shared-things-server 1.0.0

package/dist/cli.js

@@ -0,0 +1,745 @@
+#!/usr/bin/env node
+
+// src/cli.ts
+import { Command } from "commander";
+import { input, confirm } from "@inquirer/prompts";
+import chalk from "chalk";
+
+// src/db.ts
+import Database from "better-sqlite3";
+import * as path from "path";
+import * as os from "os";
+import * as fs from "fs";
+import * as crypto from "crypto";
+var DATA_DIR = process.env.DATA_DIR || path.join(os.homedir(), ".shared-things-server");
+var DB_PATH = path.join(DATA_DIR, "data.db");
+function initDatabase() {
+  if (!fs.existsSync(DATA_DIR)) {
+    fs.mkdirSync(DATA_DIR, { recursive: true });
+  }
+  const db = new Database(DB_PATH);
+  db.pragma("journal_mode = WAL");
+  db.exec(`
+    -- Users table
+    CREATE TABLE IF NOT EXISTS users (
+      id TEXT PRIMARY KEY,
+      name TEXT NOT NULL,
+      api_key_hash TEXT NOT NULL UNIQUE,
+      created_at TEXT NOT NULL DEFAULT (datetime('now'))
+    );
+
+    -- Headings table
+    CREATE TABLE IF NOT EXISTS headings (
+      id TEXT PRIMARY KEY,
+      things_id TEXT NOT NULL UNIQUE,
+      title TEXT NOT NULL,
+      position INTEGER NOT NULL DEFAULT 0,
+      updated_at TEXT NOT NULL DEFAULT (datetime('now')),
+      updated_by TEXT NOT NULL REFERENCES users(id),
+      created_at TEXT NOT NULL DEFAULT (datetime('now'))
+    );
+
+    -- Todos table
+    CREATE TABLE IF NOT EXISTS todos (
+      id TEXT PRIMARY KEY,
+      things_id TEXT NOT NULL UNIQUE,
+      title TEXT NOT NULL,
+      notes TEXT NOT NULL DEFAULT '',
+      due_date TEXT,
+      tags TEXT NOT NULL DEFAULT '[]',
+      status TEXT NOT NULL DEFAULT 'open' CHECK (status IN ('open', 'completed', 'canceled')),
+      heading_id TEXT REFERENCES headings(id) ON DELETE SET NULL,
+      position INTEGER NOT NULL DEFAULT 0,
+      updated_at TEXT NOT NULL DEFAULT (datetime('now')),
+      updated_by TEXT NOT NULL REFERENCES users(id),
+      created_at TEXT NOT NULL DEFAULT (datetime('now'))
+    );
+
+    -- Deleted items tracking (for sync)
+    CREATE TABLE IF NOT EXISTS deleted_items (
+      id TEXT PRIMARY KEY,
+      things_id TEXT NOT NULL,
+      item_type TEXT NOT NULL CHECK (item_type IN ('todo', 'heading')),
+      deleted_at TEXT NOT NULL DEFAULT (datetime('now')),
+      deleted_by TEXT NOT NULL REFERENCES users(id)
+    );
+
+    -- Indexes
+    CREATE INDEX IF NOT EXISTS idx_todos_updated ON todos(updated_at);
+    CREATE INDEX IF NOT EXISTS idx_headings_updated ON headings(updated_at);
+    CREATE INDEX IF NOT EXISTS idx_deleted_at ON deleted_items(deleted_at);
+  `);
+  return db;
+}
+function userExists(db, name) {
+  const row = db.prepare(`SELECT 1 FROM users WHERE name = ?`).get(name);
+  return !!row;
+}
+function createUser(db, name) {
+  if (userExists(db, name)) {
+    throw new Error(`User "${name}" already exists`);
+  }
+  const id = crypto.randomUUID();
+  const apiKey = crypto.randomBytes(32).toString("hex");
+  const apiKeyHash = crypto.createHash("sha256").update(apiKey).digest("hex");
+  db.prepare(`
+    INSERT INTO users (id, name, api_key_hash)
+    VALUES (?, ?, ?)
+  `).run(id, name, apiKeyHash);
+  return { id, apiKey };
+}
+function getUserByApiKey(db, apiKey) {
+  const apiKeyHash = crypto.createHash("sha256").update(apiKey).digest("hex");
+  const row = db.prepare(`
+    SELECT id, name FROM users WHERE api_key_hash = ?
+  `).get(apiKeyHash);
+  return row || null;
+}
+function listUsers(db) {
+  return db.prepare(`
+    SELECT id, name, created_at as createdAt FROM users
+  `).all();
+}
+function getAllHeadings(db) {
+  return db.prepare(`
+    SELECT
+      id, things_id as thingsId, title, position,
+      updated_at as updatedAt, updated_by as updatedBy, created_at as createdAt
+    FROM headings
+    ORDER BY position
+  `).all();
+}
+function getHeadingsSince(db, since) {
+  return db.prepare(`
+    SELECT
+      id, things_id as thingsId, title, position,
+      updated_at as updatedAt, updated_by as updatedBy, created_at as createdAt
+    FROM headings
+    WHERE updated_at > ?
+    ORDER BY position
+  `).all(since);
+}
+function upsertHeading(db, thingsId, title, position, userId) {
+  const now = (/* @__PURE__ */ new Date()).toISOString();
+  const existing = db.prepare(`SELECT id FROM headings WHERE things_id = ?`).get(thingsId);
+  if (existing) {
+    db.prepare(`
+      UPDATE headings
+      SET title = ?, position = ?, updated_at = ?, updated_by = ?
+      WHERE things_id = ?
+    `).run(title, position, now, userId, thingsId);
+    return existing.id;
+  } else {
+    const id = crypto.randomUUID();
+    db.prepare(`
+      INSERT INTO headings (id, things_id, title, position, updated_at, updated_by, created_at)
+      VALUES (?, ?, ?, ?, ?, ?, ?)
+    `).run(id, thingsId, title, position, now, userId, now);
+    return id;
+  }
+}
+function deleteHeading(db, thingsId, userId) {
+  const existing = db.prepare(`SELECT id FROM headings WHERE things_id = ?`).get(thingsId);
+  if (!existing) return false;
+  const now = (/* @__PURE__ */ new Date()).toISOString();
+  const deleteId = crypto.randomUUID();
+  db.prepare(`
+    INSERT INTO deleted_items (id, things_id, item_type, deleted_at, deleted_by)
+    VALUES (?, ?, 'heading', ?, ?)
+  `).run(deleteId, thingsId, now, userId);
+  db.prepare(`DELETE FROM headings WHERE things_id = ?`).run(thingsId);
+  return true;
+}
+function getAllTodos(db) {
+  const rows = db.prepare(`
+    SELECT
+      id, things_id as thingsId, title, notes, due_date as dueDate,
+      tags, status, heading_id as headingId, position,
+      updated_at as updatedAt, updated_by as updatedBy, created_at as createdAt
+    FROM todos
+    ORDER BY position
+  `).all();
+  return rows.map((row) => ({
+    ...row,
+    tags: JSON.parse(row.tags)
+  }));
+}
+function getTodosSince(db, since) {
+  const rows = db.prepare(`
+    SELECT
+      id, things_id as thingsId, title, notes, due_date as dueDate,
+      tags, status, heading_id as headingId, position,
+      updated_at as updatedAt, updated_by as updatedBy, created_at as createdAt
+    FROM todos
+    WHERE updated_at > ?
+    ORDER BY position
+  `).all(since);
+  return rows.map((row) => ({
+    ...row,
+    tags: JSON.parse(row.tags)
+  }));
+}
+function upsertTodoByServerId(db, serverId, data, userId) {
+  const now = (/* @__PURE__ */ new Date()).toISOString();
+  const tagsJson = JSON.stringify(data.tags);
+  if (serverId) {
+    const existing = db.prepare(`SELECT id FROM todos WHERE id = ?`).get(serverId);
+    if (existing) {
+      db.prepare(`
+        UPDATE todos
+        SET title = ?, notes = ?, due_date = ?, tags = ?, status = ?,
+            heading_id = ?, position = ?, updated_at = ?, updated_by = ?
+        WHERE id = ?
+      `).run(
+        data.title,
+        data.notes,
+        data.dueDate,
+        tagsJson,
+        data.status,
+        data.headingId,
+        data.position,
+        now,
+        userId,
+        serverId
+      );
+      return serverId;
+    }
+  }
+  const existingByThingsId = db.prepare(`SELECT id FROM todos WHERE things_id = ?`).get(data.thingsId);
+  if (existingByThingsId) {
+    db.prepare(`
+      UPDATE todos
+      SET title = ?, notes = ?, due_date = ?, tags = ?, status = ?,
+          heading_id = ?, position = ?, updated_at = ?, updated_by = ?
+      WHERE things_id = ?
+    `).run(
+      data.title,
+      data.notes,
+      data.dueDate,
+      tagsJson,
+      data.status,
+      data.headingId,
+      data.position,
+      now,
+      userId,
+      data.thingsId
+    );
+    return existingByThingsId.id;
+  }
+  const id = serverId || crypto.randomUUID();
+  db.prepare(`
+    INSERT INTO todos (id, things_id, title, notes, due_date, tags, status, heading_id, position, updated_at, updated_by, created_at)
+    VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
+  `).run(
+    id,
+    data.thingsId,
+    data.title,
+    data.notes,
+    data.dueDate,
+    tagsJson,
+    data.status,
+    data.headingId,
+    data.position,
+    now,
+    userId,
+    now
+  );
+  return id;
+}
+function deleteTodoByServerId(db, serverId, userId) {
+  const existing = db.prepare(`SELECT id, things_id FROM todos WHERE id = ?`).get(serverId);
+  if (!existing) return false;
+  const now = (/* @__PURE__ */ new Date()).toISOString();
+  const deleteId = crypto.randomUUID();
+  db.prepare(`
+    INSERT INTO deleted_items (id, things_id, item_type, deleted_at, deleted_by)
+    VALUES (?, ?, 'todo', ?, ?)
+  `).run(deleteId, serverId, now, userId);
+  db.prepare(`DELETE FROM todos WHERE id = ?`).run(serverId);
+  return true;
+}
+function getDeletedSince(db, since) {
+  const rows = db.prepare(`
+    SELECT things_id, item_type FROM deleted_items WHERE deleted_at > ?
+  `).all(since);
+  return {
+    todos: rows.filter((r) => r.item_type === "todo").map((r) => r.things_id),
+    headings: rows.filter((r) => r.item_type === "heading").map((r) => r.things_id)
+  };
+}
+function resetUserData(db, userId) {
+  const todoResult = db.prepare(`DELETE FROM todos WHERE updated_by = ?`).run(userId);
+  const headingResult = db.prepare(`DELETE FROM headings WHERE updated_by = ?`).run(userId);
+  db.prepare(`DELETE FROM deleted_items WHERE deleted_by = ?`).run(userId);
+  return {
+    deletedTodos: todoResult.changes,
+    deletedHeadings: headingResult.changes
+  };
+}
+
+// src/cli.ts
+import * as fs2 from "fs";
+import * as path2 from "path";
+import * as os2 from "os";
+import { spawn } from "child_process";
+import Fastify from "fastify";
+import cors from "@fastify/cors";
+
+// src/auth.ts
+function authMiddleware(db) {
+  return (request, reply, done) => {
+    if (request.url === "/health") {
+      return done();
+    }
+    const authHeader = request.headers.authorization;
+    if (!authHeader || !authHeader.startsWith("Bearer ")) {
+      reply.code(401).send({ error: "Missing or invalid authorization header", code: "UNAUTHORIZED" });
+      return;
+    }
+    const apiKey = authHeader.slice(7);
+    const user = getUserByApiKey(db, apiKey);
+    if (!user) {
+      reply.code(401).send({ error: "Invalid API key", code: "UNAUTHORIZED" });
+      return;
+    }
+    request.user = user;
+    done();
+  };
+}
+
+// src/routes.ts
+function registerRoutes(app, db) {
+  app.get("/health", async () => {
+    return { status: "ok", timestamp: (/* @__PURE__ */ new Date()).toISOString() };
+  });
+  app.get("/state", async (request) => {
+    const headings = getAllHeadings(db);
+    const todos = getAllTodos(db);
+    return {
+      headings,
+      todos,
+      syncedAt: (/* @__PURE__ */ new Date()).toISOString()
+    };
+  });
+  app.get("/delta", async (request) => {
+    const { since } = request.query;
+    if (!since) {
+      return { error: 'Missing "since" query parameter', code: "BAD_REQUEST" };
+    }
+    const headings = getHeadingsSince(db, since);
+    const todos = getTodosSince(db, since);
+    const deleted = getDeletedSince(db, since);
+    return {
+      headings: {
+        upserted: headings,
+        deleted: deleted.headings
+      },
+      todos: {
+        upserted: todos,
+        deleted: deleted.todos
+      },
+      syncedAt: (/* @__PURE__ */ new Date()).toISOString()
+    };
+  });
+  app.post("/push", async (request, reply) => {
+    const { headings, todos } = request.body;
+    const userId = request.user.id;
+    const conflicts = [];
+    try {
+      for (const thingsId of headings.deleted) {
+        deleteHeading(db, thingsId, userId);
+      }
+      for (const heading of headings.upserted) {
+        upsertHeading(db, heading.thingsId, heading.title, heading.position, userId);
+      }
+      for (const serverId of todos.deleted) {
+        deleteTodoByServerId(db, serverId, userId);
+      }
+      for (const todo of todos.upserted) {
+        let headingId = null;
+        if (todo.headingId) {
+          const headingRow = db.prepare(`SELECT id FROM headings WHERE things_id = ?`).get(todo.headingId);
+          headingId = headingRow?.id || null;
+        }
+        upsertTodoByServerId(db, todo.serverId, {
+          thingsId: todo.thingsId,
+          title: todo.title,
+          notes: todo.notes,
+          dueDate: todo.dueDate,
+          tags: todo.tags,
+          status: todo.status,
+          headingId,
+          position: todo.position
+        }, userId);
+      }
+    } catch (err) {
+      const error = err;
+      if (error.message?.includes("UNIQUE constraint failed")) {
+        reply.status(409);
+        return {
+          error: 'Sync conflict: Server has data that conflicts with your local state. Run "shared-things reset --server" to start fresh.',
+          code: "SYNC_CONFLICT"
+        };
+      }
+      throw err;
+    }
+    const currentHeadings = getAllHeadings(db);
+    const currentTodos = getAllTodos(db);
+    return {
+      state: {
+        headings: currentHeadings,
+        todos: currentTodos,
+        syncedAt: (/* @__PURE__ */ new Date()).toISOString()
+      },
+      conflicts
+    };
+  });
+  app.delete("/reset", async (request) => {
+    const userId = request.user.id;
+    const result = resetUserData(db, userId);
+    return {
+      success: true,
+      deleted: {
+        todos: result.deletedTodos,
+        headings: result.deletedHeadings
+      }
+    };
+  });
+}
+
+// src/cli.ts
+var DATA_DIR2 = process.env.DATA_DIR || path2.join(os2.homedir(), ".shared-things-server");
+var PID_FILE = path2.join(DATA_DIR2, "server.pid");
+var LOG_FILE = path2.join(DATA_DIR2, "server.log");
+function ensureDataDir() {
+  if (!fs2.existsSync(DATA_DIR2)) {
+    fs2.mkdirSync(DATA_DIR2, { recursive: true });
+  }
+}
+function isServerRunning() {
+  if (!fs2.existsSync(PID_FILE)) {
+    return { running: false };
+  }
+  const pid = parseInt(fs2.readFileSync(PID_FILE, "utf-8").trim(), 10);
+  try {
+    process.kill(pid, 0);
+    return { running: true, pid };
+  } catch {
+    fs2.unlinkSync(PID_FILE);
+    return { running: false };
+  }
+}
+var program = new Command();
+program.name("shared-things-server").description("Sync server for Things 3 projects").version("0.1.0");
+program.command("start").description("Start the sync server").option("-p, --port <port>", "Port to listen on", "3334").option("--host <host>", "Host to bind to", "0.0.0.0").option("-d, --detach", "Run server in background (detached mode)").action(async (options) => {
+  const PORT = parseInt(options.port, 10);
+  const HOST = options.host;
+  const isChildProcess = process.env.SHARED_THINGS_DETACHED === "1";
+  if (!isChildProcess) {
+    const status = isServerRunning();
+    if (status.running) {
+      console.log(chalk.yellow(`
+\u26A0\uFE0F  Server already running (PID: ${status.pid})`));
+      console.log(chalk.dim('Use "shared-things-server stop" to stop it first.\n'));
+      return;
+    }
+  }
+  if (options.detach) {
+    ensureDataDir();
+    const logFd = fs2.openSync(LOG_FILE, "a");
+    const scriptPath = process.argv[1];
+    const child = spawn(process.execPath, [scriptPath, "start", "--port", String(PORT), "--host", HOST], {
+      detached: true,
+      stdio: ["ignore", logFd, logFd],
+      env: { ...process.env, SHARED_THINGS_DETACHED: "1" }
+    });
+    fs2.writeFileSync(PID_FILE, String(child.pid));
+    child.unref();
+    fs2.closeSync(logFd);
+    console.log(chalk.green(`
+\u2705 Server started in background`));
+    console.log(`  ${chalk.dim("PID:")}  ${child.pid}`);
+    console.log(`  ${chalk.dim("URL:")}  http://${HOST}:${PORT}`);
+    console.log(`  ${chalk.dim("Logs:")} ${LOG_FILE}`);
+    console.log(chalk.dim('\nUse "shared-things-server logs -f" to follow logs'));
+    console.log(chalk.dim('Use "shared-things-server stop" to stop the server\n'));
+    return;
+  }
+  const db = initDatabase();
+  const app = Fastify({
+    logger: isChildProcess ? true : true
+  });
+  await app.register(cors, {
+    origin: true
+  });
+  app.addHook("preHandler", authMiddleware(db));
+  registerRoutes(app, db);
+  const shutdown = async () => {
+    console.log(chalk.dim("\nShutting down..."));
+    await app.close();
+    if (fs2.existsSync(PID_FILE)) {
+      fs2.unlinkSync(PID_FILE);
+    }
+    process.exit(0);
+  };
+  process.on("SIGTERM", shutdown);
+  process.on("SIGINT", shutdown);
+  try {
+    await app.listen({ port: PORT, host: HOST });
+    if (!process.env.SHARED_THINGS_DETACHED) {
+      console.log(chalk.green(`
+\u2705 Server running at http://${HOST}:${PORT}
+`));
+    }
+  } catch (err) {
+    app.log.error(err);
+    process.exit(1);
+  }
+});
+program.command("stop").description("Stop the background server").action(() => {
+  const status = isServerRunning();
+  if (!status.running) {
+    console.log(chalk.yellow("\n\u26A0\uFE0F  Server is not running.\n"));
+    return;
+  }
+  try {
+    process.kill(status.pid, "SIGTERM");
+    setTimeout(() => {
+      if (fs2.existsSync(PID_FILE)) {
+        fs2.unlinkSync(PID_FILE);
+      }
+    }, 500);
+    console.log(chalk.green(`
+\u2705 Server stopped (PID: ${status.pid})
+`));
+  } catch (err) {
+    console.log(chalk.red(`
+\u274C Failed to stop server: ${err}
+`));
+  }
+});
+program.command("status").description("Show server status").action(() => {
+  const status = isServerRunning();
+  console.log(chalk.bold("\n\u{1F4CA} Server Status\n"));
+  if (status.running) {
+    console.log(`  ${chalk.dim("Status:")} ${chalk.green("\u25CF running")}`);
+    console.log(`  ${chalk.dim("PID:")}    ${status.pid}`);
+  } else {
+    console.log(`  ${chalk.dim("Status:")} ${chalk.red("\u25CB stopped")}`);
+  }
+  if (fs2.existsSync(LOG_FILE)) {
+    const stats = fs2.statSync(LOG_FILE);
+    const sizeKB = Math.round(stats.size / 1024);
+    console.log(`  ${chalk.dim("Logs:")}   ${LOG_FILE} (${sizeKB}KB)`);
+  }
+  const dbPath = path2.join(DATA_DIR2, "data.db");
+  if (fs2.existsSync(dbPath)) {
+    const db = initDatabase();
+    const users = listUsers(db);
+    const todos = getAllTodos(db);
+    console.log(`  ${chalk.dim("Users:")}  ${users.length}`);
+    console.log(`  ${chalk.dim("Todos:")}  ${todos.length}`);
+  }
+  console.log();
+});
+program.command("logs").description("Show server logs").option("-f, --follow", "Follow log output").option("-n, --lines <count>", "Number of lines to show", "50").action((options) => {
+  if (!fs2.existsSync(LOG_FILE)) {
+    console.log(chalk.yellow("\nNo logs yet.\n"));
+    return;
+  }
+  if (options.follow) {
+    console.log(chalk.dim(`Following ${LOG_FILE}... (Ctrl+C to stop)
+`));
+    const tail = spawn("tail", ["-f", LOG_FILE], { stdio: "inherit" });
+    process.on("SIGINT", () => {
+      tail.kill();
+      process.exit(0);
+    });
+  } else {
+    const tail = spawn("tail", ["-n", options.lines, LOG_FILE], { stdio: "inherit" });
+    tail.on("close", () => process.exit(0));
+  }
+});
+program.command("create-user").description("Create a new user and generate API key").option("-n, --name <name>", "Username").action(async (options) => {
+  const db = initDatabase();
+  let name = options.name;
+  if (!name) {
+    console.log(chalk.bold("\n\u{1F464} Create New User\n"));
+    name = await input({
+      message: "Username",
+      validate: (value) => {
+        if (!value.trim()) return "Username is required";
+        if (userExists(db, value.trim())) return `User "${value.trim()}" already exists`;
+        return true;
+      }
+    });
+  }
+  if (userExists(db, name.trim())) {
+    console.log(chalk.red(`
+\u274C User "${name.trim()}" already exists.
+`));
+    process.exit(1);
+  }
+  const { id, apiKey } = createUser(db, name.trim());
+  console.log(chalk.green("\n\u2705 User created successfully!\n"));
+  console.log(`  ${chalk.dim("ID:")}       ${id}`);
+  console.log(`  ${chalk.dim("Name:")}     ${name}`);
+  console.log(`  ${chalk.dim("API Key:")}  ${chalk.cyan(apiKey)}`);
+  console.log(chalk.yellow("\n\u26A0\uFE0F  Save this API key - it cannot be retrieved later!\n"));
+});
+program.command("list-users").description("List all users").action(async () => {
+  const db = initDatabase();
+  const users = listUsers(db);
+  if (users.length === 0) {
+    console.log(chalk.yellow("\nNo users found.\n"));
+    console.log(chalk.dim("Create a user with: shared-things-server create-user\n"));
+  } else {
+    console.log(chalk.bold(`
+\u{1F465} Users (${users.length})
+`));
+    for (const user of users) {
+      console.log(`  ${chalk.white(user.name)} ${chalk.dim(`(${user.id})`)}`);
+      console.log(`    ${chalk.dim("Created:")} ${user.createdAt}`);
+    }
+    console.log();
+  }
+});
+program.command("delete-user").description("Delete a user").option("-n, --name <name>", "Username to delete").action(async (options) => {
+  const db = initDatabase();
+  const users = listUsers(db);
+  if (users.length === 0) {
+    console.log(chalk.yellow("\nNo users to delete.\n"));
+    return;
+  }
+  let name = options.name;
+  if (!name) {
+    console.log(chalk.bold("\n\u{1F5D1}\uFE0F  Delete User\n"));
+    console.log("Available users:");
+    for (const user2 of users) {
+      console.log(`  - ${user2.name}`);
+    }
+    console.log();
+    name = await input({
+      message: "Username to delete",
+      validate: (value) => {
+        if (!value.trim()) return "Username is required";
+        if (!users.find((u) => u.name === value.trim())) return "User not found";
+        return true;
+      }
+    });
+  }
+  const user = users.find((u) => u.name === name);
+  if (!user) {
+    console.log(chalk.red(`
+\u274C User "${name}" not found.
+`));
+    return;
+  }
+  const confirmed = await confirm({
+    message: `Delete user "${name}"? This will also delete all their data.`,
+    default: false
+  });
+  if (!confirmed) {
+    console.log(chalk.dim("Cancelled."));
+    return;
+  }
+  db.prepare("DELETE FROM todos WHERE updated_by = ?").run(user.id);
+  db.prepare("DELETE FROM headings WHERE updated_by = ?").run(user.id);
+  db.prepare("DELETE FROM deleted_items WHERE deleted_by = ?").run(user.id);
+  db.prepare("DELETE FROM users WHERE id = ?").run(user.id);
+  console.log(chalk.green(`
+\u2705 User "${name}" deleted.
+`));
+});
+program.command("list-todos").description("List all todos").option("-u, --user <name>", "Filter by username").action(async (options) => {
+  const db = initDatabase();
+  const todos = getAllTodos(db);
+  const users = listUsers(db);
+  const userMap = new Map(users.map((u) => [u.id, u.name]));
+  let filteredTodos = todos;
+  if (options.user) {
+    const user = users.find((u) => u.name === options.user);
+    if (!user) {
+      console.log(chalk.red(`
+\u274C User "${options.user}" not found.
+`));
+      return;
+    }
+    filteredTodos = todos.filter((t) => t.updatedBy === user.id);
+  }
+  if (filteredTodos.length === 0) {
+    console.log(chalk.yellow("\nNo todos found.\n"));
+    return;
+  }
+  const title = options.user ? `\u{1F4CB} Todos by ${options.user} (${filteredTodos.length})` : `\u{1F4CB} Todos (${filteredTodos.length})`;
+  console.log(chalk.bold(`
+${title}
+`));
+  for (const todo of filteredTodos) {
+    const userName = userMap.get(todo.updatedBy) || "unknown";
+    const statusIcon = todo.status === "completed" ? "\u2713" : todo.status === "canceled" ? "\u2717" : "\u25CB";
+    const statusColor = todo.status === "completed" ? chalk.green : todo.status === "canceled" ? chalk.red : chalk.white;
+    console.log(`  ${statusColor(statusIcon)} ${chalk.white(todo.title)}`);
+    if (todo.notes) {
+      const shortNotes = todo.notes.length > 50 ? todo.notes.substring(0, 50) + "..." : todo.notes;
+      console.log(`    ${chalk.dim("Notes:")} ${shortNotes}`);
+    }
+    if (todo.dueDate) {
+      console.log(`    ${chalk.dim("Due:")} ${todo.dueDate}`);
+    }
+    if (todo.tags && todo.tags.length > 0) {
+      console.log(`    ${chalk.dim("Tags:")} ${todo.tags.join(", ")}`);
+    }
+    console.log(`    ${chalk.dim("Status:")} ${todo.status} ${chalk.dim("|")} ${chalk.dim("By:")} ${userName} ${chalk.dim("|")} ${todo.updatedAt}`);
+    console.log();
+  }
+});
+program.command("reset").description("Delete all todos and headings (keeps users)").action(async () => {
+  const db = initDatabase();
+  const todos = getAllTodos(db);
+  const headings = getAllHeadings(db);
+  if (todos.length === 0 && headings.length === 0) {
+    console.log(chalk.yellow("\nNo data to reset.\n"));
+    return;
+  }
+  console.log(chalk.bold("\n\u{1F504} Reset Server Data\n"));
+  console.log(`  ${chalk.dim("Todos:")} ${todos.length}`);
+  console.log(`  ${chalk.dim("Headings:")} ${headings.length}`);
+  console.log();
+  const confirmed = await confirm({
+    message: "Delete all todos and headings? Users will be kept.",
+    default: false
+  });
+  if (!confirmed) {
+    console.log(chalk.dim("Cancelled."));
+    return;
+  }
+  db.prepare("DELETE FROM todos").run();
+  db.prepare("DELETE FROM headings").run();
+  db.prepare("DELETE FROM deleted_items").run();
+  console.log(chalk.green("\n\u2705 All todos and headings deleted. Users preserved.\n"));
+});
+program.command("purge").description("Delete entire database (all data including users)").action(async () => {
+  const dataDir = process.env.DATA_DIR || path2.join(os2.homedir(), ".shared-things-server");
+  const dbPath = path2.join(dataDir, "data.db");
+  if (!fs2.existsSync(dbPath)) {
+    console.log(chalk.yellow("\nNo database to purge.\n"));
+    return;
+  }
+  console.log(chalk.bold("\n\u26A0\uFE0F  Purge Server\n"));
+  console.log(`  ${chalk.dim("Database:")} ${dbPath}`);
+  console.log();
+  const confirmed = await confirm({
+    message: "Delete the entire database? This cannot be undone!",
+    default: false
+  });
+  if (!confirmed) {
+    console.log(chalk.dim("Cancelled."));
+    return;
+  }
+  fs2.unlinkSync(dbPath);
+  if (fs2.existsSync(dbPath + "-wal")) fs2.unlinkSync(dbPath + "-wal");
+  if (fs2.existsSync(dbPath + "-shm")) fs2.unlinkSync(dbPath + "-shm");
+  console.log(chalk.green('\n\u2705 Database deleted. Run "shared-things-server create-user" to start fresh.\n'));
+});
+program.parse();

package/package.json

@@ -0,0 +1,59 @@
+{
+  "name": "shared-things-server",
+  "version": "1.0.0",
+  "description": "Sync server for Things 3 projects",
+  "type": "module",
+  "main": "./dist/index.js",
+  "bin": {
+    "shared-things-server": "dist/cli.js"
+  },
+  "files": [
+    "dist"
+  ],
+  "scripts": {
+    "build": "tsup",
+    "dev": "tsx watch src/cli.ts start",
+    "prepublishOnly": "pnpm build"
+  },
+  "keywords": [
+    "things",
+    "things3",
+    "sync",
+    "server",
+    "macos",
+    "todo",
+    "productivity",
+    "collaboration",
+    "self-hosted",
+    "cli"
+  ],
+  "author": "yungweng",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/yungweng/shared-things.git"
+  },
+  "bugs": {
+    "url": "https://github.com/yungweng/shared-things/issues"
+  },
+  "homepage": "https://github.com/yungweng/shared-things#readme",
+  "engines": {
+    "node": ">=18"
+  },
+  "dependencies": {
+    "@fastify/cors": "^9.0.0",
+    "@inquirer/prompts": "^8.1.0",
+    "better-sqlite3": "^11.0.0",
+    "chalk": "^5.6.2",
+    "commander": "^12.0.0",
+    "fastify": "^4.26.0"
+  },
+  "devDependencies": {
+    "@shared-things/common": "workspace:*",
+    "@types/better-sqlite3": "^7.6.8",
+    "@types/node": "^20.0.0",
+    "tsup": "^8.5.1",
+    "tsx": "^4.7.0",
+    "typescript": "^5.3.0"
+  }
+}