style is double quotes, semicolons enabled, trailing commas `es5`.
+
+**Linting:**
+- Tool used: Biome linter (`biome.json`).
+- Key rules enforced/relevant:
+  - `style.useConst: error`
+  - `style.noNestedTernary: warn`
+  - `correctness.noUnusedVariables: warn`
+  - `suspicious.noExplicitAny: warn`
+- Project governance in `AGENTS.md` reinforces readable code, early returns, and no nested ternaries.
+
+## Import Organization
+
+**Order:**
+1. Node built-ins first in backend modules (for example `node:path` in `backend/src/routes/medications.ts`, `node:crypto` in `backend/src/index.ts`).
+2. External packages second (`fastify`, `zod`, `drizzle-orm` in backend; `react`, `@testing-library/*` in frontend).
+3. Internal modules last with relative paths (`../db/client.js`, `../../types`).
+
+**Path Aliases:**
+- Not detected in TypeScript configs (`frontend/tsconfig.json`, `backend/tsconfig.json` do not define `paths`).
+- Relative imports are the standard.
+
+## Error Handling
+
+**Patterns:**
+- Backend validates request data with Zod schemas and `.refine(...)` constraints before route logic (`backend/src/routes/medications.ts`).
+- Backend route tests assert explicit status codes and body shape (`backend/src/test/routes-real.test.ts`, `backend/src/test/planner.test.ts`).
+- Frontend hooks often normalize recoverable API errors into UI-safe states (`frontend/src/hooks/useMedications.ts` converts network failures into `NETWORK_ERROR`).
+- Some frontend fetch flows still use tolerant fallbacks (`catch(() => setMeds([]))` in `frontend/src/hooks/useMedications.ts`), so future changes should prefer explicit user-facing error channels per `AGENTS.md` fail-clear guidance.
+
+## Logging
+
+**Framework:**
+- Backend startup logger wrapper over console with level filtering in `backend/src/utils/logger.ts`.
+- Runtime HTTP logging via Fastify logger options in `backend/src/index.ts` (`buildLoggerOptions`, request correlation IDs).
+- Frontend logging utility mirrors backend level semantics (`frontend/src/utils/logger.ts`).
+
+**Patterns:**
+- Central log-level maps (`LOG_LEVELS`) and `shouldLog` gating are standard in both frontend and backend logger modules.
+- Correlation ID propagation is enforced at request boundaries (`backend/src/index.ts` onRequest hook setting `x-correlation-id`).
+
+## Comments
+
+**When to Comment:**
+- Comments are used for rationale and test setup intent, not line-by-line narration.
+- Typical examples:
+  - Migration/setup intent in `backend/src/test/setup.ts`
+  - E2E stability rationale in `frontend/e2e/fixtures/index.ts`
+  - Timeout/determinism notes in `frontend/vitest.config.ts` and `frontend/playwright.base.config.ts`
+
+**JSDoc/TSDoc:**
+- Used selectively for exported utilities and test helpers (`backend/src/test/setup.ts`, `frontend/e2e/fixtures/index.ts`, `frontend/src/utils/logger.ts`).
+- Not mandatory for every function; concise type annotations plus targeted comments are preferred.
+
+## Function Design
+
+**Size:**
+- Small-to-medium focused functions are common in services/hooks (`parseRawIntakeUnits`, `normalizeDateTime` in `backend/src/services/medications-service.ts`).
+- Larger orchestrator modules exist where domain aggregation is required (`frontend/src/context/AppContext.tsx`).
+
+**Parameters:**
+- Object parameters are used for extensibility in test factories and route payload shapes (`CreateMedicationOptions` in `backend/src/test/setup.ts`).
+- Explicit primitive parameters used for concise helpers (`clickEditMed(page, medName)` in `frontend/e2e/medication-edit.spec.ts`).
+
+**Return Values:**
+- Explicit return types are common on exported functions (`Promise<TestContext>`, `UseMedicationsReturn`).
+- Guard-clause returns are common for invalid input or unavailable state (`if (!intakesJson) return [];` in `backend/src/services/medications-service.ts`).
+
+## Module Design
+
+**Exports:**
+- Named exports are preferred for utilities, hooks, and service functions (`backend/src/services/notifications/index.ts`, `frontend/src/hooks/index.ts`).
+- Mixed export style is used where legacy/default exports remain practical (`default` exports in component barrel `frontend/src/components/index.ts`).
+
+**Barrel Files:**
+- Barrel files are actively used for stable import surfaces:
+  - `frontend/src/components/index.ts`
+  - `frontend/src/hooks/index.ts`
+  - `backend/src/services/notifications/index.ts`
+- Practical rule for new code: export domain-level public APIs through local barrels, keep deep internal helpers imported directly.
+
+---
+
+*Convention analysis: 2026-04-30*
@@ -0,0 +1,111 @@
+# External Integrations
+
+**Analysis Date:** 2026-04-30
+
+## APIs & External Services
+
+**Medication Data APIs:**
+- European Medicines Agency (EMA) JSON catalog - medication lookup seed and periodic catalog refresh
+  - SDK/Client: native `fetch` in `backend/src/services/medication-enrichment.ts` (`EMA_MEDICINES_URL`)
+  - Auth: none detected in code
+- RxNorm (NLM RxNav REST) - normalized name/search enrichment and strength/form hints
+  - SDK/Client: native `fetch` in `backend/src/services/medication-enrichment.ts` (`RXNORM_BASE_URL`)
+  - Auth: none detected in code
+- openFDA NDC API - product/package metadata enrichment
+  - SDK/Client: native `fetch` in `backend/src/services/medication-enrichment.ts` (`OPENFDA_NDC_URL`)
+  - Auth: none detected in code
+
+**Authentication/Identity Provider Integration:**
+- OIDC providers (Authelia, Authentik, Pocket ID, Keycloak documented) - SSO login/callback flow
+  - SDK/Client: `openid-client` used in `backend/src/routes/oidc.ts`
+  - Auth: `OIDC_ISSUER_URL`, `OIDC_CLIENT_ID`, `OIDC_CLIENT_SECRET`, `OIDC_REDIRECT_URI` validated in `backend/src/plugins/env.ts`
+
+**Messaging/Notifications:**
+- SMTP providers - transactional reminder/test emails
+  - SDK/Client: `nodemailer` in `backend/src/services/notifications/delivery.ts`
+  - Auth: `SMTP_HOST`, `SMTP_PORT`, `SMTP_USER`, `SMTP_PASS` or `SMTP_TOKEN`, `SMTP_FROM`, `SMTP_SECURE`
+- Push endpoints via Shoutrrr-compatible URL parsing
+  - SDK/Client: native `fetch` in `backend/src/routes/settings.ts` (`sendShoutrrrNotification`)
+  - Auth: URL-embedded creds/token per provider and optional basic auth extracted/sanitized in code
+- Explicit external push provider endpoints used directly:
+  - `https://api.pushover.net/1/messages.json` in `backend/src/routes/settings.ts`
+  - `https://api.telegram.org` in `backend/src/routes/settings.ts`
+
+## Data Storage
+
+**Databases:**
+- SQLite (file-based, local persistent volume)
+  - Connection: `DATA_DIR` (path resolution), optional `DOTENV_PATH` for env source
+  - Client: `@libsql/client` + `drizzle-orm` in `backend/src/db/client.ts`
+- Migration pipeline:
+  - SQL migration artifacts in `backend/drizzle/*.sql`
+  - Runtime migration/alter execution in `backend/src/db/client.ts` and `backend/src/db/migration-utils.ts`
+
+**File Storage:**
+- Local filesystem only
+  - Backend data root resolved by `backend/src/db/path-utils.ts`
+  - Image/static user files served from `/images` in `backend/src/index.ts`
+  - Compose bind mount `./data:/app/data` in `docker-compose.yml`
+
+**Caching:**
+- In-process memory cache only for selected integration data
+  - OIDC discovery config cache in `backend/src/routes/oidc.ts` (`oidcConfig`)
+  - EMA catalog snapshot + refresh promise in `backend/src/services/medication-enrichment.ts`
+- No external cache service detected (no Redis/Memcached dependency in package manifests)
+
+## Authentication & Identity
+
+**Auth Provider:**
+- Custom session/JWT auth with optional OIDC SSO extension
+  - Implementation: Fastify cookie + JWT plugin, refresh token table, API key hashing in `backend/src/plugins/auth.ts`, `backend/src/routes/auth.ts`, `backend/src/plugins/jwt.ts`, `backend/src/routes/oidc.ts`
+
+## Monitoring & Observability
+
+**Error Tracking:**
+- None detected for third-party SaaS error tracking (no Sentry/Rollbar/etc. dependencies)
+
+**Logs:**
+- Structured app logging via Fastify/Pino in `backend/src/index.ts`
+- Pretty logging in dev through `pino-pretty` (`backend/package.json`, logger setup in `backend/src/index.ts`)
+- Frontend/nginx log behavior controlled through env and `frontend/nginx-entrypoint.sh` (documented in `.env.example`)
+
+## CI/CD & Deployment
+
+**Hosting:**
+- Container image publishing to GitHub Container Registry (`ghcr.io`) in `.github/workflows/docker-build.yml`
+- Runtime deployment model is self-hosted Docker Compose stack (`docker-compose.yml`)
+
+**CI Pipeline:**
+- GitHub Actions for lint/type/test (`.github/workflows/test.yml`)
+- Playwright E2E job (`.github/workflows/e2e.yml`)
+- Docker build/push and optional release automation (`.github/workflows/docker-build.yml`)
+
+## Environment Configuration
+
+**Required env vars:**
+- Core runtime: `PORT`, `CORS_ORIGINS`, `LOG_LEVEL`, `TZ` (`backend/src/plugins/env.ts`, `.env.example`)
+- Auth when enabled: `AUTH_ENABLED=true` with `JWT_SECRET`, `REFRESH_SECRET`, `COOKIE_SECRET` (`backend/src/plugins/env.ts`)
+- OIDC when enabled: `OIDC_ENABLED=true` with issuer/client/redirect vars (`backend/src/plugins/env.ts`)
+- Email notifications: `SMTP_HOST`, `SMTP_USER`, plus pass/token and sender config (`backend/src/services/notifications/delivery.ts`, `.env.example`)
+- Data location: `DATA_DIR` used by DB path resolver (`backend/src/db/path-utils.ts`)
+
+**Secrets location:**
+- Local runtime env file `.env` (present in repository root; values not inspected)
+- CI secrets managed by GitHub Actions secret store (e.g., `${{ secrets.GITHUB_TOKEN }}` in `.github/workflows/docker-build.yml`)
+
+## Webhooks & Callbacks
+
+**Incoming:**
+- OIDC callback endpoint: `/auth/oidc/callback` in `backend/src/routes/oidc.ts`
+- No inbound third-party webhook receiver route detected in backend routes
+
+**Outgoing:**
+- Outbound HTTP notifications to webhook-style targets from `sendShoutrrrNotification` in `backend/src/routes/settings.ts`
+- Provider-specific outgoing callbacks/APIs:
+  - Pushover API endpoint
+  - Telegram Bot API endpoint
+- Outbound SMTP delivery through configured mail host (`backend/src/services/notifications/delivery.ts`)
+
+---
+
+*Integration audit: 2026-04-30*
@@ -0,0 +1,86 @@
+# Technology Stack
+
+**Analysis Date:** 2026-04-30
+
+## Languages
+
+**Primary:**
+- TypeScript (ESM) - Backend and frontend application code in `backend/src/**/*.ts` and `frontend/src/**/*.{ts,tsx}`
+- SQL (SQLite migrations) - Schema evolution files in `backend/drizzle/*.sql`
+
+**Secondary:**
+- CSS - UI styling in `frontend/src/**/*.css` and CSS modules such as `frontend/src/features/schedule/TimelineSurface.module.css`
+- YAML - CI/CD and compose configuration in `.github/workflows/*.yml`, `docker-compose.yml`, `docker-compose.dev.yml`
+- Shell - Container/runtime entrypoints in `backend/docker-entrypoint.sh`, `frontend/nginx-entrypoint.sh`
+
+## Runtime
+
+**Environment:**
+- Node.js 22 runtime baseline (`node:22-slim` in `backend/Dockerfile`, `frontend/Dockerfile`; `actions/setup-node@v6` with `node-version: '22'` in `.github/workflows/test.yml` and `.github/workflows/e2e.yml`)
+
+**Package Manager:**
+- npm (scripts in root `package.json`, `backend/package.json`, `frontend/package.json`)
+- Lockfile: present (`backend/package-lock.json`, `frontend/package-lock.json` referenced by workflow cache in `.github/workflows/test.yml`)
+
+## Frameworks
+
+**Core:**
+- Fastify 5 (`fastify`, `@fastify/*` in `backend/package.json`; app bootstrap in `backend/src/index.ts`)
+- React 19 (`react`, `react-dom` in `frontend/package.json`; app entry in `frontend/src/main.tsx`)
+- Vite 8 (`vite` and `@vitejs/plugin-react` in `frontend/package.json`; config in `frontend/vite.config.ts`)
+- Drizzle ORM + libSQL client (`drizzle-orm`, `@libsql/client` in `backend/package.json`; DB init in `backend/src/db/client.ts`)
+- Mantine 8 UI system (`@mantine/*` in `frontend/package.json`; provider in `frontend/src/ui/providers/AppUiProvider.tsx`)
+
+**Testing:**
+- Vitest 4 (`vitest`, `@vitest/coverage-v8` in backend/frontend package manifests; configs in `backend/vitest.config.ts`, `frontend/vitest.config.ts`)
+- Playwright (`@playwright/test` in `frontend/package.json`; configs in `frontend/playwright*.config.ts`; CI run in `.github/workflows/e2e.yml`)
+- Testing Library (`@testing-library/*` in `frontend/package.json`)
+
+**Build/Dev:**
+- TypeScript compiler (`tsc` scripts in `backend/package.json` and frontend type-check via `frontend/package.json`)
+- TSX watcher for backend dev (`tsx watch src/index.ts` in `backend/package.json`)
+- Biome for lint/format (`biome.json`, lint/check scripts across package manifests)
+- Drizzle Kit for DB migration generation (`drizzle-kit` in `backend/package.json`, config in `backend/drizzle.config.ts`)
+
+## Key Dependencies
+
+**Critical:**
+- `fastify` and `@fastify/*` - HTTP API runtime, security middleware, docs middleware (`backend/src/index.ts`)
+- `drizzle-orm` + `@libsql/client` - SQLite data access and migration execution (`backend/src/db/client.ts`)
+- `openid-client` + `jose` - OIDC SSO and token operations (`backend/src/routes/oidc.ts`, `backend/package.json`)
+- `nodemailer` - SMTP notification delivery (`backend/src/services/notifications/delivery.ts`)
+- `react`, `react-router-dom`, `@mantine/*` - SPA UI shell, routing, and component system (`frontend/src/main.tsx`, `frontend/src/App.tsx`)
+- `i18next` + `react-i18next` - Localization runtime (`frontend/src/i18n/index.ts`)
+
+**Infrastructure:**
+- `dotenv` + `zod` - env loading/validation (`backend/src/plugins/env.ts`)
+- `sharp` - image processing pipeline support (`backend/package.json`, image route usage in medication flows)
+- `@fastify/swagger` + `@fastify/swagger-ui` - OpenAPI docs on `/docs` (`backend/src/index.ts`)
+
+## Configuration
+
+**Environment:**
+- Runtime env schema and validation in `backend/src/plugins/env.ts`
+- Example variable inventory in `.env.example`
+- Frontend proxy target via `BACKEND_URL` in `frontend/vite.config.ts` and compose files
+
+**Build:**
+- Backend TS build config: `backend/tsconfig.json`
+- Frontend TS + Vite config: `frontend/tsconfig.json`, `frontend/tsconfig.node.json`, `frontend/vite.config.ts`
+- DB migration tooling config: `backend/drizzle.config.ts`
+- Quality tooling config: `biome.json`
+
+## Platform Requirements
+
+**Development:**
+- Node.js 22 with npm for local runs (`backend/package.json`, `frontend/package.json` scripts)
+- Optional Docker Compose local stack (`docker-compose.dev.yml`)
+- Browser runtime for frontend and Playwright browser binaries for E2E (`frontend/package.json`, `.github/workflows/e2e.yml`)
+
+**Production:**
+- Containerized deployment using prebuilt images from GHCR (`docker-compose.yml` references `ghcr.io/danielvolz/medassist-ng-backend:latest` and `ghcr.io/danielvolz/medassist-ng-frontend:latest`)
+- Backend persistent filesystem for SQLite/data in mounted `./data` (`docker-compose.yml`, DB path resolver in `backend/src/db/path-utils.ts`)
+
+---
+
+*Stack analysis: 2026-04-30*
@@ -0,0 +1,138 @@
+# Codebase Structure
+
+**Analysis Date:** 2026-04-30
+
+## Directory Layout
+
+```
+medassist/
+├── frontend/                 # React + Vite SPA, UI, hooks, page routes, frontend tests
+├── backend/                  # Fastify API, domain services, DB schema/migrations, backend tests
+├── backend/drizzle/          # SQL migration files + drizzle meta journal
+├── docs/                     # Product/ops docs and screenshots
+├── doku/                     # Local-only working notes and reports (ignored)
+├── .github/                  # CI workflows, agents, local skill/runtime metadata
+├── .planning/codebase/       # Generated codebase mapping documents
+├── data/                     # Runtime/local SQLite backups and scheduler files
+└── package.json              # Root workspace scripts for lint orchestration
+```
+
+## Directory Purposes
+
+**frontend/src:**
+- Purpose: Product UI and client-side app logic.
+- Contains: `pages/`, `components/`, `context/`, `hooks/`, `ui/`, `utils/`, `i18n/`, `test/`.
+- Key files: `frontend/src/main.tsx`, `frontend/src/App.tsx`, `frontend/src/context/AppContext.tsx`.
+
+**backend/src:**
+- Purpose: HTTP API, auth, domain services, and persistence access.
+- Contains: `routes/`, `services/`, `plugins/`, `db/`, `utils/`, `test/`.
+- Key files: `backend/src/index.ts`, `backend/src/routes/medications.ts`, `backend/src/routes/planner.ts`, `backend/src/db/client.ts`.
+
+**backend/drizzle:**
+- Purpose: SQL migration history for SQLite compatibility.
+- Contains: numbered migration files and `meta/_journal.json`.
+- Key files: `backend/drizzle/0000_init.sql`, `backend/drizzle/0014_add_user_settings_timezone.sql`.
+
+**frontend/e2e:**
+- Purpose: Playwright end-to-end scenarios and fixtures.
+- Contains: browser tests + auth fixtures.
+- Key files: `frontend/e2e/fixtures/` and spec files under `frontend/e2e/`.
+
+**docs + doku:**
+- Purpose: formal docs (`docs/`) and local-only work tracking (`doku/`).
+- Contains: behavior/spec docs, screenshots, local report/memory logs.
+- Key files: `docs/TECH_STACK.md`, `doku/memory_notes.md`, `doku/report.md`.
+
+## Key File Locations
+
+**Entry Points:**
+- `frontend/src/main.tsx`: Browser bootstrap; mounts providers and router.
+- `frontend/src/App.tsx`: Route graph and global modal/shell orchestration.
+- `backend/src/index.ts`: Fastify app setup + startup runtime.
+
+**Configuration:**
+- `frontend/vite.config.ts`: Dev server, `/api` proxy rewrite, build-time constants.
+- `frontend/vitest.config.ts`: Frontend unit test config.
+- `backend/vitest.config.ts`: Backend unit/integration test config.
+- `backend/drizzle.config.ts`: Drizzle migration configuration.
+- `.gitignore`: Local-only/generated path policy (including `.planning/`, `doku/`, `data/`, coverage/test artifacts).
+
+**Core Logic:**
+- `backend/src/routes/`: API contracts and request handlers.
+- `backend/src/services/`: Scheduler, notifications, medication helpers.
+- `backend/src/db/schema.ts`: Source-of-truth table definitions.
+- `frontend/src/context/`: Shared app orchestration state.
+- `frontend/src/pages/`: Screen-level composition.
+
+**Testing:**
+- `frontend/src/test/`: Frontend unit/component tests.
+- `frontend/e2e/`: Playwright E2E tests.
+- `backend/src/test/`: Backend route/service/db tests.
+
+## Naming Conventions
+
+**Files:**
+- React components/pages use PascalCase: `frontend/src/pages/MedicationsPage.tsx`, `frontend/src/components/MedDetailModal.tsx`.
+- Hooks use `use*` naming: `frontend/src/hooks/useMedications.ts`, `frontend/src/hooks/useSettings.ts`.
+- Backend routes/services use kebab-case: `backend/src/routes/medication-enrichment.ts`, `backend/src/services/reminder-scheduler.ts`.
+- Migrations use numbered descriptive names: `backend/drizzle/0012_add_api_keys_and_package_amount_columns.sql`.
+
+**Directories:**
+- Feature/layer folders are lowercase: `frontend/src/context`, `backend/src/services`.
+- Test directories stay colocated by runtime side (`frontend/src/test`, `backend/src/test`).
+
+## Where to Add New Code
+
+**New Feature:**
+- Primary code:
+  - Frontend UI route/screen: `frontend/src/pages/` (compose from existing `components/`, `hooks/`, `ui/`).
+  - Backend endpoint: `backend/src/routes/` + matching domain logic in `backend/src/services/`.
+  - Persistence additions: `backend/src/db/schema.ts` plus migration updates in `backend/src/db/client.ts` and `backend/drizzle/`.
+- Tests:
+  - Frontend unit/component: `frontend/src/test/`.
+  - Backend unit/integration: `backend/src/test/`.
+  - E2E flow: `frontend/e2e/`.
+
+**New Component/Module:**
+- Implementation:
+  - Shared UI primitive/layout: `frontend/src/ui/`.
+  - Domain-specific UI component: `frontend/src/components/` (or nested feature folder).
+  - Backend reusable domain behavior: `backend/src/services/`.
+
+**Utilities:**
+- Shared helpers:
+  - Frontend: `frontend/src/utils/`.
+  - Backend: `backend/src/utils/`.
+  - DB-specific helpers: `backend/src/db/` focused utility modules.
+
+## Special Directories
+
+**frontend/dist, backend/dist:**
+- Purpose: build output artifacts.
+- Generated: Yes.
+- Committed: No (`dist/` ignored in `.gitignore`).
+
+**frontend/playwright-report, frontend/test-results, frontend/coverage, backend/coverage:**
+- Purpose: test artifacts/reports.
+- Generated: Yes.
+- Committed: No (ignored in `.gitignore`).
+
+**data/:**
+- Purpose: runtime/local DB, reminder state, scheduler locks.
+- Generated: Yes.
+- Committed: No (`data/` ignored in `.gitignore`).
+
+**doku/:**
+- Purpose: local work memory/reporting and internal notes.
+- Generated: Mixed (manual local notes + artifacts).
+- Committed: No (`doku/` ignored in `.gitignore`).
+
+**.planning/codebase/:**
+- Purpose: generated architecture/stack/convention/concern maps for GSD planning/execution.
+- Generated: Yes.
+- Committed: No (`.planning/` ignored by policy in this workspace).
+
+---
+
+*Structure analysis: 2026-04-30*
@@ -0,0 +1,203 @@
+# Testing Patterns
+
+**Analysis Date:** 2026-04-30
+
+## Test Framework
+
+**Runner:**
+- Vitest 4.x for unit/integration tests in both packages:
+  - Frontend config: `frontend/vitest.config.ts`
+  - Backend config: `backend/vitest.config.ts`
+- Config evidence:
+  - Frontend uses `environment: 'jsdom'` with React setup file `frontend/src/test/setup.ts`.
+  - Backend uses `environment: 'node'` with setup file `backend/src/test/setup.ts`.
+
+**Assertion Library:**
+- Vitest `expect`.
+- Frontend extends DOM assertions via `@testing-library/jest-dom` in `frontend/src/test/setup.ts`.
+
+**Run Commands:**
+```bash
+cd frontend && npm test                 # Watch/unit tests
+cd frontend && npm run test:run         # CI-style frontend run
+cd frontend && npm run test:coverage    # Frontend coverage
+cd backend && npm test                  # Watch/unit tests
+cd backend && npm run test:run          # CI-style backend run
+cd backend && npm run test:coverage     # Backend coverage
+cd frontend && npm run test:e2e         # Stable Playwright suite
+cd frontend && npm run test:e2e:all     # Cross-browser Playwright suite
+```
+
+## Test File Organization
+
+**Location:**
+- Backend unit/integration tests are in `backend/src/test/*.test.ts`.
+- Frontend unit/component/hook/context tests are in `frontend/src/test/**`.
+- Browser E2E tests are in `frontend/e2e/*.spec.ts`.
+
+**Naming:**
+- Unit/integration: `*.test.ts` or `*.test.tsx` (for example `backend/src/test/routes-real.test.ts`, `frontend/src/test/components/MedicationDialogs.test.tsx`).
+- E2E: `*.spec.ts` (for example `frontend/e2e/medication-edit.spec.ts`).
+
+**Structure:**
+```
+backend/src/test/
+  setup.ts
+  *.test.ts
+
+frontend/src/test/
+  setup.ts
+  App.test.tsx
+  components/*.test.tsx
+  context/*.test.tsx
+  hooks/*.test.ts
+  pages/*.test.tsx
+  utils/*.test.ts
+
+frontend/e2e/
+  auth.setup.ts
+  fixtures/index.ts
+  *.spec.ts
+```
+
+## Test Structure
+
+**Suite Organization:**
+```typescript
+describe("Feature Area", () => {
+  beforeEach(() => {
+    vi.clearAllMocks();
+  });
+
+  it("handles expected behavior", async () => {
+    // arrange
+    // act
+    // assert
+    expect(result).toEqual(expected);
+  });
+});
+```
+Pattern evidence: `frontend/src/test/components/MobileEditModal.test.tsx`, `backend/src/test/planner.test.ts`.
+
+**Patterns:**
+- Setup pattern:
+  - Frontend centralizes browser mocks in `frontend/src/test/setup.ts` (fetch, localStorage, clipboard, history, i18n).
+  - Backend provides reusable app/database factories in `backend/src/test/setup.ts` (`buildTestApp`, `createTestUser`, `createTestMedication`).
+- Teardown pattern:
+  - `afterAll` closes Fastify app and DB clients (`backend/src/test/planner.test.ts`, `backend/src/test/integration.test.ts`).
+- Assertion pattern:
+  - Route tests assert both HTTP status and response body (`backend/src/test/routes-real.test.ts`).
+  - UI tests assert presence and behavior via Testing Library role/test-id queries (`frontend/src/test/components/MedicationDialogs.test.tsx`).
+
+## Mocking
+
+**Framework:**
+- Vitest mocks (`vi.mock`, `vi.fn`, `vi.hoisted`, `vi.stubGlobal`).
+
+**Patterns:**
+```typescript
+const { testClient, testDb } = vi.hoisted(() => {
+  const client = createClient({ url: ":memory:" });
+  const db = drizzle(client);
+  return { testClient: client, testDb: db };
+});
+
+vi.mock("../db/client.js", () => ({
+  db: testDb,
+  migrationsReady: Promise.resolve(),
+}));
+```
+Pattern evidence: `backend/src/test/integration.test.ts`, `backend/src/test/routes-real.test.ts`.
+
+```typescript
+vi.mock("../../components/ConfirmModal", () => ({
+  ConfirmModal: ({ onConfirm }) => <button onClick={onConfirm}>confirm</button>,
+}));
+```
+Pattern evidence: `frontend/src/test/components/MedicationDialogs.test.tsx`.
+
+**What to Mock:**
+- External side effects and infrastructure boundaries: SMTP/nodemailer, fetch network calls, auth/plugin env modules, browser APIs.
+- Component dependencies in focused unit tests (replace heavy children with stubs).
+
+**What NOT to Mock:**
+- Core business behavior under direct test (route handlers in route tests, hook logic in hook tests, E2E API + UI flow in Playwright).
+
+## Fixtures and Factories
+
+**Test Data:**
+```typescript
+const userId = await createTestUser(client, { username: "testuser" });
+const medId = await createTestMedication(client, { userId, name: "Test Medication" });
+```
+Pattern evidence: `backend/src/test/setup.ts`, used by `backend/src/test/medications.test.ts`.
+
+```typescript
+export const test = base.extend({
+  page: async ({ page }, use) => {
+    await applyVideoSafetyMode(page);
+    await setupAuthMeMock(page);
+    await use(page);
+  },
+});
+```
+Pattern evidence: `frontend/e2e/fixtures/index.ts`.
+
+**Location:**
+- Backend factories/utilities: `backend/src/test/setup.ts`.
+- Frontend E2E shared fixtures and API helpers: `frontend/e2e/fixtures/index.ts`.
+
+## Coverage
+
+**Requirements:**
+- Frontend global thresholds in `frontend/vitest.config.ts`: lines/functions/branches/statements = 75.
+- Backend global thresholds in `backend/vitest.config.ts`: lines 60, functions 65, branches 50, statements 60.
+
+**View Coverage:**
+```bash
+cd frontend && npm run test:coverage
+cd backend && npm run test:coverage
+```
+
+## Test Types
+
+**Unit Tests:**
+- Component/hook/utils tests in `frontend/src/test/**`.
+- Utility/service route-unit style tests in `backend/src/test/*.test.ts`.
+
+**Integration Tests:**
+- Backend route interaction and multi-route behavior tests in files like:
+  - `backend/src/test/integration.test.ts`
+  - `backend/src/test/routes-real.test.ts`
+
+**E2E Tests:**
+- Playwright used with setup project and browser projects (`frontend/playwright.base.config.ts`).
+- Auth/session and API seeding helpers in `frontend/e2e/fixtures/index.ts`.
+
+## Common Patterns
+
+**Async Testing:**
+```typescript
+await waitFor(() => {
+  expect(mockFn).toHaveBeenCalledTimes(1);
+});
+```
+Pattern evidence: `frontend/src/test/context/AppContext.test.tsx`.
+
+```typescript
+const response = await app.inject({ method: "GET", url: "/settings" });
+expect(response.statusCode).toBe(200);
+```
+Pattern evidence: `backend/src/test/routes-real.test.ts`.
+
+**Error Testing:**
+```typescript
+const response = await app.inject({ method: "POST", url: "/planner/send-email", payload: { rows: [] } });
+expect(response.statusCode).toBe(400);
+expect(response.json()).toEqual({ error: "Missing planner data" });
+```
+Pattern evidence: `backend/src/test/planner.test.ts`.
+
+---
+
+*Testing analysis: 2026-04-30*
@@ -1,8 +0,0 @@
-{
-  "vitest.root": "backend",
-  "vitest.enable": true,
-  "vitest.commandLine": "npm test --",
-  "chat.tools.terminal.autoApprove": {
-    "test": true
-  }
-}
@@ -18,8 +18,8 @@
 </p>

 <p align="center">
-  <img src="https://img.shields.io/badge/Backend_Tests-639%2F639-brightgreen?logo=vitest" alt="Backend Tests 454/454" />
-  <img src="https://img.shields.io/badge/Frontend_Tests-884%2F884-brightgreen?logo=vitest" alt="Frontend Tests 611/611" />
+  <img src="https://img.shields.io/badge/Backend_Tests-696%2F696-brightgreen?logo=vitest" alt="Backend Tests 454/454" />
+  <img src="https://img.shields.io/badge/Frontend_Tests-919%2F919-brightgreen?logo=vitest" alt="Frontend Tests 611/611" />
 </p>

 ### 🤖 AI-Generated Code
@@ -120,19 +120,19 @@ Share your medication schedule with others via a public link.
 </details>

 ### Medication Setup
- Optional multi-source lookup inside the medication editor on desktop and mobile, prioritizing `RxNorm` and `openFDA` before `EMA`, including package-size suggestions when the source exposes them
- Explicit review-and-apply flow with low-risk suggestions only
- Additional lookup results can be revealed on demand instead of being hard-cut at the initial small result set
- Honest incomplete-coverage messaging with source labels; manual entry always remains available
+- Optional medication lookup in the editor on desktop and mobile
+- Supports `RxNorm`, `openFDA`, and `EMA` with source labels
+- Review-and-apply flow with package-size suggestions when available
+- Manual entry remains available

 ### Smart Inventory
- Track exact stock with package profiles (blister, bottle, tube, liquid container)
+- Track exact stock with package profiles (blister, bottle, tube, liquid container, inhaler, injection)
 - Display remaining days of supply
 - Automatic calculation based on intake schedule
- Manual stock correction supports profile-specific stock semantics (sealed units + loose stock for blister, amount-based stock for bottle/tube/liquid)
+- Manual stock correction supports profile-specific stock semantics (sealed units + loose stock for blister, discrete capacity/current stock for bottle, inhaler, and injection, amount-based stock for tube and liquid container)

 ### Medication Refill
- One-click refill with pack or loose pill options
+- One-click refill with package-aware refill options for discrete containers and amount-based packages
 - Complete refill history per medication
 - Automatic stock updates after each refill

@@ -148,7 +148,6 @@ Share your medication schedule with others via a public link.

 ### Trip Planner
 - Calculate medication demand for a trip or date range with package-aware units
- Plan ahead for vacations, business trips, or hospital stays
 - Send demand reports via email or push notification

 ### Reports
@@ -168,7 +167,7 @@ Share your medication schedule with others via a public link.
 ### Notifications
 - Email via SMTP
 - Push notifications via ntfy, Pushover, Gotify, Telegram, Discord & more ([Shoutrrr](https://containrrr.dev/shoutrrr/))
- Supports both stock warnings and intake reminders
+- Supports stock warnings and intake reminders

 ### Privacy & Security
 - Fully self-hosted
@@ -191,198 +190,33 @@ Open `http://localhost:4174` and start tracking your medications.

 # Configuration

-All configuration is done via environment variables in `.env`. Copy `.env.example` to get started.
+Configure the application with environment variables in `.env`. Keep the basic container settings in the README and use the dedicated docs for the full reference.

-### General
+### Initial Configuration

 | Variable | Default | Description |
 |----------|---------|-------------|
 | `PUID` | `1000` | User ID for container file permissions |
 | `PGID` | `1000` | Group ID for container file permissions |
 | `PORT` | `3000` | Backend API port |
-| `CORS_ORIGINS` | `http://localhost:4174` | Allowed origins for CORS |
-| `LOG_LEVEL` | `info` | Log verbosity (`debug`, `info`, `warn`, `error`, `silent`). At `info` (default), high-frequency polling endpoints are suppressed. Set `debug` to see all requests. |
-| `OPENAPI_DOCS_ENABLED` | `auto` | Enables API docs in non-production by default. Set explicitly to `true`/`false` to override. |
-| `TZ` | `Europe/Berlin` | Timezone for scheduled reminders |
+| `CORS_ORIGINS` | `http://localhost:4174` | Allowed frontend origins |
+| `TZ` | `Europe/Berlin` | Default timezone for reminders |

-Recommended values for API docs by environment:
-
-| Environment | Recommendation |
-|-------------|----------------|
-| Development | `OPENAPI_DOCS_ENABLED=true` |
-| Staging/Test | `OPENAPI_DOCS_ENABLED=true` |
-| Production | leave it unset, or set `OPENAPI_DOCS_ENABLED=false` |
-
-Notes:
-
- If `OPENAPI_DOCS_ENABLED` is not set, docs are enabled outside production and disabled in production.
- If `OPENAPI_DOCS_ENABLED=true`, docs are available on `/docs` and `/docs/json`.
- If `OPENAPI_DOCS_ENABLED=false`, only the docs are disabled. The API still works normally.
-
-### Authentication
+Optional but commonly needed:

 | Variable | Default | Description |
 |----------|---------|-------------|
-| `AUTH_ENABLED` | `false` | Enable user authentication |
-| `REGISTRATION_ENABLED` | `false` | Allow new user registrations |
-| `JWT_SECRET` | — | Access token signing key (required if auth enabled) |
-| `REFRESH_SECRET` | — | Refresh token signing key (required if auth enabled) |
-| `COOKIE_SECRET` | — | Cookie signing key (required if auth enabled) |
-| `ACCESS_TOKEN_TTL_MINUTES` | `15` | Access token lifetime |
-| `REFRESH_TOKEN_TTL_DAYS` | `7` | Refresh token lifetime |
+| `PUBLIC_APP_URL` | — | Public base URL for notification action links |

-Generate secrets with: `openssl rand -hex 32`
+Detailed configuration references:

-### API Keys (Programmatic API Access)
-
-When `AUTH_ENABLED=true`, you can create personal API keys and call protected endpoints with:
-
-```bash
-Authorization: Bearer ma_...
-```
-
-Available scopes:
-
- `read`: read-only access (`GET`, `HEAD`, `OPTIONS`)
- `write`: read + write access
-
-Essential notes:
-
- Create keys in the app when authentication is enabled.
- The token is shown only once after creation.
- Creating a new key automatically deactivates previously active keys for the same user.
- API keys are stored hashed in the database.
-
-Example usage:
-
-```bash
-curl http://localhost:3000/settings \
-  -H "Authorization: Bearer ma_..."
-```
-
-API reference:
-
- Interactive docs: `/docs`
- OpenAPI JSON: `/docs/json`
- With the bundled frontend ingress, these paths work on the normal app URL as well, for example `http://localhost:4174/docs` when docs are enabled.
- Key management endpoints for authenticated users:
-  - `GET /auth/api-keys`
-  - `POST /auth/api-keys`
-  - `DELETE /auth/api-keys/:id`
-
-### OIDC / SSO
-
-| Variable | Default | Description |
-|----------|---------|-------------|
-| `OIDC_ENABLED` | `false` | Enable OIDC authentication |
-| `OIDC_ISSUER_URL` | — | OIDC provider URL |
-| `OIDC_CLIENT_ID` | — | Client ID from OIDC provider |
-| `OIDC_CLIENT_SECRET` | — | Client secret from OIDC provider |
-| `OIDC_REDIRECT_URI` | — | Full callback URL (e.g., `https://your-domain.com/api/auth/oidc/callback`) |
-| `OIDC_SCOPES` | `openid profile email` | Scopes to request |
-| `OIDC_USERNAME_CLAIM` | `preferred_username` | Claim for username |
-| `OIDC_AUTO_CREATE_USERS` | `true` | Auto-create users on first SSO login |
-| `OIDC_PROVIDER_NAME` | `SSO` | Name shown on login button |
-
-### Email (SMTP)
-
-| Variable | Default | Description |
-|----------|---------|-------------|
-| `SMTP_HOST` | — | SMTP server hostname |
-| `SMTP_PORT` | `587` | SMTP server port |
-| `SMTP_USER` | — | SMTP username |
-| `SMTP_PASS` | — | SMTP password |
-| `SMTP_TOKEN` | — | OAuth2/App token (takes precedence over password) |
-| `SMTP_FROM` | — | Sender email address |
-| `SMTP_SECURE` | `false` | Use TLS |
-
-### Reminders
-
-| Variable | Default | Description |
-|----------|---------|-------------|
-| `REMINDER_DAYS_BEFORE` | `7` | Days before stock runs out to send reminder |
-| `REMINDER_HOUR` | `6` | Hour to send daily reminders (24h format) |
-| `REMINDER_MINUTES_BEFORE` | `15` | Minutes before intake to send reminder |
-| `EXPIRY_WARNING_DAYS` | `30` | Days before expiry to show warning |
-
-### Push Notifications (Shoutrrr)
-
-MedAssist uses [Shoutrrr](https://containrrr.dev/shoutrrr/) for push notifications, supporting many services with a single URL format.
-
-**Implemented URL schemes in MedAssist:** `ntfy://`, `discord://`, `pushover://`, `gotify://`, `telegram://`, plus direct `https://` webhooks.
-
-This covers common providers like ntfy, Discord, Pushover, Gotify, Telegram, Slack webhooks, and many others via webhook URLs.
-
-Configure push notifications in Settings → Push, or set defaults via environment variables:
-
-| Variable | Default | Description |
-|----------|---------|-------------|
-| `DEFAULT_SHOUTRRR_ENABLED` | `false` | Enable push notifications by default |
-| `DEFAULT_SHOUTRRR_URL` | — | Shoutrrr URL (see examples below) |
-| `DEFAULT_SHOUTRRR_STOCK_REMINDERS` | `true` | Send stock warnings via push |
-| `DEFAULT_SHOUTRRR_INTAKE_REMINDERS` | `true` | Send intake reminders via push |
-
-### Default User Settings
-
-These defaults are applied when a new user is created. Once a user saves settings in the app, their values take precedence.
-
-Complete list and details:
-
- [docs/DEFAULT_USER_SETTINGS.md](docs/DEFAULT_USER_SETTINGS.md)
-
-#### URL Examples
-
-**ntfy** (free, self-hostable):
-```
-ntfy://ntfy.sh/your-topic
-ntfy://user:password@your-server.com/topic
-```
-
-**Pushover** (free app for iOS/Android):
-```
-pushover://shoutrrr:API_TOKEN@USER_KEY/
-```
-Get your keys at [pushover.net](https://pushover.net/):
- **User Key**: Shown on your dashboard (top right)
- **API Token**: Create an application → copy the API Token
-
-**Gotify** (self-hosted):
-```
-gotify://your-server.com/TOKEN
-gotify://your-server.com:443/path/to/gotify/TOKEN?priority=1
-```
-
-**Discord**:
-```
-discord://TOKEN@WEBHOOK_ID
-```
-
-**Telegram**:
-```
-telegram://TOKEN@telegram?chats=CHAT_ID
-telegram://TOKEN@telegram?chats=@your_channel,-1001234567890
-```
-
-For all services and options, see the [Shoutrrr documentation](https://containrrr.dev/shoutrrr/v0.8/services/overview/).
+- Full configuration reference: [docs/CONFIGURATION.md](docs/CONFIGURATION.md)
+- Push notifications: [docs/PUSH_NOTIFICATIONS.md](docs/PUSH_NOTIFICATIONS.md)
+- Default user settings: [docs/DEFAULT_USER_SETTINGS.md](docs/DEFAULT_USER_SETTINGS.md)

 # Development

-```bash
-docker compose -p medassist-dev -f docker-compose.dev.yml up
-```
-
- Frontend: `http://localhost:5173` (hot reload)
- Backend: `http://localhost:3000`
- API docs UI: `http://localhost:3000/docs` (when docs are enabled)
- OpenAPI JSON: `http://localhost:3000/docs/json` (when docs are enabled)
-
-Useful local commands:
-
-```bash
-npm run lint
-cd backend && npm run test:run
-cd frontend && npm run test:run
-```
+Development setup and local commands are documented in [docs/DEVELOPMENT.md](docs/DEVELOPMENT.md).

 # Acknowledgements

@@ -0,0 +1 @@
+ALTER TABLE `user_settings` ADD `timezone` text DEFAULT '' NOT NULL;
@@ -99,6 +99,13 @@
      "when": 1773348659979,
      "tag": "0013_add_share_medication_overview",
      "breakpoints": true
+    },
+    {
+      "idx": 14,
+      "version": "6",
+      "when": 1775849300000,
+      "tag": "0014_add_user_settings_timezone",
+      "breakpoints": true
    }
  ]
 }
@@ -1,6 +1,6 @@
 {
  "name": "medassist-ng-backend",
-  "version": "1.22.2",
+  "version": "1.25.0",
  "private": true,
  "type": "module",
  "scripts": {
@@ -19,36 +19,37 @@
  "dependencies": {
    "@fastify/cookie": "^11.0.2",
    "@fastify/cors": "^11.2.0",
+    "@fastify/formbody": "^8.0.2",
    "@fastify/helmet": "^13.0.2",
-    "@fastify/multipart": "^9.4.0",
+    "@fastify/multipart": "^10.0.0",
    "@fastify/rate-limit": "^10.3.0",
    "@fastify/sensible": "^6.0.4",
-    "@fastify/static": "^9.0.0",
+    "@fastify/static": "^9.1.3",
    "@fastify/swagger": "^9.7.0",
-    "@fastify/swagger-ui": "^5.2.5",
-    "@libsql/client": "^0.17.2",
+    "@fastify/swagger-ui": "^5.2.6",
+    "@libsql/client": "^0.17.3",
    "argon2": "^0.44.0",
-    "dotenv": "^17.4.1",
+    "dotenv": "^17.4.2",
    "drizzle-orm": "^0.45.2",
-    "fastify": "^5.8.4",
+    "fastify": "^5.8.5",
    "fastify-plugin": "^5.0.1",
-    "jose": "^6.2.2",
-    "nodemailer": "^8.0.4",
-    "openid-client": "^6.8.2",
+    "jose": "^6.2.3",
+    "nodemailer": "^8.0.7",
+    "openid-client": "^6.8.4",
    "sharp": "^0.34.5",
-    "zod": "^3.23.8"
+    "zod": "^4.4.3"
  },
  "devDependencies": {
-    "@biomejs/biome": "^2.4.10",
-    "@types/node": "^25.5.2",
+    "@biomejs/biome": "^2.4.15",
+    "@types/node": "^25.6.2",
    "@types/nodemailer": "^8.0.0",
    "@types/supertest": "^7.2.0",
-    "@vitest/coverage-v8": "^4.1.2",
+    "@vitest/coverage-v8": "^4.1.5",
    "drizzle-kit": "^0.31.10",
    "pino-pretty": "^13.1.3",
    "supertest": "^7.2.2",
    "tsx": "^4.19.0",
-    "typescript": "^6.0.2",
+    "typescript": "^6.0.3",
    "vitest": "^4.0.16"
  },
  "overrides": {
@@ -33,6 +33,7 @@ export async function runAlterMigrations(client: Client): Promise<{ success: boo
 		`ALTER TABLE user_settings ADD COLUMN repeat_reminders_enabled integer NOT NULL DEFAULT 0`,
 		`ALTER TABLE user_settings ADD COLUMN reminder_repeat_interval_minutes integer NOT NULL DEFAULT 30`,
 		`ALTER TABLE user_settings ADD COLUMN max_nagging_reminders integer NOT NULL DEFAULT 5`,
+		`ALTER TABLE user_settings ADD COLUMN timezone text NOT NULL DEFAULT ''`,
 		`ALTER TABLE dose_tracking ADD COLUMN dismissed integer NOT NULL DEFAULT 0`,
 		`ALTER TABLE dose_tracking ADD COLUMN taken_source text NOT NULL DEFAULT 'manual'`,
 		`ALTER TABLE user_settings ADD COLUMN stock_calculation_mode text NOT NULL DEFAULT 'automatic'`,
@@ -58,6 +59,7 @@ export async function runAlterMigrations(client: Client): Promise<{ success: boo
 		`ALTER TABLE user_settings ADD COLUMN last_stock_reminder_sent text`,
 		`ALTER TABLE user_settings ADD COLUMN last_stock_reminder_channel text`,
 		`ALTER TABLE user_settings ADD COLUMN last_stock_reminder_med_names text`,
+		// Keep the removed legacy setting column for backward compatibility with older SQLite files.
 		`ALTER TABLE user_settings ADD COLUMN share_stock_status integer NOT NULL DEFAULT 1`,
 		`ALTER TABLE user_settings ADD COLUMN share_medication_overview integer NOT NULL DEFAULT 0`,
 		`ALTER TABLE user_settings ADD COLUMN upcoming_today_only integer NOT NULL DEFAULT 0`,
@@ -95,6 +97,31 @@ export async function runAlterMigrations(client: Client): Promise<{ success: boo
      loose_pills_added INTEGER NOT NULL DEFAULT 0,
      refill_date INTEGER NOT NULL DEFAULT (strftime('%s','now'))
 	    )`,
+		`CREATE TABLE IF NOT EXISTS notification_action_groups (
+			id INTEGER PRIMARY KEY AUTOINCREMENT,
+			user_id INTEGER NOT NULL REFERENCES users(id) ON DELETE CASCADE,
+			group_key TEXT NOT NULL UNIQUE,
+			sequence_id TEXT NOT NULL,
+			ntfy_original_message_id TEXT NOT NULL DEFAULT '',
+			dose_ids_json TEXT NOT NULL,
+			title TEXT NOT NULL,
+			message TEXT NOT NULL,
+			language TEXT NOT NULL DEFAULT 'en',
+			scheduled_for INTEGER,
+			expires_at INTEGER NOT NULL,
+			resolved_action TEXT,
+			resolved_at INTEGER,
+			created_at INTEGER NOT NULL DEFAULT (strftime('%s','now')),
+			updated_at INTEGER NOT NULL DEFAULT (strftime('%s','now'))
+		)`,
+		`CREATE TABLE IF NOT EXISTS notification_action_tokens (
+			id INTEGER PRIMARY KEY AUTOINCREMENT,
+			group_id INTEGER NOT NULL REFERENCES notification_action_groups(id) ON DELETE CASCADE,
+			token_hash TEXT NOT NULL UNIQUE,
+			kind TEXT NOT NULL,
+			used_at INTEGER,
+			created_at INTEGER NOT NULL DEFAULT (strftime('%s','now'))
+		)`,
 		`CREATE TABLE IF NOT EXISTS api_keys (
 			id INTEGER PRIMARY KEY AUTOINCREMENT,
 			user_id INTEGER NOT NULL REFERENCES users(id) ON DELETE CASCADE,
@@ -120,9 +147,25 @@ export async function runAlterMigrations(client: Client): Promise<{ success: boo
 		}
 	}

+	const postCreateAlterMigrations = [
+		`ALTER TABLE notification_action_groups ADD COLUMN ntfy_original_message_id text NOT NULL DEFAULT ''`,
+	];
+
+	for (const sql of postCreateAlterMigrations) {
+		try {
+			await client.execute(sql);
+		} catch (e: unknown) {
+			if (!(e as Error).message?.includes("duplicate column")) {
+				errors.push((e as Error).message);
+			}
+		}
+	}
+
 	const createIndexMigrations = [
 		`CREATE UNIQUE INDEX IF NOT EXISTS users_username_lower_unique ON users(lower(username))`,
 		`CREATE UNIQUE INDEX IF NOT EXISTS api_keys_key_hash_unique ON api_keys(key_hash)`,
+		`CREATE UNIQUE INDEX IF NOT EXISTS notification_action_groups_group_key_unique ON notification_action_groups(group_key)`,
+		`CREATE UNIQUE INDEX IF NOT EXISTS notification_action_tokens_token_hash_unique ON notification_action_tokens(token_hash)`,
 		`CREATE INDEX IF NOT EXISTS api_keys_user_id_idx ON api_keys(user_id)`,
 	];

@@ -64,6 +64,7 @@ export function getTableCreationSQL(): string[] {
      high_stock_days integer NOT NULL DEFAULT 180,
      expiry_warning_days integer NOT NULL DEFAULT 90,
      language text NOT NULL DEFAULT 'en',
+	  timezone text NOT NULL DEFAULT '',
      stock_calculation_mode text NOT NULL DEFAULT 'automatic',
      share_stock_status integer NOT NULL DEFAULT 1,
      upcoming_today_only integer NOT NULL DEFAULT 0,
@@ -105,10 +105,12 @@ export const userSettings = sqliteTable("user_settings", {
 	expiryWarningDays: integer("expiry_warning_days").notNull().default(90),
 	// UI preferences
 	language: text("language", { length: 10 }).notNull().default("en"),
+	timezone: text("timezone", { length: 64 }).notNull().default(""),
 	// Stock calculation mode: "automatic" (schedule-based) or "manual" (only marked doses)
 	stockCalculationMode: text("stock_calculation_mode", { length: 20 }).notNull().default("automatic"),
-	// Whether shared schedule links show stock status (Critical/Low/Normal) to intake users
-	shareStockStatus: integer("share_stock_status", { mode: "boolean" }).notNull().default(true),
+	// Legacy column kept only so existing SQLite files continue to open cleanly after upgrades.
+	// Current MedAssist versions no longer read or expose this setting in product flows.
+	legacyShareStockStatusCompat: integer("share_stock_status", { mode: "boolean" }).notNull().default(true),
 	// Whether shared schedule links also embed the medication overview section
 	shareMedicationOverview: integer("share_medication_overview", { mode: "boolean" }).notNull().default(false),
 	// UI timeline visibility preferences
@@ -182,6 +184,43 @@ export const shareTokens = sqliteTable("share_tokens", {
 	expiresAt: integer("expires_at", { mode: "timestamp" }), // NULL = never expires
 });

+// =============================================================================
+// Notification Action Groups - Shared action state for reminder notifications
+// =============================================================================
+export const notificationActionGroups = sqliteTable("notification_action_groups", {
+	id: integer("id").primaryKey({ autoIncrement: true }),
+	userId: integer("user_id")
+		.notNull()
+		.references(() => users.id, { onDelete: "cascade" }),
+	groupKey: text("group_key", { length: 255 }).notNull().unique(),
+	sequenceId: text("sequence_id", { length: 255 }).notNull(),
+	ntfyOriginalMessageId: text("ntfy_original_message_id", { length: 255 }).notNull().default(""),
+	doseIdsJson: text("dose_ids_json").notNull(),
+	title: text("title", { length: 255 }).notNull(),
+	message: text("message").notNull(),
+	language: text("language", { length: 10 }).notNull().default("en"),
+	scheduledFor: integer("scheduled_for", { mode: "timestamp" }),
+	expiresAt: integer("expires_at", { mode: "timestamp" }).notNull(),
+	resolvedAction: text("resolved_action", { length: 20 }),
+	resolvedAt: integer("resolved_at", { mode: "timestamp" }),
+	createdAt: integer("created_at", { mode: "timestamp" }).notNull().default(sql`CURRENT_TIMESTAMP`),
+	updatedAt: integer("updated_at", { mode: "timestamp" }).notNull().default(sql`CURRENT_TIMESTAMP`),
+});
+
+// =============================================================================
+// Notification Action Tokens - Hashed tokens for public reminder responses
+// =============================================================================
+export const notificationActionTokens = sqliteTable("notification_action_tokens", {
+	id: integer("id").primaryKey({ autoIncrement: true }),
+	groupId: integer("group_id")
+		.notNull()
+		.references(() => notificationActionGroups.id, { onDelete: "cascade" }),
+	tokenHash: text("token_hash", { length: 128 }).notNull().unique(),
+	kind: text("kind", { length: 20 }).notNull(),
+	usedAt: integer("used_at", { mode: "timestamp" }),
+	createdAt: integer("created_at", { mode: "timestamp" }).notNull().default(sql`CURRENT_TIMESTAMP`),
+});
+
 // =============================================================================
 // Dose Tracking - Tracks when doses are marked as taken
 // =============================================================================
@@ -193,8 +232,8 @@ export const doseTracking = sqliteTable("dose_tracking", {
 	doseId: text("dose_id", { length: 255 }).notNull(), // e.g. "med-5-1-86400000-1735200000000"
 	takenAt: integer("taken_at", { mode: "timestamp" }).notNull().default(sql`(strftime('%s','now'))`),
 	markedBy: text("marked_by", { length: 100 }), // null = user, "Daniel" = via share link
-	takenSource: text("taken_source", { length: 20 }).notNull().default("manual"), // manual or automatic
-	dismissed: integer("dismissed", { mode: "boolean" }).notNull().default(false), // true = missed dose acknowledged without taking
+	takenSource: text("taken_source", { length: 20 }).notNull().default("manual"), // manual, automatic, or notification
+	dismissed: integer("dismissed", { mode: "boolean" }).notNull().default(false), // legacy column: true = intake skipped without stock deduction
 });

 // =============================================================================
@@ -109,6 +109,8 @@ type TranslationKeys = {
 		stockTitle: string;
 		stockTitleMultiple: string;
 		intakeTitle: string;
+		intakeTakenConfirmation: string;
+		intakeSkippedConfirmation: string;
 		pillsLeft: string;
 		daysLeft: string;
 		pillsAt: string;
@@ -179,6 +181,8 @@ type TranslationKeys = {
 	common: {
 		pill: string;
 		pills: string;
+		puffs: string;
+		injections: string;
 		units: string;
 		ml: string;
 		blister: string;
@@ -209,7 +213,7 @@ const translations: Record<Language, TranslationKeys> = {
 			descriptionLow: "The following medications are running low and should be reordered soon:",
 			tableHeaders: {
 				medication: "Medication",
-				pills: "Pills",
+				pills: "Available",
 				days: "Days",
 				runsOut: "Runs Out",
 			},
@@ -234,6 +238,8 @@ const translations: Record<Language, TranslationKeys> = {
 			stockTitle: "MedAssist-ng: 1 Medication Running Critically Low",
 			stockTitleMultiple: "MedAssist-ng: {count} Medications Running Critically Low",
 			intakeTitle: "💊 Reminder: Medication intake in {minutes} min",
+			intakeTakenConfirmation: "✅ This dose was marked as taken.",
+			intakeSkippedConfirmation: "⏭️ This intake was marked as skipped.",
 			pillsLeft: "{count} pills",
 			daysLeft: "{count} days left",
 			pillsAt: "{count} pills at {time}",
@@ -301,6 +307,8 @@ const translations: Record<Language, TranslationKeys> = {
 		common: {
 			pill: "pill",
 			pills: "pills",
+			puffs: "puffs",
+			injections: "injections",
 			units: "units",
 			ml: "ml",
 			blister: "blister",
@@ -329,7 +337,7 @@ const translations: Record<Language, TranslationKeys> = {
 			descriptionLow: "Die folgenden Medikamente werden knapp und sollten bald nachbestellt werden:",
 			tableHeaders: {
 				medication: "Medikament",
-				pills: "Tabletten",
+				pills: "Verfuegbar",
 				days: "Tage",
 				runsOut: "Aufgebraucht",
 			},
@@ -355,6 +363,8 @@ const translations: Record<Language, TranslationKeys> = {
 			stockTitle: "MedAssist-ng: 1 Medikament kritisch niedrig",
 			stockTitleMultiple: "MedAssist-ng: {count} Medikamente kritisch niedrig",
 			intakeTitle: "💊 Erinnerung: Medikamenteneinnahme in {minutes} Min.",
+			intakeTakenConfirmation: "✅ Diese Einnahme wurde als genommen markiert.",
+			intakeSkippedConfirmation: "⏭️ Diese Einnahme wurde als übersprungen markiert.",
 			pillsLeft: "{count} Tabletten",
 			daysLeft: "{count} Tage übrig",
 			pillsAt: "{count} Tabletten um {time}",
@@ -424,6 +434,8 @@ const translations: Record<Language, TranslationKeys> = {
 		common: {
 			pill: "Tablette",
 			pills: "Tabletten",
+			puffs: "Hübe",
+			injections: "Injektionen",
 			units: "Einheiten",
 			ml: "ml",
 			blister: "Blister",
@@ -23,6 +23,7 @@ import { exportRoutes } from "./routes/export.js";
 import { healthRoutes } from "./routes/health.js";
 import { medicationEnrichmentRoutes } from "./routes/medication-enrichment.js";
 import { medicationRoutes } from "./routes/medications.js";
+import { notificationActionRoutes } from "./routes/notification-actions.js";
 import { oidcRoutes } from "./routes/oidc.js";
 import { plannerRoutes } from "./routes/planner.js";
 import { refillRoutes } from "./routes/refills.js";
@@ -79,6 +80,19 @@ function buildLoggerOptions(level: string) {
 	return base;
 }

+function buildHelmetOptions(_isProduction: boolean) {
+	return {};
+}
+
+function isPublicNotificationActionPath(url: string | undefined): boolean {
+	if (!url) {
+		return false;
+	}
+
+	const normalizedUrl = url.split("?")[0]?.toLowerCase() ?? "";
+	return /(^|\/)(api\/)?notification-actions(\/|$)/.test(normalizedUrl);
+}
+
 async function registerApiDocs(app: FastifyInstance, enabled: boolean) {
 	if (!enabled) return;

@@ -166,6 +180,7 @@ export async function createApp(options?: {
 	app.addHook("onRequest", (request, reply, done) => {
 		request.correlationId = request.id;
 		reply.header("x-correlation-id", request.id);
+
 		done();
 	});

@@ -182,8 +197,26 @@ export async function createApp(options?: {

 	// Register plugins
 	await app.register(sensible);
-	await app.register(helmet);
-	await app.register(cors, { origin: opts.corsOrigins, credentials: true });
+	await app.register(helmet, buildHelmetOptions(opts.isProduction));
+	await app.register(cors, {
+		hook: "preHandler",
+		delegator: (request, callback) => {
+			if (isPublicNotificationActionPath(request.raw.url)) {
+				callback(null, {
+					origin: true,
+					credentials: false,
+					methods: ["GET", "HEAD", "POST", "OPTIONS"],
+					preflightContinue: true,
+				});
+				return;
+			}
+
+			callback(null, {
+				origin: opts.corsOrigins,
+				credentials: true,
+			});
+		},
+	});
 	await app.register(rateLimit, { max: 300, timeWindow: "1 minute" });
 	await app.register(cookie, { secret: opts.cookieSecret });

@@ -212,6 +245,7 @@ export async function createApp(options?: {
 	await app.register(medicationEnrichmentRoutes);
 	await app.register(settingsRoutes);
 	await app.register(plannerRoutes);
+	await app.register(notificationActionRoutes);
 	await app.register(shareRoutes);
 	await app.register(doseRoutes);
 	await app.register(exportRoutes);
@@ -266,8 +300,26 @@ app.decorate("config", {
 });

 await app.register(sensible);
-await app.register(helmet);
-await app.register(cors, { origin: origins, credentials: true });
+await app.register(helmet, buildHelmetOptions(env.NODE_ENV === "production"));
+await app.register(cors, {
+	hook: "preHandler",
+	delegator: (request, callback) => {
+		if (isPublicNotificationActionPath(request.raw.url)) {
+			callback(null, {
+				origin: true,
+				credentials: false,
+				methods: ["GET", "HEAD", "POST", "OPTIONS"],
+				preflightContinue: true,
+			});
+			return;
+		}
+
+		callback(null, {
+			origin: origins,
+			credentials: true,
+		});
+	},
+});
 await app.register(rateLimit, {
 	max: Number(process.env.RATE_LIMIT_MAX) || 100,
 	timeWindow: "1 minute",
@@ -294,6 +346,7 @@ await app.register(medicationRoutes);
 await app.register(medicationEnrichmentRoutes);
 await app.register(settingsRoutes);
 await app.register(plannerRoutes);
+await app.register(notificationActionRoutes);
 await app.register(shareRoutes);
 await app.register(doseRoutes);
 await app.register(exportRoutes);
@@ -309,6 +362,7 @@ const start = async () => {
 		startReminderScheduler({
 			info: (msg) => app.log.info(msg),
 			debug: (msg) => app.log.debug(msg),
+			warn: (msg) => app.log.warn(msg),
 			error: (msg) => app.log.error(msg),
 		});

@@ -323,6 +377,7 @@ const start = async () => {
 		startIntakeReminderScheduler({
 			info: (msg) => app.log.info(msg),
 			debug: (msg) => app.log.debug(msg),
+			warn: (msg) => app.log.warn(msg),
 			error: (msg) => app.log.error(msg),
 		});
 	} catch (err) {
@@ -10,10 +10,11 @@ const EnvSchema = z.object({
 	NODE_ENV: z.enum(["development", "production", "test"]).default("production"),
 	PORT: z
 		.string()
-		.transform((v) => parseInt(v, 10))
-		.default("3000"),
+		.default("3000")
+		.transform((v) => parseInt(v, 10)),
 	CORS_ORIGINS: z.string().default("http://localhost:5173,http://localhost:4173"),
 	LOG_LEVEL: z.string().default("info"),
+	PUBLIC_APP_URL: z.string().url().optional(),
 	OPENAPI_DOCS_ENABLED: z
 		.string()
 		.transform((v) => v === "true")
@@ -25,18 +26,18 @@ const EnvSchema = z.object({
 	// Master switch: Enable/disable authentication (default: disabled for easy setup)
 	AUTH_ENABLED: z
 		.string()
-		.transform((v) => v === "true")
-		.default("false"),
+		.default("false")
+		.transform((v) => v === "true"),
 	// Allow new user registrations (auto-enabled if no users exist)
 	REGISTRATION_ENABLED: z
 		.string()
-		.transform((v) => v === "true")
-		.default("false"),
+		.default("false")
+		.transform((v) => v === "true"),
 	// Disable username/password form login (useful for OIDC-only setups)
 	FORM_LOGIN_ENABLED: z
 		.string()
-		.transform((v) => v === "true")
-		.default("true"),
+		.default("true")
+		.transform((v) => v === "true"),

 	// JWT Secrets - only required when AUTH_ENABLED=true
 	JWT_SECRET: z.string().min(10).optional(),
@@ -46,20 +47,20 @@ const EnvSchema = z.object({
 	// Token TTL settings
 	ACCESS_TOKEN_TTL_MINUTES: z
 		.string()
-		.transform((v) => parseInt(v, 10))
-		.default("15"),
+		.default("15")
+		.transform((v) => parseInt(v, 10)),
 	REFRESH_TOKEN_TTL_DAYS: z
 		.string()
-		.transform((v) => parseInt(v, 10))
-		.default("7"),
+		.default("7")
+		.transform((v) => parseInt(v, 10)),

 	// ==========================================================================
 	// OIDC SSO Configuration (Pocket ID, Authelia, etc.)
 	// ==========================================================================
 	OIDC_ENABLED: z
 		.string()
-		.transform((v) => v === "true")
-		.default("false"),
+		.default("false")
+		.transform((v) => v === "true"),
 	OIDC_ISSUER_URL: z.string().url().optional(), // e.g., https://auth.example.com
 	OIDC_CLIENT_ID: z.string().optional(),
 	OIDC_CLIENT_SECRET: z.string().optional(),
@@ -67,8 +68,8 @@ const EnvSchema = z.object({
 	OIDC_SCOPES: z.string().default("openid profile email"),
 	OIDC_AUTO_CREATE_USERS: z
 		.string()
-		.transform((v) => v === "true")
-		.default("true"),
+		.default("true")
+		.transform((v) => v === "true"),
 	OIDC_USERNAME_CLAIM: z.string().default("preferred_username"), // or 'email', 'sub'
 	OIDC_PROVIDER_NAME: z.string().default("SSO"), // Display name for UI button
 });
@@ -221,7 +221,7 @@ export async function authRoutes(app: FastifyInstance) {
 			const parsed = registerSchema.safeParse(request.body);
 			if (!parsed.success) {
 				return reply.status(400).send({
-					error: parsed.error.errors[0]?.message ?? "Invalid input",
+					error: parsed.error.issues[0]?.message ?? "Invalid input",
 					code: "VALIDATION_ERROR",
 				});
 			}
@@ -616,7 +616,7 @@ export async function authRoutes(app: FastifyInstance) {
 			const parsed = updateProfileSchema.safeParse(request.body);
 			if (!parsed.success) {
 				return reply.status(400).send({
-					error: parsed.error.errors[0]?.message ?? "Invalid input",
+					error: parsed.error.issues[0]?.message ?? "Invalid input",
 					code: "VALIDATION_ERROR",
 				});
 			}
@@ -6,6 +6,7 @@ import { doseTracking, medications, shareTokens, userSettings } from "../db/sche
 import { getAnonymousUserId, requireAuth } from "../plugins/auth.js";
 import { env } from "../plugins/env.js";
 import { computeMedicationCurrentStock } from "../services/current-stock.js";
+import { dismissDosesForUser, markDoseTakenForUser } from "../services/dose-tracking-service.js";
 import type { AuthUser } from "../types/fastify.js";
 import {
 	applyOpenApiRouteStandards,
@@ -61,6 +62,15 @@ const doseReadResponseSchema = {
 	},
 } as const;

+function getValidationErrorMessage(error: z.ZodError): string {
+	const firstIssue = error.issues[0];
+	if (!firstIssue) {
+		return "Invalid input";
+	}
+
+	return firstIssue.code === "invalid_type" && firstIssue.input === undefined ? "Required" : firstIssue.message;
+}
+
 // Helper to get user ID from request
 // Returns anonymous user ID when auth is disabled
 async function getUserId(request: FastifyRequest, reply: FastifyReply): Promise<number> {
@@ -301,40 +311,28 @@ export async function doseRoutes(app: FastifyInstance) {
 			const parsed = markDoseSchema.safeParse(request.body);
 			if (!parsed.success) {
 				return reply.status(400).send({
-					error: parsed.error.errors[0]?.message ?? "Invalid input",
+					error: getValidationErrorMessage(parsed.error),
 				});
 			}

 			const { doseId } = parsed.data;

-			// Check if already marked
-			const [existing] = await db
-				.select()
-				.from(doseTracking)
-				.where(and(eq(doseTracking.userId, userId), eq(doseTracking.doseId, doseId)));
+			const result = await markDoseTakenForUser({
+				userId,
+				doseId,
+				source: "manual",
+				markedBy: null,
+			});

-			if (existing) {
+			if (!result.success) {
+				const statusCode = result.code === "INVALID_DOSE" ? 400 : 409;
+				return reply.status(statusCode).send({ error: result.message, code: result.code });
+			}
+
+			if (result.status === "already_taken") {
 				return { success: true, message: "Already marked" };
 			}

-			const [settings] = await db.select().from(userSettings).where(eq(userSettings.userId, userId));
-			const outOfStock = await isDoseOutOfStock({
-				userId,
-				doseId,
-				stockCalculationMode: (settings?.stockCalculationMode as "automatic" | "manual") ?? "automatic",
-			});
-			if (outOfStock) {
-				return reply.status(409).send({ error: "Medication is out of stock", code: "OUT_OF_STOCK" });
-			}
-
-			// Insert new record
-			await db.insert(doseTracking).values({
-				userId,
-				doseId,
-				markedBy: null, // Marked by the user themselves
-				takenSource: "manual",
-			});
-
 			return { success: true };
 		}
 	);
@@ -423,23 +421,22 @@ export async function doseRoutes(app: FastifyInstance) {
 			const parsed = dismissDosesSchema.safeParse(request.body);
 			if (!parsed.success) {
 				return reply.status(400).send({
-					error: parsed.error.errors[0]?.message ?? "Invalid input",
+					error: getValidationErrorMessage(parsed.error),
 				});
 			}

 			const { doseIds } = parsed.data;

-			// Insert dismissed records for each dose that doesn't exist yet
+			// Preserve the existing route semantics for dismiss: any non-dismissed record
+			// becomes dismissed, regardless of whether it already has a taken timestamp.
 			let dismissedCount = 0;
 			for (const doseId of doseIds) {
-				// Check if already exists (taken or dismissed)
 				const [existing] = await db
 					.select()
 					.from(doseTracking)
 					.where(and(eq(doseTracking.userId, userId), eq(doseTracking.doseId, doseId)));

 				if (existing) {
-					// Already exists - update to dismissed if not already
 					if (!existing.dismissed) {
 						await db
 							.update(doseTracking)
@@ -448,7 +445,6 @@ export async function doseRoutes(app: FastifyInstance) {
 						dismissedCount++;
 					}
 				} else {
-					// Create new dismissed record
 					await db.insert(doseTracking).values({
 						userId,
 						doseId,
@@ -590,7 +586,7 @@ export async function doseRoutes(app: FastifyInstance) {
 			const parsed = shareDoseSchema.safeParse(request.body);
 			if (!parsed.success) {
 				return reply.status(400).send({
-					error: parsed.error.errors[0]?.message ?? "Invalid input",
+					error: getValidationErrorMessage(parsed.error),
 				});
 			}

@@ -23,7 +23,7 @@ const IMAGES_DIR = resolve(getDataDir(), "images");
 // =============================================================================
 // Export Format Version (bump this when format changes)
 // =============================================================================
-const EXPORT_VERSION = "1.4";
+const EXPORT_VERSION = "1.5";

 // =============================================================================
 // Zod Schemas for Import Validation
@@ -62,7 +62,7 @@ const medicationExportSchema = z.object({
 	lifecycleCategory: z.enum(["refill_when_empty", "treatment_period"]).default("refill_when_empty"),
 	inventory: inventorySchema,
 	pillWeightMg: z.number().int().nullable().optional(),
-	doseUnit: z.enum(["mg", "g", "mcg", "ml", "IU", "units", "drops", "puffs"]).default("mg"),
+	doseUnit: z.enum(["mg", "g", "mcg", "ml", "IU", "units", "drops", "puffs", "injections"]).default("mg"),
 	schedules: z.array(scheduleSchema).default([]),
 	medicationStartDate: z.string().nullable().optional(),
 	medicationEndDate: z.string().nullable().optional(),
@@ -96,7 +96,8 @@ const doseHistorySchema = z.object({
 const refillHistoryExportSchema = z.object({
 	medicationRef: z.string(), // References _exportId
 	packsAdded: z.number().int().min(0).default(0),
-	loosePillsAdded: z.number().int().min(0).default(0),
+	loosePillsAdded: z.number().int().min(0).optional(),
+	quantityAdded: z.number().int().min(0).optional(),
 	usedPrescription: z.boolean().default(false),
 	refillDate: z.string(), // ISO datetime
 });
@@ -108,37 +109,44 @@ const shareLinkSchema = z.object({
 	regenerateToken: z.boolean().default(true),
 });

-const settingsExportSchema = z
-	.object({
-		// Email notifications
-		emailEnabled: z.boolean().default(false),
-		notificationEmail: z.string().nullable().optional(),
-		emailStockReminders: z.boolean().default(true),
-		emailIntakeReminders: z.boolean().default(true),
-		emailPrescriptionReminders: z.boolean().default(true),
-		// Push notifications
-		shoutrrrEnabled: z.boolean().optional(),
-		shoutrrrUrl: z.string().nullable().optional(),
-		shoutrrrStockReminders: z.boolean().default(true),
-		shoutrrrIntakeReminders: z.boolean().default(true),
-		shoutrrrPrescriptionReminders: z.boolean().default(true),
-		// Reminder settings
-		reminderDaysBefore: z.number().int().default(7),
-		repeatDailyReminders: z.boolean().default(false),
-		skipRemindersForTakenDoses: z.boolean().default(false),
-		repeatRemindersEnabled: z.boolean().default(false),
-		reminderRepeatIntervalMinutes: z.number().int().default(30),
-		maxNaggingReminders: z.number().int().default(5),
-		// Stock thresholds
-		lowStockDays: z.number().int().default(30),
-		normalStockDays: z.number().int().default(90),
-		highStockDays: z.number().int().default(180),
-		expiryWarningDays: z.number().int().default(90),
-		// UI preferences
-		language: z.string().default("en"),
-		stockCalculationMode: z.enum(["automatic", "manual"]).default("automatic"),
-		shareStockStatus: z.boolean().default(true),
-		shareMedicationOverview: z.boolean().default(false),
+const settingsSchemaBase = z.object({
+	// Email notifications
+	emailEnabled: z.boolean().default(false),
+	notificationEmail: z.string().nullable().optional(),
+	emailStockReminders: z.boolean().default(true),
+	emailIntakeReminders: z.boolean().default(true),
+	emailPrescriptionReminders: z.boolean().default(true),
+	// Push notifications
+	shoutrrrEnabled: z.boolean().optional(),
+	shoutrrrUrl: z.string().nullable().optional(),
+	shoutrrrStockReminders: z.boolean().default(true),
+	shoutrrrIntakeReminders: z.boolean().default(true),
+	shoutrrrPrescriptionReminders: z.boolean().default(true),
+	// Reminder settings
+	reminderDaysBefore: z.number().int().default(7),
+	repeatDailyReminders: z.boolean().default(false),
+	skipRemindersForTakenDoses: z.boolean().default(false),
+	repeatRemindersEnabled: z.boolean().default(false),
+	reminderRepeatIntervalMinutes: z.number().int().default(30),
+	maxNaggingReminders: z.number().int().default(5),
+	// Stock thresholds
+	lowStockDays: z.number().int().default(30),
+	normalStockDays: z.number().int().default(90),
+	highStockDays: z.number().int().default(180),
+	expiryWarningDays: z.number().int().default(90),
+	// UI preferences
+	language: z.string().default("en"),
+	stockCalculationMode: z.enum(["automatic", "manual"]).default("automatic"),
+	shareMedicationOverview: z.boolean().default(false),
+});
+
+const exportSettingsSchema = settingsSchemaBase.optional();
+
+const importSettingsSchema = settingsSchemaBase
+	.extend({
+		// Accept the removed field from legacy exports so old backups still import,
+		// but do not map it back into current runtime settings.
+		shareStockStatus: z.boolean().optional(),
 	})
 	.optional();

@@ -149,7 +157,7 @@ const importDataSchema = z.object({
 	medications: z.array(medicationExportSchema).default([]),
 	doseHistory: z.array(doseHistorySchema).default([]),
 	refillHistory: z.array(refillHistoryExportSchema).default([]),
-	settings: settingsExportSchema,
+	settings: importSettingsSchema,
 	shareLinks: z.array(shareLinkSchema).default([]),
 });

@@ -210,7 +218,7 @@ const importBodyOpenApiSchema = {
 			},
 		],
 		doseHistory: [{ doseId: "1:2026-03-11T08:00:00.000Z:Daniel", takenAt: 1773216000000 }],
-		refillHistory: [{ packsAdded: 1, loosePillsAdded: 4, refillDate: "2026-03-10T12:00:00.000Z" }],
+		refillHistory: [{ packsAdded: 1, loosePillsAdded: 4, quantityAdded: 34, refillDate: "2026-03-10T12:00:00.000Z" }],
 		settings: { language: "en", stockCalculationMode: "automatic" },
 		shareLinks: [{ takenBy: "Daniel", scheduleDays: 14 }],
 	},
@@ -370,6 +378,7 @@ export async function exportRoutes(app: FastifyInstance) {

 			// 1. Load all medications
 			const meds = await db.select().from(medications).where(eq(medications.userId, userId)).orderBy(medications.id);
+			const medicationById = new Map(meds.map((med) => [med.id, med]));

 			// Build medication ID to export ID mapping
 			const medIdToExportId = new Map<number, string>();
@@ -509,7 +518,6 @@ export async function exportRoutes(app: FastifyInstance) {
 						expiryWarningDays: settings.expiryWarningDays,
 						language: settings.language,
 						stockCalculationMode: settings.stockCalculationMode,
-						shareStockStatus: settings.shareStockStatus,
 						shareMedicationOverview: settings.shareMedicationOverview ?? false,
 					}
 				: undefined;
@@ -548,6 +556,17 @@ export async function exportRoutes(app: FastifyInstance) {
 				.map((refill) => {
 					const exportId = medIdToExportId.get(refill.medicationId);
 					if (!exportId) return null; // Orphaned refill, skip
+					const medication = medicationById.get(refill.medicationId);
+					const packageType = normalizePackageType(medication?.packageType);
+					const pillsPerPack = Math.max(1, (medication?.blistersPerPack ?? 1) * (medication?.pillsPerBlister ?? 1));
+					const quantityAdded =
+						packageType === "bottle" ||
+						packageType === "inhaler" ||
+						packageType === "injection" ||
+						packageType === "tube" ||
+						packageType === "liquid_container"
+							? (refill.loosePillsAdded ?? 0)
+							: (refill.packsAdded ?? 0) * pillsPerPack + (refill.loosePillsAdded ?? 0);

 					// Safely convert refillDate to ISO string
 					let refillDateIso: string;
@@ -568,6 +587,7 @@ export async function exportRoutes(app: FastifyInstance) {
 						medicationRef: exportId,
 						packsAdded: refill.packsAdded ?? 0,
 						loosePillsAdded: refill.loosePillsAdded ?? 0,
+						quantityAdded,
 						usedPrescription: refill.usedPrescription ?? false,
 						refillDate: refillDateIso,
 					};
@@ -778,6 +798,8 @@ export async function exportRoutes(app: FastifyInstance) {

 			// 5. Import settings
 			if (importData.settings) {
+				// Legacy exports may still contain shareStockStatus. The current app no longer
+				// uses that setting, so imports accept it for compatibility and then ignore it.
 				await db.insert(userSettings).values({
 					userId,
 					emailEnabled: importData.settings.emailEnabled ?? false,
@@ -802,7 +824,6 @@ export async function exportRoutes(app: FastifyInstance) {
 					expiryWarningDays: importData.settings.expiryWarningDays ?? 90,
 					language: importData.settings.language ?? "en",
 					stockCalculationMode: importData.settings.stockCalculationMode ?? "automatic",
-					shareStockStatus: importData.settings.shareStockStatus ?? true,
 					shareMedicationOverview: importData.settings.shareMedicationOverview ?? false,
 				});
 			}
@@ -830,7 +851,7 @@ export async function exportRoutes(app: FastifyInstance) {
 					medicationId: newMedId,
 					userId,
 					packsAdded: refill.packsAdded ?? 0,
-					loosePillsAdded: refill.loosePillsAdded ?? 0,
+					loosePillsAdded: refill.loosePillsAdded ?? refill.quantityAdded ?? 0,
 					usedPrescription: refill.usedPrescription ?? false,
 					refillDate: new Date(refill.refillDate),
 				});
@@ -70,7 +70,10 @@ const strengthOptionSchema = {
 		label: { type: "string" },
 		pillWeightMg: { type: "number", nullable: true },
 		doseUnit: {
-			anyOf: [{ type: "string", enum: ["mg", "g", "mcg", "ml", "IU", "units", "drops", "puffs"] }, { type: "null" }],
+			anyOf: [
+				{ type: "string", enum: ["mg", "g", "mcg", "ml", "IU", "units", "drops", "puffs", "injections"] },
+				{ type: "null" },
+			],
 		},
 	},
 } as const;
@@ -80,7 +83,7 @@ const packageOptionSchema = {
 	properties: {
 		label: { type: "string" },
 		description: { type: "string" },
-		packageType: { type: "string", enum: ["blister", "bottle", "tube", "liquid_container"] },
+		packageType: { type: "string", enum: ["blister", "bottle", "tube", "liquid_container", "inhaler", "injection"] },
 		packCount: { type: "integer", minimum: 1 },
 		blistersPerPack: { type: "integer", minimum: 1, nullable: true },
 		pillsPerBlister: { type: "integer", minimum: 1, nullable: true },
@@ -24,6 +24,7 @@ import {
 } from "../utils/openapi-route-standards.js";
 import {
 	isAmountBasedPackageType,
+	isDiscreteCountPackageType,
 	isLiquidContainerPackageType,
 	isTubePackageType,
 	normalizePackageType,
@@ -67,7 +68,7 @@ const packageTypeSchema = z.enum(PACKAGE_TYPES).default("blister");
 const medicationFormSchema = z.enum(["capsule", "tablet", "liquid", "topical"]).default("tablet");
 const pillFormSchema = z.enum(["capsule", "tablet"]);
 const lifecycleCategorySchema = z.enum(["refill_when_empty", "treatment_period"]).default("refill_when_empty");
-const doseUnitSchema = z.enum(["mg", "g", "mcg", "ml", "IU", "units", "drops", "puffs"]).default("mg");
+const doseUnitSchema = z.enum(["mg", "g", "mcg", "ml", "IU", "units", "drops", "puffs", "injections"]).default("mg");
 const medicationStartDateSchema = z
 	.union([z.string().regex(/^\d{4}-\d{2}-\d{2}$/), z.literal(""), z.null()])
 	.optional();
@@ -264,7 +265,7 @@ const medicationBodyOpenApiSchema = {
 		totalPills: { type: ["integer", "null"], minimum: 1 },
 		looseTablets: { type: "integer", minimum: 0 },
 		pillWeightMg: { type: ["number", "null"], minimum: 0 },
-		doseUnit: { type: "string", enum: ["mg", "g", "mcg", "ml", "IU", "units", "drops", "puffs"] },
+		doseUnit: { type: "string", enum: ["mg", "g", "mcg", "ml", "IU", "units", "drops", "puffs", "injections"] },
 		medicationStartDate: {
 			anyOf: [{ type: "string", pattern: "^\\d{4}-\\d{2}-\\d{2}$" }, { type: "null" }, { const: "" }],
 		},
@@ -1201,17 +1202,20 @@ export async function medicationRoutes(app: FastifyInstance) {

 			const packageType = normalizePackageType(existing.packageType);
 			const allowsAmountBaseUpdate = isTubePackageType(packageType) || isLiquidContainerPackageType(packageType);
-			const allowsBottleCapacityUpdate = packageType === "bottle";
+			const allowsDiscreteCapacityUpdate = isDiscreteCountPackageType(packageType);
 			if (allowsAmountBaseUpdate) {
-				if (totalPills !== undefined) updateFields.totalPills = totalPills;
-				if (looseTablets !== undefined) updateFields.looseTablets = looseTablets;
+				const normalizedAmountBase = looseTablets ?? totalPills;
+				if (normalizedAmountBase !== undefined) {
+					updateFields.totalPills = normalizedAmountBase;
+					updateFields.looseTablets = normalizedAmountBase;
+				}
 				if (packageAmountValue !== undefined) updateFields.packageAmountValue = packageAmountValue;
 			}
-			if (allowsBottleCapacityUpdate && totalPills !== undefined) {
+			if (allowsDiscreteCapacityUpdate && totalPills !== undefined) {
 				updateFields.totalPills = totalPills;
 			}
 			if (packCount !== undefined) updateFields.packCount = packCount;
-			if (looseTablets !== undefined) {
+			if (!allowsAmountBaseUpdate && looseTablets !== undefined) {
 				updateFields.looseTablets = looseTablets;
 			}

@@ -1654,7 +1658,7 @@ export async function medicationRoutes(app: FastifyInstance) {
 		async (req, reply) => {
 			const parsed = dismissUntilSchema.safeParse(req.body);
 			if (!parsed.success) {
-				return reply.status(400).send({ error: parsed.error.errors[0]?.message ?? "Invalid input" });
+				return reply.status(400).send({ error: parsed.error.issues[0]?.message ?? "Invalid input" });
 			}

 			const userId = await getUserId(req, reply);
@@ -0,0 +1,642 @@
+import formbody from "@fastify/formbody";
+import { eq } from "drizzle-orm";
+import type { FastifyInstance, FastifyRequest } from "fastify";
+import { z } from "zod";
+import { db } from "../db/client.js";
+import { notificationActionGroups, notificationActionTokens, userSettings } from "../db/schema.js";
+import { getTranslations, type Language } from "../i18n/translations.js";
+import { markDoseTakenForUser, skipDosesForUser } from "../services/dose-tracking-service.js";
+import {
+	getNotificationActionTokenRecord,
+	isNotificationActionExpired,
+} from "../services/notification-actions-service.js";
+import { getNotificationActionLabels } from "../services/notifications/action-renderer.js";
+import { sendPushNotification } from "../services/notifications/delivery.js";
+import { sanitizeNotificationUrl } from "../services/settings-service.js";
+import { applyOpenApiRouteStandards, genericErrorSchema } from "../utils/openapi-route-standards.js";
+
+const querySchema = z.object({
+	action: z.enum(["taken", "skip", "dismiss"]).optional(),
+});
+
+type NotificationMutationAction = "taken" | "skip";
+
+function normalizeNotificationAction(action: string | null | undefined): NotificationMutationAction | null {
+	if (action === "taken") {
+		return "taken";
+	}
+
+	if (action === "skip" || action === "dismiss") {
+		return "skip";
+	}
+
+	return null;
+}
+
+const publicNotificationActionMethods = "GET,HEAD,POST,OPTIONS";
+const reminderFooterSeparator = "\n\n---\n";
+
+function escapeHtml(value: string): string {
+	return value
+		.replaceAll("&", "&amp;")
+		.replaceAll("<", "&lt;")
+		.replaceAll(">", "&gt;")
+		.replaceAll('"', "&quot;")
+		.replaceAll("'", "&#39;");
+}
+
+function toHtmlText(value: string): string {
+	return escapeHtml(value).replaceAll("\n", "<br />");
+}
+
+function getLanguage(language: string | null): Language {
+	return language === "de" ? "de" : "en";
+}
+
+function wantsHtml(request: FastifyRequest): boolean {
+	return request.headers.accept?.includes("text/html") ?? false;
+}
+
+function applyPublicNotificationCorsHeaders(
+	request: FastifyRequest,
+	reply: { header: (name: string, value: string) => unknown }
+) {
+	const requestOrigin = typeof request.headers.origin === "string" ? request.headers.origin : "*";
+	reply.header("access-control-allow-origin", requestOrigin);
+	reply.header("access-control-allow-methods", publicNotificationActionMethods);
+	reply.header("access-control-allow-headers", "content-type");
+	if (requestOrigin !== "*") {
+		reply.header("vary", "Origin");
+	}
+}
+
+function getAlreadyProcessedText(language: Language, resolvedAction: NotificationMutationAction) {
+	if (resolvedAction === "taken") {
+		return {
+			bodyTitle: language === "de" ? "Bereits verarbeitet" : "Already processed",
+			bodyText:
+				language === "de"
+					? "Diese Einnahme ist bereits als genommen markiert. Wenn Sie das ändern möchten, öffnen Sie MedAssist und machen Sie die Einnahme dort rückgängig."
+					: "This dose is already marked as taken. If you need to change it, open MedAssist and undo it there.",
+			jsonMessage:
+				language === "de"
+					? "Diese Einnahme ist bereits als genommen markiert. Änderungen sind nur in MedAssist möglich."
+					: "This dose is already marked as taken. Changes can only be made in MedAssist.",
+		};
+	}
+
+	return {
+		bodyTitle: language === "de" ? "Bereits verarbeitet" : "Already processed",
+		bodyText:
+			language === "de"
+				? "Diese Einnahme ist bereits als übersprungen markiert. Wenn Sie sie stattdessen als genommen markieren möchten, öffnen Sie MedAssist und machen Sie das dort."
+				: "This intake is already marked as skipped. If you want to mark it as taken instead, open MedAssist and do that there.",
+		jsonMessage:
+			language === "de"
+				? "Diese Einnahme ist bereits als übersprungen markiert. Änderungen sind nur in MedAssist möglich."
+				: "This intake is already marked as skipped. Changes can only be made in MedAssist.",
+	};
+}
+
+function getActionRecordedText(language: Language, action: NotificationMutationAction) {
+	if (action === "taken") {
+		return {
+			bodyTitle: language === "de" ? "Aktion gespeichert" : "Action recorded",
+			bodyText: language === "de" ? "Die Einnahme wurde als genommen markiert." : "The dose was marked as taken.",
+		};
+	}
+
+	return {
+		bodyTitle: language === "de" ? "Aktion gespeichert" : "Action recorded",
+		bodyText: language === "de" ? "Die Einnahme wurde als übersprungen markiert." : "The intake was marked as skipped.",
+	};
+}
+
+function buildReplacementReminderMessage(
+	language: Language,
+	action: NotificationMutationAction,
+	originalMessage: string
+): string {
+	const tr = getTranslations(language);
+	const confirmationLine = action === "taken" ? tr.push.intakeTakenConfirmation : tr.push.intakeSkippedConfirmation;
+	const separatorIndex = originalMessage.indexOf(reminderFooterSeparator);
+
+	if (separatorIndex >= 0) {
+		const beforeFooter = originalMessage.slice(0, separatorIndex).trimEnd();
+		const footer = originalMessage.slice(separatorIndex);
+		return `${beforeFooter}\n\n${confirmationLine}${footer}`;
+	}
+
+	return `${originalMessage.trimEnd()}\n\n${confirmationLine}`;
+}
+
+async function clearNtfyNotificationSequence(userId: number, sequenceId: string): Promise<void> {
+	const [settings] = await db
+		.select({ shoutrrrEnabled: userSettings.shoutrrrEnabled, shoutrrrUrl: userSettings.shoutrrrUrl })
+		.from(userSettings)
+		.where(eq(userSettings.userId, userId));
+
+	if (!settings?.shoutrrrEnabled || !settings.shoutrrrUrl) {
+		return;
+	}
+
+	const sanitized = sanitizeNotificationUrl(settings.shoutrrrUrl);
+	if ("error" in sanitized || !sanitized.isNtfy) {
+		return;
+	}
+
+	const clearUrl = new URL(sanitized.url);
+	clearUrl.pathname = `${clearUrl.pathname.replace(/\/+$/, "")}/${encodeURIComponent(sequenceId)}/clear`;
+
+	const headers: Record<string, string> = {};
+	if (sanitized.auth) {
+		headers.Authorization = `Basic ${Buffer.from(`${sanitized.auth.user}:${sanitized.auth.pass}`).toString("base64")}`;
+	}
+
+	const response = await fetch(clearUrl.toString(), {
+		method: "PUT",
+		headers,
+		redirect: "error",
+	});
+
+	if (!response.ok) {
+		const errorText = await response.text();
+		throw new Error(`HTTP ${response.status}: ${errorText}`);
+	}
+}
+
+async function deleteNtfyNotificationSequence(userId: number, sequenceId: string): Promise<void> {
+	const normalizedSequenceId = sequenceId.trim();
+	if (normalizedSequenceId.length === 0) {
+		return;
+	}
+
+	const [settings] = await db
+		.select({ shoutrrrEnabled: userSettings.shoutrrrEnabled, shoutrrrUrl: userSettings.shoutrrrUrl })
+		.from(userSettings)
+		.where(eq(userSettings.userId, userId));
+
+	if (!settings?.shoutrrrEnabled || !settings.shoutrrrUrl) {
+		return;
+	}
+
+	const sanitized = sanitizeNotificationUrl(settings.shoutrrrUrl);
+	if ("error" in sanitized || !sanitized.isNtfy) {
+		return;
+	}
+
+	const deleteUrl = new URL(sanitized.url);
+	deleteUrl.pathname = `${deleteUrl.pathname.replace(/\/+$/, "")}/${encodeURIComponent(normalizedSequenceId)}`;
+
+	const headers: Record<string, string> = {};
+	if (sanitized.auth) {
+		headers.Authorization = `Basic ${Buffer.from(`${sanitized.auth.user}:${sanitized.auth.pass}`).toString("base64")}`;
+	}
+
+	const response = await fetch(deleteUrl.toString(), {
+		method: "DELETE",
+		headers,
+		redirect: "error",
+	});
+
+	if (!response.ok) {
+		const errorText = await response.text();
+		throw new Error(`HTTP ${response.status}: ${errorText}`);
+	}
+}
+
+async function replaceNtfyNotificationSequence(options: {
+	userId: number;
+	sequenceId: string;
+	language: Language;
+	title: string;
+	originalMessage: string;
+	action: NotificationMutationAction;
+	viewUrl: string | null;
+}): Promise<boolean> {
+	const normalizedSequenceId = options.sequenceId.trim();
+	if (normalizedSequenceId.length === 0) {
+		return false;
+	}
+
+	const [settings] = await db
+		.select({ shoutrrrEnabled: userSettings.shoutrrrEnabled, shoutrrrUrl: userSettings.shoutrrrUrl })
+		.from(userSettings)
+		.where(eq(userSettings.userId, options.userId));
+
+	if (!settings?.shoutrrrEnabled || !settings.shoutrrrUrl) {
+		return false;
+	}
+
+	const sanitized = sanitizeNotificationUrl(settings.shoutrrrUrl);
+	if ("error" in sanitized || !sanitized.isNtfy) {
+		return false;
+	}
+
+	const labels = getNotificationActionLabels(options.language);
+	const replacementMessage = buildReplacementReminderMessage(options.language, options.action, options.originalMessage);
+	const result = await sendPushNotification(settings.shoutrrrUrl, options.title, replacementMessage, {
+		actions: options.viewUrl ? [{ kind: "view", label: labels.view, url: options.viewUrl, method: "GET" }] : undefined,
+		viewUrl: options.viewUrl ?? undefined,
+		clickUrl: options.viewUrl ?? undefined,
+		sequenceId: normalizedSequenceId,
+		tags: ["pill"],
+	});
+
+	if (!result.success) {
+		throw new Error(result.error ?? "Failed to replace ntfy notification");
+	}
+
+	return true;
+}
+
+function renderPage(options: {
+	language: Language;
+	title: string;
+	message: string;
+	bodyTitle: string;
+	bodyText: string;
+	viewUrl: string | null;
+	actionButtons: Array<{ label: string; formAction?: string }>;
+}): string {
+	const labels = getNotificationActionLabels(options.language);
+	const forms =
+		options.actionButtons.length > 0
+			? `<div class="actions">${options.actionButtons
+					.map((button) => {
+						const formAction = button.formAction ? ` action="${escapeHtml(button.formAction)}"` : "";
+						return `<form method="POST"${formAction}><button type="submit">${escapeHtml(button.label)}</button></form>`;
+					})
+					.join("")}</div>`
+			: "";
+	const viewLink = options.viewUrl
+		? `<p><a href="${escapeHtml(options.viewUrl)}">${escapeHtml(labels.view)}</a></p>`
+		: "";
+
+	return `<!DOCTYPE html>
+<html lang="${options.language}">
+  <head>
+    <meta charset="utf-8" />
+    <meta name="viewport" content="width=device-width, initial-scale=1" />
+    <title>${escapeHtml(options.bodyTitle)}</title>
+    <style>
+      body { font-family: system-ui, -apple-system, sans-serif; margin: 0; background: #f4f5f7; color: #1f2937; }
+      main { max-width: 640px; margin: 48px auto; background: white; border-radius: 16px; padding: 24px; box-shadow: 0 12px 40px rgba(15, 23, 42, 0.08); }
+      h1 { margin-top: 0; font-size: 1.5rem; }
+      .card { padding: 16px; border-radius: 12px; background: #f9fafb; margin: 16px 0 24px; }
+      .actions { display: flex; gap: 12px; flex-wrap: wrap; }
+      form { margin: 0; }
+      button, a { display: inline-flex; align-items: center; justify-content: center; min-width: 140px; border-radius: 10px; padding: 12px 16px; font: inherit; text-decoration: none; }
+      button { border: none; background: #0f766e; color: white; cursor: pointer; }
+      form:last-of-type button { background: #475569; }
+      a { background: #e2e8f0; color: #0f172a; }
+      p { line-height: 1.5; }
+    </style>
+  </head>
+  <body>
+    <main>
+      <h1>${escapeHtml(options.bodyTitle)}</h1>
+      <p>${escapeHtml(options.bodyText)}</p>
+      <div class="card">
+        <strong>${escapeHtml(options.title)}</strong>
+        <p>${toHtmlText(options.message)}</p>
+      </div>
+      ${forms}
+      ${viewLink}
+    </main>
+  </body>
+</html>`;
+}
+
+function parseRequestedAction(request: FastifyRequest, tokenKind: string): NotificationMutationAction | null {
+	const normalizedTokenAction = normalizeNotificationAction(tokenKind);
+	if (normalizedTokenAction) {
+		return normalizedTokenAction;
+	}
+
+	const parsedQuery = querySchema.safeParse(request.query);
+	if (parsedQuery.success && parsedQuery.data.action) {
+		return normalizeNotificationAction(parsedQuery.data.action);
+	}
+
+	const body = request.body;
+	if (body && typeof body === "object" && "action" in body) {
+		const actionValue = (body as { action?: unknown }).action;
+		if (typeof actionValue === "string") {
+			return normalizeNotificationAction(actionValue);
+		}
+	}
+
+	return null;
+}
+
+function buildNotificationActionLogContext(
+	record: Awaited<ReturnType<typeof getNotificationActionTokenRecord>> extends infer T ? Exclude<T, null> : never,
+	extra: Record<string, unknown> = {}
+) {
+	return {
+		groupId: record.group.id,
+		userId: record.group.userId,
+		tokenKind: record.token.kind,
+		doseCount: record.doseIds.length,
+		hasViewUrl: record.viewUrl !== null,
+		...extra,
+	};
+}
+
+function buildNotificationRequestLogContext(request: FastifyRequest, extra: Record<string, unknown> = {}) {
+	return {
+		method: request.method,
+		hasOrigin: typeof request.headers.origin === "string",
+		expectsHtml: wantsHtml(request),
+		...extra,
+	};
+}
+
+export async function notificationActionRoutes(app: FastifyInstance) {
+	await app.register(formbody);
+
+	applyOpenApiRouteStandards(app, { tag: "notification-actions", protectedByDefault: false });
+
+	app.options<{ Params: { token: string } }>("/notification-actions/:token", async (request, reply) => {
+		applyPublicNotificationCorsHeaders(request, reply);
+		return reply.status(204).send();
+	});
+
+	app.get<{ Params: { token: string } }>(
+		"/notification-actions/:token",
+		{
+			config: {
+				rateLimit: { max: 30, timeWindow: "1 minute" },
+			},
+			schema: {
+				tags: ["notification-actions"],
+				params: {
+					type: "object",
+					required: ["token"],
+					properties: { token: { type: "string", minLength: 1 } },
+				},
+				response: {
+					404: genericErrorSchema,
+					405: genericErrorSchema,
+					410: genericErrorSchema,
+				},
+			},
+		},
+		async (request, reply) => {
+			applyPublicNotificationCorsHeaders(request, reply);
+
+			const record = await getNotificationActionTokenRecord(request.params.token);
+			if (!record) {
+				request.log.warn(
+					buildNotificationRequestLogContext(request),
+					"[NotificationActions] Unknown notification action token requested"
+				);
+				return reply.status(404).send({ error: "Notification action not found" });
+			}
+
+			if (isNotificationActionExpired(record)) {
+				request.log.warn(
+					buildNotificationActionLogContext(record),
+					"[NotificationActions] Rejected expired notification action GET request"
+				);
+				return reply.status(410).send({ error: "Notification action has expired" });
+			}
+
+			if (record.token.kind !== "respond" && record.group.resolvedAction === null) {
+				request.log.warn(
+					buildNotificationActionLogContext(record),
+					"[NotificationActions] Rejected direct GET for unresolved non-respond token"
+				);
+				return reply.status(405).send({ error: "Direct GET is only available for respond actions" });
+			}
+
+			const language = getLanguage(record.group.language ?? null);
+			const labels = getNotificationActionLabels(language);
+			const resolvedAction = normalizeNotificationAction(record.group.resolvedAction);
+			let bodyTitle: string;
+			let bodyText: string;
+			let actionButtons: Array<{ label: string; formAction?: string }> = [];
+
+			if (resolvedAction) {
+				({ bodyTitle, bodyText } = getAlreadyProcessedText(language, resolvedAction));
+			} else {
+				if (record.token.kind === "taken") {
+					bodyTitle = language === "de" ? "Einnahme bestätigen" : "Confirm dose";
+					bodyText =
+						language === "de"
+							? "Bestätigen Sie, dass diese Einnahme als genommen markiert werden soll."
+							: "Confirm that this dose should be marked as taken.";
+					actionButtons = [{ label: labels.taken }];
+				} else if (record.token.kind === "skip" || record.token.kind === "dismiss") {
+					bodyTitle = language === "de" ? "Einnahme überspringen" : "Skip intake";
+					bodyText =
+						language === "de"
+							? "Bestätigen Sie, dass diese Einnahme als übersprungen markiert werden soll."
+							: "Confirm that this intake should be marked as skipped.";
+					actionButtons = [{ label: labels.skip }];
+				} else {
+					bodyTitle = language === "de" ? "Erinnerung beantworten" : "Respond to reminder";
+					bodyText =
+						language === "de"
+							? "Wählen Sie eine Aktion für diese Medikamentenerinnerung."
+							: "Choose an action for this medication reminder.";
+					actionButtons = [
+						{ label: labels.taken, formAction: "?action=taken" },
+						{ label: labels.skip, formAction: "?action=skip" },
+					];
+				}
+			}
+
+			return reply.type("text/html; charset=utf-8").send(
+				renderPage({
+					language,
+					title: record.group.title,
+					message: record.group.message,
+					bodyTitle,
+					bodyText,
+					viewUrl: record.viewUrl,
+					actionButtons: resolvedAction ? [] : actionButtons,
+				})
+			);
+		}
+	);
+
+	app.post<{ Params: { token: string } }>(
+		"/notification-actions/:token",
+		{
+			config: {
+				rateLimit: { max: 30, timeWindow: "1 minute" },
+			},
+			schema: {
+				tags: ["notification-actions"],
+				params: {
+					type: "object",
+					required: ["token"],
+					properties: { token: { type: "string", minLength: 1 } },
+				},
+				response: {
+					400: genericErrorSchema,
+					404: genericErrorSchema,
+					409: genericErrorSchema,
+					410: genericErrorSchema,
+				},
+			},
+		},
+		async (request, reply) => {
+			applyPublicNotificationCorsHeaders(request, reply);
+
+			const record = await getNotificationActionTokenRecord(request.params.token);
+			if (!record) {
+				request.log.warn(
+					buildNotificationRequestLogContext(request),
+					"[NotificationActions] Unknown notification action token requested"
+				);
+				return reply.status(404).send({ error: "Notification action not found" });
+			}
+
+			if (isNotificationActionExpired(record)) {
+				request.log.warn(
+					buildNotificationActionLogContext(record),
+					"[NotificationActions] Rejected expired notification action POST request"
+				);
+				return reply.status(410).send({ error: "Notification action has expired" });
+			}
+
+			const action = parseRequestedAction(request, record.token.kind);
+			if (!action) {
+				request.log.warn(
+					buildNotificationActionLogContext(record),
+					"[NotificationActions] Missing or invalid action for notification action POST request"
+				);
+				return reply.status(400).send({ error: "Notification action is required" });
+			}
+
+			const language = getLanguage(record.group.language ?? null);
+			const resolvedAction = normalizeNotificationAction(record.group.resolvedAction);
+			if (resolvedAction) {
+				request.log.info(
+					buildNotificationActionLogContext(record, { requestedAction: action, resolvedAction }),
+					"[NotificationActions] Ignored notification action because it was already resolved"
+				);
+				const alreadyProcessedText = getAlreadyProcessedText(language, resolvedAction);
+
+				if (wantsHtml(request)) {
+					return reply.type("text/html; charset=utf-8").send(
+						renderPage({
+							language,
+							title: record.group.title,
+							message: record.group.message,
+							bodyTitle: alreadyProcessedText.bodyTitle,
+							bodyText: alreadyProcessedText.bodyText,
+							viewUrl: record.viewUrl,
+							actionButtons: [],
+						})
+					);
+				}
+
+				return reply.send({
+					success: true,
+					action: resolvedAction,
+					alreadyProcessed: true,
+					message: alreadyProcessedText.jsonMessage,
+				});
+			}
+
+			if (action === "taken") {
+				for (const [doseIndex, doseId] of record.doseIds.entries()) {
+					const result = await markDoseTakenForUser({
+						userId: record.group.userId,
+						doseId,
+						source: "notification",
+						markedBy: null,
+					});
+
+					if (!result.success) {
+						request.log.warn(
+							buildNotificationActionLogContext(record, {
+								requestedAction: action,
+								failedDoseIndex: doseIndex,
+								code: result.code,
+							}),
+							"[NotificationActions] Failed to record taken notification action"
+						);
+						const statusCode = result.code === "INVALID_DOSE" ? 400 : 409;
+						return reply.status(statusCode).send({ error: result.message, code: result.code });
+					}
+				}
+			} else {
+				await skipDosesForUser({ userId: record.group.userId, doseIds: record.doseIds });
+			}
+
+			await db
+				.update(notificationActionGroups)
+				.set({ resolvedAction: action, resolvedAt: new Date(), updatedAt: new Date() })
+				.where(eq(notificationActionGroups.id, record.group.id));
+			await db
+				.update(notificationActionTokens)
+				.set({ usedAt: new Date() })
+				.where(eq(notificationActionTokens.id, record.token.id));
+
+			request.log.info(
+				buildNotificationActionLogContext(record, { requestedAction: action }),
+				"[NotificationActions] Recorded notification action"
+			);
+
+			const recordedText = getActionRecordedText(language, action);
+			let replacedNtfyNotification = false;
+
+			try {
+				replacedNtfyNotification = await replaceNtfyNotificationSequence({
+					userId: record.group.userId,
+					sequenceId: record.group.sequenceId,
+					language,
+					title: record.group.title,
+					originalMessage: record.group.message,
+					action,
+					viewUrl: record.viewUrl,
+				});
+			} catch (error) {
+				request.log.warn(
+					buildNotificationActionLogContext(record, { requestedAction: action, error }),
+					"[NotificationActions] Failed to replace ntfy notification after resolved action"
+				);
+			}
+
+			if (!replacedNtfyNotification) {
+				try {
+					await deleteNtfyNotificationSequence(record.group.userId, record.group.sequenceId);
+				} catch (error) {
+					request.log.warn(
+						buildNotificationActionLogContext(record, { requestedAction: action, error }),
+						"[NotificationActions] Failed to delete ntfy notification after resolved action"
+					);
+					try {
+						await clearNtfyNotificationSequence(record.group.userId, record.group.sequenceId);
+					} catch (clearError) {
+						request.log.warn(
+							buildNotificationActionLogContext(record, { requestedAction: action, error: clearError }),
+							"[NotificationActions] Failed to clear ntfy notification after delete fallback"
+						);
+					}
+				}
+			}
+
+			if (wantsHtml(request)) {
+				return reply.type("text/html; charset=utf-8").send(
+					renderPage({
+						language,
+						title: record.group.title,
+						message: record.group.message,
+						bodyTitle: recordedText.bodyTitle,
+						bodyText: recordedText.bodyText,
+						viewUrl: record.viewUrl,
+						actionButtons: [],
+					})
+				);
+			}
+
+			return reply.send({ success: true, action });
+		}
+	);
+}
@@ -119,7 +119,7 @@ export async function oidcRoutes(app: FastifyInstance) {
 				return reply.redirect(authUrl.href);
 			} catch (err: unknown) {
 				request.log.error({ err }, "[OIDC] Login initialization failed");
-				return reply.redirect(`${getFrontendUrl()}/?error=oidc_init_failed`);
+				return reply.redirect(getFrontendUrl());
 			}
 		}
 	);
@@ -151,25 +151,25 @@ export async function oidcRoutes(app: FastifyInstance) {
 			// Handle OIDC provider errors
 			if (error) {
 				app.log.warn({ error, errorDescription: error_description }, "[OIDC] Provider returned error");
-				return reply.redirect(`${getFrontendUrl()}/?error=oidc_${error}`);
+				return reply.redirect(getFrontendUrl());
 			}

 			if (!code || !state) {
-				return reply.redirect(`${getFrontendUrl()}/?error=oidc_missing_params`);
+				return reply.redirect(getFrontendUrl());
 			}

 			// Verify state
 			const storedState = request.unsignCookie(request.cookies.oidc_state || "");
 			if (!storedState.valid || storedState.value !== state) {
 				request.log.warn("[OIDC] State mismatch during callback validation");
-				return reply.redirect(`${getFrontendUrl()}/?error=oidc_state_mismatch`);
+				return reply.redirect(getFrontendUrl());
 			}

 			// Get code verifier
 			const storedVerifier = request.unsignCookie(request.cookies.oidc_code_verifier || "");
 			if (!storedVerifier.valid || !storedVerifier.value) {
 				request.log.warn("[OIDC] Missing/invalid code verifier cookie");
-				return reply.redirect(`${getFrontendUrl()}/?error=oidc_missing_verifier`);
+				return reply.redirect(getFrontendUrl());
 			}

 			try {
@@ -190,7 +190,7 @@ export async function oidcRoutes(app: FastifyInstance) {
 				const sub = tokens.claims()?.sub;
 				if (!sub) {
 					request.log.error("[OIDC] Missing sub claim in token response");
-					return reply.redirect(`${getFrontendUrl()}/?error=oidc_missing_sub`);
+					return reply.redirect(getFrontendUrl());
 				}
 				const userInfo = await client.fetchUserInfo(config, tokens.access_token, sub);

@@ -208,7 +208,7 @@ export async function oidcRoutes(app: FastifyInstance) {
 						{ hasUsername: Boolean(username), hasOidcSubject: Boolean(oidcSubject) },
 						"[OIDC] Missing required user info"
 					);
-					return reply.redirect(`${getFrontendUrl()}/?error=oidc_missing_user_info`);
+					return reply.redirect(getFrontendUrl());
 				}

 				// Clean cookies
@@ -219,7 +219,7 @@ export async function oidcRoutes(app: FastifyInstance) {
 				const user = await findOrCreateOIDCUser(username, oidcSubject, reply);

 				if (!user) {
-					return reply.redirect(`${getFrontendUrl()}/?error=oidc_user_creation_failed`);
+					return reply.redirect(getFrontendUrl());
 				}

 				// Update last login
@@ -248,7 +248,7 @@ export async function oidcRoutes(app: FastifyInstance) {
 				return reply.redirect(`${frontendUrl}/dashboard`);
 			} catch (err: unknown) {
 				request.log.error({ err }, "[OIDC] Callback processing failed");
-				return reply.redirect(`${getFrontendUrl()}/?error=oidc_callback_failed`);
+				return reply.redirect(getFrontendUrl());
 			}
 		}
 	);
@@ -1,6 +1,5 @@
 import { and, eq } from "drizzle-orm";
 import type { FastifyInstance, FastifyRequest } from "fastify";
-import nodemailer from "nodemailer";
 import { db } from "../db/client.js";
 import { medications } from "../db/schema.js";
 import {
@@ -20,7 +19,7 @@ import {
 	type StockReminderItem as SharedStockReminderItem,
 } from "../services/notifications/builders.js";
 import { getSmtpConfig, sendEmailNotification, sendPushNotification } from "../services/notifications/delivery.js";
-import { escapeHtml, getDeliveryError, getPlannerUnit, isContainerPackage } from "../services/planner-service.js";
+import { escapeHtml, formatPlannerQuantity, getPlannerUnit, isContainerPackage } from "../services/planner-service.js";
 import { updateReminderSentTime, updateUserReminderSentTime } from "../services/reminder-scheduler.js";
 import type { AuthUser } from "../types/fastify.js";
 import {
@@ -55,6 +54,7 @@ type SendEmailBody = {
 type LowStockItem = {
 	name: string;
 	medsLeft: number;
+	packageType?: string;
 	daysLeft: number | null;
 	depletionDate: string | null;
 	isCritical?: boolean;
@@ -428,19 +428,9 @@ ${getFooterPlain(language)}`;
    `;

 					try {
-						const transporter = nodemailer.createTransport({
-							host: smtpHost,
-							port: smtpPort,
-							secure: smtpSecure,
-							auth: {
-								user: smtpUser,
-								pass: smtpPass ?? "",
-							},
-						});
-
 						request.log.info({ userId, recipientEmail: email }, "[Planner] Sending demand email");

-						const mailResult = await transporter.sendMail({
+						const mailResult = await sendEmailNotification({
 							from: smtpFrom,
 							to: email,
 							subject: t(dc.subject, { from: fromDate, until: untilDate }),
@@ -448,9 +438,8 @@ ${getFooterPlain(language)}`;
 							html,
 						});

-						const deliveryError = getDeliveryError(mailResult);
-						if (deliveryError) {
-							throw new Error(deliveryError);
+						if (!mailResult.success) {
+							throw new Error(mailResult.error ?? "Failed to send demand email");
 						}

 						request.log.info(
@@ -579,11 +568,10 @@ ${getFooterPlain(language)}`;
 					.map((med) => [med.name || med.genericName || "", normalizePackageType(med.packageType)] as const)
 					.filter(([name]) => name.length > 0)
 			);
-			const filteredLowStock = lowStock.filter((item) => {
+			const filteredLowStock = lowStock.flatMap((item) => {
 				const packageType = activeMedicationByName.get(item.name);
-				if (!packageType) return false;
-				if (isTubePackageType(packageType)) return false;
-				return true;
+				if (!packageType || isTubePackageType(packageType)) return [];
+				return [{ ...item, packageType }];
 			});
 			if (filteredLowStock.length === 0) {
 				request.log.warn("[ReminderManual] Stock reminder skipped: no active medications after filtering");
@@ -656,7 +644,7 @@ ${getFooterPlain(language)}`;
 				messageParts.push(`🚨 ${tr.push.criticalSection}:`);
 				criticalMeds.forEach((r) =>
 					messageParts.push(
-						`  • ${r.name}: ${t(tr.push.pillsLeft, { count: r.medsLeft })}, ${t(tr.push.daysLeft, { count: r.daysLeft ?? 0 })}`
+						`  • ${r.name}: ${formatPlannerQuantity(r.packageType, r.medsLeft, tr)}, ${t(tr.push.daysLeft, { count: r.daysLeft ?? 0 })}`
 					)
 				);
 			}
@@ -665,7 +653,7 @@ ${getFooterPlain(language)}`;
 				messageParts.push(`⚠️ ${tr.push.lowStockSection}:`);
 				lowStockMeds.forEach((r) =>
 					messageParts.push(
-						`  • ${r.name}: ${t(tr.push.pillsLeft, { count: r.medsLeft })}, ${t(tr.push.daysLeft, { count: r.daysLeft ?? 0 })}`
+						`  • ${r.name}: ${formatPlannerQuantity(r.packageType, r.medsLeft, tr)}, ${t(tr.push.daysLeft, { count: r.daysLeft ?? 0 })}`
 					)
 				);
 			}
@@ -746,12 +734,13 @@ ${getFooterPlain(language)}`;
 						const rowBg = isEmpty ? "#fef2f2" : nonEmptyBg;
 						const safeName = escapeHtml(row.name);
 						const safeMedsLeft = Number(row.medsLeft) || 0;
+						const safeQuantity = escapeHtml(formatPlannerQuantity(row.packageType, safeMedsLeft, tr));
 						const safeDaysLeft = Number(row.daysLeft) || 0;
 						const safeDepletionDate = row.depletionDate ? escapeHtml(String(row.depletionDate)) : "-";
 						return `
          <tr style="background: ${rowBg};">
            <td style="padding: 10px 12px; border-bottom: 1px solid #e5e7eb; white-space: nowrap;">${statusIcon} ${safeName}</td>
-            <td style="padding: 10px 12px; border-bottom: 1px solid #e5e7eb; text-align: center; white-space: nowrap; ${isEmpty ? "color: #dc2626; font-weight: 600;" : ""}"><strong>${safeMedsLeft}</strong></td>
+            <td style="padding: 10px 12px; border-bottom: 1px solid #e5e7eb; text-align: center; white-space: nowrap; ${isEmpty ? "color: #dc2626; font-weight: 600;" : ""}"><strong>${safeQuantity}</strong></td>
            <td style="padding: 10px 12px; border-bottom: 1px solid #e5e7eb; text-align: center; white-space: nowrap;">${safeDaysLeft}</td>
            <td style="padding: 10px 12px; border-bottom: 1px solid #e5e7eb; text-align: center; white-space: nowrap;">${isEmpty ? `<strong>${tr.stockReminder.now}</strong>` : safeDepletionDate}</td>
          </tr>`;
@@ -12,16 +12,22 @@ import {
 	idParamsSchema,
 	validationErrorSchema,
 } from "../utils/openapi-route-standards.js";
-import { isAmountBasedPackageType, normalizePackageType } from "../utils/package-profiles.js";
+import {
+	isAmountBasedPackageType,
+	isDiscreteCountPackageType,
+	isPackageAmountPackageType,
+	normalizePackageType,
+} from "../utils/package-profiles.js";

 const refillSchema = z
 	.object({
 		packsAdded: z.number().int().min(0).default(0),
 		loosePillsAdded: z.number().int().min(0).default(0),
+		quantityAdded: z.number().int().min(0).default(0),
 		usePrescription: z.boolean().default(false),
 	})
-	.refine((data) => data.packsAdded > 0 || data.loosePillsAdded > 0, {
-		message: "Must add at least one pack or some loose pills",
+	.refine((data) => data.packsAdded > 0 || data.loosePillsAdded > 0 || data.quantityAdded > 0, {
+		message: "Must add at least one pack or some quantity",
 	});

 const refillBodyOpenApiSchema = {
@@ -29,12 +35,14 @@ const refillBodyOpenApiSchema = {
 	properties: {
 		packsAdded: { type: "integer", minimum: 0, default: 0 },
 		loosePillsAdded: { type: "integer", minimum: 0, default: 0 },
+		quantityAdded: { type: "integer", minimum: 0, default: 0 },
 		usePrescription: { type: "boolean", default: false },
 	},
-	description: "Provide at least one pack or some loose pills.",
+	description: "Provide at least one pack or some quantity.",
 	example: {
 		packsAdded: 1,
 		loosePillsAdded: 4,
+		quantityAdded: 4,
 		usePrescription: true,
 	},
 } as const;
@@ -49,6 +57,7 @@ const refillResponseSchema = {
 				id: { type: "number" },
 				packsAdded: { type: "integer" },
 				loosePillsAdded: { type: "integer" },
+				quantityAdded: { type: "number" },
 				totalPillsAdded: { type: "number" },
 				refillDate: { type: "string", format: "date-time" },
 			},
@@ -80,6 +89,7 @@ const refillHistoryItemSchema = {
 		id: { type: "number" },
 		packsAdded: { type: "integer" },
 		loosePillsAdded: { type: "integer" },
+		quantityAdded: { type: "number" },
 		totalPillsAdded: { type: "number" },
 		usedPrescription: { type: "boolean" },
 		refillDate: { type: "string", format: "date-time" },
@@ -136,11 +146,12 @@ export async function refillRoutes(app: FastifyInstance) {
 				.where(and(eq(medications.id, medId), eq(medications.userId, userId)));
 			if (!med) return reply.notFound("Medication not found");

-			const { packsAdded, loosePillsAdded, usePrescription } = parsed.data;
+			const { packsAdded, loosePillsAdded, quantityAdded, usePrescription } = parsed.data;
 			const packageType = normalizePackageType(med.packageType);
-			const isBottle = packageType === "bottle";
+			const isDiscreteCountPackage = isDiscreteCountPackageType(packageType);
 			const isAmountBased = isAmountBasedPackageType(packageType);
-			const isCountBasedAmountPackage = isAmountBased && !isBottle;
+			const isPackageAmountPackage = isPackageAmountPackageType(packageType);
+			const pillsPerPack = isDiscreteCountPackage ? 0 : med.blistersPerPack * med.pillsPerBlister;

 			const configuredAmountPerPackage = Number(med.packageAmountValue ?? 0);
 			const fallbackAmountPerPackage = Math.max(
@@ -153,19 +164,17 @@ export async function refillRoutes(app: FastifyInstance) {
 					: fallbackAmountPerPackage;

 			const requestedPackAdds = Math.max(0, packsAdded);
-			const requestedAmountAdds = Math.max(0, loosePillsAdded);
-			const derivedCountFromAmount = Math.max(0, Math.round(requestedAmountAdds / amountPerPackage));
-
+			const requestedLooseAdds = Math.max(0, loosePillsAdded);
+			const requestedQuantityAdds = Math.max(0, quantityAdded > 0 ? quantityAdded : requestedLooseAdds);
 			let effectivePacksAdded = requestedPackAdds;
-			if (isBottle) {
+			if (isDiscreteCountPackage) {
 				effectivePacksAdded = 0;
-			} else if (isCountBasedAmountPackage) {
-				effectivePacksAdded = Math.max(requestedPackAdds, derivedCountFromAmount);
 			}
-			const effectiveLoosePillsAdded = isCountBasedAmountPackage
-				? effectivePacksAdded * amountPerPackage
-				: requestedAmountAdds;
+			const effectiveLoosePillsAdded = isPackageAmountPackage ? requestedQuantityAdds : requestedLooseAdds;
 			const remainingPrescriptionRefills = med.prescriptionRemainingRefills ?? 0;
+			const totalPillsAdded = isAmountBased
+				? effectiveLoosePillsAdded
+				: effectivePacksAdded * pillsPerPack + effectiveLoosePillsAdded;

 			if (effectivePacksAdded < 1 && effectiveLoosePillsAdded < 1) {
 				return reply.status(400).send({ error: "Must add at least one pack or some loose pills" });
@@ -178,29 +187,50 @@ export async function refillRoutes(app: FastifyInstance) {
 				if (remainingPrescriptionRefills <= 0) {
 					return reply.status(409).send({ error: "No remaining prescription refills" });
 				}
-				if (!isBottle && effectivePacksAdded > remainingPrescriptionRefills) {
+				if (!isDiscreteCountPackage && effectivePacksAdded > remainingPrescriptionRefills) {
 					return reply.status(409).send({ error: "Packs to add exceed remaining prescription refills" });
 				}
 			}

-			// Update medication stock
-			const newPackCount = med.packCount + effectivePacksAdded;
-			const newLooseTablets = med.looseTablets + effectiveLoosePillsAdded;
-			const previousAmountBase = med.totalPills ?? med.looseTablets;
-			const newTotalAmount = previousAmountBase + effectiveLoosePillsAdded;
+			const refillBaselineAt = new Date();
+			const baselineStockBeforeRefill = isAmountBased
+				? med.looseTablets + (med.stockAdjustment ?? 0)
+				: med.packCount * pillsPerPack + med.looseTablets + (med.stockAdjustment ?? 0);
+			const targetCurrentStock = baselineStockBeforeRefill + totalPillsAdded;
+
+			// Update medication stock. Refill establishes a new persisted stock baseline and resets
+			// `lastStockCorrectionAt` so pre-refill dose history is ignored for future stock math.
+			let newPackCount = med.packCount + effectivePacksAdded;
+			let newLooseTablets = med.looseTablets + effectiveLoosePillsAdded;
+			let newStockAdjustment = med.stockAdjustment ?? 0;
+			let newTotalAmount = med.totalPills ?? med.looseTablets;
+
+			if (isDiscreteCountPackage) {
+				newLooseTablets = targetCurrentStock;
+				newTotalAmount = Math.max(newTotalAmount, targetCurrentStock);
+				newStockAdjustment = 0;
+			} else if (isPackageAmountPackage) {
+				newPackCount = Math.max(1, Math.ceil(targetCurrentStock / amountPerPackage));
+				newLooseTablets = targetCurrentStock;
+				newTotalAmount = targetCurrentStock;
+				newStockAdjustment = 0;
+			} else {
+				const structuralBaseAfterRefill = newPackCount * pillsPerPack + newLooseTablets;
+				newStockAdjustment = targetCurrentStock - structuralBaseAfterRefill;
+			}

 			let consumedRefills = 0;
 			if (usePrescription) {
-				consumedRefills = isBottle ? 1 : effectivePacksAdded;
+				consumedRefills = isDiscreteCountPackage ? 1 : effectivePacksAdded;
 			}
 			const newRemainingRefills = usePrescription
 				? Math.max(0, remainingPrescriptionRefills - consumedRefills)
 				: (med.prescriptionRemainingRefills ?? null);

-			const refillBaselineAt = new Date();
 			const updatePayload: {
 				packCount: number;
 				looseTablets: number;
+				stockAdjustment: number;
 				totalPills?: number;
 				packageAmountValue?: number;
 				prescriptionRemainingRefills: number | null;
@@ -209,12 +239,13 @@ export async function refillRoutes(app: FastifyInstance) {
 			} = {
 				packCount: newPackCount,
 				looseTablets: newLooseTablets,
+				stockAdjustment: newStockAdjustment,
 				prescriptionRemainingRefills: newRemainingRefills,
 				lastStockCorrectionAt: refillBaselineAt,
 				updatedAt: refillBaselineAt,
 			};

-			if (isCountBasedAmountPackage) {
+			if (isPackageAmountPackage) {
 				updatePayload.totalPills = newTotalAmount;
 				updatePayload.packageAmountValue = amountPerPackage;
 			}
@@ -236,31 +267,20 @@ export async function refillRoutes(app: FastifyInstance) {
 				})
 				.returning();

-			// Calculate pills added for response (packageType-aware)
-			const pillsPerPack = isBottle ? 0 : med.blistersPerPack * med.pillsPerBlister;
-			const totalPillsAdded = isAmountBased
-				? effectiveLoosePillsAdded
-				: effectivePacksAdded * pillsPerPack + effectiveLoosePillsAdded;
-			let newTotalPills = newPackCount * pillsPerPack + newLooseTablets + (med.stockAdjustment ?? 0);
-			if (isCountBasedAmountPackage) {
-				newTotalPills = (newTotalAmount ?? 0) + (med.stockAdjustment ?? 0);
-			} else if (isBottle) {
-				newTotalPills = newLooseTablets + (med.stockAdjustment ?? 0);
-			}
-
 			return {
 				success: true,
 				refill: {
 					id: refill.id,
 					packsAdded: effectivePacksAdded,
 					loosePillsAdded: effectiveLoosePillsAdded,
+					quantityAdded: totalPillsAdded,
 					totalPillsAdded,
 					refillDate: refill.refillDate,
 				},
 				newStock: {
 					packCount: newPackCount,
 					looseTablets: newLooseTablets,
-					totalPills: newTotalPills,
+					totalPills: targetCurrentStock,
 				},
 				prescription: {
 					used: usePrescription,
@@ -308,14 +328,15 @@ export async function refillRoutes(app: FastifyInstance) {
 				.orderBy(desc(refillHistory.refillDate));

 			const packageType = normalizePackageType(med.packageType);
-			const isBottle = packageType === "bottle";
+			const isDiscreteCountPackage = isDiscreteCountPackageType(packageType);
 			const isAmountBased = isAmountBasedPackageType(packageType);
-			const pillsPerPack = isBottle ? 0 : med.blistersPerPack * med.pillsPerBlister;
+			const pillsPerPack = isDiscreteCountPackage ? 0 : med.blistersPerPack * med.pillsPerBlister;

 			return refills.map((r) => ({
 				id: r.id,
 				packsAdded: r.packsAdded,
 				loosePillsAdded: r.loosePillsAdded,
+				quantityAdded: isAmountBased ? r.loosePillsAdded : r.packsAdded * pillsPerPack + r.loosePillsAdded,
 				totalPillsAdded: isAmountBased ? r.loosePillsAdded : r.packsAdded * pillsPerPack + r.loosePillsAdded,
 				usedPrescription: r.usedPrescription ?? false,
 				refillDate: r.refillDate,
@@ -14,6 +14,7 @@ import {

 const reportDataSchema = z.object({
 	medicationIds: z.array(z.number().int().positive()).min(1).max(100),
+	takenByFilter: z.array(z.string().trim().min(1).max(100)).max(50).optional(),
 });

 const reportDataBodyOpenApiSchema = {
@@ -26,12 +27,27 @@ const reportDataBodyOpenApiSchema = {
 			maxItems: 100,
 			items: { type: "integer", minimum: 1 },
 		},
+		takenByFilter: {
+			type: "array",
+			maxItems: 50,
+			items: { type: "string", minLength: 1, maxLength: 100 },
+		},
 	},
 	example: {
 		medicationIds: [1, 3, 5],
+		takenByFilter: ["Daniel"],
 	},
 } as const;

+function matchesTakenByFilter(doseId: string, takenByFilter: Set<string> | null): boolean {
+	if (!takenByFilter) return true;
+	const parts = doseId.split("-");
+	if (parts.length < 4) return false;
+	const takenBy = parts.at(-1)?.trim();
+	if (!takenBy) return false;
+	return takenByFilter.has(takenBy);
+}
+
 const reportDataResponseSchema = {
 	type: "object",
 	additionalProperties: {
@@ -39,7 +55,7 @@ const reportDataResponseSchema = {
 		properties: {
 			dosesTaken: { type: "integer" },
 			automaticDosesTaken: { type: "integer" },
-			dosesDismissed: { type: "integer" },
+			dosesSkipped: { type: "integer" },
 			firstDoseAt: { type: "string" },
 			lastDoseAt: { type: "string" },
 			refills: {
@@ -49,6 +65,7 @@ const reportDataResponseSchema = {
 					properties: {
 						packsAdded: { type: "integer" },
 						loosePillsAdded: { type: "integer" },
+						quantityAdded: { type: "integer" },
 						usedPrescription: { type: "boolean" },
 						refillDate: { type: "string", format: "date-time" },
 					},
@@ -93,10 +110,22 @@ export async function reportRoutes(app: FastifyInstance) {
 			if (!parsed.success) return reply.status(400).send(parsed.error.format());

 			const userId = await getUserId(req, reply);
-			const { medicationIds } = parsed.data;
+			const { medicationIds, takenByFilter } = parsed.data;
+			const normalizedTakenByFilter = takenByFilter?.length
+				? new Set(takenByFilter.map((value) => value.trim()))
+				: null;

 			// Verify all medications belong to this user
-			const userMeds = await db.select({ id: medications.id }).from(medications).where(eq(medications.userId, userId));
+			const userMeds = await db
+				.select({
+					id: medications.id,
+					packageType: medications.packageType,
+					blistersPerPack: medications.blistersPerPack,
+					pillsPerBlister: medications.pillsPerBlister,
+				})
+				.from(medications)
+				.where(eq(medications.userId, userId));
+			const medMap = new Map(userMeds.map((med) => [med.id, med]));
 			const userMedIds = new Set(userMeds.map((m) => m.id));

 			for (const id of medicationIds) {
@@ -122,6 +151,7 @@ export async function reportRoutes(app: FastifyInstance) {
 			for (const dose of allDoses) {
 				const medId = Number.parseInt(dose.doseId.split("-")[0], 10);
 				if (Number.isNaN(medId) || !medicationIds.includes(medId)) continue;
+				if (!matchesTakenByFilter(dose.doseId, normalizedTakenByFilter)) continue;
 				if (!dosesByMed.has(medId)) dosesByMed.set(medId, []);
 				dosesByMed.get(medId)!.push({
 					takenAt: dose.takenAt,
@@ -136,10 +166,16 @@ export async function reportRoutes(app: FastifyInstance) {
 				{
 					dosesTaken: number;
 					automaticDosesTaken: number;
-					dosesDismissed: number;
+					dosesSkipped: number;
 					firstDoseAt: string | null;
 					lastDoseAt: string | null;
-					refills: { packsAdded: number; loosePillsAdded: number; usedPrescription: boolean; refillDate: string }[];
+					refills: {
+						packsAdded: number;
+						loosePillsAdded: number;
+						quantityAdded: number;
+						usedPrescription: boolean;
+						refillDate: string;
+					}[];
 				}
 			> = {};

@@ -147,9 +183,12 @@ export async function reportRoutes(app: FastifyInstance) {
 				const doses = dosesByMed.get(medId) ?? [];
 				const takenDoses = doses.filter((d) => !d.dismissed);
 				const automaticTakenDoses = takenDoses.filter((d) => d.takenSource === "automatic");
-				const dismissedDoses = doses.filter((d) => d.dismissed);
+				const skippedDoses = doses.filter((d) => d.dismissed);

 				const sortedTaken = takenDoses.map((d) => d.takenAt.getTime()).sort((a, b) => a - b);
+				const medication = medMap.get(medId);
+				const pillsPerPack = Math.max(1, (medication?.blistersPerPack ?? 1) * (medication?.pillsPerBlister ?? 1));
+				const isAmountBased = medication?.packageType === "liquid_container" || medication?.packageType === "tube";

 				// Get refills for this medication scoped to the authenticated user.
 				const refills = await db
@@ -160,12 +199,13 @@ export async function reportRoutes(app: FastifyInstance) {
 				result[medId] = {
 					dosesTaken: takenDoses.length,
 					automaticDosesTaken: automaticTakenDoses.length,
-					dosesDismissed: dismissedDoses.length,
+					dosesSkipped: skippedDoses.length,
 					firstDoseAt: sortedTaken.length > 0 ? new Date(sortedTaken[0]).toISOString() : null,
 					lastDoseAt: sortedTaken.length > 0 ? new Date(sortedTaken[sortedTaken.length - 1]).toISOString() : null,
 					refills: refills.map((r) => ({
 						packsAdded: r.packsAdded,
 						loosePillsAdded: r.loosePillsAdded,
+						quantityAdded: isAmountBased ? r.loosePillsAdded : r.packsAdded * pillsPerPack + r.loosePillsAdded,
 						usedPrescription: r.usedPrescription ?? false,
 						refillDate: r.refillDate instanceof Date ? r.refillDate.toISOString() : String(r.refillDate),
 					})),
@@ -1,16 +1,27 @@
 import { eq } from "drizzle-orm";
 import type { FastifyInstance, FastifyReply, FastifyRequest } from "fastify";
-import nodemailer from "nodemailer";
 import { db } from "../db/client.js";
 import { userSettings } from "../db/schema.js";
+import { getDateLocale, getFooterPlain, getTranslations, type Language, t } from "../i18n/translations.js";
 import { getAnonymousUserId, requireAuth } from "../plugins/auth.js";
 import { env } from "../plugins/env.js";
+import {
+	createTestNotificationActionContext,
+	storeNotificationActionGroupNtfyMessageId,
+} from "../services/notification-actions-service.js";
+import {
+	type PushNotificationOptions,
+	renderNotificationActionPayload,
+} from "../services/notifications/action-renderer.js";
+import { getSmtpConfig, sendEmailNotification } from "../services/notifications/delivery.js";
 import {
 	classifyTestEmailFailure,
 	getAllUserSettingsFromDb,
+	getAvailableTimezones,
 	getDefaultSettings,
 	getNotificationProvider,
 	loadUserSettingsFromDb,
+	normalizeSettingsTimezone,
 	sanitizeNotificationUrl,
 	type UserSettings,
 	validateNotificationHostname,
@@ -20,6 +31,7 @@ import type { AuthUser } from "../types/fastify.js";
 export type { UserSettings } from "../services/settings-service.js";

 type SettingsBody = {
+	timezone: string;
 	emailEnabled: boolean;
 	notificationEmail: string;
 	reminderDaysBefore: number;
@@ -67,36 +79,6 @@ const settingsErrorSchema = {
 	},
 };

-type MailDeliveryInfo = {
-	accepted?: unknown;
-	rejected?: unknown;
-	response?: unknown;
-};
-
-function normalizeRecipients(value: unknown): string[] {
-	if (!Array.isArray(value)) return [];
-	return value
-		.map((entry) => (typeof entry === "string" ? entry : String(entry ?? "")))
-		.map((entry) => entry.trim())
-		.filter(Boolean);
-}
-
-function getDeliveryError(info: MailDeliveryInfo): string | null {
-	const accepted = normalizeRecipients(info.accepted);
-	const rejected = normalizeRecipients(info.rejected);
-
-	if (accepted.length > 0) return null;
-	if (rejected.length > 0) {
-		return `SMTP rejected all recipients: ${rejected.join(", ")}`;
-	}
-
-	if (typeof info.response === "string" && info.response.trim()) {
-		return `SMTP did not confirm accepted recipients. Response: ${info.response}`;
-	}
-
-	return "SMTP did not confirm accepted recipients.";
-}
-
 function envInt(key: string, defaultVal: number): number {
 	const val = process.env[key];
 	if (val === undefined) return defaultVal;
@@ -104,6 +86,24 @@ function envInt(key: string, defaultVal: number): number {
 	return Number.isNaN(parsed) ? defaultVal : parsed;
 }

+function getLanguage(language: string | null | undefined): Language {
+	return language === "de" ? "de" : "en";
+}
+
+function buildInteractiveTestPushNotification(language: Language): { title: string; message: string } {
+	const tr = getTranslations(language);
+	const reminderAt = new Date(Date.now() + 60 * 1000);
+	const reminderTime = new Intl.DateTimeFormat(getDateLocale(language), {
+		hour: "2-digit",
+		minute: "2-digit",
+	}).format(reminderAt);
+
+	return {
+		title: t(tr.push.intakeTitle, { minutes: 1 }),
+		message: `• MedAssist-ng Test: 1 ${tr.common.pill} (100 mg) @ ${reminderTime}\n\n---\n${getFooterPlain(language)}`,
+	};
+}
+
 async function getOrCreateUserSettings(userId: number) {
 	let [settings] = await db.select().from(userSettings).where(eq(userSettings.userId, userId));

@@ -174,6 +174,9 @@ export async function settingsRoutes(app: FastifyInstance) {
 			const reminderMinutesBefore = envInt("REMINDER_MINUTES_BEFORE", 15);

 			return reply.send({
+				timezone: settings.timezone ?? "",
+				availableTimezones: getAvailableTimezones(),
+				serverTimezone: process.env.TZ || "UTC",
 				// User notification settings (from DB)
 				emailEnabled: settings.emailEnabled,
 				notificationEmail: settings.notificationEmail ?? "",
@@ -241,6 +244,7 @@ export async function settingsRoutes(app: FastifyInstance) {
 					type: "object",
 					required: ["emailEnabled", "notificationEmail", "reminderDaysBefore", "language"],
 					properties: {
+						timezone: { type: "string" },
 						emailEnabled: { type: "boolean" },
 						notificationEmail: { type: "string" },
 						reminderDaysBefore: { type: "number" },
@@ -293,6 +297,7 @@ export async function settingsRoutes(app: FastifyInstance) {
 						upcomingTodayOnly: false,
 						shareScheduleTodayOnly: false,
 						swapDashboardMainSections: false,
+						timezone: "",
 					},
 				},
 				response: {
@@ -318,6 +323,7 @@ export async function settingsRoutes(app: FastifyInstance) {
 			const existingSettings = await db.select().from(userSettings).where(eq(userSettings.userId, userId));

 			const settingsData = {
+				timezone: normalizeSettingsTimezone(body.timezone),
 				emailEnabled: body.emailEnabled,
 				notificationEmail: body.notificationEmail || null,
 				emailStockReminders: body.emailStockReminders ?? true,
@@ -445,49 +451,34 @@ export async function settingsRoutes(app: FastifyInstance) {
 		async (request, reply) => {
 			const { email } = request.body;

-			const smtpHost = process.env.SMTP_HOST;
-			const smtpUser = process.env.SMTP_USER;
-			const smtpPass = process.env.SMTP_TOKEN || process.env.SMTP_PASS;
-			const smtpPort = parseInt(process.env.SMTP_PORT ?? "587", 10);
-			const smtpSecure = process.env.SMTP_SECURE === "true";
-			const smtpFrom = process.env.SMTP_FROM ?? smtpUser;
+			const smtp = getSmtpConfig();

 			request.log.info(
 				{
 					to: email,
-					hasSmtpHost: Boolean(smtpHost),
-					hasSmtpUser: Boolean(smtpUser),
-					hasSmtpPass: Boolean(smtpPass),
-					hasSmtpFrom: Boolean(smtpFrom),
-					smtpPort,
-					smtpSecure,
+					hasSmtpHost: Boolean(smtp.host),
+					hasSmtpUser: Boolean(smtp.user),
+					hasSmtpPass: Boolean(smtp.pass),
+					hasSmtpFrom: Boolean(smtp.from),
+					smtpPort: smtp.port,
+					smtpSecure: smtp.secure,
 				},
 				"[Settings] Test email request received"
 			);

-			if (!smtpHost || !smtpUser) {
+			if (!smtp.host || !smtp.user) {
 				request.log.warn(
-					{ to: email, hasSmtpHost: Boolean(smtpHost), hasSmtpUser: Boolean(smtpUser) },
+					{ to: email, hasSmtpHost: Boolean(smtp.host), hasSmtpUser: Boolean(smtp.user) },
 					"[Settings] Test email skipped: SMTP not configured"
 				);
 				return reply.status(400).send({ error: "SMTP not configured" });
 			}

 			try {
-				const transporter = nodemailer.createTransport({
-					host: smtpHost,
-					port: smtpPort,
-					secure: smtpSecure,
-					auth: {
-						user: smtpUser,
-						pass: smtpPass ?? "",
-					},
-				});
-
 				request.log.info({ to: email }, "[Settings] Sending test email");

-				const mailResult = await transporter.sendMail({
-					from: smtpFrom,
+				const mailResult = await sendEmailNotification({
+					from: smtp.from,
 					to: email,
 					subject: "MedAssist-ng - Test Email",
 					text: "This is a test email from MedAssist-ng. If you received this, your email configuration is working correctly!",
@@ -502,9 +493,8 @@ export async function settingsRoutes(app: FastifyInstance) {
        `,
 				});

-				const deliveryError = getDeliveryError(mailResult);
-				if (deliveryError) {
-					throw new Error(deliveryError);
+				if (!mailResult.success) {
+					throw new Error(mailResult.error ?? "Failed to send test email");
 				}

 				request.log.info({ to: email, messageId: mailResult.messageId }, "[Settings] Test email sent");
@@ -559,14 +549,33 @@ export async function settingsRoutes(app: FastifyInstance) {
 			}

 			try {
+				const userId = await getUserId(request, reply);
+				const settings = await getOrCreateUserSettings(userId);
+				const language = getLanguage(settings.language);
+				const { title, message } = buildInteractiveTestPushNotification(language);
+				const actionContext = await createTestNotificationActionContext({
+					userId,
+					title,
+					message,
+					publicAppUrl: env.PUBLIC_APP_URL,
+					language,
+				});
 				const provider = getNotificationProvider(url);
-				const result = await sendShoutrrrNotification(
-					url,
-					"MedAssist-ng Test",
-					"This is a test notification from MedAssist-ng. If you received this, your notification configuration is working correctly!"
-				);
+				const result = await sendShoutrrrNotification(url, title, message, {
+					actions: actionContext?.actions,
+					respondUrl: actionContext?.respondUrl,
+					viewUrl: actionContext?.viewUrl,
+					clickUrl: actionContext?.respondUrl ?? actionContext?.viewUrl,
+					sequenceId: actionContext?.sequenceId,
+					tags: ["pill"],
+					priority: 3,
+				});

 				if (result.success) {
+					if (actionContext?.groupId && result.providerMessageId) {
+						await storeNotificationActionGroupNtfyMessageId(actionContext.groupId, result.providerMessageId);
+					}
+
 					request.log.info({ provider }, "[Settings] Test push notification sent");
 					return reply.send({ success: true, message: "Test notification sent successfully" });
 				} else {
@@ -589,8 +598,9 @@ export async function settingsRoutes(app: FastifyInstance) {
 export async function sendShoutrrrNotification(
 	urlStr: string,
 	title: string,
-	message: string
-): Promise<{ success: boolean; error?: string }> {
+	message: string,
+	options: PushNotificationOptions = {}
+): Promise<{ success: boolean; error?: string; providerMessageId?: string }> {
 	try {
 		if (urlStr.startsWith("pushover://")) {
 			const pushoverAuthority = urlStr.slice("pushover://".length).split("/")[0] ?? "";
@@ -743,12 +753,13 @@ export async function sendShoutrrrNotification(
 		}

 		// Use ONLY the reconstructed URL from validation - never the original urlStr
-		const { url: sanitizedUrl, isNtfy: _isNtfy, auth } = validation;
+		const { url: sanitizedUrl, isNtfy, auth } = validation;

 		let targetUrl: string;
 		const method = "POST";
 		let headers: Record<string, string> = {};
 		let body: string | undefined;
+		const renderedPayload = renderNotificationActionPayload(urlStr, message, options);

 		// Remove emojis from title for header compatibility
 		const cleanTitle = title
@@ -793,19 +804,27 @@ export async function sendShoutrrrNotification(
 			// characters (umlauts, accents, etc.) through HTTP headers
 			const encodedTitle = `=?UTF-8?B?${Buffer.from(cleanTitle, "utf-8").toString("base64")}?=`;
 			headers = { Title: encodedTitle, Tags: "pill" };
-			body = message;
+			body = renderedPayload.message;

 			// Add auth if present (extracted during sanitization)
 			if (auth) {
 				headers.Authorization = `Basic ${Buffer.from(`${auth.user}:${auth.pass}`).toString("base64")}`;
 			}
+
+			if (isNtfy) {
+				headers = { ...headers, ...renderedPayload.headers };
+			}
 		} else if (sanitizedUrl.startsWith("http://") || sanitizedUrl.startsWith("https://")) {
 			targetUrl = sanitizedUrl;
 			headers = { "Content-Type": "application/json" };
 			if (isDiscordWebhook) {
-				body = JSON.stringify({ content: `${title}\n\n${message}` });
+				body = JSON.stringify({ content: `${title}\n\n${renderedPayload.message}` });
 			} else {
-				body = JSON.stringify({ title, message, text: `${title}\n\n${message}` });
+				body = JSON.stringify({
+					title,
+					message: renderedPayload.message,
+					text: `${title}\n\n${renderedPayload.message}`,
+				});
 			}
 		} else {
 			return {
@@ -830,7 +849,17 @@ export async function sendShoutrrrNotification(
 		});

 		if (response.ok) {
-			return { success: true };
+			let providerMessageId: string | undefined;
+			if (isNtfy) {
+				try {
+					const payload = (await response.json()) as { id?: unknown };
+					providerMessageId = typeof payload.id === "string" && payload.id.length > 0 ? payload.id : undefined;
+				} catch {
+					providerMessageId = undefined;
+				}
+			}
+
+			return { success: true, providerMessageId };
 		} else {
 			const errorText = await response.text();
 			return { success: false, error: `HTTP ${response.status}: ${errorText}` };
@@ -385,7 +385,7 @@ export async function shareRoutes(app: FastifyInstance) {
 			const parsed = createShareSchema.safeParse(request.body);
 			if (!parsed.success) {
 				return reply.status(400).send({
-					error: parsed.error.errors[0]?.message ?? "Invalid input",
+					error: parsed.error.issues[0]?.message ?? "Invalid input",
 					code: "VALIDATION_ERROR",
 				});
 			}
@@ -99,9 +99,16 @@ export function computeMedicationCurrentStock(options: {
 				const match = doseIdPattern.exec(dose.doseId);
 				if (!match) continue;

+				const parsedMedicationId = Number.parseInt(match[1], 10);
 				const parsedIntakeIndex = Number.parseInt(match[2], 10);
 				const doseDateOnlyMs = Number.parseInt(match[3], 10);
-				if (Number.isNaN(parsedIntakeIndex) || Number.isNaN(doseDateOnlyMs) || parsedIntakeIndex !== intakeIndex) {
+				if (
+					Number.isNaN(parsedMedicationId) ||
+					Number.isNaN(parsedIntakeIndex) ||
+					Number.isNaN(doseDateOnlyMs) ||
+					parsedMedicationId !== medication.id ||
+					parsedIntakeIndex !== intakeIndex
+				) {
 					continue;
 				}

@@ -125,9 +132,16 @@ export function computeMedicationCurrentStock(options: {
 				const match = doseIdPattern.exec(dose.doseId);
 				if (!match) continue;

+				const parsedMedicationId = Number.parseInt(match[1], 10);
 				const parsedIntakeIndex = Number.parseInt(match[2], 10);
 				const doseDateOnlyMs = Number.parseInt(match[3], 10);
-				if (Number.isNaN(parsedIntakeIndex) || Number.isNaN(doseDateOnlyMs) || parsedIntakeIndex !== intakeIndex) {
+				if (
+					Number.isNaN(parsedMedicationId) ||
+					Number.isNaN(parsedIntakeIndex) ||
+					Number.isNaN(doseDateOnlyMs) ||
+					parsedMedicationId !== medication.id ||
+					parsedIntakeIndex !== intakeIndex
+				) {
 					continue;
 				}

@@ -0,0 +1,280 @@
+import { and, eq } from "drizzle-orm";
+import { db } from "../db/client.js";
+import { doseTracking, medications, userSettings } from "../db/schema.js";
+import { parseIntakesJson, parseLocalDateTime } from "../utils/scheduler-utils.js";
+import { computeMedicationCurrentStock } from "./current-stock.js";
+
+const doseIdPattern = /^(\d+)-(\d+)-(\d+)(?:-(.+))?$/;
+
+type ParsedDoseId = {
+	medicationId: number;
+	intakeIndex: number;
+	timestampMs: number;
+	personSuffix: string | null;
+};
+
+export type DoseTrackingSource = "manual" | "automatic" | "notification";
+
+export type MarkDoseTakenResult =
+	| {
+			success: true;
+			status: "marked" | "already_taken";
+	  }
+	| {
+			success: false;
+			code: "OUT_OF_STOCK" | "INVALID_DOSE" | "ALREADY_SKIPPED";
+			message: string;
+	  };
+
+export type DismissDosesResult = {
+	success: true;
+	dismissedCount: number;
+	alreadyTakenCount: number;
+};
+
+export type SkipDosesResult = {
+	success: true;
+	skippedCount: number;
+	alreadySkippedCount: number;
+	switchedFromTakenCount: number;
+};
+
+function parseDoseId(doseId: string): ParsedDoseId | null {
+	const match = doseIdPattern.exec(doseId);
+	if (!match) {
+		return null;
+	}
+
+	const medicationId = Number.parseInt(match[1], 10);
+	const intakeIndex = Number.parseInt(match[2], 10);
+	const timestampMs = Number.parseInt(match[3], 10);
+	const personSuffix = match[4] ? match[4].trim() : null;
+
+	if (Number.isNaN(medicationId) || Number.isNaN(intakeIndex) || Number.isNaN(timestampMs) || intakeIndex < 0) {
+		return null;
+	}
+
+	return {
+		medicationId,
+		intakeIndex,
+		timestampMs,
+		personSuffix,
+	};
+}
+
+function hasRealTakenTimestamp(takenAt: Date | null): boolean {
+	return takenAt instanceof Date && takenAt.getTime() > 0;
+}
+
+async function isDoseOutOfStock(options: { userId: number; doseId: string }): Promise<boolean> {
+	const parsedDose = parseDoseId(options.doseId);
+	if (!parsedDose) {
+		return false;
+	}
+
+	const [medication] = await db
+		.select()
+		.from(medications)
+		.where(and(eq(medications.id, parsedDose.medicationId), eq(medications.userId, options.userId)));
+
+	if (!medication) {
+		return false;
+	}
+
+	const [settings] = await db.select().from(userSettings).where(eq(userSettings.userId, options.userId));
+	const stockCalculationMode = (settings?.stockCalculationMode as "automatic" | "manual") ?? "automatic";
+
+	const intakes = parseIntakesJson(
+		medication.intakesJson,
+		{ usageJson: medication.usageJson, everyJson: medication.everyJson, startJson: medication.startJson },
+		medication.intakeRemindersEnabled ?? false
+	);
+	const intake = intakes[parsedDose.intakeIndex];
+
+	const scheduledOccurrenceMs = intake
+		? (() => {
+				const doseDate = new Date(parsedDose.timestampMs);
+				const intakeStart = parseLocalDateTime(intake.start);
+				return new Date(
+					doseDate.getFullYear(),
+					doseDate.getMonth(),
+					doseDate.getDate(),
+					intakeStart.getHours(),
+					intakeStart.getMinutes(),
+					intakeStart.getSeconds(),
+					intakeStart.getMilliseconds()
+				).getTime();
+			})()
+		: parsedDose.timestampMs;
+
+	const doses = await db.select().from(doseTracking).where(eq(doseTracking.userId, options.userId));
+	const stockBeforeDoseMs = Math.max(0, scheduledOccurrenceMs - 1);
+
+	return (
+		computeMedicationCurrentStock({
+			medication,
+			doses,
+			stockCalculationMode,
+			nowMs: stockBeforeDoseMs,
+		}) <= 0
+	);
+}
+
+export async function markDoseTakenForUser(input: {
+	userId: number;
+	doseId: string;
+	source: DoseTrackingSource;
+	markedBy?: string | null;
+}): Promise<MarkDoseTakenResult> {
+	const parsedDose = parseDoseId(input.doseId);
+	if (!parsedDose) {
+		return {
+			success: false,
+			code: "INVALID_DOSE",
+			message: "Invalid dose ID",
+		};
+	}
+
+	const [existing] = await db
+		.select()
+		.from(doseTracking)
+		.where(and(eq(doseTracking.userId, input.userId), eq(doseTracking.doseId, input.doseId)));
+
+	if (existing && !existing.dismissed) {
+		return { success: true, status: "already_taken" };
+	}
+
+	if (existing?.dismissed && hasRealTakenTimestamp(existing.takenAt)) {
+		return { success: true, status: "already_taken" };
+	}
+
+	if (existing?.dismissed) {
+		return {
+			success: false,
+			code: "ALREADY_SKIPPED",
+			message: "Dose is already skipped",
+		};
+	}
+
+	const outOfStock = await isDoseOutOfStock({ userId: input.userId, doseId: input.doseId });
+	if (outOfStock) {
+		return {
+			success: false,
+			code: "OUT_OF_STOCK",
+			message: "Medication is out of stock",
+		};
+	}
+
+	await db.insert(doseTracking).values({
+		userId: input.userId,
+		doseId: input.doseId,
+		takenAt: new Date(),
+		markedBy: input.markedBy ?? null,
+		takenSource: input.source,
+		dismissed: false,
+	});
+
+	return { success: true, status: "marked" };
+}
+
+export async function skipDosesForUser(input: { userId: number; doseIds: string[] }): Promise<SkipDosesResult> {
+	let skippedCount = 0;
+	let alreadySkippedCount = 0;
+	let switchedFromTakenCount = 0;
+
+	for (const doseId of input.doseIds) {
+		const [existing] = await db
+			.select()
+			.from(doseTracking)
+			.where(and(eq(doseTracking.userId, input.userId), eq(doseTracking.doseId, doseId)));
+
+		if (!existing) {
+			await db.insert(doseTracking).values({
+				userId: input.userId,
+				doseId,
+				markedBy: null,
+				takenAt: new Date(0),
+				dismissed: true,
+			});
+			skippedCount++;
+			continue;
+		}
+
+		if (existing.dismissed) {
+			alreadySkippedCount++;
+			continue;
+		}
+
+		if (hasRealTakenTimestamp(existing.takenAt)) {
+			switchedFromTakenCount++;
+		}
+
+		await db
+			.update(doseTracking)
+			.set({
+				dismissed: true,
+				takenAt: new Date(0),
+				takenSource: "manual",
+				markedBy: null,
+			})
+			.where(eq(doseTracking.id, existing.id));
+		skippedCount++;
+	}
+
+	return {
+		success: true,
+		skippedCount,
+		alreadySkippedCount,
+		switchedFromTakenCount,
+	};
+}
+
+export async function dismissDosesForUser(input: { userId: number; doseIds: string[] }): Promise<DismissDosesResult> {
+	let dismissedCount = 0;
+	let alreadyTakenCount = 0;
+
+	for (const doseId of input.doseIds) {
+		const [existing] = await db
+			.select()
+			.from(doseTracking)
+			.where(and(eq(doseTracking.userId, input.userId), eq(doseTracking.doseId, doseId)));
+
+		if (!existing) {
+			await db.insert(doseTracking).values({
+				userId: input.userId,
+				doseId,
+				markedBy: null,
+				takenAt: new Date(0),
+				dismissed: true,
+			});
+			dismissedCount++;
+			continue;
+		}
+
+		if (existing.dismissed) {
+			continue;
+		}
+
+		if (hasRealTakenTimestamp(existing.takenAt)) {
+			alreadyTakenCount++;
+			continue;
+		}
+
+		await db
+			.update(doseTracking)
+			.set({
+				dismissed: true,
+				takenAt: new Date(0),
+				takenSource: "manual",
+				markedBy: null,
+			})
+			.where(eq(doseTracking.id, existing.id));
+		dismissedCount++;
+	}
+
+	return {
+		success: true,
+		dismissedCount,
+		alreadyTakenCount,
+	};
+}
@@ -12,13 +12,15 @@ import {
 	type Language,
 	t,
 } from "../i18n/translations.js";
+
+import { env } from "../plugins/env.js";
 import { getAllUserSettings, type UserSettings } from "../routes/settings.js";
 import type { ServiceLogger } from "../utils/logger.js";
 // Import shared utilities
 import {
 	cleanOldIntakeReminders,
 	createDefaultIntakeReminderState,
-	getTimezone,
+	getEffectiveTimezone,
 	getTodaysIntakes,
 	getUpcomingIntakes,
 	type IntakeReminderState,
@@ -29,6 +31,10 @@ import {
 	type UpcomingIntake,
 } from "../utils/scheduler-utils.js";
 import { computeMedicationCurrentStock } from "./current-stock.js";
+import {
+	createNotificationActionContext,
+	storeNotificationActionGroupNtfyMessageId,
+} from "./notification-actions-service.js";
 import { getSmtpConfig, sendEmailNotification, sendPushNotification } from "./notifications/delivery.js";
 import { updateReminderSentTime, updateUserReminderSentTime } from "./notifications/state.js";

@@ -83,6 +89,41 @@ function formatIntakeLog(intake: {
 	return `${intake.medName} (medId=${intake.medicationId}, intakeIndex=${intake.blisterIndex}, time=${intake.intakeTime.toISOString()}, localTime=${intake.intakeTimeStr}, usage=${intake.usage} ${doseUnit}, takenBy=${takenBy})`;
 }

+function getMedicationDisplayName(med: { id: number; name: string | null; genericName: string | null }): string {
+	const commercialName = med.name?.trim() ?? "";
+	if (commercialName) return commercialName;
+
+	const genericName = med.genericName?.trim() ?? "";
+	if (genericName) return genericName;
+
+	return `Medication #${med.id}`;
+}
+
+function getPushProviderLabel(url: string): string {
+	const normalizedUrl = url.trim().toLowerCase();
+	if (normalizedUrl.startsWith("ntfy://")) return "ntfy";
+	if (normalizedUrl.startsWith("discord://")) return "discord";
+	if (normalizedUrl.startsWith("pushover://")) return "pushover";
+	if (normalizedUrl.startsWith("gotify://")) return "gotify";
+	if (normalizedUrl.startsWith("telegram://")) return "telegram";
+
+	try {
+		const parsedUrl = new URL(url);
+		return parsedUrl.hostname || parsedUrl.protocol.replace(":", "") || "unknown";
+	} catch {
+		return "unknown";
+	}
+}
+
+function formatActionContextLog(options: {
+	actionMode: "full" | "view-only";
+	doseCount: number;
+	actionContext: Awaited<ReturnType<typeof createNotificationActionContext>> | null;
+}): string {
+	const { actionMode, doseCount, actionContext } = options;
+	return `actionMode=${actionMode}, doses=${doseCount}, actions=${actionContext?.actions.length ?? 0}, hasRespondUrl=${actionContext?.respondUrl ? "yes" : "no"}, hasViewUrl=${actionContext?.viewUrl ? "yes" : "no"}, sequenceId=${actionContext?.sequenceId ?? "none"}, groupId=${actionContext?.groupId ?? "n/a"}`;
+}
+
 async function autoMarkDueIntakesAsTaken(
 	settings: UserSettings & { userId: number },
 	rows: (typeof medications.$inferSelect)[],
@@ -137,7 +178,7 @@ async function autoMarkDueIntakesAsTaken(
 		}

 		const medicationTakenBy = parseTakenByJson(med.takenByJson);
-		const medDisplayName = med.name || med.genericName || "";
+		const medDisplayName = getMedicationDisplayName({ id: med.id, name: med.name, genericName: med.genericName });
 		let remainingStock = computeMedicationCurrentStock({
 			medication: med,
 			doses: trackedDoses,
@@ -425,7 +466,7 @@ export async function checkAndSendIntakeRemindersForUser(
 	const activeRows = rows.filter((med) => med.isObsolete !== true).sort((left, right) => left.id - right.id);

 	const locale = getDateLocale(language);
-	const tz = getTimezone();
+	const tz = getEffectiveTimezone(settings.timezone ?? null);

 	const autoMarkedCount = await autoMarkDueIntakesAsTaken(settings, activeRows, locale, tz, logger);
 	if (autoMarkedCount > 0) {
@@ -473,11 +514,42 @@ export async function checkAndSendIntakeRemindersForUser(
 		return; // No medications have reminders enabled for this user
 	}

+	const now = new Date();
 	const state = loadIntakeReminderState(logger);
+	const trackedDoses = await db
+		.select()
+		.from(doseTracking)
+		.where(and(eq(doseTracking.userId, settings.userId), eq(doseTracking.dismissed, false)));
+
+	const reminderEntriesWithStock = reminderEntries.map((entry) => ({
+		...entry,
+		currentStock: computeMedicationCurrentStock({
+			medication: entry.med,
+			doses: trackedDoses,
+			stockCalculationMode: settings.stockCalculationMode,
+			nowMs: now.getTime(),
+		}),
+	}));
+	const suppressedEmptyStockEntries = reminderEntriesWithStock.filter((entry) => entry.currentStock <= 0);
+	if (suppressedEmptyStockEntries.length > 0) {
+		logger.info(
+			`[IntakeReminder] Skipping reminder-enabled medications with empty stock for user=${username} (userId=${settings.userId}): count=${suppressedEmptyStockEntries.length}, meds=${suppressedEmptyStockEntries
+				.map((entry) =>
+					getMedicationDisplayName({ id: entry.med.id, name: entry.med.name, genericName: entry.med.genericName })
+				)
+				.join(", ")}`
+		);
+	}
+	const reminderEntriesEligible = reminderEntriesWithStock.filter((entry) => entry.currentStock > 0);
+	if (reminderEntriesEligible.length === 0) {
+		logger.info(
+			`[IntakeReminder] No reminder-eligible medications with stock remaining for user=${username} (userId=${settings.userId})`
+		);
+		return;
+	}
 	const allUpcoming: (UpcomingIntake & { medicationId: number; blisterIndex: number })[] = [];
 	let scheduledIntakesTodayCount = 0;
 	// Get start and end of today in user's timezone (for filtering today's doses only)
-	const now = new Date();
 	const todayStart = new Date(now.toLocaleString("en-US", { timeZone: tz }));
 	todayStart.setHours(0, 0, 0, 0);

@@ -485,10 +557,10 @@ export async function checkAndSendIntakeRemindersForUser(
 	todayEnd.setHours(23, 59, 59, 999);

 	// Find intakes: upcoming ones in reminder window + past ones for repeat reminders
-	for (const { med, intakes, intakesWithReminders } of reminderEntries) {
+	for (const { med, intakes, intakesWithReminders } of reminderEntriesEligible) {
 		// Medication-level takenBy (for fallback/display purposes)
 		const medicationTakenBy = parseTakenByJson(med.takenByJson);
-		const medDisplayName = med.name || med.genericName || "";
+		const medDisplayName = getMedicationDisplayName({ id: med.id, name: med.name, genericName: med.genericName });

 		// Process each intake separately to track blisterIndex
 		intakesWithReminders.forEach((intake, _blisterIndex) => {
@@ -791,16 +863,96 @@ export async function checkAndSendIntakeRemindersForUser(
 				.join("\n") +
 			repeatNote +
 			`\n\n---\n${getFooterPlain(language)}`;
+		const actionMode = remindersToSend.length === 1 ? "full" : "view-only";
+		const actionDoseIds = remindersToSend.map((intake) =>
+			buildDoseIdForIntake({
+				...intake,
+				medicationId: intake.medicationId,
+				blisterIndex: intake.blisterIndex,
+			})
+		);
+		let actionContext: Awaited<ReturnType<typeof createNotificationActionContext>> | null = null;
+		let actionContextFailed = false;
+		try {
+			actionContext = await createNotificationActionContext({
+				userId: settings.userId,
+				title,
+				message,
+				doseIds: actionDoseIds,
+				scheduledFor: remindersToSend[0]?.intakeTime ?? new Date(),
+				publicAppUrl: env.PUBLIC_APP_URL,
+				language,
+				actionMode,
+			});
+		} catch (error) {
+			actionContextFailed = true;
+			const errorMessage = error instanceof Error ? error.message : String(error);
+			logger.error(
+				`[IntakeReminder] Notification action context failed for user=${username} (userId=${settings.userId}, provider=${getPushProviderLabel(
+					settings.shoutrrrUrl!
+				)}, ${formatActionContextLog({ actionMode, doseCount: actionDoseIds.length, actionContext: null })}): ${errorMessage}`
+			);
+		}
+		if (!actionContext) {
+			if (actionContextFailed) {
+				logger.warn(
+					`[IntakeReminder] Sending intake reminders without actions after action context failure for user=${username} (userId=${settings.userId}, provider=${getPushProviderLabel(
+						settings.shoutrrrUrl!
+					)})`
+				);
+			} else {
+				logger.warn(
+					`[IntakeReminder] No reachable public app URL configured; sending intake reminders without actions for user=${username} (userId=${settings.userId})`
+				);
+			}
+		} else {
+			logger.info(
+				`[IntakeReminder] Notification action context ready for user=${username} (userId=${settings.userId}, provider=${getPushProviderLabel(
+					settings.shoutrrrUrl!
+				)}, ${formatActionContextLog({ actionMode, doseCount: actionDoseIds.length, actionContext })})`
+			);
+		}

-		const result = await sendPushNotification(settings.shoutrrrUrl!, title, message);
+		const pushProvider = getPushProviderLabel(settings.shoutrrrUrl!);
+		logger.info(
+			`[IntakeReminder] Sending push reminder for user=${username} (userId=${settings.userId}, provider=${pushProvider}, reminders=${remindersToSend.length}, priority=${hasNaggingReminder ? 4 : 3}, ${formatActionContextLog({ actionMode, doseCount: actionDoseIds.length, actionContext })})`
+		);
+
+		const result = await sendPushNotification(settings.shoutrrrUrl!, title, message, {
+			actions: actionContext?.actions,
+			respondUrl: actionContext?.respondUrl,
+			viewUrl: actionContext?.viewUrl,
+			clickUrl: actionContext?.respondUrl ?? actionContext?.viewUrl,
+			sequenceId: actionContext?.sequenceId,
+			tags: ["pill"],
+			priority: hasNaggingReminder ? 4 : 3,
+		});
 		shoutrrrSuccess = result.success;
 		if (!result.success) {
 			logger.error(
-				`[IntakeReminder] Push delivery failed for user=${username} (userId=${settings.userId}): ${result.error}`
+				`[IntakeReminder] Push delivery failed for user=${username} (userId=${settings.userId}, provider=${pushProvider}, reminders=${remindersToSend.length}, ${formatActionContextLog({ actionMode, doseCount: actionDoseIds.length, actionContext })}): ${result.error}`
 			);
 		} else {
+			if (actionContext?.groupId && result.providerMessageId) {
+				try {
+					await storeNotificationActionGroupNtfyMessageId(actionContext.groupId, result.providerMessageId);
+					logger.info(
+						`[IntakeReminder] Stored ntfy message id for action group for user=${username} (userId=${settings.userId}, groupId=${actionContext.groupId}, providerMessageId=${result.providerMessageId})`
+					);
+				} catch (error) {
+					const errorMessage = error instanceof Error ? error.message : String(error);
+					logger.warn(
+						`[IntakeReminder] Failed to store ntfy message id for action group for user=${username} (userId=${settings.userId}, groupId=${actionContext.groupId}, providerMessageId=${result.providerMessageId}): ${errorMessage}`
+					);
+				}
+			} else if (actionContext?.groupId && pushProvider === "ntfy") {
+				logger.warn(
+					`[IntakeReminder] Push delivered without ntfy message id for action group for user=${username} (userId=${settings.userId}, groupId=${actionContext.groupId})`
+				);
+			}
+
 			logger.info(
-				`[IntakeReminder] Push delivered for user=${username} (userId=${settings.userId}, reminders=${remindersToSend.length})`
+				`[IntakeReminder] Push delivered for user=${username} (userId=${settings.userId}, provider=${pushProvider}, reminders=${remindersToSend.length}, providerMessageId=${result.providerMessageId ?? "n/a"}, ${formatActionContextLog({ actionMode, doseCount: actionDoseIds.length, actionContext })})`
 			);
 		}
 	}
@@ -0,0 +1,350 @@
+import { createHash, randomBytes } from "node:crypto";
+import { and, eq, gt, isNull } from "drizzle-orm";
+import { db } from "../db/client.js";
+import { notificationActionGroups, notificationActionTokens } from "../db/schema.js";
+import type { Language } from "../i18n/translations.js";
+import { env } from "../plugins/env.js";
+import { getNotificationActionLabels, type PushNotificationAction } from "./notifications/action-renderer.js";
+
+export type NotificationActionKind = "taken" | "skip" | "respond" | "view";
+
+type TokenKind = Exclude<NotificationActionKind, "view">;
+type ActiveTokenKind = "taken" | "skip" | "respond";
+
+export type NotificationActionContext = {
+	groupId?: number;
+	sequenceId?: string;
+	respondUrl?: string;
+	viewUrl: string;
+	actions: PushNotificationAction[];
+};
+
+type NotificationActionMode = "full" | "view-only";
+
+export type NotificationActionTokenRecord = {
+	token: typeof notificationActionTokens.$inferSelect;
+	group: typeof notificationActionGroups.$inferSelect;
+	doseIds: string[];
+	viewUrl: string | null;
+};
+
+const NOTIFICATION_ACTION_TTL_MS = 24 * 60 * 60 * 1000;
+
+function normalizePublicAppUrl(publicAppUrl: string): string {
+	return publicAppUrl.replace(/\/+$/, "");
+}
+
+function parseConfiguredUrl(value: string | null | undefined): URL | null {
+	const trimmedValue = value?.trim();
+	if (!trimmedValue) {
+		return null;
+	}
+
+	try {
+		return new URL(trimmedValue);
+	} catch {
+		return null;
+	}
+}
+
+function isLoopbackHostname(hostname: string): boolean {
+	const normalizedHostname = hostname.toLowerCase();
+	return normalizedHostname === "localhost" || normalizedHostname === "127.0.0.1" || normalizedHostname === "::1";
+}
+
+function resolveNotificationPublicAppUrl(publicAppUrl: string | null | undefined): string | null {
+	const configuredUrl = parseConfiguredUrl(publicAppUrl ?? env.PUBLIC_APP_URL);
+	if (configuredUrl && !isLoopbackHostname(configuredUrl.hostname)) {
+		return normalizePublicAppUrl(configuredUrl.toString());
+	}
+
+	const corsOrigins = env.CORS_ORIGINS.split(",")
+		.map((origin) => parseConfiguredUrl(origin))
+		.filter((origin): origin is URL => origin !== null);
+	const reachableCorsOrigin =
+		corsOrigins.find((origin) => !isLoopbackHostname(origin.hostname)) ?? corsOrigins[0] ?? null;
+	if (reachableCorsOrigin) {
+		return normalizePublicAppUrl(reachableCorsOrigin.toString());
+	}
+
+	return configuredUrl ? normalizePublicAppUrl(configuredUrl.toString()) : null;
+}
+
+function getScheduledKey(scheduledFor: Date): string {
+	return String(Math.floor(scheduledFor.getTime() / 60000));
+}
+
+function formatDateParam(value: Date): string {
+	const year = value.getFullYear();
+	const month = String(value.getMonth() + 1).padStart(2, "0");
+	const day = String(value.getDate()).padStart(2, "0");
+	return `${year}-${month}-${day}`;
+}
+
+function buildViewUrl(baseUrl: string, scheduledFor: Date | null, doseIds: string[]): string {
+	const params = new URLSearchParams();
+	const primaryDoseId = doseIds[0];
+
+	if (scheduledFor) {
+		params.set("day", formatDateParam(scheduledFor));
+	}
+
+	if (primaryDoseId) {
+		params.set("dose", primaryDoseId);
+	}
+
+	const queryString = params.toString();
+	return queryString.length > 0 ? `${baseUrl}/dashboard?${queryString}` : `${baseUrl}/dashboard`;
+}
+
+function parseDoseIdsJson(value: string): string[] {
+	try {
+		const parsed = JSON.parse(value) as unknown;
+		if (!Array.isArray(parsed)) {
+			return [];
+		}
+
+		return parsed.filter((entry): entry is string => typeof entry === "string" && entry.length > 0);
+	} catch {
+		return [];
+	}
+}
+
+function createSequenceId(groupKey: string): string {
+	return `medassist-${createHash("sha256").update(groupKey, "utf8").digest("hex").slice(0, 32)}`;
+}
+
+export function createActionToken(): string {
+	return randomBytes(32).toString("hex");
+}
+
+export function hashActionToken(token: string): string {
+	return createHash("sha256").update(token, "utf8").digest("hex");
+}
+
+async function createTokenRow(groupId: number, kind: TokenKind): Promise<{ kind: TokenKind; token: string }> {
+	const token = createActionToken();
+	await db.insert(notificationActionTokens).values({
+		groupId,
+		tokenHash: hashActionToken(token),
+		kind,
+	});
+
+	return { kind, token };
+}
+
+async function createActionTokens(groupId: number): Promise<Record<ActiveTokenKind, string>> {
+	const createdTokens = await Promise.all([
+		createTokenRow(groupId, "taken"),
+		createTokenRow(groupId, "skip"),
+		createTokenRow(groupId, "respond"),
+	]);
+
+	return createdTokens.reduce(
+		(accumulator, entry) => {
+			accumulator[entry.kind] = entry.token;
+			return accumulator;
+		},
+		{ taken: "", skip: "", respond: "" } as Record<ActiveTokenKind, string>
+	);
+}
+
+export async function createNotificationActionContext(input: {
+	userId: number;
+	title: string;
+	message: string;
+	doseIds: string[];
+	scheduledFor: Date;
+	publicAppUrl?: string | null;
+	language: Language;
+	actionMode?: NotificationActionMode;
+}): Promise<NotificationActionContext | null> {
+	const publicAppUrl = resolveNotificationPublicAppUrl(input.publicAppUrl);
+	if (!publicAppUrl) {
+		return null;
+	}
+
+	const uniqueDoseIds = [...new Set(input.doseIds.filter((doseId) => doseId.trim().length > 0))].sort();
+	if (uniqueDoseIds.length === 0) {
+		return null;
+	}
+
+	const baseUrl = publicAppUrl;
+	const actionMode = input.actionMode ?? "full";
+	const labels = getNotificationActionLabels(input.language);
+	const viewUrl = buildViewUrl(baseUrl, input.scheduledFor, uniqueDoseIds);
+
+	if (actionMode === "view-only") {
+		return {
+			viewUrl,
+			actions: [{ kind: "view", label: labels.view, url: viewUrl, method: "GET" }],
+		};
+	}
+
+	const groupKey = `intake:${input.userId}:${uniqueDoseIds.join(",")}:${getScheduledKey(input.scheduledFor)}`;
+	const sequenceId = createSequenceId(groupKey);
+	const now = new Date();
+	const expiresAt = new Date(now.getTime() + NOTIFICATION_ACTION_TTL_MS);
+
+	let [group] = await db
+		.select()
+		.from(notificationActionGroups)
+		.where(
+			and(
+				eq(notificationActionGroups.groupKey, groupKey),
+				isNull(notificationActionGroups.resolvedAction),
+				gt(notificationActionGroups.expiresAt, now)
+			)
+		);
+
+	if (!group) {
+		[group] = await db
+			.insert(notificationActionGroups)
+			.values({
+				userId: input.userId,
+				groupKey,
+				sequenceId,
+				doseIdsJson: JSON.stringify(uniqueDoseIds),
+				title: input.title,
+				message: input.message,
+				language: input.language,
+				scheduledFor: input.scheduledFor,
+				expiresAt,
+				updatedAt: now,
+			})
+			.returning();
+	}
+
+	const tokens = await createActionTokens(group.id);
+	const groupLanguage = (group.language as Language | null) ?? input.language;
+	const groupLabels = getNotificationActionLabels(groupLanguage);
+	const respondUrl = `${baseUrl}/api/notification-actions/${tokens.respond}`;
+	const resolvedViewUrl = buildViewUrl(baseUrl, group.scheduledFor ?? input.scheduledFor, uniqueDoseIds);
+
+	return {
+		groupId: group.id,
+		sequenceId: group.sequenceId,
+		respondUrl,
+		viewUrl: resolvedViewUrl,
+		actions: [
+			{
+				kind: "taken",
+				label: groupLabels.taken,
+				url: `${baseUrl}/api/notification-actions/${tokens.taken}`,
+				method: "POST",
+			},
+			{
+				kind: "skip",
+				label: groupLabels.skip,
+				url: `${baseUrl}/api/notification-actions/${tokens.skip}`,
+				method: "POST",
+			},
+			{ kind: "view", label: groupLabels.view, url: resolvedViewUrl, method: "GET" },
+		],
+	};
+}
+
+export async function createTestNotificationActionContext(input: {
+	userId: number;
+	title: string;
+	message: string;
+	publicAppUrl?: string | null;
+	language: Language;
+}): Promise<NotificationActionContext | null> {
+	const publicAppUrl = resolveNotificationPublicAppUrl(input.publicAppUrl);
+	if (!publicAppUrl) {
+		return null;
+	}
+
+	const baseUrl = publicAppUrl;
+	const now = new Date();
+	const groupKey = `test:${input.userId}:${now.getTime()}:${randomBytes(8).toString("hex")}`;
+	const sequenceId = createSequenceId(groupKey);
+	const expiresAt = new Date(now.getTime() + NOTIFICATION_ACTION_TTL_MS);
+	const viewUrl = buildViewUrl(baseUrl, null, []);
+
+	const [group] = await db
+		.insert(notificationActionGroups)
+		.values({
+			userId: input.userId,
+			groupKey,
+			sequenceId,
+			doseIdsJson: "[]",
+			title: input.title,
+			message: input.message,
+			language: input.language,
+			scheduledFor: now,
+			expiresAt,
+			updatedAt: now,
+		})
+		.returning();
+
+	const tokens = await createActionTokens(group.id);
+	const groupLanguage = (group.language as Language | null) ?? input.language;
+	const groupLabels = getNotificationActionLabels(groupLanguage);
+	const respondUrl = `${baseUrl}/api/notification-actions/${tokens.respond}`;
+
+	return {
+		groupId: group.id,
+		sequenceId: group.sequenceId,
+		respondUrl,
+		viewUrl,
+		actions: [
+			{
+				kind: "taken",
+				label: groupLabels.taken,
+				url: `${baseUrl}/api/notification-actions/${tokens.taken}`,
+				method: "POST",
+			},
+			{
+				kind: "skip",
+				label: groupLabels.skip,
+				url: `${baseUrl}/api/notification-actions/${tokens.skip}`,
+				method: "POST",
+			},
+			{ kind: "view", label: groupLabels.view, url: viewUrl, method: "GET" },
+		],
+	};
+}
+
+export async function getNotificationActionTokenRecord(
+	rawToken: string
+): Promise<NotificationActionTokenRecord | null> {
+	const tokenHash = hashActionToken(rawToken);
+	const rows = await db
+		.select({ token: notificationActionTokens, group: notificationActionGroups })
+		.from(notificationActionTokens)
+		.innerJoin(notificationActionGroups, eq(notificationActionTokens.groupId, notificationActionGroups.id))
+		.where(eq(notificationActionTokens.tokenHash, tokenHash));
+
+	const record = rows[0];
+	if (!record) {
+		return null;
+	}
+
+	const baseUrl = resolveNotificationPublicAppUrl(env.PUBLIC_APP_URL);
+	return {
+		token: record.token,
+		group: record.group,
+		doseIds: parseDoseIdsJson(record.group.doseIdsJson),
+		viewUrl: baseUrl
+			? buildViewUrl(baseUrl, record.group.scheduledFor, parseDoseIdsJson(record.group.doseIdsJson))
+			: null,
+	};
+}
+
+export function isNotificationActionExpired(record: NotificationActionTokenRecord): boolean {
+	return record.group.expiresAt.getTime() <= Date.now();
+}
+
+export async function storeNotificationActionGroupNtfyMessageId(groupId: number, ntfyMessageId: string): Promise<void> {
+	const normalizedMessageId = ntfyMessageId.trim();
+	if (normalizedMessageId.length === 0) {
+		return;
+	}
+
+	await db
+		.update(notificationActionGroups)
+		.set({ ntfyOriginalMessageId: normalizedMessageId, updatedAt: new Date() })
+		.where(eq(notificationActionGroups.id, groupId));
+}
@@ -0,0 +1,175 @@
+import type { Language } from "../../i18n/translations.js";
+
+export type PushNotificationAction =
+	| {
+			kind: "taken";
+			label: string;
+			url: string;
+			method: "POST";
+	  }
+	| {
+			kind: "skip";
+			label: string;
+			url: string;
+			method: "POST";
+	  }
+	| {
+			kind: "view";
+			label: string;
+			url: string;
+			method: "GET";
+	  };
+
+export type PushNotificationOptions = {
+	actions?: PushNotificationAction[];
+	respondUrl?: string;
+	viewUrl?: string;
+	clickUrl?: string;
+	tags?: string[];
+	priority?: number;
+	sequenceId?: string;
+};
+
+type NtfyActionPayload = {
+	action: "http" | "view";
+	label: string;
+	url: string;
+	method?: "POST";
+	clear: boolean;
+};
+
+function encodeHeaderValue(value: string): string {
+	if ([...value].every((char) => char.charCodeAt(0) <= 0x7f)) {
+		return value;
+	}
+
+	return `=?UTF-8?B?${Buffer.from(value, "utf-8").toString("base64")}?=`;
+}
+
+export function isNtfyNotificationUrl(urlStr: string): boolean {
+	if (urlStr.startsWith("ntfy://")) {
+		return true;
+	}
+
+	try {
+		const parsed = new URL(urlStr);
+		if (!["http:", "https:"].includes(parsed.protocol)) {
+			return false;
+		}
+
+		const hostname = parsed.hostname.toLowerCase();
+		return hostname === "ntfy.sh" || hostname === "ntfy" || hostname.startsWith("ntfy.") || hostname.includes(".ntfy.");
+	} catch {
+		return false;
+	}
+}
+
+export function getNotificationProvider(urlStr: string): string {
+	if (isNtfyNotificationUrl(urlStr)) {
+		return "ntfy";
+	}
+
+	try {
+		return new URL(urlStr).protocol.replace(":", "").toLowerCase();
+	} catch {
+		return "unknown";
+	}
+}
+
+export function getNotificationActionLabels(language: Language): {
+	taken: string;
+	skip: string;
+	respond: string;
+	view: string;
+} {
+	if (language === "de") {
+		return {
+			taken: "Einnehmen",
+			skip: "Überspringen",
+			respond: "Antworten",
+			view: "Öffnen",
+		};
+	}
+
+	return {
+		taken: "Take",
+		skip: "Skip",
+		respond: "Respond",
+		view: "View",
+	};
+}
+
+export function buildNtfyActions(options: PushNotificationOptions): NtfyActionPayload[] {
+	const actions = options.actions ?? [];
+
+	return actions.map((action) => {
+		if (action.kind === "view") {
+			return {
+				action: "view",
+				label: action.label,
+				url: action.url,
+				clear: false,
+			};
+		}
+
+		return {
+			action: "http",
+			label: action.label,
+			url: action.url,
+			method: "POST",
+			// Clear the original actionable ntfy notification locally after a successful mutation.
+			clear: true,
+		};
+	});
+}
+
+export function appendFallbackActionLinks(message: string, options: PushNotificationOptions): string {
+	if (!options.respondUrl && !options.viewUrl) {
+		return message;
+	}
+
+	const lines = [message.trimEnd()];
+
+	if (options.respondUrl) {
+		lines.push("", "Respond:", options.respondUrl);
+	}
+
+	if (options.viewUrl) {
+		lines.push("", "View:", options.viewUrl);
+	}
+
+	return lines.join("\n");
+}
+
+export function renderNotificationActionPayload(
+	urlStr: string,
+	message: string,
+	options: PushNotificationOptions
+): { message: string; headers: Record<string, string> } {
+	if (!isNtfyNotificationUrl(urlStr)) {
+		return {
+			message: appendFallbackActionLinks(message, options),
+			headers: {},
+		};
+	}
+
+	const headers: Record<string, string> = {};
+	const ntfyActions = buildNtfyActions(options);
+	if (ntfyActions.length > 0) {
+		headers.Actions = encodeHeaderValue(JSON.stringify(ntfyActions));
+	}
+	if (options.clickUrl && ntfyActions.length === 0) {
+		headers.Click = options.clickUrl;
+	}
+	if (options.tags && options.tags.length > 0) {
+		headers.Tags = options.tags.join(",");
+	}
+	if (typeof options.priority === "number") {
+		headers.Priority = String(options.priority);
+	}
+	if (options.sequenceId) {
+		headers["X-Sequence-ID"] = options.sequenceId;
+	}
+
+	return { message, headers };
+}
@@ -1,8 +1,10 @@
 import { getFooterPlain, getTranslations, type Language, t } from "../../i18n/translations.js";
+import { formatPlannerQuantity } from "../planner-service.js";

 export type StockReminderItem = {
 	name: string;
 	medsLeft: number;
+	packageType?: string;
 	daysLeft: number | null;
 	depletionDate: string | null;
 	isCritical?: boolean;
@@ -47,7 +49,7 @@ export function buildStockReminderPushNotification(
 		messageParts.push(`🚨 ${tr.push.criticalSection}:`);
 		criticalItems.forEach((item) =>
 			messageParts.push(
-				`  • ${item.name}: ${t(tr.push.pillsLeft, { count: item.medsLeft })}, ${t(tr.push.daysLeft, { count: item.daysLeft ?? 0 })}`
+				`  • ${item.name}: ${formatPlannerQuantity(item.packageType, item.medsLeft, tr)}, ${t(tr.push.daysLeft, { count: item.daysLeft ?? 0 })}`
 			)
 		);
 	}
@@ -56,7 +58,7 @@ export function buildStockReminderPushNotification(
 		messageParts.push(`⚠️ ${tr.push.lowStockSection}:`);
 		lowItems.forEach((item) =>
 			messageParts.push(
-				`  • ${item.name}: ${t(tr.push.pillsLeft, { count: item.medsLeft })}, ${t(tr.push.daysLeft, { count: item.daysLeft ?? 0 })}`
+				`  • ${item.name}: ${formatPlannerQuantity(item.packageType, item.medsLeft, tr)}, ${t(tr.push.daysLeft, { count: item.daysLeft ?? 0 })}`
 			)
 		);
 	}
@@ -1,5 +1,6 @@
 import nodemailer from "nodemailer";
 import { sendShoutrrrNotification } from "../../routes/settings.js";
+import type { PushNotificationOptions } from "./action-renderer.js";

 type MailDeliveryInfo = {
 	accepted?: unknown;
@@ -64,6 +65,25 @@ export function getSmtpConfig(): {
 	return { host, user, pass, port, secure, from };
 }

+export function createSmtpTransport(smtp = getSmtpConfig()) {
+	if (!smtp.host || !smtp.user) {
+		return null;
+	}
+
+	// The SMTP endpoint is configured by the server operator via environment variables,
+	// not derived from request-controlled input.
+	// lgtm [js/request-forgery]
+	return nodemailer.createTransport({
+		host: smtp.host,
+		port: smtp.port,
+		secure: smtp.secure,
+		auth: {
+			user: smtp.user,
+			pass: smtp.pass ?? "",
+		},
+	});
+}
+
 export async function sendEmailNotification(input: EmailDeliveryRequest): Promise<EmailDeliveryResult> {
 	const smtp = getSmtpConfig();
 	if (!smtp.host || !smtp.user) {
@@ -71,15 +91,10 @@ export async function sendEmailNotification(input: EmailDeliveryRequest): Promis
 	}

 	try {
-		const transporter = nodemailer.createTransport({
-			host: smtp.host,
-			port: smtp.port,
-			secure: smtp.secure,
-			auth: {
-				user: smtp.user,
-				pass: smtp.pass ?? "",
-			},
-		});
+		const transporter = createSmtpTransport(smtp);
+		if (!transporter) {
+			return { success: false, error: "SMTP not configured" };
+		}

 		const mailResult = await transporter.sendMail({
 			from: input.from ?? smtp.from,
@@ -108,14 +123,15 @@ export async function sendEmailNotification(input: EmailDeliveryRequest): Promis
 export async function sendPushNotification(
 	url: string,
 	title: string,
-	message: string
-): Promise<{ success: boolean; error?: string }> {
+	message: string,
+	options: PushNotificationOptions = {}
+): Promise<{ success: boolean; error?: string; providerMessageId?: string }> {
 	try {
-		const result = await sendShoutrrrNotification(url, title, message);
+		const result = await sendShoutrrrNotification(url, title, message, options);
 		if (!result.success) {
 			return { success: false, error: result.error };
 		}
-		return { success: true };
+		return { success: true, providerMessageId: result.providerMessageId };
 	} catch (error) {
 		const errorMessage = error instanceof Error ? error.message : "Unknown error";
 		return { success: false, error: errorMessage };
@@ -48,10 +48,20 @@ export function isContainerPackage(packageType?: string): boolean {

 export function getPlannerUnit(
 	packageType: string | undefined,
-	tr: { common: { units: string; ml: string; pills: string } }
+	tr: { common: { units: string; ml: string; pills: string; puffs?: string; injections?: string } }
 ): string {
 	const unitKind = getPlannerUnitKind(packageType);
 	if (unitKind === "units") return tr.common.units;
 	if (unitKind === "ml") return tr.common.ml;
+	if (unitKind === "puffs") return tr.common.puffs ?? tr.common.pills;
+	if (unitKind === "injections") return tr.common.injections ?? tr.common.pills;
 	return tr.common.pills;
 }
+
+export function formatPlannerQuantity(
+	packageType: string | undefined,
+	count: number,
+	tr: { common: { units: string; ml: string; pills: string; puffs?: string; injections?: string } }
+): string {
+	return `${count} ${getPlannerUnit(packageType, tr)}`;
+}
@@ -21,6 +21,7 @@ import {
 	formatInTimezone,
 	getCurrentHourInTimezone,
 	getDateOnlyTimestamp,
+	getEffectiveTimezone,
 	getMsUntilNextCheck,
 	getNextScheduledOccurrenceTime,
 	getNextScheduledTime,
@@ -37,6 +38,7 @@ import {
 } from "./notifications/builders.js";
 import { getSmtpConfig, sendEmailNotification, sendPushNotification } from "./notifications/delivery.js";
 import { loadReminderState, saveReminderState, updateUserReminderSentTime } from "./notifications/state.js";
+import { formatPlannerQuantity } from "./planner-service.js";

 export { getReminderState, updateReminderSentTime, updateUserReminderSentTime } from "./notifications/state.js";

@@ -107,6 +109,7 @@ function releaseReminderSendLock(lockFilePath: string | null): void {
 type LowStockItem = {
 	name: string;
 	medsLeft: number;
+	packageType?: string;
 	daysLeft: number | null;
 	depletionDate: string | null;
 	isCritical: boolean;
@@ -125,6 +128,16 @@ type PrescriptionReminderItem = {
 	expiryDate: string | null;
 };

+function getMedicationDisplayName(row: { id: number; name: string | null; genericName: string | null }): string {
+	const commercialName = row.name?.trim() ?? "";
+	if (commercialName) return commercialName;
+
+	const genericName = row.genericName?.trim() ?? "";
+	if (genericName) return genericName;
+
+	return `Medication #${row.id}`;
+}
+
 async function getMedicationsNeedingReminder(
 	userId: number,
 	reminderDaysBefore: number,
@@ -296,8 +309,9 @@ async function getMedicationsNeedingReminder(

 		if (isCritical || isLow) {
 			lowStock.push({
-				name: row.name,
+				name: getMedicationDisplayName({ id: row.id, name: row.name, genericName: row.genericName }),
 				medsLeft: currentPills,
+				packageType,
 				daysLeft,
 				depletionDate,
 				isCritical,
@@ -322,7 +336,7 @@ async function getMedicationsNeedingPrescriptionReminder(userId: number): Promis
 				(row.prescriptionRemainingRefills ?? 0) <= (row.prescriptionLowRefillThreshold ?? 1)
 		)
 		.map((row) => ({
-			name: row.name,
+			name: getMedicationDisplayName({ id: row.id, name: row.name, genericName: row.genericName }),
 			remainingRefills: row.prescriptionRemainingRefills ?? 0,
 			lowThreshold: row.prescriptionLowRefillThreshold ?? 1,
 			expiryDate: row.prescriptionExpiryDate ?? null,
@@ -421,10 +435,11 @@ async function sendReminderEmail(
 			const statusIcon = isEmpty ? "🚨" : nonEmptyIcon;
 			const nonEmptyBg = isCritical ? "#fff7ed" : "white";
 			const rowBg = isEmpty ? "#fef2f2" : nonEmptyBg;
+			const quantityText = formatPlannerQuantity(row.packageType, row.medsLeft, tr);
 			return `
      <tr style="background: ${rowBg};">
        <td style="padding: 10px 12px; border-bottom: 1px solid #e5e7eb; white-space: nowrap;">${statusIcon} ${row.name}</td>
-        <td style="padding: 10px 12px; border-bottom: 1px solid #e5e7eb; text-align: center; white-space: nowrap; ${isEmpty ? "color: #dc2626; font-weight: 600;" : ""}"><strong>${row.medsLeft}</strong></td>
+        <td style="padding: 10px 12px; border-bottom: 1px solid #e5e7eb; text-align: center; white-space: nowrap; ${isEmpty ? "color: #dc2626; font-weight: 600;" : ""}"><strong>${quantityText}</strong></td>
        <td style="padding: 10px 12px; border-bottom: 1px solid #e5e7eb; text-align: center; white-space: nowrap;">${row.daysLeft ?? 0}</td>
        <td style="padding: 10px 12px; border-bottom: 1px solid #e5e7eb; text-align: center; white-space: nowrap;">${isEmpty ? `<strong>${tr.stockReminder.now ?? "-"}</strong>` : (row.depletionDate ?? "-")}</td>
      </tr>`;
@@ -468,7 +483,7 @@ async function sendReminderEmail(

 ${tr.stockReminder.description}

-${lowStock.map((r) => `${r.name}: ${r.medsLeft} ${tr.common.pills}, ${r.daysLeft ?? 0} ${tr.common.days}, ${tr.stockReminder.tableHeaders.runsOut}: ${r.depletionDate ?? tr.common.soon}`).join("\n")}
+${lowStock.map((r) => `${r.name}: ${formatPlannerQuantity(r.packageType, r.medsLeft, tr)}, ${r.daysLeft ?? 0} ${tr.common.days}, ${tr.stockReminder.tableHeaders.runsOut}: ${r.depletionDate ?? tr.common.soon}`).join("\n")}

 ---
 ${getFooterPlain(language)}${isRepeatDaily ? `\n\n${tr.stockReminder.repeatDailyNote}` : ""}`;
@@ -534,7 +549,8 @@ async function checkAndSendReminderForUser(
 	}

 	const state = loadReminderState();
-	const today = getTodayInTimezone(); // YYYY-MM-DD in configured timezone
+	const userTimezone = getEffectiveTimezone(settings.timezone ?? null);
+	const today = getTodayInTimezone(userTimezone); // YYYY-MM-DD in effective user timezone
 	const userStateKey = `user_${settings.userId}`;
 	const userStockNotifiedKey = `${userStateKey}_${today}_stock`;
 	const userPrescriptionNotifiedKey = `${userStateKey}_${today}_prescription`;
@@ -2,9 +2,11 @@ import { eq } from "drizzle-orm";
 import { db } from "../db/client.js";
 import { userSettings } from "../db/schema.js";
 import type { Language } from "../i18n/translations.js";
+import { isNtfyNotificationUrl } from "./notifications/action-renderer.js";

 export type UserSettings = {
 	userId: number;
+	timezone?: string | null;
 	emailEnabled: boolean;
 	notificationEmail: string | null;
 	emailStockReminders: boolean;
@@ -80,7 +82,7 @@ export function getNotificationProvider(url: string): string {
 	if (url.startsWith("telegram://")) return "telegram";
 	if (url.startsWith("gotify://")) return "gotify";
 	if (url.startsWith("pushover://")) return "pushover";
-	if (url.startsWith("ntfy://")) return "ntfy";
+	if (isNtfyNotificationUrl(url)) return "ntfy";

 	try {
 		const parsed = new URL(url);
@@ -105,6 +107,7 @@ function envInt(key: string, defaultVal: number): number {

 export function getDefaultSettings() {
 	return {
+		timezone: "",
 		emailEnabled: envBool("DEFAULT_EMAIL_ENABLED", false),
 		notificationEmail: process.env.DEFAULT_NOTIFICATION_EMAIL || null,
 		emailStockReminders: envBool("DEFAULT_EMAIL_STOCK_REMINDERS", true),
@@ -144,6 +147,33 @@ export function getDefaultSettings() {
 	};
 }

+type IntlWithSupportedValuesOf = typeof Intl & {
+	supportedValuesOf?: (key: string) => string[];
+};
+
+let cachedTimezones: Set<string> | null = null;
+
+function getTimezoneSet(): Set<string> {
+	if (cachedTimezones) return cachedTimezones;
+	const intlWithSupportedValues = Intl as IntlWithSupportedValuesOf;
+	if (typeof intlWithSupportedValues.supportedValuesOf === "function") {
+		cachedTimezones = new Set(intlWithSupportedValues.supportedValuesOf("timeZone"));
+		return cachedTimezones;
+	}
+	cachedTimezones = new Set([process.env.TZ || "UTC", "UTC"]);
+	return cachedTimezones;
+}
+
+export function getAvailableTimezones(): string[] {
+	return [...getTimezoneSet()].sort((left, right) => left.localeCompare(right));
+}
+
+export function normalizeSettingsTimezone(value: string | null | undefined): string {
+	const trimmed = value?.trim() ?? "";
+	if (!trimmed) return "";
+	return getTimezoneSet().has(trimmed) ? trimmed : "";
+}
+
 export function validateNotificationHostname(hostnameRaw: string): string | null {
 	const hostname = hostnameRaw.toLowerCase();

@@ -202,7 +232,7 @@ export function sanitizeNotificationUrl(
 			return { url: discordWebhookUrl, isNtfy: false };
 		}

-		const isNtfy = urlStr.startsWith("ntfy://");
+		const isNtfy = isNtfyNotificationUrl(urlStr);
 		const normalizedUrl = isNtfy ? urlStr.replace("ntfy://", "https://") : urlStr;
 		const parsed = new URL(normalizedUrl);

@@ -245,6 +275,7 @@ export async function loadUserSettingsFromDb(userId: number): Promise<UserSettin
 	const settings = await getOrCreateUserSettings(userId);
 	return {
 		userId: settings.userId,
+		timezone: settings.timezone?.trim() ? settings.timezone : null,
 		emailEnabled: settings.emailEnabled,
 		notificationEmail: settings.notificationEmail,
 		emailStockReminders: settings.emailStockReminders,
@@ -288,6 +319,7 @@ export async function getAllUserSettingsFromDb(): Promise<UserSettings[]> {
 	const allSettings = await db.select().from(userSettings);
 	return allSettings.map((settings) => ({
 		userId: settings.userId,
+		timezone: settings.timezone?.trim() ? settings.timezone : null,
 		emailEnabled: settings.emailEnabled,
 		notificationEmail: settings.notificationEmail,
 		emailStockReminders: settings.emailStockReminders,
@@ -62,13 +62,17 @@ describe("planner-service decomposition regression", () => {
 	});

 	it("maps package type to expected planner units after service extraction", () => {
-		const tr = { common: { units: "units", ml: "ml", pills: "pills" } };
+		const tr = { common: { units: "units", ml: "ml", pills: "pills", puffs: "puffs", injections: "injections" } };

 		expect(isContainerPackage("bottle")).toBe(true);
+		expect(isContainerPackage("inhaler")).toBe(true);
+		expect(isContainerPackage("injection")).toBe(true);
 		expect(isContainerPackage("blister")).toBe(false);
 		expect(getPlannerUnit("tube", tr)).toBe("units");
 		expect(getPlannerUnit("liquid_container", tr)).toBe("ml");
 		expect(getPlannerUnit("bottle", tr)).toBe("pills");
+		expect(getPlannerUnit("inhaler", tr)).toBe("puffs");
+		expect(getPlannerUnit("injection", tr)).toBe("injections");
 		expect(getPlannerUnit("blister", tr)).toBe("pills");
 	});
 });
@@ -0,0 +1,226 @@
+import { dirname, resolve } from "node:path";
+import { fileURLToPath } from "node:url";
+import { migrate } from "drizzle-orm/libsql/migrator";
+import { afterAll, beforeAll, beforeEach, describe, expect, it, vi } from "vitest";
+import { runAlterMigrations } from "../db/db-utils.js";
+
+const { testClient, testDb } = vi.hoisted(() => {
+	const { createClient } = require("@libsql/client");
+	const { drizzle } = require("drizzle-orm/libsql");
+	const client = createClient({ url: ":memory:" });
+	const db = drizzle(client);
+
+	return {
+		testClient: client,
+		testDb: db,
+	};
+});
+
+vi.mock("../db/client.js", () => ({
+	db: testDb,
+	migrationsReady: Promise.resolve(),
+}));
+
+const { dismissDosesForUser, markDoseTakenForUser } = await import("../services/dose-tracking-service.js");
+
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = dirname(__filename);
+const migrationsFolder = resolve(__dirname, "../../drizzle");
+
+async function clearTables() {
+	await testClient.execute("DELETE FROM dose_tracking");
+	await testClient.execute("DELETE FROM medications");
+	await testClient.execute("DELETE FROM user_settings");
+	await testClient.execute("DELETE FROM users");
+}
+
+async function createUser(username: string) {
+	const result = await testClient.execute({
+		sql: "INSERT INTO users (username, auth_provider, is_active) VALUES (?, 'local', 1) RETURNING id",
+		args: [username],
+	});
+
+	return Number(result.rows[0].id);
+}
+
+async function insertMedication(options: { id: number; userId: number; packCount?: number; looseTablets?: number }) {
+	const start = "2025-01-01T08:00:00.000Z";
+	await testClient.execute({
+		sql: `INSERT INTO medications (
+			id, user_id, name, taken_by_json, medication_form, package_type,
+			pack_count, blisters_per_pack, pills_per_blister, loose_tablets, stock_adjustment,
+			usage_json, every_json, start_json, intakes_json, intake_reminders_enabled
+		) VALUES (?, ?, 'Test Medication', '[]', 'tablet', 'blister', ?, 1, 10, ?, 0, ?, ?, ?, ?, 0)`,
+		args: [
+			options.id,
+			options.userId,
+			options.packCount ?? 1,
+			options.looseTablets ?? 0,
+			JSON.stringify([1]),
+			JSON.stringify([1]),
+			JSON.stringify([start]),
+			JSON.stringify([{ usage: 1, every: 1, start, takenBy: null, intakeRemindersEnabled: false }]),
+		],
+	});
+}
+
+async function insertUserSettings(userId: number, stockCalculationMode: "automatic" | "manual" = "automatic") {
+	await testClient.execute({
+		sql: "INSERT INTO user_settings (user_id, stock_calculation_mode) VALUES (?, ?)",
+		args: [userId, stockCalculationMode],
+	});
+}
+
+async function insertDose(options: {
+	userId: number;
+	doseId: string;
+	dismissed?: boolean;
+	takenAt?: number;
+	takenSource?: "manual" | "automatic" | "notification";
+	markedBy?: string | null;
+}) {
+	await testClient.execute({
+		sql: `INSERT INTO dose_tracking (user_id, dose_id, dismissed, taken_at, taken_source, marked_by)
+		      VALUES (?, ?, ?, ?, ?, ?)`,
+		args: [
+			options.userId,
+			options.doseId,
+			options.dismissed ? 1 : 0,
+			options.takenAt ?? Math.floor(Date.now() / 1000),
+			options.takenSource ?? "manual",
+			options.markedBy ?? null,
+		],
+	});
+}
+
+describe("dose-tracking-service", () => {
+	beforeAll(async () => {
+		await migrate(testDb, { migrationsFolder });
+		await runAlterMigrations(testClient);
+	});
+
+	afterAll(() => {
+		testClient.close();
+	});
+
+	beforeEach(async () => {
+		await clearTables();
+	});
+
+	it("inserts a taken row for a valid in-stock dose", async () => {
+		const userId = await createUser("dose-service-user");
+		await insertMedication({ id: 5, userId, packCount: 1 });
+		await insertUserSettings(userId, "automatic");
+
+		const result = await markDoseTakenForUser({
+			userId,
+			doseId: "5-0-1736064000000",
+			source: "notification",
+			markedBy: null,
+		});
+
+		expect(result).toEqual({ success: true, status: "marked" });
+
+		const rows = await testClient.execute({
+			sql: "SELECT dismissed, taken_source, marked_by FROM dose_tracking WHERE user_id = ? AND dose_id = ?",
+			args: [userId, "5-0-1736064000000"],
+		});
+		expect(rows.rows).toEqual([
+			expect.objectContaining({ dismissed: 0, taken_source: "notification", marked_by: null }),
+		]);
+	});
+
+	it("is idempotent when the dose is already taken", async () => {
+		const userId = await createUser("dose-service-existing");
+		await insertDose({ userId, doseId: "5-0-1736064000000", dismissed: false });
+
+		const result = await markDoseTakenForUser({
+			userId,
+			doseId: "5-0-1736064000000",
+			source: "manual",
+			markedBy: null,
+		});
+
+		expect(result).toEqual({ success: true, status: "already_taken" });
+
+		const count = await testClient.execute({
+			sql: "SELECT COUNT(*) AS count FROM dose_tracking WHERE user_id = ? AND dose_id = ?",
+			args: [userId, "5-0-1736064000000"],
+		});
+		expect(Number(count.rows[0].count)).toBe(1);
+	});
+
+	it("rejects taking a dose that is already skipped", async () => {
+		const userId = await createUser("dose-service-dismissed");
+		await insertMedication({ id: 5, userId, packCount: 1 });
+		await insertUserSettings(userId, "automatic");
+		await insertDose({
+			userId,
+			doseId: "5-0-1736064000000",
+			dismissed: true,
+			takenAt: 0,
+			takenSource: "manual",
+			markedBy: null,
+		});
+
+		const result = await markDoseTakenForUser({
+			userId,
+			doseId: "5-0-1736064000000",
+			source: "notification",
+			markedBy: "reminder",
+		});
+
+		expect(result).toEqual({ success: false, code: "ALREADY_SKIPPED", message: "Dose is already skipped" });
+
+		const rows = await testClient.execute({
+			sql: "SELECT dismissed, taken_source, marked_by, taken_at FROM dose_tracking WHERE user_id = ? AND dose_id = ?",
+			args: [userId, "5-0-1736064000000"],
+		});
+		expect(rows.rows).toEqual([expect.objectContaining({ dismissed: 1, taken_source: "manual", marked_by: null })]);
+		expect(Number(rows.rows[0].taken_at)).toBe(0);
+	});
+
+	it("returns OUT_OF_STOCK without mutating dose tracking", async () => {
+		const userId = await createUser("dose-service-stock");
+		await insertMedication({ id: 5, userId, packCount: 0, looseTablets: 0 });
+		await insertUserSettings(userId, "automatic");
+
+		const result = await markDoseTakenForUser({
+			userId,
+			doseId: "5-0-1736064000000",
+			source: "notification",
+			markedBy: null,
+		});
+
+		expect(result).toEqual({ success: false, code: "OUT_OF_STOCK", message: "Medication is out of stock" });
+
+		const count = await testClient.execute({
+			sql: "SELECT COUNT(*) AS count FROM dose_tracking WHERE user_id = ?",
+			args: [userId],
+		});
+		expect(Number(count.rows[0].count)).toBe(0);
+	});
+
+	it("dismisses new doses, stays idempotent for dismissed rows, and preserves real taken rows", async () => {
+		const userId = await createUser("dose-service-dismiss");
+		await insertDose({ userId, doseId: "5-1-1736064000000", dismissed: true, takenAt: 0 });
+		await insertDose({ userId, doseId: "5-2-1736064000000", dismissed: false });
+
+		const result = await dismissDosesForUser({
+			userId,
+			doseIds: ["5-0-1736064000000", "5-1-1736064000000", "5-2-1736064000000"],
+		});
+
+		expect(result).toEqual({ success: true, dismissedCount: 1, alreadyTakenCount: 1 });
+
+		const rows = await testClient.execute({
+			sql: "SELECT dose_id, dismissed, taken_at FROM dose_tracking WHERE user_id = ? ORDER BY dose_id ASC",
+			args: [userId],
+		});
+		expect(rows.rows).toEqual([
+			expect.objectContaining({ dose_id: "5-0-1736064000000", dismissed: 1, taken_at: 0 }),
+			expect.objectContaining({ dose_id: "5-1-1736064000000", dismissed: 1, taken_at: 0 }),
+			expect.objectContaining({ dose_id: "5-2-1736064000000", dismissed: 0 }),
+		]);
+	});
+});
@@ -123,6 +123,7 @@ async function createSchema(client: Client) {
 		`CREATE TABLE IF NOT EXISTS user_settings (
      id integer PRIMARY KEY AUTOINCREMENT,
      user_id integer NOT NULL UNIQUE,
+		timezone text NOT NULL DEFAULT '',
      email_enabled integer NOT NULL DEFAULT 0,
      notification_email text,
      email_stock_reminders integer NOT NULL DEFAULT 1,
@@ -307,10 +308,10 @@ describe("E2E Tests with Real Routes", () => {
 			expect(response.json().error).toBe("Access denied to medication");
 		});

-		it("should aggregate taken/dismissed doses and refill history", async () => {
+		it("should aggregate taken/skipped doses and refill history", async () => {
 			const medId = await createMedication(testClient, userId, "Report Med", ["Daniel"]);

-			// One taken dose and one dismissed dose for the same medication
+			// One taken dose and one skipped dose for the same medication
 			await testClient.execute({
 				sql: `INSERT INTO dose_tracking (user_id, dose_id, taken_at, dismissed)
 				      VALUES (?, ?, ?, 0)`,
@@ -337,13 +338,14 @@ describe("E2E Tests with Real Routes", () => {
 			expect(response.statusCode).toBe(200);
 			const data = response.json();
 			expect(data[medId].dosesTaken).toBe(1);
-			expect(data[medId].dosesDismissed).toBe(1);
+			expect(data[medId].dosesSkipped).toBe(1);
 			expect(data[medId].firstDoseAt).toBe(new Date(1735344000 * 1000).toISOString());
 			expect(data[medId].lastDoseAt).toBe(new Date(1735344000 * 1000).toISOString());
 			expect(data[medId].refills).toHaveLength(1);
 			expect(data[medId].refills[0]).toMatchObject({
 				packsAdded: 2,
 				loosePillsAdded: 5,
+				quantityAdded: 7,
 				usedPrescription: true,
 			});
 		});
@@ -375,6 +377,7 @@ describe("E2E Tests with Real Routes", () => {
 			expect(data[medId].refills[0]).toMatchObject({
 				packsAdded: 1,
 				loosePillsAdded: 0,
+				quantityAdded: 1,
 				usedPrescription: false,
 			});
 		});
@@ -1959,7 +1962,7 @@ describe("E2E Tests with Real Routes", () => {
 			const refillResponse = await app.inject({
 				method: "POST",
 				url: `/medications/${medId}/refill`,
-				payload: { packsAdded: 1, loosePillsAdded: 0 },
+				payload: { packsAdded: 1, loosePillsAdded: 5, quantityAdded: 5 },
 			});

 			expect(refillResponse.statusCode).toBe(200);
@@ -2333,10 +2336,9 @@ describe("E2E Tests with Real Routes", () => {
 			expect(med.stockAdjustment).toBe(0);
 		});

-		it("should persist bottle zero reset with packCount 0 and zero totals", async () => {
-			const createResponse = await app.inject({
-				method: "POST",
-				url: "/medications",
+		it.each([
+			{
+				label: "bottle",
 				payload: {
 					name: "Bottle Zero Reset Med",
 					packageType: "bottle",
@@ -2347,6 +2349,40 @@ describe("E2E Tests with Real Routes", () => {
 					looseTablets: 20,
 					blisters: [{ usage: 1, every: 1, start: "2025-01-01T08:00:00.000Z" }],
 				},
+			},
+			{
+				label: "inhaler",
+				payload: {
+					name: "Inhaler Zero Reset Med",
+					packageType: "inhaler",
+					doseUnit: "puffs",
+					packCount: 1,
+					blistersPerPack: 1,
+					pillsPerBlister: 1,
+					totalPills: 200,
+					looseTablets: 40,
+					blisters: [{ usage: 2, every: 1, start: "2025-01-01T08:00:00.000Z" }],
+				},
+			},
+			{
+				label: "injection",
+				payload: {
+					name: "Injection Zero Reset Med",
+					packageType: "injection",
+					doseUnit: "injections",
+					packCount: 1,
+					blistersPerPack: 1,
+					pillsPerBlister: 1,
+					totalPills: 12,
+					looseTablets: 4,
+					blisters: [{ usage: 1, every: 7, start: "2025-01-01T08:00:00.000Z" }],
+				},
+			},
+		])("should persist $label zero reset with packCount 0 and zero totals", async ({ payload }) => {
+			const createResponse = await app.inject({
+				method: "POST",
+				url: "/medications",
+				payload,
 			});
 			expect(createResponse.statusCode).toBe(200);
 			const medId = createResponse.json().id;
@@ -2442,6 +2478,81 @@ describe("E2E Tests with Real Routes", () => {
 			expect(med.stockAdjustment).toBe(0);
 		});

+		it("should align liquid amount-base fields for stale stock-adjustment clients before refill", async () => {
+			await testClient.execute({
+				sql: `INSERT INTO user_settings (user_id, stock_calculation_mode) VALUES (?, 'manual')`,
+				args: [userId],
+			});
+
+			const createResponse = await app.inject({
+				method: "POST",
+				url: "/medications",
+				payload: {
+					name: "Liquid Stale Client Stock Correction",
+					medicationForm: "liquid",
+					packageType: "liquid_container",
+					doseUnit: "ml",
+					packCount: 7,
+					packageAmountValue: 150,
+					packageAmountUnit: "ml",
+					blistersPerPack: 1,
+					pillsPerBlister: 1,
+					totalPills: 1050,
+					looseTablets: 1050,
+					blisters: [{ usage: 5, every: 1, start: "2025-01-01T08:00:00.000Z" }],
+				},
+			});
+			expect(createResponse.statusCode).toBe(200);
+			const medId = createResponse.json().id;
+
+			const correctionResponse = await app.inject({
+				method: "PATCH",
+				url: `/medications/${medId}/stock-adjustment`,
+				payload: {
+					stockAdjustment: 0,
+					packCount: 1,
+					totalPills: 150,
+				},
+			});
+			expect(correctionResponse.statusCode).toBe(200);
+
+			const afterCorrectionResponse = await app.inject({ method: "GET", url: "/medications" });
+			expect(afterCorrectionResponse.statusCode).toBe(200);
+			const correctedMed = afterCorrectionResponse.json().find((item: Record<string, unknown>) => item.id === medId);
+			expect(correctedMed).toBeTruthy();
+			expect(correctedMed.packCount).toBe(1);
+			expect(correctedMed.totalPills).toBe(150);
+			expect(correctedMed.looseTablets).toBe(150);
+			expect(correctedMed.stockAdjustment).toBe(0);
+
+			const refillResponse = await app.inject({
+				method: "POST",
+				url: `/medications/${medId}/refill`,
+				payload: { packsAdded: 1, loosePillsAdded: 150, quantityAdded: 150 },
+			});
+			expect(refillResponse.statusCode).toBe(200);
+			const refillData = refillResponse.json();
+			expect(refillData.refill.quantityAdded).toBe(150);
+			expect(refillData.newStock.packCount).toBe(2);
+			expect(refillData.newStock.looseTablets).toBe(300);
+			expect(refillData.newStock.totalPills).toBe(300);
+
+			const historyResponse = await app.inject({
+				method: "GET",
+				url: `/medications/${medId}/refills`,
+			});
+			expect(historyResponse.statusCode).toBe(200);
+			expect(historyResponse.json()[0].quantityAdded).toBe(150);
+
+			const afterRefillResponse = await app.inject({ method: "GET", url: "/medications" });
+			expect(afterRefillResponse.statusCode).toBe(200);
+			const refilledMed = afterRefillResponse.json().find((item: Record<string, unknown>) => item.id === medId);
+			expect(refilledMed).toBeTruthy();
+			expect(refilledMed.packCount).toBe(2);
+			expect(refilledMed.totalPills).toBe(300);
+			expect(refilledMed.looseTablets).toBe(300);
+		});
+
 		it("should persist stockAdjustment in GET /medications", async () => {
 			const createResponse = await app.inject({
 				method: "POST",
@@ -3047,6 +3158,80 @@ describe("E2E Tests with Real Routes", () => {
 			blisters: [{ usage: 2, every: 1, start: "2025-01-01T08:00:00.000Z" }],
 		};

+		const discreteContainerMedications = [
+			{
+				label: "inhaler",
+				payload: {
+					name: "Asthma Inhaler",
+					packageType: "inhaler",
+					doseUnit: "puffs",
+					packCount: 0,
+					blistersPerPack: 1,
+					pillsPerBlister: 1,
+					totalPills: 200,
+					looseTablets: 200,
+					blisters: [{ usage: 2, every: 1, start: "2025-01-01T08:00:00.000Z" }],
+				},
+				expectedDoseUnit: "puffs",
+			},
+			{
+				label: "injection",
+				payload: {
+					name: "B12 Injection",
+					packageType: "injection",
+					doseUnit: "injections",
+					packCount: 0,
+					blistersPerPack: 1,
+					pillsPerBlister: 1,
+					totalPills: 12,
+					looseTablets: 12,
+					blisters: [{ usage: 1, every: 7, start: "2025-01-01T08:00:00.000Z" }],
+				},
+				expectedDoseUnit: "injections",
+			},
+		] as const;
+
+		async function expectRefillInvariants({
+			medId,
+			refillData,
+			visibleStockBeforeRefill,
+			expectedQuantityAdded,
+			expectedPacksAdded,
+			expectedAmountPerPackage,
+		}: {
+			medId: number;
+			refillData: {
+				refill: { packsAdded: number; quantityAdded: number; totalPillsAdded: number };
+				newStock: { packCount: number; totalPills: number; looseTablets: number };
+			};
+			visibleStockBeforeRefill: number;
+			expectedQuantityAdded: number;
+			expectedPacksAdded: number;
+			expectedAmountPerPackage?: number;
+		}) {
+			expect(refillData.refill.packsAdded).toBe(expectedPacksAdded);
+			expect(refillData.refill.quantityAdded).toBe(expectedQuantityAdded);
+			expect(refillData.refill.totalPillsAdded).toBe(expectedQuantityAdded);
+			expect(refillData.newStock.totalPills - visibleStockBeforeRefill).toBe(expectedQuantityAdded);
+
+			const historyResponse = await app.inject({
+				method: "GET",
+				url: `/medications/${medId}/refills`,
+			});
+			expect(historyResponse.statusCode).toBe(200);
+			expect(historyResponse.json()[0]).toMatchObject({
+				packsAdded: expectedPacksAdded,
+				quantityAdded: expectedQuantityAdded,
+				totalPillsAdded: expectedQuantityAdded,
+			});
+
+			if (expectedAmountPerPackage) {
+				expect(refillData.newStock.packCount).toBe(
+					Math.max(1, Math.ceil(refillData.newStock.totalPills / expectedAmountPerPackage))
+				);
+			}
+		}
+
 		it("should create and return bottle type medication", async () => {
 			const response = await app.inject({
 				method: "POST",
@@ -3106,6 +3291,23 @@ describe("E2E Tests with Real Routes", () => {
 			expect(data.looseTablets).toBe(180);
 		});

+		it.each(discreteContainerMedications)("should create and return $label type medication", async ({
+			payload,
+			expectedDoseUnit,
+		}) => {
+			const response = await app.inject({
+				method: "POST",
+				url: "/medications",
+				payload,
+			});
+
+			expect(response.statusCode).toBe(200);
+			const data = response.json();
+			expect(data.packageType).toBe(payload.packageType);
+			expect(data.doseUnit).toBe(expectedDoseUnit);
+			expect(data.looseTablets).toBe(payload.looseTablets);
+		});
+
 		it("should return packageType and ml-based stock semantics in shared schedule for liquid_container", async () => {
 			await app.inject({
 				method: "POST",
@@ -3240,6 +3442,196 @@ describe("E2E Tests with Real Routes", () => {
 			});
 		});

+		it.each([
+			{
+				name: "bottle",
+				payload: {
+					...bottleMedication,
+					totalPills: 100,
+					looseTablets: 10,
+				},
+				refillPayload: { packsAdded: 0, loosePillsAdded: 100 },
+				expectedVisibleStockBeforeRefill: 10,
+				expectedQuantityAdded: 100,
+				expectedResponsePacksAdded: 0,
+				expectedPackCount: 0,
+				expectedLooseTablets: 110,
+				expectedTotalPills: 110,
+				expectedPersistedTotalPills: 100,
+				expectedStockAdjustment: 0,
+			},
+			{
+				name: "blister",
+				payload: {
+					...blisterMedication,
+					packCount: 1,
+					blistersPerPack: 1,
+					pillsPerBlister: 10,
+					looseTablets: 0,
+				},
+				refillPayload: { packsAdded: 1, loosePillsAdded: 0 },
+				expectedVisibleStockBeforeRefill: 10,
+				expectedQuantityAdded: 10,
+				expectedResponsePacksAdded: 1,
+				expectedPackCount: 2,
+				expectedLooseTablets: 0,
+				expectedTotalPills: 20,
+				expectedPersistedTotalPills: null,
+				expectedStockAdjustment: 0,
+			},
+			{
+				name: "liquid_container",
+				payload: {
+					...liquidContainerMedication,
+					packCount: 1,
+					packageAmountValue: 100,
+					packageAmountUnit: "ml",
+					totalPills: 10,
+					looseTablets: 10,
+					blisters: [{ usage: 1, every: 1, start: "2025-01-01T08:00:00.000Z" }],
+				},
+				refillPayload: { packsAdded: 1, loosePillsAdded: 100, quantityAdded: 100 },
+				expectedVisibleStockBeforeRefill: 10,
+				expectedQuantityAdded: 100,
+				expectedResponsePacksAdded: 1,
+				expectedAmountPerPackage: 100,
+				expectedPackCount: 2,
+				expectedLooseTablets: 110,
+				expectedTotalPills: 110,
+				expectedPersistedTotalPills: 110,
+				expectedStockAdjustment: 0,
+			},
+		])("should refill from the persisted stock baseline after prior consumption for $name", async ({
+			payload,
+			refillPayload,
+			expectedVisibleStockBeforeRefill,
+			expectedQuantityAdded,
+			expectedResponsePacksAdded,
+			expectedAmountPerPackage,
+			expectedPackCount,
+			expectedLooseTablets,
+			expectedTotalPills,
+			expectedPersistedTotalPills,
+			expectedStockAdjustment,
+		}) => {
+			await testClient.execute({
+				sql: `INSERT OR REPLACE INTO user_settings (user_id, stock_calculation_mode) VALUES (?, 'manual')`,
+				args: [userId],
+			});
+
+			const createResponse = await app.inject({
+				method: "POST",
+				url: "/medications",
+				payload,
+			});
+			expect(createResponse.statusCode).toBe(200);
+			const medId = createResponse.json().id;
+
+			for (let day = 1; day <= 6; day += 1) {
+				const doseDateOnlyMs = new Date(`2025-01-0${day}T00:00:00.000Z`).getTime();
+				const takenAtMs = new Date(`2025-01-0${day}T10:00:00.000Z`).getTime();
+				await testClient.execute({
+					sql: `INSERT INTO dose_tracking (user_id, dose_id, taken_at, dismissed)
+					      VALUES (?, ?, ?, 0)`,
+					args: [userId, `${medId}-0-${doseDateOnlyMs}`, takenAtMs],
+				});
+			}
+
+			const refillResponse = await app.inject({
+				method: "POST",
+				url: `/medications/${medId}/refill`,
+				payload: refillPayload,
+			});
+
+			expect(refillResponse.statusCode).toBe(200);
+			const refillData = refillResponse.json();
+			await expectRefillInvariants({
+				medId,
+				refillData,
+				visibleStockBeforeRefill: expectedVisibleStockBeforeRefill,
+				expectedQuantityAdded,
+				expectedPacksAdded: expectedResponsePacksAdded,
+				expectedAmountPerPackage,
+			});
+			expect(refillData.newStock.packCount).toBe(expectedPackCount);
+			expect(refillData.newStock.looseTablets).toBe(expectedLooseTablets);
+			expect(refillData.newStock.totalPills).toBe(expectedTotalPills);
+
+			const medsResponse = await app.inject({ method: "GET", url: "/medications" });
+			expect(medsResponse.statusCode).toBe(200);
+			const med = medsResponse.json().find((item: Record<string, unknown>) => item.id === medId);
+			expect(med).toBeTruthy();
+			expect(med.packCount).toBe(expectedPackCount);
+			expect(med.looseTablets).toBe(expectedLooseTablets);
+			expect(med.totalPills).toBe(expectedPersistedTotalPills);
+			expect(med.stockAdjustment).toBe(expectedStockAdjustment);
+		});
+
+		it("should refill tube stock from the corrected visible baseline", async () => {
+			await testClient.execute({
+				sql: `INSERT OR REPLACE INTO user_settings (user_id, stock_calculation_mode) VALUES (?, 'manual')`,
+				args: [userId],
+			});
+
+			const createResponse = await app.inject({
+				method: "POST",
+				url: "/medications",
+				payload: {
+					...tubeMedication,
+					packCount: 1,
+					packageAmountValue: 80,
+					packageAmountUnit: "g",
+					totalPills: 10,
+					looseTablets: 10,
+					blisters: [{ usage: 1, every: 1, start: "2025-01-01T08:00:00.000Z" }],
+				},
+			});
+			expect(createResponse.statusCode).toBe(200);
+			const medId = createResponse.json().id;
+
+			const correctionResponse = await app.inject({
+				method: "PATCH",
+				url: `/medications/${medId}/stock-adjustment`,
+				payload: {
+					stockAdjustment: -6,
+					looseTablets: 10,
+					totalPills: 10,
+					packageAmountValue: 80,
+					packCount: 1,
+				},
+			});
+			expect(correctionResponse.statusCode).toBe(200);
+
+			const refillResponse = await app.inject({
+				method: "POST",
+				url: `/medications/${medId}/refill`,
+				payload: { packsAdded: 1, loosePillsAdded: 80, quantityAdded: 80 },
+			});
+
+			expect(refillResponse.statusCode).toBe(200);
+			const refillData = refillResponse.json();
+			await expectRefillInvariants({
+				medId,
+				refillData,
+				visibleStockBeforeRefill: 4,
+				expectedQuantityAdded: 80,
+				expectedPacksAdded: 1,
+				expectedAmountPerPackage: 80,
+			});
+			expect(refillData.newStock.packCount).toBe(2);
+			expect(refillData.newStock.looseTablets).toBe(84);
+			expect(refillData.newStock.totalPills).toBe(84);
+
+			const medsResponse = await app.inject({ method: "GET", url: "/medications" });
+			expect(medsResponse.statusCode).toBe(200);
+			const med = medsResponse.json().find((item: Record<string, unknown>) => item.id === medId);
+			expect(med).toBeTruthy();
+			expect(med.packCount).toBe(2);
+			expect(med.looseTablets).toBe(84);
+			expect(med.totalPills).toBe(84);
+			expect(med.stockAdjustment).toBe(0);
+		});
+
 		it("should calculate correct refill totalPillsAdded for blister type", async () => {
 			const createResponse = await app.inject({
 				method: "POST",
@@ -3271,6 +3663,11 @@ describe("E2E Tests with Real Routes", () => {
 		});

 		it("should keep liquid_container refill additive and preserve amount baseline", async () => {
+			await testClient.execute({
+				sql: `INSERT INTO user_settings (user_id, stock_calculation_mode) VALUES (?, 'manual')`,
+				args: [userId],
+			});
+
 			const createResponse = await app.inject({
 				method: "POST",
 				url: "/medications",
@@ -3288,14 +3685,20 @@ describe("E2E Tests with Real Routes", () => {
 			const refillResponse = await app.inject({
 				method: "POST",
 				url: `/medications/${medId}/refill`,
-				payload: { packsAdded: 1, loosePillsAdded: 0 },
+				payload: { packsAdded: 1, loosePillsAdded: 180, quantityAdded: 180 },
 			});

 			expect(refillResponse.statusCode).toBe(200);
 			const refillData = refillResponse.json();
-			expect(refillData.refill.packsAdded).toBe(1);
+			await expectRefillInvariants({
+				medId,
+				refillData,
+				visibleStockBeforeRefill: 180,
+				expectedQuantityAdded: 180,
+				expectedPacksAdded: 1,
+				expectedAmountPerPackage: 180,
+			});
 			expect(refillData.refill.loosePillsAdded).toBe(180);
-			expect(refillData.refill.totalPillsAdded).toBe(180);
 			expect(refillData.newStock.totalPills).toBe(360);

 			const medsResponse = await app.inject({ method: "GET", url: "/medications" });
@@ -3306,6 +3709,54 @@ describe("E2E Tests with Real Routes", () => {
 			expect(med.looseTablets).toBe(360);
 		});

+		it("should normalize liquid_container packCount to the full visible stock after refill", async () => {
+			await testClient.execute({
+				sql: `INSERT INTO user_settings (user_id, stock_calculation_mode) VALUES (?, 'manual')`,
+				args: [userId],
+			});
+
+			const createResponse = await app.inject({
+				method: "POST",
+				url: "/medications",
+				payload: {
+					...liquidContainerMedication,
+					packCount: 0,
+					packageAmountValue: 150,
+					totalPills: 300,
+					looseTablets: 300,
+				},
+			});
+			expect(createResponse.statusCode).toBe(200);
+			const medId = createResponse.json().id;
+
+			const refillResponse = await app.inject({
+				method: "POST",
+				url: `/medications/${medId}/refill`,
+				payload: { packsAdded: 5, loosePillsAdded: 750, quantityAdded: 750 },
+			});
+
+			expect(refillResponse.statusCode).toBe(200);
+			const refillData = refillResponse.json();
+			await expectRefillInvariants({
+				medId,
+				refillData,
+				visibleStockBeforeRefill: 300,
+				expectedQuantityAdded: 750,
+				expectedPacksAdded: 5,
+				expectedAmountPerPackage: 150,
+			});
+			expect(refillData.newStock.packCount).toBe(7);
+			expect(refillData.newStock.totalPills).toBe(1050);
+
+			const medsResponse = await app.inject({ method: "GET", url: "/medications" });
+			expect(medsResponse.statusCode).toBe(200);
+			const med = medsResponse.json().find((m: Record<string, unknown>) => m.id === medId);
+			expect(med).toBeTruthy();
+			expect(med.packCount).toBe(7);
+			expect(med.totalPills).toBe(1050);
+			expect(med.looseTablets).toBe(1050);
+		});
+
 		it.each([
 			{
 				name: "liquid_container",
@@ -3321,11 +3772,13 @@ describe("E2E Tests with Real Routes", () => {
 					prescriptionRemainingRefills: 2,
 					prescriptionLowRefillThreshold: 1,
 				},
-				refillPayload: { packsAdded: 0, loosePillsAdded: 180, usePrescription: true },
+				refillPayload: { packsAdded: 1, loosePillsAdded: 180, quantityAdded: 180, usePrescription: true },
+				expectedVisibleStockBeforeRefill: 180,
 				expectedPacksAdded: 1,
 				expectedLooseAdded: 180,
 				expectedRemainingRefills: 1,
 				expectedTotalPills: 360,
+				expectedAmountPerPackage: 180,
 			},
 			{
 				name: "tube",
@@ -3336,20 +3789,29 @@ describe("E2E Tests with Real Routes", () => {
 					prescriptionRemainingRefills: 3,
 					prescriptionLowRefillThreshold: 1,
 				},
-				refillPayload: { packsAdded: 0, loosePillsAdded: 80, usePrescription: true },
+				refillPayload: { packsAdded: 2, loosePillsAdded: 80, quantityAdded: 80, usePrescription: true },
+				expectedVisibleStockBeforeRefill: 80,
 				expectedPacksAdded: 2,
 				expectedLooseAdded: 80,
 				expectedRemainingRefills: 1,
 				expectedTotalPills: 160,
+				expectedAmountPerPackage: 40,
 			},
 		])("should derive amount-based refill counts and decrement prescription remaining refills for $name", async ({
 			payload,
 			refillPayload,
+			expectedVisibleStockBeforeRefill,
 			expectedPacksAdded,
 			expectedLooseAdded,
 			expectedRemainingRefills,
 			expectedTotalPills,
+			expectedAmountPerPackage,
 		}) => {
+			await testClient.execute({
+				sql: `INSERT OR REPLACE INTO user_settings (user_id, stock_calculation_mode) VALUES (?, 'manual')`,
+				args: [userId],
+			});
+
 			const createResponse = await app.inject({
 				method: "POST",
 				url: "/medications",
@@ -3366,8 +3828,17 @@ describe("E2E Tests with Real Routes", () => {

 			expect(refillResponse.statusCode).toBe(200);
 			const refillData = refillResponse.json();
+			await expectRefillInvariants({
+				medId,
+				refillData,
+				visibleStockBeforeRefill: expectedVisibleStockBeforeRefill,
+				expectedQuantityAdded: expectedLooseAdded,
+				expectedPacksAdded,
+				expectedAmountPerPackage,
+			});
 			expect(refillData.refill.packsAdded).toBe(expectedPacksAdded);
 			expect(refillData.refill.loosePillsAdded).toBe(expectedLooseAdded);
+			expect(refillData.refill.quantityAdded).toBe(expectedLooseAdded);
 			expect(refillData.refill.totalPillsAdded).toBe(expectedLooseAdded);
 			expect(refillData.prescription.used).toBe(true);
 			expect(refillData.prescription.remainingRefills).toBe(expectedRemainingRefills);
@@ -3381,6 +3852,7 @@ describe("E2E Tests with Real Routes", () => {
 			expect(historyResponse.json()[0]).toMatchObject({
 				packsAdded: expectedPacksAdded,
 				loosePillsAdded: expectedLooseAdded,
+				quantityAdded: expectedLooseAdded,
 				usedPrescription: true,
 			});
 		});
@@ -3397,14 +3869,20 @@ describe("E2E Tests with Real Routes", () => {
 			const refillResponse = await app.inject({
 				method: "POST",
 				url: `/medications/${medId}/refill`,
-				payload: { packsAdded: 1, loosePillsAdded: 0 },
+				payload: { packsAdded: 1, loosePillsAdded: 40, quantityAdded: 40 },
 			});

 			expect(refillResponse.statusCode).toBe(200);
 			const refillData = refillResponse.json();
-			expect(refillData.refill.packsAdded).toBe(1);
+			await expectRefillInvariants({
+				medId,
+				refillData,
+				visibleStockBeforeRefill: 80,
+				expectedQuantityAdded: 40,
+				expectedPacksAdded: 1,
+				expectedAmountPerPackage: 40,
+			});
 			expect(refillData.refill.loosePillsAdded).toBe(40);
-			expect(refillData.refill.totalPillsAdded).toBe(40);
 			expect(refillData.newStock.totalPills).toBe(120);

 			const medsResponse = await app.inject({ method: "GET", url: "/medications" });
@@ -10,33 +10,34 @@ const EnvSchema = z.object({
 	NODE_ENV: z.enum(["development", "production", "test"]).default("production"),
 	PORT: z
 		.string()
-		.transform((v) => parseInt(v, 10))
-		.default("3000"),
+		.default("3000")
+		.transform((v) => parseInt(v, 10)),
 	CORS_ORIGINS: z.string().default("http://localhost:5173,http://localhost:4173"),
 	LOG_LEVEL: z.string().default("info"),
+	PUBLIC_APP_URL: z.string().url().optional(),
 	AUTH_ENABLED: z
 		.string()
-		.transform((v) => v === "true")
-		.default("false"),
+		.default("false")
+		.transform((v) => v === "true"),
 	REGISTRATION_ENABLED: z
 		.string()
-		.transform((v) => v === "true")
-		.default("false"),
+		.default("false")
+		.transform((v) => v === "true"),
 	JWT_SECRET: z.string().min(10).optional(),
 	REFRESH_SECRET: z.string().min(10).optional(),
 	COOKIE_SECRET: z.string().min(10).optional(),
 	ACCESS_TOKEN_TTL_MINUTES: z
 		.string()
-		.transform((v) => parseInt(v, 10))
-		.default("15"),
+		.default("15")
+		.transform((v) => parseInt(v, 10)),
 	REFRESH_TOKEN_TTL_DAYS: z
 		.string()
-		.transform((v) => parseInt(v, 10))
-		.default("7"),
+		.default("7")
+		.transform((v) => parseInt(v, 10)),
 	OIDC_ENABLED: z
 		.string()
-		.transform((v) => v === "true")
-		.default("false"),
+		.default("false")
+		.transform((v) => v === "true"),
 	OIDC_ISSUER_URL: z.string().url().optional(),
 	OIDC_CLIENT_ID: z.string().optional(),
 	OIDC_CLIENT_SECRET: z.string().optional(),
@@ -44,8 +45,8 @@ const EnvSchema = z.object({
 	OIDC_SCOPES: z.string().default("openid profile email"),
 	OIDC_AUTO_CREATE_USERS: z
 		.string()
-		.transform((v) => v === "true")
-		.default("true"),
+		.default("true")
+		.transform((v) => v === "true"),
 	OIDC_USERNAME_CLAIM: z.string().default("preferred_username"),
 	OIDC_PROVIDER_NAME: z.string().default("SSO"),
 });
@@ -81,6 +82,7 @@ describe("EnvSchema", () => {
 			expect(result.PORT).toBe(3000);
 			expect(result.CORS_ORIGINS).toBe("http://localhost:5173,http://localhost:4173");
 			expect(result.LOG_LEVEL).toBe("info");
+			expect(result.PUBLIC_APP_URL).toBeUndefined();
 			expect(result.AUTH_ENABLED).toBe(false);
 			expect(result.REGISTRATION_ENABLED).toBe(false);
 			expect(result.ACCESS_TOKEN_TTL_MINUTES).toBe(15);
@@ -188,6 +190,15 @@ describe("EnvSchema", () => {
 	});

 	describe("OIDC URL validation", () => {
+		it("should accept valid PUBLIC_APP_URL", () => {
+			const result = EnvSchema.parse({ PUBLIC_APP_URL: "https://medassist.example.com" });
+			expect(result.PUBLIC_APP_URL).toBe("https://medassist.example.com");
+		});
+
+		it("should reject invalid PUBLIC_APP_URL", () => {
+			expect(() => EnvSchema.parse({ PUBLIC_APP_URL: "not-a-url" })).toThrow();
+		});
+
 		it("should accept valid OIDC_ISSUER_URL", () => {
 			const result = EnvSchema.parse({ OIDC_ISSUER_URL: "https://auth.example.com" });
 			expect(result.OIDC_ISSUER_URL).toBe("https://auth.example.com");
@@ -411,6 +411,7 @@ describe("Export/Import API", () => {
 			expect(data.settings.notificationEmail).toBe("test@example.com");
 			expect(data.settings.language).toBe("de");
 			expect(data.settings.lowStockDays).toBe(14);
+			expect(data.settings.shareStockStatus).toBeUndefined();
 		});

 		it("should exclude sensitive data by default", async () => {
@@ -557,6 +558,45 @@ describe("Export/Import API", () => {
 			expect(result.rows[0].loose_tablets).toBe(5);
 		});

+		it("accepts legacy shareStockStatus in imported settings but does not export or use it", async () => {
+			const importData = {
+				version: "1.0",
+				exportedAt: new Date().toISOString(),
+				medications: [],
+				doseHistory: [],
+				refillHistory: [],
+				settings: {
+					language: "de",
+					stockCalculationMode: "automatic",
+					shareStockStatus: false,
+				},
+				shareLinks: [],
+			};
+
+			const importResponse = await ctx.app.inject({
+				method: "POST",
+				url: "/import",
+				payload: importData,
+			});
+
+			expect(importResponse.statusCode).toBe(200);
+
+			const exportResponse = await ctx.app.inject({
+				method: "GET",
+				url: "/export",
+			});
+
+			expect(exportResponse.statusCode).toBe(200);
+			expect(exportResponse.json().settings.shareStockStatus).toBeUndefined();
+
+			const settingsRow = await ctx.client.execute({
+				sql: "SELECT share_medication_overview, share_stock_status FROM user_settings WHERE user_id = ?",
+				args: [userId],
+			});
+			expect(settingsRow.rows[0].share_medication_overview).toBe(0);
+			expect(settingsRow.rows[0].share_stock_status).toBe(1);
+		});
+
 		it("should replace existing data on import", async () => {
 			// Create existing medication
 			await createTestMedication(ctx.client, {
@@ -0,0 +1,87 @@
+import { mkdtempSync, readFileSync, rmSync, writeFileSync } from "node:fs";
+import { tmpdir } from "node:os";
+import { join } from "node:path";
+import { Readable } from "node:stream";
+import sharp from "sharp";
+import { afterEach, describe, expect, it, vi } from "vitest";
+import {
+	getThumbFilename,
+	MAX_IMAGE_UPLOAD_BYTES,
+	removeImageFiles,
+	streamToBuffer,
+	writeOptimizedImageSet,
+} from "../utils/image-upload";
+
+describe("image-upload utils", () => {
+	const MOCK_TIMESTAMP_MS = 1_700_000_000_000;
+	const tempDirs: string[] = [];
+
+	afterEach(() => {
+		vi.restoreAllMocks();
+		for (const dir of tempDirs.splice(0)) {
+			rmSync(dir, { recursive: true, force: true });
+		}
+	});
+
+	it("builds thumb filename with and without extension", () => {
+		expect(getThumbFilename("avatar.png")).toBe("avatar-thumb.webp");
+		expect(getThumbFilename("avatar")).toBe("avatar-thumb.webp");
+	});
+
+	it("removes original and thumb files when they exist", () => {
+		const imagesDir = mkdtempSync(join(tmpdir(), "medassist-image-upload-"));
+		tempDirs.push(imagesDir);
+
+		const imageFilename = "profile.webp";
+		const imagePath = join(imagesDir, imageFilename);
+		const thumbPath = join(imagesDir, getThumbFilename(imageFilename));
+		writeFileSync(imagePath, Buffer.from("image"));
+		writeFileSync(thumbPath, Buffer.from("thumb"));
+
+		removeImageFiles(imagesDir, imageFilename);
+
+		expect(() => readFileSync(imagePath)).toThrow();
+		expect(() => readFileSync(thumbPath)).toThrow();
+	});
+
+	it("buffers stream chunks and rejects payloads above max size", async () => {
+		const stream = Readable.from([Buffer.from("hello"), Buffer.from("world")]);
+		await expect(streamToBuffer(stream)).resolves.toEqual(Buffer.from("helloworld"));
+
+		const oversized = Readable.from([Buffer.alloc(MAX_IMAGE_UPLOAD_BYTES + 1)]);
+		await expect(streamToBuffer(oversized)).rejects.toThrow("IMAGE_TOO_LARGE");
+	});
+
+	it("writes optimized full and thumbnail webp variants", async () => {
+		const imagesDir = mkdtempSync(join(tmpdir(), "medassist-image-upload-"));
+		tempDirs.push(imagesDir);
+		vi.spyOn(Date, "now").mockReturnValue(MOCK_TIMESTAMP_MS);
+
+		const uploadBuffer = await sharp({
+			create: {
+				width: 64,
+				height: 48,
+				channels: 3,
+				background: { r: 255, g: 0, b: 0 },
+			},
+		})
+			.png()
+			.toBuffer();
+
+		const result = await writeOptimizedImageSet(imagesDir, "med-42", uploadBuffer, {
+			maxEdgePx: 32,
+			thumbSizePx: 16,
+		});
+
+		expect(result.filename).toBe("med-42-1700000000000.webp");
+		expect(result.thumbFilename).toBe("med-42-1700000000000-thumb.webp");
+
+		const optimizedMeta = await sharp(join(imagesDir, result.filename)).metadata();
+		const thumbMeta = await sharp(join(imagesDir, result.thumbFilename)).metadata();
+		expect(optimizedMeta.format).toBe("webp");
+		expect(thumbMeta.format).toBe("webp");
+		expect(Math.max(optimizedMeta.width ?? 0, optimizedMeta.height ?? 0)).toBeLessThanOrEqual(32);
+		expect(thumbMeta.width).toBe(16);
+		expect(thumbMeta.height).toBe(16);
+	});
+});
@@ -0,0 +1,715 @@
+import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";
+
+const {
+	mockedEnv,
+	createNotificationActionContextMock,
+	storeNotificationActionGroupNtfyMessageIdMock,
+	sendPushNotificationMock,
+} = vi.hoisted(() => ({
+	mockedEnv: {
+		PUBLIC_APP_URL: undefined as string | undefined,
+		CORS_ORIGINS: "http://localhost:5173" as string,
+	},
+	createNotificationActionContextMock: vi.fn(),
+	storeNotificationActionGroupNtfyMessageIdMock: vi.fn(),
+	sendPushNotificationMock: vi.fn(),
+}));
+
+vi.mock("node:fs", () => ({
+	existsSync: () => false,
+	readFileSync: vi.fn(),
+	writeFileSync: vi.fn(),
+}));
+
+vi.mock("../db/path-utils.js", () => ({
+	getDataDir: () => "/tmp",
+}));
+
+vi.mock("../db/client.js", () => ({
+	db: {
+		select: vi.fn(),
+		insert: vi.fn(),
+	},
+	migrationsReady: Promise.resolve(),
+}));
+
+vi.mock("../plugins/env.js", () => ({ env: mockedEnv }));
+
+vi.mock("../services/notification-actions-service.js", () => ({
+	createNotificationActionContext: createNotificationActionContextMock,
+	storeNotificationActionGroupNtfyMessageId: storeNotificationActionGroupNtfyMessageIdMock,
+}));
+
+vi.mock("../services/notifications/delivery.js", () => ({
+	getSmtpConfig: vi.fn(() => null),
+	sendEmailNotification: vi.fn(),
+	sendPushNotification: sendPushNotificationMock,
+}));
+
+vi.mock("../services/notifications/state.js", () => ({
+	updateReminderSentTime: vi.fn(),
+	updateUserReminderSentTime: vi.fn(),
+}));
+
+vi.mock("../utils/scheduler-utils.js", async () => {
+	const actual = await vi.importActual<typeof import("../utils/scheduler-utils.js")>("../utils/scheduler-utils.js");
+	const candidate = {
+		medName: "Calcium",
+		intakeTime: new Date("2026-01-05T11:15:00.000Z"),
+		intakeTimeStr: "11:15",
+		usage: 1,
+		takenBy: null,
+		pillWeightMg: null,
+		doseUnit: "mg",
+	};
+
+	return {
+		...actual,
+		getEffectiveTimezone: () => Intl.DateTimeFormat().resolvedOptions().timeZone,
+		getDateLocale: () => "en-US",
+		parseTakenByJson: () => [],
+		parseIntakesJson: () => [
+			{
+				usage: 1,
+				every: 1,
+				start: "2026-01-05T10:45:00.000Z",
+				takenBy: null,
+				intakeRemindersEnabled: true,
+			},
+		],
+		getTodaysIntakes: () => [candidate],
+		getUpcomingIntakes: () => [candidate],
+	};
+});
+
+import { db } from "../db/client.js";
+import { checkAndSendIntakeRemindersForUser } from "../services/intake-reminder-scheduler.js";
+
+function createLogger() {
+	return {
+		debug: vi.fn(),
+		info: vi.fn(),
+		warn: vi.fn(),
+		error: vi.fn(),
+	};
+}
+
+function mockSelectWhere<T>(result: T) {
+	return {
+		from: () => ({
+			where: async () => result,
+		}),
+	} as never;
+}
+
+describe("intake reminder scheduler action wiring", () => {
+	const mockedDb = vi.mocked(db);
+	let originalTz: string | undefined;
+
+	beforeEach(() => {
+		vi.useFakeTimers();
+		vi.setSystemTime(new Date(2026, 0, 5, 10, 30, 0));
+		originalTz = process.env.TZ;
+		process.env.TZ = Intl.DateTimeFormat().resolvedOptions().timeZone;
+		mockedEnv.PUBLIC_APP_URL = undefined;
+		mockedEnv.CORS_ORIGINS = "http://localhost:5173";
+		createNotificationActionContextMock.mockReset();
+		storeNotificationActionGroupNtfyMessageIdMock.mockReset();
+		sendPushNotificationMock.mockReset();
+	});
+
+	afterEach(() => {
+		vi.useRealTimers();
+		vi.restoreAllMocks();
+		if (originalTz === undefined) {
+			delete process.env.TZ;
+		} else {
+			process.env.TZ = originalTz;
+		}
+	});
+
+	it("attaches action context to push notifications when PUBLIC_APP_URL is configured", async () => {
+		mockedEnv.PUBLIC_APP_URL = "https://app.example.com";
+
+		const selectMock = vi.mocked(mockedDb.select);
+		selectMock
+			.mockImplementationOnce(() => mockSelectWhere([{ username: "push-user" }]))
+			.mockImplementationOnce(() =>
+				mockSelectWhere([
+					{
+						id: 7,
+						userId: 11,
+						name: "Calcium",
+						genericName: null,
+						takenByJson: null,
+						packageType: "blister",
+						medicationForm: "tablet",
+						packCount: 1,
+						blistersPerPack: 1,
+						pillsPerBlister: 10,
+						looseTablets: 0,
+						stockAdjustment: 0,
+						pillWeightMg: null,
+						doseUnit: "mg",
+						isObsolete: false,
+						intakeRemindersEnabled: true,
+						intakesJson: "[]",
+						usageJson: "[]",
+						everyJson: "[]",
+						startJson: "[]",
+					},
+				])
+			)
+			.mockImplementationOnce(() => mockSelectWhere([]));
+
+		createNotificationActionContextMock.mockResolvedValue({
+			groupId: 41,
+			actions: [
+				{
+					kind: "taken",
+					label: "Taken",
+					url: "https://app.example.com/api/notification-actions/taken",
+					method: "POST",
+				},
+			],
+			respondUrl: "https://app.example.com/api/notification-actions/respond",
+			viewUrl: "https://app.example.com/?date=2026-01-05",
+			sequenceId: "medassist-sequence",
+		});
+		sendPushNotificationMock.mockResolvedValue({ success: true, providerMessageId: "ntfy-msg-1" });
+
+		const logger = createLogger();
+
+		await checkAndSendIntakeRemindersForUser(
+			{
+				userId: 11,
+				language: "en",
+				stockCalculationMode: "manual",
+				emailEnabled: false,
+				notificationEmail: null,
+				emailIntakeReminders: false,
+				shoutrrrEnabled: true,
+				shoutrrrUrl: "ntfy://ntfy.sh/medassist",
+				shoutrrrIntakeReminders: true,
+				repeatRemindersEnabled: false,
+			} as never,
+			logger as never
+		);
+
+		expect(createNotificationActionContextMock).toHaveBeenCalledWith(
+			expect.objectContaining({
+				userId: 11,
+				publicAppUrl: "https://app.example.com",
+				language: "en",
+				actionMode: "full",
+				doseIds: [expect.stringMatching(/^7-0-/)],
+			})
+		);
+		expect(sendPushNotificationMock).toHaveBeenCalledWith(
+			"ntfy://ntfy.sh/medassist",
+			expect.any(String),
+			expect.any(String),
+			expect.objectContaining({
+				actions: [
+					{
+						kind: "taken",
+						label: "Taken",
+						url: "https://app.example.com/api/notification-actions/taken",
+						method: "POST",
+					},
+				],
+				respondUrl: "https://app.example.com/api/notification-actions/respond",
+				viewUrl: "https://app.example.com/?date=2026-01-05",
+				clickUrl: "https://app.example.com/api/notification-actions/respond",
+				sequenceId: "medassist-sequence",
+				tags: ["pill"],
+				priority: 3,
+			})
+		);
+		expect(storeNotificationActionGroupNtfyMessageIdMock).toHaveBeenCalledWith(41, "ntfy-msg-1");
+		expect(logger.info).toHaveBeenCalledWith(expect.stringContaining("Notification action context ready"));
+		expect(logger.info).toHaveBeenCalledWith(expect.stringContaining("Sending push reminder"));
+		expect(logger.info).toHaveBeenCalledWith(expect.stringContaining("Push delivered"));
+	});
+
+	it("uses view-only actions for grouped intake reminders", async () => {
+		mockedEnv.PUBLIC_APP_URL = "https://app.example.com";
+
+		const selectMock = vi.mocked(mockedDb.select);
+		selectMock
+			.mockImplementationOnce(() => mockSelectWhere([{ username: "grouped-user" }]))
+			.mockImplementationOnce(() =>
+				mockSelectWhere([
+					{
+						id: 7,
+						userId: 13,
+						name: "Calcium",
+						genericName: null,
+						takenByJson: null,
+						packageType: "blister",
+						medicationForm: "tablet",
+						packCount: 1,
+						blistersPerPack: 1,
+						pillsPerBlister: 10,
+						looseTablets: 0,
+						stockAdjustment: 0,
+						pillWeightMg: null,
+						doseUnit: "mg",
+						isObsolete: false,
+						intakeRemindersEnabled: true,
+						intakesJson: "[]",
+						usageJson: "[]",
+						everyJson: "[]",
+						startJson: "[]",
+					},
+					{
+						id: 8,
+						userId: 13,
+						name: "Vitamin D",
+						genericName: null,
+						takenByJson: null,
+						packageType: "blister",
+						medicationForm: "tablet",
+						packCount: 1,
+						blistersPerPack: 1,
+						pillsPerBlister: 10,
+						looseTablets: 0,
+						stockAdjustment: 0,
+						pillWeightMg: null,
+						doseUnit: "mg",
+						isObsolete: false,
+						intakeRemindersEnabled: true,
+						intakesJson: "[]",
+						usageJson: "[]",
+						everyJson: "[]",
+						startJson: "[]",
+					},
+				])
+			)
+			.mockImplementationOnce(() => mockSelectWhere([]));
+
+		createNotificationActionContextMock.mockResolvedValue({
+			actions: [
+				{
+					kind: "view",
+					label: "View",
+					url: "https://app.example.com/dashboard?day=2026-01-05&dose=7-0-1736075700000",
+					method: "GET",
+				},
+			],
+			viewUrl: "https://app.example.com/dashboard?day=2026-01-05&dose=7-0-1736075700000",
+		});
+		sendPushNotificationMock.mockResolvedValue({ success: true });
+
+		const logger = createLogger();
+
+		await checkAndSendIntakeRemindersForUser(
+			{
+				userId: 13,
+				language: "en",
+				stockCalculationMode: "manual",
+				emailEnabled: false,
+				notificationEmail: null,
+				emailIntakeReminders: false,
+				shoutrrrEnabled: true,
+				shoutrrrUrl: "ntfy://ntfy.sh/medassist",
+				shoutrrrIntakeReminders: true,
+				repeatRemindersEnabled: false,
+			} as never,
+			logger as never
+		);
+
+		expect(createNotificationActionContextMock).toHaveBeenCalledWith(
+			expect.objectContaining({
+				userId: 13,
+				publicAppUrl: "https://app.example.com",
+				language: "en",
+				actionMode: "view-only",
+				doseIds: [expect.stringMatching(/^7-0-/), expect.stringMatching(/^8-0-/)],
+			})
+		);
+		expect(sendPushNotificationMock).toHaveBeenCalledWith(
+			"ntfy://ntfy.sh/medassist",
+			expect.any(String),
+			expect.any(String),
+			expect.objectContaining({
+				actions: [
+					{
+						kind: "view",
+						label: "View",
+						url: "https://app.example.com/dashboard?day=2026-01-05&dose=7-0-1736075700000",
+						method: "GET",
+					},
+				],
+				respondUrl: undefined,
+				viewUrl: "https://app.example.com/dashboard?day=2026-01-05&dose=7-0-1736075700000",
+				clickUrl: "https://app.example.com/dashboard?day=2026-01-05&dose=7-0-1736075700000",
+				sequenceId: undefined,
+				tags: ["pill"],
+				priority: 3,
+			})
+		);
+	});
+
+	it("sends push notifications without actions when PUBLIC_APP_URL is missing", async () => {
+		createNotificationActionContextMock.mockResolvedValue(null);
+
+		const selectMock = vi.mocked(mockedDb.select);
+		selectMock
+			.mockImplementationOnce(() => mockSelectWhere([{ username: "pushless-user" }]))
+			.mockImplementationOnce(() =>
+				mockSelectWhere([
+					{
+						id: 7,
+						userId: 12,
+						name: "Calcium",
+						genericName: null,
+						takenByJson: null,
+						packageType: "blister",
+						medicationForm: "tablet",
+						packCount: 1,
+						blistersPerPack: 1,
+						pillsPerBlister: 10,
+						looseTablets: 0,
+						stockAdjustment: 0,
+						pillWeightMg: null,
+						doseUnit: "mg",
+						isObsolete: false,
+						intakeRemindersEnabled: true,
+						intakesJson: "[]",
+						usageJson: "[]",
+						everyJson: "[]",
+						startJson: "[]",
+					},
+				])
+			)
+			.mockImplementationOnce(() => mockSelectWhere([]));
+
+		sendPushNotificationMock.mockResolvedValue({ success: true });
+
+		const logger = createLogger();
+
+		await checkAndSendIntakeRemindersForUser(
+			{
+				userId: 12,
+				language: "en",
+				stockCalculationMode: "manual",
+				emailEnabled: false,
+				notificationEmail: null,
+				emailIntakeReminders: false,
+				shoutrrrEnabled: true,
+				shoutrrrUrl: "ntfy://ntfy.sh/medassist",
+				shoutrrrIntakeReminders: true,
+				repeatRemindersEnabled: false,
+			} as never,
+			logger as never
+		);
+
+		expect(createNotificationActionContextMock).toHaveBeenCalledWith(
+			expect.objectContaining({
+				userId: 12,
+				publicAppUrl: undefined,
+			})
+		);
+		expect(sendPushNotificationMock).toHaveBeenCalledWith(
+			"ntfy://ntfy.sh/medassist",
+			expect.any(String),
+			expect.any(String),
+			expect.objectContaining({
+				actions: undefined,
+				respondUrl: undefined,
+				viewUrl: undefined,
+				clickUrl: undefined,
+				tags: ["pill"],
+				priority: 3,
+			})
+		);
+		expect(logger.warn).toHaveBeenCalledWith(
+			expect.stringContaining("No reachable public app URL configured; sending intake reminders without actions")
+		);
+	});
+
+	it("falls back to push delivery without actions when action context generation fails", async () => {
+		mockedEnv.PUBLIC_APP_URL = "https://app.example.com";
+
+		const selectMock = vi.mocked(mockedDb.select);
+		selectMock
+			.mockImplementationOnce(() => mockSelectWhere([{ username: "context-failure-user" }]))
+			.mockImplementationOnce(() =>
+				mockSelectWhere([
+					{
+						id: 7,
+						userId: 15,
+						name: "Calcium",
+						genericName: null,
+						takenByJson: null,
+						packageType: "blister",
+						medicationForm: "tablet",
+						packCount: 1,
+						blistersPerPack: 1,
+						pillsPerBlister: 10,
+						looseTablets: 0,
+						stockAdjustment: 0,
+						pillWeightMg: null,
+						doseUnit: "mg",
+						isObsolete: false,
+						intakeRemindersEnabled: true,
+						intakesJson: "[]",
+						usageJson: "[]",
+						everyJson: "[]",
+						startJson: "[]",
+					},
+				])
+			)
+			.mockImplementationOnce(() => mockSelectWhere([]));
+
+		createNotificationActionContextMock.mockRejectedValue(new Error("action context write failed"));
+		sendPushNotificationMock.mockResolvedValue({ success: true });
+
+		const logger = createLogger();
+
+		await checkAndSendIntakeRemindersForUser(
+			{
+				userId: 15,
+				language: "en",
+				stockCalculationMode: "manual",
+				emailEnabled: false,
+				notificationEmail: null,
+				emailIntakeReminders: false,
+				shoutrrrEnabled: true,
+				shoutrrrUrl: "ntfy://ntfy.sh/medassist",
+				shoutrrrIntakeReminders: true,
+				repeatRemindersEnabled: false,
+			} as never,
+			logger as never
+		);
+
+		expect(sendPushNotificationMock).toHaveBeenCalledWith(
+			"ntfy://ntfy.sh/medassist",
+			expect.any(String),
+			expect.any(String),
+			expect.objectContaining({
+				actions: undefined,
+				respondUrl: undefined,
+				viewUrl: undefined,
+				clickUrl: undefined,
+			})
+		);
+		expect(logger.error).toHaveBeenCalledWith(expect.stringContaining("Notification action context failed"));
+		expect(logger.warn).toHaveBeenCalledWith(
+			expect.stringContaining("Sending intake reminders without actions after action context failure")
+		);
+		expect(logger.info).toHaveBeenCalledWith(expect.stringContaining("Sending push reminder"));
+		expect(logger.info).toHaveBeenCalledWith(expect.stringContaining("Push delivered"));
+	});
+
+	it("logs enriched push delivery failures with action context metadata", async () => {
+		mockedEnv.PUBLIC_APP_URL = "https://app.example.com";
+
+		const selectMock = vi.mocked(mockedDb.select);
+		selectMock
+			.mockImplementationOnce(() => mockSelectWhere([{ username: "push-failure-user" }]))
+			.mockImplementationOnce(() =>
+				mockSelectWhere([
+					{
+						id: 7,
+						userId: 16,
+						name: "Calcium",
+						genericName: null,
+						takenByJson: null,
+						packageType: "blister",
+						medicationForm: "tablet",
+						packCount: 1,
+						blistersPerPack: 1,
+						pillsPerBlister: 10,
+						looseTablets: 0,
+						stockAdjustment: 0,
+						pillWeightMg: null,
+						doseUnit: "mg",
+						isObsolete: false,
+						intakeRemindersEnabled: true,
+						intakesJson: "[]",
+						usageJson: "[]",
+						everyJson: "[]",
+						startJson: "[]",
+					},
+				])
+			)
+			.mockImplementationOnce(() => mockSelectWhere([]));
+
+		createNotificationActionContextMock.mockResolvedValue({
+			groupId: 52,
+			actions: [
+				{
+					kind: "taken",
+					label: "Taken",
+					url: "https://app.example.com/api/notification-actions/taken",
+					method: "POST",
+				},
+			],
+			respondUrl: "https://app.example.com/api/notification-actions/respond",
+			viewUrl: "https://app.example.com/?date=2026-01-05",
+			sequenceId: "medassist-sequence",
+		});
+		sendPushNotificationMock.mockResolvedValue({ success: false, error: "HTTP 500: upstream down" });
+
+		const logger = createLogger();
+
+		await checkAndSendIntakeRemindersForUser(
+			{
+				userId: 16,
+				language: "en",
+				stockCalculationMode: "manual",
+				emailEnabled: false,
+				notificationEmail: null,
+				emailIntakeReminders: false,
+				shoutrrrEnabled: true,
+				shoutrrrUrl: "ntfy://ntfy.sh/medassist",
+				shoutrrrIntakeReminders: true,
+				repeatRemindersEnabled: false,
+			} as never,
+			logger as never
+		);
+
+		expect(logger.info).toHaveBeenCalledWith(expect.stringContaining("Notification action context ready"));
+		expect(logger.info).toHaveBeenCalledWith(expect.stringContaining("Sending push reminder"));
+		expect(logger.error).toHaveBeenCalledWith(expect.stringContaining("Push delivery failed"));
+		expect(logger.error).toHaveBeenCalledWith(expect.stringContaining("provider=ntfy"));
+		expect(logger.error).toHaveBeenCalledWith(expect.stringContaining("actionMode=full"));
+		expect(storeNotificationActionGroupNtfyMessageIdMock).not.toHaveBeenCalled();
+	});
+
+	it("warns but keeps reminder flow alive when ntfy message id persistence fails", async () => {
+		mockedEnv.PUBLIC_APP_URL = "https://app.example.com";
+
+		const selectMock = vi.mocked(mockedDb.select);
+		selectMock
+			.mockImplementationOnce(() => mockSelectWhere([{ username: "persist-warning-user" }]))
+			.mockImplementationOnce(() =>
+				mockSelectWhere([
+					{
+						id: 7,
+						userId: 17,
+						name: "Calcium",
+						genericName: null,
+						takenByJson: null,
+						packageType: "blister",
+						medicationForm: "tablet",
+						packCount: 1,
+						blistersPerPack: 1,
+						pillsPerBlister: 10,
+						looseTablets: 0,
+						stockAdjustment: 0,
+						pillWeightMg: null,
+						doseUnit: "mg",
+						isObsolete: false,
+						intakeRemindersEnabled: true,
+						intakesJson: "[]",
+						usageJson: "[]",
+						everyJson: "[]",
+						startJson: "[]",
+					},
+				])
+			)
+			.mockImplementationOnce(() => mockSelectWhere([]));
+
+		createNotificationActionContextMock.mockResolvedValue({
+			groupId: 77,
+			actions: [
+				{
+					kind: "taken",
+					label: "Taken",
+					url: "https://app.example.com/api/notification-actions/taken",
+					method: "POST",
+				},
+			],
+			respondUrl: "https://app.example.com/api/notification-actions/respond",
+			viewUrl: "https://app.example.com/?date=2026-01-05",
+			sequenceId: "medassist-sequence",
+		});
+		sendPushNotificationMock.mockResolvedValue({ success: true, providerMessageId: "ntfy-msg-77" });
+		storeNotificationActionGroupNtfyMessageIdMock.mockRejectedValue(new Error("db write failed"));
+
+		const logger = createLogger();
+
+		await checkAndSendIntakeRemindersForUser(
+			{
+				userId: 17,
+				language: "en",
+				stockCalculationMode: "manual",
+				emailEnabled: false,
+				notificationEmail: null,
+				emailIntakeReminders: false,
+				shoutrrrEnabled: true,
+				shoutrrrUrl: "ntfy://ntfy.sh/medassist",
+				shoutrrrIntakeReminders: true,
+				repeatRemindersEnabled: false,
+			} as never,
+			logger as never
+		);
+
+		expect(storeNotificationActionGroupNtfyMessageIdMock).toHaveBeenCalledWith(77, "ntfy-msg-77");
+		expect(logger.warn).toHaveBeenCalledWith(expect.stringContaining("Failed to store ntfy message id"));
+		expect(logger.info).toHaveBeenCalledWith(expect.stringContaining("Push delivered"));
+	});
+
+	it("does not send intake reminders for reminder-enabled medications with empty stock", async () => {
+		const selectMock = vi.mocked(mockedDb.select);
+		selectMock
+			.mockImplementationOnce(() => mockSelectWhere([{ username: "empty-stock-user" }]))
+			.mockImplementationOnce(() =>
+				mockSelectWhere([
+					{
+						id: 7,
+						userId: 14,
+						name: "Calcium",
+						genericName: null,
+						takenByJson: null,
+						packageType: "blister",
+						medicationForm: "tablet",
+						packCount: 0,
+						blistersPerPack: 1,
+						pillsPerBlister: 10,
+						looseTablets: 0,
+						stockAdjustment: 0,
+						pillWeightMg: null,
+						doseUnit: "mg",
+						isObsolete: false,
+						intakeRemindersEnabled: true,
+						intakesJson: "[]",
+						usageJson: "[]",
+						everyJson: "[]",
+						startJson: "[]",
+					},
+				])
+			)
+			.mockImplementationOnce(() => mockSelectWhere([]));
+
+		const logger = createLogger();
+
+		await checkAndSendIntakeRemindersForUser(
+			{
+				userId: 14,
+				language: "en",
+				stockCalculationMode: "manual",
+				emailEnabled: false,
+				notificationEmail: null,
+				emailIntakeReminders: false,
+				shoutrrrEnabled: true,
+				shoutrrrUrl: "ntfy://ntfy.sh/medassist",
+				shoutrrrIntakeReminders: true,
+				repeatRemindersEnabled: false,
+			} as never,
+			logger as never
+		);
+
+		expect(createNotificationActionContextMock).not.toHaveBeenCalled();
+		expect(sendPushNotificationMock).not.toHaveBeenCalled();
+		expect(logger.info).toHaveBeenCalledWith(
+			expect.stringContaining("Skipping reminder-enabled medications with empty stock")
+		);
+		expect(logger.info).toHaveBeenCalledWith(
+			expect.stringContaining("No reminder-eligible medications with stock remaining")
+		);
+	});
+});
@@ -117,6 +117,7 @@ async function createSchema(client: Client) {
 		`CREATE TABLE IF NOT EXISTS user_settings (
      id integer PRIMARY KEY AUTOINCREMENT,
      user_id integer NOT NULL UNIQUE,
+		timezone text NOT NULL DEFAULT '',
      email_enabled integer NOT NULL DEFAULT 0,
      notification_email text,
      email_stock_reminders integer NOT NULL DEFAULT 1,
@@ -0,0 +1,186 @@
+import { describe, expect, it } from "vitest";
+import {
+	getNotificationActionLabels,
+	isNtfyNotificationUrl,
+	type PushNotificationAction,
+	renderNotificationActionPayload,
+} from "../services/notifications/action-renderer.js";
+
+function decodeRfc2047Base64(value: string): string {
+	const match = /^=\?UTF-8\?B\?(.+)\?=$/.exec(value);
+	if (!match) {
+		return value;
+	}
+
+	return Buffer.from(match[1], "base64").toString("utf-8");
+}
+
+const actions: PushNotificationAction[] = [
+	{
+		kind: "taken",
+		label: "Take",
+		url: "https://app.example.com/api/notification-actions/taken-token",
+		method: "POST",
+	},
+	{
+		kind: "skip",
+		label: "Skip",
+		url: "https://app.example.com/api/notification-actions/skip-token",
+		method: "POST",
+	},
+	{ kind: "view", label: "View", url: "https://app.example.com/?date=2026-01-05", method: "GET" },
+];
+
+describe("notification action renderer", () => {
+	it("builds ntfy native actions without duplicate click headers", () => {
+		const result = renderNotificationActionPayload("ntfy://ntfy.sh/medassist", "Body", {
+			actions,
+			clickUrl: "https://app.example.com/api/notification-actions/respond-token",
+			respondUrl: "https://app.example.com/api/notification-actions/respond-token",
+			viewUrl: "https://app.example.com/?date=2026-01-05",
+			tags: ["pill"],
+			priority: 4,
+			sequenceId: "medassist-sequence",
+		});
+
+		expect(result.message).toBe("Body");
+		expect(result.headers).toMatchObject({
+			Tags: "pill",
+			Priority: "4",
+			"X-Sequence-ID": "medassist-sequence",
+		});
+		expect(result.headers.Click).toBeUndefined();
+
+		const parsedActions = JSON.parse(result.headers.Actions ?? "[]");
+		expect(parsedActions).toEqual([
+			{
+				action: "http",
+				label: "Take",
+				url: "https://app.example.com/api/notification-actions/taken-token",
+				method: "POST",
+				clear: true,
+			},
+			{
+				action: "http",
+				label: "Skip",
+				url: "https://app.example.com/api/notification-actions/skip-token",
+				method: "POST",
+				clear: true,
+			},
+			{
+				action: "view",
+				label: "View",
+				url: "https://app.example.com/?date=2026-01-05",
+				clear: false,
+			},
+		]);
+	});
+
+	it("keeps the ntfy click header when there are no native actions", () => {
+		const result = renderNotificationActionPayload("ntfy://ntfy.sh/medassist", "Body", {
+			clickUrl: "https://app.example.com/api/notification-actions/respond-token",
+		});
+
+		expect(result.headers.Click).toBe("https://app.example.com/api/notification-actions/respond-token");
+	});
+
+	it("treats direct https ntfy URLs as ntfy targets with native actions", () => {
+		const result = renderNotificationActionPayload("https://ntfy.danielvolz.org/medis_test", "Body", {
+			actions,
+			clickUrl: "https://app.example.com/api/notification-actions/respond-token",
+			respondUrl: "https://app.example.com/api/notification-actions/respond-token",
+			viewUrl: "https://app.example.com/?date=2026-01-05",
+		});
+
+		expect(isNtfyNotificationUrl("https://ntfy.danielvolz.org/medis_test")).toBe(true);
+		expect(result.message).toBe("Body");
+		expect(result.headers.Actions).toBeTruthy();
+		expect(result.message).not.toContain("Respond:");
+	});
+
+	it("keeps insecure http mutation targets as direct ntfy http actions without the dev fallback", () => {
+		const result = renderNotificationActionPayload("https://ntfy.danielvolz.org/medis_test", "Body", {
+			actions: [
+				{
+					kind: "taken",
+					label: "Take",
+					url: "http://192.168.0.113:5173/api/notification-actions/taken-token",
+					method: "POST",
+				},
+			],
+		});
+
+		expect(JSON.parse(result.headers.Actions ?? "[]")).toEqual([
+			{
+				action: "http",
+				label: "Take",
+				url: "http://192.168.0.113:5173/api/notification-actions/taken-token",
+				method: "POST",
+				clear: true,
+			},
+		]);
+	});
+
+	it("encodes non-ascii ntfy action labels as RFC 2047 headers", () => {
+		const result = renderNotificationActionPayload("https://ntfy.danielvolz.org/medis_test", "Body", {
+			actions: [
+				{
+					kind: "skip",
+					label: "Überspringen",
+					url: "https://app.example.com/api/notification-actions/skip-token",
+					method: "POST",
+				},
+				{
+					kind: "view",
+					label: "Öffnen",
+					url: "https://app.example.com/?date=2026-01-05",
+					method: "GET",
+				},
+			],
+		});
+
+		expect(result.headers.Actions).toMatch(/^=\?UTF-8\?B\?/);
+		expect(JSON.parse(decodeRfc2047Base64(result.headers.Actions ?? "[]"))).toEqual([
+			{
+				action: "http",
+				label: "Überspringen",
+				url: "https://app.example.com/api/notification-actions/skip-token",
+				method: "POST",
+				clear: true,
+			},
+			{
+				action: "view",
+				label: "Öffnen",
+				url: "https://app.example.com/?date=2026-01-05",
+				clear: false,
+			},
+		]);
+	});
+
+	it("uses consistent action-form labels for English and German", () => {
+		expect(getNotificationActionLabels("en")).toEqual({
+			taken: "Take",
+			skip: "Skip",
+			respond: "Respond",
+			view: "View",
+		});
+		expect(getNotificationActionLabels("de")).toEqual({
+			taken: "Einnehmen",
+			skip: "Überspringen",
+			respond: "Antworten",
+			view: "Öffnen",
+		});
+	});
+
+	it("appends respond and view fallback links for non-ntfy providers", () => {
+		const result = renderNotificationActionPayload("https://hooks.slack.com/services/a/b/c", "Body", {
+			respondUrl: "https://app.example.com/api/notification-actions/respond-token",
+			viewUrl: "https://app.example.com/?date=2026-01-05",
+		});
+
+		expect(result.headers).toEqual({});
+		expect(result.message).toBe(
+			"Body\n\nRespond:\nhttps://app.example.com/api/notification-actions/respond-token\n\nView:\nhttps://app.example.com/?date=2026-01-05"
+		);
+	});
+});
@@ -0,0 +1,587 @@
+import { dirname, resolve } from "node:path";
+import { fileURLToPath } from "node:url";
+import { migrate } from "drizzle-orm/libsql/migrator";
+import Fastify from "fastify";
+import { afterAll, beforeAll, beforeEach, describe, expect, it, vi } from "vitest";
+import { runAlterMigrations } from "../db/db-utils.js";
+import { documentationSchemaAjv } from "../utils/documentation-schema-keywords.js";
+
+const { testClient, testDb, mockedEnv, fetchMock, mockLogger } = vi.hoisted(() => {
+	const { createClient } = require("@libsql/client");
+	const { drizzle } = require("drizzle-orm/libsql");
+	const client = createClient({ url: ":memory:" });
+	const db = drizzle(client);
+	const logger = {
+		info: vi.fn(),
+		warn: vi.fn(),
+		error: vi.fn(),
+		debug: vi.fn(),
+		trace: vi.fn(),
+		fatal: vi.fn(),
+		silent: vi.fn(),
+		level: "info",
+		child: vi.fn(),
+	};
+	logger.child.mockImplementation(() => logger);
+
+	return {
+		testClient: client,
+		testDb: db,
+		fetchMock: vi.fn(),
+		mockLogger: logger,
+		mockedEnv: {
+			AUTH_ENABLED: false,
+			OIDC_ENABLED: false,
+			OIDC_PROVIDER_NAME: "SSO",
+			NODE_ENV: "test",
+			LOG_LEVEL: "silent",
+			PORT: 3000,
+			CORS_ORIGINS: "*",
+			PUBLIC_APP_URL: "https://app.example.com",
+			OPENAPI_DOCS_ENABLED: false,
+		},
+	};
+});
+
+global.fetch = fetchMock;
+
+vi.mock("../db/client.js", () => ({
+	db: testDb,
+	migrationsReady: Promise.resolve(),
+}));
+
+vi.mock("../plugins/env.js", () => ({ env: mockedEnv }));
+
+const { notificationActionRoutes } = await import("../routes/notification-actions.js");
+const { createNotificationActionContext } = await import("../services/notification-actions-service.js");
+
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = dirname(__filename);
+const migrationsFolder = resolve(__dirname, "../../drizzle");
+
+function extractToken(url: string): string {
+	return url.split("/").at(-1) ?? "";
+}
+
+async function clearTables() {
+	await testClient.execute("DELETE FROM dose_tracking");
+	await testClient.execute("DELETE FROM notification_action_tokens");
+	await testClient.execute("DELETE FROM notification_action_groups");
+	await testClient.execute("DELETE FROM medications");
+	await testClient.execute("DELETE FROM user_settings");
+	await testClient.execute("DELETE FROM users");
+}
+
+async function createUser(username: string) {
+	const result = await testClient.execute({
+		sql: "INSERT INTO users (username, auth_provider, is_active) VALUES (?, 'local', 1) RETURNING id",
+		args: [username],
+	});
+
+	return Number(result.rows[0].id);
+}
+
+async function insertMedication(options: { id: number; userId: number; packCount?: number; looseTablets?: number }) {
+	const start = "2026-01-05T08:00:00.000Z";
+	await testClient.execute({
+		sql: `INSERT INTO medications (
+			id, user_id, name, taken_by_json, medication_form, package_type,
+			pack_count, blisters_per_pack, pills_per_blister, loose_tablets, stock_adjustment,
+			usage_json, every_json, start_json, intakes_json, intake_reminders_enabled
+		) VALUES (?, ?, 'Route Medication', '[]', 'tablet', 'blister', ?, 1, 10, ?, 0, ?, ?, ?, ?, 1)`,
+		args: [
+			options.id,
+			options.userId,
+			options.packCount ?? 1,
+			options.looseTablets ?? 0,
+			JSON.stringify([1]),
+			JSON.stringify([1]),
+			JSON.stringify([start]),
+			JSON.stringify([{ usage: 1, every: 1, start, takenBy: null, intakeRemindersEnabled: true }]),
+		],
+	});
+}
+
+async function insertUserSettings(
+	userId: number,
+	stockCalculationMode: "automatic" | "manual" = "automatic",
+	overrides: { shoutrrrEnabled?: boolean; shoutrrrUrl?: string | null } = {}
+) {
+	await testClient.execute({
+		sql: "INSERT INTO user_settings (user_id, stock_calculation_mode, shoutrrr_enabled, shoutrrr_url) VALUES (?, ?, ?, ?)",
+		args: [userId, stockCalculationMode, overrides.shoutrrrEnabled ? 1 : 0, overrides.shoutrrrUrl ?? null],
+	});
+}
+
+async function seedContext(options: { userId: number; doseId: string }) {
+	const scheduledFor = new Date("2026-01-05T08:00:00.000Z");
+	const context = await createNotificationActionContext({
+		userId: options.userId,
+		title: "Reminder",
+		message: "Take your medication now",
+		doseIds: [options.doseId],
+		scheduledFor,
+		publicAppUrl: mockedEnv.PUBLIC_APP_URL,
+		language: "en",
+	});
+
+	return {
+		respondToken: extractToken(context!.respondUrl!),
+		takenToken: extractToken(context!.actions.find((action) => action.kind === "taken")!.url),
+		skipToken: extractToken(context!.actions.find((action) => action.kind === "skip")!.url),
+		context: context!,
+	};
+}
+
+describe("notification action routes", () => {
+	let app: Awaited<ReturnType<typeof Fastify>>;
+
+	beforeAll(async () => {
+		await migrate(testDb, { migrationsFolder });
+		await runAlterMigrations(testClient);
+		app = Fastify({ loggerInstance: mockLogger, disableRequestLogging: true, ajv: documentationSchemaAjv });
+		await app.register(notificationActionRoutes);
+		await app.ready();
+	});
+
+	afterAll(async () => {
+		await app.close();
+		testClient.close();
+	});
+
+	beforeEach(async () => {
+		await clearTables();
+		mockedEnv.PUBLIC_APP_URL = "https://app.example.com";
+		mockedEnv.NODE_ENV = "test";
+		fetchMock.mockReset();
+		fetchMock.mockResolvedValue({ ok: true });
+		mockLogger.info.mockClear();
+		mockLogger.warn.mockClear();
+		mockLogger.error.mockClear();
+		mockLogger.debug.mockClear();
+		mockLogger.trace.mockClear();
+		mockLogger.fatal.mockClear();
+		mockLogger.child.mockClear();
+	});
+
+	it("renders HTML for respond tokens without mutating state", async () => {
+		const userId = await createUser("notification-route-get");
+		const { respondToken } = await seedContext({ userId, doseId: "5-0-1736064000000" });
+
+		const response = await app.inject({
+			method: "GET",
+			url: `/notification-actions/${respondToken}`,
+			headers: { accept: "text/html" },
+		});
+
+		expect(response.statusCode).toBe(200);
+		expect(response.headers["content-type"]).toContain("text/html");
+		expect(response.body).toContain("Respond to reminder");
+		expect(response.body).toContain("Take your medication now");
+
+		const rows = await testClient.execute({
+			sql: `SELECT g.resolved_action, t.used_at
+			      FROM notification_action_groups g
+			      INNER JOIN notification_action_tokens t ON t.group_id = g.id
+			      WHERE t.kind = 'respond'`,
+		});
+		expect(rows.rows).toEqual([expect.objectContaining({ resolved_action: null, used_at: null })]);
+	});
+
+	it("returns the expected GET behavior for missing, non-respond, and expired tokens", async () => {
+		const missing = await app.inject({ method: "GET", url: "/notification-actions/missing-token" });
+		expect(missing.statusCode).toBe(404);
+
+		const userId = await createUser("notification-route-errors");
+		const { respondToken, takenToken } = await seedContext({ userId, doseId: "5-0-1736064000000" });
+
+		const nonRespond = await app.inject({
+			method: "GET",
+			url: `/notification-actions/${takenToken}`,
+			headers: { accept: "text/html" },
+		});
+		expect(nonRespond.statusCode).toBe(405);
+		expect(nonRespond.json()).toEqual({ error: "Direct GET is only available for respond actions" });
+
+		await testClient.execute({
+			sql: "UPDATE notification_action_groups SET expires_at = ?",
+			args: [new Date(0)],
+		});
+
+		const expired = await app.inject({ method: "GET", url: `/notification-actions/${respondToken}` });
+		expect(expired.statusCode).toBe(410);
+		expect(expired.json()).toEqual({ error: "Notification action has expired" });
+	});
+
+	it("shows an already-processed HTML state for resolved respond tokens", async () => {
+		const userId = await createUser("notification-route-resolved");
+		const { respondToken } = await seedContext({ userId, doseId: "5-0-1736064000000" });
+		await testClient.execute({
+			sql: "UPDATE notification_action_groups SET resolved_action = 'skip', resolved_at = ?",
+			args: [new Date()],
+		});
+
+		const response = await app.inject({
+			method: "GET",
+			url: `/notification-actions/${respondToken}`,
+			headers: { accept: "text/html" },
+		});
+
+		expect(response.statusCode).toBe(200);
+		expect(response.body).toContain("Already processed");
+		expect(response.body).toContain(
+			"This intake is already marked as skipped. If you want to mark it as taken instead, open MedAssist and do that there."
+		);
+	});
+
+	it("skips doses through a respond token and returns friendly success for already-resolved follow-up actions", async () => {
+		const userId = await createUser("notification-route-skip");
+		const { respondToken, takenToken } = await seedContext({ userId, doseId: "5-0-1736064000000" });
+
+		const response = await app.inject({
+			method: "POST",
+			url: `/notification-actions/${respondToken}`,
+			payload: { action: "skip" },
+		});
+
+		expect(response.statusCode).toBe(200);
+		expect(response.json()).toEqual({ success: true, action: "skip" });
+		expect(mockLogger.info).toHaveBeenCalledWith(
+			expect.objectContaining({
+				userId,
+				groupId: expect.any(Number),
+				tokenKind: "respond",
+				doseCount: 1,
+				hasViewUrl: true,
+				requestedAction: "skip",
+			}),
+			"[NotificationActions] Recorded notification action"
+		);
+
+		const dismissedRow = await testClient.execute({
+			sql: "SELECT dismissed, taken_at FROM dose_tracking WHERE user_id = ? AND dose_id = ?",
+			args: [userId, "5-0-1736064000000"],
+		});
+		expect(dismissedRow.rows).toEqual([expect.objectContaining({ dismissed: 1, taken_at: 0 })]);
+
+		const groupRow = await testClient.execute({
+			sql: "SELECT resolved_action FROM notification_action_groups",
+		});
+		expect(groupRow.rows).toEqual([expect.objectContaining({ resolved_action: "skip" })]);
+
+		const conflict = await app.inject({
+			method: "POST",
+			url: `/notification-actions/${takenToken}`,
+		});
+
+		expect(conflict.statusCode).toBe(200);
+		expect(conflict.json()).toEqual({
+			success: true,
+			action: "skip",
+			alreadyProcessed: true,
+			message: "This intake is already marked as skipped. Changes can only be made in MedAssist.",
+		});
+	});
+
+	it("keeps legacy dismiss respond actions working as a skip alias", async () => {
+		const userId = await createUser("notification-route-dismiss-alias");
+		const { respondToken } = await seedContext({ userId, doseId: "5-0-1736064000000" });
+
+		const response = await app.inject({
+			method: "POST",
+			url: `/notification-actions/${respondToken}`,
+			payload: { action: "dismiss" },
+		});
+
+		expect(response.statusCode).toBe(200);
+		expect(response.json()).toEqual({ success: true, action: "skip" });
+
+		const groupRow = await testClient.execute({
+			sql: "SELECT resolved_action FROM notification_action_groups",
+		});
+		expect(groupRow.rows).toEqual([expect.objectContaining({ resolved_action: "skip" })]);
+	});
+
+	it("returns an undo hint when a reminder was already taken before a follow-up skip action", async () => {
+		const userId = await createUser("notification-route-taken-followup");
+		await insertMedication({ id: 5, userId, packCount: 1, looseTablets: 0 });
+		await insertUserSettings(userId, "automatic");
+		const { takenToken, respondToken } = await seedContext({ userId, doseId: "5-0-1736064000000" });
+
+		const firstResponse = await app.inject({
+			method: "POST",
+			url: `/notification-actions/${takenToken}`,
+		});
+
+		expect(firstResponse.statusCode).toBe(200);
+		expect(firstResponse.json()).toEqual({ success: true, action: "taken" });
+
+		const followUpHtml = await app.inject({
+			method: "GET",
+			url: `/notification-actions/${respondToken}`,
+			headers: { accept: "text/html" },
+		});
+
+		expect(followUpHtml.statusCode).toBe(200);
+		expect(followUpHtml.body).toContain(
+			"This dose is already marked as taken. If you need to change it, open MedAssist and undo it there."
+		);
+
+		const followUpJson = await app.inject({
+			method: "POST",
+			url: `/notification-actions/${respondToken}`,
+			payload: { action: "skip" },
+		});
+
+		expect(followUpJson.statusCode).toBe(200);
+		expect(followUpJson.json()).toEqual({
+			success: true,
+			action: "taken",
+			alreadyProcessed: true,
+			message: "This dose is already marked as taken. Changes can only be made in MedAssist.",
+		});
+	});
+
+	it("replaces the original ntfy notification after a successful action with a view-only confirmation", async () => {
+		const userId = await createUser("notification-route-ntfy-delete");
+		await insertMedication({ id: 5, userId, packCount: 1, looseTablets: 0 });
+		await insertUserSettings(userId, "automatic", {
+			shoutrrrEnabled: true,
+			shoutrrrUrl: "ntfy://user:pass@ntfy.example.com/medassist",
+		});
+		const { takenToken, context } = await seedContext({ userId, doseId: "5-0-1736064000000" });
+		fetchMock.mockResolvedValueOnce({ ok: true, json: () => Promise.resolve({ id: "ntfy-msg-2" }) });
+
+		const response = await app.inject({
+			method: "POST",
+			url: `/notification-actions/${takenToken}`,
+		});
+
+		expect(response.statusCode).toBe(200);
+		expect(fetchMock).toHaveBeenCalledTimes(1);
+
+		const [targetUrl, requestInit] = fetchMock.mock.calls[0] ?? [];
+		expect(targetUrl).toBe("https://ntfy.example.com/medassist");
+		expect(requestInit).toEqual(
+			expect.objectContaining({
+				method: "POST",
+				body: "Take your medication now\n\n✅ This dose was marked as taken.",
+				redirect: "error",
+				headers: expect.objectContaining({
+					Authorization: expect.stringMatching(/^Basic /),
+					"X-Sequence-ID": context.sequenceId,
+				}),
+			})
+		);
+
+		const actionHeader = String((requestInit as { headers?: Record<string, string> }).headers?.Actions ?? "[]");
+		expect(JSON.parse(actionHeader)).toEqual([
+			{
+				action: "view",
+				label: "View",
+				url: context.viewUrl,
+				clear: false,
+			},
+		]);
+	});
+
+	it("replaces the original ntfy notification after a skip action with a view-only confirmation", async () => {
+		const userId = await createUser("notification-route-ntfy-skip-delete");
+		await insertMedication({ id: 5, userId, packCount: 1, looseTablets: 0 });
+		await insertUserSettings(userId, "automatic", {
+			shoutrrrEnabled: true,
+			shoutrrrUrl: "ntfy://user:pass@ntfy.example.com/medassist",
+		});
+		const { skipToken, context } = await seedContext({ userId, doseId: "5-0-1736064000000" });
+		fetchMock.mockResolvedValueOnce({ ok: true, json: () => Promise.resolve({ id: "ntfy-msg-3" }) });
+
+		const response = await app.inject({
+			method: "POST",
+			url: `/notification-actions/${skipToken}`,
+		});
+
+		expect(response.statusCode).toBe(200);
+		expect(fetchMock).toHaveBeenCalledTimes(1);
+
+		const [targetUrl, requestInit] = fetchMock.mock.calls[0] ?? [];
+		expect(targetUrl).toBe("https://ntfy.example.com/medassist");
+		expect(requestInit).toEqual(
+			expect.objectContaining({
+				method: "POST",
+				body: "Take your medication now\n\n⏭️ This intake was marked as skipped.",
+				redirect: "error",
+				headers: expect.objectContaining({
+					Authorization: expect.stringMatching(/^Basic /),
+					"X-Sequence-ID": context.sequenceId,
+				}),
+			})
+		);
+	});
+
+	it("warns when ntfy replacement, delete, and fallback clear all fail", async () => {
+		const userId = await createUser("notification-route-ntfy-delete-warn");
+		await insertMedication({ id: 5, userId, packCount: 1, looseTablets: 0 });
+		await insertUserSettings(userId, "automatic", {
+			shoutrrrEnabled: true,
+			shoutrrrUrl: "ntfy://user:pass@ntfy.example.com/medassist",
+		});
+		const { takenToken } = await seedContext({ userId, doseId: "5-0-1736064000000" });
+		fetchMock.mockResolvedValueOnce({ ok: false, status: 500, text: () => Promise.resolve("publish failed") });
+		fetchMock.mockResolvedValueOnce({ ok: false, status: 500, text: () => Promise.resolve("upstream down") });
+		fetchMock.mockResolvedValueOnce({ ok: false, status: 404, text: () => Promise.resolve("not found") });
+
+		const response = await app.inject({
+			method: "POST",
+			url: `/notification-actions/${takenToken}`,
+		});
+
+		expect(response.statusCode).toBe(200);
+		expect(fetchMock).toHaveBeenCalledTimes(3);
+		expect(app.log.warn).toHaveBeenCalledWith(
+			expect.objectContaining({ requestedAction: "taken" }),
+			expect.stringContaining("Failed to replace ntfy notification after resolved action")
+		);
+		expect(app.log.warn).toHaveBeenCalledWith(
+			expect.objectContaining({ requestedAction: "taken" }),
+			expect.stringContaining("Failed to delete ntfy notification after resolved action")
+		);
+		expect(app.log.warn).toHaveBeenCalledWith(
+			expect.objectContaining({ requestedAction: "taken" }),
+			expect.stringContaining("Failed to clear ntfy notification after delete fallback")
+		);
+	});
+
+	it("falls back to clear when ntfy replacement and delete both fail", async () => {
+		const userId = await createUser("notification-route-ntfy-delete-clear-fallback");
+		await insertMedication({ id: 5, userId, packCount: 1, looseTablets: 0 });
+		await insertUserSettings(userId, "automatic", {
+			shoutrrrEnabled: true,
+			shoutrrrUrl: "ntfy://user:pass@ntfy.example.com/medassist",
+		});
+		const { takenToken, context } = await seedContext({ userId, doseId: "5-0-1736064000000" });
+		fetchMock.mockResolvedValueOnce({ ok: false, status: 500, text: () => Promise.resolve("publish failed") });
+		fetchMock.mockResolvedValueOnce({ ok: false, status: 404, text: () => Promise.resolve("missing") });
+		fetchMock.mockResolvedValueOnce({ ok: true, text: () => Promise.resolve("") });
+
+		const response = await app.inject({
+			method: "POST",
+			url: `/notification-actions/${takenToken}`,
+		});
+
+		expect(response.statusCode).toBe(200);
+		expect(fetchMock).toHaveBeenCalledTimes(3);
+
+		const [clearUrl, clearInit] = fetchMock.mock.calls[2] ?? [];
+		expect(clearUrl).toBe(`https://ntfy.example.com/medassist/${context.sequenceId}/clear`);
+		expect(clearInit).toEqual(
+			expect.objectContaining({
+				method: "PUT",
+				headers: expect.objectContaining({ Authorization: expect.stringMatching(/^Basic /) }),
+			})
+		);
+	});
+
+	it("allows browser-origin CORS requests for public notification action tokens", async () => {
+		const userId = await createUser("notification-route-cors");
+		const { respondToken } = await seedContext({ userId, doseId: "5-0-1736064000000" });
+
+		const preflight = await app.inject({
+			method: "OPTIONS",
+			url: `/notification-actions/${respondToken}?action=taken`,
+			headers: {
+				origin: "https://ntfy.danielvolz.org",
+				"access-control-request-method": "POST",
+				"access-control-request-headers": "content-type",
+			},
+		});
+
+		expect(preflight.statusCode).toBe(204);
+		expect(preflight.headers["access-control-allow-origin"]).toBe("https://ntfy.danielvolz.org");
+		expect(preflight.headers["access-control-allow-methods"]).toContain("POST");
+		expect(preflight.headers["access-control-allow-headers"]).toContain("content-type");
+
+		const response = await app.inject({
+			method: "POST",
+			url: `/notification-actions/${respondToken}`,
+			headers: {
+				origin: "https://ntfy.danielvolz.org",
+			},
+			payload: { action: "skip" },
+		});
+
+		expect(response.statusCode).toBe(200);
+		expect(response.headers["access-control-allow-origin"]).toBe("https://ntfy.danielvolz.org");
+	});
+
+	it("accepts standard HTML form posts on respond pages", async () => {
+		const userId = await createUser("notification-route-form-post");
+		await insertMedication({ id: 5, userId, packCount: 1, looseTablets: 0 });
+		await insertUserSettings(userId, "automatic");
+		const { respondToken } = await seedContext({ userId, doseId: "5-0-1736064000000" });
+
+		const response = await app.inject({
+			method: "POST",
+			url: `/notification-actions/${respondToken}?action=taken`,
+			headers: {
+				accept: "text/html",
+				"content-type": "application/x-www-form-urlencoded",
+			},
+			payload: "",
+		});
+
+		expect(response.statusCode).toBe(200);
+		expect(response.headers["content-type"]).toContain("text/html");
+		expect(response.body).toContain("Action recorded");
+		expect(response.body).toContain("The dose was marked as taken.");
+	});
+
+	it("returns non-2xx for invalid, expired, and out-of-stock POST actions", async () => {
+		const missing = await app.inject({ method: "POST", url: "/notification-actions/missing-token" });
+		expect(missing.statusCode).toBe(404);
+
+		const expiredUserId = await createUser("notification-route-expired");
+		const { respondToken } = await seedContext({ userId: expiredUserId, doseId: "5-0-1736064000000" });
+		await testClient.execute({
+			sql: "UPDATE notification_action_groups SET expires_at = ? WHERE user_id = ?",
+			args: [new Date(0), expiredUserId],
+		});
+
+		const expired = await app.inject({
+			method: "POST",
+			url: `/notification-actions/${respondToken}`,
+			payload: { action: "skip" },
+		});
+		expect(expired.statusCode).toBe(410);
+
+		const userId = await createUser("notification-route-stock");
+		await insertMedication({ id: 5, userId, packCount: 0, looseTablets: 0 });
+		await insertUserSettings(userId, "automatic");
+		const { takenToken } = await seedContext({ userId, doseId: "5-0-1736064000000" });
+
+		const outOfStock = await app.inject({
+			method: "POST",
+			url: `/notification-actions/${takenToken}`,
+		});
+		expect(outOfStock.statusCode).toBe(409);
+		expect(outOfStock.json()).toEqual({ error: "Medication is out of stock", code: "OUT_OF_STOCK" });
+		expect(mockLogger.warn).toHaveBeenCalledWith(
+			expect.objectContaining({
+				userId,
+				groupId: expect.any(Number),
+				tokenKind: "taken",
+				doseCount: 1,
+				hasViewUrl: true,
+				requestedAction: "taken",
+				failedDoseIndex: 0,
+				code: "OUT_OF_STOCK",
+			}),
+			"[NotificationActions] Failed to record taken notification action"
+		);
+
+		const state = await testClient.execute({
+			sql: "SELECT resolved_action FROM notification_action_groups WHERE user_id = ?",
+			args: [userId],
+		});
+		expect(state.rows).toEqual([expect.objectContaining({ resolved_action: null })]);
+	});
+});
@@ -0,0 +1,225 @@
+import { dirname, resolve } from "node:path";
+import { fileURLToPath } from "node:url";
+import { migrate } from "drizzle-orm/libsql/migrator";
+import { afterAll, beforeAll, beforeEach, describe, expect, it, vi } from "vitest";
+import { runAlterMigrations } from "../db/db-utils.js";
+
+const { testClient, testDb, mockedEnv } = vi.hoisted(() => {
+	const { createClient } = require("@libsql/client");
+	const { drizzle } = require("drizzle-orm/libsql");
+	const client = createClient({ url: ":memory:" });
+	const db = drizzle(client);
+
+	return {
+		testClient: client,
+		testDb: db,
+		mockedEnv: {
+			PUBLIC_APP_URL: "https://app.example.com",
+			CORS_ORIGINS: "http://localhost:5173,http://localhost:4173",
+		},
+	};
+});
+
+vi.mock("../db/client.js", () => ({
+	db: testDb,
+	migrationsReady: Promise.resolve(),
+}));
+
+vi.mock("../plugins/env.js", () => ({ env: mockedEnv }));
+
+const { createNotificationActionContext, getNotificationActionTokenRecord, hashActionToken } = await import(
+	"../services/notification-actions-service.js"
+);
+
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = dirname(__filename);
+const migrationsFolder = resolve(__dirname, "../../drizzle");
+
+function extractToken(url: string): string {
+	return url.split("/").at(-1) ?? "";
+}
+
+async function clearTables() {
+	await testClient.execute("DELETE FROM notification_action_tokens");
+	await testClient.execute("DELETE FROM notification_action_groups");
+	await testClient.execute("DELETE FROM users");
+}
+
+async function createUser(username: string) {
+	const result = await testClient.execute({
+		sql: "INSERT INTO users (username, auth_provider, is_active) VALUES (?, 'local', 1) RETURNING id",
+		args: [username],
+	});
+
+	return Number(result.rows[0].id);
+}
+
+describe("notification-actions-service", () => {
+	beforeAll(async () => {
+		await migrate(testDb, { migrationsFolder });
+		await runAlterMigrations(testClient);
+	});
+
+	afterAll(() => {
+		testClient.close();
+	});
+
+	beforeEach(async () => {
+		await clearTables();
+		mockedEnv.PUBLIC_APP_URL = "https://app.example.com";
+		mockedEnv.CORS_ORIGINS = "http://localhost:5173,http://localhost:4173";
+	});
+
+	it("creates a notification action group with hashed tokens and app/view links", async () => {
+		const userId = await createUser("notify-actions-user");
+		const scheduledFor = new Date("2026-01-05T08:00:00.000Z");
+
+		const context = await createNotificationActionContext({
+			userId,
+			title: "Reminder",
+			message: "Take your medication now",
+			doseIds: ["9-1-1736064000000", "9-0-1736064000000", "9-1-1736064000000"],
+			scheduledFor,
+			publicAppUrl: mockedEnv.PUBLIC_APP_URL,
+			language: "en",
+		});
+
+		expect(context).toMatchObject({
+			respondUrl: expect.stringContaining("/api/notification-actions/"),
+			viewUrl: "https://app.example.com/dashboard?day=2026-01-05&dose=9-0-1736064000000",
+			sequenceId: expect.stringMatching(/^medassist-/),
+		});
+		expect(context?.actions.map((action) => action.kind)).toEqual(["taken", "skip", "view"]);
+
+		const groups = await testClient.execute({
+			sql: "SELECT COUNT(*) AS count FROM notification_action_groups WHERE user_id = ?",
+			args: [userId],
+		});
+		expect(Number(groups.rows[0].count)).toBe(1);
+
+		const tokenRows = await testClient.execute({
+			sql: "SELECT kind, token_hash FROM notification_action_tokens ORDER BY kind ASC",
+		});
+		expect(tokenRows.rows).toHaveLength(3);
+
+		const respondToken = extractToken(context!.respondUrl!);
+		const respondRow = tokenRows.rows.find((row: { kind?: unknown }) => row.kind === "respond");
+		expect(respondRow).toEqual(expect.objectContaining({ token_hash: hashActionToken(respondToken), kind: "respond" }));
+		expect(respondRow?.token_hash).not.toBe(respondToken);
+
+		const record = await getNotificationActionTokenRecord(respondToken);
+		expect(record).toMatchObject({
+			doseIds: ["9-0-1736064000000", "9-1-1736064000000"],
+			viewUrl: "https://app.example.com/dashboard?day=2026-01-05&dose=9-0-1736064000000",
+		});
+	});
+
+	it("creates a view-only context without mutation tokens", async () => {
+		const userId = await createUser("notify-actions-view-only");
+		const scheduledFor = new Date("2026-01-05T08:00:00.000Z");
+
+		const context = await createNotificationActionContext({
+			userId,
+			title: "Grouped reminder",
+			message: "Open the dashboard for details",
+			doseIds: ["9-0-1736064000000", "10-0-1736064000000"],
+			scheduledFor,
+			publicAppUrl: mockedEnv.PUBLIC_APP_URL,
+			language: "en",
+			actionMode: "view-only",
+		});
+
+		expect(context).toEqual({
+			viewUrl: "https://app.example.com/dashboard?day=2026-01-05&dose=10-0-1736064000000",
+			actions: [
+				{
+					kind: "view",
+					label: "View",
+					url: "https://app.example.com/dashboard?day=2026-01-05&dose=10-0-1736064000000",
+					method: "GET",
+				},
+			],
+		});
+
+		const groups = await testClient.execute("SELECT COUNT(*) AS count FROM notification_action_groups");
+		expect(Number(groups.rows[0].count)).toBe(0);
+
+		const tokens = await testClient.execute("SELECT COUNT(*) AS count FROM notification_action_tokens");
+		expect(Number(tokens.rows[0].count)).toBe(0);
+	});
+
+	it("reuses an unresolved active group for the same dose set and schedule", async () => {
+		const userId = await createUser("notify-actions-reuse");
+		const scheduledFor = new Date("2026-01-05T08:00:00.000Z");
+
+		const first = await createNotificationActionContext({
+			userId,
+			title: "Reminder",
+			message: "Take your medication now",
+			doseIds: ["9-0-1736064000000"],
+			scheduledFor,
+			publicAppUrl: mockedEnv.PUBLIC_APP_URL,
+			language: "en",
+		});
+		const second = await createNotificationActionContext({
+			userId,
+			title: "Reminder",
+			message: "Take your medication now",
+			doseIds: ["9-0-1736064000000"],
+			scheduledFor,
+			publicAppUrl: mockedEnv.PUBLIC_APP_URL,
+			language: "en",
+		});
+
+		expect(second?.sequenceId).toBe(first?.sequenceId);
+
+		const groups = await testClient.execute("SELECT id, sequence_id FROM notification_action_groups");
+		expect(groups.rows).toHaveLength(1);
+		expect(groups.rows[0]).toEqual(expect.objectContaining({ sequence_id: first?.sequenceId }));
+
+		const tokens = await testClient.execute("SELECT COUNT(*) AS count FROM notification_action_tokens");
+		expect(Number(tokens.rows[0].count)).toBe(6);
+	});
+
+	it("prefers a non-local CORS origin when PUBLIC_APP_URL points to localhost", async () => {
+		const userId = await createUser("notify-actions-mobile");
+		const scheduledFor = new Date("2026-01-05T08:00:00.000Z");
+		mockedEnv.PUBLIC_APP_URL = "http://localhost:5173";
+		mockedEnv.CORS_ORIGINS = "http://localhost:5173,http://192.168.0.113:5173";
+
+		const context = await createNotificationActionContext({
+			userId,
+			title: "Reminder",
+			message: "Take your medication now",
+			doseIds: ["9-0-1736064000000"],
+			scheduledFor,
+			publicAppUrl: mockedEnv.PUBLIC_APP_URL,
+			language: "en",
+		});
+
+		expect(context).toMatchObject({
+			respondUrl: `http://192.168.0.113:5173/api/notification-actions/${extractToken(context!.respondUrl!)}`,
+			viewUrl: "http://192.168.0.113:5173/dashboard?day=2026-01-05&dose=9-0-1736064000000",
+		});
+
+		const record = await getNotificationActionTokenRecord(extractToken(context!.respondUrl!));
+		expect(record?.viewUrl).toBe("http://192.168.0.113:5173/dashboard?day=2026-01-05&dose=9-0-1736064000000");
+	});
+
+	it("falls back to the date view when dose ids do not contain a medication id", async () => {
+		const userId = await createUser("notify-actions-fallback");
+		const scheduledFor = new Date("2026-01-05T08:00:00.000Z");
+
+		const context = await createNotificationActionContext({
+			userId,
+			title: "Reminder",
+			message: "Take your medication now",
+			doseIds: ["invalid-dose-id"],
+			scheduledFor,
+			publicAppUrl: mockedEnv.PUBLIC_APP_URL,
+			language: "en",
+		});
+
+		expect(context?.viewUrl).toBe("https://app.example.com/dashboard?day=2026-01-05&dose=invalid-dose-id");
+	});
+});
@@ -117,7 +117,7 @@ describe("OIDC routes", () => {
 			});

 			expect(res.statusCode).toBe(302);
-			expect(res.headers.location).toBe("http://localhost:5173/?error=oidc_access_denied");
+			expect(res.headers.location).toBe("http://localhost:5173");
 		} finally {
 			await app.close();
 		}
@@ -129,7 +129,7 @@ describe("OIDC routes", () => {
 			const res = await app.inject({ method: "GET", url: "/auth/oidc/callback" });

 			expect(res.statusCode).toBe(302);
-			expect(res.headers.location).toBe("http://localhost:5173/?error=oidc_missing_params");
+			expect(res.headers.location).toBe("http://localhost:5173");
 		} finally {
 			await app.close();
 		}
@@ -144,7 +144,7 @@ describe("OIDC routes", () => {
 			});

 			expect(res.statusCode).toBe(302);
-			expect(res.headers.location).toBe("http://localhost:5173/?error=oidc_state_mismatch");
+			expect(res.headers.location).toBe("http://localhost:5173");
 		} finally {
 			await app.close();
 		}
@@ -134,6 +134,7 @@ async function createSchema(client: Client) {
 		`CREATE TABLE IF NOT EXISTS user_settings (
      id integer PRIMARY KEY AUTOINCREMENT,
      user_id integer NOT NULL UNIQUE,
+		timezone text NOT NULL DEFAULT '',
      email_enabled integer NOT NULL DEFAULT 0,
      notification_email text,
      email_stock_reminders integer NOT NULL DEFAULT 1,
@@ -16,6 +16,8 @@ const { testClient, testDb, mockedEnv, nodemailerSendMail, fetchMock } = vi.hois
 		OIDC_ENABLED: false,
 		OIDC_PROVIDER_NAME: "SSO",
 		NODE_ENV: "test",
+		PUBLIC_APP_URL: "https://app.example.com",
+		CORS_ORIGINS: "https://app.example.com",
 	};
 	return {
 		testClient: client,
@@ -351,7 +353,7 @@ describe("Real route coverage: settings/export/report", () => {
 	});

 	it("POST /settings/test-shoutrrr returns 200 for a valid ntfy target", async () => {
-		fetchMock.mockResolvedValue({ ok: true });
+		fetchMock.mockResolvedValue({ ok: true, json: () => Promise.resolve({ id: "ntfy-test-message-id" }) });

 		const response = await app.inject({
 			method: "POST",
@@ -361,6 +363,44 @@ describe("Real route coverage: settings/export/report", () => {

 		expect(response.statusCode).toBe(200);
 		expect(response.json()).toEqual({ success: true, message: "Test notification sent successfully" });
+		expect(fetchMock).toHaveBeenCalledTimes(1);
+
+		const [, requestInit] = fetchMock.mock.calls[0] ?? [];
+		const headers = (requestInit?.headers ?? {}) as Record<string, string>;
+		expect(headers["X-Sequence-ID"]).toEqual(expect.stringMatching(/^medassist-/));
+		expect(JSON.parse(headers.Actions ?? "[]")).toEqual([
+			{
+				action: "http",
+				label: "Take",
+				url: expect.stringMatching(/^https:\/\/app\.example\.com\/api\/notification-actions\//),
+				method: "POST",
+				clear: true,
+			},
+			{
+				action: "http",
+				label: "Skip",
+				url: expect.stringMatching(/^https:\/\/app\.example\.com\/api\/notification-actions\//),
+				method: "POST",
+				clear: true,
+			},
+			{
+				action: "view",
+				label: "View",
+				url: "https://app.example.com/dashboard",
+				clear: false,
+			},
+		]);
+
+		const groups = await testClient.execute("SELECT COUNT(*) AS count FROM notification_action_groups");
+		expect(Number(groups.rows[0].count)).toBe(1);
+
+		const storedGroup = await testClient.execute(
+			"SELECT ntfy_original_message_id FROM notification_action_groups LIMIT 1"
+		);
+		expect(storedGroup.rows).toEqual([expect.objectContaining({ ntfy_original_message_id: "ntfy-test-message-id" })]);
+
+		const tokens = await testClient.execute("SELECT COUNT(*) AS count FROM notification_action_tokens");
+		expect(Number(tokens.rows[0].count)).toBe(3);
 	});

 	it("sendShoutrrrNotification blocks localhost/private targets", async () => {
@@ -370,11 +410,12 @@ describe("Real route coverage: settings/export/report", () => {
 	});

 	it("sendShoutrrrNotification handles ntfy auth and safe URL reconstruction", async () => {
-		fetchMock.mockResolvedValue({ ok: true });
+		fetchMock.mockResolvedValue({ ok: true, json: () => Promise.resolve({ id: "ntfy-message-id" }) });

 		const result = await sendShoutrrrNotification("ntfy://user:pass@ntfy.sh/mytopic", "Title ä", "Message");

 		expect(result.success).toBe(true);
+		expect(result.providerMessageId).toBe("ntfy-message-id");
 		expect(fetchMock).toHaveBeenCalledWith(
 			"https://ntfy.sh/mytopic",
 			expect.objectContaining({
@@ -589,8 +630,39 @@ describe("Real route coverage: settings/export/report", () => {
 		expect(response.statusCode).toBe(200);
 		const body = response.json();
 		expect(body[medId].dosesTaken).toBe(1);
-		expect(body[medId].dosesDismissed).toBe(1);
+		expect(body[medId].dosesSkipped).toBe(1);
 		expect(body[medId].refills).toHaveLength(1);
+		expect(body[medId].refills[0]).toMatchObject({
+			packsAdded: 1,
+			loosePillsAdded: 2,
+			usedPrescription: true,
+		});
+	});
+
+	it("POST /medications/report-data filters dose counts by takenBy suffix when requested", async () => {
+		const medId = await seedMedication("Report Filter Med");
+		await testClient.execute({
+			sql: "INSERT INTO dose_tracking (user_id, dose_id, taken_at, dismissed) VALUES (?, ?, ?, ?)",
+			args: [1, `${medId}-0-1700000000000-Alice`, 1700000000, 0],
+		});
+		await testClient.execute({
+			sql: "INSERT INTO dose_tracking (user_id, dose_id, taken_at, dismissed) VALUES (?, ?, ?, ?)",
+			args: [1, `${medId}-0-1700000600000-Alice`, 1700000600, 1],
+		});
+		await testClient.execute({
+			sql: "INSERT INTO dose_tracking (user_id, dose_id, taken_at, dismissed) VALUES (?, ?, ?, ?)",
+			args: [1, `${medId}-0-1700001200000-Bob`, 1700001200, 0],
+		});
+
+		const response = await app.inject({
+			method: "POST",
+			url: "/medications/report-data",
+			payload: { medicationIds: [medId], takenByFilter: ["Alice"] },
+		});
+		expect(response.statusCode).toBe(200);
+		const body = response.json();
+		expect(body[medId].dosesTaken).toBe(1);
+		expect(body[medId].dosesSkipped).toBe(1);
 	});

 	it("GET /export includes medications, settings, doseHistory and refillHistory", async () => {
@@ -621,7 +693,9 @@ describe("Real route coverage: settings/export/report", () => {
 		expect(body.medications).toHaveLength(1);
 		expect(body.doseHistory).toHaveLength(1);
 		expect(body.refillHistory).toHaveLength(1);
+		expect(body.refillHistory[0].quantityAdded).toBe(23);
 		expect(body.settings.language).toBe("de");
+		expect(body.settings.shareStockStatus).toBeUndefined();
 		expect(body.shareLinks).toHaveLength(1);
 	});

@@ -672,7 +746,15 @@ describe("Real route coverage: settings/export/report", () => {
 				},
 			],
 			doseHistory: [],
-			refillHistory: [],
+			refillHistory: [
+				{
+					medicationRef: "med-1",
+					packsAdded: 0,
+					quantityAdded: 4,
+					usedPrescription: false,
+					refillDate: "2026-01-02T08:00:00.000Z",
+				},
+			],
 			settings: {
 				emailEnabled: false,
 				notificationEmail: null,
@@ -708,10 +790,24 @@ describe("Real route coverage: settings/export/report", () => {
 		});
 		expect(valid.statusCode).toBe(200);
 		expect(valid.json().imported.medications).toBe(1);
+		expect(valid.json().imported.refillHistory).toBe(1);

 		const rows = await testClient.execute({
 			sql: "SELECT name FROM medications WHERE user_id = 1",
 		});
 		expect(rows.rows[0].name).toBe("Imported Med");
+
+		const refillRows = await testClient.execute({
+			sql: "SELECT packs_added, loose_pills_added FROM refill_history WHERE user_id = 1",
+		});
+		expect(refillRows.rows).toHaveLength(1);
+		expect(refillRows.rows[0].packs_added).toBe(0);
+		expect(refillRows.rows[0].loose_pills_added).toBe(4);
+
+		const importedSettings = await testClient.execute({
+			sql: "SELECT share_medication_overview, share_stock_status FROM user_settings WHERE user_id = 1",
+		});
+		expect(importedSettings.rows[0].share_medication_overview).toBe(0);
+		expect(importedSettings.rows[0].share_stock_status).toBe(1);
 	});
 });
@@ -244,6 +244,46 @@ describe("Server Bootstrap", () => {
 			await app.close();
 		});

+		it("should allow browser preflight requests on public notification action routes", async () => {
+			const origins = ["https://medtest.danielvolz.org"];
+
+			const app = Fastify({ logger: false, ajv: documentationSchemaAjv });
+			await app.register(cors, {
+				delegator: (request, callback) => {
+					if (request.raw.url?.startsWith("/notification-actions/")) {
+						callback(null, {
+							origin: true,
+							credentials: false,
+							methods: ["GET", "HEAD", "POST", "OPTIONS"],
+						});
+						return;
+					}
+
+					callback(null, { origin: origins, credentials: true });
+				},
+			});
+
+			app.post("/notification-actions/:token", async () => ({ ok: true }));
+			await app.ready();
+
+			const response = await app.inject({
+				method: "OPTIONS",
+				url: "/notification-actions/demo-token",
+				headers: {
+					origin: "https://ntfy.danielvolz.org",
+					"access-control-request-method": "POST",
+					"access-control-request-headers": "content-type",
+				},
+			});
+
+			expect(response.statusCode).toBe(204);
+			expect(response.headers["access-control-allow-origin"]).toBe("https://ntfy.danielvolz.org");
+			expect(response.headers["access-control-allow-credentials"]).toBeUndefined();
+			expect(response.headers["access-control-allow-methods"]).toContain("OPTIONS");
+
+			await app.close();
+		});
+
 		it("should register cookie plugin", async () => {
 			const app = Fastify({ logger: false, ajv: documentationSchemaAjv });
 			await app.register(cookie, { secret: "test-cookie-secret" });
@@ -68,6 +68,7 @@ async function setStockMode(mode: "automatic" | "manual") {

 async function createMedication(options: {
 	name: string;
+	genericName?: string | null;
 	packCount?: number;
 	blistersPerPack?: number;
 	pillsPerBlister?: number;
@@ -80,6 +81,7 @@ async function createMedication(options: {
 }) {
 	const {
 		name,
+		genericName = null,
 		packCount = 1,
 		blistersPerPack = 1,
 		pillsPerBlister = 10,
@@ -106,16 +108,17 @@ async function createMedication(options: {

 	const result = await testClient.execute({
 		sql: `INSERT INTO medications (
-        user_id, name, taken_by_json, package_type,
+				user_id, name, generic_name, taken_by_json, package_type,
        pack_count, blisters_per_pack, pills_per_blister, loose_tablets,
        stock_adjustment, last_stock_correction_at,
        usage_json, every_json, start_json, intakes_json,
        is_obsolete, intake_reminders_enabled
-      ) VALUES (?, ?, ?, 'blister', ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, 0)
+			) VALUES (?, ?, ?, ?, 'blister', ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, 0)
      RETURNING id`,
 		args: [
 			1,
 			name,
+			genericName,
 			JSON.stringify(takenBy),
 			packCount,
 			blistersPerPack,
@@ -348,6 +351,21 @@ describe("Stock semantics parity (planner usage vs scheduler)", () => {
 		const lowStock = await getMedicationsNeedingReminderForTests(1, 7, 365, "en", "automatic");
 		expect(lowStock.some((r) => r.name === "Obsolete Med")).toBe(false);
 	});
+
+	it("uses generic name fallback in scheduler reminders when commercial name is empty", async () => {
+		await setStockMode("automatic");
+		await createMedication({
+			name: "",
+			genericName: "Acetylsalicylic acid",
+			packCount: 1,
+			blistersPerPack: 1,
+			pillsPerBlister: 10,
+			intakes: [{ usage: 1, every: 1, start: "2026-01-01T08:00:00" }],
+		});
+
+		const lowStock = await getMedicationsNeedingReminderForTests(1, 7, 365, "en", "automatic");
+		expect(lowStock.some((r) => r.name === "Acetylsalicylic acid")).toBe(true);
+	});
 });

 describe("getLiquidReminderThresholds", () => {
@@ -46,5 +46,6 @@ export const log = {
 export type ServiceLogger = {
 	info: (msg: string) => void;
 	debug: (msg: string) => void;
+	warn: (msg: string) => void;
 	error: (msg: string) => void;
 };
@@ -1,4 +1,4 @@
-export const PACKAGE_TYPES = ["blister", "bottle", "tube", "liquid_container"] as const;
+export const PACKAGE_TYPES = ["blister", "bottle", "tube", "liquid_container", "inhaler", "injection"] as const;

 export type PackageType = (typeof PACKAGE_TYPES)[number];

@@ -19,14 +19,25 @@ export function isLiquidContainerPackageType(packageType?: string | null): boole
 	return normalizePackageType(packageType) === "liquid_container";
 }

-export function isAmountBasedPackageType(packageType?: string | null): boolean {
+export function isPackageAmountPackageType(packageType?: string | null): boolean {
 	const normalized = normalizePackageType(packageType);
-	return normalized === "bottle" || normalized === "tube" || normalized === "liquid_container";
+	return normalized === "tube" || normalized === "liquid_container";
 }

-export function getPlannerUnitKind(packageType?: string | null): "pills" | "ml" | "units" {
+export function isDiscreteCountPackageType(packageType?: string | null): boolean {
+	const normalized = normalizePackageType(packageType);
+	return normalized === "bottle" || normalized === "inhaler" || normalized === "injection";
+}
+
+export function isAmountBasedPackageType(packageType?: string | null): boolean {
+	return isPackageAmountPackageType(packageType) || isDiscreteCountPackageType(packageType);
+}
+
+export function getPlannerUnitKind(packageType?: string | null): "pills" | "ml" | "units" | "puffs" | "injections" {
 	const normalized = normalizePackageType(packageType);
 	if (normalized === "tube") return "units";
 	if (normalized === "liquid_container") return "ml";
+	if (normalized === "inhaler") return "puffs";
+	if (normalized === "injection") return "injections";
 	return "pills";
 }
@@ -64,6 +64,16 @@ function toDateOnly(date: Date): Date {
 	return new Date(date.getFullYear(), date.getMonth(), date.getDate(), 0, 0, 0, 0);
 }

+function getLocalDateOrdinal(date: Date): number {
+	return Math.floor(Date.UTC(date.getFullYear(), date.getMonth(), date.getDate()) / 86_400_000);
+}
+
+function addLocalCalendarDays(date: Date, days: number): Date {
+	const next = new Date(date);
+	next.setDate(next.getDate() + days);
+	return next;
+}
+
 export function getDateOnlyTimestamp(date: Date): number {
 	return toDateOnly(date).getTime();
 }
@@ -175,13 +185,23 @@ export function getNextScheduledOccurrenceTime(

 	const lowerBound = inclusive ? fromMs : fromMs + 1;
 	if (schedule.scheduleMode !== "weekdays") {
-		const period = Math.max(1, schedule.every) * 86_400_000;
+		const intervalDays = Math.max(1, schedule.every);
 		if (startTime >= lowerBound) {
 			return startTime;
 		}

-		const intervals = Math.ceil((lowerBound - startTime) / period);
-		return startTime + intervals * period;
+		const lowerBoundDate = new Date(lowerBound);
+		const startOrdinal = getLocalDateOrdinal(startDate);
+		const lowerBoundOrdinal = getLocalDateOrdinal(lowerBoundDate);
+		const daysBetween = Math.max(0, lowerBoundOrdinal - startOrdinal);
+		const wholeIntervals = Math.floor(daysBetween / intervalDays);
+
+		let candidate = addLocalCalendarDays(startDate, wholeIntervals * intervalDays);
+		while (candidate.getTime() < lowerBound) {
+			candidate = addLocalCalendarDays(candidate, intervalDays);
+		}
+
+		return candidate.getTime();
 	}

 	const candidateStart = Math.max(lowerBound, startTime);
@@ -224,17 +244,28 @@ export function forEachScheduledOccurrenceInRange(
 	}

 	if (schedule.scheduleMode !== "weekdays") {
-		const period = Math.max(1, schedule.every) * 86_400_000;
-		let occurrenceMs = startTime;
-		if (occurrenceMs < rangeStartMs) {
-			const intervals = Math.ceil((rangeStartMs - occurrenceMs) / period);
-			occurrenceMs += intervals * period;
+		const intervalDays = Math.max(1, schedule.every);
+		let occurrence = new Date(startDate);
+		if (occurrence.getTime() < rangeStartMs) {
+			const rangeStartDate = new Date(rangeStartMs);
+			const startOrdinal = getLocalDateOrdinal(startDate);
+			const rangeStartOrdinal = getLocalDateOrdinal(rangeStartDate);
+			const daysBetween = Math.max(0, rangeStartOrdinal - startOrdinal);
+			const wholeIntervals = Math.floor(daysBetween / intervalDays);
+			occurrence = addLocalCalendarDays(startDate, wholeIntervals * intervalDays);
+
+			while (occurrence.getTime() < rangeStartMs) {
+				occurrence = addLocalCalendarDays(occurrence, intervalDays);
+			}
 		}

-		for (; occurrenceMs <= rangeEndMs; occurrenceMs += period) {
+		for (let occurrenceMs = occurrence.getTime(); occurrenceMs <= rangeEndMs; ) {
 			if (occurrenceMs >= rangeStartMs) {
 				callback(occurrenceMs);
 			}
+
+			occurrence = addLocalCalendarDays(occurrence, intervalDays);
+			occurrenceMs = occurrence.getTime();
 		}
 		return;
 	}
@@ -348,6 +379,23 @@ export function getTimezone(): string {
 	return process.env.TZ || "UTC";
 }

+export function isValidTimezone(value: string): boolean {
+	try {
+		new Intl.DateTimeFormat("en-US", { timeZone: value });
+		return true;
+	} catch {
+		return false;
+	}
+}
+
+export function getEffectiveTimezone(override?: string | null): string {
+	const normalized = override?.trim() ?? "";
+	if (normalized && isValidTimezone(normalized)) {
+		return normalized;
+	}
+	return getTimezone();
+}
+
 /** Format a date in the configured timezone */
 export function formatInTimezone(date: Date, tz?: string): string {
 	return date.toLocaleString("de-DE", {
@@ -0,0 +1,113 @@
+# Configuration
+
+Configure MedAssist with environment variables in `.env`. Start from `.env.example`.
+
+## General
+
+| Variable | Default | Description |
+|----------|---------|-------------|
+| `PUID` | `1000` | User ID for container file permissions |
+| `PGID` | `1000` | Group ID for container file permissions |
+| `PORT` | `3000` | Backend API port |
+| `CORS_ORIGINS` | `http://localhost:4174` | Allowed origins for CORS |
+| `TZ` | `Europe/Berlin` | Server default timezone for scheduled reminders |
+| `PUBLIC_APP_URL` | — | Public base URL for notification action links |
+| `LOG_LEVEL` | `info` | Log level: `debug`, `info`, `warn`, `error`, or `silent` |
+| `RATE_LIMIT_MAX` | `100` | Maximum requests per minute per IP |
+| `OPENAPI_DOCS_ENABLED` | `auto` | Explicitly enable or disable `/docs` and `/docs/json` |
+
+API docs behavior:
+
+- If `OPENAPI_DOCS_ENABLED` is unset, docs are enabled outside production and disabled in production.
+- `OPENAPI_DOCS_ENABLED=true` enables `/docs` and `/docs/json`.
+- `OPENAPI_DOCS_ENABLED=false` disables the docs only.
+
+## Authentication
+
+| Variable | Default | Description |
+|----------|---------|-------------|
+| `AUTH_ENABLED` | `false` | Enable user authentication |
+| `REGISTRATION_ENABLED` | `false` | Allow new user registrations |
+| `FORM_LOGIN_ENABLED` | `true` | Enable username/password login |
+| `JWT_SECRET` | — | Access token signing key; required when auth is enabled |
+| `REFRESH_SECRET` | — | Refresh token signing key; required when auth is enabled |
+| `COOKIE_SECRET` | — | Cookie signing key; required when auth is enabled |
+| `ACCESS_TOKEN_TTL_MINUTES` | `15` | Access token lifetime |
+| `REFRESH_TOKEN_TTL_DAYS` | `7` | Refresh token lifetime |
+
+Generate secrets with `openssl rand -hex 32`.
+
+## API Keys
+
+When `AUTH_ENABLED=true`, authenticated users can create API keys and call protected endpoints with:
+
+```text
+Authorization: Bearer ma_...
+```
+
+Available scopes:
+
+- `read`: read-only access (`GET`, `HEAD`, `OPTIONS`)
+- `write`: read and write access
+
+Notes:
+
+- The token is shown only once after creation.
+- Creating a new key deactivates previously active keys for the same user.
+- API keys are stored hashed in the database.
+
+API reference:
+
+- Interactive docs: `/docs`
+- OpenAPI JSON: `/docs/json`
+- Key management endpoints:
+  - `GET /auth/api-keys`
+  - `POST /auth/api-keys`
+  - `DELETE /auth/api-keys/:id`
+
+## OIDC / SSO
+
+| Variable | Default | Description |
+|----------|---------|-------------|
+| `OIDC_ENABLED` | `false` | Enable OIDC authentication |
+| `OIDC_ISSUER_URL` | — | OIDC provider URL |
+| `OIDC_CLIENT_ID` | — | OIDC client ID |
+| `OIDC_CLIENT_SECRET` | — | OIDC client secret |
+| `OIDC_REDIRECT_URI` | — | OIDC callback URL |
+| `OIDC_SCOPES` | `openid profile email` | Requested scopes |
+| `OIDC_USERNAME_CLAIM` | `preferred_username` | Username claim |
+| `OIDC_AUTO_CREATE_USERS` | `true` | Auto-create users on first SSO login |
+| `OIDC_PROVIDER_NAME` | `SSO` | Login button label |
+
+## Email (SMTP)
+
+| Variable | Default | Description |
+|----------|---------|-------------|
+| `SMTP_HOST` | — | SMTP server hostname |
+| `SMTP_PORT` | `587` | SMTP server port |
+| `SMTP_USER` | — | SMTP username |
+| `SMTP_PASS` | — | SMTP password |
+| `SMTP_TOKEN` | — | OAuth2 or app token; takes precedence over `SMTP_PASS` |
+| `SMTP_FROM` | — | Sender email address |
+| `SMTP_SECURE` | `false` | Use TLS |
+
+## Reminders
+
+| Variable | Default | Description |
+|----------|---------|-------------|
+| `REMINDER_DAYS_BEFORE` | `7` | Days before stock runs out to send reminder |
+| `REMINDER_HOUR` | `6` | Hour to send daily reminders (24h format) |
+| `REMINDER_MINUTES_BEFORE` | `15` | Minutes before intake to send reminder |
+| `EXPIRY_WARNING_DAYS` | `30` | Days before expiry warning |
+
+Reminder timing uses IANA timezones. `TZ` is the server default. Users can override it in Settings.
+
+## Push Notifications
+
+Push notification setup, provider support, and URL examples are documented in [PUSH_NOTIFICATIONS.md](PUSH_NOTIFICATIONS.md).
+
+Recommended provider: `ntfy`, especially for intake reminders with direct actions.
+
+## Default User Settings
+
+Default values for newly created users are documented in [DEFAULT_USER_SETTINGS.md](DEFAULT_USER_SETTINGS.md).
@@ -6,7 +6,9 @@ Scope and behavior:

 - These values are applied only when a user's settings are created for the first time.
 - After that, values stored in the database are used and take precedence.
- Source of truth in code: [backend/src/routes/settings.ts](backend/src/routes/settings.ts).
+- This document only covers settings that have an environment-backed default.
+- It is not intended to be a full inventory of every setting shown in the UI.
+- UI-only settings without a `DEFAULT_*` variable, for example the dashboard section order toggle, are intentionally excluded.

 ## Email Defaults

@@ -47,6 +49,6 @@ Scope and behavior:
 |----------|---------|-------------|
 | `DEFAULT_LANGUAGE` | `en` | Default language (`en` or `de`). |
 | `DEFAULT_STOCK_CALCULATION_MODE` | `automatic` | Default stock mode (`automatic` or `manual`). |
-| `DEFAULT_SHARE_STOCK_STATUS` | `true` | Show stock status on shared schedule links. |
+| `DEFAULT_SHARE_MEDICATION_OVERVIEW` | `false` | Show medication overview section on shared schedule links. |
 | `DEFAULT_UPCOMING_TODAY_ONLY` | `false` | Show only today's upcoming doses by default. |
 | `DEFAULT_SHARE_SCHEDULE_TODAY_ONLY` | `false` | Show only today's schedule in shared view by default. |
@@ -0,0 +1,35 @@
+# Development
+
+## Start the Development Stack
+
+```bash
+docker compose -p medassist-dev -f docker-compose.dev.yml up
+```
+
+## Service Endpoints
+
+- Frontend: `http://localhost:5173`
+- Backend: `http://localhost:3000`
+- API docs UI: `http://localhost:3000/docs` when docs are enabled
+- OpenAPI JSON: `http://localhost:3000/docs/json` when docs are enabled
+
+## Frontend Dev Server Behind a Proxy
+
+If the frontend dev server runs behind a reverse proxy or on a remote host, set these frontend-only environment variables before starting Vite:
+
+These development overrides are documented here intentionally and are not part of the standard operator-focused `.env.example` surface.
+
+- `BACKEND_URL`: backend target used by the Vite `/api` proxy; default `http://localhost:3000` outside Docker and `http://backend-dev:3000` in Docker
+- `VITE_ALLOWED_HOSTS`: comma-separated hostnames allowed to connect to the dev server; default `localhost,127.0.0.1`
+- `VITE_HMR_HOST`: public hostname for HMR websocket connections
+- `VITE_HMR_PROTOCOL`: websocket protocol override (`ws` or `wss`)
+- `VITE_HMR_CLIENT_PORT`: public websocket port exposed to the browser
+- `VITE_HMR_PORT`: server-side websocket port for the Vite process
+
+## Useful Commands
+
+```bash
+npm run lint
+cd backend && npm run test:run
+cd frontend && npm run test:run
+```
@@ -0,0 +1,71 @@
+# Push Notifications
+
+MedAssist uses [Shoutrrr](https://containrrr.dev/shoutrrr/) for push notifications.
+
+## Recommendation
+
+Recommended provider: `ntfy`.
+
+Use `ntfy` when you want the best-supported MedAssist notification flow, especially for intake reminders with direct actions such as `Take`, `Skip`, and `View`.
+
+## Supported URL Schemes
+
+- `ntfy://`
+- `discord://`
+- `pushover://`
+- `gotify://`
+- `telegram://`
+- direct `https://` webhooks
+
+## Configuration
+
+Configure push notifications in the app under `Settings -> Push`, or set defaults for new users with environment variables.
+
+Push-related default variables:
+
+| Variable | Default | Description |
+|----------|---------|-------------|
+| `DEFAULT_SHOUTRRR_ENABLED` | `false` | Enable push notifications by default |
+| `DEFAULT_SHOUTRRR_URL` | — | Default Shoutrrr URL |
+| `DEFAULT_SHOUTRRR_STOCK_REMINDERS` | `true` | Send stock reminders via push |
+| `DEFAULT_SHOUTRRR_INTAKE_REMINDERS` | `true` | Send intake reminders via push |
+| `DEFAULT_SHOUTRRR_PRESCRIPTION_REMINDERS` | `true` | Send prescription reminders via push |
+
+For the full default-user-settings reference, see [DEFAULT_USER_SETTINGS.md](DEFAULT_USER_SETTINGS.md).
+
+## URL Examples
+
+### ntfy
+
+```text
+ntfy://ntfy.sh/your-topic
+ntfy://user:password@your-server.com/topic
+```
+
+### Pushover
+
+```text
+pushover://shoutrrr:API_TOKEN@USER_KEY/
+```
+
+### Gotify
+
+```text
+gotify://your-server.com/TOKEN
+gotify://your-server.com:443/path/to/gotify/TOKEN?priority=1
+```
+
+### Discord
+
+```text
+discord://TOKEN@WEBHOOK_ID
+```
+
+### Telegram
+
+```text
+telegram://TOKEN@telegram?chats=CHAT_ID
+telegram://TOKEN@telegram?chats=@your_channel,-1001234567890
+```
+
+For all supported services and options, see the [Shoutrrr documentation](https://containrrr.dev/shoutrrr/v0.8/services/overview/).
@@ -1,237 +0,0 @@
-# Agent Memory Notes
-
-Purpose: persistent agent work memory to survive context loss.
-
-## Entries
-
-### 2026-03-25
-
- Task: Diagnose PR #475 GitHub CI failure for the frontend build job and fix testing/build-scope issues only.
- Root cause: The GitHub "Frontend Build" check actually failed in the frontend lint step because `frontend/src/test/pages/MedicationsPage.test.tsx` contained a whitespace-only line that Biome rejects.
- Fix: Removed the stray whitespace-only line in `frontend/src/test/pages/MedicationsPage.test.tsx` and revalidated frontend lint/build locally.
-
- Task: Split the medication enrichment lookup improvements into a standalone feature branch and repair the shared frontend tests until the focused validation set passed.
- Decisions: Kept this branch limited to enrichment lookup/search/apply behavior, restored corrupted MedicationsPage and MobileEditModal test structure from clean main patterns, and retained desktop/mobile parity inside the feature scope.
- Files touched: README.md, backend/src/routes/medication-enrichment.ts, backend/src/services/medication-enrichment.ts, backend/src/test/medication-enrichment.test.ts, frontend/src/components/MedicationEnrichmentSection.tsx, frontend/src/components/MobileEditModal.tsx, frontend/src/i18n/de.json, frontend/src/i18n/en.json, frontend/src/pages/MedicationsPage.tsx, frontend/src/styles.css, frontend/src/test/components/MedicationEnrichmentSection.test.tsx, frontend/src/test/components/MobileEditModal.test.tsx, frontend/src/test/pages/MedicationsPage.test.tsx, frontend/src/types/index.ts, frontend/src/utils/index.ts, frontend/src/utils/medication-enrichment.ts.
- Follow-up: Merge the refreshed feature branch once GitHub CI is green again.
-
- Task: Merge the refreshed feature branch on top of the already shipped stock/refill semantics changes without losing shared test coverage or work-log history.
- Decisions: Kept the stock/refill doku history entries while resolving add/add conflicts and combined both branches' MedicationsPage tests in the shared file.
- Files touched: doku/memory_notes.md, doku/report.md, frontend/src/test/pages/MedicationsPage.test.tsx.
- Follow-up: Re-run the minimum frontend validation and push the conflict-resolution commit for PR #475.
-
- Task: Review and merge the open Dependabot pull requests after verifying scope and CI state.
- Decisions: Merged only dependency-only PRs with acceptable checks; accepted skipped jobs on the root-only tooling bump because the diff did not touch frontend or backend runtime code.
- Merged PRs: #468 (`@biomejs/biome` root bump), #469 (frontend dependency group bump), #470 (backend dependency group bump).
- Follow-up: Synced local `main` to commit `39c19ab` and confirmed there are no remaining open Dependabot PRs from this reviewed set.
-
- Task: Investigate why last week's weekly triage report issue stayed open after a newer report was created.
- Root cause: `.github/workflows/weekly-triage-report.yml` always created a new issue and had no cleanup step for older open weekly report issues; `.github/agents/release-manager.agent.md` also lacked an explicit weekly-report closure rule.
- Fix: Added workflow logic to close older open weekly triage reports before publishing the new one and added a dedicated "Weekly Triage Report Hygiene" rule to the release-manager agent instructions.
-
- Task: Ship the CSS architecture modernization in an isolated PR flow and then restore the local Spec Kit workspace artifacts after the requested main-branch cleanup.
- Decisions: Used a fresh worktree from `github/main` to avoid shipping unrelated local residue, merged the CSS-only PR from that clean scope, then used `git stash push -u` to satisfy the requested clean local `main` state without deleting the local Spec Kit setup.
- Recovery: Verified that `.specify/`, `specs/001-css-monolith-modernization/`, `docs/SPEC_KIT.md`, `.github/agents/medassist-feature-orchestrator.agent.md`, `.github/agents/speckit.*`, and `.github/prompts/speckit.*` were preserved inside `stash@{0}` and restored them with `git stash apply stash@{0}` after the user requested them back.
- Correction: Updated `.github/agents/release-manager.agent.md` to make the intended rule explicit: `git stash` may be used only temporarily during an active transition, never as the final mechanism for making local `main` look clean. A requested clean `main` now explicitly means no leftover tracked changes, no leftover untracked task files, and no hidden task residue in stash.
- Follow-up correction: Added all current Spec Kit artifacts to `.gitignore` so the local setup no longer appears in `git status`. The ignore covers `.specify/`, `specs/`, `docs/SPEC_KIT.md`, `.github/agents/medassist-feature-orchestrator.agent.md`, `.github/agents/speckit.*.agent.md`, and `.github/prompts/speckit.*.prompt.md`.
-
- Task: Perform a thorough repo-wide code-quality audit across backend and frontend without implementation.
- Findings: The highest-risk hotspots are duplicated notification delivery logic across planner/manual and scheduler code paths, duplicated schedule/stock rendering logic across DashboardPage, SchedulePage, and SharedSchedule, oversized god modules such as `frontend/src/context/AppContext.tsx`, `frontend/src/pages/MedicationsPage.tsx`, `backend/src/routes/medications.ts`, `backend/src/routes/planner.ts`, `backend/src/services/reminder-scheduler.ts`, `backend/src/services/intake-reminder-scheduler.ts`, and `backend/src/services/medication-enrichment.ts`, plus several swallowed-error paths and broad file-level lint suppressions.
- Output: Prepared a severity-ranked review, a high-ROI remediation plan, and a deeper reporting breakdown for notifications, AppContext, and schedule UI duplication.
- Documentation: Wrote the consolidated audit report to `doku/code-quality-audit-2026-03-26.md` so the findings and remediation priorities are preserved as a standalone markdown document.
-
- Task: Merge the newly opened Dependabot pull requests via the release-manager handoff path.
- Result: `#482` (backend picomatch bump), `#483` (frontend picomatch bump), and `#484` (root dev picomatch bump) were squash-merged after review. `#485` (backend yaml bump) was left open because its refreshed checks were still running and not fully green at decision time.
-
- Task: Review the open Dependabot PRs on GitHub and merge only the safe ones.
- Scope review: Verified each Dependabot PR diff was dependency-only with no mixed product changes; all reviewed PRs only changed a single lockfile.
- Merged: Squash-merged PR #483 (`picomatch` in `/frontend`), PR #482 (`picomatch` in `/backend`), and PR #484 (root `picomatch` dev dependency lockfile update).
- Deferred: Left PR #485 (`yaml` in `/backend`) open after rebasing it onto the updated `main` because its refreshed Playwright E2E check was still running, so the PR was not yet fully green at decision time.
-
- Task: Convert the code-quality audit into a concrete implementation plan.
- Output: Added `plan/refactor-code-quality-remediation-1.md` with phase-based remediation steps covering notification consolidation, shared schedule UI extraction, AppContext decomposition, MedicationsPage decomposition, backend service/module decomposition, and observability hardening.
- Constraint handling: Kept the plan split into reviewable phases so future implementation can stay within the repository's one-objective-per-PR rule.
-
- Task: Review the remediation plan for execution readiness and prepare the next-agent handoff.
- Decision: The plan structure was already sound, but it needed explicit PR-sized execution slices and a concrete first handoff target so the next agent does not start with an overly broad refactor scope.
- Output: Added `Execution Slices & Handoff` to `plan/refactor-code-quality-remediation-1.md`, recommending `medassist-feature-orchestrator` start with Phase 1 only, followed by `@testing-manager` and then `@release-manager`.
-
- Task: Break the remediation plan into executable checklist tasks.
- Constraint: The standard `.specify/scripts/bash/check-prerequisites.sh --json` flow failed on `main` because there is no active feature branch, so task generation used `plan/refactor-code-quality-remediation-1.md` and `doku/code-quality-audit-2026-03-26.md` directly as the source artifacts.
- Output: Added `plan/refactor-code-quality-remediation-tasks-1.md` with setup, foundational, six remediation user stories, cross-cutting polish, dependencies, parallel opportunities, and explicit testing/release handoff tasks.
-
- Task: Apply the three consistency remediations after the manual analysis findings.
- Decisions: Created a local feature branch `002-code-quality-remediation`, added a minimal Spec Kit feature set under `specs/002-code-quality-remediation/`, reduced the task file's blocking foundations to MVP-relevant prerequisites only, added explicit local build/check validation tasks per slice, and split the later backend and observability work into narrower slices.
- Output: Updated `plan/refactor-code-quality-remediation-1.md`, replaced `plan/refactor-code-quality-remediation-tasks-1.md`, and added `specs/002-code-quality-remediation/spec.md`, `specs/002-code-quality-remediation/plan.md`, and `specs/002-code-quality-remediation/tasks.md`.
-
- Task: Implement US1 notification consolidation for code-quality remediation slice 1.
- Decisions: Added a shared notification service layer under `backend/src/services/notifications/` to centralize SMTP delivery, push delivery, push payload builders, and reminder state helpers. Refactored manual reminder routes and scheduler paths to consume the shared modules while preserving existing behavior and parity.
- Files touched: `backend/src/services/notifications/delivery.ts`, `backend/src/services/notifications/builders.ts`, `backend/src/services/notifications/state.ts`, `backend/src/services/notifications/index.ts`, `backend/src/services/reminder-scheduler.ts`, `backend/src/routes/planner.ts`, `backend/src/services/intake-reminder-scheduler.ts`.
- Validation: Ran backend local validation (`npm run check` and `npm run build` in `backend/`). First pass revealed leftover lint/type issues from refactor (unused symbols and stale SMTP variable references in planner logs), then applied targeted fixes and re-ran until both commands passed cleanly.
-
- Task: Hand off reminder regression testing to the designated testing owner.
- Output: Delegated to `@testing-manager` and captured a risk-based regression plan with prioritized existing tests (`planner`, `intake-reminder-scheduler`, `stock-semantics-parity`), concrete gap tests to add, exact run commands, and a PR-ready pass/fail checklist.
-
- Task: Continue with the next remediation task (US2/T016) after US1 completion.
- Output: Completed schedule-duplication inventory across `frontend/src/pages/DashboardPage.tsx`, `frontend/src/pages/SchedulePage.tsx`, and `frontend/src/components/SharedSchedule.tsx`.
- Findings: Confirmed duplicated dose formatting helpers, duplicated timeline day rendering blocks, duplicated day collapse persistence/toggle mechanics, duplicated missed-dose summary/clear flow, and duplicated stock-row decoration/status branching.
- Files updated: `specs/002-code-quality-remediation/plan.md` (inventory notes), `specs/002-code-quality-remediation/tasks.md` (T016 marked done).
-
- Task: Implement US2/T017 shared schedule helper foundation.
- Output: Added `frontend/src/features/schedule/formatters.ts` and `frontend/src/features/schedule/storage.ts` to centralize duplicated schedule amount formatting and collapse-state storage helpers ahead of page rewiring tasks.
- Files updated: `specs/002-code-quality-remediation/tasks.md` (T017 marked done).
-
- Task: Implement US2/T018 shared schedule interaction helper foundation.
- Output: Added `frontend/src/features/schedule/interactions.ts` with reusable helpers for day-collapse state resolution and dose-progress counting.
- Files updated: `specs/002-code-quality-remediation/tasks.md` (T018 marked done).
-
- Task: Complete US2 rewiring tasks T019-T021 to consume shared schedule helpers.
- Output: Rewired `frontend/src/pages/DashboardPage.tsx`, `frontend/src/pages/SchedulePage.tsx`, and `frontend/src/components/SharedSchedule.tsx` to consume shared schedule formatting/storage/interaction helpers from `frontend/src/features/schedule/`.
- Validation: Editor diagnostics show no errors in the touched files after rewiring.
- Files updated: `specs/002-code-quality-remediation/tasks.md` (T019-T021 marked done).
-
- Task: Provide an immediate execution sequence for adapting US1 reminder consolidation tests in branch `002-code-quality-remediation`.
- Output: Confirmed current coverage is concentrated in `backend/src/test/planner.test.ts` and `backend/src/test/intake-reminder-scheduler.test.ts`, identified missing direct unit coverage for `backend/src/services/notifications/{delivery,builders,state}.ts`, and prepared an ordered command plan (baseline targeted run -> new unit tests -> targeted rerun -> backend check/build gate) with explicit completion criteria.
-
- Task: Testing handoff validation for US2 schedule helper consolidation and rewiring (T023).
- Scope validated: `frontend/src/features/schedule/{formatters,storage,interactions}.ts`, shared schedule components, `frontend/src/pages/DashboardPage.tsx`, `frontend/src/pages/SchedulePage.tsx`, and `frontend/src/components/SharedSchedule.tsx`.
- Validation executed: targeted Vitest parity pack passed (`DashboardPage`, `SchedulePage`, `SharedSchedule`, `SharedScheduleTodayOnly`, schedule utils, storage utils); targeted Playwright schedule specs mostly passed but one existing undo-visibility assertion failed in `frontend/e2e/schedule-data.spec.ts`.
- Gate status: `frontend` `npm run check` still fails only on pre-existing TypeScript errors in `frontend/src/test/pages/MedicationsPage.test.tsx` lines 887 and 1641 (`resolveLoadMore?.(...)` and `resolveEnrichment?.(...)` typed as `never`).
- Classification: current TS check failures appear unrelated to US2 rewiring scope because they are confined to MedicationsPage enrichment tests and touched schedule suites passed.
-
- Task: Start and advance US3 AppContext decomposition tasks (T025-T031).
- Output: Added `US3 Inventory Notes (T025)` in `specs/002-code-quality-remediation/plan.md`; implemented first extracted boundary in `frontend/src/context/ShareContext.tsx` and wired it through `frontend/src/context/AppContext.tsx` and `frontend/src/App.tsx`.
- Output: Added `frontend/src/hooks/useScheduleController.ts` and migrated heavy consumers (`frontend/src/pages/DashboardPage.tsx`, `frontend/src/pages/SchedulePage.tsx`) to the smaller orchestration hook.
- Validation/Handoff: US3 `frontend` check gate remains blocked by pre-existing MedicationsPage test typing errors; handed off US3 regression validation to `@testing-manager` with targeted test/command sequence and blocker classification.
-
- Task: Continue execution into US4 (T032/T033).
- Output: Completed desktop/mobile medication-edit parity inventory and documented it in `specs/002-code-quality-remediation/plan.md` (`US4 Inventory Notes (T032)`).
- Output: Extracted medication enrichment state controller to `frontend/src/hooks/useMedicationEnrichmentController.ts` and rewired `frontend/src/pages/MedicationsPage.tsx` to consume the extracted hook/state handlers.
-
- Task: Testing handoff validation for US3 AppContext decomposition (ShareContext boundary + useScheduleController extraction).
- Scope validated: `frontend/src/context/ShareContext.tsx`, `frontend/src/context/AppContext.tsx`, `frontend/src/hooks/useScheduleController.ts`, `frontend/src/pages/DashboardPage.tsx`, `frontend/src/pages/SchedulePage.tsx`, and `frontend/src/App.tsx`.
- Validation executed: frontend `npm run check` reproduces the same pre-existing TypeScript blocker in `frontend/src/test/pages/MedicationsPage.test.tsx` lines 887 and 1641; focused Vitest pass confirmed for `SchedulePage` + `ShareDialog` tests; targeted Playwright pass confirmed for `e2e/schedule.spec.ts` + `e2e/share-schedule.spec.ts` (23/23).
- Additional finding: `App.test.tsx` and `DashboardPage.test.tsx` currently fail due stale module mocks missing the new `useShareContext` export, indicating test adaptation required for the extracted boundary rather than evidence of runtime schedule/share regression.
-
- Task: Complete US7/T052 by removing swallowed refresh-related failures in frontend settings flow.
- Output: Updated `frontend/src/hooks/useSettings.ts` to replace silent `.catch(() => {})` paths for reminder-status refresh and keepalive settings flush with explicit structured warning logs.
- Detail: Added a small local `getErrorMessage` helper to normalize unknown thrown values into loggable strings and reused it in the new catch handlers.
- Validation: Editor diagnostics for `frontend/src/hooks/useSettings.ts` report no errors after the changes.
-
-### 2026-03-27
-
- Task: Diagnose and fix PR #490 CI failures (`Frontend Build`, `Playwright E2E`) in worktree `medassist-pr-e2e`.
- Root causes:
-	- Frontend gate: `frontend/e2e/app-shell.spec.ts` had a biome formatting violation; after fixing that, `frontend/src/test/pages/MedicationsPage.test.tsx` still failed TypeScript (`resolveLoadMore?.(...)` and `resolveEnrichment?.(...)` inferred as `never`).
-	- Playwright E2E: `frontend/e2e/dashboard-data.spec.ts` undo test asserted `.day-block.today` before dashboard data was fully ready, causing intermittent/not-found failure in CI-like runs.
- Fixes:
-	- Added formatting newline in `frontend/e2e/app-shell.spec.ts`.
-	- Reworked resolver typing in `frontend/src/test/pages/MedicationsPage.test.tsx` to definite-assignment callbacks with matching `Promise` generics.
-	- Hardened `frontend/e2e/dashboard-data.spec.ts` undo flow by waiting for dashboard overview table and seeded medication row before asserting timeline blocks.
-	- Reduced auth setup rate-limit pressure in `frontend/e2e/auth.setup.ts` by switching to login-first and registering only as fallback before a single retry.
- Validation:
-	- `cd frontend && CI=true npm run check` passed.
-	- `cd frontend && CI=true npm run build` passed.
-	- `cd frontend && PLAYWRIGHT_HTML_OPEN=never PLAYWRIGHT_WORKERS=1 npx playwright test --config=playwright.stable.config.ts --workers=1 e2e/dashboard-data.spec.ts --grep "should undo a taken dose|should mark a dose as taken and show undo"` passed after resetting reused local servers and installing backend/frontend deps in this worktree.
-
- Task: Complete US7/T053 by adding intentional optional-auth verification logging.
- Output: Updated `backend/src/plugins/auth.ts` optional auth flow to emit debug logs for API-key/session verification outcomes (authenticated, key not found, key expired, inactive/missing user, session verify failure).
- Security note: Logs intentionally avoid token values and only include outcome-level context.
- Validation: Editor diagnostics for `backend/src/plugins/auth.ts` report no errors.
-
- Task: Complete US7/T054 by adding state-file read/parse failure logging.
- Output: Updated `backend/src/services/intake-reminder-scheduler.ts` so `loadIntakeReminderState` logs parse/read failures with state-file path and normalized error message before falling back to default state.
- Validation: Editor diagnostics for `backend/src/services/intake-reminder-scheduler.ts` report no errors.
-
- Task: Complete US7/T055 by replacing remaining broad catches in known hotspot files.
- Output: Updated `frontend/src/hooks/useSettings.ts` to log failures in `performSave`, `testEmail`, and `testShoutrrr` catch paths instead of broad silent catches.
- Output: Updated `backend/src/services/medication-enrichment.ts` startup/scheduled refresh catch handlers to log explicit failure context instead of swallowing with `.catch(() => undefined)`.
- Verification: Pattern search across hotspot files (`useSettings`, `auth`, `medication-enrichment`, `intake-reminder-scheduler`) shows no remaining `catch {}` or silent `.catch(() => undefined)` signatures.
-
- Task: Complete US7/T056 by running required frontend/backend check and build gates before handoff.
- Validation results: `frontend npm run check` remains blocked by known pre-existing TypeScript errors in `frontend/src/test/pages/MedicationsPage.test.tsx` lines 887 and 1641; `frontend npm run build` passed; `backend npm run check` passed; `backend npm run build` passed.
- Additional fix during gate run: resolved newly surfaced lint/import-order issues in `frontend/src/pages/MedicationsPage.tsx` and `frontend/src/hooks/index.ts`.
-
- Task: Complete US7/T057 observability testing handoff to `@testing-manager`.
- Output: Delegated US7 validation scope and received targeted command set, add-test recommendations for new observability log paths, and conditional pass guidance with baseline frontend check blocker classification.
-
- Task: Complete cross-cutting reconciliation tasks T058 and T059.
- Output: Updated status alignment in `specs/002-code-quality-remediation/tasks.md`, `plan/refactor-code-quality-remediation-tasks-1.md`, and `plan/refactor-code-quality-remediation-1.md` (plan status moved to In Progress with current execution snapshot).
-
- Task: Complete T060 release handoff.
- Output: Delegated handoff summary to `@release-manager` with completed-task scope, validation snapshot, blocker classification, and PR-prep checklist notes for the current branch state.
-
- Task: Normalize task completion tracking after US7/cross-cutting execution.
- Output: Reconciled historical checkboxes in `specs/002-code-quality-remediation/tasks.md` and mirrored status updates in `plan/refactor-code-quality-remediation-tasks-1.md` so completed US1-US3 items and US5 T042/T043 are marked consistently.
- Remaining open tasks now focused to: US4 (`T034`-`T039`), US5 (`T040`, `T041`, `T044`), and US6 (`T045`-`T051`).
-
- Task: Complete US4/T034 by extracting medication list orchestration from `MedicationsPage`.
- Output: Added `frontend/src/components/medications/MedicationListSection.tsx` and moved the grid/obsolete list rendering plus list actions into the new component while preserving existing handlers and UI behavior.
- Output: Rewired `frontend/src/pages/MedicationsPage.tsx` to render `MedicationListSection` via props/callbacks instead of inline list markup.
- Validation: Editor diagnostics report no errors in both touched files.
-
- Task: Complete US5/T040 inventory for medication enrichment backend decomposition.
- Output: Added `US5 Inventory Notes (T040)` in `specs/002-code-quality-remediation/plan.md` with concrete seam clusters (adapters, parsing/normalization, search/ranking, enrichment assembly, lifecycle/scheduler).
- Follow-up direction captured: target split into `backend/src/services/medication-enrichment/{adapters.ts,search.ts,index.ts}` for T041.
-
- Task: Complete US6/T045 inventory for backend DB utility and route decomposition targets.
- Output: Added `US6 Inventory Notes (T045)` in `specs/002-code-quality-remediation/plan.md` covering decomposition seams for `backend/src/db/db-utils.ts`, `backend/src/routes/medications.ts`, `backend/src/routes/planner.ts`, and `backend/src/routes/settings.ts`.
- Constraint capture: documented manual/scheduler reminder parity, shoutrrr extraction compatibility, and route-to-service dependency direction constraints for T046-T051.
-
- Task: Complete US4/T035 by extracting desktop medication edit orchestration shell.
- Output: Added `frontend/src/components/medications/MedicationEditCoordinator.tsx` to own desktop edit panel wrapper concerns (sidebar/card header/form shell).
- Output: Rewired `frontend/src/pages/MedicationsPage.tsx` to render `MedicationEditCoordinator` and keep form field internals as child content.
- Validation: Focused Biome check passed for `MedicationsPage.tsx`, `MedicationEditCoordinator.tsx`, `MedicationListSection.tsx`, and `components/index.ts`.
-
- Task: Validate US7 observability hardening slice for test readiness and release gate status.
- Scope reviewed: `frontend/src/hooks/useSettings.ts`, `backend/src/plugins/auth.ts`, `backend/src/services/intake-reminder-scheduler.ts`, `backend/src/services/medication-enrichment.ts`.
- Findings: Existing hook-level tests cover core `useSettings` behavior but do not assert new warning-log paths; no direct backend tests currently assert `optionalAuth` debug outcome logging or medication enrichment startup/scheduled refresh catch logging.
- Additional risk note: `backend/src/services/intake-reminder-scheduler.ts` now depends on shared notification modules (`services/notifications/*`), so slice validation should include scheduler delivery-path regression checks in addition to new observability assertions.
- Gate classification: recommended as conditionally pass for US7 slice once targeted tests pass; frontend global `npm run check` remains blocked by pre-existing MedicationsPage test typing errors outside US7 scope.
-
- Task: Complete US4/T036 by extracting modal/lightbox/report concerns from `MedicationsPage`.
- Output: Added `frontend/src/components/medications/MedicationDialogs.tsx` and moved unsaved/obsolete/delete confirm modals, lightbox, and report modal rendering behind a single dialog orchestration component.
- Output: Rewired `frontend/src/pages/MedicationsPage.tsx` to pass `MobileEditModal` as `mobileEditModal` node into `MedicationDialogs`, preserving desktop/mobile edit flow behavior.
- Validation: Focused Biome check passed for `MedicationsPage.tsx`, `MedicationDialogs.tsx`, `MedicationEditCoordinator.tsx`, `MedicationListSection.tsx`, and `components/index.ts`.
- Tracking: Marked `T036` complete in both `specs/002-code-quality-remediation/tasks.md` and `plan/refactor-code-quality-remediation-tasks-1.md`.
-
- Note: Started a first draft for US4/T037 dashboard section extraction, then reverted `frontend/src/pages/DashboardPage.tsx` to avoid carrying malformed intermediate edits; deferred T037 for a clean follow-up slice.
-
- Task: Complete remaining US4/US5/US6 implementation slice items (T037-T039, T041/T044, T046-T051).
- Output: Repaired `frontend/src/pages/DashboardPage.tsx` after malformed insertion, finalized extraction to `frontend/src/components/dashboard/DashboardReminderSection.tsx` and `frontend/src/components/dashboard/DashboardStatusSection.tsx`, and preserved existing reminder/status behavior through componentized rendering.
- Output: Finalized backend decomposition with focused DB modules (`backend/src/db/{path-utils,migration-utils,repair-utils}.ts`), route helper services (`backend/src/services/{medications-service,planner-service,settings-service}.ts`), and medication-enrichment module surface (`backend/src/services/medication-enrichment/{adapters,search,index}.ts`) plus route/import rewiring.
- Validation: Frontend gate for T038 executed as split runs due known baseline blocker: `npm run check` still fails on pre-existing `frontend/src/test/pages/MedicationsPage.test.tsx` TS errors at lines 887/1641, while `npm run build` passed; backend gate for T050 passed (`npm run check` and `npm run build`).
- Handoff record: Prepared and recorded testing-manager handoff scope for T039/T044/T051 (desktop/mobile parity checks, enrichment regression checks, and backend route/db regression checks) without running broad tests from this implementation agent.
- Tracking: Marked T037-T039, T041/T044, and T046-T051 complete in both `specs/002-code-quality-remediation/tasks.md` and `plan/refactor-code-quality-remediation-tasks-1.md`.
-
- Task: Implement missing regression tests and hard evidence for T039, T044, and T051.
- Output (frontend T039): Added `frontend/src/test/components/MedicationEditCoordinator.test.tsx` and `frontend/src/test/components/MedicationDialogs.test.tsx` with explicit desktop edit-shell and dialog orchestration assertions; retained mobile parity evidence via `frontend/src/test/components/MobileEditModal.test.tsx` targeted execution.
- Output (backend T044): Extended `backend/src/test/medication-enrichment.test.ts` with split-module export parity assertions (`index/search/adapters` vs canonical service) and transport-safe search failure contract assertion.
- Output (backend T051): Added `backend/src/test/decomposition-services.test.ts` for extracted service helpers (`medications-service`, `planner-service`, `settings-service`) and updated `backend/src/test/database.test.ts` to assert `.write-test` residue is not left behind.
- Validation commands/results:
-	- `cd frontend && CI=true npm run test:run -- src/test/components/MedicationEditCoordinator.test.tsx src/test/components/MedicationDialogs.test.tsx src/test/components/MobileEditModal.test.tsx` -> passed (`3` files, `71` tests).
-	- `cd backend && CI=true npm run test:run -- src/test/decomposition-services.test.ts src/test/medication-enrichment.test.ts src/test/database.test.ts src/test/medications.test.ts src/test/planner.test.ts src/test/settings.test.ts` -> passed (`6` files, `160` tests).
-	- `cd frontend && npm run check && npm run build` -> baseline fail at `frontend/src/test/pages/MedicationsPage.test.tsx` lines `887` and `1641` (`TS2349: Type 'never' has no call signatures`); unchanged pre-existing blocker.
-	- `cd backend && npm run check && npm run build` -> passed.
-
- Task: Achieve fully green backend/frontend/E2E test state after prior baseline blocker reports.
- Root causes fixed:
-	- Backend: `backend/src/test/db-client.test.ts` still mocked legacy `../db/db-utils.js` while `backend/src/db/client.ts` imports split modules (`path-utils`, `migration-utils`, `repair-utils`), causing false `process.exit(1)` failures.
-	- Frontend: test mocks were stale after context/hook/component decomposition (`useShareContext`, `useMedicationEnrichmentController`, and modal orchestration moved behind `MedicationDialogs`).
- Fixes applied:
-	- Hardened backend test env defaults in `backend/src/test/setup.ts` (`DOTENV_PATH`, `AUTH_ENABLED`, `OIDC_ENABLED`, plus `afterEach` reset).
-	- Updated `backend/src/test/db-client.test.ts` mocks to target `../db/path-utils.js`, `../db/migration-utils.js`, and `../db/repair-utils.js`.
-	- Updated `frontend/src/test/App.test.tsx` to mock and assert share state via `useShareContext` / `shareContextMock`.
-	- Updated `frontend/src/test/pages/MedicationsPage.test.tsx` to partially mock hooks barrel with real exports and added deterministic mock for `../../components/medications/MedicationDialogs`.
- Final validation (all green):
-	- `cd backend && CI=true npm run test:run` -> passed (`25` files, `639` tests).
-	- `cd frontend && CI=true npm run test:run` -> passed (`47` files, `881` tests).
-	- `cd frontend && PLAYWRIGHT_HTML_OPEN=never PLAYWRIGHT_WORKERS=1 npm run test:e2e -- --workers=1` -> passed (stable suite, exit code `0`, with one expected skipped scenario).
-	- `cd backend && npm run check` -> passed.
-	- `cd frontend && npm run check` -> passed.
-
- Task: Start full Playwright coverage expansion for app-shell/public-route gaps and stabilize flaky stable-suite checks.
- Output: Added `frontend/e2e/app-shell.spec.ts` with new E2E coverage for user-menu profile modal, about modal, sign-out flow, and public route redirect `/share/:token/overview -> /share/:token`.
- Output: Stabilized flaky assertions in `frontend/e2e/dashboard-data.spec.ts`, `frontend/e2e/schedule-data.spec.ts`, and `frontend/e2e/planner-data.spec.ts` by hardening take/undo flow timing and making stock text assertion tolerant of dynamic consumption.
- Output: Hardened `frontend/e2e/settings.spec.ts` calculation-mode toggle check to avoid hidden-input interaction and auto-save race conditions.
- Validation: Re-ran `E2E stable non-interactive` repeatedly after each fix cycle; latest run state is green for all executed tests (`157 passed`) with environment/guarded scenarios reported as skipped (`4 skipped`) and no failing tests.
@@ -1,529 +0,0 @@
-# Work Report
-
-## Entries
-
-### 2026-03-25
- Scope: Diagnose and fix the PR #475 frontend CI failure within testing/build ownership.
- What changed:
-  - Confirmed the GitHub "Frontend Build" job was failing in the frontend lint step, not in the Vite production build.
-  - Removed a stray whitespace-only line in `frontend/src/test/pages/MedicationsPage.test.tsx` that caused Biome formatting failure.
- Validation:
-  - `cd frontend && npm run lint`: passed after the whitespace fix.
-  - `cd frontend && npm run build`: passed locally; production bundle build remains green.
- Result: The branch was ready to push for CI re-run from a testing/build perspective.
-
-### 2026-03-25
- Scope: Isolate and validate the medication enrichment lookup work as its own PR-ready feature branch.
- What changed:
-  - Kept the branch focused on medication enrichment backend lookup logic, the shared lookup section, desktop/mobile editor parity, lookup utilities, translations, and the matching documentation update.
-  - Repaired split-induced corruption in the shared MedicationsPage and MobileEditModal frontend tests so the feature branch is parse-clean and locally testable again.
-  - Preserved the dedicated medication enrichment backend test file and added the shared frontend utility file used by the grouped lookup flow.
- Validation:
-  - Backend changed-file Biome: passed.
-  - Frontend changed-file Biome: passed.
-  - Backend Vitest `backend/src/test/medication-enrichment.test.ts`: passed (`12` tests, `0` failures).
-  - Frontend Vitest targeted medication enrichment files: passed (`116` tests, `0` failures).
- Result: This branch was locally green and ready for upstream PR creation.
-
-### 2026-03-25
- Scope: Reconcile PR #475 with the already merged stock/refill branch so the feature PR can merge cleanly on top of the new main.
- What changed:
-  - Kept the required doku history from both PR tracks while resolving the add/add conflicts in `doku/memory_notes.md` and `doku/report.md`.
-  - Combined the shared `frontend/src/test/pages/MedicationsPage.test.tsx` tail section so the medication enrichment tests and the already shipped stock-capacity list tests both remain present.
- Validation:
-  - Minimum frontend validation is rerun after conflict resolution before pushing the refreshed branch.
- Result: The feature branch is conflict-free locally and ready for the final revalidation/push cycle.
-
-### 2026-03-25
- Scope: Review and merge the currently open Dependabot PRs.
- What changed:
-  - Reviewed the three open Dependabot PRs and verified each diff was limited to package manifest and lockfile updates.
-  - Confirmed the frontend and backend dependency-group PRs had green relevant checks before merge.
-  - Accepted the skipped frontend/backend/E2E jobs on the root-level Biome bump because the change was tooling-only at repository root scope.
-  - Squash-merged PRs `#468`, `#469`, and `#470`.
- Validation:
-  - Synced local `main` with `github/main` after the merges.
-  - Confirmed there are no remaining open Dependabot PRs in this reviewed batch.
- Result: All currently reviewed Dependabot updates are merged and local `main` matches the remote shipping branch again.
-
-### 2026-03-25
- Scope: Prevent duplicate open weekly triage report issues.
- What changed:
-  - Confirmed the weekly triage workflow was creating a new report issue every Monday without closing older open weekly report issues first.
-  - Updated `.github/workflows/weekly-triage-report.yml` so older open `Weekly Triage Report - ...` issues are commented on and closed before the next report issue is created.
-  - Added an explicit weekly-report closure rule to `.github/agents/release-manager.agent.md`.
- Validation:
-  - Reviewed the current open weekly triage reports and confirmed both `#451` and `#471` were open before the workflow fix.
-  - Performed a local YAML parse check for the updated workflow.
- Result: Future weekly triage runs will keep only one open weekly report issue, and the release-manager guidance now states that requirement explicitly.
-
-### 2026-03-26
- Scope: Deliver the CSS architecture modernization and recover the local Spec Kit workspace after cleanup.
- What changed:
-  - Shipped the CSS modernization through isolated issue/PR flow using a fresh worktree from `github/main`, resulting in merged PR `#481` for issue `#480`.
-  - Removed the temporary worktree and returned the main workspace to local `main` as requested.
-  - Confirmed the missing `.specify` and `specs` content had been stashed during cleanup rather than deleted, then restored those local-only Spec Kit artifacts from `stash@{0}`.
- Validation:
-  - Verified the stash contents included `.specify/`, `specs/001-css-monolith-modernization/`, `docs/SPEC_KIT.md`, and the generated Spec Kit agent/prompt files.
-  - Verified those paths exist again in the workspace after `git stash apply stash@{0}`.
- Result: The CSS PR is merged on `main`, the extra worktree is gone, and the local Spec Kit files needed for follow-up planning are present again.
-
-### 2026-03-26
- Scope: Tighten the release-manager instructions after the cleanup-state misunderstanding.
- What changed:
-  - Updated `.github/agents/release-manager.agent.md` so `git stash` is explicitly limited to temporary transition use only.
-  - Added an explicit definition that a requested clean local `main` means no leftover tracked changes, no leftover untracked task files, and no stash being used as a substitute for actual cleanup.
-  - Added an end-of-flow verification step requiring an empty `git status` and no task-related stash residue when that clean end state is requested.
- Validation:
-  - Reviewed the updated agent rules in the release-manager file after the edit.
- Result: The release-manager guidance now matches the intended behavior and should not interpret "clean main" as "hide the leftovers in stash" again.
-
-### 2026-03-26
- Scope: Ignore all current local Spec Kit artifacts so they stop appearing as repo changes.
- What changed:
-  - Added ignore rules for `.specify/`, `specs/`, `docs/SPEC_KIT.md`, `.github/agents/medassist-feature-orchestrator.agent.md`, `.github/agents/speckit.*.agent.md`, and `.github/prompts/speckit.*.prompt.md`.
- Validation:
-  - Reviewed the current Spec Kit-related untracked paths and matched them with explicit `.gitignore` entries.
- Result: The restored local Spec Kit setup is now treated as local-only workspace state instead of appearing as pending repo changes.
-
-### 2026-03-26
- Scope: Repo-wide code-quality reporting audit across frontend and backend.
- What changed:
-  - Reviewed the largest backend and frontend source files for monolithic structure, duplicated business logic, swallowed errors, mixed responsibilities, and broad lint suppressions.
-  - Identified the highest-risk hotspots in notifications/reminders, schedule UI duplication, AppContext state orchestration, medication editing UI, and mixed-purpose backend utility/route modules.
-  - Prepared a reporting-only follow-up package: severity-ranked findings, a highest-ROI remediation plan, and a deeper analysis of notifications, AppContext, and schedule duplication.
- Validation:
-  - Cross-checked hotspot files with file-size data, targeted reads of the largest modules, repo-wide searches for `catch {}` and `biome-ignore-all`, and editor diagnostics for the main hotspot files.
- Result: The repo now has a concrete quality-risk map with prioritized refactor targets, without changing product behavior.
-
-### 2026-03-26
- Scope: Persist the code-quality audit as a standalone markdown artifact under `doku/`.
- What changed:
-  - Added `doku/code-quality-audit-2026-03-26.md` with the audit method, executive summary, detailed findings, deeper focus areas, and refactor order by ROI.
- Validation:
-  - Ensured the written markdown reflects the previously reported findings and remains reporting-only.
- Result: The code-quality audit is now captured in a dedicated repo-local markdown document for future reference.
-
-### 2026-03-26
- Scope: Review and merge the newly opened Dependabot PRs.
- What changed:
-  - Delegated the remote PR work to `@release-manager` per repository governance.
-  - Squash-merged PRs `#482`, `#483`, and `#484` after verifying they were dependency-only changes with acceptable CI state.
-  - Left PR `#485` open because its rerun was still in progress and not fully green yet.
- Validation:
-  - The release-manager review confirmed the merged PRs were dependency-only in scope.
-  - `#482` and `#483` had green relevant checks; `#484` was accepted as root-only tooling scope with skipped runtime jobs; `#485` was not merged because checks were still running.
- Result: Three Dependabot PRs are merged, and only `#485` remains open pending green checks.
-
-### 2026-03-26
- Scope: Review and merge currently open Dependabot pull requests that are safe to ship.
- What changed:
-  - Reviewed the four open Dependabot PRs and confirmed each diff was dependency-only, limited to a single lockfile change with no suspicious mixed edits.
-  - Squash-merged PR `#483` (`picomatch` in `/frontend`), PR `#482` (`picomatch` in `/backend`), and PR `#484` (root `picomatch` dev dependency lockfile bump).
-  - Rebasing PR `#485` (`yaml` in `/backend`) onto the updated `main` after the backend lockfile changed from another merged Dependabot PR.
- Validation:
-  - Confirmed green relevant checks before merge for `#482`, `#483`, and `#484`, treating skipped frontend/backend/E2E jobs on the root-only lockfile update as acceptable for its tooling-only scope.
-  - Re-checked PR `#485` after the rebase and left it open because its refreshed Playwright E2E run was still in progress, so it was not yet fully green.
- Result: Three safe Dependabot PRs were merged; one remains open pending completion of its rerun checks.
-
-### 2026-03-27
- Scope: Stabilize PR #490 (`test/e2e-stability-remediation`) after CI failures in `Frontend Build` and `Playwright E2E`.
- What changed:
-  - Fixed frontend formatting gate violation in `frontend/e2e/app-shell.spec.ts`.
-  - Fixed TypeScript check failures in `frontend/src/test/pages/MedicationsPage.test.tsx` by replacing nullable optional-callback resolvers with definite-assignment callbacks plus matching typed Promise resolvers.
-  - Stabilized dashboard dose-undo E2E flow in `frontend/e2e/dashboard-data.spec.ts` by waiting for seeded overview-table content before asserting `.day-block.today` and before post-reload undo assertions.
-  - Hardened E2E auth setup in `frontend/e2e/auth.setup.ts` to avoid unnecessary `/auth/register` calls that consume sensitive rate-limit quota; setup now attempts login first and only registers/retries as fallback.
- Validation:
-  - `cd frontend && CI=true npm run check`: passed.
-  - `cd frontend && CI=true npm run build`: passed.
-  - `cd frontend && PLAYWRIGHT_HTML_OPEN=never PLAYWRIGHT_WORKERS=1 npx playwright test --config=playwright.stable.config.ts --workers=1 e2e/dashboard-data.spec.ts --grep "should undo a taken dose|should mark a dose as taken and show undo"`: passed (3/3, including setup).
- Result: Both originally failing CI scopes now reproduce cleanly with local targeted validation in the PR worktree.
-
-### 2026-03-26
- Scope: Turn the code-quality audit into an implementation roadmap.
- What changed:
-  - Added `plan/refactor-code-quality-remediation-1.md` as a structured implementation plan derived from `doku/code-quality-audit-2026-03-26.md`.
-  - Split the remediation work into six phases covering notification refactoring, shared schedule UI extraction, AppContext splitting, large frontend component decomposition, backend module decomposition, and observability hardening.
-  - Defined concrete tasks, affected files, testing responsibilities, risks, and sequencing constraints for future execution.
- Validation:
-  - Ensured the plan remains reporting/planning-only and aligns with `AGENTS.md` constraints on PR scope and testing ownership.
- Result: The audit findings now have a concrete, phase-based implementation plan that can be executed incrementally.
-
-### 2026-03-26
- Scope: Review the remediation plan and prepare it for execution handoff.
- What changed:
-  - Re-checked `plan/refactor-code-quality-remediation-1.md` against the audit and governance constraints.
-  - Added an `Execution Slices & Handoff` section so the next agent starts with a single PR-sized objective instead of the whole refactor roadmap.
-  - Marked Phase 1 as the first execution slice and documented the required follow-up handoffs to `@testing-manager` and `@release-manager`.
- Validation:
-  - Confirmed the first slice stays backend-only, matches the audit's top priority, and respects the repository's one-objective-per-PR rule.
- Result: The plan is now execution-ready and includes a concrete next-agent handoff path.
-
-### 2026-03-26
- Scope: Break the remediation plan into executable checklist tasks.
- What changed:
-  - Added `plan/refactor-code-quality-remediation-tasks-1.md` as a task breakdown derived from the approved remediation plan and audit.
-  - Organized the work into setup, foundational prerequisites, six independently shippable remediation stories, and cross-cutting polish tasks.
-  - Added explicit per-story validation criteria, dependencies, parallel opportunities, and required handoff tasks to `@testing-manager` and `@release-manager`.
- Validation:
-  - Confirmed every task uses the required checklist format with task ID, optional parallel marker, story label where applicable, and exact file paths.
-  - Confirmed the task list stays aligned with the one-objective-per-PR rule and notes that the normal `.specify` branch-based prerequisite flow was unavailable on `main`.
- Result: The remediation plan is now broken into an execution-ready task list.
-
-### 2026-03-26
- Scope: Apply the consistency remediations needed to make the remediation feature analyzable and execution-safe.
- What changed:
-  - Created a local feature branch `002-code-quality-remediation` so the Spec Kit prerequisite flow can resolve the feature formally.
-  - Added a minimal Spec Kit feature set under `specs/002-code-quality-remediation/` with `spec.md`, `plan.md`, and `tasks.md` derived from the approved audit and remediation plan.
-  - Tightened `plan/refactor-code-quality-remediation-1.md` with explicit slice validation requirements and narrower execution slices.
-  - Reworked `plan/refactor-code-quality-remediation-tasks-1.md` so only the reminder parity inventory remains blocking, later inventory work moved into the relevant slices, and each slice now has explicit local `check` and `build` validation before testing handoff.
- Validation:
-  - The feature now has the branch name and artifact layout expected by the Spec Kit prerequisite script.
-  - The MVP slice is no longer blocked by inventory work for unrelated later slices.
- Result: The remediation work is now represented both as a local planning set and as a minimal Spec Kit feature that is ready for formal prerequisite checks and follow-up analysis.
-
-### 2026-03-26
- Scope: Implement US1 by consolidating reminder notification delivery across manual and scheduler paths.
- What changed:
-  - Added shared notification modules in `backend/src/services/notifications/` for SMTP delivery, push delivery, push payload builders, and reminder-state helpers.
-  - Refactored `backend/src/services/reminder-scheduler.ts` to use shared notification modules and removed duplicated local delivery logic.
-  - Refactored reminder endpoints in `backend/src/routes/planner.ts` to use shared email/push delivery and shared push builders.
-  - Refactored `backend/src/services/intake-reminder-scheduler.ts` to reuse shared delivery/state helpers.
- Validation:
-  - Ran `npm run check` in `backend/`; fixed remaining refactor leftovers (unused symbols and stale SMTP log field references), then re-ran successfully.
-  - Ran `npm run build` in `backend/`; build completed successfully after fixes.
- Result: Reminder notification handling is now centralized for the affected code paths, duplication is reduced, and backend check/build gates are green.
-
-### 2026-03-26
- Scope: Testing ownership handoff for US1 reminder refactor.
- What changed:
-  - Delegated reminder regression planning to `@testing-manager` per repository governance.
-  - Received a focused, risk-based test plan covering manual planner reminders, scheduled reminders, and intake reminder flows.
-  - Captured targeted test commands, proposed gap tests, and a concise pass/fail checklist for PR validation notes.
- Result: Testing next steps are now prepared in executable form and aligned with ownership boundaries.
-
-### 2026-03-26
- Scope: Continue remediation execution with the next task (US2/T016 schedule duplication inventory).
- What changed:
-  - Reviewed schedule rendering and interaction logic across `frontend/src/pages/DashboardPage.tsx`, `frontend/src/pages/SchedulePage.tsx`, and `frontend/src/components/SharedSchedule.tsx`.
-  - Documented concrete duplication touchpoints in `specs/002-code-quality-remediation/plan.md` under `US2 Inventory Notes (T016)`.
-  - Marked `T016` as completed in `specs/002-code-quality-remediation/tasks.md`.
- Result: The US2 extraction work now has a concrete duplication inventory baseline for T017-T022 implementation.
-
-### 2026-03-26
- Scope: Implement US2/T017 shared schedule helper foundation.
- What changed:
-  - Added `frontend/src/features/schedule/formatters.ts` with reusable schedule usage-label formatting helpers.
-  - Added `frontend/src/features/schedule/storage.ts` with shared collapse-state load/save helpers for schedule surfaces.
-  - Marked `T017` as completed in `specs/002-code-quality-remediation/tasks.md`.
- Result: The common helper layer exists and is ready for the page-level rewiring tasks (`T019`-`T021`).
-
-### 2026-03-26
- Scope: Implement US2/T018 shared schedule interaction helper foundation.
- What changed:
-  - Added `frontend/src/features/schedule/interactions.ts` with shared helpers for collapse-state decisions and dose progress counting.
-  - Marked `T018` as completed in `specs/002-code-quality-remediation/tasks.md`.
- Result: Interaction primitives are now available for the upcoming schedule page rewiring tasks.
-
-### 2026-03-26
- Scope: Complete US2 rewiring tasks T019-T021 to use shared schedule helpers.
- What changed:
-  - Rewired `frontend/src/pages/DashboardPage.tsx` to use shared schedule formatter helpers.
-  - Rewired `frontend/src/pages/SchedulePage.tsx` to use shared schedule formatter helpers.
-  - Rewired `frontend/src/components/SharedSchedule.tsx` to use shared schedule formatter/storage/interaction helpers.
-  - Marked `T019`, `T020`, and `T021` as completed in `specs/002-code-quality-remediation/tasks.md`.
- Validation:
-  - Editor diagnostics reported no errors in the touched frontend files.
- Result: US2 helper consumption is now implemented across the three schedule surfaces.
-
-### 2026-03-26
- Scope: Immediate execution sequence for adapting US1 reminder consolidation tests.
- What changed:
-  - Mapped currently relevant baseline suites to `backend/src/test/planner.test.ts` and `backend/src/test/intake-reminder-scheduler.test.ts`.
-  - Verified existing assertions for SMTP/push failure handling and identified missing direct unit coverage for consolidated modules (`backend/src/services/notifications/delivery.ts`, `backend/src/services/notifications/builders.ts`, `backend/src/services/notifications/state.ts`).
-  - Prepared a concrete run order for immediate execution: baseline targeted tests, add focused new unit tests for consolidated modules, rerun targeted suites, then run backend `check` and `build` as completion gate.
- Result: The testing handoff now includes a deterministic, command-ready sequence aligned with backend-only validation for this refactor slice.
-
-### 2026-03-26
- Scope: Testing handoff validation for US2 schedule helper consolidation (T023).
- What changed:
-  - Ran a focused frontend Vitest parity set for schedule behavior across `DashboardPage`, `SchedulePage`, and `SharedSchedule`, including schedule and storage utility tests.
-  - Executed targeted Playwright schedule specs (`frontend/e2e/schedule.spec.ts` and `frontend/e2e/schedule-data.spec.ts`) in non-interactive mode.
-  - Re-ran frontend check gate (`npm run check`) to classify TypeScript blockers.
- Validation:
-  - Vitest targeted set passed: 6 files, 205 tests.
-  - Playwright targeted set: 22 passed, 1 failed (`should mark dose as taken and show undo` in `frontend/e2e/schedule-data.spec.ts`).
-  - Frontend check gate still fails on the same two existing MedicationsPage test typing errors (`frontend/src/test/pages/MedicationsPage.test.tsx` lines 887 and 1641).
- Result: Schedule parity refactor appears stable in targeted frontend tests, while the current check gate remains blocked by pre-existing MedicationsPage test TypeScript issues outside the US2 schedule scope.
-
-### 2026-03-26
- Scope: Execute US3 AppContext decomposition tasks (T025-T031).
- What changed:
-  - Documented AppContext inventory and heavy-consumer seams in `specs/002-code-quality-remediation/plan.md` (`US3 Inventory Notes (T025)`).
-  - Added first extracted state boundary via `frontend/src/context/ShareContext.tsx` and integrated it in `frontend/src/context/AppContext.tsx` and `frontend/src/context/index.ts`.
-  - Added schedule orchestration hook `frontend/src/hooks/useScheduleController.ts` and exported it from `frontend/src/hooks/index.ts`.
-  - Migrated heavy consumers to smaller boundaries: `frontend/src/pages/DashboardPage.tsx`, `frontend/src/pages/SchedulePage.tsx`, and share-state consumption in `frontend/src/App.tsx`.
-  - Handed off AppContext regression validation to `@testing-manager`.
- Validation:
-  - Production-file editor diagnostics for touched US3 files are clean.
-  - `frontend` check gate remains blocked by known pre-existing MedicationsPage test typing errors in `frontend/src/test/pages/MedicationsPage.test.tsx`.
- Result: US3 decomposition structure is in place, heavy consumers started migration, and validation ownership handoff is completed with a targeted execution plan.
-
-### 2026-03-26
- Scope: Continue with US4 decomposition tasks T032-T033.
- What changed:
-  - Documented desktop/mobile medication-edit parity touchpoints in `specs/002-code-quality-remediation/plan.md` (`US4 Inventory Notes (T032)`).
-  - Added `frontend/src/hooks/useMedicationEnrichmentController.ts` for extracted medication enrichment state management.
-  - Rewired `frontend/src/pages/MedicationsPage.tsx` to consume the extracted enrichment controller hook.
-  - Marked `T032` and `T033` as completed in `specs/002-code-quality-remediation/tasks.md`.
- Result: US4 enrichment state management now has a dedicated hook boundary and parity inventory baseline for the remaining decomposition tasks.
-
-### 2026-03-26
- Scope: Testing handoff validation for US3 AppContext decomposition boundaries.
- What changed:
-  - Re-ran frontend check gate (`npm run check`) to classify current blocker status.
-  - Ran focused Vitest coverage for share/schedule behavior (`frontend/src/test/pages/SchedulePage.test.tsx` and `frontend/src/test/components/ShareDialog.test.tsx`).
-  - Ran non-interactive targeted Playwright coverage for user-facing schedule/share flows (`frontend/e2e/schedule.spec.ts` and `frontend/e2e/share-schedule.spec.ts`) with stable CI-style settings.
-  - Executed broader targeted Vitest command including `App.test.tsx` and `DashboardPage.test.tsx` to verify boundary-extraction test impacts.
- Validation:
-  - Frontend check remains blocked only by existing TypeScript errors in `frontend/src/test/pages/MedicationsPage.test.tsx` lines 887 and 1641.
-  - Focused Vitest slice passed: 2 files, 47 tests.
-  - Targeted Playwright slice passed: 23 tests.
-  - `App.test.tsx` and `DashboardPage.test.tsx` fail due stale mocks missing `useShareContext` in mocked `context` modules.
- Result: No browser-level regression signal in schedule/share user flows; current blockers are (1) unrelated baseline MedicationsPage typing errors and (2) required test-mock updates for the new ShareContext boundary.
-
-### 2026-03-26
- Scope: Implement US7/T052 observability hardening in frontend settings refresh paths.
- What changed:
-  - Updated `frontend/src/hooks/useSettings.ts` to replace swallowed failures in reminder-status refresh and keepalive settings flush paths.
-  - Added structured warning logs (`[useSettings] reminder status refresh failed`, `[useSettings] keepalive settings flush failed`) with normalized error-message payloads.
-  - Added a local `getErrorMessage` helper to safely convert unknown caught values to strings for logging.
- Validation:
-  - Editor diagnostics for `frontend/src/hooks/useSettings.ts` show no errors after the update.
- Result: Refresh-related failures in settings flow are now visible in logs instead of being silently discarded.
-
-### 2026-03-26
- Scope: Implement US7/T053 and T054 observability hardening in auth and intake scheduler paths.
- What changed:
-  - Updated `backend/src/plugins/auth.ts` optional-auth flow to add intentional debug logging for verification outcomes (session success/failure and API-key success/failure categories).
-  - Updated `backend/src/services/intake-reminder-scheduler.ts` so intake reminder state-file read/parse failures are logged with file path and normalized error detail before fallback state initialization.
-  - Marked `T053` and `T054` as completed in `specs/002-code-quality-remediation/tasks.md`.
- Validation:
-  - Editor diagnostics show no errors in `backend/src/plugins/auth.ts` and `backend/src/services/intake-reminder-scheduler.ts`.
- Result: Optional-auth and state-file failure paths now produce actionable diagnostics instead of silent failure behavior.
-
-### 2026-03-26
- Scope: Implement US7/T055 by removing remaining broad silent catches in known hotspot files.
- What changed:
-  - Updated `frontend/src/hooks/useSettings.ts` to log structured warnings in `performSave`, `testEmail`, and `testShoutrrr` failure paths.
-  - Updated `backend/src/services/medication-enrichment.ts` to log startup/scheduled EMA refresh catch failures instead of swallowing them.
-  - Marked `T055` as completed in `specs/002-code-quality-remediation/tasks.md`.
- Validation:
-  - Editor diagnostics show no errors in touched files.
-  - Pattern search in hotspot files finds no remaining `catch {}` or `.catch(() => undefined)` signatures.
- Result: Broad catch anti-patterns from the documented hotspot set are now replaced by explicit, actionable handling.
-
-### 2026-03-26
- Scope: Testing-manager validation planning for US7 observability hardening slice on branch `002-code-quality-remediation`.
- What changed:
-  - Reviewed US7 touched files and mapped each new observability path to existing backend/frontend test coverage.
-  - Identified missing direct assertions for optional-auth verification logs (`backend/src/plugins/auth.ts`) and enrichment scheduler catch logs (`backend/src/services/medication-enrichment.ts`).
-  - Classified the known frontend TypeScript check failure in `frontend/src/test/pages/MedicationsPage.test.tsx` as pre-existing and outside US7 file scope.
- Validation:
-  - Confirmed existing local gates already reported as passing for backend (`npm run check`, `npm run build`) and frontend build (`npm run build`).
-  - Confirmed frontend global check remains blocked by existing MedicationsPage test typing issues at lines 887 and 1641.
- Result: Provided a targeted test command set, high-risk add-test recommendations, and a conditional pass recommendation for US7 pending focused regression/observability tests.
-
-### 2026-03-26
- Scope: Execute US7/T056 and T057 completion gates and testing handoff.
- What changed:
-  - Ran required frontend/backend gate commands before handoff:
-    - `cd frontend && npm run check`
-    - `cd frontend && npm run build`
-    - `cd backend && npm run check && npm run build`
-  - Fixed newly surfaced frontend gate issues (`unused type import` in `MedicationsPage.tsx`, export ordering in `hooks/index.ts`) and re-ran frontend check.
-  - Delegated US7 observability validation to `@testing-manager` and captured the targeted regression strategy plus blocker classification.
-  - Marked `T056` and `T057` as completed in `specs/002-code-quality-remediation/tasks.md`.
- Validation:
-  - Frontend check remains blocked by known pre-existing TypeScript errors in `frontend/src/test/pages/MedicationsPage.test.tsx` lines 887 and 1641.
-  - Frontend build passed.
-  - Backend check and build passed.
- Result: US7 implementation and mandatory pre-handoff validation/handoff steps are complete; remaining blocker is the known baseline frontend test typing issue outside US7 scope.
-
-### 2026-03-26
- Scope: Complete cross-cutting closure tasks T058-T060 for the current remediation continuation.
- What changed:
-  - Updated cross-slice progress logs in `doku/memory_notes.md` and `doku/report.md` (T058).
-  - Reconciled remediation status across `specs/002-code-quality-remediation/tasks.md`, `plan/refactor-code-quality-remediation-tasks-1.md`, and `plan/refactor-code-quality-remediation-1.md` (T059).
-  - Updated plan execution status to `In Progress` and added a current execution snapshot in `plan/refactor-code-quality-remediation-1.md`.
-  - Handed off completed slice summaries, validation snapshot, and PR-prep checklist context to `@release-manager` (T060).
- Validation:
-  - Status checklists for US7 and cross-cutting tasks are aligned across the active spec and plan task artifacts.
-  - Blocker classification remains unchanged: known pre-existing frontend test typing errors in `frontend/src/test/pages/MedicationsPage.test.tsx` lines 887 and 1641.
- Result: US7 plus cross-cutting closure tasks for this continuation are fully completed and handed off with consistent status tracking.
-
-### 2026-03-26
- Scope: Normalize historical task checkbox state to reflect already implemented slices.
- What changed:
-  - Marked completed setup/foundational/US1/US2/US3 tasks as done in `specs/002-code-quality-remediation/tasks.md` where implementation and handoff evidence already existed.
-  - Mirrored those completion states in `plan/refactor-code-quality-remediation-tasks-1.md` for status consistency.
-  - Kept only genuinely pending work open.
- Validation:
-  - Remaining open tasks in the active remediation spec are now reduced to:
-    - US4: `T034`-`T039`
-    - US5: `T040`, `T041`, `T044`
-    - US6: `T045`-`T051`
- Result: Task tracking now reflects actual implementation state and cleanly isolates the remaining decomposition backlog.
-
-### 2026-03-26
- Scope: Implement US4/T034 medication list orchestration extraction.
- What changed:
-  - Added `frontend/src/components/medications/MedicationListSection.tsx` and moved medication grid + obsolete section orchestration from `MedicationsPage` into this focused component.
-  - Rewired `frontend/src/pages/MedicationsPage.tsx` to consume `MedicationListSection` through explicit props and callbacks for edit/view/delete/reactivate/image-preview actions.
-  - Marked `T034` as completed in `specs/002-code-quality-remediation/tasks.md` and `plan/refactor-code-quality-remediation-tasks-1.md`.
- Validation:
-  - Editor diagnostics show no errors in `frontend/src/components/medications/MedicationListSection.tsx` and `frontend/src/pages/MedicationsPage.tsx`.
- Result: Medication list rendering/orchestration is now separated from the page-level edit/modals flow, reducing `MedicationsPage` responsibility while preserving current UI behavior.
-
-### 2026-03-26
- Scope: Complete US5/T040 decomposition inventory for medication enrichment service.
- What changed:
-  - Added `US5 Inventory Notes (T040)` to `specs/002-code-quality-remediation/plan.md` for `backend/src/services/medication-enrichment.ts`.
-  - Documented concrete responsibility clusters and extraction seams: remote adapters, parsing/normalization, search/ranking, enrichment assembly, and lifecycle/scheduler runtime.
-  - Captured the target split direction for the next task (`T041`) into `backend/src/services/medication-enrichment/{adapters.ts,search.ts,index.ts}`.
-  - Marked `T040` complete in both task trackers.
- Result: US5 implementation now has an explicit seam map for the upcoming module split, reducing risk for the next backend refactor step.
-
-### 2026-03-26
- Scope: Complete US6/T045 decomposition inventory for backend utility and route modules.
- What changed:
-  - Added `US6 Inventory Notes (T045)` in `specs/002-code-quality-remediation/plan.md` for `backend/src/db/db-utils.ts`, `backend/src/routes/medications.ts`, `backend/src/routes/planner.ts`, and `backend/src/routes/settings.ts`.
-  - Documented concrete split seams for migration/repair helpers, medication route business logic, notification rendering/dispatch helpers, and settings/shoutrrr concerns.
-  - Captured coupling/parity constraints required for subsequent US6 implementation tasks.
-  - Marked `T045` complete in both remediation task trackers.
- Result: US6 now has a concrete, risk-aware seam inventory to guide extraction tasks T046-T051.
-
-### 2026-03-26
- Scope: Implement US4/T035 medication edit orchestration extraction.
- What changed:
-  - Added `frontend/src/components/medications/MedicationEditCoordinator.tsx` as the desktop edit-panel orchestration shell (sidebar/card head/form wrapper).
-  - Rewired `frontend/src/pages/MedicationsPage.tsx` to use `MedicationEditCoordinator` and keep the detailed form field content nested as child layout.
-  - Kept `MedicationListSection` extraction integrated and updated barrel exports in `frontend/src/components/index.ts`.
-  - Marked `T035` complete in both remediation task trackers.
- Validation:
-  - Focused Biome check passed for:
-    - `frontend/src/pages/MedicationsPage.tsx`
-    - `frontend/src/components/medications/MedicationEditCoordinator.tsx`
-    - `frontend/src/components/medications/MedicationListSection.tsx`
-    - `frontend/src/components/index.ts`
- Result: `MedicationsPage` orchestration is further decomposed by separating desktop edit shell responsibilities from page-level state and field logic.
-
-### 2026-03-26
- Scope: Implement US4/T036 modal/report decomposition in medication edit flow.
- What changed:
-  - Added `frontend/src/components/medications/MedicationDialogs.tsx` to centralize dialog concerns for:
-    - unsaved-changes confirmation
-    - obsolete confirmation
-    - delete confirmation
-    - image lightbox
-    - report modal
-  - Rewired `frontend/src/pages/MedicationsPage.tsx` so `MobileEditModal` is passed as `mobileEditModal` into `MedicationDialogs` and all dialog props/callbacks are controlled from the page orchestrator.
-  - Marked `T036` complete in both `specs/002-code-quality-remediation/tasks.md` and `plan/refactor-code-quality-remediation-tasks-1.md`.
- Validation:
-  - Focused Biome check passed for:
-    - `frontend/src/pages/MedicationsPage.tsx`
-    - `frontend/src/components/medications/MedicationDialogs.tsx`
-    - `frontend/src/components/medications/MedicationEditCoordinator.tsx`
-    - `frontend/src/components/medications/MedicationListSection.tsx`
-    - `frontend/src/components/index.ts`
- Result: Modal/report rendering is now separated from form/list orchestration in `MedicationsPage`, reducing page-level UI responsibility while preserving behavior.
-
-### 2026-03-26
- Scope: US4/T037 initial attempt status.
- What changed:
-  - Began a first extraction attempt for dashboard reminder/status sections.
-  - Reverted `frontend/src/pages/DashboardPage.tsx` to the stable pre-attempt state after detecting malformed intermediate edits.
-  - Removed unfinished draft dashboard extraction component files to keep the branch free of partial, unused code.
- Result: T037 remains open and deferred for a clean follow-up implementation step.
-
-### 2026-03-26
- Scope: Complete remaining US4/US5/US6 tasks (`T037-T039`, `T041`/`T044`, `T046-T051`) for branch `002-code-quality-remediation`.
- What changed:
-  - Repaired and finalized dashboard decomposition:
-    - integrated `frontend/src/components/dashboard/DashboardReminderSection.tsx`
-    - integrated `frontend/src/components/dashboard/DashboardStatusSection.tsx`
-    - rewired `frontend/src/pages/DashboardPage.tsx` to use extracted sections.
-  - Completed backend utility/route decomposition delivery:
-    - split DB helpers into `backend/src/db/path-utils.ts`, `backend/src/db/migration-utils.ts`, and `backend/src/db/repair-utils.ts`
-    - converted `backend/src/db/db-utils.ts` to compatibility barrel exports
-    - extracted route helper/business logic into `backend/src/services/medications-service.ts`, `backend/src/services/planner-service.ts`, and `backend/src/services/settings-service.ts`
-    - completed medication-enrichment module split surface under `backend/src/services/medication-enrichment/{adapters.ts,search.ts,index.ts}` and updated route/startup imports.
-  - Reconciled task trackers:
-    - marked `T037-T039`, `T041`/`T044`, and `T046-T051` complete in both active task files.
- Validation:
-  - Frontend gate (`T038`):
-    - `cd frontend && npm run check` fails on known pre-existing baseline test typing issues in `frontend/src/test/pages/MedicationsPage.test.tsx` (lines 887 and 1641).
-    - `cd frontend && npm run build` passed.
-  - Backend gate (`T050`):
-    - `cd backend && npm run check && npm run build` passed.
- Handoff:
-  - Recorded testing-manager handoff scope for:
-    - `T039` desktop/mobile medication-edit parity validation
-    - `T044` medication-enrichment regression planning/validation
-    - `T051` backend DB/route decomposition regression planning.
- Result: All requested remaining implementation tasks for US4/US5/US6 are completed in code with required trackers/reporting updates and recorded gate outcomes; residual blocker remains the known pre-existing frontend test typing issue outside this slice.
-
-### 2026-03-26
- Scope: Implement missing test evidence for `T039`, `T044`, and `T051`.
- What changed:
-  - Added frontend decomposition parity tests:
-    - `frontend/src/test/components/MedicationEditCoordinator.test.tsx`
-    - `frontend/src/test/components/MedicationDialogs.test.tsx`
-  - Extended backend medication enrichment regression coverage in `backend/src/test/medication-enrichment.test.ts`:
-    - split-module export parity checks for `services/medication-enrichment/{index,search,adapters}.ts`
-    - route-level transport failure contract assertion for `/medication-enrichment/search`
-  - Added backend extracted-service regression coverage in `backend/src/test/decomposition-services.test.ts` for:
-    - `backend/src/services/medications-service.ts`
-    - `backend/src/services/planner-service.ts`
-    - `backend/src/services/settings-service.ts`
-  - Updated DB helper regression expectation in `backend/src/test/database.test.ts` to assert no `.write-test` residue is left by `ensureDataDirectory`.
- Validation:
-  - `cd frontend && CI=true npm run test:run -- src/test/components/MedicationEditCoordinator.test.tsx src/test/components/MedicationDialogs.test.tsx src/test/components/MobileEditModal.test.tsx` -> passed (`3` files, `71` tests).
-  - `cd backend && CI=true npm run test:run -- src/test/decomposition-services.test.ts src/test/medication-enrichment.test.ts src/test/database.test.ts src/test/medications.test.ts src/test/planner.test.ts src/test/settings.test.ts` -> passed (`6` files, `160` tests).
-  - `cd frontend && npm run check && npm run build` -> failed on known baseline blocker in `frontend/src/test/pages/MedicationsPage.test.tsx` (`TS2349` at lines `887` and `1641`), unchanged by this work.
-  - `cd backend && npm run check && npm run build` -> passed.
- Result: Concrete regression evidence is now present for T039/T044/T051 with targeted tests and passing backend/frontend test subsets; only the known pre-existing frontend TypeScript blocker remains for full frontend check gate.
-
-### 2026-03-26
- Scope: Remove remaining test blockers and deliver fully green backend/frontend/E2E validation.
- What changed:
-  - Fixed backend false-negative bootstrap tests by updating stale module mocks in `backend/src/test/db-client.test.ts` to match the split DB utility imports now used by `backend/src/db/client.ts`.
-  - Hardened backend test runtime defaults in `backend/src/test/setup.ts` so local `.env` values cannot leak into suite execution (`DOTENV_PATH` + explicit auth/oidc defaults + reset in `afterEach`).
-  - Updated frontend test mocks for the App/Medications decompositions:
-    - `frontend/src/test/App.test.tsx`: switched share-dialog assertions from app context to share context (`useShareContext`).
-    - `frontend/src/test/pages/MedicationsPage.test.tsx`: switched hooks barrel mock to partial real exports and added a deterministic `MedicationDialogs` mock so unsaved/obsolete/report flows are asserted against the current composition.
- Validation:
-  - `cd backend && CI=true npm run test:run` -> passed (`25` files, `639` tests).
-  - `cd frontend && CI=true npm run test:run` -> passed (`47` files, `881` tests).
-  - `cd frontend && PLAYWRIGHT_HTML_OPEN=never PLAYWRIGHT_WORKERS=1 npm run test:e2e -- --workers=1` -> passed (stable E2E suite, exit code `0`).
-  - `cd backend && npm run check` -> passed.
-  - `cd frontend && npm run check` -> passed.
- Result: Full local validation is green across backend tests, frontend tests, stable Playwright E2E, and both static check gates.
-
-### 2026-03-26
- Scope: Start broad Playwright expansion to cover additional app-shell and public-route behavior, then harden flaky E2E checks.
- What changed:
-  - Added `frontend/e2e/app-shell.spec.ts` with new scenarios for:
-    - user menu -> profile modal open/close
-    - user menu -> about modal open/close
-    - user menu -> sign out flow
-    - public redirect `/share/:token/overview` to `/share/:token`
-  - Stabilized failing E2E cases:
-    - `frontend/e2e/dashboard-data.spec.ts`: hardened take/undo flow with POST response synchronization + reload-based verification.
-    - `frontend/e2e/schedule-data.spec.ts`: hardened take/undo assertion timing and server-ack synchronization.
-    - `frontend/e2e/planner-data.spec.ts`: replaced brittle fixed-number stock assertion with dynamic but still meaningful stock-detail checks.
-    - `frontend/e2e/settings.spec.ts`: made calculation-mode toggle test robust against hidden-radio/input and auto-save timing behavior.
- Validation:
-  - Re-ran `E2E stable non-interactive` after each fix cycle.
-  - Final stable run: `157 passed`, `4 skipped`, `0 failed`.
- Result: Playwright coverage now includes additional shell-level behaviors and the previously failing stable-suite tests are resolved; current stable suite exits without failures.
@@ -17,7 +17,7 @@ server {
    add_header X-Content-Type-Options "nosniff" always;
    add_header X-XSS-Protection "1; mode=block" always;
    add_header Referrer-Policy "strict-origin-when-cross-origin" always;
-    add_header Content-Security-Policy "default-src 'self'; base-uri 'self'; frame-ancestors 'self'; object-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com data:; img-src 'self' data: blob:; connect-src 'self' https://api.github.com; frame-src 'self'; form-action 'self'; upgrade-insecure-requests" always;
+    add_header Content-Security-Policy "default-src 'self'; base-uri 'self'; frame-ancestors 'self'; object-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com data:; img-src 'self' data: blob:; connect-src 'self' https://api.github.com; frame-src 'self'; form-action 'self'" always;
    add_header Permissions-Policy "camera=(), microphone=(), geolocation=(), payment=(), usb=(), accelerometer=(), gyroscope=(), magnetometer=()" always;

    # Allow larger file uploads (for medication images and data import/export)
@@ -1,7 +1,7 @@
 {
  "name": "medassist-ng-frontend",
  "private": true,
-  "version": "1.22.2",
+  "version": "1.25.0",
  "type": "module",
  "scripts": {
    "dev": "vite",
@@ -27,30 +27,30 @@
    "test:e2e:report": "playwright show-report"
  },
  "dependencies": {
-    "i18next": "^26.0.3",
+    "i18next": "^26.1.0",
    "i18next-browser-languagedetector": "^8.2.1",
-    "lucide-react": "^1.7.0",
-    "react": "^19.2.4",
-    "react-dom": "^19.2.4",
-    "react-i18next": "^17.0.2",
-    "react-router-dom": "^7.14.0",
-    "zod": "^4.3.6"
+    "lucide-react": "^1.14.0",
+    "react": "^19.2.6",
+    "react-dom": "^19.2.6",
+    "react-i18next": "^17.0.7",
+    "react-router-dom": "^7.15.0",
+    "zod": "^4.4.3"
  },
  "devDependencies": {
-    "@biomejs/biome": "^2.4.10",
+    "@biomejs/biome": "^2.4.15",
    "@playwright/test": "^1.59.1",
    "@testing-library/jest-dom": "^6.9.1",
    "@testing-library/react": "^16.3.2",
    "@testing-library/user-event": "^14.6.1",
-    "@types/node": "^25.5.2",
+    "@types/node": "^25.6.2",
    "@types/react": "^19.2.14",
    "@types/react-dom": "^19.2.3",
    "@types/react-router-dom": "^5.3.3",
    "@vitejs/plugin-react": "^6.0.1",
-    "@vitest/coverage-v8": "^4.1.2",
-    "jsdom": "^29.0.1",
-    "typescript": "^6.0.2",
-    "vite": "^8.0.5",
+    "@vitest/coverage-v8": "^4.1.5",
+    "jsdom": "^29.1.1",
+    "typescript": "^6.0.3",
+    "vite": "^8.0.12",
    "vitest": "^4.1.0"
  }
 }
@@ -506,7 +506,7 @@ function AppContent() {
 			<AboutModal isOpen={showAbout} onClose={closeAbout} />

 			<Routes>
-				<Route path="/" element={<Navigate to="/dashboard" replace />} />
+				<Route path="/" element={<Navigate to={{ pathname: "/dashboard", search: location.search }} replace />} />
 				<Route path="/dashboard" element={<DashboardPage />} />

 				<Route path="/medications" element={<MedicationsPage />} />
@@ -206,6 +206,11 @@ export function MedDetailModal({
 	if (!selectedMed) return null;
 	const isAmountPackage =
 		isTubePackageType(selectedMed.packageType) || isLiquidContainerPackageType(selectedMed.packageType);
+	const getDiscreteUnitLabel = (value: number) => {
+		if (selectedMed.packageType === "inhaler") return value === 1 ? t("common.puff") : t("common.puffs");
+		if (selectedMed.packageType === "injection") return value === 1 ? t("common.injection") : t("common.injections");
+		return value === 1 ? t("common.pill") : t("common.pills");
+	};
 	const amountUnitLabel =
 		isLiquidContainerPackageType(selectedMed.packageType) || selectedMed.medicationForm === "liquid"
 			? t("form.packageAmountUnitMl")
@@ -266,7 +271,7 @@ export function MedDetailModal({
 		if (isTubePackageType(selectedMed.packageType)) {
 			return `${usage} ${t("form.blisters.applications", { count: Math.abs(usage) })}`;
 		}
-		return `${usage} ${usage !== 1 ? t("common.pills") : t("common.pill")}`;
+		return `${usage} ${getDiscreteUnitLabel(usage)}`;
 	};
 	const scheduleIntakes = getMedicationIntakes(selectedMed);
 	const hasAnyIntakeReminder = scheduleIntakes.some((intake) => intake.intakeRemindersEnabled === true);
@@ -694,18 +699,14 @@ export function MedDetailModal({
 										<span>{t("editStock.currentTotal")}:</span>
 										<span>
 											{currentTotal}
-											{isAmountPackage
-												? ` ${stockUnitLabel}`
-												: ` ${currentTotal === 1 ? t("common.pill") : t("common.pills")}`}
+											{isAmountPackage ? ` ${stockUnitLabel}` : ` ${getDiscreteUnitLabel(currentTotal)}`}
 										</span>
 									</div>
 									<div className="summary-row">
 										<span>{t("editStock.newTotal")}:</span>
 										<span>
 											{newTotal}
-											{isAmountPackage
-												? ` ${stockUnitLabel}`
-												: ` ${newTotal === 1 ? t("common.pill") : t("common.pills")}`}
+											{isAmountPackage ? ` ${stockUnitLabel}` : ` ${getDiscreteUnitLabel(newTotal)}`}
 										</span>
 									</div>
 									<div className={`summary-row difference ${differenceClass}`}>
@@ -713,9 +714,7 @@ export function MedDetailModal({
 										<span>
 											{difference > 0 ? "+" : ""}
 											{difference}
-											{isAmountPackage
-												? ` ${stockUnitLabel}`
-												: ` ${Math.abs(difference) === 1 ? t("common.pill") : t("common.pills")}`}
+											{isAmountPackage ? ` ${stockUnitLabel}` : ` ${getDiscreteUnitLabel(Math.abs(difference))}`}
 										</span>
 									</div>
 								</div>
@@ -1105,11 +1104,8 @@ export function MedDetailModal({
 											</span>
 											<span className="refill-amount">
 												{(() => {
-													const total = isAmountBasedPackageType(selectedMed.packageType)
-														? entry.loosePillsAdded
-														: entry.packsAdded * selectedMed.blistersPerPack * selectedMed.pillsPerBlister +
-															entry.loosePillsAdded;
-													return `+${total}${isAmountPackage ? ` ${stockUnitLabel}` : ` ${total === 1 ? t("common.pill") : t("common.pills")}`}`;
+													const total = entry.quantityAdded;
+													return `+${total}${isAmountPackage ? ` ${stockUnitLabel}` : ` ${getDiscreteUnitLabel(total)}`}`;
 												})()}
 												{entry.usedPrescription && (
 													<span className="refill-prescription-badge" title={t("refill.viaPrescription")}>
@@ -1315,9 +1311,7 @@ export function MedDetailModal({
 									return totalRefill > 0 ? (
 										<span className="refill-preview">
 											+{totalRefill}
-											{isAmountPackage
-												? ` ${stockUnitLabel}`
-												: ` ${totalRefill === 1 ? t("common.pill") : t("common.pills")}`}
+											{isAmountPackage ? ` ${stockUnitLabel}` : ` ${getDiscreteUnitLabel(totalRefill)}`}
 										</span>
 									) : null;
 								})()}
@@ -79,6 +79,10 @@ function getPackageContainerTranslationKey(packageType: MedicationEnrichmentPack
 			return "form.enrichment.packageContainers.blister";
 		case "bottle":
 			return "form.enrichment.packageContainers.bottle";
+		case "inhaler":
+			return "form.enrichment.packageContainers.inhaler";
+		case "injection":
+			return "form.enrichment.packageContainers.injection";
 		case "liquid_container":
 			return "form.enrichment.packageContainers.liquidContainer";
 		case "tube":
@@ -24,7 +24,9 @@ import {
 	allowsPillFormSelection,
 	DOSE_UNITS,
 	isAmountBasedPackageType,
+	isDiscreteCountPackageType,
 	isLiquidContainerPackageType,
+	isPackageAmountPackageType,
 	isTubePackageType,
 	PACKAGE_PROFILES,
 } from "../types";
@@ -193,6 +195,15 @@ export function MobileEditModal({
 		return form.pillForm === "tablet";
 	}, [form.packageType, form.medicationForm, form.pillForm]);

+	const getDiscreteUnitLabel = useCallback(
+		(count: number) => {
+			if (form.packageType === "inhaler") return count === 1 ? t("common.puff") : t("common.puffs");
+			if (form.packageType === "injection") return count === 1 ? t("common.injection") : t("common.injections");
+			return count === 1 ? t("common.pill") : t("common.pills");
+		},
+		[form.packageType, t]
+	);
+
 	const getUsageLabel = useCallback(
 		(intake: (typeof form.intakes)[number]) => {
 			if (isLiquidContainerPackageType(form.packageType)) {
@@ -203,16 +214,29 @@ export function MobileEditModal({
 			if (isTubePackageType(form.packageType)) {
 				return form.medicationForm === "liquid" ? t("form.blisters.usageMl") : t("form.blisters.usageApplication");
 			}
+			if (form.packageType === "inhaler") return t("common.puffs");
+			if (form.packageType === "injection") return t("common.injections");
 			if (form.pillForm === "capsule") return t("form.blisters.usageCapsules");
 			return t("form.blisters.usageTablets");
 		},
 		[form.packageType, form.medicationForm, form.pillForm, t]
 	);

-	const usesAmountLabels = isTubePackageType(form.packageType) || isLiquidContainerPackageType(form.packageType);
+	const usesAmountLabels = isPackageAmountPackageType(form.packageType);
+	const usesCountLabels = isDiscreteCountPackageType(form.packageType) && form.packageType !== "bottle";
 	const totalCapacityLabel = usesAmountLabels ? t("form.totalAmount") : t("form.totalCapacity");
-	const currentStockLabel = usesAmountLabels ? t("form.currentAmount") : t("form.currentPills");
-	const totalLabel = usesAmountLabels ? t("form.totalAmountLabel") : t("form.total");
+	let currentStockLabel = t("form.currentPills");
+	if (usesAmountLabels) {
+		currentStockLabel = t("form.currentAmount");
+	} else if (usesCountLabels) {
+		currentStockLabel = t("form.currentStockCount");
+	}
+	let totalLabel = t("form.total");
+	if (usesAmountLabels) {
+		totalLabel = t("form.totalAmountLabel");
+	} else if (usesCountLabels) {
+		totalLabel = t("form.totalCount");
+	}
 	const weekdayOptions = useMemo(
 		() =>
 			WEEKDAY_CODES.map((day) => ({
@@ -816,7 +840,7 @@ export function MobileEditModal({
 												<div className="stock-total-field">
 													<p className="sub">
 														<strong>{totalLabel}:</strong> {deriveTotalFromForm(form)}
-														{` ${deriveTotalFromForm(form) === 1 ? t("common.pill") : t("common.pills")}`}
+														{` ${getDiscreteUnitLabel(deriveTotalFromForm(form))}`}
 													</p>
 												</div>
 											</div>
@@ -6,6 +6,7 @@ import type { Medication } from "../types";
 import {
 	getMedDisplayName,
 	getMedTotal,
+	getStockDisplayCapacity,
 	isAmountBasedPackageType,
 	isLiquidContainerPackageType,
 	isTubePackageType,
@@ -27,10 +28,16 @@ type ReportData = Record<
 	{
 		dosesTaken: number;
 		automaticDosesTaken: number;
-		dosesDismissed: number;
+		dosesSkipped: number;
 		firstDoseAt: string | null;
 		lastDoseAt: string | null;
-		refills: { packsAdded: number; loosePillsAdded: number; usedPrescription: boolean; refillDate: string }[];
+		refills: {
+			packsAdded: number;
+			loosePillsAdded?: number;
+			quantityAdded: number;
+			usedPrescription: boolean;
+			refillDate: string;
+		}[];
 	}
 >;

@@ -121,7 +128,10 @@ export function ReportModal({ isOpen, onClose, medications }: ReportModalProps)
 			const res = await fetch("/api/medications/report-data", {
 				method: "POST",
 				headers: { "Content-Type": "application/json" },
-				body: JSON.stringify({ medicationIds: Array.from(selectedIds) }),
+				body: JSON.stringify({
+					medicationIds: Array.from(selectedIds),
+					takenByFilter: takenByFilter.size > 0 ? Array.from(takenByFilter) : undefined,
+				}),
 				credentials: "include",
 			});
 			if (!res.ok) throw new Error("Failed to fetch report data");
@@ -297,11 +307,17 @@ function getTubeUnitKey(med: Medication): "form.ml" | "blisters.applications" {
 	return med.medicationForm === "liquid" ? "form.ml" : "blisters.applications";
 }

+function getDiscreteUnitText(med: Medication, value: number, t: TFn): string {
+	if (med.packageType === "inhaler") return value === 1 ? t("common.puff") : t("common.puffs");
+	if (med.packageType === "injection") return value === 1 ? t("common.injection") : t("common.injections");
+	return value === 1 ? t("common.pill") : t("common.pills");
+}
+
 function getUsageText(med: Medication, usage: number, t: TFn): string {
 	if (isTubePackageType(med.packageType) || isLiquidContainerPackageType(med.packageType)) {
 		return `${usage} ${t(getTubeUnitKey(med))}`;
 	}
-	return `${usage} ${usage === 1 ? t("common.pill") : t("common.pills")}`;
+	return `${usage} ${getDiscreteUnitText(med, usage, t)}`;
 }

 function getTotalCapacityLabel(med: Medication, t: TFn): string {
@@ -315,12 +331,14 @@ function getCurrentStockText(med: Medication, t: TFn): string {
 	if (isTubePackageType(med.packageType) || isLiquidContainerPackageType(med.packageType)) {
 		return `${getMedTotal(med)} ${t(getTubeUnitKey(med))}`;
 	}
-	return `${getMedTotal(med)} ${t("common.pills")}`;
+	return `${getMedTotal(med)} ${getDiscreteUnitText(med, getMedTotal(med), t)}`;
 }

 function getReportPackageTypeLabel(med: Medication, t: TFn): string {
 	if (isTubePackageType(med.packageType)) return t("report.docTube");
 	if (isLiquidContainerPackageType(med.packageType)) return t("form.packageTypeLiquidContainer");
+	if (med.packageType === "inhaler") return t("form.packageTypeInhaler");
+	if (med.packageType === "injection") return t("form.packageTypeInjection");
 	if (isAmountBasedPackageType(med.packageType)) return t("report.docBottle");
 	return t("report.docBlister");
 }
@@ -374,7 +392,7 @@ function generateTextReport(
 			lines.push(item(t("report.docPillsPerBlister"), String(med.pillsPerBlister)));
 			if (med.looseTablets > 0) lines.push(item(t("report.docLoosePills"), String(med.looseTablets)));
 		} else {
-			lines.push(item(getTotalCapacityLabel(med, t), String(med.totalPills ?? med.looseTablets)));
+			lines.push(item(getTotalCapacityLabel(med, t), String(getStockDisplayCapacity(med))));
 		}
 		lines.push(item(t("report.docCurrentStock"), getCurrentStockText(med, t)));
 		if (!isTubePackageType(med.packageType) && !isLiquidContainerPackageType(med.packageType) && med.pillWeightMg)
@@ -415,12 +433,12 @@ function generateTextReport(
 		const data = reportData[med.id];
 		if (data) {
 			lines.push(h3(t("report.docIntakeHistory")));
-			if (data.dosesTaken > 0 || data.dosesDismissed > 0) {
+			if (data.dosesTaken > 0 || data.dosesSkipped > 0) {
 				lines.push(item(t("report.docDosesTaken"), String(data.dosesTaken)));
 				if (data.automaticDosesTaken > 0) {
 					lines.push(item(`🤖 ${t("report.docDosesTakenAutomatic")}`, String(data.automaticDosesTaken)));
 				}
-				if (data.dosesDismissed > 0) lines.push(item(t("report.docDosesDismissed"), String(data.dosesDismissed)));
+				if (data.dosesSkipped > 0) lines.push(item(t("report.docDosesSkipped"), String(data.dosesSkipped)));
 				if (data.firstDoseAt) lines.push(item(t("report.docFirstDose"), formatDate(data.firstDoseAt)));
 				if (data.lastDoseAt) lines.push(item(t("report.docLastDose"), formatDate(data.lastDoseAt)));
 			} else {
@@ -432,7 +450,11 @@ function generateTextReport(
 			if (data.refills.length > 0) {
 				lines.push(h3(t("report.docRefillHistory")));
 				for (const r of data.refills) {
-					let entry = `${formatDate(r.refillDate)}: +${r.packsAdded} ${t("report.docPacks")}, +${r.loosePillsAdded} ${isTubePackageType(med.packageType) || isLiquidContainerPackageType(med.packageType) ? t(getTubeUnitKey(med)) : t("common.pills")}`;
+					let entry = `${formatDate(r.refillDate)}: +${r.packsAdded} ${t("report.docPacks")}, +${r.quantityAdded} ${
+						isTubePackageType(med.packageType) || isLiquidContainerPackageType(med.packageType)
+							? t(getTubeUnitKey(med))
+							: getDiscreteUnitText(med, r.quantityAdded, t)
+					}`;
 					if (r.usedPrescription) entry += ` ${t("report.docRefillPrescription")}`;
 					lines.push(fmt === "md" ? `- ${entry}` : `  • ${entry}`);
 				}
@@ -572,7 +594,7 @@ function buildPrintHtml(
 			if (med.looseTablets > 0)
 				s += `<tr><td class="label">${escHtml(t("report.docLoosePills"))}</td><td>${med.looseTablets}</td></tr>`;
 		} else {
-			s += `<tr><td class="label">${escHtml(getTotalCapacityLabel(med, t))}</td><td>${med.totalPills ?? med.looseTablets}</td></tr>`;
+			s += `<tr><td class="label">${escHtml(getTotalCapacityLabel(med, t))}</td><td>${getStockDisplayCapacity(med)}</td></tr>`;
 		}
 		s += `<tr><td class="label">${escHtml(t("report.docCurrentStock"))}</td><td>${escHtml(getCurrentStockText(med, t))}</td></tr>`;
 		if (!isTubePackageType(med.packageType) && !isLiquidContainerPackageType(med.packageType) && med.pillWeightMg)
@@ -616,14 +638,14 @@ function buildPrintHtml(
 		// Intake history
 		if (data) {
 			s += `<h3>${escHtml(t("report.docIntakeHistory"))}</h3>`;
-			if (data.dosesTaken > 0 || data.dosesDismissed > 0) {
+			if (data.dosesTaken > 0 || data.dosesSkipped > 0) {
 				s += `<table><tbody>`;
 				s += `<tr><td class="label">${escHtml(t("report.docDosesTaken"))}</td><td>${data.dosesTaken}</td></tr>`;
 				if (data.automaticDosesTaken > 0) {
 					s += `<tr><td class="label">${escHtml(`🤖 ${t("report.docDosesTakenAutomatic")}`)}</td><td>${data.automaticDosesTaken}</td></tr>`;
 				}
-				if (data.dosesDismissed > 0)
-					s += `<tr><td class="label">${escHtml(t("report.docDosesDismissed"))}</td><td>${data.dosesDismissed}</td></tr>`;
+				if (data.dosesSkipped > 0)
+					s += `<tr><td class="label">${escHtml(t("report.docDosesSkipped"))}</td><td>${data.dosesSkipped}</td></tr>`;
 				if (data.firstDoseAt)
 					s += `<tr><td class="label">${escHtml(t("report.docFirstDose"))}</td><td>${formatDate(data.firstDoseAt)}</td></tr>`;
 				if (data.lastDoseAt)
@@ -638,7 +660,11 @@ function buildPrintHtml(
 				s += `<h3>${escHtml(t("report.docRefillHistory"))}</h3>`;
 				s += `<ul>`;
 				for (const r of data.refills) {
-					let entry = `${formatDate(r.refillDate)}: +${r.packsAdded} ${escHtml(t("report.docPacks"))}, +${r.loosePillsAdded} ${escHtml(isTubePackageType(med.packageType) || isLiquidContainerPackageType(med.packageType) ? t(getTubeUnitKey(med)) : t("common.pills"))}`;
+					let entry = `${formatDate(r.refillDate)}: +${r.packsAdded} ${escHtml(t("report.docPacks"))}, +${r.quantityAdded} ${escHtml(
+						isTubePackageType(med.packageType) || isLiquidContainerPackageType(med.packageType)
+							? t(getTubeUnitKey(med))
+							: getDiscreteUnitText(med, r.quantityAdded, t)
+					)}`;
 					if (r.usedPrescription) entry += ` <em>${escHtml(t("report.docRefillPrescription"))}</em>`;
 					s += `<li>${entry}</li>`;
 				}
@@ -39,6 +39,7 @@ export function SharedSchedule() {
 	const [takenDoses, setTakenDoses] = useState<Set<string>>(new Set());
 	const [automaticTakenDoses, setAutomaticTakenDoses] = useState<Set<string>>(new Set());
 	const [dismissedDoses, setDismissedDoses] = useState<Set<string>>(new Set());
+	const mutationInFlightRef = useRef(0);
 	const [lightboxImage, setLightboxImage] = useState<{ url: string; name: string } | null>(null);
 	const [showPastDays, setShowPastDays] = useState(false);
 	const [showFutureDays, setShowFutureDays] = useState(false);
@@ -183,15 +184,23 @@ export function SharedSchedule() {
 	// Separates taken and dismissed doses (like main app's useDoses hook)
 	const loadTakenDoses = useCallback(async () => {
 		if (!token) return;
+		if (mutationInFlightRef.current > 0) return;
 		try {
 			const res = await fetch(`/api/share/${token}/doses`);
 			if (res.ok) {
+				if (mutationInFlightRef.current > 0) return;
+
 				const data = await res.json();
 				const taken = new Set<string>();
 				const automatic = new Set<string>();
 				const dismissed = new Set<string>();
-				for (const d of data.doses as Array<{ doseId: string; dismissed?: boolean; takenSource?: string }>) {
-					if (d.dismissed) {
+				for (const d of data.doses as Array<{
+					doseId: string;
+					dismissed?: boolean;
+					skipped?: boolean;
+					takenSource?: string;
+				}>) {
+					if (d.skipped === true || d.dismissed === true) {
 						dismissed.add(d.doseId);
 					} else {
 						taken.add(d.doseId);
@@ -203,15 +212,9 @@ export function SharedSchedule() {
 				setTakenDoses(taken);
 				setAutomaticTakenDoses(automatic);
 				setDismissedDoses(dismissed);
-			} else {
-				setTakenDoses(new Set());
-				setAutomaticTakenDoses(new Set());
-				setDismissedDoses(new Set());
 			}
 		} catch {
-			setTakenDoses(new Set());
-			setAutomaticTakenDoses(new Set());
-			setDismissedDoses(new Set());
+			// Keep the current optimistic/shared state on transient read errors.
 		}
 	}, [token]);

@@ -232,12 +235,22 @@ export function SharedSchedule() {
 	}

 	async function markDoseTaken(doseId: string) {
+		const wasTaken = takenDoses.has(doseId);
+		const wasSkipped = dismissedDoses.has(doseId);
+		const wasAutomatic = automaticTakenDoses.has(doseId);
+
 		// Optimistic update
+		mutationInFlightRef.current++;
 		setTakenDoses((prev) => {
 			const next = new Set(prev);
 			next.add(doseId);
 			return next;
 		});
+		setDismissedDoses((prev) => {
+			const next = new Set(prev);
+			next.delete(doseId);
+			return next;
+		});
 		setAutomaticTakenDoses((prev) => {
 			const next = new Set(prev);
 			next.delete(doseId);
@@ -266,16 +279,104 @@ export function SharedSchedule() {
 			// Revert on error
 			setTakenDoses((prev) => {
 				const next = new Set(prev);
-				next.delete(doseId);
+				if (wasTaken) {
+					next.add(doseId);
+				} else {
+					next.delete(doseId);
+				}
+				return next;
+			});
+			setDismissedDoses((prev) => {
+				const next = new Set(prev);
+				if (wasSkipped) {
+					next.add(doseId);
+				} else {
+					next.delete(doseId);
+				}
+				return next;
+			});
+			setAutomaticTakenDoses((prev) => {
+				const next = new Set(prev);
+				if (wasAutomatic) {
+					next.add(doseId);
+				}
 				return next;
 			});
 		} finally {
+			mutationInFlightRef.current--;
+			loadTakenDoses();
+		}
+	}
+
+	async function markDoseSkipped(doseId: string) {
+		if (takenDoses.has(doseId)) {
+			return;
+		}
+
+		const wasTaken = takenDoses.has(doseId);
+		const wasSkipped = dismissedDoses.has(doseId);
+		const wasAutomatic = automaticTakenDoses.has(doseId);
+
+		mutationInFlightRef.current++;
+		setDismissedDoses((prev) => {
+			const next = new Set(prev);
+			next.add(doseId);
+			return next;
+		});
+		setTakenDoses((prev) => {
+			const next = new Set(prev);
+			next.delete(doseId);
+			return next;
+		});
+		setAutomaticTakenDoses((prev) => {
+			const next = new Set(prev);
+			next.delete(doseId);
+			return next;
+		});
+
+		try {
+			const response = await fetch(`/api/share/${token}/doses/skip`, {
+				method: "POST",
+				headers: { "Content-Type": "application/json" },
+				body: JSON.stringify({ doseId }),
+			});
+			if (!response.ok) {
+				throw new Error("Failed to mark shared dose as skipped");
+			}
+		} catch {
+			setDismissedDoses((prev) => {
+				const next = new Set(prev);
+				if (wasSkipped) {
+					next.add(doseId);
+				} else {
+					next.delete(doseId);
+				}
+				return next;
+			});
+			setTakenDoses((prev) => {
+				const next = new Set(prev);
+				if (wasTaken) {
+					next.add(doseId);
+				}
+				return next;
+			});
+			setAutomaticTakenDoses((prev) => {
+				const next = new Set(prev);
+				if (wasAutomatic) {
+					next.add(doseId);
+				}
+				return next;
+			});
+		} finally {
+			mutationInFlightRef.current--;
 			loadTakenDoses();
 		}
 	}

 	async function undoDoseTaken(doseId: string) {
+		const wasAutomatic = automaticTakenDoses.has(doseId);
 		// Optimistic update
+		mutationInFlightRef.current++;
 		setTakenDoses((prev) => {
 			const next = new Set(prev);
 			next.delete(doseId);
@@ -299,9 +400,100 @@ export function SharedSchedule() {
 				next.add(doseId);
 				return next;
 			});
+			setAutomaticTakenDoses((prev) => {
+				const next = new Set(prev);
+				if (wasAutomatic) {
+					next.add(doseId);
+				}
+				return next;
+			});
+		} finally {
+			mutationInFlightRef.current--;
+			loadTakenDoses();
 		}
 	}

+	async function undoDoseSkipped(doseId: string) {
+		const wasSkipped = dismissedDoses.has(doseId);
+
+		mutationInFlightRef.current++;
+		setDismissedDoses((prev) => {
+			const next = new Set(prev);
+			next.delete(doseId);
+			return next;
+		});
+
+		try {
+			await fetch(`/api/share/${token}/doses/skip/${encodeURIComponent(doseId)}`, {
+				method: "DELETE",
+			});
+		} catch {
+			setDismissedDoses((prev) => {
+				const next = new Set(prev);
+				if (wasSkipped) {
+					next.add(doseId);
+				}
+				return next;
+			});
+		} finally {
+			mutationInFlightRef.current--;
+			loadTakenDoses();
+		}
+	}
+
+	const renderDoseActionButtons = (options: {
+		doseId: string;
+		isTaken: boolean;
+		isSkipped: boolean;
+		isAutomaticallyTaken: boolean;
+		isEmpty: boolean;
+	}) => {
+		const takeButton = options.isTaken ? (
+			<button className="dose-btn undo take" onClick={() => undoDoseTaken(options.doseId)} title={t("common.undo")}>
+				{options.isAutomaticallyTaken && (
+					<span className="info-tooltip" data-tooltip={t("tooltips.automaticTaken")}>
+						🤖
+					</span>
+				)}
+				<span className="dose-btn-label">{t("common.undo")}</span>
+				<span aria-hidden="true">↩</span>
+			</button>
+		) : (
+			<button
+				className={`dose-btn take${options.isEmpty ? " out-of-stock" : ""}`}
+				onClick={() => markDoseTaken(options.doseId)}
+				disabled={options.isEmpty}
+				title={options.isEmpty ? t("common.outOfStockTakeBlocked") : t("dose.markAsTaken")}
+			>
+				<span className="dose-btn-label">{t("dose.take")}</span>
+				<span aria-hidden="true">{options.isEmpty ? "⊘" : "✓"}</span>
+			</button>
+		);
+
+		const skipButton = options.isSkipped ? (
+			<button className="dose-btn undo skip" onClick={() => undoDoseSkipped(options.doseId)} title={t("common.undo")}>
+				<span className="dose-btn-label">{t("dose.undoSkip")}</span>
+				<span aria-hidden="true">↩</span>
+			</button>
+		) : (
+			<button
+				className="dose-btn skip"
+				onClick={() => markDoseSkipped(options.doseId)}
+				title={t("dose.markAsSkipped")}
+				disabled={options.isTaken}
+			>
+				<span className="dose-btn-label">{t("dose.skip")}</span>
+			</button>
+		);
+
+		return (
+			<>
+				{takeButton}
+				{skipButton}
+			</>
+		);
+	};
+
 	const isDoseTakenAutomatically = (doseId: string) => automaticTakenDoses.has(doseId);

 	useEffect(() => {
@@ -934,6 +1126,7 @@ export function SharedSchedule() {
 																		const isTaken = isDoseTakenForDisplay(dose.id);
 																		const isAutomaticallyTaken =
 																			isTaken && isDoseTakenAutomatically(dose.id) && dose.when <= Date.now();
+																		const isSkipped = dismissedDoses.has(dose.id);
 																		const doseClasses = ["dose-item", "past"];
 																		if (isTaken) doseClasses.push("all-taken");
 																		if (isEmpty) doseClasses.push("med-empty");
@@ -948,37 +1141,17 @@ export function SharedSchedule() {
 																					)}
 																				</span>
 																				<div className="dose-checks">
-																					<div className={`dose-person ${isTaken ? "taken" : ""}`}>
+																					<div
+																						className={`dose-person ${isTaken ? "taken" : ""} ${isSkipped ? "skipped" : ""}`}
+																					>
 																						{dose.takenBy && <span className="person-name">{dose.takenBy}</span>}
-																						{isTaken ? (
-																							<button
-																								className="dose-btn undo"
-																								onClick={() => undoDoseTaken(dose.id)}
-																								title={t("common.undo")}
-																							>
-																								{isAutomaticallyTaken && (
-																									<span
-																										className="info-tooltip"
-																										data-tooltip={t("tooltips.automaticTaken")}
-																									>
-																										🤖
-																									</span>
-																								)}
-																								↩
-																							</button>
-																						) : (
-																							<button
-																								className={`dose-btn take${isEmpty ? " out-of-stock" : ""}`}
-																								onClick={() => markDoseTaken(dose.id)}
-																								disabled={isEmpty}
-																								title={
-																									isEmpty ? t("common.outOfStockTakeBlocked") : t("dose.markAsTaken")
-																								}
-																							>
-																								<span className="dose-btn-label">{t("dose.take")}</span>
-																								<span aria-hidden="true">{isEmpty ? "⊘" : "✓"}</span>
-																							</button>
-																						)}
+																						{renderDoseActionButtons({
+																							doseId: dose.id,
+																							isTaken,
+																							isSkipped,
+																							isAutomaticallyTaken,
+																							isEmpty,
+																						})}
 																					</div>
 																				</div>
 																			</div>
@@ -1149,7 +1322,8 @@ export function SharedSchedule() {
 																		const isTaken = isDoseTakenForDisplay(dose.id);
 																		const isAutomaticallyTaken =
 																			isTaken && isDoseTakenAutomatically(dose.id) && dose.when <= Date.now();
-																		const isOverdue = dose.when < Date.now() && !isTaken;
+																		const isSkipped = dismissedDoses.has(dose.id);
+																		const isOverdue = dose.when < Date.now() && !isTaken && !isSkipped && !isEmpty;
 																		const doseClasses = ["dose-item"];
 																		if (isOverdue) doseClasses.push("overdue");
 																		if (isTaken) doseClasses.push("all-taken");
@@ -1166,38 +1340,16 @@ export function SharedSchedule() {
 																				</span>
 																				<div className="dose-checks">
 																					<div
-																						className={`dose-person ${isTaken ? "taken" : ""} ${isOverdue ? "overdue" : ""}`}
+																						className={`dose-person ${isTaken ? "taken" : ""} ${isSkipped ? "skipped" : ""} ${isOverdue ? "overdue" : ""}`}
 																					>
 																						{dose.takenBy && <span className="person-name">{dose.takenBy}</span>}
-																						{isTaken ? (
-																							<button
-																								className="dose-btn undo"
-																								onClick={() => undoDoseTaken(dose.id)}
-																								title={t("common.undo")}
-																							>
-																								{isAutomaticallyTaken && (
-																									<span
-																										className="info-tooltip"
-																										data-tooltip={t("tooltips.automaticTaken")}
-																									>
-																										🤖
-																									</span>
-																								)}
-																								↩
-																							</button>
-																						) : (
-																							<button
-																								className={`dose-btn take${isEmpty ? " out-of-stock" : ""}`}
-																								onClick={() => markDoseTaken(dose.id)}
-																								title={
-																									isEmpty ? t("common.outOfStockTakeBlocked") : t("dose.markAsTaken")
-																								}
-																								disabled={isEmpty}
-																							>
-																								<span className="dose-btn-label">{t("dose.take")}</span>
-																								<span aria-hidden="true">{isEmpty ? "⊘" : "✓"}</span>
-																							</button>
-																						)}
+																						{renderDoseActionButtons({
+																							doseId: dose.id,
+																							isTaken,
+																							isSkipped,
+																							isAutomaticallyTaken,
+																							isEmpty,
+																						})}
 																					</div>
 																				</div>
 																			</div>
@@ -1351,6 +1503,7 @@ export function SharedSchedule() {
 																		const isTaken = isDoseTakenForDisplay(dose.id);
 																		const isAutomaticallyTaken =
 																			isTaken && isDoseTakenAutomatically(dose.id) && dose.when <= Date.now();
+																		const isSkipped = dismissedDoses.has(dose.id);
 																		const doseClasses = ["dose-item", "future"];
 																		if (isTaken) doseClasses.push("all-taken");
 																		if (isEmpty) doseClasses.push("med-empty");
@@ -1365,37 +1518,17 @@ export function SharedSchedule() {
 																					)}
 																				</span>
 																				<div className="dose-checks">
-																					<div className={`dose-person ${isTaken ? "taken" : ""}`}>
+																					<div
+																						className={`dose-person ${isTaken ? "taken" : ""} ${isSkipped ? "skipped" : ""}`}
+																					>
 																						{dose.takenBy && <span className="person-name">{dose.takenBy}</span>}
-																						{isTaken ? (
-																							<button
-																								className="dose-btn undo"
-																								onClick={() => undoDoseTaken(dose.id)}
-																								title={t("common.undo")}
-																							>
-																								{isAutomaticallyTaken && (
-																									<span
-																										className="info-tooltip"
-																										data-tooltip={t("tooltips.automaticTaken")}
-																									>
-																										🤖
-																									</span>
-																								)}
-																								↩
-																							</button>
-																						) : (
-																							<button
-																								className={`dose-btn take${isEmpty ? " out-of-stock" : ""}`}
-																								onClick={() => markDoseTaken(dose.id)}
-																								title={
-																									isEmpty ? t("common.outOfStockTakeBlocked") : t("dose.markAsTaken")
-																								}
-																								disabled={true}
-																							>
-																								<span className="dose-btn-label">{t("dose.take")}</span>
-																								<span aria-hidden="true">{isEmpty ? "⊘" : "✓"}</span>
-																							</button>
-																						)}
+																						{renderDoseActionButtons({
+																							doseId: dose.id,
+																							isTaken,
+																							isSkipped,
+																							isAutomaticallyTaken,
+																							isEmpty: true,
+																						})}
 																					</div>
 																				</div>
 																			</div>
@@ -42,6 +42,12 @@ export function UserFilterModal({
 		);
 	};

+	const getDiscreteUnitLabel = (med: Medication, count: number): string => {
+		if (med.packageType === "inhaler") return count === 1 ? t("common.puff") : t("common.puffs");
+		if (med.packageType === "injection") return count === 1 ? t("common.injection") : t("common.injections");
+		return count === 1 ? t("common.pill") : t("common.pills");
+	};
+
 	const formatIntakeUsageLabel = (med: Medication, usage: number, intakeUnit?: IntakeUnit | null): string => {
 		if (isLiquidMedication(med)) {
 			return `${formatNumber(usage)} ${getLiquidCountUnitLabel(intakeUnit, usage, t)}`;
@@ -49,7 +55,7 @@ export function UserFilterModal({
 		if (isTubePackageType(med.packageType)) {
 			return `${formatNumber(usage)} ${t("form.blisters.applications", { count: usage })}`;
 		}
-		return `${formatNumber(usage)} ${usage !== 1 ? t("common.pills") : t("common.pill")}`;
+		return `${formatNumber(usage)} ${getDiscreteUnitLabel(med, usage)}`;
 	};

 	const formatStockSummaryLabel = (med: Medication, currentStock: number, packageSize: number): string => {
@@ -59,7 +65,7 @@ export function UserFilterModal({
 		if (isTubePackageType(med.packageType)) {
 			return `${formatNumber(currentStock)}/${formatNumber(packageSize)} ${t("form.packageAmountUnitG")}`;
 		}
-		return `${formatNumber(currentStock)}/${formatNumber(packageSize)} ${packageSize === 1 ? t("common.pill") : t("common.pills")}`;
+		return `${formatNumber(currentStock)}/${formatNumber(packageSize)} ${getDiscreteUnitLabel(med, packageSize)}`;
 	};

 	useEscapeKey(!!selectedUser, onClose);
@@ -50,7 +50,6 @@ export function MedicationListSection({
 	const renderImageAvatar = (med: Medication) => (
 		<span
 			className={med.imageUrl ? "med-avatar-clickable" : undefined}
-			onClick={() => med.imageUrl && onImagePreview(med)}
 			onKeyDown={(e) => {
 				if ((e.key === "Enter" || e.key === " ") && med.imageUrl) {
 					onImagePreview(med);
@@ -146,8 +145,7 @@ export function MedicationListSection({
 													</>
 												) : (
 													<span>
-														{t("medications.details.totalCapacity")}:{" "}
-														<strong>{med.totalPills ?? med.looseTablets}</strong>
+														{t("medications.details.totalCapacity")}: <strong>{stockDisplayCapacity}</strong>
 													</span>
 												)}
 											</div>
@@ -11,7 +11,7 @@ import {
 	type ScheduleEvent,
 	type StockThresholds,
 } from "../types";
-import { getSystemLocale } from "../utils/formatters";
+import { getSystemLocale, setDefaultFormattingTimezone } from "../utils/formatters";
 import { log } from "../utils/logger";
 import { buildSchedulePreview, calculateCoverage, computeMissedPastDoseIds, getStockStatus } from "../utils/schedule";
 import { ShareContextProvider } from "./ShareContext";
@@ -77,12 +77,15 @@ export interface AppContextValue {
 	// From useDoses
 	takenDoses: Set<string>;
 	setTakenDoses: React.Dispatch<React.SetStateAction<Set<string>>>;
+	skippedDoses: Set<string>;
 	dismissedDoses: Set<string>;
 	getDoseId: (baseDoseId: string, person: string | null) => string;
 	isDoseTakenAutomatically: (doseId: string) => boolean;
 	countTakenDoses: (doses: Array<{ id: string; takenBy: string[] }>) => { total: number; taken: number };
 	markDoseTaken: (doseId: string) => Promise<void>;
+	markDoseSkipped: (doseId: string) => Promise<void>;
 	undoDoseTaken: (doseId: string) => Promise<void>;
+	undoDoseSkipped: (doseId: string) => Promise<void>;

 	// From useCollapsedDays
 	manuallyCollapsedDays: Set<string>;
@@ -299,6 +302,10 @@ export function AppProvider({ children }: { children: React.ReactNode }) {
 		shares: number;
 	} | null>(null);

+	useEffect(() => {
+		setDefaultFormattingTimezone(settingsHook.settings.timezone || settingsHook.settings.serverTimezone || null);
+	}, [settingsHook.settings.timezone, settingsHook.settings.serverTimezone]);
+
 	// Load user-specific scheduleDays when user changes
 	useEffect(() => {
 		if (typeof window !== "undefined" && user?.id) {
@@ -848,12 +855,15 @@ export function AppProvider({ children }: { children: React.ReactNode }) {
 			// From useDoses
 			takenDoses: doses.takenDoses,
 			setTakenDoses: doses.setTakenDoses,
+			skippedDoses: doses.skippedDoses,
 			dismissedDoses: doses.dismissedDoses,
 			getDoseId: doses.getDoseId,
 			isDoseTakenAutomatically: doses.isDoseTakenAutomatically,
 			countTakenDoses: doses.countTakenDoses,
 			markDoseTaken: doses.markDoseTaken,
+			markDoseSkipped: doses.markDoseSkipped,
 			undoDoseTaken: doses.undoDoseTaken,
+			undoDoseSkipped: doses.undoDoseSkipped,

 			// From useCollapsedDays
 			manuallyCollapsedDays: collapsed.manuallyCollapsedDays,
@@ -1,5 +1,5 @@
 import type { IntakeUnit } from "../../types";
-import { allowsPillFormSelection, isLiquidContainerPackageType, isTubePackageType } from "../../types";
+import { isLiquidContainerPackageType, isTubePackageType } from "../../types";
 import { formatNumber } from "../../utils/formatters";
 import { convertLiquidUsageToMl, getLiquidCountUnitLabel } from "../../utils/intake-units";

@@ -27,6 +27,12 @@ function getTubeUnitLabel(med: MedicationLike, value: number, t: Translate): str
 	return t("form.blisters.applications", { count: Math.abs(value) });
 }

+function getDiscreteUnitLabel(med: MedicationLike, value: number, t: Translate): string {
+	if (med?.packageType === "inhaler") return value === 1 ? t("common.puff") : t("common.puffs");
+	if (med?.packageType === "injection") return value === 1 ? t("common.injection") : t("common.injections");
+	return value === 1 ? t("common.pill") : t("common.pills");
+}
+
 export function formatScheduleDoseUsageLabel(
 	med: MedicationLike,
 	usage: number,
@@ -41,7 +47,7 @@ export function formatScheduleDoseUsageLabel(
 		return `${usage} ${getTubeUnitLabel(med, usage, t)}`;
 	}

-	return `${usage} ${usage !== 1 ? t("common.pills") : t("common.pill")}`;
+	return `${usage} ${getDiscreteUnitLabel(med, usage, t)}`;
 }

 export function formatScheduleTotalUsageLabel(
@@ -77,9 +83,5 @@ export function formatScheduleTotalUsageLabel(
 		return `${total} ${getTubeUnitLabel(med, total, t)}`;
 	}

-	if (allowsPillFormSelection(med?.packageType)) {
-		return t("common.pillsTotal", { count: total });
-	}
-
-	return t("common.pillsTotal", { count: total });
+	return `${total} ${getDiscreteUnitLabel(med, total, t)}`;
 }
@@ -10,13 +10,16 @@ export interface UseDosesReturn {
 	setTakenDoses: React.Dispatch<React.SetStateAction<Set<string>>>;
 	takenDoseTimestamps: Map<string, number>;
 	takenDoseSources: Map<string, "manual" | "automatic">;
+	skippedDoses: Set<string>;
 	dismissedDoses: Set<string>;
 	clearDosesState: () => void;
 	getDoseId: (baseDoseId: string, person: string | null) => string;
 	isDoseTakenAutomatically: (doseId: string) => boolean;
 	countTakenDoses: (doses: Array<{ id: string; takenBy: string[] }>) => { total: number; taken: number };
 	markDoseTaken: (doseId: string) => Promise<void>;
+	markDoseSkipped: (doseId: string) => Promise<void>;
 	undoDoseTaken: (doseId: string) => Promise<void>;
+	undoDoseSkipped: (doseId: string) => Promise<void>;
 	loadTakenDoses: () => Promise<void>;
 }

@@ -56,7 +59,7 @@ export function useDoses(): UseDosesReturn {
 				const sources = new Map<string, "manual" | "automatic">();
 				const dismissed = new Set<string>();
 				for (const d of data.doses) {
-					if (d.dismissed) {
+					if (d.skipped === true || d.dismissed === true) {
 						dismissed.add(d.doseId);
 					} else {
 						taken.add(d.doseId);
@@ -127,6 +130,15 @@ export function useDoses(): UseDosesReturn {

 	const markDoseTaken = useCallback(
 		async (doseId: string) => {
+			if (dismissedDoses.has(doseId)) {
+				return;
+			}
+
+			const wasTaken = takenDoses.has(doseId);
+			const wasSkipped = dismissedDoses.has(doseId);
+			const previousTimestamp = takenDoseTimestamps.get(doseId);
+			const previousSource = takenDoseSources.get(doseId);
+
 			// Optimistic update
 			mutationInFlightRef.current++;
 			setTakenDoses((prev) => {
@@ -134,6 +146,11 @@ export function useDoses(): UseDosesReturn {
 				next.add(doseId);
 				return next;
 			});
+			setDismissedDoses((prev) => {
+				const next = new Set(prev);
+				next.delete(doseId);
+				return next;
+			});
 			setTakenDoseTimestamps((prev) => {
 				const next = new Map(prev);
 				next.set(doseId, Date.now());
@@ -163,17 +180,38 @@ export function useDoses(): UseDosesReturn {
 				// Revert on error
 				setTakenDoses((prev) => {
 					const next = new Set(prev);
-					next.delete(doseId);
+					if (wasTaken) {
+						next.add(doseId);
+					} else {
+						next.delete(doseId);
+					}
+					return next;
+				});
+				setDismissedDoses((prev) => {
+					const next = new Set(prev);
+					if (wasSkipped) {
+						next.add(doseId);
+					} else {
+						next.delete(doseId);
+					}
 					return next;
 				});
 				setTakenDoseTimestamps((prev) => {
 					const next = new Map(prev);
-					next.delete(doseId);
+					if (wasTaken && typeof previousTimestamp === "number") {
+						next.set(doseId, previousTimestamp);
+					} else {
+						next.delete(doseId);
+					}
 					return next;
 				});
 				setTakenDoseSources((prev) => {
 					const next = new Map(prev);
-					next.delete(doseId);
+					if (wasTaken && previousSource) {
+						next.set(doseId, previousSource);
+					} else {
+						next.delete(doseId);
+					}
 					return next;
 				});
 			} finally {
@@ -182,11 +220,96 @@ export function useDoses(): UseDosesReturn {
 				loadTakenDoses();
 			}
 		},
-		[getErrorCode, loadTakenDoses, t]
+		[dismissedDoses, getErrorCode, loadTakenDoses, t, takenDoseSources, takenDoseTimestamps, takenDoses]
+	);
+
+	const markDoseSkipped = useCallback(
+		async (doseId: string) => {
+			if (takenDoses.has(doseId)) {
+				return;
+			}
+
+			const wasTaken = takenDoses.has(doseId);
+			const wasSkipped = dismissedDoses.has(doseId);
+			const previousTimestamp = takenDoseTimestamps.get(doseId);
+			const previousSource = takenDoseSources.get(doseId);
+
+			mutationInFlightRef.current++;
+			setDismissedDoses((prev) => {
+				const next = new Set(prev);
+				next.add(doseId);
+				return next;
+			});
+			setTakenDoses((prev) => {
+				const next = new Set(prev);
+				next.delete(doseId);
+				return next;
+			});
+			setTakenDoseTimestamps((prev) => {
+				const next = new Map(prev);
+				next.delete(doseId);
+				return next;
+			});
+			setTakenDoseSources((prev) => {
+				const next = new Map(prev);
+				next.delete(doseId);
+				return next;
+			});
+
+			try {
+				const response = await fetch("/api/doses/skip", {
+					method: "POST",
+					headers: { "Content-Type": "application/json" },
+					credentials: "include",
+					body: JSON.stringify({ doseId }),
+				});
+				if (!response.ok) {
+					throw new Error("Failed to mark dose as skipped");
+				}
+			} catch {
+				setDismissedDoses((prev) => {
+					const next = new Set(prev);
+					if (wasSkipped) {
+						next.add(doseId);
+					} else {
+						next.delete(doseId);
+					}
+					return next;
+				});
+				setTakenDoses((prev) => {
+					const next = new Set(prev);
+					if (wasTaken) {
+						next.add(doseId);
+					}
+					return next;
+				});
+				setTakenDoseTimestamps((prev) => {
+					const next = new Map(prev);
+					if (wasTaken && typeof previousTimestamp === "number") {
+						next.set(doseId, previousTimestamp);
+					}
+					return next;
+				});
+				setTakenDoseSources((prev) => {
+					const next = new Map(prev);
+					if (wasTaken && previousSource) {
+						next.set(doseId, previousSource);
+					}
+					return next;
+				});
+			} finally {
+				mutationInFlightRef.current--;
+				loadTakenDoses();
+			}
+		},
+		[dismissedDoses, loadTakenDoses, takenDoseSources, takenDoseTimestamps, takenDoses]
 	);

 	const undoDoseTaken = useCallback(
 		async (doseId: string) => {
+			const previousTimestamp = takenDoseTimestamps.get(doseId);
+			const previousSource = takenDoseSources.get(doseId);
+
 			// Optimistic update
 			mutationInFlightRef.current++;
 			setTakenDoses((prev) => {
@@ -218,13 +341,59 @@ export function useDoses(): UseDosesReturn {
 					next.add(doseId);
 					return next;
 				});
+				setTakenDoseTimestamps((prev) => {
+					const next = new Map(prev);
+					if (typeof previousTimestamp === "number") {
+						next.set(doseId, previousTimestamp);
+					}
+					return next;
+				});
+				setTakenDoseSources((prev) => {
+					const next = new Map(prev);
+					if (previousSource) {
+						next.set(doseId, previousSource);
+					}
+					return next;
+				});
 			} finally {
 				mutationInFlightRef.current--;
 				// Re-sync with server after mutation completes
 				loadTakenDoses();
 			}
 		},
-		[loadTakenDoses]
+		[loadTakenDoses, takenDoseSources, takenDoseTimestamps]
+	);
+
+	const undoDoseSkipped = useCallback(
+		async (doseId: string) => {
+			const wasSkipped = dismissedDoses.has(doseId);
+
+			mutationInFlightRef.current++;
+			setDismissedDoses((prev) => {
+				const next = new Set(prev);
+				next.delete(doseId);
+				return next;
+			});
+
+			try {
+				await fetch(`/api/doses/skip/${encodeURIComponent(doseId)}`, {
+					method: "DELETE",
+					credentials: "include",
+				});
+			} catch {
+				setDismissedDoses((prev) => {
+					const next = new Set(prev);
+					if (wasSkipped) {
+						next.add(doseId);
+					}
+					return next;
+				});
+			} finally {
+				mutationInFlightRef.current--;
+				loadTakenDoses();
+			}
+		},
+		[dismissedDoses, loadTakenDoses]
 	);

 	return {
@@ -232,13 +401,16 @@ export function useDoses(): UseDosesReturn {
 		setTakenDoses,
 		takenDoseTimestamps,
 		takenDoseSources,
+		skippedDoses: dismissedDoses,
 		dismissedDoses,
 		clearDosesState,
 		getDoseId,
 		isDoseTakenAutomatically,
 		countTakenDoses,
 		markDoseTaken,
+		markDoseSkipped,
 		undoDoseTaken,
+		undoDoseSkipped,
 		loadTakenDoses,
 	};
 }
@@ -4,7 +4,9 @@ import type { FieldErrors, FormBlister, FormIntake, FormState, Medication } from
 import {
 	FIELD_LIMITS,
 	isAmountBasedPackageType,
+	isDiscreteCountPackageType,
 	isLiquidContainerPackageType,
+	isPackageAmountPackageType,
 	isTubePackageType,
 	normalizePackageType,
 } from "../types";
@@ -244,7 +246,7 @@ export function useMedicationForm(): UseMedicationFormReturn {
 		const remainingRefills = Math.min(Math.max(0, med.prescriptionRemainingRefills ?? 0), authorizedRefills);
 		const lowRefillThreshold = Math.min(Math.max(0, med.prescriptionLowRefillThreshold ?? 1), authorizedRefills);
 		const packageType = normalizePackageType(med.packageType);
-		const isTubeOrLiquidPackage = isTubePackageType(packageType) || isLiquidContainerPackageType(packageType);
+		const isTubeOrLiquidPackage = isPackageAmountPackageType(packageType);
 		let normalizedPackCount = String(med.packCount);
 		let normalizedPackageAmountValue = String(med.packageAmountValue ?? 0);

@@ -288,6 +290,15 @@ export function useMedicationForm(): UseMedicationFormReturn {
 		} else if (isLiquidContainerPackageType(packageType)) {
 			normalizedPackageAmountUnit = "ml";
 		}
+		let resolvedDoseUnit = med.doseUnit ?? "mg";
+		if (!med.doseUnit) {
+			if (packageType === "inhaler") {
+				resolvedDoseUnit = "puffs";
+			} else if (packageType === "injection") {
+				resolvedDoseUnit = "injections";
+			}
+		}
+
 		let resolvedTotalPills = bottleTotalPills;
 		if (normalizedDerivedTotal != null) {
 			resolvedTotalPills = String(normalizedDerivedTotal);
@@ -310,7 +321,7 @@ export function useMedicationForm(): UseMedicationFormReturn {
 			totalPills: resolvedTotalPills,
 			looseTablets: normalizedDerivedTotal != null ? String(normalizedDerivedTotal) : String(med.looseTablets),
 			pillWeightMg: med.pillWeightMg ? String(med.pillWeightMg) : "",
-			doseUnit: med.doseUnit ?? "mg",
+			doseUnit: resolvedDoseUnit,
 			medicationStartDate: med.medicationStartDate ?? "",
 			medicationEndDate: med.medicationEndDate ?? "",
 			autoMarkObsoleteAfterEndDate: med.autoMarkObsoleteAfterEndDate ?? true,
@@ -373,9 +384,22 @@ export function useMedicationForm(): UseMedicationFormReturn {
 						next.doseUnit = "ml";
 						next.packageAmountUnit = "ml";
 						next.intakes = next.intakes.map((intake) => ({ ...intake, intakeUnit: intake.intakeUnit || "ml" }));
+					} else if (nextPackageType === "inhaler") {
+						next.medicationForm = "tablet";
+						next.pillForm = "tablet";
+						next.lifecycleCategory = "refill_when_empty";
+						next.doseUnit = "puffs";
+					} else if (nextPackageType === "injection") {
+						next.medicationForm = "tablet";
+						next.pillForm = "tablet";
+						next.lifecycleCategory = "refill_when_empty";
+						next.doseUnit = "injections";
 					} else {
 						next.medicationForm = next.pillForm;
 						next.lifecycleCategory = "refill_when_empty";
+						if (next.doseUnit === "puffs" || next.doseUnit === "injections") {
+							next.doseUnit = "mg";
+						}
 					}
 				}

@@ -399,6 +423,8 @@ export function useMedicationForm(): UseMedicationFormReturn {
 					next.packageAmountUnit = "g";
 				} else if (isLiquidContainerPackageType(next.packageType)) {
 					next.packageAmountUnit = "ml";
+				} else if (isDiscreteCountPackageType(next.packageType)) {
+					next.packageAmountUnit = "ml";
 				}

 				if (key === "pillForm" && value === "capsule") {
@@ -4,7 +4,9 @@ import {
 	getMedTotal,
 	getPackageSize,
 	isAmountBasedPackageType,
+	isDiscreteCountPackageType,
 	isLiquidContainerPackageType,
+	isPackageAmountPackageType,
 	isTubePackageType,
 } from "../types";

@@ -121,7 +123,12 @@ export function useRefill(): UseRefillReturn {
 					method: "POST",
 					headers: { "Content-Type": "application/json" },
 					credentials: "include",
-					body: JSON.stringify({ packsAdded: refillPacks, loosePillsAdded: refillLoose, usePrescription }),
+					body: JSON.stringify({
+						packsAdded: refillPacks,
+						loosePillsAdded: refillLoose,
+						quantityAdded: refillLoose,
+						usePrescription,
+					}),
 				});
 				if (res.ok) {
 					const data = await res.json();
@@ -167,6 +174,8 @@ export function useRefill(): UseRefillReturn {
 				const isTubePackage = isTubePackageType(selectedMed.packageType);
 				const isLiquidPackage = isLiquidContainerPackageType(selectedMed.packageType);
 				const isAmountPackage = isAmountBasedPackageType(selectedMed.packageType);
+				const isPackageAmountPackage = isPackageAmountPackageType(selectedMed.packageType);
+				const isDiscreteCountPackage = isDiscreteCountPackageType(selectedMed.packageType);
 				const liquidAmountPerBottle = Math.max(
 					1,
 					Number.isFinite(Number(selectedMed.packageAmountValue)) && Number(selectedMed.packageAmountValue) > 0
@@ -223,9 +232,9 @@ export function useRefill(): UseRefillReturn {
 				let baseTotal: number;
 				if (isLiquidPackage) {
 					baseTotal = liquidStructuralMax;
-				} else if (selectedMed.packageType === "bottle") {
+				} else if (isDiscreteCountPackage) {
 					baseTotal = selectedMed.looseTablets;
-				} else if (isAmountPackage) {
+				} else if (isPackageAmountPackage) {
 					baseTotal = getPackageSize(selectedMed);
 				} else {
 					baseTotal = structuralMax + finalLoosePills; // blister: base = sealed capacity + NEW loose pills
@@ -248,10 +257,10 @@ export function useRefill(): UseRefillReturn {
 					patchBody.stockAdjustment = 0;
 					patchBody.packCount = 0;
 					patchBody.looseTablets = 0;
-					if (selectedMed.packageType === "bottle" || isAmountPackage) {
+					if (isDiscreteCountPackage || isAmountPackage) {
 						patchBody.totalPills = 0;
 					}
-					if (isTubePackage || isLiquidPackage) {
+					if (isPackageAmountPackage) {
 						patchBody.packageAmountValue = 0;
 					}
 				} else if (isTubePackage) {
@@ -267,6 +276,7 @@ export function useRefill(): UseRefillReturn {
 					// Keep packageAmountValue (ml per bottle) and update capacity base by bottle count.
 					patchBody.packCount = correctedLiquidBottleCount;
 					patchBody.totalPills = liquidStructuralMax;
+					patchBody.looseTablets = liquidStructuralMax;
 				} else if (!isAmountPackage) {
 					patchBody.looseTablets = finalLoosePills;
 				}
@@ -310,6 +320,7 @@ export function useRefill(): UseRefillReturn {
 		if (!selectedMed) return;
 		setEditStockMedication(selectedMed);
 		const isAmountPackage = isAmountBasedPackageType(selectedMed.packageType);
+		const isDiscreteCountPackage = isDiscreteCountPackageType(selectedMed.packageType);
 		// Get current stock from coverage (after consumption)
 		const medCoverage = coverage.all.find((c) => c.name === selectedMed.name);
 		const dbTotal = getMedTotal(selectedMed);
@@ -332,7 +343,7 @@ export function useRefill(): UseRefillReturn {
 		// Pre-fill with current values
 		setEditStockFullBlisters(fullBlisters);
 		setEditStockPartialBlisterPills(partialPills);
-		setEditStockLoosePills(isAmountPackage ? 0 : knownLoose);
+		setEditStockLoosePills(isAmountPackage || isDiscreteCountPackage ? 0 : knownLoose);
 		setShowEditStockModal(true);
 		window.history.pushState({ modal: "editStock" }, "");
 	}, []);
@@ -23,8 +23,11 @@ export function useScheduleController() {
 		futureDays: ctx.futureDays,
 		takenDoses: ctx.takenDoses,
 		dismissedDoses: ctx.dismissedDoses,
+		skippedDoses: ctx.skippedDoses,
 		markDoseTaken: ctx.markDoseTaken,
+		markDoseSkipped: ctx.markDoseSkipped,
 		undoDoseTaken: ctx.undoDoseTaken,
+		undoDoseSkipped: ctx.undoDoseSkipped,
 		manuallyCollapsedDays: ctx.manuallyCollapsedDays,
 		manuallyExpandedDays: ctx.manuallyExpandedDays,
 		toggleDayCollapse: ctx.toggleDayCollapse,
@@ -7,6 +7,9 @@ import { useTranslation } from "react-i18next";
 import { log } from "../utils/logger";

 export interface Settings {
+	timezone: string;
+	availableTimezones: string[];
+	serverTimezone: string;
 	emailEnabled: boolean;
 	notificationEmail: string;
 	reminderDaysBefore: number;
@@ -58,6 +61,9 @@ export interface Settings {
 export type SettingsLoadError = "auth" | "forbidden" | "request" | null;

 const defaultSettings: Settings = {
+	timezone: "",
+	availableTimezones: [],
+	serverTimezone: "UTC",
 	emailEnabled: false,
 	notificationEmail: "",
 	reminderDaysBefore: 7,
@@ -243,6 +249,7 @@ export function useSettings(): UseSettingsReturn {
 			const repeatDailyReminders = hasAnyStockReminder ? settingsToSave.repeatDailyReminders : false;

 			return {
+				timezone: settingsToSave.timezone,
 				emailEnabled: effectiveEmailEnabled,
 				notificationEmail: settingsToSave.notificationEmail,
 				reminderDaysBefore: settingsToSave.reminderDaysBefore,
@@ -110,7 +110,7 @@
    "fullBlisters": "Volle Blister",
    "openBlister": "Offener Blister",
    "stock": "Bestand",
-    "dailyConsumption": "Taeglicher Verbrauch",
+    "dailyConsumption": "Täglicher Verbrauch",
    "stockDetails": "Details",
    "daysLeft": "Tage übrig",
    "status": "Status",
@@ -133,7 +133,7 @@
      "obsoleteTitle": "Obsolet ({{count}})",
      "obsoleteSince": "Beendet",
      "started": "Gestartet",
-      "emptyState": "Noch keine Medikamente. Fuege dein erstes Medikament hinzu."
+      "emptyState": "Noch keine Medikamente. Füge dein erstes Medikament hinzu."
    },
    "details": {
      "packs": "Packungen",
@@ -142,7 +142,7 @@
      "loose": "Lose",
      "total": "Gesamt",
      "stock": "Bestand",
-      "capacityPerPackage": "Kapazitaet pro Packung",
+      "capacityPerPackage": "Kapazität pro Packung",
      "totalCapacity": "Kapazität",
      "type": "Typ"
    },
@@ -174,17 +174,19 @@
    "medicationForm": "Medikationsform",
    "medicationFormCapsule": "Kapsel",
    "medicationFormTablet": "Tablette",
-    "medicationFormLiquid": "Fluessigkeit",
+    "medicationFormLiquid": "Flüssigkeit",
    "medicationFormTopical": "Topisch",
    "pillForm": "Pillenform",
    "lifecycleCategory": "Lebenszyklus",
-    "lifecycleRefillWhenEmpty": "Nachfuellen wenn leer",
+    "lifecycleRefillWhenEmpty": "Nachfüllen wenn leer",
    "lifecycleTreatmentPeriod": "Behandlungszeitraum",
    "packageType": "Verpackungsart",
    "packageTypeBlister": "Blisterpackung",
    "packageTypeBottle": "Pillendose",
    "packageTypeTube": "Tube",
-    "packageTypeLiquidContainer": "Fluessigbehaeltnis",
+    "packageTypeLiquidContainer": "Flüssigbehältnis",
+    "packageTypeInhaler": "Inhalator",
+    "packageTypeInjection": "Injektion",
    "packs": "Packungen",
    "bottles": "Flaschen",
    "tubes": "Tuben",
@@ -192,9 +194,11 @@
    "pillsPerBlister": "Tabletten pro Blister",
    "totalCapacity": "Gesamtkapazität",
    "currentPills": "Aktuelle Tabletten",
+    "currentStockCount": "Aktueller Bestand",
    "totalAmount": "Gesamtmenge",
    "currentAmount": "Aktuelle Menge",
    "totalAmountLabel": "Gesamt (Menge)",
+    "totalCount": "Gesamt (Anzahl)",
    "packageAmount": "Packungsinhalt",
    "packageAmountPerBottle": "Inhalt pro Flasche",
    "packageAmountPerTube": "Inhalt pro Tube",
@@ -261,6 +265,10 @@
        "blister_other": "{{count}} Blisterpackungen",
        "bottle_one": "1 Flasche",
        "bottle_other": "{{count}} Flaschen",
+        "inhaler_one": "1 Inhalator",
+        "inhaler_other": "{{count}} Inhalatoren",
+        "injection_one": "1 Injektionspackung",
+        "injection_other": "{{count}} Injektionspackungen",
        "liquidContainer_one": "1 Flasche",
        "liquidContainer_other": "{{count}} Flaschen",
        "tube_one": "1 Tube",
@@ -317,17 +325,17 @@
      "usageApplication": "Dosis (Anwendungen)",
      "intakeUnit": "Einnahmeeinheit",
      "intakeUnitMl": "Milliliter (ml)",
-      "intakeUnitTsp": "Teeloeffel (5 ml)",
-      "intakeUnitTbsp": "Essloeffel (15 ml)",
+      "intakeUnitTsp": "Teelöffel (5 ml)",
+      "intakeUnitTbsp": "Esslöffel (15 ml)",
      "intakes": "Einnahmen",
      "intakes_one": "Einnahme",
      "intakes_other": "Einnahmen",
-      "teaspoons": "Teeloeffel",
-      "teaspoons_one": "Teeloeffel",
-      "teaspoons_other": "Teeloeffel",
-      "tablespoons": "Essloeffel",
-      "tablespoons_one": "Essloeffel",
-      "tablespoons_other": "Essloeffel",
+      "teaspoons": "Teelöffel",
+      "teaspoons_one": "Teelöffel",
+      "teaspoons_other": "Teelöffel",
+      "tablespoons": "Esslöffel",
+      "tablespoons_one": "Esslöffel",
+      "tablespoons_other": "Esslöffel",
      "applications": "Anwendungen",
      "applications_one": "Anwendung",
      "applications_other": "Anwendungen",
@@ -337,7 +345,7 @@
      "everyDays": "Alle (Tage)",
      "every": "alle",
      "weekdays": "Wochentage",
-      "weekdaysRequired": "Waehle mindestens einen Wochentag aus",
+      "weekdaysRequired": "Wähle mindestens einen Wochentag aus",
      "weekdaysShort": {
        "mon": "Mo",
        "tue": "Di",
@@ -389,6 +397,14 @@
      "title": "Sprache",
      "select": "Sprache auswählen"
    },
+    "timezone": {
+      "select": "Zeitzone",
+      "hint": "IANA-Zeitzone wählen. Wenn gesetzt, überschreibt sie die Server-TZ für deine Reminder-Zeitpunkte.",
+      "useServerDefault": "Server-Standard nutzen",
+      "currentServerTz": "Server-Standardzeitzone: {{timezone}}",
+      "saving": "Zeitzone wird gespeichert...",
+      "saved": "Zeitzone gespeichert"
+    },
    "apiKey": {
      "title": "API-Zugriff",
      "generateTitle": "API-Key erzeugen",
@@ -540,7 +556,11 @@
  "dose": {
    "takenBy": "eingenommen von",
    "markAsTaken": "Als eingenommen markieren",
-    "take": "Nehmen"
+  "take": "Nehmen",
+  "skip": "Überspringen",
+  "markAsSkipped": "Als übersprungen markieren",
+  "undoTake": "Nehmen rückgängig",
+  "undoSkip": "Überspringen rückgängig"
  },
  "auth": {
    "login": "Anmelden",
@@ -624,6 +644,10 @@
    "optional": "optional",
    "pill": "Tablette",
    "pills": "Tabletten",
+    "puff": "Hub",
+    "puffs": "Hübe",
+    "injection": "Injektion",
+    "injections": "Injektionen",
    "of": "von",
    "loose": "lose",
    "none": "Kein",
@@ -776,11 +800,11 @@
    "loosePills": "Lose Tabletten",
    "pillsPerBlister": "(je {{count}} Tabletten)",
    "packageSize": "Packungsgröße: {{count}} Tabletten",
-    "packageSizeAmount": "Packungsgroesse: {{count}} {{unit}}",
+    "packageSizeAmount": "Packungsgröße: {{count}} {{unit}}",
    "packageSizeBreakdown": "{{packCount}} x {{sizePerPack}} Tabletten Packung = {{total}} Tabletten",
    "currentComposition": "Aktueller Bestand: {{fullBlisters}} volle Blister + {{partialPills}} angebrochen + {{loosePills}} lose = {{total}} Tabletten",
    "maxExceeded": "Die maximale Packungsgröße beträgt {{count}} Tabletten. Werte wurden begrenzt.",
-    "maxExceededAmount": "Die maximale Packungsgroesse betraegt {{count}} {{unit}}. Werte wurden begrenzt.",
+    "maxExceededAmount": "Die maximale Packungsgröße beträgt {{count}} {{unit}}. Werte wurden begrenzt.",
    "decreaseValue": "Wert verringern",
    "increaseValue": "Wert erhöhen",
    "currentTotal": "Aktueller Bestand",
@@ -862,7 +886,7 @@
    "docIntakeHistory": "Einnahme-Verlauf",
    "docDosesTaken": "Eingenommene Dosen",
    "docDosesTakenAutomatic": "Automatisch eingenommen",
-    "docDosesDismissed": "Verworfene Dosen",
+    "docDosesSkipped": "Übersprungene Dosen",
    "docFirstDose": "Erste Dosis",
    "docLastDose": "Letzte Dosis",
    "docRefillHistory": "Nachfüll-Verlauf",
@@ -185,6 +185,8 @@
    "packageTypeBottle": "Pill Bottle",
    "packageTypeTube": "Tube",
    "packageTypeLiquidContainer": "Liquid Container",
+    "packageTypeInhaler": "Inhaler",
+    "packageTypeInjection": "Injection",
    "packs": "Packs",
    "bottles": "Bottles",
    "tubes": "Tubes",
@@ -192,9 +194,11 @@
    "pillsPerBlister": "Pills per blister",
    "totalCapacity": "Total Capacity",
    "currentPills": "Current Pills",
+    "currentStockCount": "Current Stock",
    "totalAmount": "Total Amount",
    "currentAmount": "Current Amount",
    "totalAmountLabel": "Total (amount)",
+    "totalCount": "Total (count)",
    "packageAmount": "Package amount",
    "packageAmountPerBottle": "Amount per bottle",
    "packageAmountPerTube": "Amount per tube",
@@ -261,6 +265,10 @@
        "blister_other": "{{count}} blister packs",
        "bottle_one": "1 bottle",
        "bottle_other": "{{count}} bottles",
+        "inhaler_one": "1 inhaler",
+        "inhaler_other": "{{count}} inhalers",
+        "injection_one": "1 injection pack",
+        "injection_other": "{{count}} injection packs",
        "liquidContainer_one": "1 bottle",
        "liquidContainer_other": "{{count}} bottles",
        "tube_one": "1 tube",
@@ -389,6 +397,14 @@
      "title": "Language",
      "select": "Select language"
    },
+    "timezone": {
+      "select": "Timezone",
+      "hint": "Select an IANA timezone. When set, this overrides server TZ for your reminder timing.",
+      "useServerDefault": "Use server default",
+      "currentServerTz": "Server default timezone: {{timezone}}",
+      "saving": "Saving timezone...",
+      "saved": "Timezone saved"
+    },
    "apiKey": {
      "title": "API Access",
      "generateTitle": "Generate API key",
@@ -540,7 +556,11 @@
  "dose": {
    "takenBy": "taken by",
    "markAsTaken": "Mark as taken",
-    "take": "Take"
+  "take": "Take",
+  "skip": "Skip",
+  "markAsSkipped": "Mark as skipped",
+  "undoTake": "Undo take",
+  "undoSkip": "Undo skip"
  },
  "auth": {
    "login": "Login",
@@ -624,6 +644,10 @@
    "optional": "optional",
    "pill": "pill",
    "pills": "pills",
+    "puff": "puff",
+    "puffs": "puffs",
+    "injection": "injection",
+    "injections": "injections",
    "of": "of",
    "loose": "loose",
    "none": "None",
@@ -862,7 +886,7 @@
    "docIntakeHistory": "Intake History",
    "docDosesTaken": "Doses taken",
    "docDosesTakenAutomatic": "Automatically taken",
-    "docDosesDismissed": "Doses dismissed",
+    "docDosesSkipped": "Doses skipped",
    "docFirstDose": "First dose",
    "docLastDose": "Last dose",
    "docRefillHistory": "Refill History",
@@ -1,7 +1,8 @@
 /* biome-ignore-all lint/style/noNestedTernary: timeline rendering uses explicit UI-state branching */
 import { Archive, Bell, ClipboardList, NotebookPen, Share2 } from "lucide-react";
-import { useState } from "react";
+import { useCallback, useEffect, useMemo, useRef, useState } from "react";
 import { useTranslation } from "react-i18next";
+import { useLocation } from "react-router-dom";
 import { ConfirmModal, MedicationAvatar } from "../components";
 import { useAuth } from "../components/Auth";
 import { DashboardReminderSection } from "../components/dashboard/DashboardReminderSection";
@@ -28,9 +29,54 @@ import {
 	userStorageKey,
 } from "./dashboard-helpers";

+function getRouteDateKey(value: Date): string {
+	const year = value.getFullYear();
+	const month = String(value.getMonth() + 1).padStart(2, "0");
+	const day = String(value.getDate()).padStart(2, "0");
+	return `${year}-${month}-${day}`;
+}
+
+function getMedicationIdFromNotificationDoseId(doseId: string | null): string | null {
+	if (!doseId) {
+		return null;
+	}
+
+	const [rawMedicationId] = doseId.split("-");
+	return rawMedicationId?.trim() ? rawMedicationId : null;
+}
+
+function findFocusTargetElement(doseId: string | null, medId: string | null): HTMLElement | null {
+	if (typeof document === "undefined") {
+		return null;
+	}
+
+	if (doseId) {
+		const elements = Array.from(document.querySelectorAll<HTMLElement>("[data-dose-id]"));
+		const doseElement = elements.find((element) => element.dataset.doseId === doseId);
+		if (doseElement) {
+			return doseElement.closest<HTMLElement>("[data-med-id]") ?? doseElement;
+		}
+	}
+
+	if (medId) {
+		const elements = Array.from(document.querySelectorAll<HTMLElement>("[data-med-id]"));
+		return elements.find((element) => element.dataset.medId === medId) ?? null;
+	}
+
+	return null;
+}
+
+function getDosePeople(takenBy: unknown): Array<string | null> {
+	const takenByArray = Array.isArray(takenBy) ? takenBy : [];
+	return takenByArray.length > 0 ? takenByArray : [null];
+}
+
+const EMPTY_DOSE_SET = new Set<string>();
+
 export function DashboardPage() {
 	const { t, i18n } = useTranslation();
 	const { user } = useAuth();
+	const location = useLocation();
 	const {
 		meds,
 		loading,
@@ -49,9 +95,12 @@ export function DashboardPage() {
 		todayDay,
 		futureDays,
 		takenDoses,
+		skippedDoses,
 		dismissedDoses,
 		markDoseTaken,
+		markDoseSkipped,
 		undoDoseTaken,
+		undoDoseSkipped,
 		manuallyCollapsedDays,
 		manuallyExpandedDays,
 		toggleDayCollapse,
@@ -71,8 +120,158 @@ export function DashboardPage() {
 	const [clearingMissed, setClearingMissed] = useState(false);
 	const [showObsoleteConfirm, setShowObsoleteConfirm] = useState(false);
 	const [obsoleteCandidate, setObsoleteCandidate] = useState<{ id: number; name: string } | null>(null);
+	const notificationFocusAppliedRef = useRef<string | null>(null);
+	const effectiveSkippedDoses =
+		skippedDoses instanceof Set ? skippedDoses : dismissedDoses instanceof Set ? dismissedDoses : EMPTY_DOSE_SET;
+	const canManageSkippedDoses = typeof markDoseSkipped === "function" && typeof undoDoseSkipped === "function";

-	const isDoseTakenForDisplay = (doseId: string) => takenDoses.has(doseId);
+	const isDoseTakenForDisplay = useCallback((doseId: string) => takenDoses.has(doseId), [takenDoses]);
+
+	const notificationTarget = useMemo(() => {
+		const params = new URLSearchParams(location.search);
+		const date = params.get("day")?.trim() ?? params.get("date")?.trim() ?? "";
+		const doseId = params.get("dose")?.trim() ?? params.get("doseId")?.trim() ?? "";
+		const medId =
+			params.get("med")?.trim() ?? params.get("medId")?.trim() ?? getMedicationIdFromNotificationDoseId(doseId) ?? "";
+		if (!date && !doseId && !medId) {
+			return null;
+		}
+
+		return {
+			date: date || null,
+			doseId: doseId || null,
+			medId: medId || null,
+			key: `${date}|${doseId}|${medId}`,
+		};
+	}, [location.search]);
+
+	const targetDayState = useMemo(() => {
+		if (!notificationTarget?.date) {
+			return null;
+		}
+
+		const todayDateKey = todayDay ? getRouteDateKey(todayDay.date) : null;
+		if (todayDay && todayDateKey === notificationTarget.date) {
+			const allDoseIds = todayDay.meds.flatMap((item) => expandDoseIds(item.doses));
+			const allDayTaken = allDoseIds.length > 0 && allDoseIds.every((id) => isDoseTakenForDisplay(id));
+			const isAutoCollapsed = allDayTaken;
+			const isManuallyExpanded = manuallyExpandedDays.has(todayDay.dateStr);
+			const isManuallyCollapsed = manuallyCollapsedDays.has(todayDay.dateStr);
+			const isCollapsed = isAutoCollapsed ? !isManuallyExpanded : isManuallyCollapsed;
+			return { day: todayDay, isAutoCollapsed, isCollapsed, section: "today" as const };
+		}
+
+		const pastDay = pastDays.find((day) => getRouteDateKey(day.date) === notificationTarget.date);
+		if (pastDay) {
+			const isAutoCollapsed = true;
+			const isCollapsed = !manuallyExpandedDays.has(pastDay.dateStr);
+			return { day: pastDay, isAutoCollapsed, isCollapsed, section: "past" as const };
+		}
+
+		const futureDay = futureDays.find((day) => getRouteDateKey(day.date) === notificationTarget.date);
+		if (futureDay) {
+			const isAutoCollapsed = true;
+			const isCollapsed = !manuallyExpandedDays.has(futureDay.dateStr);
+			return { day: futureDay, isAutoCollapsed, isCollapsed, section: "future" as const };
+		}
+
+		return null;
+	}, [
+		notificationTarget,
+		todayDay,
+		pastDays,
+		futureDays,
+		manuallyExpandedDays,
+		manuallyCollapsedDays,
+		isDoseTakenForDisplay,
+	]);
+
+	useEffect(() => {
+		if (!notificationTarget || !targetDayState) {
+			return;
+		}
+
+		try {
+			if (targetDayState.section === "past" && !showPastDays) {
+				setShowPastDays(true);
+			}
+
+			if (targetDayState.section === "future" && !showFutureDays) {
+				setShowFutureDays(true);
+			}
+
+			if (targetDayState.isCollapsed) {
+				toggleDayCollapse(targetDayState.day.dateStr, targetDayState.isAutoCollapsed);
+			}
+		} catch {
+			notificationFocusAppliedRef.current = null;
+		}
+	}, [
+		notificationTarget,
+		targetDayState,
+		setShowPastDays,
+		setShowFutureDays,
+		showPastDays,
+		showFutureDays,
+		toggleDayCollapse,
+	]);
+
+	useEffect(() => {
+		if (!notificationTarget) {
+			notificationFocusAppliedRef.current = null;
+			return;
+		}
+
+		if (loading || settingsLoading) {
+			return;
+		}
+
+		if (!targetDayState) {
+			return;
+		}
+
+		if (notificationFocusAppliedRef.current === notificationTarget.key) {
+			return;
+		}
+
+		let correctionTimerId: number | null = null;
+
+		const scrollTargetIntoView = () => {
+			try {
+				const targetElement = findFocusTargetElement(notificationTarget.doseId, notificationTarget.medId);
+
+				if (!targetElement || typeof targetElement.scrollIntoView !== "function") {
+					return false;
+				}
+
+				targetElement.scrollIntoView({ behavior: "smooth", block: "start" });
+				return true;
+			} catch {
+				return false;
+			}
+		};
+
+		const frameId = requestAnimationFrame(() => {
+			if (!scrollTargetIntoView()) {
+				return;
+			}
+
+			correctionTimerId = window.setTimeout(() => {
+				if (!scrollTargetIntoView()) {
+					return;
+				}
+
+				notificationFocusAppliedRef.current = notificationTarget.key;
+			}, 220);
+		});
+
+		return () => {
+			cancelAnimationFrame(frameId);
+			if (correctionTimerId !== null) {
+				window.clearTimeout(correctionTimerId);
+			}
+		};
+	}, [notificationTarget, targetDayState, loading, settingsLoading]);

 	// Get structured reminder data
 	const reminderData = getReminderStatusData(
@@ -153,6 +352,63 @@ export function DashboardPage() {
 		}
 	};

+	const renderDoseActionButtons = (options: {
+		doseId: string;
+		isTaken: boolean;
+		isSkipped: boolean;
+		isAutomaticallyTaken: boolean;
+		isEmpty: boolean;
+	}) => {
+		const takeButton = options.isTaken ? (
+			<button className="dose-btn undo take" onClick={() => undoDoseTaken(options.doseId)} title={t("common.undo")}>
+				{options.isAutomaticallyTaken && (
+					<span className="info-tooltip" data-tooltip={t("tooltips.automaticTaken")}>
+						🤖
+					</span>
+				)}
+				<span className="dose-btn-label">{t("common.undo")}</span>
+				<span aria-hidden="true">↩</span>
+			</button>
+		) : (
+			<button
+				className={`dose-btn take${options.isEmpty ? " out-of-stock" : ""}`}
+				onClick={() => markDoseTaken(options.doseId)}
+				title={options.isEmpty ? t("common.outOfStockTakeBlocked") : t("dose.markAsTaken")}
+				disabled={options.isEmpty || options.isSkipped}
+			>
+				<span className="dose-btn-label">{t("dose.take")}</span>
+				<span aria-hidden="true">{options.isEmpty ? "⊘" : "✓"}</span>
+			</button>
+		);
+
+		if (!canManageSkippedDoses) {
+			return takeButton;
+		}
+
+		const skipButton = options.isSkipped ? (
+			<button className="dose-btn undo skip" onClick={() => undoDoseSkipped(options.doseId)} title={t("common.undo")}>
+				<span className="dose-btn-label">{t("common.undo")}</span>
+				<span aria-hidden="true">↩</span>
+			</button>
+		) : (
+			<button
+				className="dose-btn skip"
+				onClick={() => markDoseSkipped(options.doseId)}
+				title={t("dose.markAsSkipped")}
+				disabled={options.isTaken}
+			>
+				<span className="dose-btn-label">{t("dose.skip")}</span>
+			</button>
+		);
+
+		return (
+			<>
+				{takeButton}
+				{skipButton}
+			</>
+		);
+	};
+
 	const requestMarkObsolete = (med: { id: number; name: string }) => {
 		setObsoleteCandidate(med);
 		setShowObsoleteConfirm(true);
@@ -179,6 +435,12 @@ export function DashboardPage() {
 		setObsoleteCandidate(null);
 	};

+	const getDiscreteUnitLabel = (packageType: string | undefined, count: number) => {
+		if (packageType === "inhaler") return count === 1 ? t("common.puff") : t("common.puffs");
+		if (packageType === "injection") return count === 1 ? t("common.injection") : t("common.injections");
+		return count === 1 ? t("common.pill") : t("common.pills");
+	};
+
 	const getTubeUnitLabel = (med: (typeof meds)[number] | undefined, value: number) =>
 		isLiquidContainerPackageType(med?.packageType) || med?.medicationForm === "liquid"
 			? t("form.packageAmountUnitMl")
@@ -193,7 +455,11 @@ export function DashboardPage() {
 		if (isTubePackageType(med?.packageType)) {
 			return `${formatNumber(medsLeft)} ${getTubeStockUnitLabel()}`;
 		}
-		return t("table.pillsCount", { count: Math.round(medsLeft) });
+		const roundedCount = Math.round(medsLeft);
+		if (med?.packageType !== "inhaler" && med?.packageType !== "injection") {
+			return t("table.pillsCount", { count: roundedCount });
+		}
+		return `${roundedCount} ${getDiscreteUnitLabel(med?.packageType, roundedCount)}`;
 	};

 	const formatLiquidUsageLabel = (usage: number, unit: IntakeUnit | null | undefined): string => {
@@ -221,7 +487,7 @@ export function DashboardPage() {
 		if (isTubePackageType(med?.packageType)) {
 			return `${usage} ${getTubeUnitLabel(med, usage)}`;
 		}
-		return `${usage} ${usage !== 1 ? t("common.pills") : t("common.pill")}`;
+		return `${usage} ${getDiscreteUnitLabel(med?.packageType, usage)}`;
 	};

 	const formatTotalUsageLabel = (
@@ -255,6 +521,9 @@ export function DashboardPage() {
 		if (isTubePackageType(med?.packageType)) {
 			return `${total} ${getTubeUnitLabel(med, total)}`;
 		}
+		if (med?.packageType === "inhaler" || med?.packageType === "injection") {
+			return `${total} ${getDiscreteUnitLabel(med.packageType, total)}`;
+		}
 		return t("common.pillsTotal", { count: total });
 	};

@@ -295,7 +564,7 @@ export function DashboardPage() {
 			return t("table.perDayWithUnit", { value: formatNumber(dailyTotal), unit: tubeUnit });
 		}

-		const pillUnit = dailyTotal === 1 ? t("common.pill") : t("common.pills");
+		const pillUnit = getDiscreteUnitLabel(med.packageType, dailyTotal);
 		return t("table.perDayWithUnit", { value: formatNumber(dailyTotal), unit: pillUnit });
 	};

@@ -708,6 +977,7 @@ export function DashboardPage() {
 										return (
 											<div
 												key={day.dateStr}
+												data-date-key={getRouteDateKey(day.date)}
 												className={`day-block past ${isCollapsed ? "collapsed" : ""} ${allReallyTaken ? "all-taken" : allDoseIds.length > 0 ? "past-missed" : ""}`}
 											>
 												<div
@@ -753,8 +1023,15 @@ export function DashboardPage() {
 														const rowClasses = ["time-row"];
 														if (isEmpty) rowClasses.push("med-empty");
 														else if (isLowStock) rowClasses.push("med-low");
+														if (med?.id != null && notificationTarget?.medId === String(med.id)) {
+															rowClasses.push("notification-focus-target-row");
+														}
 														return (
-															<div key={`${day.dateStr}-${item.medName}`} className={rowClasses.join(" ")}>
+															<div
+																key={`${day.dateStr}-${item.medName}`}
+																className={rowClasses.join(" ")}
+																data-med-id={med?.id != null ? String(med.id) : undefined}
+															>
 																<div className="time-main">
 																	<div className="med-name">
 																		<div
@@ -797,7 +1074,7 @@ export function DashboardPage() {
 																<div className="doses-col">
 																	{item.doses.map((dose) => {
 																		// If no takenBy, show single checkbox; otherwise show one per person
-																		const people = dose.takenBy.length > 0 ? dose.takenBy : [null];
+																		const people = getDosePeople(dose.takenBy);
 																		const allTaken = people.every((person) =>
 																			isDoseTakenForDisplay(getDoseId(dose.id, person))
 																		);
@@ -828,10 +1105,20 @@ export function DashboardPage() {
 																					{people.map((person) => {
 																						const doseId = getDoseId(dose.id, person);
 																						const isTaken = isDoseTakenForDisplay(doseId);
+																						const isSkipped = effectiveSkippedDoses.has(doseId);
 																						const isAutomaticallyTaken =
 																							isTaken && isDoseTakenAutomatically(doseId) && dose.when <= Date.now();
+																						const personClasses = ["dose-person"];
+																						if (isTaken) personClasses.push("taken");
+																						if (isSkipped) personClasses.push("skipped");
+																						if (notificationTarget?.doseId === doseId)
+																							personClasses.push("notification-focus-target");
 																						return (
-																							<div key={doseId} className={`dose-person ${isTaken ? "taken" : ""}`}>
+																							<div
+																								key={doseId}
+																								data-dose-id={doseId}
+																								className={personClasses.join(" ")}
+																							>
 																								{person && (
 																									<span
 																										className="person-name clickable"
@@ -843,38 +1130,13 @@ export function DashboardPage() {
 																										{person}
 																									</span>
 																								)}
-																								{isTaken ? (
-																									<button
-																										className="dose-btn undo"
-																										onClick={() => undoDoseTaken(doseId)}
-																										title={t("common.undo")}
-																									>
-																										{isAutomaticallyTaken && (
-																											<span
-																												className="info-tooltip"
-																												data-tooltip={t("tooltips.automaticTaken")}
-																											>
-																												🤖
-																											</span>
-																										)}
-																										<span className="dose-btn-label">{t("common.undo")}</span>
-																										<span aria-hidden="true">↩</span>
-																									</button>
-																								) : (
-																									<button
-																										className={`dose-btn take${isEmpty ? " out-of-stock" : ""}`}
-																										onClick={() => markDoseTaken(doseId)}
-																										title={
-																											isEmpty
-																												? t("common.outOfStockTakeBlocked")
-																												: t("dose.markAsTaken")
-																										}
-																										disabled={isEmpty}
-																									>
-																										<span className="dose-btn-label">{t("dose.take")}</span>
-																										<span aria-hidden="true">{isEmpty ? "⊘" : "✓"}</span>
-																									</button>
-																								)}
+																								{renderDoseActionButtons({
+																									doseId,
+																									isTaken,
+																									isSkipped,
+																									isAutomaticallyTaken,
+																									isEmpty,
+																								})}
 																							</div>
 																						);
 																					})}
@@ -1023,6 +1285,7 @@ export function DashboardPage() {
 										return (
 											<div
 												key={day.dateStr}
+												data-date-key={getRouteDateKey(day.date)}
 												className={`day-block ${isCollapsed ? "collapsed" : ""} ${allDayTaken ? "all-taken" : ""} today ${worstStatus ? `stock-${worstStatus}` : ""}`}
 											>
 												<div
@@ -1067,8 +1330,15 @@ export function DashboardPage() {
 														const rowClasses = ["time-row"];
 														if (isEmpty) rowClasses.push("med-empty");
 														else if (isLowStock) rowClasses.push("med-low");
+														if (med?.id != null && notificationTarget?.medId === String(med.id)) {
+															rowClasses.push("notification-focus-target-row");
+														}
 														return (
-															<div key={`${day.dateStr}-${item.medName}`} className={rowClasses.join(" ")}>
+															<div
+																key={`${day.dateStr}-${item.medName}`}
+																className={rowClasses.join(" ")}
+																data-med-id={med?.id != null ? String(med.id) : undefined}
+															>
 																<div className="time-main">
 																	<div className="med-name">
 																		<div
@@ -1126,8 +1396,8 @@ export function DashboardPage() {
 																</div>
 																<div className="doses-col">
 																	{item.doses.map((dose) => {
-																		const isOverdue = dose.when < Date.now();
-																		const people = dose.takenBy.length > 0 ? dose.takenBy : [null];
+																		const isOverdue = dose.when < Date.now() && !isEmpty;
+																		const people = getDosePeople(dose.takenBy);
 																		const allTaken = people.every((person) =>
 																			isDoseTakenForDisplay(getDoseId(dose.id, person))
 																		);
@@ -1159,10 +1429,20 @@ export function DashboardPage() {
 																					{people.map((person) => {
 																						const doseId = getDoseId(dose.id, person);
 																						const isTaken = isDoseTakenForDisplay(doseId);
+																						const isSkipped = effectiveSkippedDoses.has(doseId);
 																						const isAutomaticallyTaken =
 																							isTaken && isDoseTakenAutomatically(doseId) && dose.when <= Date.now();
+																						const personClasses = ["dose-person"];
+																						if (isTaken) personClasses.push("taken");
+																						if (isSkipped) personClasses.push("skipped");
+																						if (notificationTarget?.doseId === doseId)
+																							personClasses.push("notification-focus-target");
 																						return (
-																							<div key={doseId} className={`dose-person ${isTaken ? "taken" : ""}`}>
+																							<div
+																								key={doseId}
+																								data-dose-id={doseId}
+																								className={personClasses.join(" ")}
+																							>
 																								{person && (
 																									<span
 																										className="person-name clickable"
@@ -1174,38 +1454,13 @@ export function DashboardPage() {
 																										{person}
 																									</span>
 																								)}
-																								{isTaken ? (
-																									<button
-																										className="dose-btn undo"
-																										onClick={() => undoDoseTaken(doseId)}
-																										title={t("common.undo")}
-																									>
-																										{isAutomaticallyTaken && (
-																											<span
-																												className="info-tooltip"
-																												data-tooltip={t("tooltips.automaticTaken")}
-																											>
-																												🤖
-																											</span>
-																										)}
-																										<span className="dose-btn-label">{t("common.undo")}</span>
-																										<span aria-hidden="true">↩</span>
-																									</button>
-																								) : (
-																									<button
-																										className={`dose-btn take${isEmpty ? " out-of-stock" : ""}`}
-																										onClick={() => markDoseTaken(doseId)}
-																										title={
-																											isEmpty
-																												? t("common.outOfStockTakeBlocked")
-																												: t("dose.markAsTaken")
-																										}
-																										disabled={isEmpty}
-																									>
-																										<span className="dose-btn-label">{t("dose.take")}</span>
-																										<span aria-hidden="true">{isEmpty ? "⊘" : "✓"}</span>
-																									</button>
-																								)}
+																								{renderDoseActionButtons({
+																									doseId,
+																									isTaken,
+																									isSkipped,
+																									isAutomaticallyTaken,
+																									isEmpty,
+																								})}
 																							</div>
 																						);
 																					})}
@@ -1227,7 +1482,7 @@ export function DashboardPage() {
 										const totalFutureDoses = futureDays.flatMap((d) =>
 											d.meds.flatMap((m) =>
 												m.doses.flatMap((dose) =>
-													dose.takenBy.length > 0 ? dose.takenBy.map((p) => `${dose.id}-${p}`) : [dose.id]
+													getDosePeople(dose.takenBy).map((person) => (person ? `${dose.id}-${person}` : dose.id))
 												)
 											)
 										);
@@ -1296,6 +1551,7 @@ export function DashboardPage() {
 										return (
 											<div
 												key={day.dateStr}
+												data-date-key={getRouteDateKey(day.date)}
 												className={`day-block ${isCollapsed ? "collapsed" : ""} ${allDayTaken ? "all-taken" : ""} ${worstStatus ? `stock-${worstStatus}` : ""}`}
 											>
 												<div
@@ -1340,8 +1596,15 @@ export function DashboardPage() {
 														const rowClasses = ["time-row"];
 														if (isEmpty) rowClasses.push("med-empty");
 														else if (isLowStock) rowClasses.push("med-low");
+														if (med?.id != null && notificationTarget?.medId === String(med.id)) {
+															rowClasses.push("notification-focus-target-row");
+														}
 														return (
-															<div key={`${day.dateStr}-${item.medName}`} className={rowClasses.join(" ")}>
+															<div
+																key={`${day.dateStr}-${item.medName}`}
+																className={rowClasses.join(" ")}
+																data-med-id={med?.id != null ? String(med.id) : undefined}
+															>
 																<div className="time-main">
 																	<div className="med-name">
 																		<div
@@ -1399,7 +1662,7 @@ export function DashboardPage() {
 																</div>
 																<div className="doses-col">
 																	{item.doses.map((dose) => {
-																		const people = dose.takenBy.length > 0 ? dose.takenBy : [null];
+																		const people = getDosePeople(dose.takenBy);
 																		const allTaken = people.every((person) =>
 																			isDoseTakenForDisplay(getDoseId(dose.id, person))
 																		);
@@ -1430,10 +1693,20 @@ export function DashboardPage() {
 																					{people.map((person) => {
 																						const doseId = getDoseId(dose.id, person);
 																						const isTaken = isDoseTakenForDisplay(doseId);
+																						const isSkipped = effectiveSkippedDoses.has(doseId);
 																						const isAutomaticallyTaken =
 																							isTaken && isDoseTakenAutomatically(doseId) && dose.when <= Date.now();
+																						const personClasses = ["dose-person"];
+																						if (isTaken) personClasses.push("taken");
+																						if (isSkipped) personClasses.push("skipped");
+																						if (notificationTarget?.doseId === doseId)
+																							personClasses.push("notification-focus-target");
 																						return (
-																							<div key={doseId} className={`dose-person ${isTaken ? "taken" : ""}`}>
+																							<div
+																								key={doseId}
+																								data-dose-id={doseId}
+																								className={personClasses.join(" ")}
+																							>
 																								{person && (
 																									<span
 																										className="person-name clickable"
@@ -1445,34 +1718,13 @@ export function DashboardPage() {
 																										{person}
 																									</span>
 																								)}
-																								{isTaken ? (
-																									<button
-																										className="dose-btn undo"
-																										onClick={() => undoDoseTaken(doseId)}
-																										title={t("common.undo")}
-																									>
-																										{isAutomaticallyTaken && (
-																											<span
-																												className="info-tooltip"
-																												data-tooltip={t("tooltips.automaticTaken")}
-																											>
-																												🤖
-																											</span>
-																										)}
-																										<span className="dose-btn-label">{t("common.undo")}</span>
-																										<span aria-hidden="true">↩</span>
-																									</button>
-																								) : (
-																									<button
-																										className={`dose-btn take out-of-stock`}
-																										onClick={() => markDoseTaken(doseId)}
-																										title={t("common.outOfStockTakeBlocked")}
-																										disabled={true}
-																									>
-																										<span className="dose-btn-label">{t("dose.take")}</span>
-																										<span aria-hidden="true">⊘</span>
-																									</button>
-																								)}
+																								{renderDoseActionButtons({
+																									doseId,
+																									isTaken,
+																									isSkipped,
+																									isAutomaticallyTaken,
+																									isEmpty: true,
+																								})}
 																							</div>
 																						);
 																					})}
@@ -39,7 +39,9 @@ import {
 	getPackageProfile,
 	getPackageSize,
 	isAmountBasedPackageType,
+	isDiscreteCountPackageType,
 	isLiquidContainerPackageType,
+	isPackageAmountPackageType,
 	isTubePackageType,
 	normalizePackageType,
 	PACKAGE_PROFILES,
@@ -65,7 +67,16 @@ const OPEN_FDA_PACKAGE_CODE_PATTERN = /\s*\(([0-9A-Z]{4,}(?:-[0-9A-Z]{1,})+)\)\s

 function normalizeMedicationEnrichmentDoseUnit(unit: MedicationEnrichmentStrengthOption["doseUnit"]): DoseUnit | null {
 	if (unit === "IU") return "units";
-	if (unit === "mg" || unit === "g" || unit === "mcg" || unit === "ml" || unit === "units") return unit;
+	if (
+		unit === "mg" ||
+		unit === "g" ||
+		unit === "mcg" ||
+		unit === "ml" ||
+		unit === "units" ||
+		unit === "puffs" ||
+		unit === "injections"
+	)
+		return unit;
 	return null;
 }

@@ -257,8 +268,10 @@ export function MedicationsPage() {
 	useUnsavedChangesWarning(formChanged);

 	// View mode: grid (default) or form (edit/new)
-	// If navigating in with editMedId, suppress rendering until the edit form is ready
-	const [pendingEditTransition, setPendingEditTransition] = useState(() => searchParams.has("editMedId"));
+	// If navigating in with a medication deep-link, suppress rendering until the target form is ready
+	const [pendingEditTransition, setPendingEditTransition] = useState(
+		() => searchParams.has("editMedId") || searchParams.has("viewMedId")
+	);
 	const [viewMode, setViewMode] = useState<"grid" | "form">(pendingEditTransition ? "form" : "grid");
 	const [lightboxImage, setLightboxImage] = useState<{ src: string; alt: string } | null>(null);
 	const [activeTab, setActiveTab] = useState<"general" | "stock" | "prescription" | "schedule">("general");
@@ -269,9 +282,23 @@ export function MedicationsPage() {
 	useEffect(() => {
 		showEditModalRef.current = showEditModal;
 	}, [showEditModal]);
-	const processedEditMedIdRef = useRef<string | null>(null);
+	const processedMedicationLinkRef = useRef<string | null>(null);
 	const hasDesktopFormHistoryState = useRef(false);

+	const getMedicationLinkState = useCallback((params: URLSearchParams) => {
+		const viewMedId = params.get("viewMedId");
+		if (viewMedId) {
+			return { mode: "view" as const, linkedMedId: viewMedId };
+		}
+
+		const editMedId = params.get("editMedId");
+		if (editMedId) {
+			return { mode: "edit" as const, linkedMedId: editMedId };
+		}
+
+		return { mode: null, linkedMedId: null };
+	}, []);
+
 	// Sync formChanged state to the global context for navigation blocking
 	const { setHasUnsavedChanges } = useUnsavedChanges();
 	useEffect(() => {
@@ -752,6 +779,15 @@ export function MedicationsPage() {
 		return form.pillForm === "tablet";
 	}, [form.packageType, form.medicationForm, form.pillForm]);

+	const getDiscreteUnitLabel = useCallback(
+		(packageType: PackageType, count: number) => {
+			if (packageType === "inhaler") return count === 1 ? t("common.puff") : t("common.puffs");
+			if (packageType === "injection") return count === 1 ? t("common.injection") : t("common.injections");
+			return count === 1 ? t("common.pill") : t("common.pills");
+		},
+		[t]
+	);
+
 	const getUsageLabel = useCallback(
 		(intakeUnit: "ml" | "tsp" | "tbsp") => {
 			if (isLiquidContainerPackageType(form.packageType)) {
@@ -762,16 +798,29 @@ export function MedicationsPage() {
 			if (isTubePackageType(form.packageType)) {
 				return form.medicationForm === "liquid" ? t("form.blisters.usageMl") : t("form.blisters.usageApplication");
 			}
+			if (form.packageType === "inhaler") return t("common.puffs");
+			if (form.packageType === "injection") return t("common.injections");
 			if (form.pillForm === "capsule") return t("form.blisters.usageCapsules");
 			return t("form.blisters.usageTablets");
 		},
 		[form.packageType, form.medicationForm, form.pillForm, t]
 	);

-	const usesAmountLabels = isTubePackageType(form.packageType) || isLiquidContainerPackageType(form.packageType);
+	const usesAmountLabels = isPackageAmountPackageType(form.packageType);
+	const usesCountLabels = isDiscreteCountPackageType(form.packageType) && form.packageType !== "bottle";
 	const totalCapacityLabel = usesAmountLabels ? t("form.totalAmount") : t("form.totalCapacity");
-	const currentStockLabel = usesAmountLabels ? t("form.currentAmount") : t("form.currentPills");
-	const totalLabel = usesAmountLabels ? t("form.totalAmountLabel") : t("form.total");
+	let currentStockLabel = t("form.currentPills");
+	if (usesAmountLabels) {
+		currentStockLabel = t("form.currentAmount");
+	} else if (usesCountLabels) {
+		currentStockLabel = t("form.currentStockCount");
+	}
+	let totalLabel = t("form.total");
+	if (usesAmountLabels) {
+		totalLabel = t("form.totalAmountLabel");
+	} else if (usesCountLabels) {
+		totalLabel = t("form.totalCount");
+	}
 	const weekdayOptions = useMemo(
 		() =>
 			WEEKDAY_CODES.map((day) => ({
@@ -802,9 +851,9 @@ export function MedicationsPage() {
 		(med: Medication) => {
 			if (isTubePackageType(med.packageType)) return "";
 			if (isLiquidContainerPackageType(med.packageType)) return " ml";
-			return ` ${getPackageSize(med) === 1 ? t("common.pill") : t("common.pills")}`;
+			return ` ${getDiscreteUnitLabel(normalizePackageType(med.packageType), getPackageSize(med))}`;
 		},
-		[t]
+		[getDiscreteUnitLabel]
 	);

 	const getMedicationUsageUnitLabel = useCallback(
@@ -813,18 +862,18 @@ export function MedicationsPage() {
 				return med.medicationForm === "liquid" ? "ml" : t("form.blisters.usageApplication");
 			}
 			if (isLiquidContainerPackageType(med.packageType)) return "ml";
-			if (usage === 1) return t("common.pill");
-			return t("common.pills");
+			return getDiscreteUnitLabel(normalizePackageType(med.packageType), usage);
 		},
-		[t]
+		[getDiscreteUnitLabel, t]
 	);

-	const clearEditMedIdParam = useCallback(() => {
+	const clearMedicationLinkParams = useCallback(() => {
 		setSearchParams(
 			(prevParams) => {
-				if (!prevParams.has("editMedId")) return prevParams;
+				if (!prevParams.has("editMedId") && !prevParams.has("viewMedId")) return prevParams;
 				const nextParams = new URLSearchParams(prevParams);
 				nextParams.delete("editMedId");
+				nextParams.delete("viewMedId");
 				return nextParams;
 			},
 			{ replace: true }
@@ -848,7 +897,7 @@ export function MedicationsPage() {
 				setShowUnsavedConfirm(true);
 				return;
 			}
-			clearEditMedIdParam();
+			clearMedicationLinkParams();
 			// Mark as confirmed to avoid double confirmation in popstate handler
 			closeConfirmedRef.current = true;
 			window.history.back();
@@ -872,7 +921,7 @@ export function MedicationsPage() {
 			setReadOnlyView(false);
 			pendingAction();
 		} else if (source === "mobile-edit" && showEditModal) {
-			clearEditMedIdParam();
+			clearMedicationLinkParams();
 			setShowEditModal(false);
 			resetForm();
 			resetMedicationEnrichment();
@@ -1042,6 +1091,8 @@ export function MedicationsPage() {
 				form.medicationForm === "liquid" || form.medicationForm === "topical" ? form.medicationForm : "topical";
 		} else if (isLiquidContainerPackageType(form.packageType)) {
 			derivedMedicationForm = "liquid";
+		} else if (isDiscreteCountPackageType(form.packageType)) {
+			derivedMedicationForm = "tablet";
 		} else {
 			derivedMedicationForm = form.pillForm;
 		}
@@ -1062,8 +1113,7 @@ export function MedicationsPage() {
 			genericName: form.genericName.trim() || null,
 			takenBy: form.takenBy.length > 0 ? form.takenBy : [],
 			medicationForm: derivedMedicationForm,
-			pillForm:
-				isTubePackageType(form.packageType) || isLiquidContainerPackageType(form.packageType) ? null : form.pillForm,
+			pillForm: allowsPillFormSelection(form.packageType) ? form.pillForm : null,
 			lifecycleCategory: form.lifecycleCategory,
 			packageType: normalizePackageType(form.packageType),
 			packCount: isTubePackageType(form.packageType)
@@ -1159,7 +1209,7 @@ export function MedicationsPage() {
 				if (shouldCloseMobileModal) {
 					// Treat post-save close as confirmed so popstate does not trigger unsaved guards.
 					closeConfirmedRef.current = true;
-					clearEditMedIdParam();
+					clearMedicationLinkParams();
 					setShowEditModal(false);
 					setReadOnlyView(false);
 					setActiveTab("general");
@@ -1188,7 +1238,8 @@ export function MedicationsPage() {
 	// Handle browser back button for modals and unsaved changes
 	useEffect(() => {
 		const handlePopState = () => {
-			const currentEditMedId = new URLSearchParams(window.location.search).get("editMedId");
+			const currentParams = new URLSearchParams(window.location.search);
+			const { mode: currentLinkMode, linkedMedId: currentMedicationLinkId } = getMedicationLinkState(currentParams);

 			// Obsolete confirmation is open — dismiss it and stay where we are
 			if (showObsoleteConfirm) {
@@ -1207,10 +1258,10 @@ export function MedicationsPage() {
 			// If close was already confirmed programmatically, allow navigation
 			if (closeConfirmedRef.current) {
 				closeConfirmedRef.current = false;
-				if (currentEditMedId) {
+				if (currentMedicationLinkId && currentLinkMode) {
 					// Prevent URL popstate from immediately reopening mobile edit for the same id.
-					processedEditMedIdRef.current = currentEditMedId;
-					clearEditMedIdParam();
+					processedMedicationLinkRef.current = `${currentLinkMode}:${currentMedicationLinkId}`;
+					clearMedicationLinkParams();
 				}
 				if (showEditModal) {
 					setShowEditModal(false);
@@ -1231,11 +1282,11 @@ export function MedicationsPage() {
 					setShowUnsavedConfirm(true);
 					return;
 				}
-				if (currentEditMedId) {
+				if (currentMedicationLinkId && currentLinkMode) {
 					// Mark as handled before URL cleanup to avoid same-tick re-open races.
-					processedEditMedIdRef.current = currentEditMedId;
+					processedMedicationLinkRef.current = `${currentLinkMode}:${currentMedicationLinkId}`;
 				}
-				clearEditMedIdParam();
+				clearMedicationLinkParams();
 				setShowEditModal(false);
 				resetForm();
 				resetMedicationEnrichment();
@@ -1271,7 +1322,16 @@ export function MedicationsPage() {
 		};
 		window.addEventListener("popstate", handlePopState);
 		return () => window.removeEventListener("popstate", handlePopState);
-	}, [showObsoleteConfirm, showDeleteConfirm, showEditModal, viewMode, formChanged, resetForm, clearEditMedIdParam]);
+	}, [
+		showObsoleteConfirm,
+		showDeleteConfirm,
+		showEditModal,
+		viewMode,
+		formChanged,
+		resetForm,
+		clearMedicationLinkParams,
+		getMedicationLinkState,
+	]);

 	// Close modal on Escape key
 	useEffect(() => {
@@ -1389,22 +1449,23 @@ export function MedicationsPage() {
 	}, [activeMeds, editingId]);

 	useEffect(() => {
-		const editMedId = searchParams.get("editMedId");
-		if (!editMedId) {
-			processedEditMedIdRef.current = null;
+		const { mode: linkMode, linkedMedId } = getMedicationLinkState(searchParams);
+		if (!linkedMedId || !linkMode) {
+			processedMedicationLinkRef.current = null;
 			return;
 		}
-		if (processedEditMedIdRef.current === editMedId) return;
-		const parsedMedId = Number.parseInt(editMedId, 10);
+		const linkKey = `${linkMode}:${linkedMedId}`;
+		if (processedMedicationLinkRef.current === linkKey) return;
+		const parsedMedId = Number.parseInt(linkedMedId, 10);
 		if (Number.isNaN(parsedMedId)) return;
 		const medicationToEdit =
 			meds.find((med) => med.id === parsedMedId) ?? allMeds.find((med) => med.id === parsedMedId);
 		if (!medicationToEdit) return;

-		processedEditMedIdRef.current = editMedId;
+		processedMedicationLinkRef.current = linkKey;

 		setShowNameValidation(false);
-		setReadOnlyView(false);
+		setReadOnlyView(linkMode === "view");
 		setActiveTab("general");
 		resetMedicationEnrichment(medicationToEdit.name || medicationToEdit.genericName || "");
 		startEdit(medicationToEdit, openEditModal);
@@ -1415,8 +1476,9 @@ export function MedicationsPage() {

 		const nextParams = new URLSearchParams(searchParams);
 		nextParams.delete("editMedId");
+		nextParams.delete("viewMedId");
 		setSearchParams(nextParams, { replace: true });
-	}, [allMeds, meds, openEditModal, searchParams, setSearchParams, startEdit]);
+	}, [allMeds, getMedicationLinkState, meds, openEditModal, searchParams, setSearchParams, startEdit]);

 	const selectedMedication = useMemo(() => {
 		if (!editingId) return null;
@@ -122,6 +122,12 @@ export function PlannerPage() {
 	const canSendNotification =
 		(settings.emailEnabled && settings.notificationEmail) || (settings.shoutrrrEnabled && settings.shoutrrrUrl);

+	const getDiscreteUnitLabel = (packageType: string | undefined, count: number): string => {
+		if (packageType === "inhaler") return count === 1 ? t("common.puff") : t("common.puffs");
+		if (packageType === "injection") return count === 1 ? t("common.injection") : t("common.injections");
+		return count === 1 ? t("common.pill") : t("common.pills");
+	};
+
 	const getUsageUnitLabel = (medicationId: number, count: number): string => {
 		const med = meds.find((m) => m.id === medicationId);
 		if (isLiquidContainerPackageType(med?.packageType)) {
@@ -130,7 +136,7 @@ export function PlannerPage() {
 		if (isTubePackageType(med?.packageType)) {
 			return med?.medicationForm === "liquid" ? t("form.ml") : t("blisters.applications");
 		}
-		return count === 1 ? t("common.pill") : t("common.pills");
+		return getDiscreteUnitLabel(med?.packageType, count);
 	};

 	const getAvailableLabel = (medicationId: number, loosePills: number): string => {
@@ -143,7 +149,7 @@ export function PlannerPage() {
 			const unit = med?.medicationForm === "liquid" ? t("form.ml") : t("blisters.applications");
 			return `${roundedLoose} ${unit}`;
 		}
-		return `${roundedLoose} ${roundedLoose === 1 ? t("common.pill") : t("common.pills")}`;
+		return `${roundedLoose} ${getDiscreteUnitLabel(med?.packageType, roundedLoose)}`;
 	};

 	async function sendPlannerNotification() {
--- a/Show More
+++ b/Show More
				`@@ -0,0 +1 @@`
				ALTER TABLE `user_settings` ADD `timezone` text DEFAULT '' NOT NULL;