shared-things-server 1.1.0 → 2.0.0

package/README.md

@@ -59,7 +59,7 @@ shared-things init
 ### After Setup
 
 ```bash
-shared-things install   # Start daemon (auto-runs on login)
+shared-things start     # Start daemon (auto-runs on login)
 shared-things status    # Check sync status
 shared-things logs -f   # Follow sync logs
 ```
@@ -69,13 +69,16 @@ shared-things logs -f   # Follow sync logs
 | Command | Description |
 |---------|-------------|
 | `init` | Setup wizard |
-| `install` | Install launchd daemon (auto-starts on login) |
-| `uninstall` | Remove launchd daemon |
+| `start` | Start launchd daemon (auto-starts on login) |
+| `stop` | Stop launchd daemon |
 | `status` | Show sync status & last sync time |
 | `sync` | Force immediate sync |
 | `logs [-f]` | Show logs (`-f` to follow) |
-| `reset [--server]` | Reset local state (`--server` clears server too) |
-| `purge` | Remove all local config |
+| `conflicts [--all]` | Show conflict history |
+| `repair` | Diagnose state issues (no auto-fix) |
+| `reset --local` | Clear local state |
+| `reset --server` | Clear server data for this user |
+| `doctor` | Comprehensive health check |
 
 ## Server Setup
 
@@ -143,9 +146,8 @@ things.yourdomain.com {
 
 | Synced | Not Synced |
 |--------|------------|
-| Todo title, notes, due date, tags | Completed todos |
-| Headings | Checklist items |
-| | Areas |
+| Todo title, notes, due date, tags, status | Checklist items |
+|  | Headings, Areas |
 
 > **Note:** The project must exist in each user's Things app. Only items within that project sync.
 

package/dist/cli.js

@@ -26,8 +26,9 @@ function initDatabase() {
   }
   const db = new Database(DB_PATH);
   db.pragma("journal_mode = WAL");
+  db.pragma("foreign_keys = ON");
+  migrateDatabase(db);
   db.exec(`
-    -- Users table
     CREATE TABLE IF NOT EXISTS users (
       id TEXT PRIMARY KEY,
       name TEXT NOT NULL,
@@ -35,49 +36,111 @@ function initDatabase() {
       created_at TEXT NOT NULL DEFAULT (datetime('now'))
     );
 
-    -- Headings table
-    CREATE TABLE IF NOT EXISTS headings (
-      id TEXT PRIMARY KEY,
-      things_id TEXT NOT NULL UNIQUE,
-      title TEXT NOT NULL,
-      position INTEGER NOT NULL DEFAULT 0,
-      updated_at TEXT NOT NULL DEFAULT (datetime('now')),
-      updated_by TEXT NOT NULL REFERENCES users(id),
-      created_at TEXT NOT NULL DEFAULT (datetime('now'))
-    );
-
-    -- Todos table
     CREATE TABLE IF NOT EXISTS todos (
       id TEXT PRIMARY KEY,
-      things_id TEXT NOT NULL UNIQUE,
       title TEXT NOT NULL,
       notes TEXT NOT NULL DEFAULT '',
       due_date TEXT,
       tags TEXT NOT NULL DEFAULT '[]',
       status TEXT NOT NULL DEFAULT 'open' CHECK (status IN ('open', 'completed', 'canceled')),
-      heading_id TEXT REFERENCES headings(id) ON DELETE SET NULL,
       position INTEGER NOT NULL DEFAULT 0,
-      updated_at TEXT NOT NULL DEFAULT (datetime('now')),
-      updated_by TEXT NOT NULL REFERENCES users(id),
-      created_at TEXT NOT NULL DEFAULT (datetime('now'))
+      edited_at TEXT NOT NULL,
+      updated_at TEXT NOT NULL,
+      created_by TEXT NOT NULL REFERENCES users(id),
+      updated_by TEXT NOT NULL REFERENCES users(id)
     );
 
-    -- Deleted items tracking (for sync)
     CREATE TABLE IF NOT EXISTS deleted_items (
       id TEXT PRIMARY KEY,
-      things_id TEXT NOT NULL,
-      item_type TEXT NOT NULL CHECK (item_type IN ('todo', 'heading')),
-      deleted_at TEXT NOT NULL DEFAULT (datetime('now')),
+      server_id TEXT NOT NULL,
+      deleted_at TEXT NOT NULL,
+      recorded_at TEXT NOT NULL DEFAULT (datetime('now')),
       deleted_by TEXT NOT NULL REFERENCES users(id)
     );
 
-    -- Indexes
     CREATE INDEX IF NOT EXISTS idx_todos_updated ON todos(updated_at);
-    CREATE INDEX IF NOT EXISTS idx_headings_updated ON headings(updated_at);
-    CREATE INDEX IF NOT EXISTS idx_deleted_at ON deleted_items(deleted_at);
+    CREATE INDEX IF NOT EXISTS idx_deleted_recorded ON deleted_items(recorded_at);
   `);
   return db;
 }
+function migrateDatabase(db) {
+  db.pragma("foreign_keys = OFF");
+  const hasTodos = db.prepare(
+    `SELECT name FROM sqlite_master WHERE type='table' AND name='todos'`
+  ).get();
+  if (hasTodos) {
+    const columns = db.prepare(`PRAGMA table_info(todos)`).all();
+    const hasThingsId = columns.some((col) => col.name === "things_id");
+    const hasEditedAt = columns.some((col) => col.name === "edited_at");
+    if (hasThingsId || !hasEditedAt) {
+      db.exec(`
+        CREATE TABLE IF NOT EXISTS todos_new (
+          id TEXT PRIMARY KEY,
+          title TEXT NOT NULL,
+          notes TEXT NOT NULL DEFAULT '',
+          due_date TEXT,
+          tags TEXT NOT NULL DEFAULT '[]',
+          status TEXT NOT NULL DEFAULT 'open' CHECK (status IN ('open', 'completed', 'canceled')),
+          position INTEGER NOT NULL DEFAULT 0,
+          edited_at TEXT NOT NULL,
+          updated_at TEXT NOT NULL,
+          created_by TEXT NOT NULL,
+          updated_by TEXT NOT NULL
+        );
+      `);
+      db.exec(`
+        INSERT INTO todos_new (id, title, notes, due_date, tags, status, position, edited_at, updated_at, created_by, updated_by)
+        SELECT id, title, notes, due_date, tags, status, position, updated_at, updated_at, updated_by, updated_by
+        FROM todos;
+      `);
+      db.exec(`
+        DROP TABLE todos;
+        ALTER TABLE todos_new RENAME TO todos;
+      `);
+    }
+  }
+  const hasDeleted = db.prepare(
+    `SELECT name FROM sqlite_master WHERE type='table' AND name='deleted_items'`
+  ).get();
+  if (hasDeleted) {
+    const columns = db.prepare(`PRAGMA table_info(deleted_items)`).all();
+    const hasServerId = columns.some((col) => col.name === "server_id");
+    const hasRecordedAt = columns.some((col) => col.name === "recorded_at");
+    if (!hasServerId) {
+      db.exec(`
+        CREATE TABLE IF NOT EXISTS deleted_items_new (
+          id TEXT PRIMARY KEY,
+          server_id TEXT NOT NULL,
+          deleted_at TEXT NOT NULL,
+          recorded_at TEXT NOT NULL,
+          deleted_by TEXT NOT NULL
+        );
+      `);
+      db.exec(`
+        INSERT INTO deleted_items_new (id, server_id, deleted_at, recorded_at, deleted_by)
+        SELECT id, things_id, deleted_at, deleted_at, deleted_by
+        FROM deleted_items
+        WHERE item_type = 'todo';
+      `);
+      db.exec(`
+        DROP TABLE deleted_items;
+        ALTER TABLE deleted_items_new RENAME TO deleted_items;
+      `);
+    } else if (!hasRecordedAt) {
+      db.exec(`
+        ALTER TABLE deleted_items ADD COLUMN recorded_at TEXT;
+        UPDATE deleted_items SET recorded_at = deleted_at WHERE recorded_at IS NULL;
+      `);
+    }
+  }
+  const hasHeadings = db.prepare(
+    `SELECT name FROM sqlite_master WHERE type='table' AND name='headings'`
+  ).get();
+  if (hasHeadings) {
+    db.exec(`DROP TABLE headings;`);
+  }
+  db.pragma("foreign_keys = ON");
+}
 function userExists(db, name) {
   const row = db.prepare(`SELECT 1 FROM users WHERE name = ?`).get(name);
   return !!row;
@@ -97,190 +160,185 @@ function createUser(db, name) {
 }
 function getUserByApiKey(db, apiKey) {
   const apiKeyHash = crypto.createHash("sha256").update(apiKey).digest("hex");
-  const row = db.prepare(`
-    SELECT id, name FROM users WHERE api_key_hash = ?
-  `).get(apiKeyHash);
+  const row = db.prepare(`SELECT id, name FROM users WHERE api_key_hash = ?`).get(apiKeyHash);
   return row || null;
 }
 function listUsers(db) {
-  return db.prepare(`
-    SELECT id, name, created_at as createdAt FROM users
-  `).all();
+  return db.prepare(`SELECT id, name, created_at as createdAt FROM users`).all();
 }
-function getAllHeadings(db) {
-  return db.prepare(`
-    SELECT
-      id, things_id as thingsId, title, position,
-      updated_at as updatedAt, updated_by as updatedBy, created_at as createdAt
-    FROM headings
-    ORDER BY position
-  `).all();
-}
-function getHeadingsSince(db, since) {
-  return db.prepare(`
-    SELECT
-      id, things_id as thingsId, title, position,
-      updated_at as updatedAt, updated_by as updatedBy, created_at as createdAt
-    FROM headings
-    WHERE updated_at > ?
+function getAllTodos(db) {
+  const rows = db.prepare(
+    `
+    SELECT id, title, notes, due_date, tags, status, position,
+           edited_at, updated_at, updated_by
+    FROM todos
     ORDER BY position
-  `).all(since);
-}
-function upsertHeading(db, thingsId, title, position, userId) {
-  const now = (/* @__PURE__ */ new Date()).toISOString();
-  const existing = db.prepare(`SELECT id FROM headings WHERE things_id = ?`).get(thingsId);
-  if (existing) {
-    db.prepare(`
-      UPDATE headings
-      SET title = ?, position = ?, updated_at = ?, updated_by = ?
-      WHERE things_id = ?
-    `).run(title, position, now, userId, thingsId);
-    return existing.id;
-  } else {
-    const id = crypto.randomUUID();
-    db.prepare(`
-      INSERT INTO headings (id, things_id, title, position, updated_at, updated_by, created_at)
-      VALUES (?, ?, ?, ?, ?, ?, ?)
-    `).run(id, thingsId, title, position, now, userId, now);
-    return id;
-  }
-}
-function deleteHeading(db, thingsId, userId) {
-  const existing = db.prepare(`SELECT id FROM headings WHERE things_id = ?`).get(thingsId);
-  if (!existing) return false;
-  const now = (/* @__PURE__ */ new Date()).toISOString();
-  const deleteId = crypto.randomUUID();
-  db.prepare(`
-    INSERT INTO deleted_items (id, things_id, item_type, deleted_at, deleted_by)
-    VALUES (?, ?, 'heading', ?, ?)
-  `).run(deleteId, thingsId, now, userId);
-  db.prepare(`DELETE FROM headings WHERE things_id = ?`).run(thingsId);
-  return true;
+  `
+  ).all();
+  return rows.map((row) => ({
+    id: row.id,
+    title: row.title,
+    notes: row.notes,
+    dueDate: row.due_date,
+    tags: JSON.parse(row.tags),
+    status: row.status,
+    position: row.position,
+    editedAt: row.edited_at,
+    updatedAt: row.updated_at
+  }));
 }
-function getAllTodos(db) {
-  const rows = db.prepare(`
-    SELECT
-      id, things_id as thingsId, title, notes, due_date as dueDate,
-      tags, status, heading_id as headingId, position,
-      updated_at as updatedAt, updated_by as updatedBy, created_at as createdAt
+function getAllTodosWithMeta(db) {
+  const rows = db.prepare(
+    `
+    SELECT id, title, notes, due_date, tags, status, position,
+           edited_at, updated_at, updated_by
     FROM todos
     ORDER BY position
-  `).all();
+  `
+  ).all();
   return rows.map((row) => ({
-    ...row,
-    tags: JSON.parse(row.tags)
+    id: row.id,
+    title: row.title,
+    notes: row.notes,
+    dueDate: row.due_date,
+    tags: JSON.parse(row.tags),
+    status: row.status,
+    position: row.position,
+    editedAt: row.edited_at,
+    updatedAt: row.updated_at,
+    updatedBy: row.updated_by
   }));
 }
 function getTodosSince(db, since) {
-  const rows = db.prepare(`
-    SELECT
-      id, things_id as thingsId, title, notes, due_date as dueDate,
-      tags, status, heading_id as headingId, position,
-      updated_at as updatedAt, updated_by as updatedBy, created_at as createdAt
+  const rows = db.prepare(
+    `
+    SELECT id, title, notes, due_date, tags, status, position,
+           edited_at, updated_at, updated_by
     FROM todos
     WHERE updated_at > ?
     ORDER BY position
-  `).all(since);
+  `
+  ).all(since);
   return rows.map((row) => ({
-    ...row,
-    tags: JSON.parse(row.tags)
+    id: row.id,
+    title: row.title,
+    notes: row.notes,
+    dueDate: row.due_date,
+    tags: JSON.parse(row.tags),
+    status: row.status,
+    position: row.position,
+    editedAt: row.edited_at,
+    updatedAt: row.updated_at
   }));
 }
-function upsertTodoByServerId(db, serverId, data, userId) {
+function getTodoByServerId(db, serverId) {
+  const row = db.prepare(
+    `
+    SELECT id, title, notes, due_date, tags, status, position,
+           edited_at, updated_at, updated_by
+    FROM todos
+    WHERE id = ?
+  `
+  ).get(serverId);
+  if (!row) return null;
+  return {
+    id: row.id,
+    title: row.title,
+    notes: row.notes,
+    dueDate: row.due_date,
+    tags: JSON.parse(row.tags),
+    status: row.status,
+    position: row.position,
+    editedAt: row.edited_at,
+    updatedAt: row.updated_at,
+    updatedBy: row.updated_by
+  };
+}
+function upsertTodo(db, serverId, data, userId) {
   const now = (/* @__PURE__ */ new Date()).toISOString();
   const tagsJson = JSON.stringify(data.tags);
-  if (serverId) {
-    const existing = db.prepare(`SELECT id FROM todos WHERE id = ?`).get(serverId);
-    if (existing) {
-      db.prepare(`
-        UPDATE todos
-        SET title = ?, notes = ?, due_date = ?, tags = ?, status = ?,
-            heading_id = ?, position = ?, updated_at = ?, updated_by = ?
-        WHERE id = ?
-      `).run(
-        data.title,
-        data.notes,
-        data.dueDate,
-        tagsJson,
-        data.status,
-        data.headingId,
-        data.position,
-        now,
-        userId,
-        serverId
-      );
-      return serverId;
-    }
-  }
-  const existingByThingsId = db.prepare(`SELECT id FROM todos WHERE things_id = ?`).get(data.thingsId);
-  if (existingByThingsId) {
-    db.prepare(`
+  const existing = db.prepare(`SELECT id FROM todos WHERE id = ?`).get(serverId);
+  if (existing) {
+    db.prepare(
+      `
       UPDATE todos
       SET title = ?, notes = ?, due_date = ?, tags = ?, status = ?,
-          heading_id = ?, position = ?, updated_at = ?, updated_by = ?
-      WHERE things_id = ?
-    `).run(
+          position = ?, edited_at = ?, updated_at = ?, updated_by = ?
+      WHERE id = ?
+    `
+    ).run(
       data.title,
       data.notes,
       data.dueDate,
       tagsJson,
       data.status,
-      data.headingId,
       data.position,
+      data.editedAt,
       now,
       userId,
-      data.thingsId
+      serverId
     );
-    return existingByThingsId.id;
+    return;
   }
-  const id = serverId || crypto.randomUUID();
-  db.prepare(`
-    INSERT INTO todos (id, things_id, title, notes, due_date, tags, status, heading_id, position, updated_at, updated_by, created_at)
-    VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
-  `).run(
-    id,
-    data.thingsId,
+  db.prepare(
+    `
+    INSERT INTO todos (id, title, notes, due_date, tags, status, position, edited_at, updated_at, created_by, updated_by)
+    VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
+  `
+  ).run(
+    serverId,
     data.title,
     data.notes,
     data.dueDate,
     tagsJson,
     data.status,
-    data.headingId,
     data.position,
+    data.editedAt,
     now,
     userId,
-    now
+    userId
   );
-  return id;
 }
-function deleteTodoByServerId(db, serverId, userId) {
-  const existing = db.prepare(`SELECT id, things_id FROM todos WHERE id = ?`).get(serverId);
+function deleteTodoByServerId(db, serverId) {
+  const existing = db.prepare(`SELECT id FROM todos WHERE id = ?`).get(serverId);
   if (!existing) return false;
-  const now = (/* @__PURE__ */ new Date()).toISOString();
-  const deleteId = crypto.randomUUID();
-  db.prepare(`
-    INSERT INTO deleted_items (id, things_id, item_type, deleted_at, deleted_by)
-    VALUES (?, ?, 'todo', ?, ?)
-  `).run(deleteId, serverId, now, userId);
   db.prepare(`DELETE FROM todos WHERE id = ?`).run(serverId);
   return true;
 }
+function getDeletedByServerId(db, serverId) {
+  const row = db.prepare(
+    `SELECT deleted_at as deletedAt, deleted_by as deletedBy FROM deleted_items WHERE server_id = ? ORDER BY deleted_at DESC LIMIT 1`
+  ).get(serverId);
+  return row || null;
+}
+function recordDeletion(db, serverId, deletedAt, userId) {
+  db.prepare(`DELETE FROM deleted_items WHERE server_id = ?`).run(serverId);
+  const deleteId = crypto.randomUUID();
+  const recordedAt = (/* @__PURE__ */ new Date()).toISOString();
+  db.prepare(
+    `
+    INSERT INTO deleted_items (id, server_id, deleted_at, recorded_at, deleted_by)
+    VALUES (?, ?, ?, ?, ?)
+  `
+  ).run(deleteId, serverId, deletedAt, recordedAt, userId);
+}
+function clearDeletion(db, serverId) {
+  db.prepare(`DELETE FROM deleted_items WHERE server_id = ?`).run(serverId);
+}
 function getDeletedSince(db, since) {
-  const rows = db.prepare(`
-    SELECT things_id, item_type FROM deleted_items WHERE deleted_at > ?
-  `).all(since);
-  return {
-    todos: rows.filter((r) => r.item_type === "todo").map((r) => r.things_id),
-    headings: rows.filter((r) => r.item_type === "heading").map((r) => r.things_id)
-  };
+  return db.prepare(
+    `
+    SELECT server_id as serverId, deleted_at as deletedAt
+    FROM deleted_items
+    WHERE recorded_at > ?
+  `
+  ).all(since);
 }
 function resetUserData(db, userId) {
-  const todoResult = db.prepare(`DELETE FROM todos WHERE updated_by = ?`).run(userId);
-  const headingResult = db.prepare(`DELETE FROM headings WHERE updated_by = ?`).run(userId);
+  const todoResult = db.prepare(`DELETE FROM todos WHERE updated_by = ? OR created_by = ?`).run(userId, userId);
   db.prepare(`DELETE FROM deleted_items WHERE deleted_by = ?`).run(userId);
   return {
-    deletedTodos: todoResult.changes,
-    deletedHeadings: headingResult.changes
+    deletedTodos: todoResult.changes
   };
 }
 
@@ -310,15 +368,14 @@ function authMiddleware(db) {
 }
 
 // src/routes.ts
+import * as crypto2 from "crypto";
 function registerRoutes(app, db) {
   app.get("/health", async () => {
     return { status: "ok", timestamp: (/* @__PURE__ */ new Date()).toISOString() };
   });
   app.get("/state", async (_request) => {
-    const headings = getAllHeadings(db);
     const todos = getAllTodos(db);
     return {
-      headings,
       todos,
       syncedAt: (/* @__PURE__ */ new Date()).toISOString()
     };
@@ -328,17 +385,12 @@ function registerRoutes(app, db) {
     if (!since) {
       return { error: 'Missing "since" query parameter', code: "BAD_REQUEST" };
     }
-    const headings = getHeadingsSince(db, since);
     const todos = getTodosSince(db, since);
     const deleted = getDeletedSince(db, since);
     return {
-      headings: {
-        upserted: headings,
-        deleted: deleted.headings
-      },
       todos: {
         upserted: todos,
-        deleted: deleted.todos
+        deleted
       },
       syncedAt: (/* @__PURE__ */ new Date()).toISOString()
     };
@@ -346,47 +398,108 @@ function registerRoutes(app, db) {
   app.post(
     "/push",
     async (request, reply) => {
-      const { headings, todos } = request.body;
+      const { todos } = request.body;
       const userId = request.user.id;
       const conflicts = [];
+      const mappings = [];
       try {
-        for (const thingsId of headings.deleted) {
-          deleteHeading(db, thingsId, userId);
-        }
-        for (const heading of headings.upserted) {
-          upsertHeading(
-            db,
-            heading.thingsId,
-            heading.title,
-            heading.position,
-            userId
-          );
-        }
-        for (const serverId of todos.deleted) {
-          deleteTodoByServerId(db, serverId, userId);
-        }
-        for (const todo of todos.upserted) {
-          let headingId = null;
-          if (todo.headingId) {
-            const headingRow = db.prepare(`SELECT id FROM headings WHERE things_id = ?`).get(todo.headingId);
-            headingId = headingRow?.id || null;
+        const transaction = db.transaction(() => {
+          for (const deletion of todos.deleted) {
+            const existing = getTodoByServerId(db, deletion.serverId);
+            if (!existing) {
+              const existingDeletion = getDeletedByServerId(
+                db,
+                deletion.serverId
+              );
+              if (!existingDeletion || compareIso(deletion.deletedAt, existingDeletion.deletedAt) > 0) {
+                recordDeletion(
+                  db,
+                  deletion.serverId,
+                  deletion.deletedAt,
+                  userId
+                );
+              }
+              continue;
+            }
+            const shouldDelete = shouldApplyChange(
+              deletion.deletedAt,
+              existing.editedAt,
+              userId,
+              existing.updatedBy
+            );
+            if (!shouldDelete) {
+              conflicts.push({
+                serverId: deletion.serverId,
+                reason: "Remote edit was newer",
+                serverTodo: toTodo(existing),
+                clientDeletedAt: deletion.deletedAt
+              });
+              continue;
+            }
+            deleteTodoByServerId(db, deletion.serverId);
+            recordDeletion(db, deletion.serverId, deletion.deletedAt, userId);
           }
-          upsertTodoByServerId(
-            db,
-            todo.serverId,
-            {
-              thingsId: todo.thingsId,
-              title: todo.title,
-              notes: todo.notes,
-              dueDate: todo.dueDate,
-              tags: todo.tags,
-              status: todo.status,
-              headingId,
-              position: todo.position
-            },
-            userId
-          );
-        }
+          for (const todo of todos.upserted) {
+            const serverId = todo.serverId || crypto2.randomUUID();
+            const position = typeof todo.position === "number" && Number.isFinite(todo.position) ? todo.position : 0;
+            const existingDeletion = getDeletedByServerId(db, serverId);
+            if (existingDeletion) {
+              const editWins = shouldApplyChange(
+                todo.editedAt,
+                existingDeletion.deletedAt,
+                userId,
+                existingDeletion.deletedBy
+              );
+              if (!editWins) {
+                conflicts.push({
+                  serverId,
+                  reason: "Remote delete was newer",
+                  serverTodo: null,
+                  clientTodo: todo
+                });
+                continue;
+              }
+              clearDeletion(db, serverId);
+            }
+            const existing = getTodoByServerId(db, serverId);
+            if (existing) {
+              const shouldApply = shouldApplyChange(
+                todo.editedAt,
+                existing.editedAt,
+                userId,
+                existing.updatedBy
+              );
+              if (!shouldApply) {
+                conflicts.push({
+                  serverId,
+                  reason: "Remote edit was newer",
+                  serverTodo: toTodo(existing),
+                  clientTodo: todo
+                });
+                continue;
+              }
+            } else if (todo.serverId) {
+            }
+            upsertTodo(
+              db,
+              serverId,
+              {
+                title: todo.title,
+                notes: todo.notes,
+                dueDate: todo.dueDate,
+                tags: todo.tags,
+                status: todo.status,
+                position,
+                editedAt: todo.editedAt
+              },
+              userId
+            );
+            if (!todo.serverId && todo.clientId) {
+              mappings?.push({ serverId, clientId: todo.clientId });
+            }
+          }
+        });
+        transaction();
       } catch (err) {
         const error = err;
         if (error.message?.includes("UNIQUE constraint failed")) {
@@ -398,15 +511,14 @@ function registerRoutes(app, db) {
         }
         throw err;
       }
-      const currentHeadings = getAllHeadings(db);
       const currentTodos = getAllTodos(db);
       return {
         state: {
-          headings: currentHeadings,
           todos: currentTodos,
           syncedAt: (/* @__PURE__ */ new Date()).toISOString()
         },
-        conflicts
+        conflicts,
+        mappings: mappings?.length ? mappings : void 0
       };
     }
   );
@@ -416,12 +528,33 @@ function registerRoutes(app, db) {
     return {
       success: true,
       deleted: {
-        todos: result.deletedTodos,
-        headings: result.deletedHeadings
+        todos: result.deletedTodos
       }
     };
   });
 }
+function compareIso(a, b) {
+  return new Date(a).getTime() - new Date(b).getTime();
+}
+function shouldApplyChange(incomingEditedAt, storedEditedAt, incomingUserId, storedUserId) {
+  const diff = compareIso(incomingEditedAt, storedEditedAt);
+  if (diff > 0) return true;
+  if (diff < 0) return false;
+  return incomingUserId > storedUserId;
+}
+function toTodo(todo) {
+  return {
+    id: todo.id,
+    title: todo.title,
+    notes: todo.notes,
+    dueDate: todo.dueDate,
+    tags: todo.tags,
+    status: todo.status,
+    position: todo.position,
+    editedAt: todo.editedAt,
+    updatedAt: todo.updatedAt
+  };
+}
 
 // src/cli.ts
 var pkg = JSON.parse(
@@ -728,7 +861,6 @@ program.command("delete-user").description("Delete a user").option("-n, --name <
     return;
   }
   db.prepare("DELETE FROM todos WHERE updated_by = ?").run(user.id);
-  db.prepare("DELETE FROM headings WHERE updated_by = ?").run(user.id);
   db.prepare("DELETE FROM deleted_items WHERE deleted_by = ?").run(user.id);
   db.prepare("DELETE FROM users WHERE id = ?").run(user.id);
   console.log(chalk.green(`
@@ -737,7 +869,7 @@ program.command("delete-user").description("Delete a user").option("-n, --name <
 });
 program.command("list-todos").description("List all todos").option("-u, --user <name>", "Filter by username").action(async (options) => {
   const db = initDatabase();
-  const todos = getAllTodos(db);
+  const todos = getAllTodosWithMeta(db);
   const users = listUsers(db);
   const userMap = new Map(users.map((u) => [u.id, u.name]));
   let filteredTodos = todos;
@@ -780,20 +912,18 @@ ${title}
     console.log();
   }
 });
-program.command("reset").description("Delete all todos and headings (keeps users)").action(async () => {
+program.command("reset").description("Delete all todos (keeps users)").action(async () => {
   const db = initDatabase();
   const todos = getAllTodos(db);
-  const headings = getAllHeadings(db);
-  if (todos.length === 0 && headings.length === 0) {
+  if (todos.length === 0) {
     console.log(chalk.yellow("\nNo data to reset.\n"));
     return;
   }
   console.log(chalk.bold("\n\u{1F504} Reset Server Data\n"));
   console.log(`  ${chalk.dim("Todos:")} ${todos.length}`);
-  console.log(`  ${chalk.dim("Headings:")} ${headings.length}`);
   console.log();
   const confirmed = await confirm({
-    message: "Delete all todos and headings? Users will be kept.",
+    message: "Delete all todos? Users will be kept.",
     default: false
   });
   if (!confirmed) {
@@ -801,11 +931,8 @@ program.command("reset").description("Delete all todos and headings (keeps users
     return;
   }
   db.prepare("DELETE FROM todos").run();
-  db.prepare("DELETE FROM headings").run();
   db.prepare("DELETE FROM deleted_items").run();
-  console.log(
-    chalk.green("\n\u2705 All todos and headings deleted. Users preserved.\n")
-  );
+  console.log(chalk.green("\n\u2705 All todos deleted. Users preserved.\n"));
 });
 program.command("purge").description("Delete entire database (all data including users)").action(async () => {
   const dataDir = process.env.DATA_DIR || path2.join(os2.homedir(), ".shared-things-server");

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "shared-things-server",
-  "version": "1.1.0",
+  "version": "2.0.0",
   "description": "Sync server for Things 3 projects",
   "type": "module",
   "main": "./dist/index.js",
@@ -58,6 +58,8 @@
     "build": "tsup",
     "dev": "tsx watch src/cli.ts start",
     "typecheck": "tsc --noEmit",
+    "test": "vitest run",
+    "test:watch": "vitest",
     "postinstall": "node scripts/postinstall.js || true"
   }
 }