Fix issues #6, #7, #11, #12, #13: med reminders, push notifications, auth persistence, scheduling conflicts

- Fix TIME object vs string comparison in scheduler preventing adaptive med
  reminders from ever firing (#12, #6)
- Add frequency filtering to midnight schedule creation for every_n_days meds
- Require start_date and interval_days for every_n_days medications
- Add refresh token support (30-day) to API and bot for persistent sessions (#13)
- Add "trusted device" checkbox to frontend login for long-lived sessions (#7)
- Auto-refresh expired tokens in both bot (apiRequest) and frontend (api.ts)
- Restore bot sessions from cache on restart using refresh tokens
- Duration-aware routine scheduling conflict detection (#11)
- Add conflict check when starting routine sessions against medication times
- Add diagnostic logging to notification delivery channels

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

synculous-client/src/app/login/page.tsx

@@ -9,6 +9,7 @@ export default function LoginPage() {
   const [isLogin, setIsLogin] = useState(true);
   const [username, setUsername] = useState('');
   const [password, setPassword] = useState('');
+  const [trustDevice, setTrustDevice] = useState(false);
   const [error, setError] = useState('');
   const [isLoading, setIsLoading] = useState(false);
   const { login, register } = useAuth();
@@ -21,10 +22,10 @@ export default function LoginPage() {
 
     try {
       if (isLogin) {
-        await login(username, password);
+        await login(username, password, trustDevice);
       } else {
         await register(username, password);
-        await login(username, password);
+        await login(username, password, trustDevice);
       }
       router.push('/');
     } catch (err) {
@@ -80,6 +81,18 @@ export default function LoginPage() {
             />
           </div>
 
+          {isLogin && (
+            <label className="flex items-center gap-2 text-sm text-gray-600 dark:text-gray-400">
+              <input
+                type="checkbox"
+                checked={trustDevice}
+                onChange={(e) => setTrustDevice(e.target.checked)}
+                className="w-4 h-4 rounded border-gray-300 text-indigo-500 focus:ring-indigo-500"
+              />
+              This is a trusted device
+            </label>
+          )}
+
           <button
             type="submit"
             disabled={isLoading}

synculous-client/src/components/auth/AuthProvider.tsx

@@ -9,7 +9,7 @@ interface AuthContextType {
   token: string | null;
   isLoading: boolean;
   isAuthenticated: boolean;
-  login: (username: string, password: string) => Promise<void>;
+  login: (username: string, password: string, trustDevice?: boolean) => Promise<void>;
   register: (username: string, password: string) => Promise<void>;
   logout: () => void;
   refreshUser: () => Promise<void>;
@@ -54,8 +54,8 @@ export function AuthProvider({ children }: { children: React.ReactNode }) {
     refreshUser();
   }, [refreshUser]);
 
-  const login = async (username: string, password: string) => {
-    const result = await api.auth.login(username, password);
+  const login = async (username: string, password: string, trustDevice = false) => {
+    const result = await api.auth.login(username, password, trustDevice);
     const storedToken = api.auth.getToken();
     setToken(storedToken);
     

synculous-client/src/lib/api.ts

@@ -11,11 +11,57 @@ function setToken(token: string): void {
 
 function clearToken(): void {
   localStorage.removeItem('token');
+  localStorage.removeItem('refresh_token');
+}
+
+function getRefreshToken(): string | null {
+  if (typeof window === 'undefined') return null;
+  return localStorage.getItem('refresh_token');
+}
+
+function setRefreshToken(token: string): void {
+  localStorage.setItem('refresh_token', token);
+}
+
+let refreshPromise: Promise<boolean> | null = null;
+
+async function tryRefreshToken(): Promise<boolean> {
+  // Deduplicate concurrent refresh attempts
+  if (refreshPromise) return refreshPromise;
+
+  refreshPromise = (async () => {
+    const refreshToken = getRefreshToken();
+    if (!refreshToken) return false;
+    try {
+      const resp = await fetch(`${API_URL}/api/refresh`, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({ refresh_token: refreshToken }),
+      });
+      if (resp.ok) {
+        const data = await resp.json();
+        if (data.token) {
+          setToken(data.token);
+          return true;
+        }
+      }
+      // Refresh token is invalid/expired - clear everything
+      clearToken();
+      return false;
+    } catch {
+      return false;
+    } finally {
+      refreshPromise = null;
+    }
+  })();
+
+  return refreshPromise;
 }
 
 async function request<T>(
   endpoint: string,
-  options: RequestInit = {}
+  options: RequestInit = {},
+  _retried = false,
 ): Promise<T> {
   const token = getToken();
   const headers: HeadersInit = {
@@ -31,6 +77,14 @@ async function request<T>(
     headers,
   });
 
+  // Auto-refresh on 401
+  if (response.status === 401 && !_retried) {
+    const refreshed = await tryRefreshToken();
+    if (refreshed) {
+      return request<T>(endpoint, options, true);
+    }
+  }
+
   if (!response.ok) {
     const body = await response.text();
     let errorMsg = 'Request failed';
@@ -49,12 +103,15 @@ async function request<T>(
 export const api = {
   // Auth
   auth: {
-    login: async (username: string, password: string) => {
-      const result = await request<{ token: string }>('/api/login', {
+    login: async (username: string, password: string, trustDevice = false) => {
+      const result = await request<{ token: string; refresh_token?: string }>('/api/login', {
         method: 'POST',
-        body: JSON.stringify({ username, password }),
+        body: JSON.stringify({ username, password, trust_device: trustDevice }),
       });
       setToken(result.token);
+      if (result.refresh_token) {
+        setRefreshToken(result.refresh_token);
+      }
       return result;
     },