kryten-webqueue 0.21.0__tar.gz → 0.23.0__tar.gz

{kryten_webqueue-0.21.0 → kryten_webqueue-0.23.0}/CHANGELOG.md

@@ -4,7 +4,23 @@ All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
-## [Unreleased]
+## [0.23.0] — 2026-06-21
+
+### Fixed
+
+- **Scheduled-event pre-fire lock lingered until midnight.** The pay-to-play pre-fire lock lives in `playlist_schedules` and was gated on `fire_at > datetime('now')`. `fire_at` is stored as a raw ISO string with a `T` separator (e.g. `2026-06-21T15:00:00+00:00`, or `…Z` from the admin UI) while SQLite's `datetime('now')` is space-separated, so the two were compared as **strings** — `'T'` sorts after `' '`, keeping the condition true from fire time until the calendar date rolled over. A 15-minute pre-fire lock effectively lasted until midnight, the queue stayed locked with no active-schedule row to show for it, and "Clear Active" couldn't lift it. The lock queries now wrap `fire_at` in `datetime(…)` so the comparison is over normalized timestamps and the lock releases exactly at `fire_at`. `get_next_schedule` shared the same flaw (already-fired events showed as "next" until midnight) and is fixed too.
+
+### Added
+
+- **Clear admin lockout indicator + one-click "End lockout now".** The admin Schedules page now shows a prominent banner whenever pay-to-play is closed — covering the pre-fire window (which has no active-schedule row and was previously invisible until a queue attempt failed) as well as an in-progress immutable event. A new `GET /admin/schedules/lock-status` reports the authoritative state, and `POST /admin/schedules/unlock` now lifts an in-progress event lock **and** every active pre-fire lock in a single action (it previously lifted only one), so one click reliably reopens the queue. Schedules stay armed — a recurring event re-locks on its next firing.
+
+[0.23.0]: https://github.com/grobertson/kryten-webqueue/releases/tag/v0.23.0
+
+## [0.22.0] - 2026-06-19
+
+### Added
+
+- **Shoutout on the Vanity Items tab.** The dashboard's Vanity tab gains a third item — **Shoutout** — alongside Greeting and Chat color, each now with a short call-to-action. Sending a shoutout posts the user's message to public chat (`📢 <user>: …`) via the new `POST /user/vanity/shoutout` route, which proxies the api-gate `POST /economy/vanity/shoutout` endpoint. The message is the user's own input (validated server-side: trimmed, non-empty, max 200 chars); the cost/availability come from the account summary; the username is always taken from the authenticated session.
 
 ## [0.21.0] — 2026-06-17
 

{kryten_webqueue-0.21.0 → kryten_webqueue-0.23.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: kryten-webqueue
-Version: 0.21.0
+Version: 0.23.0
 Summary: Netflix/Tubi-style catalog browser and pay-to-play queue management for CyTube
 Author: grobertson
 License-Expression: MIT

{kryten_webqueue-0.21.0 → kryten_webqueue-0.23.0}/kryten_webqueue/api_gate/client.py

@@ -108,6 +108,12 @@ class ApiGateClient:
             "value": value,
         })
 
+    async def set_vanity_shoutout(self, username: str, value: str) -> dict:
+        return await self.post("/economy/vanity/shoutout", json={
+            "username": username,
+            "value": value,
+        })
+
     async def queue_preview(self, username: str, duration_sec: int, tier: str = "queue") -> dict:
         return await self.post("/economy/queue-preview", json={
             "username": username,

{kryten_webqueue-0.21.0 → kryten_webqueue-0.23.0}/kryten_webqueue/catalog/db.py

@@ -1166,12 +1166,19 @@ class Database:
     # --- Pre-fire lock check ---
 
     async def is_pre_fire_lock_active(self) -> bool:
+        # NOTE: fire_at must be wrapped in datetime() on BOTH sides. fire_at is
+        # stored as a raw ISO string ('2026-06-21T15:00:00+00:00' or '...Z'),
+        # whose 'T' separator sorts lexically AFTER the space-separated string
+        # returned by datetime('now'). A bare `fire_at > datetime('now')` is a
+        # string comparison that stays true from fire time until the calendar
+        # day rolls over, so the lock lingered until midnight instead of
+        # releasing at fire_at.
         row = await self._fetch_one("""
             SELECT 1 FROM playlist_schedules
             WHERE is_active = 1
               AND lock_disabled = 0
               AND datetime(fire_at, '-' || pre_fire_lock_minutes || ' minutes') <= datetime('now')
-              AND fire_at > datetime('now')
+              AND datetime(fire_at) > datetime('now')
             LIMIT 1
         """)
         return row is not None
@@ -1187,12 +1194,32 @@ class Database:
             WHERE is_active = 1
               AND lock_disabled = 0
               AND datetime(fire_at, '-' || pre_fire_lock_minutes || ' minutes') <= datetime('now')
-              AND fire_at > datetime('now')
-            ORDER BY fire_at
+              AND datetime(fire_at) > datetime('now')
+            ORDER BY datetime(fire_at)
             LIMIT 1
         """)
 
+    async def disable_active_pre_fire_locks(self) -> int:
+        """Lift ALL currently-active pre-fire locks in a single operation.
+
+        Sets ``lock_disabled = 1`` for every schedule whose pre-fire window is
+        open right now, so one admin action ends the lockout even when more than
+        one schedule's window overlaps. Recurring schedules reset
+        ``lock_disabled`` to 0 when they re-arm, so future firings still lock.
+        Returns the number of schedules affected.
+        """
+        cursor = await self._db.execute("""
+            UPDATE playlist_schedules
+            SET lock_disabled = 1
+            WHERE is_active = 1
+              AND lock_disabled = 0
+              AND datetime(fire_at, '-' || pre_fire_lock_minutes || ' minutes') <= datetime('now')
+              AND datetime(fire_at) > datetime('now')
+        """)
+        await self._db.commit()
+        return cursor.rowcount
+
     async def get_next_schedule(self) -> dict | None:
         return await self._fetch_one(
-            "SELECT * FROM playlist_schedules WHERE is_active=1 AND fire_at > datetime('now') ORDER BY fire_at LIMIT 1"
+            "SELECT * FROM playlist_schedules WHERE is_active=1 AND datetime(fire_at) > datetime('now') ORDER BY datetime(fire_at) LIMIT 1"
         )

{kryten_webqueue-0.21.0 → kryten_webqueue-0.23.0}/kryten_webqueue/routes/admin_schedules.py

@@ -134,24 +134,62 @@ async def clear_active(request: Request, user: dict = Depends(require_admin)):
     return {"success": True}
 
 
+@router.get("/lock-status")
+async def lock_status(request: Request, user: dict = Depends(require_admin)):
+    """Authoritative pay-to-play lock state for the admin lock banner.
+
+    Reports *both* lock types so an admin always sees why the queue is closed
+    and can end it — whether a schedule is in its pre-fire window (no active
+    schedule row) or an immutable event is mid-play.
+    """
+    db = request.app.state.db
+
+    # Pre-fire window lives entirely in playlist_schedules (no active_schedule
+    # row), which is why "Clear Active" can't see or clear it.
+    if await db.is_pre_fire_lock_active():
+        lock = await db.get_active_pre_fire_lock() or {}
+        return {
+            "locked": True,
+            "type": "pre_fire",
+            "label": lock.get("label"),
+            "fire_at": lock.get("fire_at"),
+        }
+
+    # In-progress immutable scheduled event.
+    if await db.is_event_lock_active():
+        active = await db.get_active_schedule() or {}
+        label = None
+        if active.get("playlist_id"):
+            playlist = await db.get_saved_playlist(active["playlist_id"])
+            if playlist:
+                label = playlist.get("name")
+        return {
+            "locked": True,
+            "type": "event",
+            "label": label,
+            "estimated_end_at": active.get("estimated_end_at"),
+        }
+
+    return {"locked": False, "type": None}
+
+
 @router.post("/unlock")
 async def unlock(request: Request, user: dict = Depends(require_admin)):
-    """Lift the currently-active pay-to-play lock without deleting the schedule.
+    """End the active pay-to-play lockout, whatever its source.
 
-    Targets the in-progress scheduled-event lock first (keeps the event banner
-    and any recurring schedule armed); otherwise lifts an active pre-fire lock
-    for its current occurrence only (a recurring schedule re-locks on its next
-    firing).
+    Lifts an in-progress event lock *and* every currently-active pre-fire lock
+    in a single action, so one click reliably reopens pay-to-play. The schedules
+    themselves stay armed: a recurring schedule re-locks on its next firing.
     """
     db = request.app.state.db
+    lifted: list[str] = []
 
     if await db.is_event_lock_active():
         await db.disable_active_lock()
-        return {"success": True, "lifted": "event"}
+        lifted.append("event")
 
-    prefire = await db.get_active_pre_fire_lock()
-    if prefire:
-        await db.update_schedule(prefire["id"], lock_disabled=1)
-        return {"success": True, "lifted": "pre_fire"}
+    pre_fire_count = await db.disable_active_pre_fire_locks()
+    if pre_fire_count:
+        lifted.append("pre_fire")
 
-    return {"success": True, "lifted": None}
+    return {"success": True, "lifted": lifted, "pre_fire_count": pre_fire_count}

{kryten_webqueue-0.21.0 → kryten_webqueue-0.23.0}/kryten_webqueue/routes/user.py

@@ -1,5 +1,5 @@
 from fastapi import APIRouter, Request, Depends, HTTPException
-from pydantic import BaseModel
+from pydantic import BaseModel, field_validator
 
 from ..auth.session import get_current_user
 
@@ -28,6 +28,22 @@ class ColorUpdate(BaseModel):
     value: str
 
 
+class ShoutoutRequest(BaseModel):
+    # Mirrors the economy's shoutout limits so a bypassed UI still gets a
+    # consistent, early rejection instead of forwarding arbitrary-length text.
+    value: str
+
+    @field_validator("value")
+    @classmethod
+    def _validate_value(cls, v: str) -> str:
+        v = v.strip()
+        if not v:
+            raise ValueError("Shoutout message is required.")
+        if len(v) > 200:
+            raise ValueError("Message too long (max 200 characters).")
+        return v
+
+
 @router.post("/vanity/greeting")
 async def set_vanity_greeting(
     body: GreetingUpdate, request: Request, user: dict = Depends(get_current_user)
@@ -52,6 +68,18 @@ async def set_vanity_color(
         raise HTTPException(status_code=400, detail=_economy_error(exc)) from exc
 
 
+@router.post("/vanity/shoutout")
+async def set_vanity_shoutout(
+    body: ShoutoutRequest, request: Request, user: dict = Depends(get_current_user)
+):
+    """Purchase a shoutout — the bot posts the message to public chat."""
+    api_gate = request.app.state.api_gate
+    try:
+        return await api_gate.set_vanity_shoutout(user["username"], body.value)
+    except Exception as exc:  # noqa: BLE001
+        raise HTTPException(status_code=400, detail=_economy_error(exc)) from exc
+
+
 def _economy_error(exc: Exception) -> str:
     """Extract a human-readable message from an api-gate HTTP error."""
     import httpx

{kryten_webqueue-0.21.0 → kryten_webqueue-0.23.0}/kryten_webqueue/static/css/main.css

@@ -975,6 +975,10 @@ a.np-chip {
     color: var(--text-secondary);
     font-style: italic;
 }
+.vanity-cta {
+    font-size: 0.78rem;
+    margin-top: 0.2rem;
+}
 .color-swatch {
     display: inline-block;
     width: 1rem;
@@ -1206,6 +1210,33 @@ a.np-chip {
     border-left: 3px solid var(--warning);
 }
 
+/* Pay-to-play lock banner (admin schedules) — deliberately prominent so a
+   lockout is never a surprise discovered only when a queue attempt fails. */
+.lock-banner {
+    background: rgba(225, 112, 85, 0.12);
+    border: 1px solid var(--danger);
+    border-left: 4px solid var(--danger);
+    border-radius: var(--radius);
+    padding: 0.9rem 1.1rem;
+    margin-bottom: 1.5rem;
+}
+.lock-banner-row {
+    display: flex;
+    align-items: center;
+    gap: 0.9rem;
+    flex-wrap: wrap;
+}
+.lock-banner-icon {
+    font-size: 1.4rem;
+    line-height: 1;
+}
+.lock-banner-text {
+    flex: 1 1 240px;
+}
+.lock-banner-text > strong {
+    color: var(--danger);
+}
+
 /* Modal */
 .modal-overlay {
     position: fixed;

{kryten_webqueue-0.21.0 → kryten_webqueue-0.23.0}/kryten_webqueue/templates/admin/schedules.html

@@ -7,6 +7,7 @@
     <h1>Schedules</h1>
     <p><a href="/admin">&larr; Back to Admin</a></p>
 
+    <div id="lock-banner" class="lock-banner hidden"></div>
     <div id="active-banner" class="schedule-info hidden" style="margin-bottom:1.5rem;"></div>
 
     <div class="admin-section">
@@ -36,6 +37,58 @@ async function loadPlaylistsForSelect() {
     return rows;
 }
 
+async function loadLockStatus() {
+    // Authoritative, server-side lock indicator. Unlike the active-schedule
+    // banner, this also surfaces a pre-fire lockout (which has no active_schedule
+    // row) — the case where the queue is locked with nothing obviously "running".
+    const banner = document.getElementById('lock-banner');
+    let st;
+    try {
+        const resp = await fetch('/admin/schedules/lock-status');
+        if (!resp.ok) { banner.classList.add('hidden'); return; }
+        st = await resp.json();
+    } catch { banner.classList.add('hidden'); return; }
+
+    if (!st || !st.locked) {
+        banner.classList.add('hidden');
+        banner.innerHTML = '';
+        return;
+    }
+
+    const label = st.label ? escapeHtml(st.label) : 'a scheduled event';
+    let detail;
+    if (st.type === 'pre_fire') {
+        const when = st.fire_at ? formatLocalDateTime(st.fire_at) : null;
+        detail = `Pre-event lockout for <strong>${label}</strong>${when ? ` — fires ${when}` : ''}. Pay-to-play reopens when the event starts.`;
+    } else {
+        const when = st.estimated_end_at ? formatLocalDateTime(st.estimated_end_at) : null;
+        detail = `Event <strong>${label}</strong> is playing${when ? ` — ends ~${when}` : ''}. Pay-to-play reopens when the last scheduled item begins.`;
+    }
+
+    banner.classList.remove('hidden');
+    banner.innerHTML = `
+        <div class="lock-banner-row">
+            <span class="lock-banner-icon" aria-hidden="true">&#128274;</span>
+            <div class="lock-banner-text">
+                <strong>Queue locked &mdash; pay-to-play is closed.</strong>
+                <div class="muted">${detail}</div>
+            </div>
+            <button class="btn btn-danger btn-sm" onclick="endLockout()">End lockout now</button>
+        </div>`;
+}
+
+async function endLockout() {
+    if (!confirm('End the pay-to-play lockout now? Users can queue items immediately. Schedules stay armed — a recurring event re-locks on its next firing.')) return;
+    let ok = false;
+    try {
+        const resp = await fetch('/admin/schedules/unlock', {method: 'POST'});
+        ok = resp.ok;
+    } catch { ok = false; }
+    showToast(ok ? 'Lockout ended' : 'Failed to end lockout', ok ? 'success' : 'error');
+    await loadLockStatus();
+    loadSchedules();
+}
+
 async function loadActive() {
     const banner = document.getElementById('active-banner');
     const resp = await fetch('/admin/schedules/active');
@@ -69,6 +122,7 @@ async function unlockNow() {
     if (!confirm('Lift the pay-to-play lock now? Users will be able to queue items again. The schedule stays armed for future firings.')) return;
     const resp = await fetch('/admin/schedules/unlock', {method: 'POST'});
     showToast(resp.ok ? 'Lock lifted' : 'Failed', resp.ok ? 'success' : 'error');
+    await loadLockStatus();
     loadSchedules();
 }
 
@@ -76,11 +130,13 @@ async function clearActive() {
     if (!confirm('Clear the active schedule and return to free mode?')) return;
     const resp = await fetch('/admin/schedules/clear-active', {method: 'POST'});
     showToast(resp.ok ? 'Cleared' : 'Failed', resp.ok ? 'success' : 'error');
+    await loadLockStatus();
     loadActive();
 }
 
 async function loadSchedules() {
     await loadPlaylistsForSelect();
+    await loadLockStatus();
     await loadActive();
     const resp = await fetch('/admin/schedules/');
     const el = document.getElementById('schedules-list');
@@ -213,10 +269,14 @@ function closeModal() { const m = document.getElementById('admin-modal'); if (m)
 
 loadSchedules();
 
-// Keep the active-event banner fresh without a reload: re-check every 15s while
-// the tab is visible (the backend clears the row once the event plays out).
+// Keep the lock indicator and active-event banner fresh without a reload:
+// re-check every 15s while the tab is visible (the backend lifts the lock at
+// fire time and clears the active row once the event plays out).
 setInterval(() => {
-    if (document.visibilityState === 'visible') loadActive();
+    if (document.visibilityState === 'visible') {
+        loadLockStatus();
+        loadActive();
+    }
 }, 15000);
 </script>
 {% endblock %}

{kryten_webqueue-0.21.0 → kryten_webqueue-0.23.0}/kryten_webqueue/templates/user/dashboard.html

@@ -48,13 +48,14 @@
             </div>
 
             <div class="tab-panel" id="tab-vanity" role="tabpanel" hidden>
-                <p class="muted">Personalize how the bot greets you and your chat color. Each update is a one-time purchase.</p>
+                <p class="muted">Personalize how the bot greets you, your chat color, and shout yourself out. Each update is a one-time purchase.</p>
                 <div class="vanity-item">
                     <div class="vanity-row">
                         <span class="vanity-label">Greeting</span>
                         <button class="btn btn-sm" id="edit-greeting" disabled>Edit</button>
                     </div>
                     <div class="vanity-value" id="vanity-greeting">—</div>
+                    <div class="vanity-cta muted" id="cta-greeting">The bot welcomes you by name when you join.</div>
                 </div>
                 <div class="vanity-item">
                     <div class="vanity-row">
@@ -62,6 +63,15 @@
                         <button class="btn btn-sm" id="edit-color" disabled>Edit</button>
                     </div>
                     <div class="vanity-value" id="vanity-color">—</div>
+                    <div class="vanity-cta muted" id="cta-color">Stand out — pick a custom color for your chat messages.</div>
+                </div>
+                <div class="vanity-item">
+                    <div class="vanity-row">
+                        <span class="vanity-label">Shoutout</span>
+                        <button class="btn btn-sm" id="buy-shoutout" disabled>Send</button>
+                    </div>
+                    <div class="vanity-value" id="vanity-shoutout">—</div>
+                    <div class="vanity-cta muted" id="cta-shoutout">Have the bot post your message to the whole channel.</div>
                 </div>
             </div>
         </div>
@@ -223,6 +233,20 @@ function renderAccount(a) {
     cBtn.disabled = enabled.custom_color === false;
     gBtn.title = costs.custom_greeting ? `${fmt(costs.custom_greeting, sym)} per update` : '';
     cBtn.title = costs.custom_color ? `${fmt(costs.custom_color, sym)} per update` : '';
+
+    const shoutEl = document.getElementById('vanity-shoutout');
+    const shoutCost = costs.shoutout;
+    const shoutAvailable = enabled.shoutout !== false && shoutCost != null;
+    if (shoutAvailable) {
+        shoutEl.textContent = `Post a one-off message to chat for ${fmt(shoutCost, sym)}.`;
+        shoutEl.classList.remove('vanity-unset');
+    } else {
+        shoutEl.textContent = 'Unavailable';
+        shoutEl.classList.add('vanity-unset');
+    }
+    const sBtn = document.getElementById('buy-shoutout');
+    sBtn.disabled = !shoutAvailable;
+    sBtn.title = shoutAvailable ? `${fmt(shoutCost, sym)} per shoutout` : '';
 }
 
 // ── Vanity edit dialogs ────────────────────────────────────────
@@ -328,6 +352,55 @@ async function saveColor() {
     }
 }
 
+// ── Shoutout dialog ────────────────────────────────────────────
+function buyShoutout() {
+    if (!accountState) return;
+    const sym = accountState.currency_symbol || 'Z';
+    const costs = accountState.vanity_costs || {};
+    const enabled = accountState.vanity_enabled || {};
+    const cost = costs.shoutout;
+    if (enabled.shoutout === false || cost == null) {
+        showToast('Shoutouts are currently unavailable', 'error');
+        return;
+    }
+    showModal(`
+        <h3>Shoutout</h3>
+        <p class="muted">The bot posts your message to public chat as <strong>📢 ${escapeHtml(accountState.username || 'you')}: …</strong>. Cost: ${fmt(cost, sym)} each.</p>
+        <label class="field"><span>Message (max 200 characters)</span>
+          <textarea id="shoutout-input" maxlength="200" rows="3" placeholder="Say something to the whole channel"></textarea></label>
+        <div class="modal-actions">
+          <button class="btn" onclick="closeModal()">Cancel</button>
+          <button class="btn btn-primary" id="shoutout-save">Send shoutout</button>
+        </div>`);
+    document.getElementById('shoutout-save').addEventListener('click', saveShoutout);
+}
+
+async function saveShoutout() {
+    const value = document.getElementById('shoutout-input').value.trim();
+    if (!value) { showToast('Message cannot be empty', 'error'); return; }
+    const btn = document.getElementById('shoutout-save');
+    btn.disabled = true;
+    let resp;
+    try {
+        resp = await fetch('/user/vanity/shoutout', {
+            method: 'POST',
+            headers: {'Content-Type': 'application/json'},
+            body: JSON.stringify({value}),
+        });
+    } catch (e) {
+        showToast('Network error', 'error'); btn.disabled = false; return;
+    }
+    const data = await resp.json().catch(() => ({}));
+    if (resp.ok) {
+        showToast('Shoutout sent', 'success');
+        closeModal();
+        loadAccount();
+    } else {
+        showToast(data.detail || 'Shoutout failed', 'error');
+        btn.disabled = false;
+    }
+}
+
 // ── Queue history (MIDDLE column, paginated) ───────────────────
 const QUEUE_LIMIT = 20;
 let queueOffset = 0;
@@ -440,6 +513,7 @@ function closeModal() {
 // ── Init ───────────────────────────────────────────────────────
 document.getElementById('edit-greeting').addEventListener('click', editGreeting);
 document.getElementById('edit-color').addEventListener('click', editColor);
+document.getElementById('buy-shoutout').addEventListener('click', buyShoutout);
 document.querySelectorAll('.tx-toggle-btn').forEach(b => b.addEventListener('click', () => {
     document.querySelectorAll('.tx-toggle-btn').forEach(x => x.classList.remove('active'));
     b.classList.add('active');

{kryten_webqueue-0.21.0 → kryten_webqueue-0.23.0}/pyproject.toml

@@ -1,6 +1,6 @@
 [project]
 name = "kryten-webqueue"
-version = "0.21.0"
+version = "0.23.0"
 description = "Netflix/Tubi-style catalog browser and pay-to-play queue management for CyTube"
 readme = "README.md"
 license = "MIT"

kryten_webqueue-0.23.0/tests/test_schedule_lock.py

@@ -0,0 +1,130 @@
+"""Regression tests for the scheduled-event pre-fire pay-to-play lock.
+
+These cover a bug where the pre-fire lock lingered far past ``fire_at`` (until
+the calendar day rolled over at midnight). ``fire_at`` is stored as a raw ISO
+string with a ``T`` separator (e.g. ``2026-06-21T15:00:00+00:00`` from the
+scheduler, or ``...Z`` from the admin UI's ``toISOString``). The lock predicate
+compared it against ``datetime('now')`` (space-separated) without normalizing,
+so SQLite did a *string* comparison in which ``'T'`` (84) sorts after ``' '``
+(32). That kept ``fire_at > datetime('now')`` true from fire time until the date
+prefix changed, so a 15-minute lock effectively lasted until midnight.
+
+The fix wraps ``fire_at`` in ``datetime(...)`` on both sides so the comparison
+is over normalized timestamps.
+"""
+
+from datetime import datetime, timedelta, UTC
+
+import pytest
+
+from kryten_webqueue.catalog.db import Database
+
+
+@pytest.fixture
+async def db(tmp_path):
+    database = Database(str(tmp_path / "test.db"))
+    await database.connect()
+    await database.run_migrations()
+    yield database
+    await database.close()
+
+
+def _iso_offset(dt: datetime) -> str:
+    """Scheduler storage format, e.g. '2026-06-21T15:00:00+00:00'."""
+    return dt.astimezone(UTC).isoformat()
+
+
+def _iso_zulu(dt: datetime) -> str:
+    """Admin-UI storage format (JS Date.toISOString), e.g. '...T15:00:00.000Z'."""
+    return dt.astimezone(UTC).strftime("%Y-%m-%dT%H:%M:%S.000Z")
+
+
+async def _make_schedule(db: Database, *, fire_at: str, lock_minutes: int = 15) -> int:
+    return await db.create_schedule(
+        playlist_id=None,
+        label="Test Event",
+        fire_at=fire_at,
+        pre_fire_lock_minutes=lock_minutes,
+        is_active=True,
+        created_by="tester",
+    )
+
+
+@pytest.mark.parametrize("fmt", [_iso_offset, _iso_zulu])
+async def test_pre_fire_lock_releases_at_fire_time(db, fmt):
+    """A schedule whose fire_at has passed must NOT keep the queue locked.
+
+    Before the fix this returned True for the rest of the calendar day.
+    """
+    past = datetime.now(UTC) - timedelta(hours=2)
+    await _make_schedule(db, fire_at=fmt(past))
+    assert await db.is_pre_fire_lock_active() is False
+    assert await db.get_active_pre_fire_lock() is None
+
+
+async def test_pre_fire_lock_active_inside_window(db):
+    """Inside the pre-fire window (future fire_at), the lock is active."""
+    soon = datetime.now(UTC) + timedelta(minutes=5)
+    await _make_schedule(db, fire_at=_iso_offset(soon), lock_minutes=15)
+    assert await db.is_pre_fire_lock_active() is True
+    lock = await db.get_active_pre_fire_lock()
+    assert lock is not None and lock["label"] == "Test Event"
+
+
+async def test_pre_fire_lock_inactive_before_window(db):
+    """Before the pre-fire window opens, the lock is not active."""
+    later = datetime.now(UTC) + timedelta(hours=2)
+    await _make_schedule(db, fire_at=_iso_offset(later), lock_minutes=15)
+    assert await db.is_pre_fire_lock_active() is False
+
+
+async def test_get_next_schedule_ignores_past_fire(db):
+    """The 'next schedule' must skip events whose fire_at has already passed.
+
+    Before the fix a same-day past schedule was returned (and could even sort
+    ahead of a genuine upcoming one).
+    """
+    past = datetime.now(UTC) - timedelta(hours=2)
+    future = datetime.now(UTC) + timedelta(hours=3)
+    await _make_schedule(db, fire_at=_iso_offset(past))
+    future_id = await _make_schedule(db, fire_at=_iso_offset(future))
+
+    nxt = await db.get_next_schedule()
+    assert nxt is not None
+    assert nxt["id"] == future_id
+
+
+async def test_disable_active_pre_fire_locks_ends_lockout(db):
+    """One call lifts EVERY active pre-fire lock, across both stored formats."""
+    soon = datetime.now(UTC) + timedelta(minutes=5)
+    later = datetime.now(UTC) + timedelta(minutes=10)
+    await _make_schedule(db, fire_at=_iso_offset(soon), lock_minutes=15)
+    await _make_schedule(db, fire_at=_iso_zulu(later), lock_minutes=15)
+
+    assert await db.is_pre_fire_lock_active() is True
+    count = await db.disable_active_pre_fire_locks()
+    assert count == 2
+    assert await db.is_pre_fire_lock_active() is False
+
+
+async def test_disable_active_pre_fire_locks_noop_when_unlocked(db):
+    """No active window → nothing lifted, returns 0 (idempotent end-lockout)."""
+    later = datetime.now(UTC) + timedelta(hours=2)  # before its pre-fire window
+    await _make_schedule(db, fire_at=_iso_offset(later), lock_minutes=15)
+
+    assert await db.is_pre_fire_lock_active() is False
+    assert await db.disable_active_pre_fire_locks() == 0
+
+
+async def test_disable_active_pre_fire_locks_leaves_future_windows(db):
+    """Lifting the current lockout must not pre-emptively unlock a later event
+    whose pre-fire window has not opened yet."""
+    soon = datetime.now(UTC) + timedelta(minutes=5)    # in-window now
+    later = datetime.now(UTC) + timedelta(hours=4)     # window opens much later
+    await _make_schedule(db, fire_at=_iso_offset(soon), lock_minutes=15)
+    later_id = await _make_schedule(db, fire_at=_iso_offset(later), lock_minutes=15)
+
+    assert await db.disable_active_pre_fire_locks() == 1
+    later_sched = await db.get_schedule(later_id)
+    assert later_sched["lock_disabled"] == 0
+