@nativesquare/soma 0.10.0 → 0.10.2

package/src/component/garmin/public.ts

@@ -18,7 +18,7 @@ import {
   createWellnessClient,
   createTrainingClient,
 } from "./client.js";
-import { timeRangeQuery } from "./utils.js";
+import { buildTimeRangeQuery, timeRangeQuery } from "./utils.js";
 import {
   createWorkoutV2 as sdkCreateWorkoutV2,
   createWorkoutSchedule as sdkCreateWorkoutSchedule,
@@ -60,24 +60,20 @@ const DEFAULT_SYNC_DAYS = 30;
 // Refresh buffer: refresh tokens 10 minutes before expiry
 const REFRESH_BUFFER_SECONDS = 600;
 
-// ─── Public Actions ──────────────────────────────────────────────────────────
+// ─── OAuth ──────────────────────────────────────────────────────────────────
 
 /**
  * Generate a Garmin OAuth 2.0 authorization URL with PKCE.
  *
- * If `userId` is provided, the PKCE code verifier and state are stored in the
- * component's `pendingOAuth` table so that `completeGarminOAuth` can look
- * them up automatically when the callback fires. This is the recommended
- * flow when using `registerRoutes`.
- *
- * If `userId` is omitted, the host app must store the returned `codeVerifier`
- * itself and pass it to `connectGarmin` manually.
+ * The PKCE code verifier and state are stored in the component's
+ * `pendingOAuth` table so that `completeGarminOAuth` can look them up
+ * automatically when the callback fires via `registerRoutes`.
  */
 export const getGarminAuthUrl = action({
   args: {
     clientId: v.string(),
     redirectUri: v.optional(v.string()),
-    userId: v.optional(v.string()),
+    userId: v.string(),
   },
   handler: async (ctx, args) => {
     const codeVerifier = generateCodeVerifier();
@@ -91,109 +87,27 @@ export const getGarminAuthUrl = action({
       state,
     });
 
-    if (args.userId) {
-      await ctx.runMutation(internal.garmin.private.storePendingOAuth, {
-        provider: "GARMIN",
-        state,
-        codeVerifier,
-        userId: args.userId,
-      });
-    }
-
-    return { authUrl, state, codeVerifier };
-  },
-});
-
-/**
- * Exchange an authorization code for tokens + initial sync.
- *
- * Used in the manual flow where the host app stores the code verifier
- * and handles the callback itself.
- */
-export const connectGarmin = action({
-  args: {
-    userId: v.string(),
-    clientId: v.string(),
-    clientSecret: v.string(),
-    code: v.string(),
-    codeVerifier: v.string(),
-    redirectUri: v.optional(v.string()),
-  },
-  handler: async (ctx, args): Promise<{
-    connectionId: Id<"connections">;
-    userId: string;
-    synced: Record<string, number>;
-    errors: Array<{ type: string; id: string; error: string }>;
-  }> => {
-    const tokenResult = await exchangeCode({
-      clientId: args.clientId,
-      clientSecret: args.clientSecret,
-      code: args.code,
-      codeVerifier: args.codeVerifier,
-      redirectUri: args.redirectUri,
-    });
-
-    const connectionId: Id<"connections"> = await ctx.runMutation(api.public.connect, {
-      userId: args.userId,
+    await ctx.runMutation(internal.garmin.private.storePendingOAuth, {
       provider: "GARMIN",
-    });
-
-    const expiresAt = Math.floor(Date.now() / 1000) + tokenResult.expires_in;
-    const _stored: null = await ctx.runMutation(internal.garmin.private.storeTokens, {
-      connectionId,
-      accessToken: tokenResult.access_token,
-      refreshToken: tokenResult.refresh_token,
-      expiresAt,
-    });
-
-    // Best-effort: resolve Garmin user ID for webhook mapping
-    const wellnessClient = createWellnessClient(tokenResult.access_token);
-    const { data: userIdData } = await sdkUserId({ client: wellnessClient });
-    const garminUserId = userIdData?.userId ?? null;
-    if (garminUserId) {
-      const _updated: null = await ctx.runMutation(api.public.updateConnection, {
-        connectionId,
-        providerUserId: garminUserId,
-      });
-    }
-
-    const now = Math.floor(Date.now() / 1000);
-    const thirtyDaysAgo = now - DEFAULT_SYNC_DAYS * 86400;
-    const timeRange = {
-      uploadStartTimeInSeconds: thirtyDaysAgo,
-      uploadEndTimeInSeconds: now,
-    };
-
-    const result = await ctx.runAction(api.garmin.public.syncAllTypes, {
-      accessToken: tokenResult.access_token,
-      connectionId,
+      state,
+      codeVerifier,
       userId: args.userId,
-      uploadStartTimeInSeconds: timeRange.uploadStartTimeInSeconds,
-      uploadEndTimeInSeconds: timeRange.uploadEndTimeInSeconds,
-    });
-
-    const _updated: null = await ctx.runMutation(api.public.updateConnection, {
-      connectionId,
-      lastDataUpdate: new Date().toISOString(),
     });
 
-    return {
-      connectionId,
-      userId: args.userId,
-      synced: result.synced,
-      errors: result.errors,
-    };
+    return { authUrl, state, codeVerifier };
   },
 });
 
 /**
  * Complete a Garmin OAuth 2.0 flow using stored pending state.
  *
- * Used by `registerRoutes` — the callback handler calls this with the
- * `code` and `state` from the redirect. The action looks up the pending
- * state (codeVerifier, userId) stored during `getGarminAuthUrl`,
- * exchanges for tokens, creates the connection, syncs data, and
- * cleans up the pending entry.
+ * Called internally by `registerRoutes` — the callback handler calls
+ * this with the `code` and `state` from the redirect. The action looks
+ * up the pending state (codeVerifier, userId) stored during
+ * `getGarminAuthUrl`, exchanges for tokens, creates the connection,
+ * stores tokens, and cleans up the pending entry.
+ *
+ * The host app is responsible for calling `syncGarmin` afterwards.
  */
 export const completeGarminOAuth = action({
   args: {
@@ -206,8 +120,6 @@ export const completeGarminOAuth = action({
   handler: async (ctx, args): Promise<{
     connectionId: Id<"connections">;
     userId: string;
-    synced: Record<string, number>;
-    errors: Array<{ type: string; id: string; error: string }>;
   }> => {
     const pending: Doc<"pendingOAuth"> | null = await ctx.runQuery(internal.garmin.private.getPendingOAuth, {
       state: args.state,
@@ -262,140 +174,10 @@ export const completeGarminOAuth = action({
       });
     }
 
-    const now = Math.floor(Date.now() / 1000);
-    const thirtyDaysAgo = now - DEFAULT_SYNC_DAYS * 86400;
-    const timeRange = {
-      uploadStartTimeInSeconds: thirtyDaysAgo,
-      uploadEndTimeInSeconds: now,
-    };
-
-    const result = await ctx.runAction(api.garmin.public.syncAllTypes, {
-      accessToken: tokenResult.access_token,
-      connectionId,
-      userId: pending.userId,
-      uploadStartTimeInSeconds: timeRange.uploadStartTimeInSeconds,
-      uploadEndTimeInSeconds: timeRange.uploadEndTimeInSeconds,
-    });
-
-    const _updated: null = await ctx.runMutation(api.public.updateConnection, {
-      connectionId,
-      lastDataUpdate: new Date().toISOString(),
-    });
-
     return {
       connectionId,
       userId: pending.userId,
-      synced: result.synced,
-      errors: result.errors,
-    };
-  },
-});
-
-/**
- * Incremental Garmin sync for an already-connected user.
- *
- * Looks up the stored tokens, refreshes if expired, and syncs all data
- * types for the specified time range (defaults to last 30 days).
- */
-export const syncGarmin = action({
-  args: {
-    userId: v.string(),
-    clientId: v.string(),
-    clientSecret: v.string(),
-    startTimeInSeconds: v.optional(v.number()),
-    endTimeInSeconds: v.optional(v.number()),
-  },
-  handler: async (ctx, args): Promise<{
-    synced: Record<string, number>;
-    errors: Array<{ type: string; id: string; error: string }>;
-  }> => {
-    const connection: Doc<"connections"> | null = await ctx.runQuery(
-      internal.private.getConnectionByProvider,
-      { userId: args.userId, provider: "GARMIN" },
-    );
-    if (!connection) {
-      throw new Error(
-        `No Garmin connection found for user "${args.userId}". ` +
-        "Call connectGarmin first.",
-      );
-    }
-    if (!connection.active) {
-      throw new Error(
-        `Garmin connection for user "${args.userId}" is inactive. Reconnect first.`,
-      );
-    }
-
-    const connectionId = connection._id;
-
-    const tokenDoc: Doc<"providerTokens"> | null = await ctx.runQuery(internal.garmin.private.getTokens, {
-      connectionId,
-    });
-    if (!tokenDoc) {
-      throw new Error(
-        "No Garmin tokens found for this connection. " +
-        "The connection may have been created before token storage was available.",
-      );
-    }
-
-    let accessToken = tokenDoc.accessToken;
-
-    // Refresh the token if it's expired or about to expire
-    const nowSeconds = Math.floor(Date.now() / 1000);
-    if (
-      tokenDoc.expiresAt &&
-      tokenDoc.refreshToken &&
-      nowSeconds >= tokenDoc.expiresAt - REFRESH_BUFFER_SECONDS
-    ) {
-      const refreshed = await refreshToken({
-        clientId: args.clientId,
-        clientSecret: args.clientSecret,
-        refreshToken: tokenDoc.refreshToken,
-      });
-
-      accessToken = refreshed.access_token;
-      const newExpiresAt = nowSeconds + refreshed.expires_in;
-      const _refreshed: null = await ctx.runMutation(internal.garmin.private.storeTokens, {
-        connectionId,
-        accessToken: refreshed.access_token,
-        refreshToken: refreshed.refresh_token,
-        expiresAt: newExpiresAt,
-      });
-    }
-
-    // Lazy backfill: resolve Garmin user ID if missing (for webhook mapping)
-    if (!connection.providerUserId) {
-      const wellnessClient = createWellnessClient(accessToken);
-      const { data: userIdData } = await sdkUserId({ client: wellnessClient });
-      const garminUserId = userIdData?.userId ?? null;
-      if (garminUserId) {
-        const _updated: null = await ctx.runMutation(api.public.updateConnection, {
-          connectionId,
-          providerUserId: garminUserId,
-        });
-      }
-    }
-
-    const now = Math.floor(Date.now() / 1000);
-    const timeRange = {
-      uploadStartTimeInSeconds:
-        args.startTimeInSeconds ?? now - DEFAULT_SYNC_DAYS * 86400,
-      uploadEndTimeInSeconds: args.endTimeInSeconds ?? now,
     };
-
-    const result = await ctx.runAction(api.garmin.public.syncAllTypes, {
-      accessToken,
-      connectionId,
-      userId: args.userId,
-      uploadStartTimeInSeconds: timeRange.uploadStartTimeInSeconds,
-      uploadEndTimeInSeconds: timeRange.uploadEndTimeInSeconds,
-    });
-
-    const _updated: null = await ctx.runMutation(api.public.updateConnection, {
-      connectionId,
-      lastDataUpdate: new Date().toISOString(),
-    });
-
-    return result;
   },
 });
 
@@ -446,158 +228,687 @@ export const disconnectGarmin = action({
   },
 });
 
-// ─── Training API ────────────────────────────────────────────────────────────
+// ─── Pull ───────────────────────────────────────────────────────────────────
 
-/**
- * Push a planned workout from Soma's DB to Garmin Connect.
- *
- * Reads the planned workout document, transforms it to Garmin Training API V2
- * format, creates the workout at Garmin, and optionally schedules it if a
- * `planned_date` is set in the metadata.
- *
- * Returns the Garmin workout ID and schedule ID (if scheduled).
- */
-export const pushPlannedWorkout = action({
+export const pullActivities = action({
   args: {
     userId: v.string(),
     clientId: v.string(),
     clientSecret: v.string(),
-    plannedWorkoutId: v.string(),
-    workoutProvider: v.optional(v.string()),
+    startTimeInSeconds: v.optional(v.number()),
+    endTimeInSeconds: v.optional(v.number()),
   },
-  handler: async (ctx, args): Promise<{ garminWorkoutId: number; garminScheduleId: number | null }> => {
-    const connection: Doc<"connections"> | null = await ctx.runQuery(
-      internal.private.getConnectionByProvider,
-      { userId: args.userId, provider: "GARMIN" },
+  handler: async (ctx, args) => {
+
+    const { connectionId, accessToken } = await ctx.runAction(
+      internal.garmin.private.resolveConnectionAndAccessToken,
+      {
+        userId: args.userId,
+        clientId: args.clientId,
+        clientSecret: args.clientSecret,
+      },
     );
-    if (!connection) {
-      throw new Error(
-        `No Garmin connection found for user "${args.userId}". ` +
-        "Call connectGarmin first.",
-      );
-    }
-    if (!connection.active) {
-      throw new Error(
-        `Garmin connection for user "${args.userId}" is inactive. Reconnect first.`,
-      );
-    }
 
-    const connectionId = connection._id;
+    const timeRangeQuery = buildTimeRangeQuery(args, accessToken);
 
-    const tokenDoc: Doc<"providerTokens"> | null = await ctx.runQuery(internal.garmin.private.getTokens, {
-      connectionId,
-    });
-    if (!tokenDoc) {
-      throw new Error(
-        "No Garmin tokens found for this connection. " +
-        "The connection may have been created before token storage was available.",
-      );
-    }
+    const wellnessClient = createWellnessClient(accessToken);
+    const synced = { activities: 0 };
+    const errors: Array<{ type: "activity"; id: string; error: string }> = [];
 
-    // Always force-refresh the token for Training API calls to rule out
-    // stale tokens (the initial sync swallows 401 errors silently).
-    let accessToken = tokenDoc.accessToken;
+    try {
+      const { data: activities, error } = await getActivities({
+        client: wellnessClient,
+        query: timeRangeQuery,
+      });
 
-    if (tokenDoc.refreshToken) {
-      try {
-        const refreshed = await refreshToken({
-          clientId: args.clientId,
-          clientSecret: args.clientSecret,
-          refreshToken: tokenDoc.refreshToken,
-        });
+      if (error || !activities) {
+        throw new Error(error ? JSON.stringify(error) : "No data");
+      }
 
-        accessToken = refreshed.access_token;
-        const nowSeconds = Math.floor(Date.now() / 1000);
-        const newExpiresAt = nowSeconds + refreshed.expires_in;
-        const _refreshed: null = await ctx.runMutation(internal.garmin.private.storeTokens, {
-          connectionId,
-          accessToken: refreshed.access_token,
-          refreshToken: refreshed.refresh_token,
-          expiresAt: newExpiresAt,
+      for (const activity of activities) {
+        try {
+          const data = transformActivity(activity);
+          await ctx.runMutation(api.public.ingestActivity, {
+            connectionId,
+            userId: args.userId,
+            ...data,
+          });
+          synced.activities++;
+        } catch (err) {
+          errors.push({
+            type: "activity",
+            id: activity.summaryId ?? String(activity.activityId),
+            error: err instanceof Error ? err.message : String(err),
+          });
+        }
+      }
+    } catch (err) {
+      errors.push({
+        type: "activity",
+        id: "fetch",
+        error: err instanceof Error ? err.message : String(err),
+      });
+    }
+
+    await ctx.runMutation(api.public.updateConnection, {
+      connectionId,
+      lastDataUpdate: new Date().toISOString(),
+    });
+
+    return { synced, errors };
+  },
+});
+
+export const pullDailies = action({
+  args: {
+    userId: v.string(),
+    clientId: v.string(),
+    clientSecret: v.string(),
+    startTimeInSeconds: v.optional(v.number()),
+    endTimeInSeconds: v.optional(v.number()),
+  },
+  handler: async (ctx, args) => {
+    const { connectionId, accessToken } = await ctx.runAction(
+      internal.garmin.private.resolveConnectionAndAccessToken,
+      { userId: args.userId, clientId: args.clientId, clientSecret: args.clientSecret },
+    );
+
+    const query = buildTimeRangeQuery(args, accessToken);
+    const wellnessClient = createWellnessClient(accessToken);
+    const synced = { dailies: 0 };
+    const errors: Array<{ type: string; id: string; error: string }> = [];
+
+    try {
+      const { data: dailies, error } = await getDailies({ client: wellnessClient, query });
+      if (error || !dailies) throw new Error(error ? JSON.stringify(error) : "No data");
+      for (const daily of dailies) {
+        try {
+          const data = transformDailies(daily);
+          if (!data) continue;
+          await ctx.runMutation(api.public.ingestDaily, { connectionId, userId: args.userId, ...data });
+          synced.dailies++;
+        } catch (err) {
+          errors.push({ type: "daily", id: daily.summaryId ?? daily.calendarDate ?? "unknown", error: err instanceof Error ? err.message : String(err) });
+        }
+      }
+    } catch (err) {
+      errors.push({ type: "daily", id: "fetch", error: err instanceof Error ? err.message : String(err) });
+    }
+
+    await ctx.runMutation(api.public.updateConnection, { connectionId, lastDataUpdate: new Date().toISOString() });
+    return { synced, errors };
+  },
+});
+
+export const pullSleep = action({
+  args: {
+    userId: v.string(),
+    clientId: v.string(),
+    clientSecret: v.string(),
+    startTimeInSeconds: v.optional(v.number()),
+    endTimeInSeconds: v.optional(v.number()),
+  },
+  handler: async (ctx, args) => {
+    const { connectionId, accessToken } = await ctx.runAction(
+      internal.garmin.private.resolveConnectionAndAccessToken,
+      { userId: args.userId, clientId: args.clientId, clientSecret: args.clientSecret },
+    );
+
+    const query = buildTimeRangeQuery(args, accessToken);
+    const wellnessClient = createWellnessClient(accessToken);
+    const synced = { sleep: 0 };
+    const errors: Array<{ type: string; id: string; error: string }> = [];
+
+    try {
+      const { data: sleeps, error } = await getSleeps({ client: wellnessClient, query });
+      if (error || !sleeps) throw new Error(error ? JSON.stringify(error) : "No data");
+      for (const sleep of sleeps) {
+        try {
+          const data = transformSleeps(sleep);
+          await ctx.runMutation(api.public.ingestSleep, { connectionId, userId: args.userId, ...data });
+          synced.sleep++;
+        } catch (err) {
+          errors.push({ type: "sleep", id: sleep.summaryId ?? sleep.calendarDate ?? "unknown", error: err instanceof Error ? err.message : String(err) });
+        }
+      }
+    } catch (err) {
+      errors.push({ type: "sleep", id: "fetch", error: err instanceof Error ? err.message : String(err) });
+    }
+
+    await ctx.runMutation(api.public.updateConnection, { connectionId, lastDataUpdate: new Date().toISOString() });
+    return { synced, errors };
+  },
+});
+
+export const pullBody = action({
+  args: {
+    userId: v.string(),
+    clientId: v.string(),
+    clientSecret: v.string(),
+    startTimeInSeconds: v.optional(v.number()),
+    endTimeInSeconds: v.optional(v.number()),
+  },
+  handler: async (ctx, args) => {
+    const { connectionId, accessToken } = await ctx.runAction(
+      internal.garmin.private.resolveConnectionAndAccessToken,
+      { userId: args.userId, clientId: args.clientId, clientSecret: args.clientSecret },
+    );
+
+    const query = buildTimeRangeQuery(args, accessToken);
+    const wellnessClient = createWellnessClient(accessToken);
+    const synced = { body: 0 };
+    const errors: Array<{ type: string; id: string; error: string }> = [];
+
+    try {
+      const { data: bodyComps, error } = await getBodyComps({ client: wellnessClient, query });
+      if (error || !bodyComps) throw new Error(error ? JSON.stringify(error) : "No data");
+      for (const body of bodyComps) {
+        try {
+          const data = transformBodyComposition(body);
+          if (!data) continue;
+          await ctx.runMutation(api.public.ingestBody, { connectionId, userId: args.userId, ...data });
+          synced.body++;
+        } catch (err) {
+          errors.push({ type: "body", id: body.summaryId ?? String(body.measurementTimeInSeconds), error: err instanceof Error ? err.message : String(err) });
+        }
+      }
+    } catch (err) {
+      errors.push({ type: "body", id: "fetch", error: err instanceof Error ? err.message : String(err) });
+    }
+
+    await ctx.runMutation(api.public.updateConnection, { connectionId, lastDataUpdate: new Date().toISOString() });
+    return { synced, errors };
+  },
+});
+
+export const pullMenstruation = action({
+  args: {
+    userId: v.string(),
+    clientId: v.string(),
+    clientSecret: v.string(),
+    startTimeInSeconds: v.optional(v.number()),
+    endTimeInSeconds: v.optional(v.number()),
+  },
+  handler: async (ctx, args) => {
+    const { connectionId, accessToken } = await ctx.runAction(
+      internal.garmin.private.resolveConnectionAndAccessToken,
+      { userId: args.userId, clientId: args.clientId, clientSecret: args.clientSecret },
+    );
+
+    const query = buildTimeRangeQuery(args, accessToken);
+    const wellnessClient = createWellnessClient(accessToken);
+    const synced = { menstruation: 0 };
+    const errors: Array<{ type: string; id: string; error: string }> = [];
+
+    try {
+      const { data: records, error } = await getMct({ client: wellnessClient, query });
+      if (error || !records) throw new Error(error ? JSON.stringify(error) : "No data");
+      for (const record of records) {
+        try {
+          const data = transformMenstrualCycleTracking(record);
+          await ctx.runMutation(api.public.ingestMenstruation, { connectionId, userId: args.userId, ...data });
+          synced.menstruation++;
+        } catch (err) {
+          errors.push({ type: "menstruation", id: record.summaryId ?? record.periodStartDate ?? "unknown", error: err instanceof Error ? err.message : String(err) });
+        }
+      }
+    } catch (err) {
+      errors.push({ type: "menstruation", id: "fetch", error: err instanceof Error ? err.message : String(err) });
+    }
+
+    await ctx.runMutation(api.public.updateConnection, { connectionId, lastDataUpdate: new Date().toISOString() });
+    return { synced, errors };
+  },
+});
+
+export const pullBloodPressures = action({
+  args: {
+    userId: v.string(),
+    clientId: v.string(),
+    clientSecret: v.string(),
+    startTimeInSeconds: v.optional(v.number()),
+    endTimeInSeconds: v.optional(v.number()),
+  },
+  handler: async (ctx, args) => {
+    const { connectionId, accessToken } = await ctx.runAction(
+      internal.garmin.private.resolveConnectionAndAccessToken,
+      { userId: args.userId, clientId: args.clientId, clientSecret: args.clientSecret },
+    );
+
+    const query = buildTimeRangeQuery(args, accessToken);
+    const wellnessClient = createWellnessClient(accessToken);
+    const synced = { bloodPressures: 0 };
+    const errors: Array<{ type: string; id: string; error: string }> = [];
+
+    try {
+      const { data: bpRecords, error } = await getBloodPressures({ client: wellnessClient, query });
+      if (error || !bpRecords) throw new Error(error ? JSON.stringify(error) : "No data");
+      for (const bp of bpRecords) {
+        try {
+          const data = transformBloodPressure(bp);
+          if (!data) continue;
+          await ctx.runMutation(api.public.ingestBody, { connectionId, userId: args.userId, ...data });
+          synced.bloodPressures++;
+        } catch (err) {
+          errors.push({ type: "bloodPressure", id: bp.summaryId ?? String(bp.measurementTimeInSeconds), error: err instanceof Error ? err.message : String(err) });
+        }
+      }
+    } catch (err) {
+      errors.push({ type: "bloodPressure", id: "fetch", error: err instanceof Error ? err.message : String(err) });
+    }
+
+    await ctx.runMutation(api.public.updateConnection, { connectionId, lastDataUpdate: new Date().toISOString() });
+    return { synced, errors };
+  },
+});
+
+export const pullSkinTemperature = action({
+  args: {
+    userId: v.string(),
+    clientId: v.string(),
+    clientSecret: v.string(),
+    startTimeInSeconds: v.optional(v.number()),
+    endTimeInSeconds: v.optional(v.number()),
+  },
+  handler: async (ctx, args) => {
+    const { connectionId, accessToken } = await ctx.runAction(
+      internal.garmin.private.resolveConnectionAndAccessToken,
+      { userId: args.userId, clientId: args.clientId, clientSecret: args.clientSecret },
+    );
+
+    const query = buildTimeRangeQuery(args, accessToken);
+    const wellnessClient = createWellnessClient(accessToken);
+    const synced = { skinTemp: 0 };
+    const errors: Array<{ type: string; id: string; error: string }> = [];
+
+    try {
+      const { data: skinRecords, error } = await getSkinTemp({ client: wellnessClient, query });
+      if (error || !skinRecords) throw new Error(error ? JSON.stringify(error) : "No data");
+      for (const skin of skinRecords) {
+        try {
+          const data = transformSkinTemperature(skin);
+          if (!data) continue;
+          await ctx.runMutation(api.public.ingestBody, { connectionId, userId: args.userId, ...data });
+          synced.skinTemp++;
+        } catch (err) {
+          errors.push({ type: "skinTemp", id: skin.summaryId ?? skin.calendarDate ?? "unknown", error: err instanceof Error ? err.message : String(err) });
+        }
+      }
+    } catch (err) {
+      errors.push({ type: "skinTemp", id: "fetch", error: err instanceof Error ? err.message : String(err) });
+    }
+
+    await ctx.runMutation(api.public.updateConnection, { connectionId, lastDataUpdate: new Date().toISOString() });
+    return { synced, errors };
+  },
+});
+
+export const pullUserMetrics = action({
+  args: {
+    userId: v.string(),
+    clientId: v.string(),
+    clientSecret: v.string(),
+    startTimeInSeconds: v.optional(v.number()),
+    endTimeInSeconds: v.optional(v.number()),
+  },
+  handler: async (ctx, args) => {
+    const { connectionId, accessToken } = await ctx.runAction(
+      internal.garmin.private.resolveConnectionAndAccessToken,
+      { userId: args.userId, clientId: args.clientId, clientSecret: args.clientSecret },
+    );
+
+    const query = buildTimeRangeQuery(args, accessToken);
+    const wellnessClient = createWellnessClient(accessToken);
+    const synced = { userMetrics: 0 };
+    const errors: Array<{ type: string; id: string; error: string }> = [];
+
+    try {
+      const { data: metricsRecords, error } = await getUserMetrics({ client: wellnessClient, query });
+      if (error || !metricsRecords) throw new Error(error ? JSON.stringify(error) : "No data");
+      for (const metrics of metricsRecords) {
+        try {
+          const data = transformUserMetrics(metrics);
+          if (!data) continue;
+          await ctx.runMutation(api.public.ingestBody, { connectionId, userId: args.userId, ...data });
+          synced.userMetrics++;
+        } catch (err) {
+          errors.push({ type: "userMetrics", id: metrics.summaryId ?? metrics.calendarDate ?? "unknown", error: err instanceof Error ? err.message : String(err) });
+        }
+      }
+    } catch (err) {
+      errors.push({ type: "userMetrics", id: "fetch", error: err instanceof Error ? err.message : String(err) });
+    }
+
+    await ctx.runMutation(api.public.updateConnection, { connectionId, lastDataUpdate: new Date().toISOString() });
+    return { synced, errors };
+  },
+});
+
+export const pullHRV = action({
+  args: {
+    userId: v.string(),
+    clientId: v.string(),
+    clientSecret: v.string(),
+    startTimeInSeconds: v.optional(v.number()),
+    endTimeInSeconds: v.optional(v.number()),
+  },
+  handler: async (ctx, args) => {
+    const { connectionId, accessToken } = await ctx.runAction(
+      internal.garmin.private.resolveConnectionAndAccessToken,
+      { userId: args.userId, clientId: args.clientId, clientSecret: args.clientSecret },
+    );
+
+    const query = buildTimeRangeQuery(args, accessToken);
+    const wellnessClient = createWellnessClient(accessToken);
+    const synced = { hrv: 0 };
+    const errors: Array<{ type: string; id: string; error: string }> = [];
+
+    try {
+      const { data: hrvRecords, error } = await getHrv({ client: wellnessClient, query });
+      if (error || !hrvRecords) throw new Error(error ? JSON.stringify(error) : "No data");
+      for (const hrv of hrvRecords) {
+        try {
+          const data = transformHRVSummary(hrv);
+          if (!data) continue;
+          await ctx.runMutation(api.public.ingestDaily, { connectionId, userId: args.userId, ...data });
+          synced.hrv++;
+        } catch (err) {
+          errors.push({ type: "hrv", id: hrv.summaryId ?? hrv.calendarDate ?? "unknown", error: err instanceof Error ? err.message : String(err) });
+        }
+      }
+    } catch (err) {
+      errors.push({ type: "hrv", id: "fetch", error: err instanceof Error ? err.message : String(err) });
+    }
+
+    await ctx.runMutation(api.public.updateConnection, { connectionId, lastDataUpdate: new Date().toISOString() });
+    return { synced, errors };
+  },
+});
+
+export const pullStressDetails = action({
+  args: {
+    userId: v.string(),
+    clientId: v.string(),
+    clientSecret: v.string(),
+    startTimeInSeconds: v.optional(v.number()),
+    endTimeInSeconds: v.optional(v.number()),
+  },
+  handler: async (ctx, args) => {
+    const { connectionId, accessToken } = await ctx.runAction(
+      internal.garmin.private.resolveConnectionAndAccessToken,
+      { userId: args.userId, clientId: args.clientId, clientSecret: args.clientSecret },
+    );
+
+    const query = buildTimeRangeQuery(args, accessToken);
+    const wellnessClient = createWellnessClient(accessToken);
+    const synced = { stressDetails: 0 };
+    const errors: Array<{ type: string; id: string; error: string }> = [];
+
+    try {
+      const { data: stressRecords, error } = await getStressDetails({ client: wellnessClient, query });
+      if (error || !stressRecords) throw new Error(error ? JSON.stringify(error) : "No data");
+      for (const stress of stressRecords) {
+        try {
+          const data = transformStress(stress);
+          if (!data) continue;
+          await ctx.runMutation(api.public.ingestDaily, { connectionId, userId: args.userId, ...data });
+          synced.stressDetails++;
+        } catch (err) {
+          errors.push({ type: "stressDetails", id: stress.summaryId ?? stress.calendarDate ?? "unknown", error: err instanceof Error ? err.message : String(err) });
+        }
+      }
+    } catch (err) {
+      errors.push({ type: "stressDetails", id: "fetch", error: err instanceof Error ? err.message : String(err) });
+    }
+
+    await ctx.runMutation(api.public.updateConnection, { connectionId, lastDataUpdate: new Date().toISOString() });
+    return { synced, errors };
+  },
+});
+
+export const pullPulseOx = action({
+  args: {
+    userId: v.string(),
+    clientId: v.string(),
+    clientSecret: v.string(),
+    startTimeInSeconds: v.optional(v.number()),
+    endTimeInSeconds: v.optional(v.number()),
+  },
+  handler: async (ctx, args) => {
+    const { connectionId, accessToken } = await ctx.runAction(
+      internal.garmin.private.resolveConnectionAndAccessToken,
+      { userId: args.userId, clientId: args.clientId, clientSecret: args.clientSecret },
+    );
+
+    const query = buildTimeRangeQuery(args, accessToken);
+    const wellnessClient = createWellnessClient(accessToken);
+    const synced = { pulseOx: 0 };
+    const errors: Array<{ type: string; id: string; error: string }> = [];
+
+    try {
+      const { data: pulseOxRecords, error } = await getPulseox({ client: wellnessClient, query });
+      if (error || !pulseOxRecords) throw new Error(error ? JSON.stringify(error) : "No data");
+      for (const po of pulseOxRecords) {
+        try {
+          const data = transformPulseOx(po);
+          if (!data) continue;
+          await ctx.runMutation(api.public.ingestDaily, { connectionId, userId: args.userId, ...data });
+          synced.pulseOx++;
+        } catch (err) {
+          errors.push({ type: "pulseOx", id: po.summaryId ?? po.calendarDate ?? "unknown", error: err instanceof Error ? err.message : String(err) });
+        }
+      }
+    } catch (err) {
+      errors.push({ type: "pulseOx", id: "fetch", error: err instanceof Error ? err.message : String(err) });
+    }
+
+    await ctx.runMutation(api.public.updateConnection, { connectionId, lastDataUpdate: new Date().toISOString() });
+    return { synced, errors };
+  },
+});
+
+export const pullRespiration = action({
+  args: {
+    userId: v.string(),
+    clientId: v.string(),
+    clientSecret: v.string(),
+    startTimeInSeconds: v.optional(v.number()),
+    endTimeInSeconds: v.optional(v.number()),
+  },
+  handler: async (ctx, args) => {
+    const { connectionId, accessToken } = await ctx.runAction(
+      internal.garmin.private.resolveConnectionAndAccessToken,
+      { userId: args.userId, clientId: args.clientId, clientSecret: args.clientSecret },
+    );
+
+    const query = buildTimeRangeQuery(args, accessToken);
+    const wellnessClient = createWellnessClient(accessToken);
+    const synced = { respiration: 0 };
+    const errors: Array<{ type: string; id: string; error: string }> = [];
+
+    try {
+      const { data: respRecords, error } = await getRespiration({ client: wellnessClient, query });
+      if (error || !respRecords) throw new Error(error ? JSON.stringify(error) : "No data");
+      for (const resp of respRecords) {
+        try {
+          const data = transformRespiration(resp);
+          if (!data) continue;
+          await ctx.runMutation(api.public.ingestDaily, { connectionId, userId: args.userId, ...data });
+          synced.respiration++;
+        } catch (err) {
+          errors.push({ type: "respiration", id: resp.summaryId ?? "unknown", error: err instanceof Error ? err.message : String(err) });
+        }
+      }
+    } catch (err) {
+      errors.push({ type: "respiration", id: "fetch", error: err instanceof Error ? err.message : String(err) });
+    }
+
+    await ctx.runMutation(api.public.updateConnection, { connectionId, lastDataUpdate: new Date().toISOString() });
+    return { synced, errors };
+  },
+});
+
+export const pullAll = action({
+  args: {
+    userId: v.string(),
+    clientId: v.string(),
+    clientSecret: v.string(),
+    startTimeInSeconds: v.optional(v.number()),
+    endTimeInSeconds: v.optional(v.number()),
+  },
+  handler: async (ctx, args) => {
+    const sharedArgs = {
+      userId: args.userId,
+      clientId: args.clientId,
+      clientSecret: args.clientSecret,
+      startTimeInSeconds: args.startTimeInSeconds,
+      endTimeInSeconds: args.endTimeInSeconds,
+    };
+    const pullFns = [
+      { ref: api.garmin.public.pullActivities, name: "activities" },
+      { ref: api.garmin.public.pullDailies, name: "dailies" },
+      { ref: api.garmin.public.pullSleep, name: "sleep" },
+      { ref: api.garmin.public.pullBody, name: "body" },
+      { ref: api.garmin.public.pullMenstruation, name: "menstruation" },
+      { ref: api.garmin.public.pullBloodPressures, name: "bloodPressures" },
+      { ref: api.garmin.public.pullSkinTemperature, name: "skinTemp" },
+      { ref: api.garmin.public.pullUserMetrics, name: "userMetrics" },
+      { ref: api.garmin.public.pullHRV, name: "hrv" },
+      { ref: api.garmin.public.pullStressDetails, name: "stressDetails" },
+      { ref: api.garmin.public.pullPulseOx, name: "pulseOx" },
+      { ref: api.garmin.public.pullRespiration, name: "respiration" },
+    ];
+    const synced: Record<string, number> = {};
+    const errors: Array<{ type: string; id: string; error: string }> = [];
+    for (const { ref, name } of pullFns) {
+      try {
+        const result = await ctx.runAction(ref, sharedArgs);
+        Object.assign(synced, result.synced);
+        errors.push(...result.errors);
+      } catch (err) {
+        errors.push({
+          type: name,
+          id: "pull",
+          error: err instanceof Error ? err.message : String(err),
         });
-      } catch (refreshErr) {
-        throw new Error(
-          `Garmin token refresh failed: ${refreshErr instanceof Error ? refreshErr.message : String(refreshErr)}. ` +
-          "The user may need to reconnect their Garmin account.",
-        );
       }
     }
+    return { synced, errors };
+  },
+});
+/**
+ * Incremental Garmin sync for an already-connected user.
+ *
+ * Looks up the stored tokens, refreshes if expired, and syncs all data
+ * types for the specified time range (defaults to last 30 days).
+ */
 
-    const plannedWorkout: Doc<"plannedWorkouts"> | null = await ctx.runQuery(
-      api.public.getPlannedWorkout,
-      { plannedWorkoutId: args.plannedWorkoutId as never },
+export const syncGarmin = action({
+  args: {
+    userId: v.string(),
+    clientId: v.string(),
+    clientSecret: v.string(),
+    startTimeInSeconds: v.optional(v.number()),
+    endTimeInSeconds: v.optional(v.number()),
+  },
+  handler: async (ctx, args): Promise<{
+    synced: Record<string, number>;
+    errors: Array<{ type: string; id: string; error: string }>;
+  }> => {
+    const connection: Doc<"connections"> | null = await ctx.runQuery(
+      internal.private.getConnectionByProvider,
+      { userId: args.userId, provider: "GARMIN" },
     );
-    if (!plannedWorkout) {
+    if (!connection) {
       throw new Error(
-        `Planned workout "${args.plannedWorkoutId}" not found.`,
+        `No Garmin connection found for user "${args.userId}". ` +
+        "Connect to Garmin first via getGarminAuthUrl.",
+      );
+    }
+    if (!connection.active) {
+      throw new Error(
+        `Garmin connection for user "${args.userId}" is inactive. Reconnect first.`,
       );
     }
 
-    const providerName = args.workoutProvider ?? "Soma";
-    const garminWorkout = transformPlannedWorkoutToGarmin(
-      plannedWorkout,
-      providerName,
-    );
-
-    const trainingClient = createTrainingClient(accessToken);
+    const connectionId = connection._id;
 
-    const { data: created, error: createError } = await sdkCreateWorkoutV2({
-      client: trainingClient,
-      body: garminWorkout,
+    const tokenDoc: Doc<"providerTokens"> | null = await ctx.runQuery(internal.garmin.private.getTokens, {
+      connectionId,
     });
-    if (createError || !created) {
+    if (!tokenDoc) {
       throw new Error(
-        `Garmin API error creating workout: ${createError ? JSON.stringify(createError) : "No data"}`,
+        "No Garmin tokens found for this connection. " +
+        "The connection may have been created before token storage was available.",
       );
     }
 
-    if (!created.workoutId) {
-      throw new Error("Garmin API did not return a workoutId after creation.");
-    }
+    let accessToken = tokenDoc.accessToken;
 
-    let garminScheduleId: number | null = null;
+    // Refresh the token if it's expired or about to expire
+    const nowSeconds = Math.floor(Date.now() / 1000);
+    if (
+      tokenDoc.expiresAt &&
+      tokenDoc.refreshToken &&
+      nowSeconds >= tokenDoc.expiresAt - REFRESH_BUFFER_SECONDS
+    ) {
+      const refreshed = await refreshToken({
+        clientId: args.clientId,
+        clientSecret: args.clientSecret,
+        refreshToken: tokenDoc.refreshToken,
+      });
 
-    const plannedDate = plannedWorkout.metadata?.planned_date;
-    if (plannedDate) {
-      const { data: scheduleId, error: scheduleError } = await sdkCreateWorkoutSchedule({
-        client: trainingClient,
-        body: { workoutId: Number(created.workoutId), date: plannedDate },
+      accessToken = refreshed.access_token;
+      const newExpiresAt = nowSeconds + refreshed.expires_in;
+      const _refreshed: null = await ctx.runMutation(internal.garmin.private.storeTokens, {
+        connectionId,
+        accessToken: refreshed.access_token,
+        refreshToken: refreshed.refresh_token,
+        expiresAt: newExpiresAt,
       });
-      if (scheduleError) {
-        throw new Error(
-          `Garmin API error creating schedule: ${JSON.stringify(scheduleError)}`,
-        );
-      }
-      garminScheduleId = scheduleId ?? null;
     }
 
-    // Store the Garmin workout/schedule IDs back on the planned workout
-    // so the host app can match completed activities to planned sessions.
-    const _ingested: Id<"plannedWorkouts"> = await ctx.runMutation(api.public.ingestPlannedWorkout, {
-      ...plannedWorkout,
-      _id: undefined,
-      _creationTime: undefined,
-      metadata: {
-        ...plannedWorkout.metadata,
-        provider_workout_id: String(created.workoutId),
-        provider_schedule_id:
-          garminScheduleId != null ? String(garminScheduleId) : undefined,
-      },
-    } as never);
+    // Lazy backfill: resolve Garmin user ID if missing (for webhook mapping)
+    if (!connection.providerUserId) {
+      const wellnessClient = createWellnessClient(accessToken);
+      const { data: userIdData } = await sdkUserId({ client: wellnessClient });
+      const garminUserId = userIdData?.userId ?? null;
+      if (garminUserId) {
+        const _updated: null = await ctx.runMutation(api.public.updateConnection, {
+          connectionId,
+          providerUserId: garminUserId,
+        });
+      }
+    }
 
-    return {
-      garminWorkoutId: created.workoutId,
-      garminScheduleId,
+    const now = Math.floor(Date.now() / 1000);
+    const timeRange = {
+      uploadStartTimeInSeconds:
+        args.startTimeInSeconds ?? now - DEFAULT_SYNC_DAYS * 86400,
+      uploadEndTimeInSeconds: args.endTimeInSeconds ?? now,
     };
+
+    const result = await ctx.runAction(api.garmin.public.syncAllTypes, {
+      accessToken,
+      connectionId,
+      userId: args.userId,
+      uploadStartTimeInSeconds: timeRange.uploadStartTimeInSeconds,
+      uploadEndTimeInSeconds: timeRange.uploadEndTimeInSeconds,
+    });
+
+    const _updated: null = await ctx.runMutation(api.public.updateConnection, {
+      connectionId,
+      lastDataUpdate: new Date().toISOString(),
+    });
+
+    return result;
   },
 });
 
-// ─── Sync Engine ────────────────────────────────────────────────────────────
-
 /**
  * Fetch and ingest all Garmin wellness data types for a time range.
  *
- * Called by the public actions (connectGarmin, completeGarminOAuth, syncGarmin)
+ * Called by syncGarmin after obtaining a valid access token.
  * after obtaining a valid access token.
  */
 export const syncAllTypes = action({
@@ -947,3 +1258,149 @@ export const syncAllTypes = action({
   },
 });
 
+// ─── Push ───────────────────────────────────────────────────────────────────
+
+/**
+ * Push a planned workout from Soma's DB to Garmin Connect.
+ *
+ * Reads the planned workout document, transforms it to Garmin Training API V2
+ * format, creates the workout at Garmin, and optionally schedules it if a
+ * `planned_date` is set in the metadata.
+ *
+ * Returns the Garmin workout ID and schedule ID (if scheduled).
+ */
+export const pushPlannedWorkout = action({
+  args: {
+    userId: v.string(),
+    clientId: v.string(),
+    clientSecret: v.string(),
+    plannedWorkoutId: v.string(),
+    workoutProvider: v.optional(v.string()),
+  },
+  handler: async (ctx, args): Promise<{ garminWorkoutId: number; garminScheduleId: number | null }> => {
+    const connection: Doc<"connections"> | null = await ctx.runQuery(
+      internal.private.getConnectionByProvider,
+      { userId: args.userId, provider: "GARMIN" },
+    );
+    if (!connection) {
+      throw new Error(
+        `No Garmin connection found for user "${args.userId}". ` +
+        "Connect to Garmin first via getGarminAuthUrl.",
+      );
+    }
+    if (!connection.active) {
+      throw new Error(
+        `Garmin connection for user "${args.userId}" is inactive. Reconnect first.`,
+      );
+    }
+
+    const connectionId = connection._id;
+
+    const tokenDoc: Doc<"providerTokens"> | null = await ctx.runQuery(internal.garmin.private.getTokens, {
+      connectionId,
+    });
+    if (!tokenDoc) {
+      throw new Error(
+        "No Garmin tokens found for this connection. " +
+        "The connection may have been created before token storage was available.",
+      );
+    }
+
+    // Always force-refresh the token for Training API calls to rule out
+    // stale tokens (the initial sync swallows 401 errors silently).
+    let accessToken = tokenDoc.accessToken;
+
+    if (tokenDoc.refreshToken) {
+      try {
+        const refreshed = await refreshToken({
+          clientId: args.clientId,
+          clientSecret: args.clientSecret,
+          refreshToken: tokenDoc.refreshToken,
+        });
+
+        accessToken = refreshed.access_token;
+        const nowSeconds = Math.floor(Date.now() / 1000);
+        const newExpiresAt = nowSeconds + refreshed.expires_in;
+        const _refreshed: null = await ctx.runMutation(internal.garmin.private.storeTokens, {
+          connectionId,
+          accessToken: refreshed.access_token,
+          refreshToken: refreshed.refresh_token,
+          expiresAt: newExpiresAt,
+        });
+      } catch (refreshErr) {
+        throw new Error(
+          `Garmin token refresh failed: ${refreshErr instanceof Error ? refreshErr.message : String(refreshErr)}. ` +
+          "The user may need to reconnect their Garmin account.",
+        );
+      }
+    }
+
+    const plannedWorkout: Doc<"plannedWorkouts"> | null = await ctx.runQuery(
+      api.public.getPlannedWorkout,
+      { plannedWorkoutId: args.plannedWorkoutId as never },
+    );
+    if (!plannedWorkout) {
+      throw new Error(
+        `Planned workout "${args.plannedWorkoutId}" not found.`,
+      );
+    }
+
+    const providerName = args.workoutProvider ?? "Soma";
+    const garminWorkout = transformPlannedWorkoutToGarmin(
+      plannedWorkout,
+      providerName,
+    );
+
+    const trainingClient = createTrainingClient(accessToken);
+
+    const { data: created, error: createError } = await sdkCreateWorkoutV2({
+      client: trainingClient,
+      body: garminWorkout,
+    });
+    if (createError || !created) {
+      throw new Error(
+        `Garmin API error creating workout: ${createError ? JSON.stringify(createError) : "No data"}`,
+      );
+    }
+
+    if (!created.workoutId) {
+      throw new Error("Garmin API did not return a workoutId after creation.");
+    }
+
+    let garminScheduleId: number | null = null;
+
+    const plannedDate = plannedWorkout.metadata?.planned_date;
+    if (plannedDate) {
+      const { data: scheduleId, error: scheduleError } = await sdkCreateWorkoutSchedule({
+        client: trainingClient,
+        body: { workoutId: Number(created.workoutId), date: plannedDate },
+      });
+      if (scheduleError) {
+        throw new Error(
+          `Garmin API error creating schedule: ${JSON.stringify(scheduleError)}`,
+        );
+      }
+      garminScheduleId = scheduleId ?? null;
+    }
+
+    // Store the Garmin workout/schedule IDs back on the planned workout
+    // so the host app can match completed activities to planned sessions.
+    const _ingested: Id<"plannedWorkouts"> = await ctx.runMutation(api.public.ingestPlannedWorkout, {
+      ...plannedWorkout,
+      _id: undefined,
+      _creationTime: undefined,
+      metadata: {
+        ...plannedWorkout.metadata,
+        provider_workout_id: String(created.workoutId),
+        provider_schedule_id:
+          garminScheduleId != null ? String(garminScheduleId) : undefined,
+      },
+    } as never);
+
+    return {
+      garminWorkoutId: created.workoutId,
+      garminScheduleId,
+    };
+  },
+});
+