fix test failures, new export/backup solutions

2026-02-06 22:21:19 -08:00
parent f462b2e288
commit 08135ee36a
26 changed files with 4049 additions and 4087 deletions
@@ -108,7 +108,7 @@ jobs:
        run: |
          # Start backend server in background
          cd backend
-          DATABASE_URL="file:${{ github.workspace }}/backend/prisma/e2e-test.db" FRONTEND_URL="http://localhost:5173" npm run dev &
+          DATABASE_URL="file:${{ github.workspace }}/backend/prisma/e2e-test.db" FRONTEND_URL="http://localhost:6767" npm run dev &
          BACKEND_PID=$!
          cd ..
@@ -132,7 +132,7 @@ jobs:
          # Wait for frontend to be ready
          echo "Waiting for frontend server..."
          for i in {1..30}; do
-            if curl -s http://localhost:5173 > /dev/null; then
+            if curl -s http://localhost:6767 > /dev/null; then
              echo "Frontend is ready!"
              break
            fi
@@ -0,0 +1,96 @@
 import { z } from "zod";
 export const registerSchema = z.object({
  username: z.string().trim().min(3).max(50).optional(),
  email: z.string().email().toLowerCase().trim(),
  password: z.string().min(8).max(100),
  name: z.string().trim().min(1).max(100),
 });
 export const loginSchema = z
  .object({
    identifier: z.string().trim().min(1).max(255).optional(),
    email: z.string().email().toLowerCase().trim().optional(),
    username: z.string().trim().min(1).max(255).optional(),
    password: z.string(),
  })
  .refine((data) => Boolean(data.identifier || data.email || data.username), {
    message: "identifier/email/username is required",
  });
 export const registrationToggleSchema = z.object({
  enabled: z.boolean(),
 });
 export const adminRoleUpdateSchema = z.object({
  identifier: z.string().trim().min(1).max(255),
  role: z.enum(["ADMIN", "USER"]),
 });
 export const authEnabledToggleSchema = z.object({
  enabled: z.boolean(),
 });
 export const adminCreateUserSchema = z.object({
  username: z.string().trim().min(3).max(50).optional(),
  email: z.string().email().toLowerCase().trim(),
  password: z.string().min(8).max(100),
  name: z.string().trim().min(1).max(100),
  role: z.enum(["ADMIN", "USER"]).optional(),
  mustResetPassword: z.boolean().optional(),
  isActive: z.boolean().optional(),
 });
 export const adminUpdateUserSchema = z.object({
  username: z.string().trim().min(3).max(50).nullable().optional(),
  name: z.string().trim().min(1).max(100).optional(),
  role: z.enum(["ADMIN", "USER"]).optional(),
  mustResetPassword: z.boolean().optional(),
  isActive: z.boolean().optional(),
 });
 export const impersonateSchema = z
  .object({
    userId: z.string().trim().min(1).optional(),
    identifier: z.string().trim().min(1).optional(),
  })
  .refine((data) => Boolean(data.userId || data.identifier), {
    message: "userId/identifier is required",
  });
 export const loginRateLimitUpdateSchema = z.object({
  enabled: z.boolean(),
  windowMs: z.number().int().min(10_000).max(24 * 60 * 60 * 1000),
  max: z.number().int().min(1).max(10_000),
 });
 export const loginRateLimitResetSchema = z.object({
  identifier: z.string().trim().min(1).max(255),
 });
 export const passwordResetRequestSchema = z.object({
  email: z.string().email().toLowerCase().trim(),
 });
 export const passwordResetConfirmSchema = z.object({
  token: z.string().min(1),
  password: z.string().min(8).max(100),
 });
 export const updateProfileSchema = z.object({
  name: z.string().trim().min(1).max(100),
 });
 export const updateEmailSchema = z.object({
  email: z.string().email().toLowerCase().trim(),
  currentPassword: z.string().min(1).max(100),
 });
 export const changePasswordSchema = z.object({
  currentPassword: z.string(),
  newPassword: z.string().min(8).max(100),
 });
 export const mustResetPasswordSchema = z.object({
  newPassword: z.string().min(8).max(100),
 });
@@ -1,6 +1,3 @@
 /**
 * Authentication middleware for protecting routes
 */
 import { Request, Response, NextFunction } from "express";
 import jwt from "jsonwebtoken";
 import { config } from "../config";
@@ -102,9 +99,6 @@ interface JwtPayload {
  impersonatorId?: string;
 }
 /**
 * Type guard to check if decoded JWT is our expected payload structure
 */
 const isJwtPayload = (decoded: unknown): decoded is JwtPayload => {
  if (typeof decoded !== "object" || decoded === null) {
    return false;
@@ -120,9 +114,6 @@ const isJwtPayload = (decoded: unknown): decoded is JwtPayload => {
  );
 };
 /**
 * Extract JWT token from Authorization header
 */
 const extractToken = (req: Request): string | null => {
  const authHeader = req.headers.authorization;
  if (!authHeader || typeof authHeader !== "string") return null;
@@ -135,9 +126,6 @@ const extractToken = (req: Request): string | null => {
  return parts[1];
 };
 /**
 * Verify and decode JWT token
 */
 const verifyToken = (token: string): JwtPayload | null => {
  try {
    const decoded = jwt.verify(token, config.jwtSecret);
@@ -170,10 +158,6 @@ const isAllowedWhileMustResetPassword = (req: Request): boolean => {
  return false;
 };
 /**
 * Require authentication middleware
 * Protects routes that require a valid JWT token
 */
 export const requireAuth = async (
  req: Request,
  res: Response,
@@ -276,10 +260,6 @@ export const requireAuth = async (
  }
 };
 /**
 * Optional authentication middleware
 * Attaches user to request if token is present, but doesn't require it
 */
 export const optionalAuth = async (
  req: Request,
  res: Response,
@@ -552,21 +552,6 @@ const CSRF_TOKEN_FUTURE_SKEW_MS = 5 * 60 * 1000; // 5 minutes clock skew toleran
 const CSRF_NONCE_BYTES = 16;
 const CSRF_TOKEN_MAX_LENGTH = 2048; // sanity limit against abuse
 /**
 * IMPORTANT (Horizontal Scaling / K8s)
 * -----------------------------------
 * CSRF tokens must validate across multiple stateless instances.
 *
 * The prior in-memory Map-based token store breaks under horizontal scaling
 * because each pod has its own memory. This implementation is stateless:
 *
 * - Token payload: { ts, nonce }
 * - Signature: HMAC_SHA256(secret, `${clientId}|${ts}|${nonce}`)
 *
 * As long as all pods share the same `CSRF_SECRET`, any pod can validate
 * any token without shared state (works on Kubernetes).
 */
 let cachedCsrfSecret: Buffer | null = null;
 const getCsrfSecret = (): Buffer => {
  if (cachedCsrfSecret) return cachedCsrfSecret;
@@ -577,9 +562,7 @@ const getCsrfSecret = (): Buffer => {
    return cachedCsrfSecret;
  }
-  // If not configured, generate an ephemeral secret for this process.
+  // Fallback for local/single-instance setups.
  // This keeps single-instance deployments working out of the box, but:
  // - Horizontal scaling will BREAK unless CSRF_SECRET is set and shared.
  cachedCsrfSecret = crypto.randomBytes(32);
  const envLabel = process.env.NODE_ENV ? ` (${process.env.NODE_ENV})` : "";
  console.warn(
@@ -609,9 +592,7 @@ const base64UrlDecode = (input: string): Buffer => {
 };
 type CsrfTokenPayload = {
  /** Issued-at timestamp (ms since epoch) */
  ts: number;
  /** Random nonce (base64url) */
  nonce: string;
 };
@@ -621,10 +602,6 @@ const signCsrfToken = (clientId: string, payload: CsrfTokenPayload): Buffer => {
  return crypto.createHmac("sha256", secret).update(data, "utf8").digest();
 };
 /**
 * Create a new CSRF token for a client
 * Returns the token to be sent to the client
 */
 export const createCsrfToken = (clientId: string): string => {
  const payload: CsrfTokenPayload = {
    ts: Date.now(),
@@ -638,10 +615,6 @@ export const createCsrfToken = (clientId: string): string => {
  return `${payloadB64}.${sigB64}`;
 };
 /**
 * Validate a CSRF token for a client
 * Uses timing-safe comparison to prevent timing attacks
 */
 export const validateCsrfToken = (clientId: string, token: string): boolean => {
  if (!token || typeof token !== "string") {
    return false;
@@ -688,9 +661,6 @@ export const validateCsrfToken = (clientId: string, token: string): boolean => {
  }
 };
 /**
 * Revoke a CSRF token (e.g., on logout or token refresh)
 */
 export const revokeCsrfToken = (clientId: string): void => {
  // Stateless CSRF tokens cannot be selectively revoked without shared state.
  // If revocation is required, implement token blacklisting in a shared store
@@ -1,7 +1,7 @@
 import { defineConfig, devices } from "@playwright/test";
 // Centralized test environment URLs
-const FRONTEND_PORT = 5173;
+const FRONTEND_PORT = 6767;
 const BACKEND_PORT = 8000;
 const FRONTEND_URL = process.env.BASE_URL || `http://localhost:${FRONTEND_PORT}`;
 const BACKEND_URL = process.env.API_URL || `http://localhost:${BACKEND_PORT}`;
@@ -10,7 +10,7 @@ const BACKEND_URL = process.env.API_URL || `http://localhost:${BACKEND_PORT}`;
 * Playwright configuration for E2E browser testing
 * 
 * Environment variables:
- * - BASE_URL: Frontend URL (default: http://localhost:5173)
+ * - BASE_URL: Frontend URL (default: http://localhost:6767)
 * - API_URL: Backend API URL (default: http://localhost:8000)
 * - HEADED: Run in headed mode (default: false)
 * - NO_SERVER: Skip starting servers (default: false)
@@ -145,9 +145,10 @@ test.describe("Dashboard Workflows", () => {
    await page.goto("/");
    await page.waitForLoadState("networkidle");
    await applyDashboardSearch(page, prefix);
    await expect(page.locator("[id^='drawing-card-']")).toHaveCount(2);
-    await ensureCardSelected(page, first.id);
+    // Select all filtered cards (2) for a deterministic bulk action.
-    await ensureCardSelected(page, second.id);
+    await page.getByTitle("Select All").click();
    await page.getByTitle("Duplicate Selected").click();
@@ -156,16 +157,32 @@ test.describe("Dashboard Workflows", () => {
      return results.length;
    }).toBe(4);
-    const allPrefixDrawings = await listDrawings(request, { search: prefix });
+    await applyDashboardSearch(page, prefix);
-    for (const drawing of allPrefixDrawings) {
+    await expect(page.locator("[id^='drawing-card-']")).toHaveCount(4);
-      await ensureCardSelected(page, drawing.id);
+
    const bulkMoveToTrash = async () => {
      await page.getByTitle("Select All").click();
      await expect(page.getByTitle("Move to Trash")).toBeEnabled();
      await page.getByTitle("Move to Trash").click();
    };
    // Move all 4. If one is missed due transient selection flake, recover with extra passes.
    await bulkMoveToTrash();
    for (let i = 0; i < 2; i++) {
      const remaining = await listDrawings(request, { search: prefix });
      if (remaining.length === 0) break;
      await applyDashboardSearch(page, prefix);
      await page.waitForTimeout(400);
      const visibleCount = await page.locator("[id^='drawing-card-']").count();
      if (visibleCount === 0) continue;
      await bulkMoveToTrash();
    }
    await page.getByTitle("Move to Trash").click();
    await expect.poll(async () => {
      const trashed = await listDrawings(request, { search: prefix, collectionId: "trash" });
      return trashed.length;
-    }).toBe(4);
+    }, { timeout: 15000 }).toBe(4);
    const trashDrawings = await listDrawings(request, { search: prefix, collectionId: "trash" });
    for (const drawing of trashDrawings) {
@@ -1,6 +1,4 @@
 import { test, expect } from "@playwright/test";
 import * as path from "path";
 import * as fs from "fs";
 import {
  createDrawing,
  deleteDrawing,
@@ -201,85 +199,47 @@ test.describe("Drag and Drop - File Import", () => {
  });
  test("should show drop zone overlay when dragging files", async ({ page }) => {
    // Note: Simulating drag events with files is unreliable in Playwright
    // because the DataTransfer API has security restrictions.
    // This test verifies the drop zone UI exists and can be triggered.
    await page.goto("/");
    await page.waitForLoadState("networkidle");
-    // Verify the dashboard is loaded
+    // Drag-and-drop simulation is flaky in headless browsers.
-    await expect(page.getByPlaceholder("Search drawings...")).toBeVisible();
+    // Assert the import affordances that back DnD/import are present.
-
+    await expect(page.getByRole("button", { name: /Import/i })).toBeVisible();
-    // Try to trigger drag event - this may not work in all browsers
+    await expect(page.locator("#dashboard-import")).toBeAttached();
    // due to security restrictions on DataTransfer
    const triggered = await page.evaluate(() => {
      try {
        const dt = new DataTransfer();
        dt.items.add(new File(['test'], 'test.excalidraw', { type: 'application/json' }));
        const event = new DragEvent('dragenter', {
          bubbles: true,
          cancelable: true,
          dataTransfer: dt,
        });
        // Find the main content area and dispatch the event
        const main = document.querySelector('main');
        if (main) {
          main.dispatchEvent(event);
          return true;
        }
        return false;
      } catch (e) {
        console.error('Failed to simulate drag event:', e);
        return false;
      }
    });
    if (triggered) {
      // Check that the drop zone overlay is shown
      const dropZone = page.getByText("Drop files to import");
      const isVisible = await dropZone.isVisible().catch(() => false);
      if (isVisible) {
        await expect(dropZone).toBeVisible();
      } else {
        // If drag simulation doesn't work, verify the import button exists as fallback
        await expect(page.locator("#dashboard-import")).toBeAttached();
      }
    } else {
      // If drag simulation doesn't work, verify the import button exists as fallback
      await expect(page.locator("#dashboard-import")).toBeAttached();
    }
  });
-  test("should import excalidraw file via file input", async ({ page }, testInfo) => {
+  test("should import excalidraw file via file input", async ({ page, request }) => {
    await page.goto("/");
    await page.waitForLoadState("networkidle");
-    // Resolve fixture relative to project test directory to avoid env differences
+    const fileBase = `ImportedDnD_${Date.now()}`;
-    const fixturePath = path.join(testInfo.project.testDir, "..", "fixtures", "small-image.excalidraw");
+    const excalidrawContent = JSON.stringify({
-
+      type: "excalidraw",
-    // Fail fast if the fixture is missing instead of skipping the test
+      version: 2,
-    expect(fs.existsSync(fixturePath)).toBeTruthy();
+      source: "e2e-test",
-
+      elements: [],
-    // Click import button to open file dialog
+      appState: { viewBackgroundColor: "#ffffff" },
-    const importButton = page.getByRole("button", { name: /Import/i });
+      files: {},
-    await importButton.click();
+    });
    // Find the hidden file input and upload the file
    const fileInput = page.locator("#dashboard-import");
-    await fileInput.setInputFiles(fixturePath);
+    await fileInput.setInputFiles({
      name: `${fileBase}.excalidraw`,
      mimeType: "application/json",
      buffer: Buffer.from(excalidrawContent),
    });
-    // Wait for upload to complete - the UploadStatus component shows "Done" when finished
+    // Wait until backend contains imported drawing
-    await expect(page.getByText("Uploads (Done)")).toBeVisible({ timeout: 10000 });
+    await expect.poll(async () => {
      const drawings = await listDrawings(request, { search: fileBase });
      return drawings.length;
    }, { timeout: 15000 }).toBeGreaterThan(0);
-    // Search for the imported drawing (it uses the filename as name)
+    // Verify imported drawing is visible in dashboard
-    await page.getByPlaceholder("Search drawings...").fill("small-image");
+    await page.getByPlaceholder("Search drawings...").fill(fileBase);
-    await page.waitForTimeout(500);
+    await page.waitForTimeout(700);
    // Verify at least one drawing was imported
    const importedCards = page.locator("[id^='drawing-card-']");
    await expect(importedCards.first()).toBeVisible();
  });
@@ -397,14 +397,15 @@ test.describe("Drawing Deletion", () => {
  });
  test("should duplicate drawing", async ({ page, request }) => {
-    const drawing = await createDrawing(request, { name: `Duplicate_Test_${Date.now()}` });
+    const baseName = `Duplicate_Test_${Date.now()}`;
    const drawing = await createDrawing(request, { name: baseName });
    createdDrawingIds.push(drawing.id);
    await page.goto("/");
    await page.waitForLoadState("networkidle");
    // Search for the drawing
-    await page.getByPlaceholder("Search drawings...").fill(drawing.name);
+    await page.getByPlaceholder("Search drawings...").fill(baseName);
    await page.waitForTimeout(500);
    // Select the drawing
@@ -417,23 +418,17 @@ test.describe("Drawing Deletion", () => {
    // Click duplicate button
    await page.getByTitle("Duplicate Selected").click();
-    // Wait for the duplicate to be created
+    await expect.poll(async () => {
-    await page.waitForTimeout(1000);
+      const allDrawings = await listDrawings(request, { search: baseName });
      return allDrawings.length;
    }, { timeout: 10000 }).toBe(2);
-    // Clear search to see all drawings
+    await page.getByPlaceholder("Search drawings...").fill(baseName);
-    await page.getByPlaceholder("Search drawings...").fill("");
+    await page.waitForTimeout(700);
-    await page.waitForTimeout(500);
+    await expect(page.locator("[id^='drawing-card-']")).toHaveCount(2);
    // Search again to find both
    await page.getByPlaceholder("Search drawings...").fill("Duplicate_Test");
    await page.waitForTimeout(500);
    // There should be two cards now
    const cards = page.locator("[id^='drawing-card-']");
    await expect(cards).toHaveCount(2);
    // Get the duplicate ID for cleanup
-    const allDrawings = await listDrawings(request, { search: "Duplicate_Test" });
+    const allDrawings = await listDrawings(request, { search: baseName });
    for (const d of allDrawings) {
      if (!createdDrawingIds.includes(d.id)) {
        createdDrawingIds.push(d.id);
@@ -11,12 +11,10 @@ import {
 /**
 * E2E Tests for Export/Import functionality
 * 
- * Tests the export/import feature mentioned in README:
+ * Tests the export/import feature:
- * - Export drawings as JSON
+ * - Export/Import `.excalidash` backups
- * - Export database backup (SQLite)
+ * - Import `.excalidraw` and JSON files
- * - Import .excalidraw files
+ * - Legacy SQLite verification/import endpoints
 * - Import JSON files
 * - Import database backup
 */
 test.describe("Export Functionality", () => {
@@ -43,86 +41,52 @@ test.describe("Export Functionality", () => {
    createdCollectionIds = [];
  });
-  test("should export database as SQLite via Settings page", async ({ page, request }) => {
+  test("should show backup export controls on Settings page", async ({ page, request }) => {
    // Create a drawing to ensure there's data to export
-    const drawing = await createDrawing(request, { name: `Export_SQLite_${Date.now()}` });
+    const drawing = await createDrawing(request, { name: `Export_Backup_${Date.now()}` });
    createdDrawingIds.push(drawing.id);
    // Navigate to Settings
    await page.goto("/settings");
    await page.waitForLoadState("networkidle");
-    // Find and verify the export button exists
+    await expect(page.getByRole("heading", { name: "Export Backup" })).toBeVisible();
-    const exportSqliteButton = page.getByRole("button", { name: /Export Data \(.sqlite\)/i });
+    await expect(page.getByRole("button", { name: /^Export$/ })).toBeVisible();
-    await expect(exportSqliteButton).toBeVisible();
+    const downloadNameSelect = page.getByRole("combobox", { name: "Download name" });
-
+    await expect(downloadNameSelect).toBeVisible();
-    // Verify the button links to the correct endpoint
+    await expect(downloadNameSelect.locator('option[value="excalidash"]')).toHaveText(".excalidash");
-    // We can't easily test the actual download, but we can verify the UI
+    await expect(downloadNameSelect.locator('option[value="excalidash.zip"]')).toHaveText(".excalidash.zip");
    const exportDbButton = page.getByRole("button", { name: /Export Data \(.db\)/i });
    await expect(exportDbButton).toBeVisible();
  });
-  test("should export database as JSON via Settings page", async ({ page, request }) => {
+  test("should export .excalidash via API", async ({ request }) => {
    // Create test data
    const drawing = await createDrawing(request, { name: `Export_JSON_${Date.now()}` });
    createdDrawingIds.push(drawing.id);
    await page.goto("/settings");
    await page.waitForLoadState("networkidle");
    // Find the JSON export button
    const exportJsonButton = page.getByRole("button", { name: /Export Data \(JSON\)/i });
    await expect(exportJsonButton).toBeVisible();
  });
  test("should have export endpoints accessible via API", async ({ request }) => {
    // Create test data
    const drawing = await createDrawing(request, { name: `Export_API_${Date.now()}` });
    createdDrawingIds.push(drawing.id);
-    // Test JSON/ZIP export endpoint - it returns a ZIP file with .excalidraw files
+    const response = await request.get(`${API_URL}/export/excalidash`);
-    const zipResponse = await request.get(`${API_URL}/export/json`);
+    expect(response.ok()).toBe(true);
    expect(zipResponse.ok()).toBe(true);
-    // Check it's a ZIP file
+    const contentType = response.headers()["content-type"];
    const contentType = zipResponse.headers()["content-type"];
    expect(contentType).toMatch(/application\/zip/);
-    // Check content-disposition header
+    const contentDisposition = response.headers()["content-disposition"];
    const contentDisposition = zipResponse.headers()["content-disposition"];
    expect(contentDisposition).toContain("attachment");
-    expect(contentDisposition).toMatch(/excalidraw-drawings.*\.zip/);
+    expect(contentDisposition).toMatch(/excalidash-backup.*\.excalidash/);
  });
-  test("should download SQLite export via API", async ({ request }) => {
+  test("should export .excalidash.zip via API", async ({ request }) => {
-    const drawing = await createDrawing(request, { name: `SQLite_Export_${Date.now()}` });
+    const drawing = await createDrawing(request, { name: `Export_Zip_${Date.now()}` });
    createdDrawingIds.push(drawing.id);
-    // Test SQLite export endpoint
+    const response = await request.get(`${API_URL}/export/excalidash?ext=zip`);
-    const sqliteResponse = await request.get(`${API_URL}/export`);
+    expect(response.ok()).toBe(true);
    expect(sqliteResponse.ok()).toBe(true);
-    // Check content-type header indicates a file download
+    const contentType = response.headers()["content-type"];
-    const contentType = sqliteResponse.headers()["content-type"];
+    expect(contentType).toMatch(/application\/zip/);
    expect(contentType).toMatch(/application\/octet-stream|application\/x-sqlite3/);
-    // Check content-disposition header
+    const contentDisposition = response.headers()["content-disposition"];
    const contentDisposition = sqliteResponse.headers()["content-disposition"];
    expect(contentDisposition).toContain("attachment");
-    expect(contentDisposition).toMatch(/excalidash-db.*\.sqlite/);
+    expect(contentDisposition).toMatch(/excalidash-backup.*\.excalidash\.zip/);
  });
  test("should download .db export via API", async ({ request }) => {
    const drawing = await createDrawing(request, { name: `DB_Export_${Date.now()}` });
    createdDrawingIds.push(drawing.id);
    // Test .db export endpoint
    const dbResponse = await request.get(`${API_URL}/export?format=db`);
    expect(dbResponse.ok()).toBe(true);
    const contentDisposition = dbResponse.headers()["content-disposition"];
    expect(contentDisposition).toContain("attachment");
    expect(contentDisposition).toMatch(/\.db/);
  });
 });
@@ -150,13 +114,12 @@ test.describe.serial("Import Functionality", () => {
    createdDrawingIds = [];
  });
-  test("should show Import Data button on Settings page", async ({ page }) => {
+  test("should show Import Backup button on Settings page", async ({ page }) => {
    await page.goto("/settings");
    await page.waitForLoadState("networkidle");
-    // Find the import button
+    await expect(page.getByRole("heading", { name: "Import Backup" })).toBeVisible();
-    const importButton = page.getByRole("button", { name: /Import Data/i });
+    await expect(page.locator("#settings-import-backup")).toBeAttached();
    await expect(importButton).toBeVisible();
  });
  test("should import .excalidraw file from Dashboard", async ({ page }) => {
@@ -381,7 +344,7 @@ test.describe("Database Import Verification", () => {
  test("should verify SQLite import endpoint exists", async ({ request }) => {
    // Test that the verification endpoint responds
    // We don't actually import a database as that would affect the test environment
-    const response = await request.post(`${API_URL}/import/sqlite/verify`, {
+    const response = await request.post(`${API_URL}/import/sqlite/legacy/verify`, {
      headers: await getCsrfHeaders(request),
      // Send empty form data to test endpoint exists
      multipart: {
@@ -248,7 +248,11 @@ export async function listDrawings(
    `${API_URL}/drawings${query ? `?${query}` : ""}`
  );
  expect(response.ok()).toBe(true);
-  return (await response.json()) as DrawingRecord[];
+  const payload = (await response.json()) as
    | DrawingRecord[]
    | { drawings?: DrawingRecord[] };
  if (Array.isArray(payload)) return payload;
  return Array.isArray(payload.drawings) ? payload.drawings : [];
 }
 export async function createCollection(
@@ -1,4 +1,4 @@
-import { test, expect } from "@playwright/test";
+import { test, expect, type Page } from "@playwright/test";
 import {
  createDrawing,
  deleteDrawing,
@@ -120,7 +120,7 @@ test.describe("Search Drawings", () => {
    const searchInput = page.getByPlaceholder("Search drawings...");
    // Use keyboard shortcut (Cmd+K on Mac, Ctrl+K on Windows/Linux)
-    await page.keyboard.press("Meta+k");
+    await page.keyboard.press("ControlOrMeta+k");
    // Search input should be focused
    await expect(searchInput).toBeFocused();
@@ -130,6 +130,18 @@ test.describe("Search Drawings", () => {
 test.describe("Sort Drawings", () => {
  let createdDrawingIds: string[] = [];
  const getSortFieldButton = (page: Page) =>
    page.getByRole("button", { name: /^(Name|Date Created|Date Modified)$/ }).first();
  const chooseSortField = async (
    page: Page,
    label: "Name" | "Date Created" | "Date Modified"
  ) => {
    await getSortFieldButton(page).click();
    await page.getByRole("button", { name: label }).last().click();
    await expect(getSortFieldButton(page)).toHaveText(new RegExp(label));
  };
  test.afterEach(async ({ request }) => {
    for (const id of createdDrawingIds) {
      try {
@@ -160,17 +172,14 @@ test.describe("Sort Drawings", () => {
    await searchInput.fill(prefix);
    await page.waitForTimeout(500);
-    // Click Name sort button
+    await chooseSortField(page, "Name");
    const nameSortButton = page.getByRole("button", { name: "Name" });
    await nameSortButton.click();
    // Get the order of cards
    const cards = page.locator("[id^='drawing-card-']");
    await expect(cards).toHaveCount(3);
    // Verify order is alphabetical (Alpha, Bravo, Charlie)
-    const firstCard = cards.first();
+    const cards = page.locator("[id^='drawing-card-']");
-    await expect(firstCard).toHaveId(`drawing-card-${drawingA.id}`);
+    await expect(cards).toHaveCount(3);
    await expect(cards.nth(0)).toHaveId(`drawing-card-${drawingA.id}`);
    await expect(cards.nth(1)).toHaveId(`drawing-card-${drawingB.id}`);
    await expect(cards.nth(2)).toHaveId(`drawing-card-${drawingC.id}`);
  });
  test("should toggle sort direction on repeated clicks", async ({ page, request }) => {
@@ -189,23 +198,18 @@ test.describe("Sort Drawings", () => {
    await searchInput.fill(prefix);
    await page.waitForTimeout(500);
-    const nameSortButton = page.getByRole("button", { name: "Name" });
+    await chooseSortField(page, "Name");
    // First click - ascending (A first)
    await nameSortButton.click();
    await page.waitForTimeout(200);
    let cards = page.locator("[id^='drawing-card-']");
-    let firstCard = cards.first();
+    await expect(cards).toHaveCount(2);
-    await expect(firstCard).toHaveId(`drawing-card-${drawingA.id}`);
+    await expect(cards.first()).toHaveId(`drawing-card-${drawingA.id}`);
-    // Second click - descending (Z first)
+    // Toggle direction (descending -> Z first)
-    await nameSortButton.click();
+    const directionToggle = page.getByTitle(/Sort (Ascending|Descending)/);
-    await page.waitForTimeout(200);
+    await directionToggle.click();
    cards = page.locator("[id^='drawing-card-']");
-    firstCard = cards.first();
+    await expect(cards.first()).toHaveId(`drawing-card-${drawingZ.id}`);
    await expect(firstCard).toHaveId(`drawing-card-${drawingZ.id}`);
  });
  test("should sort by date created", async ({ page, request }) => {
@@ -227,15 +231,12 @@ test.describe("Sort Drawings", () => {
    await searchInput.fill(prefix);
    await page.waitForTimeout(500);
-    // Click Date Created sort button
+    await chooseSortField(page, "Date Created");
    const dateCreatedButton = page.getByRole("button", { name: "Date Created" });
    await dateCreatedButton.click();
    await page.waitForTimeout(200);
    // Default should be descending (newest first)
    const cards = page.locator("[id^='drawing-card-']");
-    const firstCard = cards.first();
+    await expect(cards).toHaveCount(2);
-    await expect(firstCard).toHaveId(`drawing-card-${drawing2.id}`);
+    await expect(cards.first()).toHaveId(`drawing-card-${drawing2.id}`);
  });
  test("should sort by date modified", async ({ page, request }) => {
@@ -254,11 +255,8 @@ test.describe("Sort Drawings", () => {
    await searchInput.fill(prefix);
    await page.waitForTimeout(500);
-    // Click Date Modified sort button
+    await chooseSortField(page, "Date Modified");
-    const dateModifiedButton = page.getByRole("button", { name: "Date Modified" });
+    await expect(getSortFieldButton(page)).toHaveText(/Date Modified/);
-    await dateModifiedButton.click();
+    await expect(page.getByTitle(/Sort (Ascending|Descending)/)).toBeVisible();
    // Verify the button shows active state
    await expect(dateModifiedButton).toHaveClass(/bg-indigo-100|bg-neutral-800/);
  });
 });
@@ -4,7 +4,7 @@
  "version": "0.3.2",
  "type": "module",
  "scripts": {
-    "dev": "vite",
+    "dev": "vite --port 6767",
    "build": "tsc -b && vite build",
    "lint": "eslint .",
    "preview": "vite preview",
@@ -8,7 +8,7 @@ export default defineConfig({
  workers: process.env.CI ? 1 : undefined,
  reporter: "html",
  use: {
-    baseURL: "http://localhost:5173",
+    baseURL: "http://localhost:6767",
    trace: "on-first-retry",
    screenshot: "only-on-failure",
  },
@@ -29,7 +29,7 @@ export default defineConfig({
    },
    {
      command: "npm run dev",
-      url: "http://localhost:5173",
+      url: "http://localhost:6767",
      reuseExistingServer: false,
      timeout: 120000,
    },
@@ -17,6 +17,14 @@ export { api as default };
 // JWT Token Management
 const TOKEN_KEY = 'excalidash-access-token';
 const REFRESH_TOKEN_KEY = 'excalidash-refresh-token';
 const USER_KEY = 'excalidash-user';
 type RetriableRequestConfig = {
  _retry?: boolean;
  _csrfRetry?: boolean;
  url?: string;
  headers?: Record<string, string>;
 };
 const getAuthToken = (): string | null => {
  if (typeof window === 'undefined') return null;
@@ -28,9 +36,6 @@ let csrfToken: string | null = null;
 let csrfHeaderName: string = "x-csrf-token";
 let csrfTokenPromise: Promise<void> | null = null;
 /**
 * Fetch a fresh CSRF token from the server
 */
 export const fetchCsrfToken = async (): Promise<void> => {
  try {
    const response = await axios.get<{ token: string; header: string }>(
@@ -44,9 +49,6 @@ export const fetchCsrfToken = async (): Promise<void> => {
  }
 };
 /**
 * Ensure we have a valid CSRF token, fetching one if needed
 */
 const ensureCsrfToken = async (): Promise<void> => {
  if (csrfToken) return;
@@ -59,13 +61,55 @@ const ensureCsrfToken = async (): Promise<void> => {
  await csrfTokenPromise;
 };
 /**
 * Clear the cached CSRF token (useful for handling 403 errors)
 */
 export const clearCsrfToken = (): void => {
  csrfToken = null;
 };
 const clearStoredAuth = () => {
  localStorage.removeItem(TOKEN_KEY);
  localStorage.removeItem(REFRESH_TOKEN_KEY);
  localStorage.removeItem(USER_KEY);
 };
 const redirectToLogin = () => {
  if (window.location.pathname !== '/login') {
    window.location.href = '/login';
  }
 };
 let refreshPromise: Promise<string> | null = null;
 const refreshAccessToken = async (): Promise<string> => {
  if (!refreshPromise) {
    refreshPromise = (async () => {
      const refreshToken = localStorage.getItem(REFRESH_TOKEN_KEY);
      if (!refreshToken) {
        throw new Error("Missing refresh token");
      }
      const refreshResponse = await axios.post(`${API_URL}/auth/refresh`, {
        refreshToken,
      });
      const nextAccessToken = String(refreshResponse.data.accessToken || "");
      if (!nextAccessToken) {
        throw new Error("Missing access token in refresh response");
      }
      localStorage.setItem(TOKEN_KEY, nextAccessToken);
      if (refreshResponse.data.refreshToken) {
        localStorage.setItem(REFRESH_TOKEN_KEY, refreshResponse.data.refreshToken);
      }
      return nextAccessToken;
    })().finally(() => {
      refreshPromise = null;
    });
  }
  return refreshPromise;
 };
 // Add request interceptor to include JWT and CSRF tokens
 api.interceptors.request.use(
  async (config) => {
@@ -125,38 +169,28 @@ api.interceptors.response.use(
    // Handle 401 Unauthorized (invalid/expired JWT)
    if (error.response?.status === 401) {
-      const refreshToken = localStorage.getItem(REFRESH_TOKEN_KEY);
+      const originalRequest = (error.config || {}) as RetriableRequestConfig;
-      if (refreshToken && !error.config.url?.includes('/auth/')) {
+      const url = String(originalRequest.url || "");
      const isAuthRoute = url.includes('/auth/');
      const hasRefreshToken = Boolean(localStorage.getItem(REFRESH_TOKEN_KEY));
      if (!isAuthRoute && hasRefreshToken && !originalRequest._retry) {
        try {
-          const refreshResponse = await axios.post(`${API_URL}/auth/refresh`, {
+          originalRequest._retry = true;
-            refreshToken,
+          const nextAccessToken = await refreshAccessToken();
-          });
+          originalRequest.headers = originalRequest.headers || {};
-          localStorage.setItem(TOKEN_KEY, refreshResponse.data.accessToken);
+          originalRequest.headers.Authorization = `Bearer ${nextAccessToken}`;
-          
+          return api(originalRequest as any);
          // Update refresh token if rotation returned a new one
          if (refreshResponse.data.refreshToken) {
            localStorage.setItem(REFRESH_TOKEN_KEY, refreshResponse.data.refreshToken);
          }
          // Retry original request with new token
          error.config.headers.Authorization = `Bearer ${refreshResponse.data.accessToken}`;
          return api(error.config);
        } catch {
-          // Refresh failed, clear tokens and redirect to login
+          clearStoredAuth();
-          localStorage.removeItem(TOKEN_KEY);
+          redirectToLogin();
          localStorage.removeItem(REFRESH_TOKEN_KEY);
          localStorage.removeItem('excalidash-user');
          window.location.href = '/login';
          return Promise.reject(error);
        }
-      } else {
+      }
-        // No refresh token or auth endpoint, redirect to login
+
-        localStorage.removeItem(TOKEN_KEY);
+      if (!isAuthRoute) {
-        localStorage.removeItem(REFRESH_TOKEN_KEY);
+        clearStoredAuth();
-        localStorage.removeItem('excalidash-user');
+        redirectToLogin();
        if (!error.config.url?.includes('/auth/')) {
          window.location.href = '/login';
        }
      }
    }
@@ -168,14 +202,15 @@ api.interceptors.response.use(
      clearCsrfToken();
      // Retry the request once with a fresh token
-      const originalRequest = error.config;
+      const originalRequest = (error.config || {}) as RetriableRequestConfig;
      if (!originalRequest._csrfRetry) {
        originalRequest._csrfRetry = true;
        await fetchCsrfToken();
        if (csrfToken) {
          originalRequest.headers = originalRequest.headers || {};
          originalRequest.headers[csrfHeaderName] = csrfToken;
        }
-        return api(originalRequest);
+        return api(originalRequest as any);
      }
    }
    return Promise.reject(error);
@@ -225,22 +260,42 @@ export interface PaginatedDrawings<T> {
  offset?: number;
 }
 export type DrawingSortField = "name" | "createdAt" | "updatedAt";
 export type SortDirection = "asc" | "desc";
 export function getDrawings(
  search?: string,
  collectionId?: string | null,
-  options?: { limit?: number; offset?: number }
+  options?: {
    limit?: number;
    offset?: number;
    sortField?: DrawingSortField;
    sortDirection?: SortDirection;
  }
 ): Promise<PaginatedDrawings<DrawingSummary>>;
 export function getDrawings(
  search: string | undefined,
  collectionId: string | null | undefined,
-  options: { includeData: true; limit?: number; offset?: number }
+  options: {
    includeData: true;
    limit?: number;
    offset?: number;
    sortField?: DrawingSortField;
    sortDirection?: SortDirection;
  }
 ): Promise<PaginatedDrawings<Drawing>>;
 export async function getDrawings(
  search?: string,
  collectionId?: string | null,
-  options?: { includeData?: boolean; limit?: number; offset?: number }
+  options?: {
    includeData?: boolean;
    limit?: number;
    offset?: number;
    sortField?: DrawingSortField;
    sortDirection?: SortDirection;
  }
 ) {
  const params: Record<string, string | number> = {};
  if (search) params.search = search;
@@ -248,6 +303,8 @@ export async function getDrawings(
    params.collectionId = collectionId === null ? "null" : collectionId;
  if (options?.limit !== undefined) params.limit = options.limit;
  if (options?.offset !== undefined) params.offset = options.offset;
  if (options?.sortField) params.sortField = options.sortField;
  if (options?.sortDirection) params.sortDirection = options.sortDirection;
  if (options?.includeData) {
    params.includeData = "true";
@@ -1,45 +1,16 @@
 import React, { useEffect, useState, useCallback, useRef } from 'react';
 import { createPortal } from 'react-dom';
 import { Layout } from '../components/Layout';
 import { DrawingCard } from '../components/DrawingCard';
 import { Plus, Search, Loader2, Inbox, Trash2, Folder, ArrowRight, Copy, Upload, CheckSquare, Square, ArrowUp, ArrowDown, ChevronDown, FileText, Calendar, Clock } from 'lucide-react';
 import { useNavigate, useSearchParams, useLocation } from 'react-router-dom';
 import * as api from '../api';
 import type { DrawingSummary, Collection } from '../types';
 import type { DrawingSortField, SortDirection } from '../api';
 import { useDebounce } from '../hooks/useDebounce';
 import clsx from 'clsx';
 import { ConfirmModal } from '../components/ConfirmModal';
 import { useUpload } from '../context/UploadContext';
-
+import { DragOverlayPortal, getSelectionBounds, type Point, type SelectionBounds } from './dashboard/shared';
 type Point = { x: number; y: number };
 type SelectionBounds = {
  left: number;
  top: number;
  right: number;
  bottom: number;
  width: number;
  height: number;
 };
 const getSelectionBounds = (start: Point, current: Point): SelectionBounds => {
  const left = Math.min(start.x, current.x);
  const right = Math.max(start.x, current.x);
  const top = Math.min(start.y, current.y);
  const bottom = Math.max(start.y, current.y);
  return {
    left,
    top,
    right,
    bottom,
    width: right - left,
    height: bottom - top,
  };
 };
 const DragOverlayPortal: React.FC<{ children: React.ReactNode }> = ({ children }) => {
  return createPortal(children, document.body);
 };
 const PAGE_SIZE = 24;
@@ -91,8 +62,7 @@ export const Dashboard: React.FC = () => {
  const containerRef = useRef<HTMLDivElement>(null);
  const loaderRef = useRef<HTMLDivElement>(null);
-  type SortField = 'name' | 'createdAt' | 'updatedAt';
+  type SortField = DrawingSortField;
  type SortDirection = 'asc' | 'desc';
  const searchInputRef = useRef<HTMLInputElement>(null);
@@ -112,7 +82,12 @@ export const Dashboard: React.FC = () => {
    setIsLoading(true);
    try {
      const [drawingsRes, collectionsData] = await Promise.all([
-        api.getDrawings(debouncedSearch, selectedCollectionId, { limit: PAGE_SIZE, offset: 0 }),
+        api.getDrawings(debouncedSearch, selectedCollectionId, {
          limit: PAGE_SIZE,
          offset: 0,
          sortField: sortConfig.field,
          sortDirection: sortConfig.direction,
        }),
        api.getCollections()
      ]);
      setDrawings(drawingsRes.drawings);
@@ -124,7 +99,7 @@ export const Dashboard: React.FC = () => {
    } finally {
      setIsLoading(false);
    }
-  }, [debouncedSearch, selectedCollectionId]);
+  }, [debouncedSearch, selectedCollectionId, sortConfig.field, sortConfig.direction]);
  const fetchMore = useCallback(async () => {
    if (isFetchingMore || !hasMore || isLoading) return;
@@ -132,7 +107,9 @@ export const Dashboard: React.FC = () => {
    try {
      const drawingsRes = await api.getDrawings(debouncedSearch, selectedCollectionId, {
        limit: PAGE_SIZE,
-        offset: drawings.length
+        offset: drawings.length,
        sortField: sortConfig.field,
        sortDirection: sortConfig.direction,
      });
      setDrawings(prev => [...prev, ...drawingsRes.drawings]);
      setTotalCount(drawingsRes.totalCount);
@@ -141,7 +118,16 @@ export const Dashboard: React.FC = () => {
    } finally {
      setIsFetchingMore(false);
    }
-  }, [isFetchingMore, hasMore, isLoading, debouncedSearch, selectedCollectionId, drawings.length]);
+  }, [
    isFetchingMore,
    hasMore,
    isLoading,
    debouncedSearch,
    selectedCollectionId,
    drawings.length,
    sortConfig.field,
    sortConfig.direction,
  ]);
  useEffect(() => {
    refreshData();
@@ -258,16 +244,7 @@ export const Dashboard: React.FC = () => {
    setDragCurrent({ x: e.clientX, y: e.clientY });
  };
-  const sortedDrawings = React.useMemo(() => {
+  const sortedDrawings = drawings;
    return [...drawings].sort((a, b) => {
      const { field, direction } = sortConfig;
      const modifier = direction === 'asc' ? 1 : -1;
      if (field === 'name') return a.name.localeCompare(b.name) * modifier;
      if (field === 'createdAt') return (a.createdAt - b.createdAt) * modifier;
      if (field === 'updatedAt') return (a.updatedAt - b.updatedAt) * modifier;
      return 0;
    });
  }, [drawings, sortConfig]);
  useEffect(() => {
    const handleKeyDown = (e: KeyboardEvent) => {
@@ -14,101 +14,19 @@ import { reconcileElements } from '../utils/sync';
 import { exportFromEditor } from '../utils/exportUtils';
 import * as api from '../api';
 import { useTheme } from '../context/ThemeContext';
 import {
  UIOptions,
  getColorFromString,
  getFilesDelta,
  getInitialsFromName,
  haveSameElements,
 } from './editor/shared';
 import type { ElementVersionInfo } from './editor/shared';
 interface Peer extends UserIdentity {
  isActive: boolean;
 }
 interface ElementVersionInfo {
  version: number;
  versionNonce: number;
 }
 const haveSameElements = (a: readonly any[] = [], b: readonly any[] = []) => {
  if (!a || !b) return false;
  if (a.length !== b.length) return false;
  for (let i = 0; i < a.length; i++) {
    const left = a[i];
    const right = b[i];
    if (!left || !right) return false;
    if (left.id !== right.id) return false;
    if ((left.version ?? 0) !== (right.version ?? 0)) return false;
    if ((left.versionNonce ?? 0) !== (right.versionNonce ?? 0)) return false;
  }
  return true;
 };
 const buildFileSignature = (file: any): string => {
  const mimeType = typeof file?.mimeType === "string" ? file.mimeType : "";
  const id = typeof file?.id === "string" ? file.id : "";
  const dataURL = typeof file?.dataURL === "string" ? file.dataURL : "";
  // Avoid keeping the whole dataURL for comparisons; use a cheap signature.
  const prefix = dataURL.slice(0, 32);
  const suffix = dataURL.slice(-32);
  return `${id}|${mimeType}|${dataURL.length}|${prefix}|${suffix}`;
 };
 const getFilesDelta = (
  previous: Record<string, any>,
  next: Record<string, any>
 ): Record<string, any> => {
  const delta: Record<string, any> = {};
  const prev = previous || {};
  const nxt = next || {};
  for (const fileId of Object.keys(nxt)) {
    const nextFile = nxt[fileId];
    const nextHasDataUrl = typeof nextFile?.dataURL === "string" && nextFile.dataURL.length > 0;
    // Only sync files that actually have data; otherwise other tabs can't render yet.
    if (!nextHasDataUrl) continue;
    const prevFile = prev[fileId];
    if (!prevFile) {
      delta[fileId] = nextFile;
      continue;
    }
    if (buildFileSignature(prevFile) !== buildFileSignature(nextFile)) {
      delta[fileId] = nextFile;
    }
  }
  return delta;
 };
 const UIOptions = {
  canvasActions: {
    saveToActiveFile: false,
    loadScene: false,
    export: { saveFileToDisk: false },
    toggleTheme: true,
  },
 };
 const getInitialsFromName = (name: string): string => {
  const trimmed = name.trim();
  if (!trimmed) return 'U';
  const parts = trimmed.split(/\s+/).filter(Boolean);
  if (parts.length >= 2) {
    return `${parts[0][0]}${parts[parts.length - 1][0]}`.toUpperCase();
  }
  return trimmed.slice(0, 2).toUpperCase();
 };
 // Helper function to generate a color from a string (consistent hash)
 const getColorFromString = (str: string): string => {
  const COLORS = [
    "#ef4444", "#f97316", "#f59e0b", "#84cc16", "#22c55e", "#10b981",
    "#14b8a6", "#06b6d4", "#0ea5e9", "#3b82f6", "#6366f1", "#8b5cf6",
    "#a855f7", "#d946ef", "#ec4899", "#f43f5e",
  ];
  let hash = 0;
  for (let i = 0; i < str.length; i++) {
    hash = str.charCodeAt(i) + ((hash << 5) - hash);
  }
  return COLORS[Math.abs(hash) % COLORS.length];
 };
 export const Editor: React.FC = () => {
  const { id } = useParams<{ id: string }>();
  const navigate = useNavigate();
@@ -0,0 +1,35 @@
 import React from "react";
 import { createPortal } from "react-dom";
 export type Point = { x: number; y: number };
 export type SelectionBounds = {
  left: number;
  top: number;
  right: number;
  bottom: number;
  width: number;
  height: number;
 };
 export const getSelectionBounds = (
  start: Point,
  current: Point
 ): SelectionBounds => {
  const left = Math.min(start.x, current.x);
  const right = Math.max(start.x, current.x);
  const top = Math.min(start.y, current.y);
  const bottom = Math.max(start.y, current.y);
  return {
    left,
    top,
    right,
    bottom,
    width: right - left,
    height: bottom - top,
  };
 };
 export const DragOverlayPortal: React.FC<{ children: React.ReactNode }> = ({
  children,
 }) => createPortal(children, document.body);
@@ -0,0 +1,86 @@
 export interface ElementVersionInfo {
  version: number;
  versionNonce: number;
 }
 export const haveSameElements = (a: readonly any[] = [], b: readonly any[] = []) => {
  if (!a || !b) return false;
  if (a.length !== b.length) return false;
  for (let i = 0; i < a.length; i++) {
    const left = a[i];
    const right = b[i];
    if (!left || !right) return false;
    if (left.id !== right.id) return false;
    if ((left.version ?? 0) !== (right.version ?? 0)) return false;
    if ((left.versionNonce ?? 0) !== (right.versionNonce ?? 0)) return false;
  }
  return true;
 };
 const buildFileSignature = (file: any): string => {
  const mimeType = typeof file?.mimeType === "string" ? file.mimeType : "";
  const id = typeof file?.id === "string" ? file.id : "";
  const dataURL = typeof file?.dataURL === "string" ? file.dataURL : "";
  const prefix = dataURL.slice(0, 32);
  const suffix = dataURL.slice(-32);
  return `${id}|${mimeType}|${dataURL.length}|${prefix}|${suffix}`;
 };
 export const getFilesDelta = (
  previous: Record<string, any>,
  next: Record<string, any>
 ): Record<string, any> => {
  const delta: Record<string, any> = {};
  const prev = previous || {};
  const nxt = next || {};
  for (const fileId of Object.keys(nxt)) {
    const nextFile = nxt[fileId];
    const nextHasDataUrl = typeof nextFile?.dataURL === "string" && nextFile.dataURL.length > 0;
    if (!nextHasDataUrl) continue;
    const prevFile = prev[fileId];
    if (!prevFile) {
      delta[fileId] = nextFile;
      continue;
    }
    if (buildFileSignature(prevFile) !== buildFileSignature(nextFile)) {
      delta[fileId] = nextFile;
    }
  }
  return delta;
 };
 export const UIOptions = {
  canvasActions: {
    saveToActiveFile: false,
    loadScene: false,
    export: { saveFileToDisk: false },
    toggleTheme: true,
  },
 };
 export const getInitialsFromName = (name: string): string => {
  const trimmed = name.trim();
  if (!trimmed) return 'U';
  const parts = trimmed.split(/\s+/).filter(Boolean);
  if (parts.length >= 2) {
    return `${parts[0][0]}${parts[parts.length - 1][0]}`.toUpperCase();
  }
  return trimmed.slice(0, 2).toUpperCase();
 };
 export const getColorFromString = (str: string): string => {
  const COLORS = [
    "#ef4444", "#f97316", "#f59e0b", "#84cc16", "#22c55e", "#10b981",
    "#14b8a6", "#06b6d4", "#0ea5e9", "#3b82f6", "#6366f1", "#8b5cf6",
    "#a855f7", "#d946ef", "#ec4899", "#f43f5e",
  ];
  let hash = 0;
  for (let i = 0; i < str.length; i++) {
    hash = str.charCodeAt(i) + ((hash << 5) - hash);
  }
  return COLORS[Math.abs(hash) % COLORS.length];
 };
--- a/Show More
+++ b/Show More