Implement calendar ICS feed and token regeneration (P2.6, P2.7)

Add two calendar-related API endpoints:

P2.6 - GET /api/calendar/[userId]/[token].ics:
- Token-based authentication (no session required)
- Validates calendar token against user record
- Generates 90 days of phase events using generateIcsFeed()
- Returns proper Content-Type and Cache-Control headers
- 404 for non-existent users, 401 for invalid tokens
- 10 tests covering all scenarios

P2.7 - POST /api/calendar/regenerate-token:
- Requires authentication via withAuth() middleware
- Generates cryptographically secure 32-character hex token
- Updates user's calendarToken field in database
- Returns new token and formatted calendar URL
- Old tokens immediately invalidated
- 9 tests covering token generation and auth

Total: 19 new tests, 360 tests passing

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

IMPLEMENTATION_PLAN.md

@@ -35,8 +35,8 @@ This file is maintained by Ralph. Run `./ralph-sandbox.sh plan 3` to generate ta
 | POST /api/garmin/tokens | **COMPLETE** | Stores encrypted Garmin OAuth tokens (15 tests) |
 | DELETE /api/garmin/tokens | **COMPLETE** | Clears tokens and disconnects Garmin (15 tests) |
 | GET /api/garmin/status | **COMPLETE** | Returns connection status, expiry, warning level (11 tests) |
-| GET /api/calendar/[userId]/[token].ics | 501 | Has param extraction, core logic TODO |
-| POST /api/calendar/regenerate-token | 501 | Returns Not Implemented |
+| GET /api/calendar/[userId]/[token].ics | **COMPLETE** | Token validation, ICS generation, caching headers (10 tests) |
+| POST /api/calendar/regenerate-token | **COMPLETE** | Generates 32-char token, returns URL (9 tests) |
 | POST /api/cron/garmin-sync | **COMPLETE** | Syncs Garmin data for all users, creates DailyLogs (22 tests) |
 | POST /api/cron/notifications | **COMPLETE** | Sends daily emails with timezone matching, DailyLog handling (20 tests) |
 
@@ -85,6 +85,9 @@ This file is maintained by Ralph. Run `./ralph-sandbox.sh plan 3` to generate ta
 | `src/app/api/garmin/tokens/route.test.ts` | **EXISTS** - 15 tests (POST/DELETE tokens, encryption, validation, auth) |
 | `src/app/api/garmin/status/route.test.ts` | **EXISTS** - 11 tests (connection status, expiry, warning levels) |
 | `src/app/api/cron/garmin-sync/route.test.ts` | **EXISTS** - 22 tests (auth, user iteration, token handling, Garmin data fetching, DailyLog creation, error handling) |
+| `src/app/api/cron/notifications/route.test.ts` | **EXISTS** - 20 tests (timezone matching, DailyLog handling, email sending) |
+| `src/app/api/calendar/[userId]/[token].ics/route.test.ts` | **EXISTS** - 10 tests (token validation, ICS generation, caching, error handling) |
+| `src/app/api/calendar/regenerate-token/route.test.ts` | **EXISTS** - 9 tests (token generation, URL formatting, auth) |
 | E2E tests | **NONE** |
 
 ### Critical Business Rules (from Spec)
@@ -324,21 +327,33 @@ Full feature set for production use.
 - **Why:** Email notifications are a key feature per spec
 - **Depends On:** P2.4
 
-### P2.6: GET /api/calendar/[userId]/[token].ics Implementation
-- [ ] Return ICS feed for calendar subscription
+### P2.6: GET /api/calendar/[userId]/[token].ics Implementation ✅ COMPLETE
+- [x] Return ICS feed for calendar subscription
 - **Files:**
-  - `src/app/api/calendar/[userId]/[token].ics/route.ts` - Validate token, generate ICS
+  - `src/app/api/calendar/[userId]/[token].ics/route.ts` - Validates token, generates ICS with 90 days of phase events
 - **Tests:**
-  - Integration test: valid token returns ICS, invalid returns 401
+  - `src/app/api/calendar/[userId]/[token].ics/route.test.ts` - 10 tests covering token validation, ICS generation, caching headers, error handling
+- **Features Implemented:**
+  - Token-based authentication (no session required)
+  - Validates calendar token against user record
+  - Generates 90 days of phase events using `generateIcsFeed()`
+  - Returns proper Content-Type header (`text/calendar; charset=utf-8`)
+  - Caching headers for calendar client optimization
+  - 404 for non-existent users, 401 for invalid tokens
 - **Why:** Calendar integration for external apps
-- **Note:** Route has param extraction, needs ICS generation (90 days of events per spec)
 
-### P2.7: POST /api/calendar/regenerate-token Implementation
-- [ ] Generate new calendar token
+### P2.7: POST /api/calendar/regenerate-token Implementation ✅ COMPLETE
+- [x] Generate new calendar token
 - **Files:**
-  - `src/app/api/calendar/regenerate-token/route.ts` - Create random token, update user
+  - `src/app/api/calendar/regenerate-token/route.ts` - Creates random 32-char token, updates user
 - **Tests:**
-  - `src/app/api/calendar/regenerate-token/route.test.ts` - Test token uniqueness, old URL invalidation
+  - `src/app/api/calendar/regenerate-token/route.test.ts` - 9 tests covering token generation, URL formatting, auth
+- **Features Implemented:**
+  - Requires authentication via `withAuth()` middleware
+  - Generates cryptographically secure 32-character hex token
+  - Updates user's `calendarToken` field in database
+  - Returns new token and formatted calendar URL
+  - Old tokens immediately invalidated
 - **Why:** Security feature for calendar URLs
 - **Depends On:** P0.1, P0.2
 
@@ -584,6 +599,8 @@ P2.14 Mini calendar
 - [x] **GET /api/garmin/status** - Returns connection status, expiry, warning level, 11 tests (P2.3)
 - [x] **POST /api/cron/garmin-sync** - Daily sync of Garmin data for all connected users, creates DailyLogs, 22 tests (P2.4)
 - [x] **POST /api/cron/notifications** - Sends daily email notifications with timezone matching, DailyLog handling, nutrition guidance, 20 tests (P2.5)
+- [x] **GET /api/calendar/[userId]/[token].ics** - Returns ICS feed with 90-day phase events, token validation, caching headers, 10 tests (P2.6)
+- [x] **POST /api/calendar/regenerate-token** - Generates new 32-char calendar token, returns URL, 9 tests (P2.7)
 
 ### Pages
 - [x] **Login Page** - Email/password form with PocketBase auth, error handling, loading states, redirect, 14 tests (P1.6)