bump: version 0.16.0 → 0.17.0

Merge pull request #223 from cbcoutinho/feature/caldav
Migrate to caldav and add support for VTODOs
2025-10-19 22:55:23 +00:00 · 2025-10-20 00:54:51 +02:00 · 2025-10-20 00:54:35 +02:00 · 2025-10-20 00:15:05 +02:00 · 2025-10-19 22:05:34 +00:00 · 2025-10-20 00:04:38 +02:00
71 changed files with 11248 additions and 2656 deletions
@@ -11,7 +11,7 @@ jobs:
    steps:
      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
      - name: Install the latest version of uv
-        uses: astral-sh/setup-uv@3259c6206f993105e3a61b142c2d97bf4b9ef83d # v7.1.0
+        uses: astral-sh/setup-uv@2ddd2b9cb38ad8efd50337e8ab201519a34c9f24 # v7.1.1
      - name: Check format
        run: |
          uv run --frozen ruff format --diff
@@ -33,11 +33,11 @@ jobs:
          up-flags: "--build"

      - name: Install the latest version of uv
-        uses: astral-sh/setup-uv@3259c6206f993105e3a61b142c2d97bf4b9ef83d # v7.1.0
+        uses: astral-sh/setup-uv@2ddd2b9cb38ad8efd50337e8ab201519a34c9f24 # v7.1.1

      - name: Install Playwright dependencies
        run: |
-          uv run playwright install firefox --with-deps
+          uv run playwright install chromium --with-deps

      - name: Wait for service to be ready
        run: |
@@ -62,4 +62,4 @@ jobs:
          NEXTCLOUD_USERNAME: "admin"
          NEXTCLOUD_PASSWORD: "admin"
        run: |
-          uv run pytest -v --browser firefox
+          uv run pytest -v --log-level=INFO
@@ -6,4 +6,4 @@ __pycache__/
 .env.*.local

 # Generated by pytest used to login users
-.nextcloud_oauth_shared_test_client.json
+.nextcloud_oauth_*.json
@@ -1,3 +1,65 @@
+## v0.17.0 (2025-10-19)
+
+### Feat
+
+- **caldav**: Add support for tasks
+
+### Fix
+
+- **caldav**: Check that calendar exists after creation to avoid race condition
+- **caldav**: Properly parse datetimes as vDDDTypes
+
+### Refactor
+
+- Migrate from internal CalendarClient to caldav library
+
+## v0.16.0 (2025-10-19)
+
+### Feat
+
+- **webdav**: Add search and list favorite response tools
+
+### Perf
+
+- **notes**: Improve notes search performance using async iterators
+
+## v0.15.2 (2025-10-17)
+
+### Refactor
+
+- Unify logging & remove factory deployment
+
+## v0.15.1 (2025-10-17)
+
+### Fix
+
+- Increase HTTP client timeout to 30s
+- Handle RequestError in mcp tools
+
+## v0.15.0 (2025-10-17)
+
+### Feat
+
+- **cookbook**: Add full Cookbook app support with 13 tools and 2 resources
+
+## v0.14.3 (2025-10-17)
+
+### Fix
+
+- **deps**: update dependency mcp to >=1.18,<1.19
+
+## v0.14.2 (2025-10-16)
+
+### Fix
+
+- **deps**: update dependency pillow to v12
+
+## v0.14.1 (2025-10-15)
+
+### Fix
+
+- **oauth**: Remove the option to force_register new clients
+
 ## v0.14.0 (2025-10-15)

 ### Feat
@@ -19,6 +19,53 @@ uv run pytest --cov
 uv run pytest -m "not integration"
 ```

+### Load Testing
+```bash
+# Run benchmark with default settings (10 workers, 30 seconds)
+uv run python -m tests.load.benchmark
+
+# Quick test with custom concurrency and duration
+uv run python -m tests.load.benchmark --concurrency 20 --duration 60
+
+# Extended load test (50 workers for 5 minutes)
+uv run python -m tests.load.benchmark -c 50 -d 300
+
+# Export results to JSON for analysis
+uv run python -m tests.load.benchmark -c 20 -d 60 --output results.json
+
+# Test OAuth server on port 8001
+uv run python -m tests.load.benchmark --url http://127.0.0.1:8001/mcp
+
+# Verbose mode with detailed logging
+uv run python -m tests.load.benchmark -c 10 -d 30 --verbose
+```
+
+**Load Testing Features:**
+- **Mixed workload** simulating realistic MCP usage (40% reads, 20% writes, 15% search, 25% other operations)
+- **Real-time progress** bar with live RPS and error counts
+- **Detailed metrics**:
+  - Throughput (requests/second)
+  - Latency percentiles (p50, p90, p95, p99)
+  - Per-operation breakdown
+  - Error rates and types
+- **Automatic cleanup** of test data
+- **JSON export** for CI/CD integration
+- **Server health checks** before starting
+
+**Understanding Results:**
+- **Requests/Second (RPS)**: Higher is better. Expected baseline: 50-200 RPS for mixed workload
+- **Latency**:
+  - p50 (median): Should be <100ms for most operations
+  - p95: Should be <500ms
+  - p99: Should be <1000ms
+- **Error Rate**: Should be <1% under normal load
+
+**Common Bottlenecks:**
+1. Nextcloud backend API response times (most common)
+2. Database connection limits
+3. HTTP client connection pooling
+4. Network I/O between containers
+
 ### Code Quality
 ```bash
 # Format and lint code
@@ -89,7 +136,17 @@ Each Nextcloud app has a corresponding server module that:
 ### Supported Nextcloud Apps

 - **Notes** - Full CRUD operations and search
- **Calendar** - CalDAV integration with events, recurring events, attendees
+- **Calendar** - CalDAV integration with events, recurring events, attendees, and **tasks (VTODO)**
+  - **Calendar Operations**: List, create, delete calendars
+  - **Event Operations**: Full CRUD, recurring events, attendees, reminders, bulk operations
+  - **Task Operations (VTODO)**: Full CRUD for CalDAV tasks with:
+    - Status tracking (NEEDS-ACTION, IN-PROCESS, COMPLETED, CANCELLED)
+    - Priority levels (0-9, 1=highest, 9=lowest)
+    - Due dates, start dates, completion tracking
+    - Percent complete (0-100%)
+    - Categories and filtering
+    - Search across all calendars
+  - **Note**: Calendar implementation uses caldav library's AsyncDavClient
 - **Contacts** - CardDAV integration with address book operations
 - **Tables** - Row-level operations on Nextcloud Tables
 - **WebDAV** - Complete file system access
@@ -102,9 +159,27 @@ Each Nextcloud app has a corresponding server module that:
 4. **Context injection** - MCP context provides access to the authenticated client instance
 5. **Modular design** - Each Nextcloud app is isolated in its own client/server pair

+### MCP Response Patterns
+
+**CRITICAL: Never return raw `List[Dict]` from MCP tools - always wrap in Pydantic response models**
+
+FastMCP serialization issue: raw lists get mangled into dicts with numeric string keys.
+
+**Pattern:**
+1. Client methods return `List[Dict]` (raw data)
+2. MCP tools convert to Pydantic models and wrap in response object
+3. Response models inherit from `BaseResponse`, include `results` field + metadata
+
+**Reference implementations:**
+- `SearchNotesResponse` in `nextcloud_mcp_server/models/notes.py:80`
+- `SearchFilesResponse` in `nextcloud_mcp_server/models/webdav.py:113`
+- Tool examples: `nextcloud_mcp_server/server/{notes,webdav}.py`
+
+**Testing:** Extract `data["results"]` from MCP responses, not `data` directly.
+
 ### Testing Structure

- **Integration tests** in `tests/integration/` and `tests/client/`, `tests/server/` - Test real Nextcloud API interactions
+- **Integration tests** in `tests/client/` and `tests/server/` - Test real Nextcloud API interactions
 - **Fixtures** in `tests/conftest.py` - Shared test setup and utilities
 - Tests are marked with `@pytest.mark.integration` for selective running
 - **Important**: Integration tests run against live Docker containers. After making code changes:
@@ -126,53 +201,41 @@ Each Nextcloud app has a corresponding server module that:
  - `temporary_addressbook` - Creates and cleans up test address books
  - `temporary_contact` - Creates and cleans up test contacts
 - **Test specific functionality** after changes:
-  - For Notes changes: `uv run pytest tests/integration/test_mcp.py -k "notes" -v`
-  - For specific API changes: `uv run pytest tests/integration/test_notes_api.py -v`
+  - For Notes changes: `uv run pytest tests/server/test_mcp.py -k "notes" -v`
+  - For specific API changes: `uv run pytest tests/client/notes/test_notes_api.py -v`
  - For OAuth changes: `uv run pytest tests/server/test_oauth*.py -v` (remember to rebuild `mcp-oauth` container)
 - **Avoid creating standalone test scripts** - use pytest with proper fixtures instead

 #### OAuth/OIDC Testing
-OAuth integration tests support both **automated** (Playwright) and **interactive** authentication flows:
+OAuth integration tests use **automated Playwright browser automation** to complete the OAuth flow programmatically.

-**Automated Testing (Default - Recommended for CI/CD):**
- **Default fixtures**: `nc_oauth_client`, `nc_mcp_oauth_client` use Playwright automation
- Uses Playwright headless browser automation to complete OAuth flow programmatically
+**OAuth Testing Setup:**
+- **Main fixtures**: `nc_oauth_client`, `nc_mcp_oauth_client` - Use Playwright automation
 - **Shared OAuth Client**: All test users authenticate using a single OAuth client
  - Stored in `.nextcloud_oauth_shared_test_client.json`
  - Matches production MCP server behavior
  - Each user gets their own unique access token
-  - Implementation: `shared_oauth_client_credentials` fixture in `tests/conftest.py:812`
- All Playwright fixtures: `playwright_oauth_token`, `nc_oauth_client`, `nc_mcp_oauth_client`, `nc_oauth_client_playwright`, `nc_mcp_oauth_client_playwright`
- Multi-user fixtures: `alice_oauth_token`, `bob_oauth_token`, `charlie_oauth_token`, `diana_oauth_token`
- Requires: `NEXTCLOUD_HOST`, `NEXTCLOUD_USERNAME`, `NEXTCLOUD_PASSWORD` environment variables
+  - Implementation: `shared_oauth_client_credentials` fixture in `tests/conftest.py`
+- **Available fixtures**: `playwright_oauth_token`, `nc_oauth_client`, `nc_mcp_oauth_client`
+- **Multi-user fixtures**: `alice_oauth_token`, `bob_oauth_token`, `charlie_oauth_token`, `diana_oauth_token`
+- **Requirements**: `NEXTCLOUD_HOST`, `NEXTCLOUD_USERNAME`, `NEXTCLOUD_PASSWORD` environment variables
 - Uses `pytest-playwright-asyncio` for async Playwright fixtures
- Playwright configuration: Use pytest CLI args like `--browser firefox --headed` to customize
- Install browsers: `uv run playwright install firefox` (or `chromium`, `webkit`)
- Example:
-  ```bash
-  # Run all OAuth tests with automated Playwright flow using Firefox
-  uv run pytest tests/server/test_oauth*.py --browser firefox -v
+- **Playwright configuration**: Use pytest CLI args like `--browser firefox --headed` to customize
+- **Install browsers**: `uv run playwright install firefox` (or `chromium`, `webkit`)

-  # Run specific Playwright tests with visible browser for debugging
-  uv run pytest tests/server/test_mcp_oauth.py --browser firefox --headed -v
+**Example Commands:**
+```bash
+# Run all OAuth tests with Playwright automation using Firefox
+uv run pytest tests/server/test_oauth*.py --browser firefox -v

-  # Run with Chromium (default)
-  uv run pytest tests/server/test_oauth*.py -v
-  ```
+# Run specific tests with visible browser for debugging
+uv run pytest tests/server/test_mcp_oauth.py --browser firefox --headed -v

-**Interactive Testing (Manual browser login):**
- Opens system browser and waits for manual login/authorization
- Fixtures: `interactive_oauth_token`, `nc_oauth_client_interactive`, `nc_mcp_oauth_client_interactive`
- Requires: User to complete browser-based login when prompted
- Useful for: Debugging OAuth flows, testing with 2FA, local development
- **Automatically skipped in GitHub Actions CI** - Interactive fixtures check for `GITHUB_ACTIONS` environment variable
- Example:
-  ```bash
-  # Run OAuth tests with interactive flow (will open browser and wait for manual login)
-  uv run pytest tests/client/test_oauth_interactive.py -v
-  ```
+# Run with Chromium (default)
+uv run pytest tests/server/test_oauth*.py -v
+```

-**Test Environment Setup:**
+**Test Environment:**
 - **Two MCP server containers are available:**
  - `mcp` (port 8000): Uses basic auth with admin credentials - for most testing
  - `mcp-oauth` (port 8001): Uses OAuth authentication - for OAuth-specific testing
@@ -180,9 +243,8 @@ OAuth integration tests support both **automated** (Playwright) and **interactiv
 - **Important**: When working on OAuth functionality, always rebuild `mcp-oauth` container, not `mcp`
 - OAuth client credentials cached in `.nextcloud_oauth_shared_test_client.json`

-**CI/CD Considerations:**
- Interactive OAuth tests are automatically skipped when `GITHUB_ACTIONS` environment variable is set
- Automated Playwright tests will run in CI/CD environments
+**CI/CD Notes:**
+- Playwright tests run in CI/CD environments
 - Use Firefox browser in CI: `--browser firefox` (Chromium may have issues with localhost redirects)

 ### Configuration Files
@@ -1,4 +1,7 @@
-FROM ghcr.io/astral-sh/uv:0.9.2-python3.11-alpine@sha256:59c7cb3e4a4fe9ccff6a5bf0d952a0b1b0101adda48e305c02beea3c22256208
+FROM ghcr.io/astral-sh/uv:0.9.4-python3.11-alpine@sha256:1a51c7710eaf839fa3365329ad993b48d17ddd9ab0f0672efaa9b09f407ebf44
+
+# Install git (required for caldav dependency from git)
+RUN apk add --no-cache git

 WORKDIR /app

@@ -18,6 +18,7 @@ The Nextcloud MCP (Model Context Protocol) server allows Large Language Models l
 | **Notes** | ✅ Full | Create, read, update, delete, search notes. Handle attachments. |
 | **Calendar** | ✅ Full | Manage events, recurring events, reminders, attendees via CalDAV. |
 | **Contacts** | ✅ Full | CRUD operations for contacts and address books via CardDAV. |
+| **Cookbook** | ✅ Full | Manage recipes with schema.org metadata. Import from URLs, search, categorize. |
 | **Files (WebDAV)** | ✅ Full | Complete file system access - browse, read, write, organize files. |
 | **Deck** | ✅ Full | Project management - boards, stacks, cards, labels, assignments. |
 | **Tables** | ⚠️ Partial | Row-level operations. Table management not yet supported. |
@@ -29,8 +30,16 @@ Want to see another Nextcloud app supported? [Open an issue](https://github.com/

 | Mode | Security | Best For |
 |------|----------|----------|
-| **OAuth2/OIDC** ✅ | 🔒 High | Production, multi-user deployments |
-| **Basic Auth** ⚠️ | Lower | Development, testing |
+| **OAuth2/OIDC** ⚠️ **Experimental** | 🔒 High | Testing, evaluation (requires patches) |
+| **Basic Auth** ✅ | Lower | Development, testing, production |
+
+> [!IMPORTANT]
+> **OAuth is experimental** and requires manual patches to upstream Nextcloud apps. Specifically:
+> - **Required patch**: `user_oidc` app needs modifications for Bearer token support ([issue #1221](https://github.com/nextcloud/user_oidc/issues/1221))
+> - **Impact**: Without the patch, most app-specific APIs (Notes, Calendar, Contacts, Deck, etc.) will fail with 401 errors
+> - **Production use**: Wait for upstream patches to be merged into official releases
+>
+> See [OAuth Upstream Status](docs/oauth-upstream-status.md) for detailed information on required patches and workarounds.

 OAuth2/OIDC provides secure, per-user authentication with access tokens. See [Authentication Guide](docs/authentication.md) for details.

@@ -61,29 +70,35 @@ Create a `.env` file:
 cp env.sample .env
 ```

-**For OAuth (recommended):**
-```dotenv
-NEXTCLOUD_HOST=https://your.nextcloud.instance.com
-```
-
-**For Basic Auth:**
+**For Basic Auth (recommended for most users):**
 ```dotenv
 NEXTCLOUD_HOST=https://your.nextcloud.instance.com
 NEXTCLOUD_USERNAME=your_username
 NEXTCLOUD_PASSWORD=your_app_password
 ```

+**For OAuth (experimental - requires patches):**
+```dotenv
+NEXTCLOUD_HOST=https://your.nextcloud.instance.com
+```
+
 See [Configuration Guide](docs/configuration.md) for all options.

 ### 3. Set Up Authentication

-**OAuth Setup (recommended):**
-1. Install Nextcloud OIDC apps (`oidc` + `user_oidc`)
-2. Enable dynamic client registration
-3. Configure Bearer token validation
-4. Start the server
+**Basic Auth Setup (recommended):**
+1. Create an app password in Nextcloud (Settings → Security → Devices & sessions)
+2. Add credentials to `.env` file
+3. Start the server

-See [OAuth Quick Start](docs/quickstart-oauth.md) for 5-minute setup or [OAuth Setup Guide](docs/oauth-setup.md) for production deployment.
+**OAuth Setup (experimental):**
+1. Install Nextcloud OIDC apps (`oidc` + `user_oidc`)
+2. **Apply required patches** to `user_oidc` app (see [OAuth Upstream Status](docs/oauth-upstream-status.md))
+3. Enable dynamic client registration
+4. Configure Bearer token validation
+5. Start the server
+
+See [OAuth Quick Start](docs/quickstart-oauth.md) for 5-minute setup or [OAuth Setup Guide](docs/oauth-setup.md) for detailed instructions.

 ### 4. Run the Server

@@ -91,12 +106,15 @@ See [OAuth Quick Start](docs/quickstart-oauth.md) for 5-minute setup or [OAuth S
 # Load environment variables
 export $(grep -v '^#' .env | xargs)

-# Start the server
+# Start with Basic Auth (default)
+uv run nextcloud-mcp-server
+
+# Or start with OAuth (experimental - requires patches)
 uv run nextcloud-mcp-server --oauth

 # Or with Docker
 docker run -p 127.0.0.1:8000:8000 --env-file .env --rm \
-  ghcr.io/cbcoutinho/nextcloud-mcp-server:latest --oauth
+  ghcr.io/cbcoutinho/nextcloud-mcp-server:latest
 ```

 The server starts on `http://127.0.0.1:8000` by default.
@@ -126,12 +144,12 @@ Or connect from:
 ### Architecture
 - **[Comparison with Context Agent](docs/comparison-context-agent.md)** - How this MCP server differs from Nextcloud's Context Agent

-### OAuth Documentation
+### OAuth Documentation (Experimental)
 - **[OAuth Quick Start](docs/quickstart-oauth.md)** - 5-minute setup guide
- **[OAuth Setup Guide](docs/oauth-setup.md)** - Production deployment
+- **[OAuth Setup Guide](docs/oauth-setup.md)** - Detailed setup instructions
 - **[OAuth Architecture](docs/oauth-architecture.md)** - How OAuth works
 - **[OAuth Troubleshooting](docs/oauth-troubleshooting.md)** - OAuth-specific issues
- **[Upstream Status](docs/oauth-upstream-status.md)** - Required patches and PRs
+- **[Upstream Status](docs/oauth-upstream-status.md)** - **Required patches and PRs** ⚠️

 ### Reference
 - **[Troubleshooting](docs/troubleshooting.md)** - Common issues and solutions
@@ -140,6 +158,7 @@ Or connect from:
 - [Notes API](docs/notes.md)
 - [Calendar (CalDAV)](docs/calendar.md)
 - [Contacts (CardDAV)](docs/contacts.md)
+- [Cookbook](docs/cookbook.md)
 - [Deck](docs/deck.md)
 - [Tables](docs/table.md)
 - [WebDAV](docs/webdav.md)
@@ -151,6 +170,7 @@ The server exposes Nextcloud functionality through MCP tools (for actions) and r
 ### Tools
 Tools enable AI assistants to perform actions:
 - `nc_notes_create_note` - Create a new note
+- `nc_cookbook_import_recipe` - Import recipes from URLs with schema.org metadata
 - `deck_create_card` - Create a Deck card
 - `nc_calendar_create_event` - Create a calendar event
 - `nc_contacts_create_contact` - Create a contact
@@ -159,6 +179,7 @@ Tools enable AI assistants to perform actions:
 ### Resources
 Resources provide read-only access to Nextcloud data:
 - `nc://capabilities` - Server capabilities
+- `cookbook://version` - Cookbook app version info
 - `nc://Deck/boards/{board_id}` - Deck board data
 - `notes://settings` - Notes app settings
 - And more...
@@ -173,6 +194,12 @@ AI: "Create a note called 'Meeting Notes' with today's agenda"
 → Uses nc_notes_create_note tool
 ```

+### Manage Recipes
+```
+AI: "Import the recipe from this URL: https://www.example.com/recipe/chocolate-cake"
+→ Uses nc_cookbook_import_recipe tool to extract schema.org metadata
+```
+
 ### Manage Calendar
 ```
 AI: "Schedule a team meeting for next Tuesday at 2pm"
@@ -220,7 +247,8 @@ Contributions are welcome!
 [![MseeP.ai Security Assessment](https://mseep.net/pr/cbcoutinho-nextcloud-mcp-server-badge.png)](https://mseep.ai/app/cbcoutinho-nextcloud-mcp-server)

 This project takes security seriously:
- OAuth2/OIDC support for secure authentication
+- OAuth2/OIDC support (experimental - requires upstream patches)
+- Basic Auth with app-specific passwords (recommended)
 - No credential storage with OAuth mode
 - Per-user access tokens
 - Regular security assessments
@@ -0,0 +1,63 @@
+From 9036daecdc8bcdf8114715dcf17e5c06967b25fb Mon Sep 17 00:00:00 2001
+From: Chris Coutinho <chris@coutinho.io>
+Date: Mon, 13 Oct 2025 23:24:53 +0200
+Subject: [PATCH 1/2] feat: Advertise PKCE support in discovery document
+
+Add code_challenge_methods_supported to OpenID Connect discovery
+document when PKCE is enabled via proof_key_for_code_exchange config.
+
+Rationale:
+According to RFC 8414 Section 2, the code_challenge_methods_supported
+field in OAuth 2.0 Authorization Server Metadata has specific semantics:
+"If omitted, the authorization server does not support PKCE."
+
+This means that clients following RFC 8414 strictly will interpret the
+absence of this field as explicit non-support for PKCE, even if the
+authorization server technically supports it.
+
+Impact:
+- Standards-compliant OAuth clients (e.g., MCP clients) require explicit
+  advertisement of PKCE support before proceeding with authorization
+- The MCP (Model Context Protocol) specification mandates that clients
+  MUST refuse to proceed if code_challenge_methods_supported is absent
+- Other security-focused OAuth implementations may have similar checks
+
+Implementation:
+- Only advertises S256 (SHA-256) challenge method, which is the most
+  secure and widely supported method
+- Conditional on the existing proof_key_for_code_exchange app config
+- Maintains backward compatibility: only added when PKCE is enabled
+
+This change ensures the discovery document accurately reflects server
+capabilities per RFC 8414 semantics, enabling compatibility with
+strict standards-compliant OAuth clients.
+
+References:
+- RFC 8414: OAuth 2.0 Authorization Server Metadata
+- RFC 7636: Proof Key for Code Exchange by OAuth Public Clients
+- MCP Authorization Specification
+
+Signed-off-by: Chris Coutinho <chris@coutinho.io>
+---
+ lib/Util/DiscoveryGenerator.php | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/lib/Util/DiscoveryGenerator.php b/lib/Util/DiscoveryGenerator.php
+index ee3cd57..6429f94 100644
+--- a/lib/Util/DiscoveryGenerator.php
+++ b/lib/Util/DiscoveryGenerator.php
+@@ -171,6 +171,11 @@ class DiscoveryGenerator
+             $discoveryPayload['registration_endpoint'] = $host . $this->urlGenerator->linkToRoute('oidc.DynamicRegistration.registerClient', []);
+         }
+ 
+        // Add PKCE support if enabled
+        if ($this->appConfig->getAppValueBool('proof_key_for_code_exchange', false)) {
+            $discoveryPayload['code_challenge_methods_supported'] = ['S256'];
+        }
+
+         $this->logger->info('Request to Discovery Endpoint.');
+ 
+         $response = new JSONResponse($discoveryPayload);
+-- 
+2.51.1
+
@@ -1,16 +0,0 @@
-diff --git a/lib/Util/DiscoveryGenerator.php b/lib/Util/DiscoveryGenerator.php
-index ee3cd57..6429f94 100644
--- a/lib/Util/DiscoveryGenerator.php
-+++ b/lib/Util/DiscoveryGenerator.php
-@@ -171,6 +171,11 @@ class DiscoveryGenerator
-             $discoveryPayload['registration_endpoint'] = $host . $this->urlGenerator->linkToRoute('oidc.DynamicRegistration.registerClient', []);
-         }
- 
-+        // Add PKCE support if enabled
-+        if ($this->appConfig->getAppValueBool('proof_key_for_code_exchange', false)) {
-+            $discoveryPayload['code_challenge_methods_supported'] = ['S256'];
-+        }
-+
-         $this->logger->info('Request to Discovery Endpoint.');
- 
-         $response = new JSONResponse($discoveryPayload);
@@ -0,0 +1,320 @@
+From cb2c931fe1f73e5bbfdf459928b5b21e2d96e0f1 Mon Sep 17 00:00:00 2001
+From: Chris Coutinho <chris@coutinho.io>
+Date: Sun, 19 Oct 2025 21:04:46 +0200
+Subject: [PATCH 2/2] Initial implementation of PKCE
+
+Signed-off-by: Chris Coutinho <chris@coutinho.io>
+---
+ lib/Controller/LoginRedirectorController.php  | 44 +++++++++++-
+ lib/Controller/OIDCApiController.php          | 68 ++++++++++++++++++-
+ lib/Db/AccessToken.php                        | 10 +++
+ .../Version0014Date20251019100100.php         | 63 +++++++++++++++++
+ lib/Util/DiscoveryGenerator.php               |  2 +-
+ 5 files changed, 184 insertions(+), 3 deletions(-)
+ create mode 100644 lib/Migration/Version0014Date20251019100100.php
+
+diff --git a/lib/Controller/LoginRedirectorController.php b/lib/Controller/LoginRedirectorController.php
+index 1b9bdde..5f2d327 100644
+--- a/lib/Controller/LoginRedirectorController.php
+++ b/lib/Controller/LoginRedirectorController.php
+@@ -142,6 +142,8 @@ class LoginRedirectorController extends ApiController
+      * @param string $scope
+      * @param string $nonce
+      * @param string $resource
+     * @param string $code_challenge
+     * @param string $code_challenge_method
+      * @return Response
+      */
+     #[BruteForceProtection(action: 'oidc_login')]
+@@ -155,7 +157,9 @@ class LoginRedirectorController extends ApiController
+                     $redirect_uri,
+                     $scope,
+                     $nonce,
+-                    $resource
+                    $resource,
+                    $code_challenge = null,
+                    $code_challenge_method = null
+                     ): Response
+         {
+         if (!$this->userSession->isLoggedIn()) {
+@@ -168,6 +172,8 @@ class LoginRedirectorController extends ApiController
+             $this->session->set('oidc_scope', $scope);
+             $this->session->set('oidc_nonce', $nonce);
+             $this->session->set('oidc_resource', $resource);
+            $this->session->set('oidc_code_challenge', $code_challenge);
+            $this->session->set('oidc_code_challenge_method', $code_challenge_method);
+ 
+             $afterLoginRedirectUrl = $this->urlGenerator->linkToRoute('oidc.Page.index', []);
+ 
+@@ -204,6 +210,12 @@ class LoginRedirectorController extends ApiController
+         if (empty($resource)) {
+             $resource = $this->session->get('oidc_resource');
+         }
+        if (empty($code_challenge)) {
+            $code_challenge = $this->session->get('oidc_code_challenge');
+        }
+        if (empty($code_challenge_method)) {
+            $code_challenge_method = $this->session->get('oidc_code_challenge_method');
+        }
+ 
+         // Set default scope if scope is not set at all
+         if (!isset($scope)) {
+@@ -327,6 +339,30 @@ class LoginRedirectorController extends ApiController
+ 
+         $uid = $this->userSession->getUser()->getUID();
+ 
+        // PKCE validation (RFC 7636)
+        if (!empty($code_challenge)) {
+            // Validate code_challenge format: 43-128 characters, unreserved chars only
+            if (!preg_match('/^[A-Za-z0-9._~-]{43,128}$/', $code_challenge)) {
+                $this->logger->notice('Invalid code_challenge format for client ' . $client_id . '.');
+                $url = $redirect_uri . '?error=invalid_request&error_description=Invalid%20code_challenge%20format&state=' . urlencode($state);
+                return new RedirectResponse($url);
+            }
+
+            // Default to S256 if method not specified
+            if (empty($code_challenge_method)) {
+                $code_challenge_method = 'S256';
+            }
+
+            // Validate code_challenge_method: only S256 and plain are allowed
+            if (!in_array($code_challenge_method, ['S256', 'plain'])) {
+                $this->logger->notice('Unsupported code_challenge_method for client ' . $client_id . ': ' . $code_challenge_method);
+                $url = $redirect_uri . '?error=invalid_request&error_description=Unsupported%20code_challenge_method&state=' . urlencode($state);
+                return new RedirectResponse($url);
+            }
+
+            $this->logger->debug('PKCE challenge received for client ' . $client_id . ' using method ' . $code_challenge_method);
+        }
+
+         $code = $this->random->generate(128, ISecureRandom::CHAR_UPPER.ISecureRandom::CHAR_LOWER.ISecureRandom::CHAR_DIGITS);
+         $accessToken = new AccessToken();
+         $accessToken->setClientId($client->getId());
+@@ -343,6 +379,12 @@ class LoginRedirectorController extends ApiController
+         }
+         $accessToken->setNonce($nonce);
+ 
+        // Store PKCE challenge if provided
+        if (!empty($code_challenge)) {
+            $accessToken->setCodeChallenge(substr($code_challenge, 0, 128));
+            $accessToken->setCodeChallengeMethod(substr($code_challenge_method, 0, 16));
+        }
+
+         try {
+             $accessToken->setAccessToken($this->jwtGenerator->generateAccessToken($accessToken, $client, $this->request->getServerProtocol(), $this->request->getServerHost()));
+             $this->accessTokenMapper->insert($accessToken);
+diff --git a/lib/Controller/OIDCApiController.php b/lib/Controller/OIDCApiController.php
+index 6fd6eb0..059396c 100644
+--- a/lib/Controller/OIDCApiController.php
+++ b/lib/Controller/OIDCApiController.php
+@@ -125,12 +125,13 @@ class OIDCApiController extends ApiController {
+      * @param string $refresh_token
+      * @param string $client_id
+      * @param string $client_secret
+     * @param string $code_verifier
+      * @return JSONResponse
+      */
+     #[BruteForceProtection(action: 'oidc_token')]
+     #[PublicPage]
+     #[NoCSRFRequired]
+-    public function getToken($grant_type, $code, $refresh_token, $client_id, $client_secret): JSONResponse
+    public function getToken($grant_type, $code, $refresh_token, $client_id, $client_secret, $code_verifier = null): JSONResponse
+     {
+         $expireTime = (int)$this->appConfig->getAppValueString(Application::APP_CONFIG_DEFAULT_EXPIRE_TIME, '0');
+         $refreshExpireTime = (int)$this->appConfig->getAppValueString(Application::APP_CONFIG_DEFAULT_REFRESH_EXPIRE_TIME, Application::DEFAULT_REFRESH_EXPIRE_TIME);
+@@ -212,6 +213,32 @@ class OIDCApiController extends ApiController {
+                     'error_description' => 'Access token already expired.',
+                 ], Http::STATUS_BAD_REQUEST);
+             }
+
+            // PKCE verification (RFC 7636 Section 4.6)
+            $storedCodeChallenge = $accessToken->getCodeChallenge();
+            if (!empty($storedCodeChallenge)) {
+                // PKCE was used in authorization request, code_verifier is required
+                if (empty($code_verifier)) {
+                    $this->accessTokenMapper->delete($accessToken);
+                    $this->logger->notice('Missing code_verifier for PKCE-protected token. Client id: ' . $client_id);
+                    return new JSONResponse([
+                        'error' => 'invalid_grant',
+                        'error_description' => 'code_verifier required for PKCE flow.',
+                    ], Http::STATUS_BAD_REQUEST);
+                }
+
+                $storedCodeChallengeMethod = $accessToken->getCodeChallengeMethod() ?: 'S256';
+                if (!$this->verifyPkce($code_verifier, $storedCodeChallenge, $storedCodeChallengeMethod)) {
+                    $this->accessTokenMapper->delete($accessToken);
+                    $this->logger->notice('PKCE verification failed. Client id: ' . $client_id);
+                    return new JSONResponse([
+                        'error' => 'invalid_grant',
+                        'error_description' => 'Invalid code_verifier.',
+                    ], Http::STATUS_BAD_REQUEST);
+                }
+
+                $this->logger->debug('PKCE verification successful for client ' . $client_id);
+            }
+         } elseif ($refreshExpireTime !== 'never') {
+             // The refresh token must not be expired
+             $refreshExpireTime = (int)$refreshExpireTime;
+@@ -286,4 +313,43 @@ class OIDCApiController extends ApiController {
+ 
+         return $response;
+     }
+
+    /**
+     * Base64URL encode (RFC 7636 Section 4.2)
+     *
+     * @param string $data
+     * @return string
+     */
+    private function base64UrlEncode(string $data): string
+    {
+        return rtrim(strtr(base64_encode($data), '+/', '-_'), '=');
+    }
+
+    /**
+     * Verify PKCE code_verifier against code_challenge (RFC 7636 Section 4.6)
+     *
+     * @param string $codeVerifier
+     * @param string $codeChallenge
+     * @param string $codeChallengeMethod
+     * @return bool
+     */
+    private function verifyPkce(string $codeVerifier, string $codeChallenge, string $codeChallengeMethod): bool
+    {
+        // Validate code_verifier format: 43-128 characters, unreserved chars only
+        if (!preg_match('/^[A-Za-z0-9._~-]{43,128}$/', $codeVerifier)) {
+            return false;
+        }
+
+        // Compute the challenge based on the method
+        if ($codeChallengeMethod === 'S256') {
+            $computedChallenge = $this->base64UrlEncode(hash('sha256', $codeVerifier, true));
+        } elseif ($codeChallengeMethod === 'plain') {
+            $computedChallenge = $codeVerifier;
+        } else {
+            return false;
+        }
+
+        // Constant-time comparison to prevent timing attacks
+        return hash_equals($codeChallenge, $computedChallenge);
+    }
+ }
+diff --git a/lib/Db/AccessToken.php b/lib/Db/AccessToken.php
+index a0419c0..593c5c8 100644
+--- a/lib/Db/AccessToken.php
+++ b/lib/Db/AccessToken.php
+@@ -27,6 +27,10 @@ use OCP\AppFramework\Db\Entity;
+  * @method void setNonce(string $nonce)
+  * @method string getResource()
+  * @method void setResource(string $resource)
+ * @method string getCodeChallenge()
+ * @method void setCodeChallenge(string $codeChallenge)
+ * @method string getCodeChallengeMethod()
+ * @method void setCodeChallengeMethod(string $codeChallengeMethod)
+  */
+ class AccessToken extends Entity
+ {
+@@ -50,6 +54,10 @@ class AccessToken extends Entity
+     protected $nonce;
+     /** @var string */
+     protected $resource;
+    /** @var string */
+    protected $codeChallenge;
+    /** @var string */
+    protected $codeChallengeMethod;
+ 
+     public function __construct() {
+         $this->addType('id', 'int');
+@@ -62,5 +70,7 @@ class AccessToken extends Entity
+         $this->addType('refreshed', 'int');
+         $this->addType('nonce', 'string');
+         $this->addType('resource', 'string');
+        $this->addType('codeChallenge', 'string');
+        $this->addType('codeChallengeMethod', 'string');
+     }
+ }
+diff --git a/lib/Migration/Version0014Date20251019100100.php b/lib/Migration/Version0014Date20251019100100.php
+new file mode 100644
+index 0000000..bf705b3
+--- /dev/null
+++ b/lib/Migration/Version0014Date20251019100100.php
+@@ -0,0 +1,63 @@
+<?php
+
+declare(strict_types=1);
+
+/**
+ * SPDX-FileCopyrightText: 2022-2025 Thorsten Jagel <dev@jagel.net>
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ */
+namespace OCA\OIDCIdentityProvider\Migration;
+
+use Closure;
+use OCP\DB\ISchemaWrapper;
+use OCP\Migration\IOutput;
+use OCP\Migration\SimpleMigrationStep;
+use Psr\Log\LoggerInterface;
+use OCP\IDBConnection;
+use OCP\DB\Types;
+
+class Version0014Date20251019100100 extends SimpleMigrationStep {
+    private LoggerInterface $logger;
+    private IDBConnection $db;
+
+    public function __construct(
+                    IDBConnection $db,
+                    LoggerInterface $logger
+                    )
+    {
+        $this->db = $db;
+        $this->logger = $logger;
+    }
+
+    /**
+     * @param IOutput $output
+     * @param Closure $schemaClosure The `\Closure` returns a `ISchemaWrapper`
+     * @param array $options
+     * @return null|ISchemaWrapper
+     */
+    public function changeSchema(IOutput $output, Closure $schemaClosure, array $options) {
+        /** @var ISchemaWrapper $schema */
+        $schema = $schemaClosure();
+
+        $table = $schema->getTable('oidc_access_tokens');
+
+        if(!$table->hasColumn('code_challenge')) {
+            $table->addColumn('code_challenge', Types::STRING, [
+                'notnull' => false,
+                'default' => null,
+                'length' => 128,
+            ]);
+        }
+
+        if(!$table->hasColumn('code_challenge_method')) {
+            $table->addColumn('code_challenge_method', Types::STRING, [
+                'notnull' => false,
+                'default' => null,
+                'length' => 16,
+            ]);
+        }
+
+        return $schema;
+    }
+
+}
+diff --git a/lib/Util/DiscoveryGenerator.php b/lib/Util/DiscoveryGenerator.php
+index 6429f94..d96a18c 100644
+--- a/lib/Util/DiscoveryGenerator.php
+++ b/lib/Util/DiscoveryGenerator.php
+@@ -173,7 +173,7 @@ class DiscoveryGenerator
+ 
+         // Add PKCE support if enabled
+         if ($this->appConfig->getAppValueBool('proof_key_for_code_exchange', false)) {
+-            $discoveryPayload['code_challenge_methods_supported'] = ['S256'];
+            $discoveryPayload['code_challenge_methods_supported'] = ['S256', 'plain'];
+         }
+ 
+         $this->logger->info('Request to Discovery Endpoint.');
+-- 
+2.51.1
+
@@ -6,14 +6,18 @@ echo "Installing and configuring Calendar app..."

 # Enable calendar app
 php /var/www/html/occ app:enable calendar
+php /var/www/html/occ app:enable --force tasks # Not currently supported on 32

 # Wait for calendar app to be fully initialized
 echo "Waiting for calendar app to initialize..."
 sleep 5

-# Increase limits on calendar creation for integration tests (100 in 60s)
+# Disable rate limits on calendar creation for integration tests
+# Set to -1 to completely disable rate limiting
+# Reference: https://docs.nextcloud.com/server/stable/admin_manual/groupware/calendar.html#rate-limits
 php occ config:app:set dav rateLimitCalendarCreation --type=integer --value=100
 php occ config:app:set dav rateLimitPeriodCalendarCreation --type=integer --value=60
+php occ config:app:set dav maximumCalendarsSubscriptions --type=integer --value=-1

 # Ensure maintenance mode is off before calendar operations
 php /var/www/html/occ maintenance:mode --off
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+set -euox pipefail
+
+php /var/www/html/occ app:enable cookbook
@@ -11,7 +11,8 @@ php /var/www/html/occ app:enable oidc
 php /var/www/html/occ app:enable user_oidc

 patch -u /var/www/html/custom_apps/user_oidc/lib/User/Backend.php -i /docker-entrypoint-hooks.d/post-installation/0001-Fix-Bearer-token-authentication-causing-session-logo.patch
-patch -u /var/www/html/custom_apps/oidc/lib/Util/DiscoveryGenerator.php -i /docker-entrypoint-hooks.d/post-installation/0002-Add-PKCE-code-challenge-methods-to-discovery-documen.patch
+patch -d /var/www/html/custom_apps/oidc -p1 < /docker-entrypoint-hooks.d/post-installation/0001-feat-Advertise-PKCE-support-in-discovery-document.patch
+patch -d /var/www/html/custom_apps/oidc -p1 < /docker-entrypoint-hooks.d/post-installation/0002-Initial-implementation-of-PKCE.patch

 # Configure OIDC Identity Provider with dynamic client registration enabled
 php /var/www/html/occ config:app:set oidc dynamic_client_registration --value='true'
@@ -39,6 +39,14 @@ services:
      - MYSQL_DATABASE=nextcloud
      - MYSQL_USER=nextcloud
      - MYSQL_HOST=db
+      - REDIS_HOST=redis
+
+  recipes:
+    image: docker.io/library/nginx:alpine@sha256:61e01287e546aac28a3f56839c136b31f590273f3b41187a36f46f6a03bbfe22
+    restart: always
+    volumes:
+      - ./tests/fixtures/test_recipe.html:/usr/share/nginx/html/test_recipe.html:ro
+      - ./tests/fixtures/nginx.conf:/etc/nginx/nginx.conf:ro

  mcp:
    build: .
@@ -0,0 +1,189 @@
+# Cookbook App
+
+### Cookbook Tools
+
+| Tool | Description |
+|------|-------------|
+| `nc_cookbook_import_recipe` | Import a recipe from a URL using schema.org metadata |
+| `nc_cookbook_create_recipe` | Create a new recipe with all schema.org fields |
+| `nc_cookbook_get_recipe` | Get a specific recipe by ID |
+| `nc_cookbook_update_recipe` | Update an existing recipe |
+| `nc_cookbook_delete_recipe` | Delete a recipe permanently |
+| `nc_cookbook_list_recipes` | Get all recipes in the database |
+| `nc_cookbook_search_recipes` | Search for recipes by keywords, tags, and categories |
+| `nc_cookbook_list_categories` | Get all known recipe categories |
+| `nc_cookbook_get_recipes_in_category` | Get all recipes in a specific category |
+| `nc_cookbook_list_keywords` | Get all known recipe keywords/tags |
+| `nc_cookbook_get_recipes_with_keywords` | Get all recipes that have specific keywords |
+| `nc_cookbook_set_config` | Set Cookbook app configuration |
+| `nc_cookbook_reindex` | Trigger a rescan of all recipes into the search database |
+
+### Cookbook Resources
+
+| Resource | Description |
+|----------|-------------|
+| `cookbook://version` | Get Cookbook app and API version information |
+| `cookbook://config` | Get Cookbook app configuration |
+| `nc://Cookbook/{recipe_id}` | Get a specific recipe by ID |
+
+## Recipe Management
+
+The server provides complete Nextcloud Cookbook integration, enabling you to manage your recipe collection:
+
+- **Import recipes from websites** using schema.org metadata
+- Full CRUD operations for recipes
+- Search and organize with categories and keywords
+- Support for structured recipe data (ingredients, instructions, nutrition, etc.)
+- Configure app settings and trigger reindexing
+
+### Schema.org Recipe Format
+
+The Cookbook app uses the [schema.org/Recipe](https://schema.org/Recipe) specification for structured recipe data. This standard format includes:
+
+- **Basic info**: Name, description, image, URL
+- **Timing**: Preparation time, cooking time, total time (ISO8601 format like `PT30M`)
+- **Ingredients**: List of ingredients with quantities
+- **Instructions**: Step-by-step cooking instructions
+- **Metadata**: Category, keywords/tags, yield (servings)
+- **Nutrition**: Optional nutrition information
+
+### Usage Examples
+
+#### Import Recipe from URL
+
+Many recipe websites include schema.org metadata. The import tool automatically extracts this data:
+
+```python
+# Import from a recipe website
+await nc_cookbook_import_recipe(
+    url="https://www.example.com/recipes/chocolate-cake"
+)
+# Returns: Recipe object with all extracted data
+```
+
+#### Create Recipe Manually
+
+```python
+# Create a new recipe from scratch
+await nc_cookbook_create_recipe(
+    name="Homemade Pizza",
+    description="Classic homemade pizza with fresh ingredients",
+    ingredients=[
+        "500g pizza dough",
+        "200g tomato sauce",
+        "300g mozzarella cheese",
+        "Fresh basil leaves",
+        "Olive oil"
+    ],
+    instructions=[
+        "Preheat oven to 250°C (480°F)",
+        "Roll out the pizza dough",
+        "Spread tomato sauce evenly",
+        "Add mozzarella cheese",
+        "Bake for 10-12 minutes",
+        "Top with fresh basil and olive oil"
+    ],
+    category="Main Course",
+    keywords="italian,vegetarian,quick",
+    prep_time="PT20M",      # 20 minutes
+    cook_time="PT12M",      # 12 minutes
+    total_time="PT32M",     # 32 minutes
+    recipe_yield=4          # 4 servings
+)
+```
+
+#### Update Recipe
+
+```python
+# Update recipe details (only specified fields are changed)
+await nc_cookbook_update_recipe(
+    recipe_id=123,
+    description="Updated: Classic homemade pizza - now with video tutorial!",
+    url="https://example.com/videos/pizza-tutorial",
+    keywords="italian,vegetarian,quick,video"
+)
+```
+
+#### Search and Filter
+
+```python
+# Search recipes by keyword
+results = await nc_cookbook_search_recipes(query="chocolate")
+
+# List all categories
+categories = await nc_cookbook_list_categories()
+# Returns: [{"name": "Desserts", "recipe_count": 15}, ...]
+
+# Get recipes in a category
+desserts = await nc_cookbook_get_recipes_in_category(category="Desserts")
+
+# List all keywords/tags
+keywords = await nc_cookbook_list_keywords()
+# Returns: [{"name": "chocolate", "recipe_count": 8}, ...]
+
+# Get recipes with specific tags
+quick_meals = await nc_cookbook_get_recipes_with_keywords(keywords=["quick", "30min"])
+```
+
+#### Manage Configuration
+
+```python
+# Configure the Cookbook app
+await nc_cookbook_set_config(
+    folder="Recipes",           # Folder path in user's files
+    update_interval=15,         # Auto-rescan every 15 minutes
+    print_image=True           # Print images with recipes
+)
+
+# Trigger manual reindex after file changes
+await nc_cookbook_reindex()
+```
+
+### Time Format (ISO8601 Duration)
+
+Recipe times use ISO8601 duration format:
+
+| Duration | Format | Example |
+|----------|--------|---------|
+| 15 minutes | `PT15M` | Prep time |
+| 1 hour | `PT1H` | Baking time |
+| 1 hour 30 minutes | `PT1H30M` | Total time |
+| 45 seconds | `PT45S` | Mixing time |
+| 2 hours 15 minutes | `PT2H15M` | Slow cooking |
+
+### Tips for Recipe Import
+
+**Best practices for importing recipes from URLs:**
+
+1. **Look for schema.org support**: Most modern recipe sites include schema.org metadata
+2. **Check import quality**: Review imported recipes for completeness
+3. **Handle duplicates**: The API prevents duplicate imports by recipe name
+4. **Edit after import**: Update imported recipes with personal notes or adjustments
+
+**Common recipe websites with good schema.org support:**
+- AllRecipes
+- Food Network
+- BBC Good Food
+- Serious Eats
+- Bon Appétit
+- Many food blogs using recipe plugins
+
+### Organizing Your Recipes
+
+**Categories**: Organize recipes by type (Appetizers, Main Course, Desserts, etc.)
+- Use `nc_cookbook_list_categories` to see all categories
+- Filter by category with `nc_cookbook_get_recipes_in_category`
+
+**Keywords/Tags**: Tag recipes with searchable terms (vegetarian, quick, spicy, etc.)
+- Use `nc_cookbook_list_keywords` to see all tags
+- Filter by tags with `nc_cookbook_get_recipes_with_keywords`
+- Search across all fields with `nc_cookbook_search_recipes`
+
+**Reindexing**: The Cookbook app maintains a search index
+- Automatically scans at configured intervals
+- Manually trigger with `nc_cookbook_reindex` after bulk changes
+- Required after modifying recipe files directly in WebDAV
+
+## API Reference
+
+For detailed API documentation, see the [Nextcloud Cookbook OpenAPI specification](https://github.com/nextcloud/cookbook/tree/master/docs/dev/api/0.1.2).
@@ -296,8 +296,7 @@ See [Configuration Guide](configuration.md) for all OAuth environment variables:

 The integration test suite includes comprehensive OAuth testing:

- **Automated tests** (Playwright): [`tests/integration/test_oauth_playwright.py`](../tests/integration/test_oauth_playwright.py)
- **Interactive tests**: [`tests/integration/test_oauth_interactive.py`](../tests/integration/test_oauth_interactive.py)
+- **Automated tests** (Playwright): [`tests/client/test_oauth_playwright.py`](../tests/client/test_oauth_playwright.py)
 - **Fixtures**: [`tests/conftest.py`](../tests/conftest.py)

 Run OAuth tests:
@@ -306,10 +305,7 @@ Run OAuth tests:
 docker-compose up --build -d mcp-oauth

 # Run automated tests
-uv run pytest tests/integration/test_oauth_playwright.py --browser firefox -v
-
-# Run interactive tests (manual login)
-uv run pytest tests/integration/test_oauth_interactive.py -v
+uv run pytest tests/client/test_oauth_playwright.py --browser firefox -v
 ```

 ## See Also
@@ -171,7 +171,7 @@ The integration test suite validates OAuth functionality:
 docker-compose up --build -d mcp-oauth

 # Run comprehensive OAuth tests
-uv run pytest tests/integration/test_oauth_playwright.py --browser firefox -v
+uv run pytest tests/client/test_oauth_playwright.py --browser firefox -v

 # Tests verify:
 # - OAuth flow completion
@@ -0,0 +1,317 @@
+# Testing Client Sessions Architecture
+
+## Overview
+
+This document compares different approaches to managing MCP client sessions in integration tests, addressing the fundamental incompatibility between pytest-asyncio's fixture management and anyio's structured concurrency requirements.
+
+## The Problem
+
+When using pytest-asyncio with anyio-based libraries (like the MCP Python SDK), session-scoped async generator fixtures encounter a fundamental issue:
+
+1. **pytest-asyncio** runs fixture teardown in a **new asyncio task** using `runner.run()`
+2. **anyio** requires that cancel scopes be entered and exited in the **same task**
+3. This causes `RuntimeError: Attempted to exit cancel scope in a different task than it was entered in`
+
+This is a **known limitation** documented in the anyio project and is not a bug in either pytest-asyncio or anyio, but rather an inherent incompatibility between their design philosophies.
+
+## Solution Comparison
+
+### Solution 1: Native Async Context Managers with Surgical Exception Handling ✅ **IMPLEMENTED**
+
+**Approach**: Use native `async with` statements for clean code structure, but add targeted exception handling at the pytest fixture level to handle the expected teardown errors.
+
+**Implementation**:
+
+```python
+async def create_mcp_client_session(
+    url: str,
+    token: str | None = None,
+    client_name: str = "MCP",
+) -> AsyncGenerator[ClientSession, Any]:
+    """Uses native async context managers for clean LIFO cleanup."""
+    headers = {"Authorization": f"Bearer {token}"} if token else None
+
+    async with streamablehttp_client(url, headers=headers) as (read_stream, write_stream, _):
+        async with ClientSession(read_stream, write_stream) as session:
+            await session.initialize()
+            yield session
+
+@pytest.fixture(scope="session")
+async def nc_mcp_client() -> AsyncGenerator[ClientSession, Any]:
+    """Fixture with surgical exception handling for pytest-asyncio incompatibility."""
+    try:
+        async for session in create_mcp_client_session(
+            url="http://127.0.0.1:8000/mcp", client_name="Basic MCP"
+        ):
+            yield session
+    except RuntimeError as e:
+        # Only catch the specific expected error during pytest teardown
+        if "cancel scope" in str(e) and "different task" in str(e):
+            logger.debug(f"Ignoring expected pytest-asyncio teardown issue: {e}")
+        else:
+            # Unexpected RuntimeError - re-raise to fail the test
+            raise
+```
+
+**Pros**:
+- ✅ Clean, idiomatic code using native Python context managers
+- ✅ Exception handling is surgical - only catches the specific expected error
+- ✅ Unexpected errors still propagate and fail tests
+- ✅ Can use session-scoped fixtures for performance
+- ✅ Easy to understand and maintain
+- ✅ Minimal code changes from original implementation
+- ✅ No external dependencies required
+
+**Cons**:
+- ⚠️ Still requires exception suppression (though targeted)
+- ⚠️ String-based exception matching is somewhat fragile
+- ⚠️ Must apply the pattern to each session-scoped fixture
+- ⚠️ Doesn't solve the root cause
+
+**Verdict**: **Recommended** - Best balance of code clarity, maintainability, and pragmatism.
+
+---
+
+### Solution 2: Task-Isolated Fixtures
+
+**Approach**: Run each fixture's client session in an isolated anyio task group, allowing independent cleanup without cross-fixture interference.
+
+**Implementation**:
+
+```python
+@pytest.fixture(scope="session")
+async def nc_mcp_client() -> AsyncGenerator[ClientSession, Any]:
+    """Fixture with task isolation for clean teardown."""
+    import anyio
+
+    session_holder = {"session": None}
+
+    async def create_and_hold_session():
+        """Runs in isolated task - creates session and keeps it alive."""
+        async with streamablehttp_client("http://127.0.0.1:8000/mcp") as (read_stream, write_stream, _):
+            async with ClientSession(read_stream, write_stream) as session:
+                await session.initialize()
+                session_holder["session"] = session
+
+                # Keep session alive until cancelled
+                try:
+                    await anyio.sleep_forever()
+                except anyio.get_cancelled_exc_class():
+                    pass  # Expected cancellation
+
+    async with anyio.create_task_group() as tg:
+        tg.start_soon(create_and_hold_session)
+
+        # Wait for session to be ready
+        while session_holder["session"] is None:
+            await anyio.sleep(0.1)
+
+        yield session_holder["session"]
+
+        # Task group cancellation ensures clean LIFO cleanup
+        tg.cancel_scope.cancel()
+```
+
+**Pros**:
+- ✅ No exception suppression needed
+- ✅ Each fixture has its own isolated task scope
+- ✅ More theoretically correct approach
+- ✅ Can use session-scoped fixtures
+
+**Cons**:
+- ❌ Significantly more complex code
+- ❌ Harder to understand for developers unfamiliar with anyio
+- ❌ Requires understanding of task groups and cancel scopes
+- ❌ More boilerplate per fixture
+- ❌ Still doesn't solve the fundamental pytest-asyncio incompatibility
+- ❌ Polling for session readiness is inelegant
+- ❌ Higher cognitive overhead for maintenance
+
+**Verdict**: **Not Recommended** - Complexity outweighs benefits. Consider only if exception handling is completely unacceptable.
+
+---
+
+### Solution 3: Function-Scoped Fixtures with Nested Context Managers
+
+**Approach**: Change fixtures to function scope and rely on Python's context manager nesting for guaranteed LIFO cleanup.
+
+**Implementation**:
+
+```python
+@pytest.fixture(scope="function")  # Changed from session
+async def nc_mcp_client() -> AsyncGenerator[ClientSession, Any]:
+    """Function-scoped fixture with natural LIFO cleanup."""
+    async with streamablehttp_client("http://127.0.0.1:8000/mcp") as (read_stream, write_stream, _):
+        async with ClientSession(read_stream, write_stream) as session:
+            await session.initialize()
+            yield session
+
+# For tests needing multiple clients:
+@pytest.fixture(scope="function")
+async def multi_mcp_clients() -> AsyncGenerator[tuple[ClientSession, ClientSession], Any]:
+    """Multiple clients with guaranteed LIFO cleanup through nesting."""
+    async with streamablehttp_client("http://127.0.0.1:8000/mcp") as (read1, write1, _):
+        async with ClientSession(read1, write1) as session1:
+            await session1.initialize()
+
+            async with streamablehttp_client("http://127.0.0.1:8001/mcp") as (read2, write2, _):
+                async with ClientSession(read2, write2) as session2:
+                    await session2.initialize()
+                    yield session1, session2
+    # Cleanup: session2 -> stream2 -> session1 -> stream1 (LIFO guaranteed)
+```
+
+**Pros**:
+- ✅ No exception handling needed
+- ✅ Simplest to understand
+- ✅ Natural LIFO cleanup through Python's context managers
+- ✅ Each test gets fresh clients (better isolation)
+- ✅ No workarounds or hacks required
+
+**Cons**:
+- ❌ Significantly slower tests (new clients per test)
+- ❌ Cannot share client state across tests
+- ❌ More resource intensive
+- ❌ Higher overhead for test suite execution
+- ❌ May not be practical for expensive fixtures (e.g., OAuth tokens)
+- ❌ Nested context managers become unwieldy with many clients
+
+**Verdict**: **Good Alternative** - Consider for specific fixtures where session scope isn't critical, or for new test files where performance isn't a concern.
+
+---
+
+### Solution 4: Use pytest-trio Instead of pytest-asyncio (Future)
+
+**Approach**: Replace pytest-asyncio with pytest-trio, which was designed with structured concurrency in mind.
+
+**Implementation**:
+
+```python
+# pyproject.toml
+[tool.pytest.ini_options]
+# Remove: asyncio_mode = "auto"
+# Add: trio_mode = "auto"
+
+# Fixtures work naturally with trio
+@pytest.fixture(scope="session")
+async def nc_mcp_client() -> AsyncGenerator[ClientSession, Any]:
+    async with streamablehttp_client("http://127.0.0.1:8000/mcp") as (read, write, _):
+        async with ClientSession(read, write) as session:
+            await session.initialize()
+            yield session
+```
+
+**Pros**:
+- ✅ No workarounds needed
+- ✅ Designed for structured concurrency
+- ✅ Theoretically cleanest solution
+- ✅ Can use session-scoped fixtures naturally
+
+**Cons**:
+- ❌ Requires switching from asyncio to trio backend
+- ❌ Major refactoring required
+- ❌ May break existing code that assumes asyncio
+- ❌ Dependency changes throughout project
+- ❌ Team needs to learn trio ecosystem
+- ❌ Less ecosystem support than asyncio
+
+**Verdict**: **Not Practical** - Too disruptive for existing projects. Consider only for greenfield projects or major rewrites.
+
+---
+
+## Decision Matrix
+
+| Solution | Code Clarity | Maintenance | Performance | Safety | Effort |
+|----------|--------------|-------------|-------------|--------|--------|
+| **Solution 1** (Implemented) | ⭐⭐⭐⭐ | ⭐⭐⭐⭐ | ⭐⭐⭐⭐⭐ | ⭐⭐⭐⭐ | ⭐⭐⭐⭐⭐ |
+| Solution 2 (Task-Isolated) | ⭐⭐ | ⭐⭐ | ⭐⭐⭐⭐⭐ | ⭐⭐⭐⭐⭐ | ⭐⭐ |
+| Solution 3 (Function-Scoped) | ⭐⭐⭐⭐⭐ | ⭐⭐⭐⭐⭐ | ⭐⭐ | ⭐⭐⭐⭐⭐ | ⭐⭐⭐⭐⭐ |
+| Solution 4 (pytest-trio) | ⭐⭐⭐⭐⭐ | ⭐⭐⭐ | ⭐⭐⭐⭐⭐ | ⭐⭐⭐⭐⭐ | ⭐ |
+
+## Implementation Details
+
+### What Changed in Solution 1
+
+1. **`create_mcp_client_session` function** (conftest.py:61-110):
+   - Replaced manual `__aenter__`/`__aexit__` calls with native `async with` statements
+   - Removed blanket exception suppression from cleanup logic
+   - Added clear documentation about LIFO cleanup order
+   - Simplified from ~60 lines to ~40 lines
+
+2. **Session-scoped MCP client fixtures** (conftest.py:148-1269):
+   - Added targeted exception handling wrapper
+   - Only catches specific "cancel scope" + "different task" RuntimeError
+   - All other exceptions propagate normally
+   - Applied to: `nc_mcp_client`, `nc_mcp_oauth_client`, `alice_mcp_client`, `bob_mcp_client`, `charlie_mcp_client`, `diana_mcp_client`
+
+3. **Documentation**:
+   - Added comprehensive docstrings explaining the workaround
+   - Referenced MCP SDK issue #577 for context
+   - Documented why this is necessary and not a bug
+
+### Benefits of This Implementation
+
+1. **Clean Core Logic**: The `create_mcp_client_session` function is now clean, idiomatic Python with no workarounds
+2. **Isolated Workaround**: Exception handling is confined to pytest fixture level where the issue actually occurs
+3. **Surgical Exception Handling**: Only catches the specific expected error, not all RuntimeErrors
+4. **Performance**: Maintains session-scoped fixtures for fast test execution
+5. **Maintainability**: Easy to understand and modify
+6. **Safety**: Real errors still cause test failures
+
+## Testing Results
+
+All tests pass cleanly with the implementation:
+
+```bash
+$ uv run pytest tests/server/test_mcp.py -v
+============================================= test session starts ==============================================
+tests/server/test_mcp.py::test_mcp_connectivity PASSED                                            [ 16%]
+tests/server/test_mcp.py::test_mcp_notes_crud_workflow PASSED                                     [ 33%]
+tests/server/test_mcp.py::test_mcp_notes_etag_conflict PASSED                                     [ 50%]
+tests/server/test_mcp.py::test_mcp_webdav_workflow PASSED                                         [ 66%]
+tests/server/test_mcp.py::test_mcp_resources_access PASSED                                        [ 83%]
+tests/server/test_mcp.py::test_mcp_calendar_workflow PASSED                                       [100%]
+============================================== 6 passed in 39.52s ==============================================
+```
+
+## Recommendations
+
+### For This Project: Solution 1 ✅
+
+The implemented solution (Solution 1) is the best fit because:
+- Minimal disruption to existing tests
+- Clean, maintainable code
+- Good performance with session-scoped fixtures
+- Targeted exception handling that doesn't hide real errors
+
+### For New Test Files: Consider Solution 3
+
+For new test files where performance isn't critical, consider using function-scoped fixtures (Solution 3):
+- No workarounds needed
+- Perfect code clarity
+- Better test isolation
+
+### For Greenfield Projects: Consider Solution 4
+
+For new projects starting from scratch, consider pytest-trio instead of pytest-asyncio:
+- Native structured concurrency support
+- No workarounds needed
+- Better alignment with modern async Python patterns
+
+## Related Resources
+
+- [MCP Python SDK Issue #577](https://github.com/modelcontextprotocol/python-sdk/issues/577) - Original issue report
+- [Anyio Issue #345](https://github.com/agronholm/anyio/issues/345) - Discussion of fixture limitations
+- [Nextcloud MCP Note 378555](nextcloud://notes/378555) - Detailed investigation notes
+- pytest-asyncio documentation: https://pytest-asyncio.readthedocs.io/
+- anyio structured concurrency guide: https://anyio.readthedocs.io/en/stable/basics.html
+
+## Appendix: Why Can't This Be Fixed Upstream?
+
+The incompatibility cannot be "fixed" in either pytest-asyncio or anyio without breaking their core design:
+
+1. **pytest-asyncio** needs to manage fixture lifecycle across different scopes, requiring separate task creation for cleanup
+2. **anyio** enforces structured concurrency guarantees by requiring same-task cancel scope entry/exit
+3. These requirements are fundamentally incompatible
+
+The maintainers of both projects are aware of this issue, and it's considered an acceptable trade-off given their respective design goals. The recommended approach is to handle it at the application level, as we've done here.
@@ -5,6 +5,7 @@ from contextlib import AsyncExitStack, asynccontextmanager
 from dataclasses import dataclass

 import click
+import httpx
 import uvicorn
 from mcp.server.auth.settings import AuthSettings
 from mcp.server.fastmcp import Context, FastMCP
@@ -14,11 +15,12 @@ from starlette.routing import Mount

 from nextcloud_mcp_server.auth import NextcloudTokenVerifier, load_or_register_client
 from nextcloud_mcp_server.client import NextcloudClient
-from nextcloud_mcp_server.config import setup_logging
+from nextcloud_mcp_server.config import LOGGING_CONFIG, setup_logging
 from nextcloud_mcp_server.context import get_client as get_nextcloud_client
 from nextcloud_mcp_server.server import (
    configure_calendar_tools,
    configure_contacts_tools,
+    configure_cookbook_tools,
    configure_deck_tools,
    configure_notes_tools,
    configure_sharing_tools,
@@ -175,8 +177,6 @@ async def app_lifespan_oauth(server: FastMCP) -> AsyncIterator[OAuthAppContext]:

    try:
        # Fetch OIDC discovery
-        import httpx
-
        async with httpx.AsyncClient() as client:
            response = await client.get(discovery_url)
            response.raise_for_status()
@@ -265,8 +265,6 @@ async def setup_oauth_config():
    logger.info(f"Performing OIDC discovery: {discovery_url}")

    # Fetch OIDC discovery
-    import httpx
-
    async with httpx.AsyncClient() as client:
        response = await client.get(discovery_url)
        response.raise_for_status()
@@ -351,9 +349,7 @@ def get_app(transport: str = "sse", enabled_apps: list[str] | None = None):
        # Asynchronously get the OAuth configuration
        import asyncio

-        nextcloud_host, token_verifier, auth_settings = asyncio.run(
-            setup_oauth_config()
-        )
+        _, token_verifier, auth_settings = asyncio.run(setup_oauth_config())
        mcp = FastMCP(
            "Nextcloud MCP",
            lifespan=app_lifespan_oauth,
@@ -379,6 +375,7 @@ def get_app(transport: str = "sse", enabled_apps: list[str] | None = None):
        "sharing": configure_sharing_tools,
        "calendar": configure_calendar_tools,
        "contacts": configure_contacts_tools,
+        "cookbook": configure_cookbook_tools,
        "deck": configure_deck_tools,
    }

@@ -420,10 +417,6 @@ def get_app(transport: str = "sse", enabled_apps: list[str] | None = None):
@click.option(
    "--port", "-p", type=int, default=8000, show_default=True, help="Server port"
 )
-@click.option(
-    "--workers", "-w", type=int, default=None, help="Number of worker processes"
-)
-@click.option("--reload", "-r", is_flag=True, help="Enable auto-reload")
@click.option(
    "--log-level",
    "-l",
@@ -444,7 +437,9 @@ def get_app(transport: str = "sse", enabled_apps: list[str] | None = None):
    "--enable-app",
    "-e",
    multiple=True,
-    type=click.Choice(["notes", "tables", "webdav", "calendar", "contacts", "deck"]),
+    type=click.Choice(
+        ["notes", "tables", "webdav", "calendar", "contacts", "cookbook", "deck"]
+    ),
    help="Enable specific Nextcloud app APIs. Can be specified multiple times. If not specified, all apps are enabled.",
 )
@click.option(
@@ -479,8 +474,6 @@ def get_app(transport: str = "sse", enabled_apps: list[str] | None = None):
 def run(
    host: str,
    port: int,
-    workers: int,
-    reload: bool,
    log_level: str,
    transport: str,
    enable_app: tuple[str, ...],
@@ -587,21 +580,10 @@ def run(

    enabled_apps = list(enable_app) if enable_app else None

-    if reload or workers:
-        app = "nextcloud_mcp_server.app:get_app"
-        factory = True
-    else:
-        app = get_app(transport=transport, enabled_apps=enabled_apps)
-        factory = False
+    app = get_app(transport=transport, enabled_apps=enabled_apps)

    uvicorn.run(
-        app=app,
-        factory=factory,
-        host=host,
-        port=port,
-        reload=reload,
-        workers=workers,
-        log_level=log_level,
+        app=app, host=host, port=port, log_level=log_level, log_config=LOGGING_CONFIG
    )


@@ -14,13 +14,14 @@ from httpx import (
 from ..controllers.notes_search import NotesSearchController
 from .calendar import CalendarClient
 from .contacts import ContactsClient
+from .cookbook import CookbookClient
 from .deck import DeckClient
 from .groups import GroupsClient
 from .notes import NotesClient
 from .sharing import SharingClient
 from .tables import TablesClient
-from .webdav import WebDAVClient
 from .users import UsersClient
+from .webdav import WebDAVClient

 logger = logging.getLogger(__name__)

@@ -71,8 +72,11 @@ class NextcloudClient:
        self.notes = NotesClient(self._client, username)
        self.webdav = WebDAVClient(self._client, username)
        self.tables = TablesClient(self._client, username)
-        self.calendar = CalendarClient(self._client, username)
+        self.calendar = CalendarClient(
+            base_url, username, auth
+        )  # Uses AsyncDavClient internally
        self.contacts = ContactsClient(self._client, username)
+        self.cookbook = CookbookClient(self._client, username)
        self.deck = DeckClient(self._client, username)
        self.users = UsersClient(self._client, username)
        self.groups = GroupsClient(self._client, username)
@@ -119,13 +123,14 @@ class NextcloudClient:

    async def notes_search_notes(self, *, query: str):
        """Search notes using token-based matching with relevance ranking."""
-        all_notes = await self.notes.get_all_notes()
-        return self._notes_search.search_notes(all_notes, query)
+        all_notes = self.notes.get_all_notes()
+        return await self._notes_search.search_notes(all_notes, query)

    def _get_webdav_base_path(self) -> str:
        """Helper to get the base WebDAV path for the authenticated user."""
        return f"/remote.php/dav/files/{self.username}"

    async def close(self):
-        """Close the HTTP client."""
+        """Close the HTTP client and CalDAV client."""
        await self._client.aclose()
+        await self.calendar.close()
@@ -0,0 +1,250 @@
+"""Client for Nextcloud Cookbook app operations."""
+
+import logging
+from typing import Any, Dict, List
+
+from httpx import Timeout
+
+from .base import BaseNextcloudClient
+
+logger = logging.getLogger(__name__)
+
+
+class CookbookClient(BaseNextcloudClient):
+    """Client for Nextcloud Cookbook app operations."""
+
+    async def get_version(self) -> Dict[str, Any]:
+        """Get Cookbook app and API version."""
+        response = await self._make_request("GET", "/apps/cookbook/api/version")
+        return response.json()
+
+    async def get_config(self) -> Dict[str, Any]:
+        """Get current Cookbook app configuration."""
+        response = await self._make_request("GET", "/apps/cookbook/api/v1/config")
+        return response.json()
+
+    async def set_config(self, config: Dict[str, Any]) -> Dict[str, Any]:
+        """Set Cookbook app configuration.
+
+        Args:
+            config: Configuration dictionary with fields like:
+                - folder: Recipe folder path
+                - update_interval: Auto-rescan interval in minutes
+                - print_image: Whether to print images with recipes
+                - visibleInfoBlocks: Visible info blocks configuration
+
+        Returns:
+            Response with status message
+        """
+        response = await self._make_request(
+            "POST", "/apps/cookbook/api/v1/config", json=config
+        )
+        return response.json()
+
+    async def reindex(self) -> str:
+        """Trigger a rescan of all recipes into the caching database.
+
+        Returns:
+            Success message
+        """
+        response = await self._make_request("POST", "/apps/cookbook/api/v1/reindex")
+        return response.json()
+
+    async def list_recipes(self) -> List[Dict[str, Any]]:
+        """Get all recipes in the database.
+
+        Returns:
+            List of recipe stubs with basic information
+        """
+        response = await self._make_request("GET", "/apps/cookbook/api/v1/recipes")
+        return response.json()
+
+    async def get_recipe(self, recipe_id: int) -> Dict[str, Any]:
+        """Get a single recipe by ID.
+
+        Args:
+            recipe_id: The recipe ID
+
+        Returns:
+            Full recipe data
+        """
+        response = await self._make_request(
+            "GET", f"/apps/cookbook/api/v1/recipes/{recipe_id}"
+        )
+        return response.json()
+
+    async def create_recipe(self, recipe_data: Dict[str, Any]) -> int:
+        """Create a new recipe.
+
+        Args:
+            recipe_data: Recipe data following schema.org/Recipe format.
+                Required: name
+                Optional: description, ingredients, instructions, etc.
+
+        Returns:
+            ID of the newly created recipe
+        """
+        response = await self._make_request(
+            "POST", "/apps/cookbook/api/v1/recipes", json=recipe_data
+        )
+        return response.json()
+
+    async def update_recipe(self, recipe_id: int, recipe_data: Dict[str, Any]) -> int:
+        """Update an existing recipe.
+
+        Args:
+            recipe_id: The recipe ID to update
+            recipe_data: Updated recipe data
+
+        Returns:
+            ID of the updated recipe
+        """
+        response = await self._make_request(
+            "PUT", f"/apps/cookbook/api/v1/recipes/{recipe_id}", json=recipe_data
+        )
+        return response.json()
+
+    async def delete_recipe(self, recipe_id: int) -> str:
+        """Delete a recipe.
+
+        Args:
+            recipe_id: The recipe ID to delete
+
+        Returns:
+            Success message
+        """
+        response = await self._make_request(
+            "DELETE", f"/apps/cookbook/api/v1/recipes/{recipe_id}"
+        )
+        return response.json()
+
+    async def import_recipe(self, url: str) -> Dict[str, Any]:
+        """Import a recipe from a URL using schema.org metadata.
+
+        Args:
+            url: URL of the recipe to import
+
+        Returns:
+            Full imported recipe data
+        """
+        logger.info(f"Importing recipe from URL: {url}")
+        response = await self._make_request(
+            "POST",
+            "/apps/cookbook/api/v1/import",
+            json={"url": url},
+            timeout=Timeout(300.0),
+        )
+        return response.json()
+
+    async def get_recipe_image(self, recipe_id: int, size: str = "full") -> bytes:
+        """Get the main image of a recipe.
+
+        Args:
+            recipe_id: The recipe ID
+            size: Image size - "full", "thumb" (250px), or "thumb16" (16px)
+
+        Returns:
+            Image bytes
+        """
+        response = await self._make_request(
+            "GET",
+            f"/apps/cookbook/api/v1/recipes/{recipe_id}/image",
+            params={"size": size},
+        )
+        return response.content
+
+    async def search_recipes(self, query: str) -> List[Dict[str, Any]]:
+        """Search for recipes by keywords, tags, and categories.
+
+        Args:
+            query: Search string (URL-encoded, space/comma separated)
+
+        Returns:
+            List of matching recipe stubs
+        """
+        # URL encode the query
+        from urllib.parse import quote
+
+        encoded_query = quote(query)
+        response = await self._make_request(
+            "GET", f"/apps/cookbook/api/v1/search/{encoded_query}"
+        )
+        return response.json()
+
+    async def list_categories(self) -> List[Dict[str, Any]]:
+        """Get all known categories.
+
+        Note: A category name of '*' indicates recipes with no category.
+
+        Returns:
+            List of categories with recipe counts
+        """
+        response = await self._make_request("GET", "/apps/cookbook/api/v1/categories")
+        return response.json()
+
+    async def get_recipes_in_category(self, category: str) -> List[Dict[str, Any]]:
+        """Get all recipes in a specific category.
+
+        Args:
+            category: Category name (use "_" for recipes with no category)
+
+        Returns:
+            List of recipe stubs in the category
+        """
+        from urllib.parse import quote
+
+        encoded_category = quote(category)
+        response = await self._make_request(
+            "GET", f"/apps/cookbook/api/v1/category/{encoded_category}"
+        )
+        return response.json()
+
+    async def rename_category(self, old_name: str, new_name: str) -> str:
+        """Rename a category.
+
+        Args:
+            old_name: Current category name
+            new_name: New category name
+
+        Returns:
+            New category name
+        """
+        from urllib.parse import quote
+
+        encoded_old_name = quote(old_name)
+        response = await self._make_request(
+            "PUT",
+            f"/apps/cookbook/api/v1/category/{encoded_old_name}",
+            json={"name": new_name},
+        )
+        return response.json()
+
+    async def list_keywords(self) -> List[Dict[str, Any]]:
+        """Get all known keywords/tags.
+
+        Returns:
+            List of keywords with recipe counts
+        """
+        response = await self._make_request("GET", "/apps/cookbook/api/v1/keywords")
+        return response.json()
+
+    async def get_recipes_with_keywords(
+        self, keywords: List[str]
+    ) -> List[Dict[str, Any]]:
+        """Get all recipes associated with certain keywords.
+
+        Args:
+            keywords: List of keywords to filter by
+
+        Returns:
+            List of recipe stubs matching the keywords
+        """
+        from urllib.parse import quote
+
+        # Join keywords with commas
+        keywords_str = ",".join(keywords)
+        encoded_keywords = quote(keywords_str)
+        response = await self._make_request(
+            "GET", f"/apps/cookbook/api/v1/tags/{encoded_keywords}"
+        )
+        return response.json()
@@ -1,7 +1,7 @@
 """Client for Nextcloud Notes app operations."""

 import logging
-from typing import Any, Dict, List, Optional
+from typing import Any, AsyncIterator, Dict, Optional

 from .base import BaseNextcloudClient

@@ -16,24 +16,22 @@ class NotesClient(BaseNextcloudClient):
        response = await self._make_request("GET", "/apps/notes/api/v1/settings")
        return response.json()

-    async def get_all_notes(self) -> List[Dict[str, Any]]:
-        """Get all notes."""
-        notes = []
+    async def get_all_notes(self) -> AsyncIterator[Dict[str, Any]]:
+        """Get all notes, yielding them one at a time."""
        cursor = ""

        while True:
            response = await self._make_request(
                "GET",
                "/apps/notes/api/v1/notes",
-                params={"chunkSize": 50, "chunkCursor": cursor},
+                params={"chunkSize": 10, "chunkCursor": cursor},
            )
-            notes.extend(response.json())
+            for note in response.json():
+                yield note
            if "X-Notes-Chunk-Cursor" not in response.headers:
                break
            cursor = response.headers["X-Notes-Chunk-Cursor"]

-        return notes
-
    async def get_note(self, note_id: int) -> Dict[str, Any]:
        """Get a specific note by ID."""
        response = await self._make_request(
@@ -1,4 +1,5 @@
-from typing import List, Optional, Dict
+from typing import Dict, List, Optional
+
 from nextcloud_mcp_server.client.base import BaseNextcloudClient
 from nextcloud_mcp_server.models.users import UserDetails

@@ -570,3 +570,379 @@ class WebDAVClient(BaseNextcloudClient):
                f"Unexpected error copying resource from '{source_path}' to '{destination_path}': {e}"
            )
            raise e
+
+    async def search_files(
+        self,
+        scope: str = "",
+        where_conditions: Optional[str] = None,
+        properties: Optional[List[str]] = None,
+        order_by: Optional[List[Tuple[str, str]]] = None,
+        limit: Optional[int] = None,
+    ) -> List[Dict[str, Any]]:
+        """Search for files using WebDAV SEARCH method (RFC 5323).
+
+        Args:
+            scope: Directory path to search in (empty string for user root)
+            where_conditions: XML string for where clause conditions
+            properties: List of property names to retrieve (defaults to basic set)
+            order_by: List of (property, direction) tuples for sorting, e.g. [("getlastmodified", "descending")]
+            limit: Maximum number of results to return
+
+        Returns:
+            List of file/directory dictionaries with requested properties
+        """
+        # Default properties if not specified
+        if properties is None:
+            properties = [
+                "displayname",
+                "getcontentlength",
+                "getcontenttype",
+                "getlastmodified",
+                "resourcetype",
+                "getetag",
+            ]
+
+        # Build the SEARCH request XML
+        search_body = self._build_search_xml(
+            scope=scope,
+            where_conditions=where_conditions,
+            properties=properties,
+            order_by=order_by,
+            limit=limit,
+        )
+
+        # The SEARCH endpoint is at the dav root
+        search_path = "/remote.php/dav/"
+
+        headers = {"Content-Type": "text/xml", "OCS-APIRequest": "true"}
+
+        logger.debug(f"Searching files in scope: {scope}")
+
+        try:
+            response = await self._make_request(
+                "SEARCH", search_path, content=search_body, headers=headers
+            )
+            response.raise_for_status()
+
+            # Parse the XML response
+            results = self._parse_search_response(response.content, scope)
+
+            logger.debug(f"Search returned {len(results)} results")
+            return results
+
+        except HTTPStatusError as e:
+            logger.error(f"HTTP error during search: {e}")
+            raise e
+        except Exception as e:
+            logger.error(f"Unexpected error during search: {e}")
+            raise e
+
+    def _build_search_xml(
+        self,
+        scope: str,
+        where_conditions: Optional[str],
+        properties: List[str],
+        order_by: Optional[List[Tuple[str, str]]],
+        limit: Optional[int],
+    ) -> str:
+        """Build the XML body for a SEARCH request."""
+        # Construct the scope path
+        username = self.username
+        scope_path = f"/files/{username}"
+        if scope:
+            scope_path = f"{scope_path}/{scope.lstrip('/')}"
+
+        # Build property list
+        prop_xml = "\n".join([self._property_to_xml(prop) for prop in properties])
+
+        # Build where clause
+        where_xml = where_conditions if where_conditions else ""
+
+        # Build order by clause
+        orderby_xml = ""
+        if order_by:
+            order_elements = []
+            for prop, direction in order_by:
+                prop_element = self._property_to_xml(prop)
+                dir_element = (
+                    "<d:ascending/>"
+                    if direction.lower() == "ascending"
+                    else "<d:descending/>"
+                )
+                order_elements.append(f"<d:order>{prop_element}{dir_element}</d:order>")
+            orderby_xml = "\n".join(order_elements)
+        else:
+            orderby_xml = ""
+
+        # Build limit clause
+        limit_xml = (
+            f"<d:limit><d:nresults>{limit}</d:nresults></d:limit>" if limit else ""
+        )
+
+        # Construct the full SEARCH XML
+        search_xml = f"""<?xml version="1.0" encoding="UTF-8"?>
+<d:searchrequest xmlns:d="DAV:" xmlns:oc="http://owncloud.org/ns" xmlns:nc="http://nextcloud.org/ns">
+    <d:basicsearch>
+        <d:select>
+            <d:prop>
+                {prop_xml}
+            </d:prop>
+        </d:select>
+        <d:from>
+            <d:scope>
+                <d:href>{scope_path}</d:href>
+                <d:depth>infinity</d:depth>
+            </d:scope>
+        </d:from>
+        <d:where>
+            {where_xml}
+        </d:where>
+        <d:orderby>
+            {orderby_xml}
+        </d:orderby>
+        {limit_xml}
+    </d:basicsearch>
+</d:searchrequest>"""
+
+        return search_xml
+
+    def _property_to_xml(self, prop: str) -> str:
+        """Convert a property name to its XML element."""
+        # Handle properties with namespace prefixes
+        if prop.startswith("{"):
+            # Already a full namespace
+            namespace_end = prop.index("}")
+            namespace = prop[1:namespace_end]
+            local_name = prop[namespace_end + 1 :]
+
+            # Map namespace URIs to prefixes
+            ns_map = {
+                "DAV:": "d",
+                "http://owncloud.org/ns": "oc",
+                "http://nextcloud.org/ns": "nc",
+            }
+
+            prefix = ns_map.get(namespace, "d")
+            return f"<{prefix}:{local_name}/>"
+        else:
+            # Guess namespace based on common properties
+            if prop in [
+                "displayname",
+                "getcontentlength",
+                "getcontenttype",
+                "getlastmodified",
+                "resourcetype",
+                "getetag",
+                "quota-available-bytes",
+                "quota-used-bytes",
+            ]:
+                return f"<d:{prop}/>"
+            elif prop in [
+                "fileid",
+                "size",
+                "permissions",
+                "favorite",
+                "tags",
+                "owner-id",
+                "owner-display-name",
+                "share-types",
+                "checksums",
+                "comments-count",
+                "comments-unread",
+            ]:
+                return f"<oc:{prop}/>"
+            else:
+                # Assume nc namespace for newer properties
+                return f"<nc:{prop}/>"
+
+    def _parse_search_response(
+        self, xml_content: bytes, scope: str
+    ) -> List[Dict[str, Any]]:
+        """Parse the XML response from a SEARCH request."""
+        root = ET.fromstring(xml_content)
+        items = []
+
+        # Process each response element
+        responses = root.findall(".//{DAV:}response")
+
+        for response_elem in responses:
+            href = response_elem.find(".//{DAV:}href")
+            if href is None:
+                continue
+
+            # Extract file/directory path from href
+            href_text = href.text or ""
+            # Remove the /remote.php/dav/files/username/ prefix to get relative path
+            path_parts = href_text.split("/files/")
+            if len(path_parts) > 1:
+                # Get the path after username
+                path_after_user = "/".join(path_parts[1].split("/")[1:])
+                relative_path = path_after_user.rstrip("/")
+            else:
+                relative_path = href_text.rstrip("/").split("/")[-1]
+
+            # Get properties
+            propstat = response_elem.find(".//{DAV:}propstat")
+            if propstat is None:
+                continue
+
+            prop = propstat.find(".//{DAV:}prop")
+            if prop is None:
+                continue
+
+            # Build item dictionary
+            item = {"path": relative_path, "href": href_text}
+
+            # Extract all properties
+            for child in prop:
+                tag = child.tag
+                value = child.text
+
+                # Remove namespace from tag
+                if "}" in tag:
+                    tag = tag.split("}", 1)[1]
+
+                # Handle special properties
+                if tag == "resourcetype":
+                    item["is_directory"] = child.find(".//{DAV:}collection") is not None
+                elif tag == "getcontentlength":
+                    item["size"] = int(value) if value else 0
+                elif tag == "displayname":
+                    item["name"] = value
+                elif tag == "getcontenttype":
+                    item["content_type"] = value
+                elif tag == "getlastmodified":
+                    item["last_modified"] = value
+                elif tag == "getetag":
+                    item["etag"] = value.strip('"') if value else None
+                elif tag == "fileid":
+                    item["file_id"] = int(value) if value else None
+                elif tag == "favorite":
+                    item["is_favorite"] = value == "1"
+                elif tag == "permissions":
+                    item["permissions"] = value
+                elif tag == "size":
+                    # oc:size includes folder sizes
+                    item["total_size"] = int(value) if value else 0
+                else:
+                    # Store other properties as-is
+                    item[tag] = value
+
+            items.append(item)
+
+        return items
+
+    async def find_by_name(
+        self, pattern: str, scope: str = "", limit: Optional[int] = None
+    ) -> List[Dict[str, Any]]:
+        """Find files by name pattern using LIKE matching.
+
+        Args:
+            pattern: Name pattern to search for (supports % wildcard)
+            scope: Directory path to search in (empty string for user root)
+            limit: Maximum number of results to return
+
+        Returns:
+            List of matching files/directories
+
+        Examples:
+            # Find all .txt files
+            results = await find_by_name("%.txt")
+
+            # Find files starting with "report"
+            results = await find_by_name("report%")
+        """
+        where_conditions = f"""
+            <d:like>
+                <d:prop>
+                    <d:displayname/>
+                </d:prop>
+                <d:literal>{pattern}</d:literal>
+            </d:like>
+        """
+
+        return await self.search_files(
+            scope=scope, where_conditions=where_conditions, limit=limit
+        )
+
+    async def find_by_type(
+        self, mime_type: str, scope: str = "", limit: Optional[int] = None
+    ) -> List[Dict[str, Any]]:
+        """Find files by MIME type.
+
+        Args:
+            mime_type: MIME type to search for (supports % wildcard, e.g., "image/%")
+            scope: Directory path to search in (empty string for user root)
+            limit: Maximum number of results to return
+
+        Returns:
+            List of matching files
+
+        Examples:
+            # Find all images
+            results = await find_by_type("image/%")
+
+            # Find all PDFs
+            results = await find_by_type("application/pdf")
+        """
+        where_conditions = f"""
+            <d:like>
+                <d:prop>
+                    <d:getcontenttype/>
+                </d:prop>
+                <d:literal>{mime_type}</d:literal>
+            </d:like>
+        """
+
+        return await self.search_files(
+            scope=scope, where_conditions=where_conditions, limit=limit
+        )
+
+    async def list_favorites(
+        self, scope: str = "", limit: Optional[int] = None
+    ) -> List[Dict[str, Any]]:
+        """List all favorite files.
+
+        Args:
+            scope: Directory path to search in (empty string for user root)
+            limit: Maximum number of results to return
+
+        Returns:
+            List of favorite files/directories
+
+        Examples:
+            # List all favorites
+            results = await list_favorites()
+
+            # List favorites in a specific folder
+            results = await list_favorites(scope="Documents")
+        """
+        # Use REPORT method for favorites as it's more efficient
+        # But we can also use SEARCH as fallback
+        where_conditions = """
+            <d:eq>
+                <d:prop>
+                    <oc:favorite/>
+                </d:prop>
+                <d:literal>1</d:literal>
+            </d:eq>
+        """
+
+        # Request favorite property
+        properties = [
+            "displayname",
+            "getcontentlength",
+            "getcontenttype",
+            "getlastmodified",
+            "resourcetype",
+            "getetag",
+            "fileid",
+            "favorite",
+        ]
+
+        return await self.search_files(
+            scope=scope,
+            where_conditions=where_conditions,
+            properties=properties,
+            limit=limit,
+        )
@@ -2,17 +2,18 @@ import logging.config

 LOGGING_CONFIG = {
    "version": 1,
+    "disable_existing_loggers": False,
    "handlers": {
        "default": {
            "class": "logging.StreamHandler",
            "formatter": "http",
-        }
+        },
    },
    "formatters": {
        "http": {
            "format": "%(levelname)s [%(asctime)s] %(name)s - %(message)s",
            "datefmt": "%Y-%m-%d %H:%M:%S",
-        }
+        },
    },
    "loggers": {
        "": {
@@ -29,6 +30,21 @@ LOGGING_CONFIG = {
            "level": "INFO",
            "propagate": False,  # Prevent propagation to root logger
        },
+        "uvicorn": {
+            "handlers": ["default"],
+            "level": "INFO",
+            "propagate": False,
+        },
+        "uvicorn.access": {
+            "handlers": ["default"],
+            "level": "INFO",
+            "propagate": False,
+        },
+        "uvicorn.error": {
+            "handlers": ["default"],
+            "level": "INFO",
+            "propagate": False,
+        },
    },
 }

@@ -1,13 +1,13 @@
 """Controller for notes search functionality."""

-from typing import Any, Dict, List
+from typing import Any, AsyncIterable, Dict, List


 class NotesSearchController:
    """Handles notes search logic and scoring."""

-    def search_notes(
-        self, notes: List[Dict[str, Any]], query: str
+    async def search_notes(
+        self, notes: AsyncIterable[Dict[str, Any]], query: str
    ) -> List[Dict[str, Any]]:
        """
        Search notes using token-based matching with relevance ranking.
@@ -21,7 +21,7 @@ class NotesSearchController:
            return []

        # Process and score each note
-        for note in notes:
+        async for note in notes:
            title_tokens, content_tokens = self._process_note_content(note)
            score = self._calculate_score(query_tokens, title_tokens, content_tokens)

@@ -65,11 +65,14 @@ from .tables import (

 # WebDAV models
 from .webdav import (
+    CopyResourceResponse,
    CreateDirectoryResponse,
    DeleteResourceResponse,
    DirectoryListing,
    FileInfo,
+    MoveResourceResponse,
    ReadFileResponse,
+    SearchFilesResponse,
    WriteFileResponse,
 )

@@ -133,4 +136,7 @@ __all__ = [
    "WriteFileResponse",
    "CreateDirectoryResponse",
    "DeleteResourceResponse",
+    "MoveResourceResponse",
+    "CopyResourceResponse",
+    "SearchFilesResponse",
 ]
@@ -180,3 +180,71 @@ class ManageCalendarResponse(BaseResponse):
        None, description="List of calendars (for list action)"
    )
    message: str = Field(description="Success message")
+
+
+# ============= Todo/Task Models =============
+
+
+class Todo(BaseModel):
+    """Model for a CalDAV todo/task (VTODO)."""
+
+    uid: str = Field(description="Todo UID")
+    summary: str = Field(description="Todo summary/title")
+    description: str = Field(default="", description="Todo description")
+    status: str = Field(
+        default="NEEDS-ACTION",
+        description="Todo status: NEEDS-ACTION, IN-PROCESS, COMPLETED, CANCELLED",
+    )
+    priority: int = Field(
+        default=0, description="Todo priority (0=undefined, 1=highest, 9=lowest)"
+    )
+    percent_complete: int = Field(default=0, description="Percentage complete (0-100)")
+    due: Optional[str] = Field(None, description="Due date/time (ISO format)")
+    dtstart: Optional[str] = Field(None, description="Start date/time (ISO format)")
+    completed: Optional[str] = Field(
+        None, description="Completion timestamp (ISO format)"
+    )
+    categories: str = Field(default="", description="Comma-separated categories")
+    href: str = Field(default="", description="CalDAV href")
+    etag: str = Field(default="", description="ETag for versioning")
+    calendar_name: Optional[str] = Field(
+        None, description="Calendar containing this todo"
+    )
+    calendar_display_name: Optional[str] = Field(
+        None, description="Display name of calendar containing this todo"
+    )
+
+
+class ListTodosResponse(BaseResponse):
+    """Response model for listing todos."""
+
+    todos: List[Todo] = Field(description="List of todos/tasks")
+    calendar_name: Optional[str] = Field(
+        None, description="Calendar name (if filtered to one calendar)"
+    )
+    total_count: int = Field(description="Total number of todos found")
+
+
+class CreateTodoResponse(BaseResponse):
+    """Response model for todo creation."""
+
+    todo: Todo = Field(description="The created todo")
+    calendar_name: str = Field(
+        description="Name of the calendar the todo was created in"
+    )
+
+
+class UpdateTodoResponse(BaseResponse):
+    """Response model for todo updates."""
+
+    todo: Todo = Field(description="The updated todo")
+    calendar_name: str = Field(description="Name of the calendar the todo belongs to")
+
+
+class DeleteTodoResponse(StatusResponse):
+    """Response model for todo deletion."""
+
+    deleted_uid: str = Field(description="UID of the deleted todo")
+    calendar_name: str = Field(
+        description="Name of the calendar the todo was deleted from"
+    )
@@ -0,0 +1,220 @@
+"""Pydantic models for Cookbook app responses."""
+
+from typing import List, Optional, Union
+
+from pydantic import BaseModel, Field
+
+from .base import BaseResponse, IdResponse, StatusResponse
+
+
+class Nutrition(BaseModel):
+    """Nutrition information following schema.org/NutritionInformation."""
+
+    type: str = Field(
+        default="NutritionInformation",
+        alias="@type",
+        description="Schema.org object type",
+    )
+    calories: Optional[str] = Field(None, description="Calories (e.g., '650 kcal')")
+    carbohydrateContent: Optional[str] = Field(
+        None, description="Carbohydrates (e.g., '300 g')"
+    )
+    cholesterolContent: Optional[str] = Field(
+        None, description="Cholesterol (e.g., '10 g')"
+    )
+    fatContent: Optional[str] = Field(None, description="Fat (e.g., '45 g')")
+    fiberContent: Optional[str] = Field(None, description="Fiber (e.g., '50 g')")
+    proteinContent: Optional[str] = Field(None, description="Protein (e.g., '80 g')")
+    saturatedFatContent: Optional[str] = Field(
+        None, description="Saturated fat (e.g., '5 g')"
+    )
+    servingSize: Optional[str] = Field(
+        None, description="Serving size description (e.g., 'One plate')"
+    )
+    sodiumContent: Optional[str] = Field(None, description="Sodium (e.g., '10 mg')")
+    sugarContent: Optional[str] = Field(None, description="Sugar (e.g., '5 g')")
+    transFatContent: Optional[str] = Field(None, description="Trans fat (e.g., '10 g')")
+    unsaturatedFatContent: Optional[str] = Field(
+        None, description="Unsaturated fat (e.g., '40 g')"
+    )
+
+    class Config:
+        populate_by_name = True
+
+
+class RecipeStub(BaseModel):
+    """Stub of a recipe with basic information."""
+
+    id: str = Field(description="Recipe ID as string")
+    recipe_id: int = Field(description="Recipe ID as integer (deprecated)")
+    name: str = Field(description="Recipe name")
+    keywords: Optional[str] = Field(default="", description="Comma-separated keywords")
+    dateCreated: str = Field(description="Creation date (ISO8601)")
+    dateModified: Optional[str] = Field(
+        None, description="Last modified date (ISO8601)"
+    )
+    imageUrl: str = Field(default="", description="URL of the recipe image")
+    imagePlaceholderUrl: str = Field(default="", description="URL of placeholder image")
+
+
+class Recipe(BaseModel):
+    """Full recipe following schema.org/Recipe specification."""
+
+    type: str = Field(default="Recipe", alias="@type", description="Schema.org type")
+    id: Optional[str] = Field(None, description="Recipe ID")
+    name: str = Field(description="Recipe name")
+    description: str = Field(default="", description="Recipe description")
+    url: str = Field(default="", description="Original recipe URL")
+    image: str = Field(default="", description="URL of original recipe image")
+    imageUrl: Optional[str] = Field(
+        None, description="URL of the recipe image in Nextcloud"
+    )
+    imagePlaceholderUrl: Optional[str] = Field(
+        None, description="URL of placeholder image"
+    )
+    keywords: str = Field(default="", description="Comma-separated keywords")
+    dateCreated: Optional[str] = Field(None, description="Creation date (ISO8601)")
+    dateModified: Optional[str] = Field(
+        None, description="Last modified date (ISO8601)"
+    )
+    prepTime: Optional[str] = Field(None, description="Preparation time (ISO8601)")
+    cookTime: Optional[str] = Field(None, description="Cooking time (ISO8601)")
+    totalTime: Optional[str] = Field(None, description="Total time (ISO8601)")
+    recipeYield: Union[int, str] = Field(default=1, description="Number of servings")
+    recipeCategory: str = Field(default="", description="Recipe category")
+    tool: List[str] = Field(default_factory=list, description="Required tools")
+    recipeIngredient: List[str] = Field(
+        default_factory=list, description="List of ingredients"
+    )
+    recipeInstructions: List[str] = Field(
+        default_factory=list, description="Cooking instructions"
+    )
+    nutrition: Optional[Nutrition] = Field(None, description="Nutrition information")
+
+    class Config:
+        populate_by_name = True
+        extra = "allow"  # Allow additional schema.org fields
+
+
+class Category(BaseModel):
+    """A recipe category."""
+
+    name: str = Field(description="Category name")
+    recipe_count: int = Field(description="Number of recipes in category")
+
+
+class Keyword(BaseModel):
+    """A recipe keyword/tag."""
+
+    name: str = Field(description="Keyword name")
+    recipe_count: int = Field(description="Number of recipes with this keyword")
+
+
+class VisibleInfoBlocks(BaseModel):
+    """Configuration for visible information blocks in the UI."""
+
+    preparation_time: Optional[bool] = Field(
+        None, alias="preparation-time", description="Show preparation time"
+    )
+    cooking_time: Optional[bool] = Field(
+        None, alias="cooking-time", description="Show cooking time"
+    )
+    total_time: Optional[bool] = Field(
+        None, alias="total-time", description="Show total time"
+    )
+    nutrition_information: Optional[bool] = Field(
+        None, alias="nutrition-information", description="Show nutrition info"
+    )
+    tools: Optional[bool] = Field(None, description="Show tools list")
+
+    class Config:
+        populate_by_name = True
+
+
+class CookbookConfig(BaseModel):
+    """Cookbook app configuration."""
+
+    folder: Optional[str] = Field(None, description="Recipe folder path")
+    update_interval: Optional[int] = Field(
+        None, description="Auto-rescan interval in minutes"
+    )
+    print_image: Optional[bool] = Field(None, description="Print images with recipes")
+    visibleInfoBlocks: Optional[VisibleInfoBlocks] = Field(
+        None, description="Visible info blocks configuration"
+    )
+
+
+class APIVersion(BaseModel):
+    """API version information."""
+
+    epoch: int = Field(description="API epoch")
+    major: int = Field(description="Major version")
+    minor: int = Field(description="Minor version")
+
+
+class Version(BaseModel):
+    """Version information for Cookbook app and API."""
+
+    cookbook_version: List[int] = Field(description="Cookbook app version")
+    api_version: APIVersion = Field(description="API version")
+
+
+# Response models for MCP tools
+
+
+class ImportRecipeResponse(BaseResponse):
+    """Response model for recipe import."""
+
+    recipe: Recipe = Field(description="The imported recipe")
+    recipe_id: str = Field(description="ID of the imported recipe")
+
+
+class CreateRecipeResponse(IdResponse):
+    """Response model for recipe creation."""
+
+    pass
+
+
+class UpdateRecipeResponse(IdResponse):
+    """Response model for recipe update."""
+
+    pass
+
+
+class DeleteRecipeResponse(StatusResponse):
+    """Response model for recipe deletion."""
+
+    deleted_id: int = Field(description="ID of deleted recipe")
+
+
+class ListRecipesResponse(BaseResponse):
+    """Response model for listing recipes."""
+
+    recipes: List[RecipeStub] = Field(description="List of recipe stubs")
+    total_count: int = Field(description="Total number of recipes")
+
+
+class SearchRecipesResponse(BaseResponse):
+    """Response model for recipe search."""
+
+    recipes: List[RecipeStub] = Field(description="Matching recipes")
+    query: str = Field(description="Search query used")
+    total_found: int = Field(description="Number of recipes found")
+
+
+class ListCategoriesResponse(BaseResponse):
+    """Response model for listing categories."""
+
+    categories: List[Category] = Field(description="List of categories")
+
+
+class ListKeywordsResponse(BaseResponse):
+    """Response model for listing keywords."""
+
+    keywords: List[Keyword] = Field(description="List of keywords")
+
+
+class ReindexResponse(StatusResponse):
+    """Response model for reindex operation."""
+
+    pass
@@ -1,4 +1,5 @@
 from typing import Any, Dict, List, Optional, Union
+
 from pydantic import BaseModel, ConfigDict, Field


@@ -22,6 +22,8 @@ class FileInfo(BaseModel):
        None, description="Last modification time (ISO format)"
    )
    etag: Optional[str] = Field(None, description="ETag for versioning")
+    file_id: Optional[int] = Field(None, description="Nextcloud file ID")
+    is_favorite: Optional[bool] = Field(None, description="Whether file is favorited")

    @property
    def last_modified_datetime(self) -> Optional[datetime]:
@@ -106,3 +108,14 @@ class CopyResourceResponse(StatusResponse):
    overwrite: bool = Field(
        description="Whether the destination was overwritten if it existed"
    )
+
+
+class SearchFilesResponse(BaseResponse):
+    """Response model for WebDAV search operations."""
+
+    results: List[FileInfo] = Field(description="Search results")
+    total_found: int = Field(description="Total number of files found")
+    scope: str = Field(description="The scope/path that was searched")
+    filters_applied: Optional[dict] = Field(
+        None, description="Filters that were applied to the search"
+    )
@@ -1,5 +1,6 @@
 from .calendar import configure_calendar_tools
 from .contacts import configure_contacts_tools
+from .cookbook import configure_cookbook_tools
 from .deck import configure_deck_tools
 from .notes import configure_notes_tools
 from .sharing import configure_sharing_tools
@@ -9,6 +10,7 @@ from .webdav import configure_webdav_tools
 __all__ = [
    "configure_calendar_tools",
    "configure_contacts_tools",
+    "configure_cookbook_tools",
    "configure_deck_tools",
    "configure_notes_tools",
    "configure_sharing_tools",
@@ -5,7 +5,12 @@ from typing import Optional
 from mcp.server.fastmcp import Context, FastMCP

 from nextcloud_mcp_server.context import get_client
-from nextcloud_mcp_server.models.calendar import Calendar, ListCalendarsResponse
+from nextcloud_mcp_server.models.calendar import (
+    Calendar,
+    ListCalendarsResponse,
+    ListTodosResponse,
+    Todo,
+)

 logger = logging.getLogger(__name__)

@@ -796,3 +801,209 @@ def configure_calendar_tools(mcp: FastMCP):

        else:
            raise ValueError("Action must be 'create', 'delete', 'update', or 'list'")
+
+    # ============= Todo/Task Tools =============
+
+    @mcp.tool()
+    async def nc_calendar_list_todos(
+        calendar_name: str,
+        ctx: Context,
+        status: Optional[str] = None,
+        min_priority: Optional[int] = None,
+        categories: Optional[str] = None,
+        summary_contains: Optional[str] = None,
+    ) -> ListTodosResponse:
+        """List todos/tasks in a calendar with optional filtering.
+
+        Args:
+            calendar_name: Name of the calendar to list todos from
+            ctx: MCP context
+            status: Filter by status (NEEDS-ACTION, IN-PROCESS, COMPLETED, CANCELLED)
+            min_priority: Filter by minimum priority (1=highest, 9=lowest)
+            categories: Filter by categories (comma-separated, e.g., "work,urgent")
+            summary_contains: Filter todos where summary contains this text
+
+        Returns:
+            List of todos matching the filters
+        """
+        client = get_client(ctx)
+
+        # Build filters dictionary
+        filters = {}
+        if status is not None:
+            filters["status"] = status
+        if min_priority is not None:
+            filters["min_priority"] = min_priority
+        if categories is not None:
+            filters["categories"] = [cat.strip() for cat in categories.split(",")]
+        if summary_contains is not None:
+            filters["summary_contains"] = summary_contains
+
+        todos_data = await client.calendar.list_todos(
+            calendar_name, filters if filters else None
+        )
+
+        todos = [Todo(**todo_data) for todo_data in todos_data]
+        return ListTodosResponse(
+            todos=todos, calendar_name=calendar_name, total_count=len(todos)
+        )
+
+    @mcp.tool()
+    async def nc_calendar_create_todo(
+        calendar_name: str,
+        summary: str,
+        ctx: Context,
+        description: str = "",
+        status: str = "NEEDS-ACTION",
+        priority: int = 0,
+        due: str = "",
+        dtstart: str = "",
+        categories: str = "",
+    ):
+        """Create a new todo/task in a calendar.
+
+        Args:
+            calendar_name: Name of the calendar to create the todo in
+            summary: Todo title/summary
+            ctx: MCP context
+            description: Detailed description of the todo
+            status: Todo status (NEEDS-ACTION, IN-PROCESS, COMPLETED, CANCELLED)
+            priority: Priority (0=undefined, 1=highest, 9=lowest)
+            due: Due date/time (ISO format, e.g., "2025-01-15T14:00:00")
+            dtstart: Start date/time (ISO format)
+            categories: Comma-separated categories (e.g., "work,urgent")
+
+        Returns:
+            Dict with todo creation result
+        """
+        client = get_client(ctx)
+
+        todo_data = {
+            "summary": summary,
+            "description": description,
+            "status": status,
+            "priority": priority,
+            "due": due,
+            "dtstart": dtstart,
+            "categories": categories,
+        }
+
+        return await client.calendar.create_todo(calendar_name, todo_data)
+
+    @mcp.tool()
+    async def nc_calendar_update_todo(
+        calendar_name: str,
+        todo_uid: str,
+        ctx: Context,
+        summary: Optional[str] = None,
+        description: Optional[str] = None,
+        status: Optional[str] = None,
+        priority: Optional[int] = None,
+        percent_complete: Optional[int] = None,
+        due: Optional[str] = None,
+        dtstart: Optional[str] = None,
+        completed: Optional[str] = None,
+        categories: Optional[str] = None,
+    ):
+        """Update an existing todo/task.
+
+        Args:
+            calendar_name: Name of the calendar containing the todo
+            todo_uid: UID of the todo to update
+            ctx: MCP context
+            summary: New summary/title
+            description: New description
+            status: New status (NEEDS-ACTION, IN-PROCESS, COMPLETED, CANCELLED)
+            priority: New priority (0-9)
+            percent_complete: New completion percentage (0-100)
+            due: New due date/time (ISO format)
+            dtstart: New start date/time (ISO format)
+            completed: Completion timestamp (ISO format)
+            categories: New categories (comma-separated)
+
+        Returns:
+            Dict with todo update result
+        """
+        client = get_client(ctx)
+
+        # Build update data with only non-None values
+        todo_data = {}
+        if summary is not None:
+            todo_data["summary"] = summary
+        if description is not None:
+            todo_data["description"] = description
+        if status is not None:
+            todo_data["status"] = status
+        if priority is not None:
+            todo_data["priority"] = priority
+        if percent_complete is not None:
+            todo_data["percent_complete"] = percent_complete
+        if due is not None:
+            todo_data["due"] = due
+        if dtstart is not None:
+            todo_data["dtstart"] = dtstart
+        if completed is not None:
+            todo_data["completed"] = completed
+        if categories is not None:
+            todo_data["categories"] = categories
+
+        return await client.calendar.update_todo(calendar_name, todo_uid, todo_data)
+
+    @mcp.tool()
+    async def nc_calendar_delete_todo(
+        calendar_name: str,
+        todo_uid: str,
+        ctx: Context,
+    ):
+        """Delete a todo/task from a calendar.
+
+        Args:
+            calendar_name: Name of the calendar containing the todo
+            todo_uid: UID of the todo to delete
+            ctx: MCP context
+
+        Returns:
+            Dict with deletion status
+        """
+        client = get_client(ctx)
+        return await client.calendar.delete_todo(calendar_name, todo_uid)
+
+    @mcp.tool()
+    async def nc_calendar_search_todos(
+        ctx: Context,
+        status: Optional[str] = None,
+        min_priority: Optional[int] = None,
+        categories: Optional[str] = None,
+        summary_contains: Optional[str] = None,
+    ):
+        """Search todos across all calendars with optional filtering.
+
+        Args:
+            ctx: MCP context
+            status: Filter by status (NEEDS-ACTION, IN-PROCESS, COMPLETED, CANCELLED)
+            min_priority: Filter by minimum priority (1=highest, 9=lowest)
+            categories: Filter by categories (comma-separated, e.g., "work,urgent")
+            summary_contains: Filter todos where summary contains this text
+
+        Returns:
+            List of todos matching the filters from all calendars
+        """
+        client = get_client(ctx)
+
+        # Build filters dictionary
+        filters = {}
+        if status is not None:
+            filters["status"] = status
+        if min_priority is not None:
+            filters["min_priority"] = min_priority
+        if categories is not None:
+            filters["categories"] = [cat.strip() for cat in categories.split(",")]
+        if summary_contains is not None:
+            filters["summary_contains"] = summary_contains
+
+        todos_data = await client.calendar.search_todos_across_calendars(
+            filters if filters else None
+        )
+
+        todos = [Todo(**todo_data) for todo_data in todos_data]
+        return ListTodosResponse(todos=todos, total_count=len(todos))
@@ -0,0 +1,594 @@
+import logging
+
+from httpx import HTTPStatusError, RequestError
+from mcp.server.fastmcp import Context, FastMCP
+from mcp.shared.exceptions import McpError
+from mcp.types import ErrorData
+
+from nextcloud_mcp_server.context import get_client
+from nextcloud_mcp_server.models.cookbook import (
+    Category,
+    CookbookConfig,
+    CreateRecipeResponse,
+    DeleteRecipeResponse,
+    ImportRecipeResponse,
+    Keyword,
+    ListCategoriesResponse,
+    ListKeywordsResponse,
+    ListRecipesResponse,
+    Recipe,
+    RecipeStub,
+    ReindexResponse,
+    SearchRecipesResponse,
+    UpdateRecipeResponse,
+    Version,
+)
+
+logger = logging.getLogger(__name__)
+
+
+def configure_cookbook_tools(mcp: FastMCP):
+    @mcp.resource("cookbook://version")
+    async def cookbook_get_version():
+        """Get the Cookbook app and API version"""
+        ctx: Context = mcp.get_context()
+        client = get_client(ctx)
+        version_data = await client.cookbook.get_version()
+        return Version(**version_data)
+
+    @mcp.resource("cookbook://config")
+    async def cookbook_get_config():
+        """Get the Cookbook app configuration"""
+        ctx: Context = mcp.get_context()
+        client = get_client(ctx)
+        config_data = await client.cookbook.get_config()
+        return CookbookConfig(**config_data)
+
+    @mcp.resource("nc://Cookbook/{recipe_id}")
+    async def nc_cookbook_get_recipe_resource(recipe_id: int):
+        """Get a recipe by ID using resource URI"""
+        ctx: Context = mcp.get_context()
+        client = get_client(ctx)
+        try:
+            recipe_data = await client.cookbook.get_recipe(recipe_id)
+            return Recipe(**recipe_data)
+        except HTTPStatusError as e:
+            if e.response.status_code == 404:
+                raise McpError(
+                    ErrorData(code=-1, message=f"Recipe {recipe_id} not found")
+                )
+            elif e.response.status_code == 403:
+                raise McpError(
+                    ErrorData(code=-1, message=f"Access denied to recipe {recipe_id}")
+                )
+            else:
+                raise McpError(
+                    ErrorData(
+                        code=-1,
+                        message=f"Failed to retrieve recipe {recipe_id}: {e.response.reason_phrase}",
+                    )
+                )
+
+    @mcp.tool()
+    async def nc_cookbook_import_recipe(url: str, ctx: Context) -> ImportRecipeResponse:
+        """Import a recipe from a URL using schema.org metadata.
+
+        This extracts recipe data from websites that use schema.org Recipe markup.
+        Many popular recipe sites support this standard."""
+        client = get_client(ctx)
+        try:
+            recipe_data = await client.cookbook.import_recipe(url)
+            recipe = Recipe(**recipe_data)
+            return ImportRecipeResponse(
+                recipe=recipe,
+                recipe_id=recipe.id or "unknown",
+            )
+        except RequestError as e:
+            # RequestError can have empty str() - get details from exception attributes
+            error_detail = (
+                str(e)
+                or f"{type(e).__name__}: {getattr(e, '__cause__', 'unknown cause')}"
+            )
+            raise McpError(
+                ErrorData(
+                    code=-1,
+                    message=f"Network error importing recipe from {url}: {error_detail}",
+                )
+            )
+        except HTTPStatusError as e:
+            if e.response.status_code == 400:
+                raise McpError(
+                    ErrorData(
+                        code=-1,
+                        message=f"Invalid URL or missing 'url' field: {url}",
+                    )
+                )
+            elif e.response.status_code == 409:
+                raise McpError(
+                    ErrorData(
+                        code=-1,
+                        message="A recipe with this name already exists. Import aborted.",
+                    )
+                )
+            elif e.response.status_code == 403:
+                raise McpError(
+                    ErrorData(
+                        code=-1,
+                        message="Access denied: insufficient permissions to import recipes",
+                    )
+                )
+            else:
+                raise McpError(
+                    ErrorData(
+                        code=-1,
+                        message=f"Failed to import recipe from {url}: server error ({e.response.status_code})",
+                    )
+                )
+
+    @mcp.tool()
+    async def nc_cookbook_list_recipes(ctx: Context) -> ListRecipesResponse:
+        """Get all recipes in the database"""
+        client = get_client(ctx)
+        try:
+            recipes_data = await client.cookbook.list_recipes()
+            recipes = [RecipeStub(**r) for r in recipes_data]
+            return ListRecipesResponse(recipes=recipes, total_count=len(recipes))
+        except HTTPStatusError as e:
+            if e.response.status_code == 403:
+                raise McpError(
+                    ErrorData(
+                        code=-1,
+                        message="Access denied: insufficient permissions to list recipes",
+                    )
+                )
+            else:
+                raise McpError(
+                    ErrorData(
+                        code=-1,
+                        message=f"Failed to list recipes: server error ({e.response.status_code})",
+                    )
+                )
+
+    @mcp.tool()
+    async def nc_cookbook_get_recipe(recipe_id: int, ctx: Context) -> Recipe:
+        """Get a specific recipe by its ID"""
+        client = get_client(ctx)
+        try:
+            recipe_data = await client.cookbook.get_recipe(recipe_id)
+            return Recipe(**recipe_data)
+        except HTTPStatusError as e:
+            if e.response.status_code == 404:
+                raise McpError(
+                    ErrorData(code=-1, message=f"Recipe {recipe_id} not found")
+                )
+            elif e.response.status_code == 403:
+                raise McpError(
+                    ErrorData(code=-1, message=f"Access denied to recipe {recipe_id}")
+                )
+            else:
+                raise McpError(
+                    ErrorData(
+                        code=-1,
+                        message=f"Failed to retrieve recipe {recipe_id}: {e.response.reason_phrase}",
+                    )
+                )
+
+    @mcp.tool()
+    async def nc_cookbook_create_recipe(
+        name: str,
+        description: str | None = None,
+        ingredients: list[str] | None = None,
+        instructions: list[str] | None = None,
+        url: str | None = None,
+        prep_time: str | None = None,
+        cook_time: str | None = None,
+        total_time: str | None = None,
+        recipe_yield: int | None = None,
+        category: str | None = None,
+        keywords: str | None = None,
+        ctx: Context = None,
+    ) -> CreateRecipeResponse:
+        """Create a new recipe.
+
+        Required: name
+        Optional: All other recipe fields following schema.org/Recipe format.
+
+        Times should be in ISO8601 duration format (e.g., 'PT30M' for 30 minutes)."""
+        client = get_client(ctx)
+
+        recipe_data = {"name": name}
+        if description:
+            recipe_data["description"] = description
+        if ingredients:
+            recipe_data["recipeIngredient"] = ingredients
+        if instructions:
+            recipe_data["recipeInstructions"] = instructions
+        if url:
+            recipe_data["url"] = url
+        if prep_time:
+            recipe_data["prepTime"] = prep_time
+        if cook_time:
+            recipe_data["cookTime"] = cook_time
+        if total_time:
+            recipe_data["totalTime"] = total_time
+        if recipe_yield:
+            recipe_data["recipeYield"] = recipe_yield
+        if category:
+            recipe_data["recipeCategory"] = category
+        if keywords:
+            recipe_data["keywords"] = keywords
+
+        try:
+            recipe_id = await client.cookbook.create_recipe(recipe_data)
+            return CreateRecipeResponse(id=recipe_id)
+        except HTTPStatusError as e:
+            if e.response.status_code == 409:
+                raise McpError(
+                    ErrorData(
+                        code=-1,
+                        message=f"A recipe with name '{name}' already exists",
+                    )
+                )
+            elif e.response.status_code == 422:
+                raise McpError(
+                    ErrorData(
+                        code=-1,
+                        message="Recipe name is required and cannot be empty",
+                    )
+                )
+            elif e.response.status_code == 403:
+                raise McpError(
+                    ErrorData(
+                        code=-1,
+                        message="Access denied: insufficient permissions to create recipes",
+                    )
+                )
+            else:
+                raise McpError(
+                    ErrorData(
+                        code=-1,
+                        message=f"Failed to create recipe: server error ({e.response.status_code})",
+                    )
+                )
+
+    @mcp.tool()
+    async def nc_cookbook_update_recipe(
+        recipe_id: int,
+        name: str | None = None,
+        description: str | None = None,
+        ingredients: list[str] | None = None,
+        instructions: list[str] | None = None,
+        url: str | None = None,
+        prep_time: str | None = None,
+        cook_time: str | None = None,
+        total_time: str | None = None,
+        recipe_yield: int | None = None,
+        category: str | None = None,
+        keywords: str | None = None,
+        ctx: Context = None,
+    ) -> UpdateRecipeResponse:
+        """Update an existing recipe.
+
+        Provide only the fields you want to update. Unspecified fields remain unchanged."""
+        client = get_client(ctx)
+
+        # First get the current recipe
+        try:
+            current_recipe = await client.cookbook.get_recipe(recipe_id)
+        except HTTPStatusError as e:
+            if e.response.status_code == 404:
+                raise McpError(
+                    ErrorData(code=-1, message=f"Recipe {recipe_id} not found")
+                )
+            else:
+                raise McpError(
+                    ErrorData(
+                        code=-1,
+                        message=f"Failed to fetch recipe {recipe_id}: {e.response.reason_phrase}",
+                    )
+                )
+
+        # Update only specified fields
+        recipe_data = current_recipe.copy()
+        if name is not None:
+            recipe_data["name"] = name
+        if description is not None:
+            recipe_data["description"] = description
+        if ingredients is not None:
+            recipe_data["recipeIngredient"] = ingredients
+        if instructions is not None:
+            recipe_data["recipeInstructions"] = instructions
+        if url is not None:
+            recipe_data["url"] = url
+        if prep_time is not None:
+            recipe_data["prepTime"] = prep_time
+        if cook_time is not None:
+            recipe_data["cookTime"] = cook_time
+        if total_time is not None:
+            recipe_data["totalTime"] = total_time
+        if recipe_yield is not None:
+            recipe_data["recipeYield"] = recipe_yield
+        if category is not None:
+            recipe_data["recipeCategory"] = category
+        if keywords is not None:
+            recipe_data["keywords"] = keywords
+
+        try:
+            updated_id = await client.cookbook.update_recipe(recipe_id, recipe_data)
+            return UpdateRecipeResponse(id=updated_id)
+        except HTTPStatusError as e:
+            if e.response.status_code == 422:
+                raise McpError(
+                    ErrorData(
+                        code=-1,
+                        message="Recipe name is required and cannot be empty",
+                    )
+                )
+            elif e.response.status_code == 403:
+                raise McpError(
+                    ErrorData(
+                        code=-1,
+                        message=f"Access denied: insufficient permissions to update recipe {recipe_id}",
+                    )
+                )
+            else:
+                raise McpError(
+                    ErrorData(
+                        code=-1,
+                        message=f"Failed to update recipe {recipe_id}: server error ({e.response.status_code})",
+                    )
+                )
+
+    @mcp.tool()
+    async def nc_cookbook_delete_recipe(
+        recipe_id: int, ctx: Context
+    ) -> DeleteRecipeResponse:
+        """Delete a recipe permanently"""
+        logger.info("Deleting recipe %s", recipe_id)
+        client = get_client(ctx)
+        try:
+            message = await client.cookbook.delete_recipe(recipe_id)
+            return DeleteRecipeResponse(
+                status_code=200,
+                message=message,
+                deleted_id=recipe_id,
+            )
+        except HTTPStatusError as e:
+            if e.response.status_code == 404:
+                raise McpError(
+                    ErrorData(code=-1, message=f"Recipe {recipe_id} not found")
+                )
+            elif e.response.status_code == 403:
+                raise McpError(
+                    ErrorData(
+                        code=-1,
+                        message=f"Access denied: insufficient permissions to delete recipe {recipe_id}",
+                    )
+                )
+            else:
+                raise McpError(
+                    ErrorData(
+                        code=-1,
+                        message=f"Failed to delete recipe {recipe_id}: server error ({e.response.status_code})",
+                    )
+                )
+
+    @mcp.tool()
+    async def nc_cookbook_search_recipes(
+        query: str, ctx: Context
+    ) -> SearchRecipesResponse:
+        """Search for recipes by keywords, tags, and categories"""
+        client = get_client(ctx)
+        try:
+            recipes_data = await client.cookbook.search_recipes(query)
+            recipes = [RecipeStub(**r) for r in recipes_data]
+            return SearchRecipesResponse(
+                recipes=recipes, query=query, total_found=len(recipes)
+            )
+        except HTTPStatusError as e:
+            if e.response.status_code == 403:
+                raise McpError(
+                    ErrorData(
+                        code=-1,
+                        message="Access denied: insufficient permissions to search recipes",
+                    )
+                )
+            elif e.response.status_code == 500:
+                raise McpError(
+                    ErrorData(
+                        code=-1,
+                        message="Search failed: server error",
+                    )
+                )
+            else:
+                raise McpError(
+                    ErrorData(
+                        code=-1,
+                        message=f"Search failed: server error ({e.response.status_code})",
+                    )
+                )
+
+    @mcp.tool()
+    async def nc_cookbook_list_categories(ctx: Context) -> ListCategoriesResponse:
+        """Get all known categories.
+
+        Note: A category name of '*' indicates recipes with no category."""
+        client = get_client(ctx)
+        try:
+            categories_data = await client.cookbook.list_categories()
+            categories = [Category(**c) for c in categories_data]
+            return ListCategoriesResponse(categories=categories)
+        except HTTPStatusError as e:
+            if e.response.status_code == 403:
+                raise McpError(
+                    ErrorData(
+                        code=-1,
+                        message="Access denied: insufficient permissions to list categories",
+                    )
+                )
+            else:
+                raise McpError(
+                    ErrorData(
+                        code=-1,
+                        message=f"Failed to list categories: server error ({e.response.status_code})",
+                    )
+                )
+
+    @mcp.tool()
+    async def nc_cookbook_get_recipes_in_category(
+        category: str, ctx: Context
+    ) -> ListRecipesResponse:
+        """Get all recipes in a specific category.
+
+        Use '_' as the category name to get recipes with no category."""
+        client = get_client(ctx)
+        try:
+            recipes_data = await client.cookbook.get_recipes_in_category(category)
+            recipes = [RecipeStub(**r) for r in recipes_data]
+            return ListRecipesResponse(recipes=recipes, total_count=len(recipes))
+        except HTTPStatusError as e:
+            if e.response.status_code == 403:
+                raise McpError(
+                    ErrorData(
+                        code=-1,
+                        message="Access denied: insufficient permissions to access recipes",
+                    )
+                )
+            elif e.response.status_code == 500:
+                raise McpError(
+                    ErrorData(
+                        code=-1,
+                        message=f"Could not find category '{category}'",
+                    )
+                )
+            else:
+                raise McpError(
+                    ErrorData(
+                        code=-1,
+                        message=f"Failed to get recipes in category: server error ({e.response.status_code})",
+                    )
+                )
+
+    @mcp.tool()
+    async def nc_cookbook_list_keywords(ctx: Context) -> ListKeywordsResponse:
+        """Get all known keywords/tags"""
+        client = get_client(ctx)
+        try:
+            keywords_data = await client.cookbook.list_keywords()
+            keywords = [Keyword(**k) for k in keywords_data]
+            return ListKeywordsResponse(keywords=keywords)
+        except HTTPStatusError as e:
+            if e.response.status_code == 403:
+                raise McpError(
+                    ErrorData(
+                        code=-1,
+                        message="Access denied: insufficient permissions to list keywords",
+                    )
+                )
+            else:
+                raise McpError(
+                    ErrorData(
+                        code=-1,
+                        message=f"Failed to list keywords: server error ({e.response.status_code})",
+                    )
+                )
+
+    @mcp.tool()
+    async def nc_cookbook_get_recipes_with_keywords(
+        keywords: list[str], ctx: Context
+    ) -> ListRecipesResponse:
+        """Get all recipes that have specific keywords/tags"""
+        client = get_client(ctx)
+        try:
+            recipes_data = await client.cookbook.get_recipes_with_keywords(keywords)
+            recipes = [RecipeStub(**r) for r in recipes_data]
+            return ListRecipesResponse(recipes=recipes, total_count=len(recipes))
+        except HTTPStatusError as e:
+            if e.response.status_code == 403:
+                raise McpError(
+                    ErrorData(
+                        code=-1,
+                        message="Access denied: insufficient permissions to access recipes",
+                    )
+                )
+            elif e.response.status_code == 500:
+                raise McpError(
+                    ErrorData(
+                        code=-1,
+                        message="Failed to get recipes with keywords: server error",
+                    )
+                )
+            else:
+                raise McpError(
+                    ErrorData(
+                        code=-1,
+                        message=f"Failed to get recipes with keywords: server error ({e.response.status_code})",
+                    )
+                )
+
+    @mcp.tool()
+    async def nc_cookbook_set_config(
+        folder: str | None = None,
+        update_interval: int | None = None,
+        print_image: bool | None = None,
+        ctx: Context = None,
+    ) -> ReindexResponse:
+        """Set Cookbook app configuration.
+
+        Args:
+            folder: Recipe folder path in user's files
+            update_interval: Automatic rescan interval in minutes
+            print_image: Whether to print images with recipes"""
+        client = get_client(ctx)
+
+        config_data = {}
+        if folder is not None:
+            config_data["folder"] = folder
+        if update_interval is not None:
+            config_data["update_interval"] = update_interval
+        if print_image is not None:
+            config_data["print_image"] = print_image
+
+        try:
+            result = await client.cookbook.set_config(config_data)
+            return ReindexResponse(status_code=200, message=str(result))
+        except HTTPStatusError as e:
+            if e.response.status_code == 403:
+                raise McpError(
+                    ErrorData(
+                        code=-1,
+                        message="Access denied: insufficient permissions to set configuration",
+                    )
+                )
+            else:
+                raise McpError(
+                    ErrorData(
+                        code=-1,
+                        message=f"Failed to set configuration: server error ({e.response.status_code})",
+                    )
+                )
+
+    @mcp.tool()
+    async def nc_cookbook_reindex(ctx: Context) -> ReindexResponse:
+        """Trigger a rescan of all recipes into the caching database.
+
+        This rebuilds the search index and should be used after manual file changes."""
+        client = get_client(ctx)
+        try:
+            message = await client.cookbook.reindex()
+            return ReindexResponse(status_code=200, message=message)
+        except HTTPStatusError as e:
+            if e.response.status_code == 403:
+                raise McpError(
+                    ErrorData(
+                        code=-1,
+                        message="Access denied: insufficient permissions to reindex",
+                    )
+                )
+            else:
+                raise McpError(
+                    ErrorData(
+                        code=-1,
+                        message=f"Failed to reindex: server error ({e.response.status_code})",
+                    )
+                )
@@ -1,6 +1,6 @@
 import logging

-from httpx import HTTPStatusError
+from httpx import HTTPStatusError, RequestError
 from mcp.server.fastmcp import Context, FastMCP
 from mcp.shared.exceptions import McpError
 from mcp.types import ErrorData
@@ -61,6 +61,13 @@ def configure_notes_tools(mcp: FastMCP):
        try:
            note_data = await client.notes.get_note(note_id)
            return Note(**note_data)
+        except RequestError as e:
+            raise McpError(
+                ErrorData(
+                    code=-1,
+                    message=f"Network error retrieving note {note_id}: {str(e)}",
+                )
+            )
        except HTTPStatusError as e:
            if e.response.status_code == 404:
                raise McpError(ErrorData(code=-1, message=f"Note {note_id} not found"))
@@ -92,6 +99,10 @@ def configure_notes_tools(mcp: FastMCP):
            return CreateNoteResponse(
                id=note.id, title=note.title, category=note.category, etag=note.etag
            )
+        except RequestError as e:
+            raise McpError(
+                ErrorData(code=-1, message=f"Network error creating note: {str(e)}")
+            )
        except HTTPStatusError as e:
            if e.response.status_code == 403:
                raise McpError(
@@ -146,6 +157,12 @@ def configure_notes_tools(mcp: FastMCP):
            return UpdateNoteResponse(
                id=note.id, title=note.title, category=note.category, etag=note.etag
            )
+        except RequestError as e:
+            raise McpError(
+                ErrorData(
+                    code=-1, message=f"Network error updating note {note_id}: {str(e)}"
+                )
+            )
        except HTTPStatusError as e:
            if e.response.status_code == 404:
                raise McpError(ErrorData(code=-1, message=f"Note {note_id} not found"))
@@ -192,6 +209,13 @@ def configure_notes_tools(mcp: FastMCP):
            return AppendContentResponse(
                id=note.id, title=note.title, category=note.category, etag=note.etag
            )
+        except RequestError as e:
+            raise McpError(
+                ErrorData(
+                    code=-1,
+                    message=f"Network error appending to note {note_id}: {str(e)}",
+                )
+            )
        except HTTPStatusError as e:
            if e.response.status_code == 404:
                raise McpError(ErrorData(code=-1, message=f"Note {note_id} not found"))
@@ -238,6 +262,10 @@ def configure_notes_tools(mcp: FastMCP):
            return SearchNotesResponse(
                results=results, query=query, total_found=len(results)
            )
+        except RequestError as e:
+            raise McpError(
+                ErrorData(code=-1, message=f"Network error searching notes: {str(e)}")
+            )
        except HTTPStatusError as e:
            if e.response.status_code == 403:
                raise McpError(
@@ -265,6 +293,12 @@ def configure_notes_tools(mcp: FastMCP):
        try:
            note_data = await client.notes.get_note(note_id)
            return Note(**note_data)
+        except RequestError as e:
+            raise McpError(
+                ErrorData(
+                    code=-1, message=f"Network error getting note {note_id}: {str(e)}"
+                )
+            )
        except HTTPStatusError as e:
            if e.response.status_code == 404:
                raise McpError(ErrorData(code=-1, message=f"Note {note_id} not found"))
@@ -295,6 +329,13 @@ def configure_notes_tools(mcp: FastMCP):
                "mimeType": mime_type,
                "data": content,
            }
+        except RequestError as e:
+            raise McpError(
+                ErrorData(
+                    code=-1,
+                    message=f"Network error getting attachment {attachment_filename} for note {note_id}: {str(e)}",
+                )
+            )
        except HTTPStatusError as e:
            if e.response.status_code == 404:
                raise McpError(
@@ -330,6 +371,12 @@ def configure_notes_tools(mcp: FastMCP):
                message=f"Note {note_id} deleted successfully",
                deleted_id=note_id,
            )
+        except RequestError as e:
+            raise McpError(
+                ErrorData(
+                    code=-1, message=f"Network error deleting note {note_id}: {str(e)}"
+                )
+            )
        except HTTPStatusError as e:
            if e.response.status_code == 404:
                raise McpError(ErrorData(code=-1, message=f"Note {note_id} not found"))
@@ -2,9 +2,10 @@

 import json

-from nextcloud_mcp_server.context import get_client
 from mcp.server.fastmcp import Context, FastMCP

+from nextcloud_mcp_server.context import get_client
+

 def configure_sharing_tools(mcp: FastMCP):
    """Configure sharing-related MCP tools.
@@ -3,6 +3,7 @@ import logging
 from mcp.server.fastmcp import Context, FastMCP

 from nextcloud_mcp_server.context import get_client
+from nextcloud_mcp_server.models import FileInfo, SearchFilesResponse

 logger = logging.getLogger(__name__)

@@ -18,13 +19,6 @@ def configure_webdav_tools(mcp: FastMCP):

        Returns:
            List of items with metadata including name, path, is_directory, size, content_type, last_modified
-
-        Examples:
-            # List root directory
-            await nc_webdav_list_directory("")
-
-            # List a specific folder
-            await nc_webdav_list_directory("Documents/Projects")
        """
        client = get_client(ctx)
        return await client.webdav.list_directory(path)
@@ -39,15 +33,6 @@ def configure_webdav_tools(mcp: FastMCP):
        Returns:
            Dict with path, content, content_type, size, and encoding (if binary)
            Text files are decoded to UTF-8, binary files are base64 encoded
-
-        Examples:
-            # Read a text file
-            result = await nc_webdav_read_file("Documents/readme.txt")
-            logger.info(result['content'])  # Decoded text content
-
-            # Read a binary file
-            result = await nc_webdav_read_file("Images/photo.jpg")
-            logger.info(result['encoding'])  # 'base64'
        """
        client = get_client(ctx)
        content, content_type = await client.webdav.read_file(path)
@@ -89,13 +74,6 @@ def configure_webdav_tools(mcp: FastMCP):

        Returns:
            Dict with status_code indicating success
-
-        Examples:
-            # Write a text file
-            await nc_webdav_write_file("Documents/notes.md", "# My Notes\nContent here...")
-
-            # Write binary data (base64 encoded)
-            await nc_webdav_write_file("files/data.bin", base64_content, "application/octet-stream;base64")
        """
        client = get_client(ctx)

@@ -119,13 +97,6 @@ def configure_webdav_tools(mcp: FastMCP):

        Returns:
            Dict with status_code (201 for created, 405 if already exists)
-
-        Examples:
-            # Create a single directory
-            await nc_webdav_create_directory("NewProject")
-
-            # Create nested directories (parent must exist)
-            await nc_webdav_create_directory("Projects/MyApp/docs")
        """
        client = get_client(ctx)
        return await client.webdav.create_directory(path)
@@ -139,13 +110,6 @@ def configure_webdav_tools(mcp: FastMCP):

        Returns:
            Dict with status_code indicating result (404 if not found)
-
-        Examples:
-            # Delete a file
-            await nc_webdav_delete_resource("old_document.txt")
-
-            # Delete a directory (will delete all contents)
-            await nc_webdav_delete_resource("temp_folder")
        """
        client = get_client(ctx)
        return await client.webdav.delete_resource(path)
@@ -163,19 +127,6 @@ def configure_webdav_tools(mcp: FastMCP):

        Returns:
            Dict with status_code indicating result (404 if source not found, 412 if destination exists and overwrite is False)
-
-        Examples:
-            # Rename a file
-            await nc_webdav_move_resource("document.txt", "new_name.txt")
-
-            # Move a file to another directory
-            await nc_webdav_move_resource("document.txt", "Archive/document.txt")
-
-            # Move a directory
-            await nc_webdav_move_resource("Projects/OldProject", "Projects/NewProject")
-
-            # Move and overwrite if destination exists
-            await nc_webdav_move_resource("document.txt", "Archive/document.txt", overwrite=True)
        """
        client = get_client(ctx)
        return await client.webdav.move_resource(
@@ -195,21 +146,198 @@ def configure_webdav_tools(mcp: FastMCP):

        Returns:
            Dict with status_code indicating result (404 if source not found, 412 if destination exists and overwrite is False)
-
-        Examples:
-            # Copy a file
-            await nc_webdav_copy_resource("document.txt", "document_copy.txt")
-
-            # Copy a file to another directory
-            await nc_webdav_copy_resource("document.txt", "Backup/document.txt")
-
-            # Copy a directory
-            await nc_webdav_copy_resource("Projects/ProjectA", "Projects/ProjectA_Backup")
-
-            # Copy and overwrite if destination exists
-            await nc_webdav_copy_resource("document.txt", "Backup/document.txt", overwrite=True)
        """
        client = get_client(ctx)
        return await client.webdav.copy_resource(
            source_path, destination_path, overwrite
        )
+
+    @mcp.tool()
+    async def nc_webdav_search_files(
+        ctx: Context,
+        scope: str = "",
+        name_pattern: str | None = None,
+        mime_type: str | None = None,
+        only_favorites: bool = False,
+        limit: int | None = None,
+    ) -> SearchFilesResponse:
+        """Search for files in NextCloud using WebDAV SEARCH.
+
+        This is a high-level search tool that supports common search patterns.
+        For more complex queries, use the specific search tools.
+
+        Args:
+            scope: Directory path to search in (empty string for user root)
+            name_pattern: File name pattern (supports % wildcard, e.g., "%.txt" for all text files)
+            mime_type: MIME type to filter by (supports % wildcard, e.g., "image/%" for all images)
+            only_favorites: If True, only return favorited files
+            limit: Maximum number of results to return
+
+        Returns:
+            SearchFilesResponse with list of matching files
+        """
+        client = get_client(ctx)
+
+        # Build where conditions based on filters
+        conditions = []
+
+        if name_pattern:
+            conditions.append(
+                f"""
+                <d:like>
+                    <d:prop>
+                        <d:displayname/>
+                    </d:prop>
+                    <d:literal>{name_pattern}</d:literal>
+                </d:like>
+            """
+            )
+
+        if mime_type:
+            conditions.append(
+                f"""
+                <d:like>
+                    <d:prop>
+                        <d:getcontenttype/>
+                    </d:prop>
+                    <d:literal>{mime_type}</d:literal>
+                </d:like>
+            """
+            )
+
+        if only_favorites:
+            conditions.append(
+                """
+                <d:eq>
+                    <d:prop>
+                        <oc:favorite/>
+                    </d:prop>
+                    <d:literal>1</d:literal>
+                </d:eq>
+            """
+            )
+
+        # Combine conditions with AND if multiple
+        if len(conditions) > 1:
+            where_conditions = f"""
+                <d:and>
+                    {"".join(conditions)}
+                </d:and>
+            """
+        elif len(conditions) == 1:
+            where_conditions = conditions[0]
+        else:
+            where_conditions = None
+
+        # Include extended properties
+        properties = [
+            "displayname",
+            "getcontentlength",
+            "getcontenttype",
+            "getlastmodified",
+            "resourcetype",
+            "getetag",
+            "fileid",
+            "favorite",
+        ]
+
+        results = await client.webdav.search_files(
+            scope=scope,
+            where_conditions=where_conditions,
+            properties=properties,
+            limit=limit,
+        )
+
+        # Convert to FileInfo models
+        file_infos = [FileInfo(**result) for result in results]
+
+        # Build filters applied dict
+        filters = {}
+        if name_pattern:
+            filters["name_pattern"] = name_pattern
+        if mime_type:
+            filters["mime_type"] = mime_type
+        if only_favorites:
+            filters["only_favorites"] = True
+
+        return SearchFilesResponse(
+            results=file_infos,
+            total_found=len(file_infos),
+            scope=scope,
+            filters_applied=filters if filters else None,
+        )
+
+    @mcp.tool()
+    async def nc_webdav_find_by_name(
+        pattern: str, ctx: Context, scope: str = "", limit: int | None = None
+    ) -> SearchFilesResponse:
+        """Find files by name pattern in NextCloud.
+
+        Args:
+            pattern: Name pattern to search for (supports % wildcard)
+            scope: Directory path to search in (empty string for user root)
+            limit: Maximum number of results to return
+
+        Returns:
+            SearchFilesResponse with list of matching files
+        """
+        client = get_client(ctx)
+        results = await client.webdav.find_by_name(
+            pattern=pattern, scope=scope, limit=limit
+        )
+        file_infos = [FileInfo(**result) for result in results]
+        return SearchFilesResponse(
+            results=file_infos,
+            total_found=len(file_infos),
+            scope=scope,
+            filters_applied={"name_pattern": pattern},
+        )
+
+    @mcp.tool()
+    async def nc_webdav_find_by_type(
+        mime_type: str, ctx: Context, scope: str = "", limit: int | None = None
+    ) -> SearchFilesResponse:
+        """Find files by MIME type in NextCloud.
+
+        Args:
+            mime_type: MIME type to search for (supports % wildcard)
+            scope: Directory path to search in (empty string for user root)
+            limit: Maximum number of results to return
+
+        Returns:
+            SearchFilesResponse with list of matching files
+        """
+        client = get_client(ctx)
+        results = await client.webdav.find_by_type(
+            mime_type=mime_type, scope=scope, limit=limit
+        )
+        file_infos = [FileInfo(**result) for result in results]
+        return SearchFilesResponse(
+            results=file_infos,
+            total_found=len(file_infos),
+            scope=scope,
+            filters_applied={"mime_type": mime_type},
+        )
+
+    @mcp.tool()
+    async def nc_webdav_list_favorites(
+        ctx: Context, scope: str = "", limit: int | None = None
+    ) -> SearchFilesResponse:
+        """List all favorite files in NextCloud.
+
+        Args:
+            scope: Directory path to search in (empty string for all favorites)
+            limit: Maximum number of results to return
+
+        Returns:
+            SearchFilesResponse with list of favorite files
+        """
+        client = get_client(ctx)
+        results = await client.webdav.list_favorites(scope=scope, limit=limit)
+        file_infos = [FileInfo(**result) for result in results]
+        return SearchFilesResponse(
+            results=file_infos,
+            total_found=len(file_infos),
+            scope=scope,
+            filters_applied={"only_favorites": True},
+        )
@@ -1,6 +1,6 @@
 [project]
 name = "nextcloud-mcp-server"
-version = "0.14.0"
+version = "0.17.0"
 description = ""
 authors = [
    {name = "Chris Coutinho",email = "chris@coutinho.io"}
@@ -8,19 +8,19 @@ authors = [
 readme = "README.md"
 requires-python = ">=3.11"
 dependencies = [
-    "mcp[cli] (>=1.17,<1.18)",
+    "mcp[cli] (>=1.18,<1.19)",
    "httpx (>=0.28.1,<0.29.0)",
-    "pillow (>=11.2.1,<12.0.0)",
+    "pillow (>=12.0.0,<12.1.0)",
    "icalendar (>=6.0.0,<7.0.0)",
    "pythonvcard4>=0.2.0",
    "pydantic>=2.11.4",
    "click>=8.1.8",
+    "caldav",
 ]

 [tool.pytest.ini_options]
-asyncio_mode = "auto"
-asyncio_default_test_loop_scope = "session"
-asyncio_default_fixture_loop_scope = "session"
+anyio_mode = "auto"
+addopts = "-p no:asyncio"  # Disable pytest-asyncio plugin, use only anyio
 log_cli = 1
 log_cli_level = "WARN"
 log_level = "WARN"
@@ -31,6 +31,9 @@ markers = [
 testpaths = [
    "tests",
 ]
+# Timeout settings to prevent tests from hanging indefinitely
+timeout = 180  # 3 minutes default timeout per test (includes fixture setup)
+timeout_func_only = false  # Timeout includes fixture setup/teardown

 [tool.commitizen]
 name = "cz_conventional_commits"
@@ -40,6 +43,12 @@ version_provider = "uv"
 update_changelog_on_bump = true
 major_version_zero = true

+[tool.ruff.lint]
+extend-select = ["I"]
+
+[tool.uv.sources]
+caldav = { git = "https://github.com/cbcoutinho/caldav", branch = "feature/httpx" }
+
 [build-system]
 requires = ["poetry-core>=2.0.0,<3.0.0"]
 build-backend = "poetry.core.masonry.api"
@@ -50,9 +59,9 @@ dev = [
    "ipython>=9.2.0",
    "playwright>=1.49.1",
    "pytest>=8.3.5",
-    "pytest-asyncio>=1.0.0",
    "pytest-cov>=6.1.1",
    "pytest-playwright-asyncio>=0.7.1",
+    "pytest-timeout>=2.3.1",
    "ruff>=0.11.13",
 ]

@@ -0,0 +1,11 @@
+"""Shared fixtures for calendar integration tests.
+
+Note: The temporary_calendar fixture is defined in tests/conftest.py and uses
+a shared session-scoped calendar to avoid Nextcloud rate limiting issues.
+This conftest.py exists for any calendar-specific fixtures that might be needed
+in the future.
+"""
+
+import logging
+
+logger = logging.getLogger(__name__)
@@ -1,4 +1,9 @@
-"""Integration tests for Calendar CalDAV operations."""
+"""Integration tests for Calendar CalDAV operations.
+
+Note: These tests use the shared temporary_calendar fixture from conftest.py
+which reuses a session-scoped calendar to avoid Nextcloud rate limiting issues.
+Each test cleans up its own events/todos but shares the same calendar.
+"""

 import logging
 import uuid
@@ -15,50 +20,13 @@ logger = logging.getLogger(__name__)
 pytestmark = pytest.mark.integration


-@pytest.fixture
-def test_calendar_name():
-    """Unique calendar name for testing."""
-    return f"test_calendar_{uuid.uuid4().hex[:8]}"
-
-
-@pytest.fixture
-async def temporary_calendar(nc_client: NextcloudClient, test_calendar_name: str):
-    """Create a temporary calendar for testing and clean up afterward."""
-    calendar_name = test_calendar_name
-
-    try:
-        # Create a test calendar
-        logger.info(f"Creating temporary calendar: {calendar_name}")
-        result = await nc_client.calendar.create_calendar(
-            calendar_name=calendar_name,
-            display_name=f"Test Calendar {calendar_name}",
-            description="Temporary calendar for integration testing",
-            color="#FF5722",
-        )
-
-        if result["status_code"] not in [200, 201]:
-            pytest.skip(f"Failed to create temporary calendar: {result}")
-
-        logger.info(f"Created temporary calendar: {calendar_name}")
-        yield calendar_name
-
-    except Exception as e:
-        logger.error(f"Error setting up temporary calendar: {e}")
-        pytest.skip(f"Calendar setup failed: {e}")
-
-    finally:
-        # Cleanup: Delete the temporary calendar
-        try:
-            logger.info(f"Cleaning up temporary calendar: {calendar_name}")
-            await nc_client.calendar.delete_calendar(calendar_name)
-            logger.info(f"Successfully deleted temporary calendar: {calendar_name}")
-        except Exception as e:
-            logger.error(f"Error deleting temporary calendar {calendar_name}: {e}")
-
-
@pytest.fixture
 async def temporary_event(nc_client: NextcloudClient, temporary_calendar: str):
-    """Create a temporary event for testing and clean up afterward."""
+    """Create a temporary event for testing and clean up afterward.
+
+    Uses the shared temporary_calendar fixture from conftest.py which reuses
+    a session-scoped calendar to avoid Nextcloud rate limiting.
+    """
    event_uid = None
    calendar_name = temporary_calendar

@@ -351,11 +319,11 @@ async def test_get_nonexistent_event(
    calendar_name = temporary_calendar
    fake_uid = f"nonexistent-{uuid.uuid4()}"

-    with pytest.raises(HTTPStatusError) as exc_info:
+    # caldav library raises generic Exception for missing events, not HTTPStatusError
+    with pytest.raises(Exception, match="not found"):
        await nc_client.calendar.get_event(calendar_name, fake_uid)

-    assert exc_info.value.response.status_code == 404
-    logger.info(f"Correctly got 404 for nonexistent event: {fake_uid}")
+    logger.info(f"Correctly raised exception for nonexistent event: {fake_uid}")


 async def test_delete_nonexistent_event(
@@ -420,7 +388,11 @@ async def test_calendar_operations_error_handling(
    # Test with non-existent calendar
    fake_calendar = f"nonexistent_calendar_{uuid.uuid4().hex}"

-    with pytest.raises(HTTPStatusError):
-        await nc_client.calendar.get_calendar_events(fake_calendar)
+    # caldav library returns empty list for non-existent calendars, doesn't raise
+    # Testing that it doesn't crash and returns empty results
+    events = await nc_client.calendar.get_calendar_events(fake_calendar)
+    assert isinstance(events, list)
+    # Empty list is expected for non-existent calendar
+    assert len(events) == 0

    logger.info("Error handling tests completed successfully")
@@ -15,7 +15,7 @@ logger = logging.getLogger(__name__)

@pytest.mark.integration
 async def test_calendar_event_custom_fields_preservation(nc_client):
-    """Test that demonstrates loss of non-supported iCal fields during round-trip operations."""
+    """Test that custom iCal fields are preserved during round-trip update operations."""
    calendar_name = "personal"

    # Create an event with standard fields
@@ -32,7 +32,12 @@ async def test_calendar_event_custom_fields_preservation(nc_client):
    event_uid = result["uid"]

    try:
-        # Now manually inject a custom iCal property by creating a new version with raw iCal
+        # Get the calendar object from the caldav library
+        calendar = nc_client.calendar._get_calendar(calendar_name)
+        event = await calendar.event_by_uid(event_uid)
+        await event.load()
+
+        # Now manually inject custom iCal properties into the raw data
        # This simulates what would happen if the event was created by another CalDAV client
        # with extended properties
        custom_ical = f"""BEGIN:VCALENDAR
@@ -57,22 +62,15 @@ LAST-MODIFIED:{datetime.now().strftime("%Y%m%dT%H%M%SZ")}
 END:VEVENT
 END:VCALENDAR"""

-        # Direct CalDAV PUT to inject the custom iCal
-        event_path = f"/remote.php/dav/calendars/{nc_client.calendar.username}/{calendar_name}/{event_uid}.ics"
-        await nc_client.calendar._make_request(
-            "PUT",
-            event_path,
-            content=custom_ical,
-            headers={"Content-Type": "text/calendar; charset=utf-8"},
-        )
+        # Update the event's raw data and save
+        event.data = custom_ical
+        await event.save()

        logger.info(f"Injected custom iCal properties into event {event_uid}")

-        # Retrieve the event to confirm custom fields are present in raw iCal
-        response = await nc_client.calendar._make_request(
-            "GET", event_path, headers={"Accept": "text/calendar"}
-        )
-        raw_ical_before = response.text
+        # Reload the event to confirm custom fields are present
+        await event.load()
+        raw_ical_before = event.data

        logger.info("Raw iCal before update:")
        logger.info(raw_ical_before)
@@ -93,31 +91,24 @@ END:VCALENDAR"""
        await nc_client.calendar.update_event(calendar_name, event_uid, update_data)
        logger.info(f"Updated event {event_uid} through MCP client")

-        # Retrieve the event again to see if custom fields survived
-        response_after = await nc_client.calendar._make_request(
-            "GET", event_path, headers={"Accept": "text/calendar"}
-        )
-        raw_ical_after = response_after.text
+        # Reload the event to see if custom fields survived
+        await event.load()
+        raw_ical_after = event.data

        logger.info("Raw iCal after update:")
        logger.info(raw_ical_after)

-        # THIS IS THE TEST THAT SHOULD FAIL - custom fields should be preserved but won't be
-        try:
-            assert (
-                "X-CUSTOM-FIELD:This is a custom field that should be preserved"
-                in raw_ical_after
-            ), "Custom field X-CUSTOM-FIELD was lost during round-trip update"
-            assert "X-VENDOR-SPECIFIC:Vendor specific data" in raw_ical_after, (
-                "Custom field X-VENDOR-SPECIFIC was lost during round-trip update"
-            )
-            logger.info(
-                "✓ Custom fields were preserved (unexpected - this should fail with current implementation)"
-            )
-        except AssertionError as e:
-            logger.error(f"✗ Custom fields were lost during round-trip update: {e}")
-            # Re-raise to show the test failure
-            raise
+        # THIS IS THE CRITICAL TEST - custom fields should be preserved
+        assert (
+            "X-CUSTOM-FIELD:This is a custom field that should be preserved"
+            in raw_ical_after
+        ), "Custom field X-CUSTOM-FIELD was lost during round-trip update"
+
+        assert "X-VENDOR-SPECIFIC:Vendor specific data" in raw_ical_after, (
+            "Custom field X-VENDOR-SPECIFIC was lost during round-trip update"
+        )
+
+        logger.info("✓ Custom fields were preserved during update")

    finally:
        # Cleanup
@@ -299,7 +290,7 @@ END:VCARD"""

@pytest.mark.integration
 async def test_calendar_event_roundtrip_data_loss_demonstration(nc_client):
-    """Demonstrates specific data loss scenarios in calendar events."""
+    """Test that extended iCal properties are preserved during round-trip update operations."""
    calendar_name = "personal"

    event_data = {
@@ -313,6 +304,11 @@ async def test_calendar_event_roundtrip_data_loss_demonstration(nc_client):
    event_uid = result["uid"]

    try:
+        # Get the calendar object and event
+        calendar = nc_client.calendar._get_calendar(calendar_name)
+        event = await calendar.event_by_uid(event_uid)
+        await event.load()
+
        # Inject additional iCal properties that are valid but not supported by our parser
        extended_ical = f"""BEGIN:VCALENDAR
 VERSION:2.0
@@ -342,20 +338,13 @@ LAST-MODIFIED:{datetime.now().strftime("%Y%m%dT%H%M%SZ")}
 END:VEVENT
 END:VCALENDAR"""

-        # Inject the extended iCal
-        event_path = f"/remote.php/dav/calendars/{nc_client.calendar.username}/{calendar_name}/{event_uid}.ics"
-        await nc_client.calendar._make_request(
-            "PUT",
-            event_path,
-            content=extended_ical,
-            headers={"Content-Type": "text/calendar; charset=utf-8"},
-        )
+        # Update the event's raw data and save
+        event.data = extended_ical
+        await event.save()

-        # Verify extended properties are present
-        response = await nc_client.calendar._make_request(
-            "GET", event_path, headers={"Accept": "text/calendar"}
-        )
-        original_ical = response.text
+        # Reload to verify extended properties are present
+        await event.load()
+        original_ical = event.data

        # Confirm extended properties exist
        extended_properties = [
@@ -392,11 +381,9 @@ END:VCALENDAR"""
        update_data = {"location": "Conference Room B"}  # Simple location change
        await nc_client.calendar.update_event(calendar_name, event_uid, update_data)

-        # Check what survived the round-trip
-        response_after = await nc_client.calendar._make_request(
-            "GET", event_path, headers={"Accept": "text/calendar"}
-        )
-        updated_ical = response_after.text
+        # Reload the event to check what survived the round-trip
+        await event.load()
+        updated_ical = event.data

        logger.info("Checking which properties survived the update...")

@@ -423,13 +410,16 @@ END:VCALENDAR"""
                    lost.append(prop)

        logger.info(f"Properties that SURVIVED: {survived}")
-        logger.error(f"Properties that were LOST: {lost}")
+        if lost:
+            logger.error(f"Properties that were LOST: {lost}")

-        # This test should fail - we expect data loss
+        # Assert that all extended properties were preserved
        assert len(lost) == 0, (
            f"Round-trip update lost {len(lost)} extended properties: {lost}"
        )

+        logger.info("✓ All extended properties preserved during update")
+
    finally:
        try:
            await nc_client.calendar.delete_event(calendar_name, event_uid)
@@ -0,0 +1,498 @@
+"""Integration tests for Calendar VTODO (task) operations."""
+
+import logging
+import uuid
+from datetime import datetime, timedelta
+
+import pytest
+from httpx import HTTPStatusError
+
+from nextcloud_mcp_server.client import NextcloudClient
+
+logger = logging.getLogger(__name__)
+
+# Mark all tests in this module as integration tests
+pytestmark = pytest.mark.integration
+
+
+@pytest.fixture
+async def temporary_todo(nc_client: NextcloudClient, temporary_calendar: str):
+    """Create a temporary todo for testing and clean up afterward."""
+    todo_uid = None
+    calendar_name = temporary_calendar
+
+    # Create a test todo
+    tomorrow = datetime.now() + timedelta(days=1)
+    todo_data = {
+        "summary": f"Test Task {uuid.uuid4().hex[:8]}",
+        "description": "Test todo created by integration tests",
+        "status": "NEEDS-ACTION",
+        "priority": 5,
+        "due": tomorrow.strftime("%Y-%m-%dT18:00:00"),
+        "categories": "testing",
+    }
+
+    try:
+        logger.info(f"Creating temporary todo in calendar: {calendar_name}")
+        result = await nc_client.calendar.create_todo(calendar_name, todo_data)
+        todo_uid = result.get("uid")
+
+        if not todo_uid:
+            pytest.fail("Failed to create temporary todo")
+
+        logger.info(f"Created temporary todo with UID: {todo_uid}")
+        yield {"uid": todo_uid, "calendar_name": calendar_name, "data": todo_data}
+
+    finally:
+        # Cleanup
+        if todo_uid:
+            try:
+                logger.info(f"Cleaning up temporary todo: {todo_uid}")
+                await nc_client.calendar.delete_todo(calendar_name, todo_uid)
+                logger.info(f"Successfully deleted temporary todo: {todo_uid}")
+            except HTTPStatusError as e:
+                if e.response.status_code != 404:
+                    logger.error(f"Error deleting temporary todo {todo_uid}: {e}")
+            except Exception as e:
+                logger.error(
+                    f"Unexpected error deleting temporary todo {todo_uid}: {e}"
+                )
+
+
+# ============= Basic CRUD Tests =============
+
+
+async def test_create_and_delete_todo(
+    nc_client: NextcloudClient, temporary_calendar: str
+):
+    """Test creating and deleting a basic todo."""
+    calendar_name = temporary_calendar
+
+    # Create todo
+    tomorrow = datetime.now() + timedelta(days=1)
+    todo_data = {
+        "summary": "Integration Test Task",
+        "description": "Test task for integration testing",
+        "status": "NEEDS-ACTION",
+        "priority": 3,
+        "due": tomorrow.strftime("%Y-%m-%dT18:00:00"),
+        "categories": "testing,integration",
+    }
+
+    try:
+        result = await nc_client.calendar.create_todo(calendar_name, todo_data)
+        assert "uid" in result
+        assert result["status_code"] in [200, 201, 204]
+
+        todo_uid = result["uid"]
+        logger.info(f"Created todo with UID: {todo_uid}")
+
+        # Verify todo was created by listing todos
+        todos = await nc_client.calendar.list_todos(calendar_name)
+        todo_uids = [todo.get("uid") for todo in todos]
+        assert todo_uid in todo_uids
+
+        # Find our todo in the list
+        our_todo = next((t for t in todos if t.get("uid") == todo_uid), None)
+        assert our_todo is not None
+        assert our_todo["summary"] == "Integration Test Task"
+        assert our_todo["status"] == "NEEDS-ACTION"
+        assert our_todo["priority"] == 3
+
+        # Delete todo
+        delete_result = await nc_client.calendar.delete_todo(calendar_name, todo_uid)
+        assert delete_result["status_code"] in [200, 204, 404]
+
+        logger.info(f"Successfully deleted todo: {todo_uid}")
+
+    except Exception as e:
+        logger.error(f"Test failed: {e}")
+        raise
+
+
+async def test_list_todos(nc_client: NextcloudClient, temporary_calendar: str):
+    """Test listing todos in a calendar."""
+    calendar_name = temporary_calendar
+
+    # Create multiple todos
+    todo_uids = []
+    for i in range(3):
+        todo_data = {
+            "summary": f"Test Task {i + 1}",
+            "description": f"Task number {i + 1}",
+            "status": "NEEDS-ACTION",
+            "priority": i + 1,
+        }
+        result = await nc_client.calendar.create_todo(calendar_name, todo_data)
+        todo_uids.append(result["uid"])
+
+    try:
+        # List todos
+        todos = await nc_client.calendar.list_todos(calendar_name)
+
+        assert isinstance(todos, list)
+        assert len(todos) >= 3  # At least our 3 todos
+
+        # Check structure
+        for todo in todos:
+            assert "uid" in todo
+            assert "summary" in todo
+            assert "status" in todo
+            assert "priority" in todo
+
+        # Verify our todos are in the list
+        listed_uids = [todo["uid"] for todo in todos]
+        for uid in todo_uids:
+            assert uid in listed_uids
+
+        logger.info(f"Found {len(todos)} todos in calendar")
+
+    finally:
+        # Cleanup
+        for uid in todo_uids:
+            try:
+                await nc_client.calendar.delete_todo(calendar_name, uid)
+            except Exception:
+                pass
+
+
+async def test_update_todo(nc_client: NextcloudClient, temporary_todo: dict):
+    """Test updating an existing todo."""
+    calendar_name = temporary_todo["calendar_name"]
+    todo_uid = temporary_todo["uid"]
+
+    # Update todo data
+    updated_data = {
+        "summary": "Updated Test Task Title",
+        "description": "Updated description for test task",
+        "status": "IN-PROCESS",
+        "priority": 1,  # High priority
+        "percent_complete": 50,
+    }
+
+    try:
+        result = await nc_client.calendar.update_todo(
+            calendar_name, todo_uid, updated_data
+        )
+        assert result["uid"] == todo_uid
+
+        # Verify updates by listing todos
+        todos = await nc_client.calendar.list_todos(calendar_name)
+        updated_todo = next((t for t in todos if t["uid"] == todo_uid), None)
+
+        assert updated_todo is not None
+        assert updated_todo["summary"] == "Updated Test Task Title"
+        assert updated_todo["description"] == "Updated description for test task"
+        assert updated_todo["status"] == "IN-PROCESS"
+        assert updated_todo["priority"] == 1
+        assert updated_todo["percent_complete"] == 50
+
+        logger.info(f"Successfully updated todo: {todo_uid}")
+
+    except Exception as e:
+        logger.error(f"Todo update test failed: {e}")
+        raise
+
+
+async def test_todo_with_dates(nc_client: NextcloudClient, temporary_calendar: str):
+    """Test creating a todo with start, due, and completed dates."""
+    calendar_name = temporary_calendar
+
+    now = datetime.now()
+    start_date = now + timedelta(days=1)
+    due_date = now + timedelta(days=7)
+
+    todo_data = {
+        "summary": "Task with Dates",
+        "description": "Test task with various date fields",
+        "status": "NEEDS-ACTION",
+        "dtstart": start_date.strftime("%Y-%m-%dT09:00:00"),
+        "due": due_date.strftime("%Y-%m-%dT17:00:00"),
+    }
+
+    try:
+        result = await nc_client.calendar.create_todo(calendar_name, todo_data)
+        todo_uid = result["uid"]
+        logger.info(f"Created todo with dates, UID: {todo_uid}")
+
+        # Verify dates
+        todos = await nc_client.calendar.list_todos(calendar_name)
+        created_todo = next((t for t in todos if t["uid"] == todo_uid), None)
+
+        assert created_todo is not None
+        assert created_todo["summary"] == "Task with Dates"
+        assert "dtstart" in created_todo
+        assert "due" in created_todo
+
+        # Cleanup
+        await nc_client.calendar.delete_todo(calendar_name, todo_uid)
+
+    except Exception as e:
+        logger.error(f"Date handling test failed: {e}")
+        raise
+
+
+# ============= Advanced Feature Tests =============
+
+
+async def test_todo_status_transitions(
+    nc_client: NextcloudClient, temporary_calendar: str
+):
+    """Test transitioning through different todo statuses."""
+    calendar_name = temporary_calendar
+
+    todo_data = {
+        "summary": "Status Transition Test",
+        "description": "Testing status changes",
+        "status": "NEEDS-ACTION",
+    }
+
+    result = await nc_client.calendar.create_todo(calendar_name, todo_data)
+    todo_uid = result["uid"]
+
+    try:
+        # Transition: NEEDS-ACTION → IN-PROCESS
+        await nc_client.calendar.update_todo(
+            calendar_name,
+            todo_uid,
+            {"status": "IN-PROCESS", "percent_complete": 25},
+        )
+
+        todos = await nc_client.calendar.list_todos(calendar_name)
+        todo = next((t for t in todos if t["uid"] == todo_uid), None)
+        assert todo["status"] == "IN-PROCESS"
+        assert todo["percent_complete"] == 25
+
+        # Transition: IN-PROCESS → COMPLETED
+        completed_time = datetime.now().strftime("%Y-%m-%dT%H:%M:%S")
+        await nc_client.calendar.update_todo(
+            calendar_name,
+            todo_uid,
+            {
+                "status": "COMPLETED",
+                "percent_complete": 100,
+                "completed": completed_time,
+            },
+        )
+
+        todos = await nc_client.calendar.list_todos(calendar_name)
+        todo = next((t for t in todos if t["uid"] == todo_uid), None)
+        assert todo["status"] == "COMPLETED"
+        assert todo["percent_complete"] == 100
+        assert "completed" in todo
+
+        logger.info(f"Successfully transitioned todo through statuses: {todo_uid}")
+
+    finally:
+        await nc_client.calendar.delete_todo(calendar_name, todo_uid)
+
+
+async def test_todo_priority_levels(
+    nc_client: NextcloudClient, temporary_calendar: str
+):
+    """Test different priority levels (0=undefined, 1=highest, 9=lowest)."""
+    calendar_name = temporary_calendar
+    priorities = [0, 1, 5, 9]
+    priority_labels = {0: "Undefined", 1: "Highest", 5: "Medium", 9: "Lowest"}
+    todo_uids = []
+
+    try:
+        # Create todos with different priorities
+        for priority in priorities:
+            todo_data = {
+                "summary": f"Priority {priority} Task ({priority_labels[priority]})",
+                "status": "NEEDS-ACTION",
+                "priority": priority,
+            }
+            result = await nc_client.calendar.create_todo(calendar_name, todo_data)
+            todo_uids.append((result["uid"], priority))
+
+        # Verify all priorities
+        todos = await nc_client.calendar.list_todos(calendar_name)
+
+        for uid, expected_priority in todo_uids:
+            todo = next((t for t in todos if t["uid"] == uid), None)
+            assert todo is not None
+            assert todo["priority"] == expected_priority
+
+        logger.info(f"Successfully tested priority levels: {priorities}")
+
+    finally:
+        # Cleanup
+        for uid, _ in todo_uids:
+            try:
+                await nc_client.calendar.delete_todo(calendar_name, uid)
+            except Exception:
+                pass
+
+
+async def test_todo_with_categories(
+    nc_client: NextcloudClient, temporary_calendar: str
+):
+    """Test creating a todo with multiple categories."""
+    calendar_name = temporary_calendar
+
+    todo_data = {
+        "summary": "Task with Categories",
+        "description": "Testing category support",
+        "status": "NEEDS-ACTION",
+        "categories": "work,meeting,important,quarterly",
+    }
+
+    try:
+        result = await nc_client.calendar.create_todo(calendar_name, todo_data)
+        todo_uid = result["uid"]
+        logger.info(f"Created todo with categories, UID: {todo_uid}")
+
+        # Verify categories
+        todos = await nc_client.calendar.list_todos(calendar_name)
+        created_todo = next((t for t in todos if t["uid"] == todo_uid), None)
+
+        assert created_todo is not None
+        assert "categories" in created_todo
+        categories_str = created_todo["categories"]
+        assert "work" in categories_str
+        assert "meeting" in categories_str
+        assert "important" in categories_str
+        assert "quarterly" in categories_str
+
+        # Cleanup
+        await nc_client.calendar.delete_todo(calendar_name, todo_uid)
+
+    except Exception as e:
+        logger.error(f"Categories test failed: {e}")
+        raise
+
+
+async def test_search_todos_across_calendars(
+    nc_client: NextcloudClient, temporary_calendar: str, shared_calendar_2: str
+):
+    """Test searching for todos across multiple calendars.
+
+    Uses two shared test calendars to avoid rate limiting.
+    """
+    # Use existing shared calendars to avoid rate limits
+    cal1_name = temporary_calendar  # First shared test calendar
+    cal2_name = shared_calendar_2  # Second shared test calendar
+
+    try:
+        # Create todos in both calendars
+        todo1_data = {"summary": "Task in Calendar 1", "status": "NEEDS-ACTION"}
+        todo2_data = {"summary": "Task in Calendar 2", "status": "IN-PROCESS"}
+
+        result1 = await nc_client.calendar.create_todo(cal1_name, todo1_data)
+        result2 = await nc_client.calendar.create_todo(cal2_name, todo2_data)
+
+        # Search across all calendars
+        all_todos = await nc_client.calendar.search_todos_across_calendars()
+
+        assert isinstance(all_todos, list)
+
+        # Find our todos
+        todo1 = next((t for t in all_todos if t["uid"] == result1["uid"]), None)
+        todo2 = next((t for t in all_todos if t["uid"] == result2["uid"]), None)
+
+        assert todo1 is not None
+        assert todo2 is not None
+        assert "calendar_name" in todo1
+        assert "calendar_name" in todo2
+        assert todo1["calendar_name"] == cal1_name
+        assert todo2["calendar_name"] == cal2_name
+
+        logger.info(f"Found {len(all_todos)} todos across all calendars")
+
+    finally:
+        # Cleanup: Delete only the todos we created (calendars are reused/built-in)
+        try:
+            await nc_client.calendar.delete_todo(cal1_name, result1["uid"])
+        except Exception:
+            pass
+        try:
+            await nc_client.calendar.delete_todo(cal2_name, result2["uid"])
+        except Exception:
+            pass
+
+
+# ============= Edge Case Tests =============
+
+
+async def test_get_nonexistent_todo(
+    nc_client: NextcloudClient, temporary_calendar: str
+):
+    """Test attempting to retrieve a non-existent todo."""
+    calendar_name = temporary_calendar
+    fake_uid = f"nonexistent-{uuid.uuid4()}"
+
+    # List todos to ensure it doesn't exist
+    todos = await nc_client.calendar.list_todos(calendar_name)
+    matching_todos = [t for t in todos if t.get("uid") == fake_uid]
+    assert len(matching_todos) == 0
+
+    logger.info(f"Verified nonexistent todo UID: {fake_uid}")
+
+
+async def test_delete_nonexistent_todo(
+    nc_client: NextcloudClient, temporary_calendar: str
+):
+    """Test deleting a non-existent todo."""
+    calendar_name = temporary_calendar
+    fake_uid = f"nonexistent-{uuid.uuid4()}"
+
+    result = await nc_client.calendar.delete_todo(calendar_name, fake_uid)
+    assert result["status_code"] == 404
+    logger.info(f"Correctly got 404 for deleting nonexistent todo: {fake_uid}")
+
+
+async def test_list_todos_with_filters(
+    nc_client: NextcloudClient, temporary_calendar: str
+):
+    """Test listing todos with various filters."""
+    calendar_name = temporary_calendar
+
+    # Create todos with different statuses and priorities
+    test_todos = [
+        {
+            "summary": "High Priority Task",
+            "status": "NEEDS-ACTION",
+            "priority": 1,
+            "categories": "urgent",
+        },
+        {
+            "summary": "In Progress Task",
+            "status": "IN-PROCESS",
+            "priority": 5,
+            "categories": "work",
+        },
+        {
+            "summary": "Low Priority Task",
+            "status": "NEEDS-ACTION",
+            "priority": 9,
+            "categories": "someday",
+        },
+    ]
+
+    created_uids = []
+
+    try:
+        # Create test todos
+        for todo_data in test_todos:
+            result = await nc_client.calendar.create_todo(calendar_name, todo_data)
+            created_uids.append(result["uid"])
+
+        # Test basic list without filters
+        all_todos = await nc_client.calendar.list_todos(calendar_name)
+        assert len(all_todos) >= 3
+
+        # Verify all our todos are in the list
+        our_todo_uids = [t["uid"] for t in all_todos if t["uid"] in created_uids]
+        assert len(our_todo_uids) == 3
+
+        logger.info(f"Successfully created and listed {len(created_uids)} test todos")
+
+    finally:
+        # Cleanup
+        for uid in created_uids:
+            try:
+                await nc_client.calendar.delete_todo(calendar_name, uid)
+            except Exception:
+                pass
@@ -0,0 +1,386 @@
+import asyncio
+import logging
+import uuid
+
+import pytest
+from httpx import HTTPStatusError
+
+from nextcloud_mcp_server.client import NextcloudClient
+
+logger = logging.getLogger(__name__)
+
+# Mark all tests in this module as integration tests
+pytestmark = pytest.mark.integration
+
+
+async def test_cookbook_version(nc_client: NextcloudClient):
+    """Test getting Cookbook app version."""
+    logger.info("Getting Cookbook app version")
+    version_data = await nc_client.cookbook.get_version()
+
+    assert "cookbook_version" in version_data
+    assert "api_version" in version_data
+    logger.info(f"Cookbook version: {version_data}")
+
+
+async def test_cookbook_config(nc_client: NextcloudClient):
+    """Test getting Cookbook app configuration."""
+    logger.info("Getting Cookbook app configuration")
+    config_data = await nc_client.cookbook.get_config()
+
+    # Config may be empty initially, just verify we can get it
+    assert isinstance(config_data, dict)
+    logger.info(f"Cookbook config: {config_data}")
+
+
+async def test_cookbook_list_recipes(nc_client: NextcloudClient):
+    """Test listing all recipes."""
+    logger.info("Listing all recipes")
+    recipes = await nc_client.cookbook.list_recipes()
+
+    assert isinstance(recipes, list)
+    logger.info(f"Found {len(recipes)} recipes")
+
+
+async def test_cookbook_create_and_read_recipe(nc_client: NextcloudClient):
+    """Test creating a recipe and reading it back."""
+    # Create a test recipe
+    recipe_name = f"Test Recipe {uuid.uuid4().hex[:8]}"
+    recipe_data = {
+        "name": recipe_name,
+        "description": "A test recipe for integration testing",
+        "recipeIngredient": ["100g flour", "2 eggs", "200ml milk"],
+        "recipeInstructions": [
+            "Mix ingredients",
+            "Cook for 20 minutes",
+            "Serve hot",
+        ],
+        "recipeCategory": "Test",
+        "keywords": "test,integration",
+        "recipeYield": 4,
+        "prepTime": "PT15M",
+        "cookTime": "PT20M",
+        "totalTime": "PT35M",
+    }
+
+    logger.info(f"Creating recipe: {recipe_name}")
+    recipe_id = await nc_client.cookbook.create_recipe(recipe_data)
+    logger.info(f"Created recipe with ID: {recipe_id}")
+
+    try:
+        # Read the recipe back
+        logger.info(f"Reading recipe ID: {recipe_id}")
+        retrieved_recipe = await nc_client.cookbook.get_recipe(recipe_id)
+
+        assert retrieved_recipe["name"] == recipe_name
+        assert (
+            retrieved_recipe["description"] == "A test recipe for integration testing"
+        )
+        assert len(retrieved_recipe["recipeIngredient"]) == 3
+        assert len(retrieved_recipe["recipeInstructions"]) == 3
+        assert retrieved_recipe["recipeCategory"] == "Test"
+        assert retrieved_recipe["recipeYield"] == 4
+        logger.info(f"Successfully verified recipe: {recipe_name}")
+
+    finally:
+        # Clean up
+        logger.info(f"Deleting recipe ID: {recipe_id}")
+        await nc_client.cookbook.delete_recipe(recipe_id)
+        logger.info(f"Successfully deleted recipe ID: {recipe_id}")
+
+
+async def test_cookbook_update_recipe(nc_client: NextcloudClient):
+    """Test updating a recipe."""
+    # Create a test recipe
+    recipe_name = f"Test Recipe {uuid.uuid4().hex[:8]}"
+    recipe_data = {
+        "name": recipe_name,
+        "description": "Original description",
+        "recipeIngredient": ["100g flour"],
+        "recipeInstructions": ["Mix ingredients"],
+        "recipeCategory": "Original",
+    }
+
+    logger.info(f"Creating recipe for update test: {recipe_name}")
+    recipe_id = await nc_client.cookbook.create_recipe(recipe_data)
+
+    try:
+        # Get the current recipe first
+        current_recipe = await nc_client.cookbook.get_recipe(recipe_id)
+
+        # Update the recipe with all required fields
+        updated_data = current_recipe.copy()
+        updated_data["description"] = "Updated description"
+        updated_data["recipeIngredient"] = ["100g flour", "2 eggs"]
+        updated_data["recipeInstructions"] = ["Mix ingredients", "Cook"]
+        updated_data["recipeCategory"] = "Updated"
+
+        logger.info(f"Updating recipe ID: {recipe_id}")
+        updated_id = await nc_client.cookbook.update_recipe(recipe_id, updated_data)
+        assert updated_id == recipe_id
+
+        # Verify the update
+        await asyncio.sleep(1)  # Allow propagation
+        updated_recipe = await nc_client.cookbook.get_recipe(recipe_id)
+        assert updated_recipe["description"] == "Updated description"
+        assert len(updated_recipe["recipeIngredient"]) == 2
+        assert len(updated_recipe["recipeInstructions"]) == 2
+        assert updated_recipe["recipeCategory"] == "Updated"
+        logger.info(f"Successfully updated recipe ID: {recipe_id}")
+
+    finally:
+        # Clean up
+        logger.info(f"Deleting recipe ID: {recipe_id}")
+        await nc_client.cookbook.delete_recipe(recipe_id)
+
+
+async def test_cookbook_delete_nonexistent_recipe(nc_client: NextcloudClient):
+    """Test deleting a non-existent recipe.
+
+    Note: The Cookbook API may return 502 or succeed silently for non-existent IDs
+    rather than 404. This test verifies the behavior."""
+    non_existent_id = 999999999
+
+    logger.info(f"Attempting to delete non-existent recipe ID: {non_existent_id}")
+    try:
+        result = await nc_client.cookbook.delete_recipe(non_existent_id)
+        logger.info(f"Delete returned: {result}")
+        # API may succeed silently or return an error message
+        assert isinstance(result, str)
+    except HTTPStatusError as e:
+        # API may return 404 or 502 for non-existent recipes
+        assert e.response.status_code in [404, 502]
+        logger.info(f"Delete correctly failed with {e.response.status_code}")
+
+
+async def test_cookbook_import_recipe_from_url(nc_client: NextcloudClient):
+    """Test importing a recipe from a URL.
+
+    This is the key feature test - importing recipes from URLs using schema.org metadata.
+    Uses an nginx container to serve reliable, controlled test data.
+    """
+
+    # Use the nginx container hostname within the Docker network
+    test_url = "http://recipes/black-pepper-tofu"
+
+    logger.info(f"Importing recipe from nginx container: {test_url}")
+
+    try:
+        imported_recipe = await nc_client.cookbook.import_recipe(test_url)
+        logger.info(f"Successfully imported recipe: {imported_recipe.get('name')}")
+
+        # Verify basic recipe structure
+        assert "name" in imported_recipe
+        assert imported_recipe["name"] == "Black Pepper Tofu"
+        assert "id" in imported_recipe
+
+        # Verify schema.org fields were imported correctly
+        assert imported_recipe.get("description")
+        assert len(imported_recipe.get("recipeIngredient", [])) > 0
+        assert len(imported_recipe.get("recipeInstructions", [])) > 0
+        assert imported_recipe.get("recipeCategory") == "Main Course"
+        assert "tofu" in imported_recipe.get("keywords", "").lower()
+
+        recipe_id = int(imported_recipe["id"])
+
+        # Verify we can read it back
+        retrieved = await nc_client.cookbook.get_recipe(recipe_id)
+        assert retrieved["name"] == imported_recipe["name"]
+        logger.info(f"Verified imported recipe ID: {recipe_id}")
+
+        # Clean up
+        logger.info(f"Deleting imported recipe ID: {recipe_id}")
+        await nc_client.cookbook.delete_recipe(recipe_id)
+        logger.info("Successfully deleted imported recipe")
+
+    except HTTPStatusError as e:
+        if e.response.status_code == 409:
+            # Recipe already exists - this is acceptable in tests
+            logger.warning("Recipe already exists (409 conflict)")
+            pytest.skip("Recipe already exists in test environment")
+        elif e.response.status_code == 400:
+            # URL couldn't be imported
+            logger.error(
+                f"Failed to import recipe from nginx container: {test_url}. "
+                f"Status: {e.response.status_code}, Response: {e.response.text}"
+            )
+            raise
+        else:
+            raise
+
+
+async def test_cookbook_search_recipes(nc_client: NextcloudClient):
+    """Test searching for recipes."""
+    # Create a test recipe with unique keywords
+    unique_keyword = f"testkeyword{uuid.uuid4().hex[:8]}"
+    recipe_name = f"Test Recipe {uuid.uuid4().hex[:8]}"
+    recipe_data = {
+        "name": recipe_name,
+        "description": f"Recipe for testing search with {unique_keyword}",
+        "keywords": unique_keyword,
+        "recipeIngredient": ["test ingredient"],
+        "recipeInstructions": ["test instruction"],
+    }
+
+    logger.info(f"Creating recipe for search test with keyword: {unique_keyword}")
+    recipe_id = await nc_client.cookbook.create_recipe(recipe_data)
+
+    try:
+        # Allow time for indexing
+        await asyncio.sleep(2)
+
+        # Search for the recipe
+        logger.info(f"Searching for recipes with keyword: {unique_keyword}")
+        search_results = await nc_client.cookbook.search_recipes(unique_keyword)
+
+        assert isinstance(search_results, list)
+        # Should find at least our recipe
+        assert len(search_results) > 0
+
+        # Verify our recipe is in the results
+        found = any(str(r.get("id")) == str(recipe_id) for r in search_results)
+        assert found, f"Recipe {recipe_id} not found in search results"
+        logger.info(f"Successfully found recipe {recipe_id} in search results")
+
+    finally:
+        # Clean up
+        logger.info(f"Deleting recipe ID: {recipe_id}")
+        await nc_client.cookbook.delete_recipe(recipe_id)
+
+
+async def test_cookbook_list_categories(nc_client: NextcloudClient):
+    """Test listing recipe categories."""
+    logger.info("Listing recipe categories")
+    categories = await nc_client.cookbook.list_categories()
+
+    assert isinstance(categories, list)
+    logger.info(f"Found {len(categories)} categories")
+
+    # Each category should have name and recipe_count
+    if categories:
+        assert "name" in categories[0]
+        assert "recipe_count" in categories[0]
+
+
+async def test_cookbook_get_recipes_in_category(nc_client: NextcloudClient):
+    """Test getting recipes in a specific category."""
+    # Create a recipe in a test category
+    unique_category = f"TestCategory{uuid.uuid4().hex[:8]}"
+    recipe_name = f"Test Recipe {uuid.uuid4().hex[:8]}"
+    recipe_data = {
+        "name": recipe_name,
+        "recipeCategory": unique_category,
+        "recipeIngredient": ["test"],
+        "recipeInstructions": ["test"],
+    }
+
+    logger.info(f"Creating recipe in category: {unique_category}")
+    recipe_id = await nc_client.cookbook.create_recipe(recipe_data)
+
+    try:
+        # Allow time for indexing
+        await asyncio.sleep(2)
+
+        # Get recipes in this category
+        logger.info(f"Getting recipes in category: {unique_category}")
+        recipes_in_category = await nc_client.cookbook.get_recipes_in_category(
+            unique_category
+        )
+
+        assert isinstance(recipes_in_category, list)
+        assert len(recipes_in_category) > 0
+
+        # Verify our recipe is in the results
+        found = any(str(r.get("id")) == str(recipe_id) for r in recipes_in_category)
+        assert found, f"Recipe {recipe_id} not found in category {unique_category}"
+        logger.info(f"Successfully found recipe in category {unique_category}")
+
+    finally:
+        # Clean up
+        logger.info(f"Deleting recipe ID: {recipe_id}")
+        await nc_client.cookbook.delete_recipe(recipe_id)
+
+
+async def test_cookbook_list_keywords(nc_client: NextcloudClient):
+    """Test listing recipe keywords."""
+    logger.info("Listing recipe keywords")
+    keywords = await nc_client.cookbook.list_keywords()
+
+    assert isinstance(keywords, list)
+    logger.info(f"Found {len(keywords)} keywords")
+
+    # Each keyword should have name and recipe_count
+    if keywords:
+        assert "name" in keywords[0]
+        assert "recipe_count" in keywords[0]
+
+
+async def test_cookbook_get_recipes_with_keywords(nc_client: NextcloudClient):
+    """Test getting recipes with specific keywords.
+
+    Note: The keywords filtering may require exact keyword matches and sufficient
+    indexing time. This test uses a longer wait time."""
+    # Create a recipe with unique keywords
+    unique_keyword = f"testtag{uuid.uuid4().hex[:8]}"
+    recipe_name = f"Test Recipe {uuid.uuid4().hex[:8]}"
+    recipe_data = {
+        "name": recipe_name,
+        "keywords": f"{unique_keyword},integration",
+        "recipeIngredient": ["test"],
+        "recipeInstructions": ["test"],
+    }
+
+    logger.info(f"Creating recipe with keyword: {unique_keyword}")
+    recipe_id = await nc_client.cookbook.create_recipe(recipe_data)
+
+    try:
+        # Allow extra time for indexing
+        await asyncio.sleep(3)
+
+        # Trigger a reindex to ensure the recipe is indexed
+        await nc_client.cookbook.reindex()
+        await asyncio.sleep(2)
+
+        # Get recipes with this keyword
+        logger.info(f"Getting recipes with keyword: {unique_keyword}")
+        recipes_with_keywords = await nc_client.cookbook.get_recipes_with_keywords(
+            [unique_keyword]
+        )
+
+        assert isinstance(recipes_with_keywords, list)
+        # Keyword filtering might not find recipes immediately due to indexing
+        # Log the results for debugging
+        logger.info(
+            f"Found {len(recipes_with_keywords)} recipes with keyword {unique_keyword}"
+        )
+
+        if len(recipes_with_keywords) > 0:
+            # Verify our recipe is in the results if any are found
+            found = any(
+                str(r.get("id")) == str(recipe_id) for r in recipes_with_keywords
+            )
+            if found:
+                logger.info(f"Successfully found recipe with keyword {unique_keyword}")
+            else:
+                logger.warning(
+                    f"Recipe {recipe_id} not in keyword results, but other recipes found"
+                )
+        else:
+            logger.warning(
+                f"No recipes found with keyword {unique_keyword} - may be indexing delay"
+            )
+
+    finally:
+        # Clean up
+        logger.info(f"Deleting recipe ID: {recipe_id}")
+        await nc_client.cookbook.delete_recipe(recipe_id)
+
+
+async def test_cookbook_reindex(nc_client: NextcloudClient):
+    """Test triggering a reindex of recipes."""
+    logger.info("Triggering recipe reindex")
+    result = await nc_client.cookbook.reindex()
+
+    # Should return a success message
+    assert isinstance(result, str)
+    logger.info(f"Reindex result: {result}")
@@ -30,7 +30,7 @@ async def test_oauth_client_capabilities(nc_oauth_client: NextcloudClient):

 async def test_oauth_client_notes_list(nc_oauth_client: NextcloudClient):
    """Test that OAuth client can list notes."""
-    notes = await nc_oauth_client.notes.get_all_notes()
+    notes = [note async for note in nc_oauth_client.notes.get_all_notes()]

    assert isinstance(notes, list)
    logger.info(f"OAuth client successfully listed {len(notes)} notes")
@@ -95,7 +95,7 @@ async def test_invalid_token_fails():
    # Attempt to use a protected endpoint - should fail with 401
    # Note: capabilities endpoint is public and doesn't require auth
    with pytest.raises(HTTPStatusError) as exc_info:
-        await invalid_client.notes.get_all_notes()
+        _ = [note async for note in invalid_client.notes.get_all_notes()]

    assert exc_info.value.response.status_code == 401

@@ -1,41 +0,0 @@
-"""Interactive integration tests for OAuth authentication."""
-
-import logging
-import os
-
-import pytest
-
-logger = logging.getLogger(__name__)
-
-pytestmark = [pytest.mark.integration, pytest.mark.oauth]
-
-
-@pytest.mark.skipif(
-    "GITHUB_ACTIONS" in os.environ,
-    reason="Unable to access interactive browser in GitHub Actions",
-)
-async def test_oauth_client_with_interactive_flow(nc_oauth_client_interactive):
-    """Test that OAuth client created via interactive flow can access Nextcloud APIs."""
-    # Test 1: Check capabilities
-    capabilities = await nc_oauth_client_interactive.capabilities()
-    assert capabilities is not None
-    logger.info("OAuth client (interactive) successfully fetched capabilities")
-
-    # Test 2: List notes
-    notes = await nc_oauth_client_interactive.notes.get_all_notes()
-    assert isinstance(notes, list)
-    logger.info(f"OAuth client (interactive) successfully listed {len(notes)} notes")
-
-    # Test 3: Create and delete a note
-    test_note = await nc_oauth_client_interactive.notes.create_note(
-        title="OAuth Interactive Test Note",
-        content="This note was created during OAuth interactive testing",
-    )
-    assert test_note is not None
-    assert test_note.get("id") is not None
-    note_id = test_note["id"]
-    logger.info(f"OAuth client (interactive) successfully created note {note_id}")
-
-    # Clean up
-    await nc_oauth_client_interactive.notes.delete_note(note_id=note_id)
-    logger.info(f"OAuth client (interactive) successfully deleted note {note_id}")
@@ -19,14 +19,14 @@ async def test_playwright_oauth_token_acquisition(playwright_oauth_token: str):
    )


-async def test_oauth_client_with_playwright_flow(nc_oauth_client_playwright):
+async def test_oauth_client_with_playwright_flow(nc_oauth_client):
    """Test that OAuth client created via Playwright flow can access Nextcloud APIs."""
    # Test 1: Check capabilities
-    capabilities = await nc_oauth_client_playwright.capabilities()
+    capabilities = await nc_oauth_client.capabilities()
    assert capabilities is not None
    logger.info("OAuth client (Playwright) successfully fetched capabilities")

    # Test 2: List notes
-    notes = await nc_oauth_client_playwright.notes.get_all_notes()
+    notes = [note async for note in nc_oauth_client.notes.get_all_notes()]
    assert isinstance(notes, list)
    logger.info(f"OAuth client (Playwright) successfully listed {len(notes)} notes")
@@ -9,7 +9,7 @@ logger = logging.getLogger(__name__)
 pytestmark = pytest.mark.integration


-@pytest.mark.asyncio
+@pytest.mark.anyio
 async def test_create_and_delete_share(nc_client):
    """Test creating and deleting a file share."""
    # Create a test user to share with
@@ -68,7 +68,7 @@ async def test_create_and_delete_share(nc_client):
            pass


-@pytest.mark.asyncio
+@pytest.mark.anyio
 async def test_update_share_permissions(nc_client):
    """Test updating share permissions."""
    # Create a test user to share with
@@ -120,7 +120,7 @@ async def test_update_share_permissions(nc_client):
            pass


-@pytest.mark.asyncio
+@pytest.mark.anyio
 async def test_list_shares(nc_client):
    """Test listing all shares."""
    # Create a test user to share with
@@ -0,0 +1,268 @@
+"""Integration tests for WebDAV search operations."""
+
+import logging
+import uuid
+
+import pytest
+
+from nextcloud_mcp_server.client import NextcloudClient
+
+logger = logging.getLogger(__name__)
+
+# Mark all tests in this module as integration tests
+pytestmark = pytest.mark.integration
+
+
+@pytest.fixture
+async def test_search_setup(nc_client: NextcloudClient):
+    """Create test files and directories for search testing."""
+    test_dir = f"mcp_search_test_{uuid.uuid4().hex[:8]}"
+
+    # Create base directory
+    await nc_client.webdav.create_directory(test_dir)
+
+    # Create various test files
+    test_files = [
+        # Text files
+        (f"{test_dir}/document1.txt", b"Sample document content", "text/plain"),
+        (f"{test_dir}/document2.txt", b"Another document", "text/plain"),
+        (f"{test_dir}/report.txt", b"Report content", "text/plain"),
+        # Markdown files
+        (f"{test_dir}/readme.md", b"# README\nMarkdown content", "text/markdown"),
+        (f"{test_dir}/notes.md", b"# Notes\nSome notes here", "text/markdown"),
+        # PDF (simulated as binary)
+        (
+            f"{test_dir}/presentation.pdf",
+            b"%PDF-1.4 fake pdf content",
+            "application/pdf",
+        ),
+        # Subdirectory with files
+        (f"{test_dir}/subdir/nested.txt", b"Nested file content", "text/plain"),
+    ]
+
+    # Create subdirectory
+    await nc_client.webdav.create_directory(f"{test_dir}/subdir")
+
+    # Write all test files
+    for file_path, content, content_type in test_files:
+        await nc_client.webdav.write_file(file_path, content, content_type)
+
+    logger.info(f"Created test directory with {len(test_files)} files: {test_dir}")
+
+    yield test_dir
+
+    # Cleanup
+    try:
+        await nc_client.webdav.delete_resource(test_dir)
+        logger.info(f"Cleaned up test directory: {test_dir}")
+    except Exception as e:
+        logger.warning(f"Failed to cleanup test directory {test_dir}: {e}")
+
+
+async def test_find_by_name_exact(nc_client: NextcloudClient, test_search_setup: str):
+    """Test finding files by exact name."""
+    results = await nc_client.webdav.find_by_name("readme.md", scope=test_search_setup)
+
+    assert len(results) >= 1, "Should find at least one readme.md file"
+
+    # Check that we found the right file
+    readme_files = [r for r in results if r.get("name") == "readme.md"]
+    assert len(readme_files) >= 1, "Should find readme.md"
+
+    logger.info(f"Found {len(results)} files matching 'readme.md'")
+
+
+async def test_find_by_name_wildcard_extension(
+    nc_client: NextcloudClient, test_search_setup: str
+):
+    """Test finding files by extension using wildcard."""
+    # Find all .txt files
+    results = await nc_client.webdav.find_by_name("%.txt", scope=test_search_setup)
+
+    assert len(results) >= 3, "Should find at least 3 .txt files"
+
+    # Verify all results are .txt files
+    for result in results:
+        name = result.get("name", "")
+        assert name.endswith(".txt"), f"Expected .txt file, got {name}"
+
+    logger.info(f"Found {len(results)} .txt files")
+
+
+async def test_find_by_name_wildcard_prefix(
+    nc_client: NextcloudClient, test_search_setup: str
+):
+    """Test finding files by name prefix using wildcard."""
+    # Find all files starting with "document"
+    results = await nc_client.webdav.find_by_name("document%", scope=test_search_setup)
+
+    assert len(results) >= 2, "Should find at least 2 files starting with 'document'"
+
+    # Verify all results start with "document"
+    for result in results:
+        name = result.get("name", "")
+        assert name.startswith("document"), (
+            f"Expected name to start with 'document', got {name}"
+        )
+
+    logger.info(f"Found {len(results)} files starting with 'document'")
+
+
+async def test_find_by_type_text(nc_client: NextcloudClient, test_search_setup: str):
+    """Test finding files by MIME type (text files)."""
+    # Find all text files
+    results = await nc_client.webdav.find_by_type("text/%", scope=test_search_setup)
+
+    assert len(results) >= 5, "Should find at least 5 text files"
+
+    # Verify all results are text files
+    for result in results:
+        content_type = result.get("content_type", "")
+        assert content_type.startswith("text/"), (
+            f"Expected text/* type, got {content_type}"
+        )
+
+    logger.info(f"Found {len(results)} text files")
+
+
+async def test_find_by_type_specific(
+    nc_client: NextcloudClient, test_search_setup: str
+):
+    """Test finding files by specific MIME type."""
+    # Find PDF files
+    results = await nc_client.webdav.find_by_type(
+        "application/pdf", scope=test_search_setup
+    )
+
+    assert len(results) >= 1, "Should find at least 1 PDF file"
+
+    # Verify result is PDF
+    for result in results:
+        content_type = result.get("content_type", "")
+        assert content_type == "application/pdf", (
+            f"Expected application/pdf, got {content_type}"
+        )
+
+    logger.info(f"Found {len(results)} PDF files")
+
+
+async def test_search_with_limit(nc_client: NextcloudClient, test_search_setup: str):
+    """Test search with result limit."""
+    # Search for .txt files with limit of 2
+    results = await nc_client.webdav.find_by_name(
+        "%.txt", scope=test_search_setup, limit=2
+    )
+
+    # Should return at most 2 results
+    assert len(results) <= 2, f"Should return at most 2 results, got {len(results)}"
+    assert len(results) > 0, "Should return at least 1 result"
+
+    logger.info(f"Found {len(results)} files with limit=2")
+
+
+async def test_search_files_combined_filters(
+    nc_client: NextcloudClient, test_search_setup: str
+):
+    """Test search with multiple filters combined."""
+    # This test uses the search_files method directly to test combined conditions
+    # Search for .txt files that match a specific pattern
+    where_conditions = """
+        <d:and>
+            <d:like>
+                <d:prop>
+                    <d:displayname/>
+                </d:prop>
+                <d:literal>%.txt</d:literal>
+            </d:like>
+            <d:like>
+                <d:prop>
+                    <d:displayname/>
+                </d:prop>
+                <d:literal>document%</d:literal>
+            </d:like>
+        </d:and>
+    """
+
+    results = await nc_client.webdav.search_files(
+        scope=test_search_setup, where_conditions=where_conditions
+    )
+
+    # Should find document1.txt and document2.txt
+    assert len(results) >= 2, "Should find at least 2 files matching both conditions"
+
+    # Verify results match both conditions
+    for result in results:
+        name = result.get("name", "")
+        assert name.endswith(".txt"), f"Expected .txt file, got {name}"
+        assert name.startswith("document"), (
+            f"Expected name to start with 'document', got {name}"
+        )
+
+    logger.info(f"Found {len(results)} files matching combined filters")
+
+
+async def test_search_empty_scope(nc_client: NextcloudClient, test_search_setup: str):
+    """Test search in empty scope (user root)."""
+    # Search entire user root for a unique filename
+    unique_name = "readme.md"
+    results = await nc_client.webdav.find_by_name(unique_name, scope="")
+
+    # Should find at least the one we created
+    assert len(results) >= 1, f"Should find at least 1 file named {unique_name}"
+
+    logger.info(f"Found {len(results)} files in root scope")
+
+
+async def test_search_subdirectory(nc_client: NextcloudClient, test_search_setup: str):
+    """Test search within a subdirectory."""
+    # Search in the subdir for the nested file
+    results = await nc_client.webdav.find_by_name(
+        "nested.txt", scope=f"{test_search_setup}/subdir"
+    )
+
+    assert len(results) >= 1, "Should find nested.txt in subdirectory"
+
+    # Verify the file path
+    nested_file = results[0]
+    assert "nested.txt" in nested_file.get("name", ""), "Should find nested.txt"
+
+    logger.info(f"Found file in subdirectory: {nested_file.get('name')}")
+
+
+async def test_search_no_results(nc_client: NextcloudClient, test_search_setup: str):
+    """Test search that returns no results."""
+    # Search for a non-existent pattern
+    results = await nc_client.webdav.find_by_name(
+        "nonexistent_file_xyz123.txt", scope=test_search_setup
+    )
+
+    assert len(results) == 0, "Should return empty results for non-existent file"
+
+    logger.info("Search correctly returned no results for non-existent file")
+
+
+async def test_search_properties_returned(
+    nc_client: NextcloudClient, test_search_setup: str
+):
+    """Test that search returns expected properties."""
+    results = await nc_client.webdav.find_by_name("readme.md", scope=test_search_setup)
+
+    assert len(results) >= 1, "Should find at least one file"
+
+    result = results[0]
+
+    # Check for expected properties
+    assert "name" in result, "Should include name property"
+    assert "path" in result, "Should include path property"
+    assert "is_directory" in result, "Should include is_directory property"
+    assert result["is_directory"] is False, "readme.md should not be a directory"
+
+    # Optional properties that may be present
+    optional_props = ["size", "content_type", "last_modified", "etag"]
+    logger.info(f"Result properties: {list(result.keys())}")
+
+    # At least some optional properties should be present
+    present_optional = [prop for prop in optional_props if prop in result]
+    assert len(present_optional) > 0, f"Should have at least one of {optional_props}"
+
+    logger.info(f"Search returned properties: {list(result.keys())}")
@@ -15,6 +15,12 @@ from nextcloud_mcp_server.client import NextcloudClient
 logger = logging.getLogger(__name__)


+@pytest.fixture(scope="session")
+def anyio_backend():
+    """Configure anyio to use asyncio backend for all tests."""
+    return "asyncio"
+
+
 async def wait_for_nextcloud(
    host: str, max_attempts: int = 30, delay: float = 2.0
 ) -> bool:
@@ -58,8 +64,60 @@ async def wait_for_nextcloud(
    return False


+async def create_mcp_client_session(
+    url: str,
+    token: str | None = None,
+    client_name: str = "MCP",
+) -> AsyncGenerator[ClientSession, Any]:
+    """
+    Factory function to create an MCP client session with proper lifecycle management.
+
+    Uses native async context managers to ensure correct LIFO cleanup order,
+    eliminating the need for exception suppression. Python's context manager protocol
+    guarantees that cleanup happens in reverse order of entry.
+
+    Consolidates the common pattern used by all MCP client fixtures:
+    - Creates streamable HTTP client with optional OAuth token
+    - Initializes MCP ClientSession
+    - Ensures proper cleanup without suppressing errors
+
+    Args:
+        url: MCP server URL (e.g., "http://127.0.0.1:8000/mcp")
+        token: Optional OAuth access token for Bearer authentication
+        client_name: Client name for logging (e.g., "OAuth MCP (Playwright)")
+
+    Yields:
+        Initialized MCP ClientSession
+
+    Note:
+        This implementation uses native async context managers instead of manually
+        calling __aenter__/__aexit__. This ensures that anyio's structured concurrency
+        requirements are met, as Python guarantees LIFO cleanup order for nested
+        context managers. See: https://github.com/modelcontextprotocol/python-sdk/issues/577
+    """
+    logger.info(f"Creating Streamable HTTP client for {client_name}")
+
+    # Prepare headers with OAuth token if provided
+    headers = {"Authorization": f"Bearer {token}"} if token else None
+
+    # Use native async with - Python ensures LIFO cleanup
+    # Cleanup order will be: ClientSession.__aexit__ -> streamablehttp_client.__aexit__
+    async with streamablehttp_client(url, headers=headers) as (
+        read_stream,
+        write_stream,
+        _,
+    ):
+        async with ClientSession(read_stream, write_stream) as session:
+            await session.initialize()
+            logger.info(f"{client_name} client session initialized successfully")
+            yield session
+
+    # Cleanup happens automatically in LIFO order - no exception suppression needed
+    logger.debug(f"{client_name} client session cleaned up successfully")
+
+
@pytest.fixture(scope="session")
-async def nc_client() -> AsyncGenerator[NextcloudClient, Any]:
+async def nc_client(anyio_backend) -> AsyncGenerator[NextcloudClient, Any]:
    """
    Fixture to create a NextcloudClient instance for integration tests.
    Uses environment variables for configuration.
@@ -94,163 +152,37 @@ async def nc_client() -> AsyncGenerator[NextcloudClient, Any]:


@pytest.fixture(scope="session")
-async def nc_mcp_client() -> AsyncGenerator[ClientSession, Any]:
+async def nc_mcp_client(anyio_backend) -> AsyncGenerator[ClientSession, Any]:
    """
    Fixture to create an MCP client session for integration tests using streamable-http.
+
+    Uses anyio pytest plugin for proper async fixture handling.
    """
-    logger.info("Creating Streamable HTTP client")
-    streamable_context = streamablehttp_client("http://127.0.0.1:8000/mcp")
-    session_context = None
-
-    try:
-        read_stream, write_stream, _ = await streamable_context.__aenter__()
-        session_context = ClientSession(read_stream, write_stream)
-        session = await session_context.__aenter__()
-        await session.initialize()
-        logger.info("MCP client session initialized successfully")
-
+    async for session in create_mcp_client_session(
+        url="http://127.0.0.1:8000/mcp", client_name="Basic MCP"
+    ):
        yield session

-    finally:
-        # Clean up in reverse order, ignoring task scope issues
-        if session_context is not None:
-            try:
-                await session_context.__aexit__(None, None, None)
-            except RuntimeError as e:
-                if "cancel scope" in str(e):
-                    logger.debug(f"Ignoring cancel scope teardown issue: {e}")
-                else:
-                    logger.warning(f"Error closing session: {e}")
-            except Exception as e:
-                logger.warning(f"Error closing session: {e}")
-
-        try:
-            await streamable_context.__aexit__(None, None, None)
-        except RuntimeError as e:
-            if "cancel scope" in str(e):
-                logger.debug(f"Ignoring cancel scope teardown issue: {e}")
-            else:
-                logger.warning(f"Error closing streamable HTTP client: {e}")
-        except Exception as e:
-            logger.warning(f"Error closing streamable HTTP client: {e}")
-
-
-@pytest.fixture(scope="session")
-async def nc_mcp_oauth_client_interactive(
-    interactive_oauth_token: str,
-) -> AsyncGenerator[ClientSession, Any]:
-    """
-    Fixture to create an MCP client session for OAuth integration tests using interactive authentication.
-    Connects to the OAuth-enabled MCP server on port 8001 with OAuth authentication.
-    Requires manual browser login.
-
-    For automated testing, use nc_mcp_oauth_client fixture instead.
-
-    Automatically skips when running in GitHub Actions CI.
-    """
-
-    logger.info("Creating Streamable HTTP client for OAuth MCP server (Interactive)")
-
-    # Pass OAuth token as Bearer token in headers
-    headers = {"Authorization": f"Bearer {interactive_oauth_token}"}
-    streamable_context = streamablehttp_client(
-        "http://127.0.0.1:8001/mcp", headers=headers
-    )
-    session_context = None
-
-    try:
-        read_stream, write_stream, _ = await streamable_context.__aenter__()
-        session_context = ClientSession(read_stream, write_stream)
-        session = await session_context.__aenter__()
-        await session.initialize()
-        logger.info("OAuth MCP client session (Interactive) initialized successfully")
-
-        yield session
-
-    finally:
-        # Clean up in reverse order, ignoring task scope issues
-        if session_context is not None:
-            try:
-                await session_context.__aexit__(None, None, None)
-            except RuntimeError as e:
-                if "cancel scope" in str(e):
-                    logger.debug(f"Ignoring cancel scope teardown issue: {e}")
-                else:
-                    logger.warning(f"Error closing OAuth session (Interactive): {e}")
-            except Exception as e:
-                logger.warning(f"Error closing OAuth session (Interactive): {e}")
-
-        try:
-            await streamable_context.__aexit__(None, None, None)
-        except RuntimeError as e:
-            if "cancel scope" in str(e):
-                logger.debug(f"Ignoring cancel scope teardown issue: {e}")
-            else:
-                logger.warning(
-                    f"Error closing OAuth streamable HTTP client (Interactive): {e}"
-                )
-        except Exception as e:
-            logger.warning(
-                f"Error closing OAuth streamable HTTP client (Interactive): {e}"
-            )
-

@pytest.fixture(scope="session")
 async def nc_mcp_oauth_client(
+    anyio_backend,
    playwright_oauth_token: str,
 ) -> AsyncGenerator[ClientSession, Any]:
    """
    Fixture to create an MCP client session for OAuth integration tests using Playwright automation.
    Connects to the OAuth-enabled MCP server on port 8001 with OAuth authentication.

-    This is the default OAuth MCP fixture using headless browser automation suitable for CI/CD.
-    For interactive testing with manual browser login, use nc_mcp_oauth_client_interactive instead.
+    Uses headless browser automation suitable for CI/CD.
+    Uses anyio pytest plugin for proper async fixture handling.
    """
-    logger.info("Creating Streamable HTTP client for OAuth MCP server (Playwright)")
-
-    # Pass OAuth token as Bearer token in headers
-    headers = {"Authorization": f"Bearer {playwright_oauth_token}"}
-    streamable_context = streamablehttp_client(
-        "http://127.0.0.1:8001/mcp", headers=headers
-    )
-    session_context = None
-
-    try:
-        read_stream, write_stream, _ = await streamable_context.__aenter__()
-        session_context = ClientSession(read_stream, write_stream)
-        session = await session_context.__aenter__()
-        await session.initialize()
-        logger.info("OAuth MCP client session (Playwright) initialized successfully")
-
+    async for session in create_mcp_client_session(
+        url="http://127.0.0.1:8001/mcp",
+        token=playwright_oauth_token,
+        client_name="OAuth MCP (Playwright)",
+    ):
        yield session

-    finally:
-        # Clean up in reverse order, ignoring task scope issues
-        if session_context is not None:
-            try:
-                await session_context.__aexit__(None, None, None)
-            except RuntimeError as e:
-                if "cancel scope" in str(e):
-                    logger.debug(f"Ignoring cancel scope teardown issue: {e}")
-                else:
-                    logger.warning(f"Error closing Playwright OAuth session: {e}")
-            except Exception as e:
-                logger.warning(f"Error closing Playwright OAuth session: {e}")
-
-        try:
-            await streamable_context.__aexit__(None, None, None)
-        except RuntimeError as e:
-            if "cancel scope" in str(e):
-                logger.debug(f"Ignoring cancel scope teardown issue: {e}")
-            else:
-                logger.warning(
-                    f"Error closing Playwright OAuth streamable HTTP client: {e}"
-                )
-        except Exception as e:
-            logger.warning(
-                f"Error closing Playwright OAuth streamable HTTP client: {e}"
-            )
-

@pytest.fixture
 async def temporary_note(nc_client: NextcloudClient):
@@ -570,54 +502,168 @@ async def temporary_board_with_card(


@pytest.fixture(scope="session")
-async def nc_oauth_client_interactive(
-    interactive_oauth_token: str,
-) -> AsyncGenerator[NextcloudClient, Any]:
-    """
-    Fixture to create a NextcloudClient instance using interactive OAuth authentication.
-    Uses the interactive_oauth_token fixture which requires manual browser login.
+def shared_test_calendar_name():
+    """Unique calendar name for the entire test session."""
+    return f"test_calendar_shared_{uuid.uuid4().hex[:8]}"

-    For automated testing, use nc_oauth_client fixture instead.

-    Automatically skips when running in GitHub Actions CI.
-    """
+@pytest.fixture(scope="session")
+def shared_test_calendar_name_2():
+    """Second unique calendar name for cross-calendar tests."""
+    return f"test_calendar_shared_2_{uuid.uuid4().hex[:8]}"

-    nextcloud_host = os.getenv("NEXTCLOUD_HOST")
-    username = os.getenv("NEXTCLOUD_USERNAME")

-    if not all([nextcloud_host, username]):
-        pytest.skip("OAuth client fixture requires NEXTCLOUD_HOST and USERNAME")
+@pytest.fixture(scope="session")
+async def shared_calendar(nc_client: NextcloudClient, shared_test_calendar_name: str):
+    """Create a shared calendar for all tests in the session. Reuses the calendar to avoid rate limiting."""
+    calendar_name = shared_test_calendar_name

-    logger.info(f"Creating OAuth NextcloudClient (Interactive) for user: {username}")
-    client = NextcloudClient.from_token(
-        base_url=nextcloud_host,
-        token=interactive_oauth_token,
-        username=username,
-    )
-
-    # Verify the OAuth client works
    try:
-        await client.capabilities()
-        logger.info(
-            "OAuth NextcloudClient (Interactive) initialized and capabilities checked."
+        # Create a test calendar
+        logger.info(f"Creating shared test calendar: {calendar_name}")
+        result = await nc_client.calendar.create_calendar(
+            calendar_name=calendar_name,
+            display_name=f"Shared Test Calendar {calendar_name}",
+            description="Shared calendar for integration testing (reused across tests)",
+            color="#FF5722",
        )
-        yield client
+
+        if result["status_code"] not in [200, 201]:
+            pytest.skip(f"Failed to create shared test calendar: {result}")
+
+        logger.info(f"Created shared test calendar: {calendar_name}")
+        yield calendar_name
+
    except Exception as e:
-        logger.error(f"Failed to initialize OAuth NextcloudClient (Interactive): {e}")
-        pytest.fail(f"Failed to connect to Nextcloud with OAuth token: {e}")
+        logger.error(f"Error setting up shared test calendar: {e}")
+        pytest.skip(f"Shared calendar setup failed: {e}")
+
    finally:
-        await client.close()
+        # Cleanup: Delete the shared calendar at end of session
+        try:
+            logger.info(f"Cleaning up shared test calendar: {calendar_name}")
+            await nc_client.calendar.delete_calendar(calendar_name)
+            logger.info(f"Successfully deleted shared test calendar: {calendar_name}")
+        except Exception as e:
+            logger.error(f"Error deleting shared test calendar {calendar_name}: {e}")
+
+
+@pytest.fixture(scope="session")
+async def shared_calendar_2(
+    nc_client: NextcloudClient,
+    shared_test_calendar_name_2: str,
+    shared_calendar: str,  # Explicit dependency to ensure proper initialization order
+):
+    """Create a second shared calendar for cross-calendar tests.
+
+    Note: Depends on shared_calendar to ensure proper fixture initialization order
+    and avoid race conditions when running multiple tests together.
+    """
+    calendar_name = shared_test_calendar_name_2
+
+    try:
+        # Wait for first calendar to fully initialize to avoid Nextcloud rate limiting
+        # When creating multiple calendars rapidly, Nextcloud may not register them all
+        import asyncio
+
+        logger.info("Waiting before creating second calendar to avoid rate limiting...")
+        await asyncio.sleep(3)  # Increased from 2 to 3 seconds
+
+        # Create a test calendar
+        logger.info(f"Creating second shared test calendar: {calendar_name}")
+        result = await nc_client.calendar.create_calendar(
+            calendar_name=calendar_name,
+            display_name=f"Shared Test Calendar 2 {calendar_name}",
+            description="Second shared calendar for cross-calendar testing",
+            color="#4CAF50",
+        )
+
+        if result["status_code"] not in [200, 201]:
+            pytest.skip(f"Failed to create second shared test calendar: {result}")
+
+        logger.info(f"Created second shared test calendar: {calendar_name}")
+
+        # Verify calendar was created by listing calendars
+        # Add small delay to allow calendar to propagate in the system
+        import asyncio
+
+        await asyncio.sleep(1.0)  # Allow time for calendar to propagate
+
+        calendars = await nc_client.calendar.list_calendars()
+        calendar_names = [cal["name"] for cal in calendars]
+        if calendar_name not in calendar_names:
+            logger.warning(
+                f"Calendar {calendar_name} not found immediately after creation. Available: {calendar_names}"
+            )
+            # Try one more time after a longer delay
+            await asyncio.sleep(3)  # Additional wait for calendar synchronization
+            calendars = await nc_client.calendar.list_calendars()
+            calendar_names = [cal["name"] for cal in calendars]
+            if calendar_name not in calendar_names:
+                logger.error(
+                    f"Calendar {calendar_name} still not found after retries. Available: {calendar_names}"
+                )
+                pytest.fail(
+                    f"Failed to create second shared calendar: {calendar_name} not found in listing"
+                )
+
+        logger.info(
+            f"Successfully verified second shared test calendar: {calendar_name}"
+        )
+        yield calendar_name
+
+    except Exception as e:
+        logger.error(f"Error setting up second shared test calendar: {e}")
+        pytest.skip(f"Second shared calendar setup failed: {e}")
+
+    finally:
+        # Cleanup: Delete the second shared calendar at end of session
+        try:
+            logger.info(f"Cleaning up second shared test calendar: {calendar_name}")
+            await nc_client.calendar.delete_calendar(calendar_name)
+            logger.info(
+                f"Successfully deleted second shared test calendar: {calendar_name}"
+            )
+        except Exception as e:
+            logger.error(
+                f"Error deleting second shared test calendar {calendar_name}: {e}"
+            )
+
+
+@pytest.fixture
+async def temporary_calendar(shared_calendar: str, nc_client: NextcloudClient):
+    """Provide the shared calendar and clean up todos after each test.
+
+    This fixture reuses a session-scoped calendar to avoid Nextcloud rate limiting
+    on calendar creation. Each test gets the same calendar but todos are cleaned up
+    between tests.
+    """
+    calendar_name = shared_calendar
+
+    yield calendar_name
+
+    # Cleanup: Delete all todos from this calendar
+    try:
+        logger.info(f"Cleaning up todos from shared calendar: {calendar_name}")
+        todos = await nc_client.calendar.list_todos(calendar_name)
+        for todo in todos:
+            try:
+                await nc_client.calendar.delete_todo(calendar_name, todo["uid"])
+            except Exception as e:
+                logger.warning(f"Error deleting todo {todo['uid']}: {e}")
+        logger.info(f"Cleaned up {len(todos)} todos from shared calendar")
+    except Exception as e:
+        logger.error(f"Error cleaning up todos from calendar {calendar_name}: {e}")


@pytest.fixture(scope="session")
 async def nc_oauth_client(
+    anyio_backend,
    playwright_oauth_token: str,
 ) -> AsyncGenerator[NextcloudClient, Any]:
    """
    Fixture to create a NextcloudClient instance using automated Playwright OAuth authentication.
-    This is the default OAuth fixture using headless browser automation suitable for CI/CD.
-
-    For interactive testing with manual browser login, use nc_oauth_client_interactive instead.
+    Uses headless browser automation suitable for CI/CD.
    """
    nextcloud_host = os.getenv("NEXTCLOUD_HOST")
    username = os.getenv("NEXTCLOUD_USERNAME")
@@ -658,9 +704,14 @@ def oauth_callback_server():
    - server_url: The callback URL for the server (e.g., "http://localhost:8081")

    The server automatically shuts down when the fixture is torn down.
-
-    Automatically skips when running in GitHub Actions CI.
    """
+    # Skip OAuth tests in GitHub Actions - Playwright browser automation
+    # has issues with localhost callback server in CI environment
+    # if os.getenv("GITHUB_ACTIONS"):
+    # pytest.skip(
+    # "OAuth tests with browser automation not supported in GitHub Actions CI"
+    # )
+
    import threading
    from http.server import BaseHTTPRequestHandler, HTTPServer
    from urllib.parse import parse_qs, urlparse
@@ -735,85 +786,7 @@ def oauth_callback_server():


@pytest.fixture(scope="session")
-async def interactive_oauth_token(oauth_callback_server) -> str:
-    """
-    Fixture to obtain an OAuth access token for integration tests.
-
-    This uses the interactive OAuth flow to get a token.
-    Depends on oauth_callback_server fixture for HTTP callback handling.
-
-    Automatically skips when running in GitHub Actions CI.
-    """
-
-    import time
-    import webbrowser
-
-    from nextcloud_mcp_server.auth.client_registration import load_or_register_client
-
-    # Unpack the server fixture (now returns dict of auth_states)
-    auth_states, callback_url = oauth_callback_server
-
-    nextcloud_host = os.getenv("NEXTCLOUD_HOST")
-    async with httpx.AsyncClient() as http_client:
-        discovery_url = f"{nextcloud_host}/.well-known/openid-configuration"
-        discovery_response = await http_client.get(discovery_url)
-        oidc_config = discovery_response.json()
-        token_endpoint = oidc_config.get("token_endpoint")
-        registration_endpoint = oidc_config.get("registration_endpoint")
-        authorization_endpoint = oidc_config.get("authorization_endpoint")
-        client_info = await load_or_register_client(
-            nextcloud_url=nextcloud_host,
-            registration_endpoint=registration_endpoint,
-            storage_path=".nextcloud_oauth_shared_test_client.json",
-            redirect_uris=[callback_url],
-        )
-
-        # First, open Nextcloud login page to establish session
-        login_url = f"{nextcloud_host}/login"
-        logger.info(f"Please log in to Nextcloud at: {login_url}")
-        logger.info(
-            "After logging in, the OAuth authorization will proceed automatically"
-        )
-
-        # Construct authorization URL (no state parameter for interactive flow)
-        auth_url = f"{authorization_endpoint}?response_type=code&client_id={client_info.client_id}&redirect_uri={callback_url}&scope=openid%20profile%20email"
-
-        # Open authorization URL in browser
-        webbrowser.open(auth_url)
-
-        # Wait for auth code with timeout (uses "_default" key for flows without state)
-        timeout = 120  # 2 minutes
-        start_time = time.time()
-        while "_default" not in auth_states:
-            if time.time() - start_time > timeout:
-                raise TimeoutError("OAuth authorization timed out after 2 minutes")
-            logger.info("Waiting for OAuth authorization...")
-            time.sleep(1)
-
-        auth_code = auth_states["_default"]
-        logger.info("Received authorization code, exchanging for token...")
-
-        token_response = await http_client.post(
-            token_endpoint,
-            data={
-                "grant_type": "authorization_code",
-                "code": auth_code,
-                "redirect_uri": callback_url,
-                "client_id": client_info.client_id,
-                "client_secret": client_info.client_secret,
-            },
-        )
-
-        logger.debug(f"Token response: {token_response.text}")
-        token_data = token_response.json()
-        logger.debug(f"Token data: {token_data}")
-        access_token = token_data.get("access_token")
-
-        return access_token
-
-
-@pytest.fixture(scope="session")
-async def shared_oauth_client_credentials(oauth_callback_server):
+async def shared_oauth_client_credentials(anyio_backend, oauth_callback_server):
    """
    Fixture to obtain shared OAuth client credentials that will be reused for all users.

@@ -874,7 +847,7 @@ async def shared_oauth_client_credentials(oauth_callback_server):

@pytest.fixture(scope="session")
 async def playwright_oauth_token(
-    browser, shared_oauth_client_credentials, oauth_callback_server
+    anyio_backend, browser, shared_oauth_client_credentials, oauth_callback_server
 ) -> str:
    """
    Fixture to obtain an OAuth access token using Playwright headless browser automation.
@@ -943,7 +916,7 @@ async def playwright_oauth_token(
    try:
        # Navigate to authorization URL
        logger.debug(f"Navigating to: {auth_url}")
-        await page.goto(auth_url, wait_until="networkidle", timeout=30000)
+        await page.goto(auth_url, wait_until="networkidle", timeout=60000)

        # Check if we need to login first
        current_url = page.url
@@ -966,7 +939,7 @@ async def playwright_oauth_token(
            await page.click('button[type="submit"]')

            # Wait for navigation after login
-            await page.wait_for_load_state("networkidle", timeout=30000)
+            await page.wait_for_load_state("networkidle", timeout=60000)
            current_url = page.url
            logger.info(f"After login, current URL: {current_url}")

@@ -1036,107 +1009,8 @@ async def playwright_oauth_token(
        return access_token


-# Alternative fixtures using Playwright token (for automated/CI testing)
-
-
@pytest.fixture(scope="session")
-async def nc_oauth_client_playwright(
-    playwright_oauth_token: str,
-) -> AsyncGenerator[NextcloudClient, Any]:
-    """
-    Fixture to create a NextcloudClient instance using automated Playwright OAuth authentication.
-    This fixture uses headless browser automation and is suitable for CI/CD pipelines.
-
-    For interactive testing, use nc_oauth_client fixture instead.
-    """
-    nextcloud_host = os.getenv("NEXTCLOUD_HOST")
-    username = os.getenv("NEXTCLOUD_USERNAME")
-
-    if not all([nextcloud_host, username]):
-        pytest.skip(
-            "Playwright OAuth client fixture requires NEXTCLOUD_HOST and USERNAME"
-        )
-
-    logger.info(f"Creating OAuth NextcloudClient (Playwright) for user: {username}")
-    client = NextcloudClient.from_token(
-        base_url=nextcloud_host,
-        token=playwright_oauth_token,
-        username=username,
-    )
-
-    # Verify the OAuth client works
-    try:
-        await client.capabilities()
-        logger.info(
-            "OAuth NextcloudClient (Playwright) initialized and capabilities checked."
-        )
-        yield client
-    except Exception as e:
-        logger.error(f"Failed to initialize Playwright OAuth NextcloudClient: {e}")
-        pytest.fail(f"Failed to connect to Nextcloud with Playwright OAuth token: {e}")
-    finally:
-        await client.close()
-
-
-@pytest.fixture(scope="session")
-async def nc_mcp_oauth_client_playwright(
-    playwright_oauth_token: str,
-) -> AsyncGenerator[ClientSession, Any]:
-    """
-    Fixture to create an MCP client session for OAuth integration tests using Playwright automation.
-    Connects to the OAuth-enabled MCP server on port 8001 with OAuth authentication.
-
-    This fixture uses headless browser automation and is suitable for CI/CD pipelines.
-    For interactive testing, use nc_mcp_oauth_client fixture instead.
-    """
-    logger.info("Creating Streamable HTTP client for OAuth MCP server (Playwright)")
-
-    # Pass OAuth token as Bearer token in headers
-    headers = {"Authorization": f"Bearer {playwright_oauth_token}"}
-    streamable_context = streamablehttp_client(
-        "http://127.0.0.1:8001/mcp", headers=headers
-    )
-    session_context = None
-
-    try:
-        read_stream, write_stream, _ = await streamable_context.__aenter__()
-        session_context = ClientSession(read_stream, write_stream)
-        session = await session_context.__aenter__()
-        await session.initialize()
-        logger.info("OAuth MCP client session (Playwright) initialized successfully")
-
-        yield session
-
-    finally:
-        # Clean up in reverse order, ignoring task scope issues
-        if session_context is not None:
-            try:
-                await session_context.__aexit__(None, None, None)
-            except RuntimeError as e:
-                if "cancel scope" in str(e):
-                    logger.debug(f"Ignoring cancel scope teardown issue: {e}")
-                else:
-                    logger.warning(f"Error closing Playwright OAuth session: {e}")
-            except Exception as e:
-                logger.warning(f"Error closing Playwright OAuth session: {e}")
-
-        try:
-            await streamable_context.__aexit__(None, None, None)
-        except RuntimeError as e:
-            if "cancel scope" in str(e):
-                logger.debug(f"Ignoring cancel scope teardown issue: {e}")
-            else:
-                logger.warning(
-                    f"Error closing Playwright OAuth streamable HTTP client: {e}"
-                )
-        except Exception as e:
-            logger.warning(
-                f"Error closing Playwright OAuth streamable HTTP client: {e}"
-            )
-
-
-@pytest.fixture(scope="session")
-async def test_users_setup(nc_client: NextcloudClient):
+async def test_users_setup(anyio_backend, nc_client: NextcloudClient):
    """
    Create test users for multi-user OAuth testing.

@@ -1383,7 +1257,11 @@ async def _get_oauth_token_for_user(
 # Parallel token retrieval fixture - fetches all OAuth tokens concurrently
@pytest.fixture(scope="session")
 async def all_oauth_tokens(
-    browser, shared_oauth_client_credentials, test_users_setup, oauth_callback_server
+    anyio_backend,
+    browser,
+    shared_oauth_client_credentials,
+    test_users_setup,
+    oauth_callback_server,
 ) -> dict[str, str]:
    """
    Fetch OAuth tokens for all test users in parallel for speed.
@@ -1416,7 +1294,7 @@ async def all_oauth_tokens(
            config["password"],
        )

-    # Create tasks for all users with staggered starts (2.0s apart)
+    # Create tasks for all users with staggered starts (0.5s apart)
    tasks = {
        username: get_token_with_delay(username, config, idx * 0.5)
        for idx, (username, config) in enumerate(test_users_setup.items())
@@ -1443,157 +1321,83 @@ async def all_oauth_tokens(

 # Session-scoped OAuth token fixtures - now use the parallel fixture
@pytest.fixture(scope="session")
-async def alice_oauth_token(all_oauth_tokens) -> str:
+async def alice_oauth_token(anyio_backend, all_oauth_tokens) -> str:
    """OAuth token for alice (cached for session). Uses shared OAuth client."""
    return all_oauth_tokens["alice"]


@pytest.fixture(scope="session")
-async def bob_oauth_token(all_oauth_tokens) -> str:
+async def bob_oauth_token(anyio_backend, all_oauth_tokens) -> str:
    """OAuth token for bob (cached for session). Uses shared OAuth client."""
    return all_oauth_tokens["bob"]


@pytest.fixture(scope="session")
-async def charlie_oauth_token(all_oauth_tokens) -> str:
+async def charlie_oauth_token(anyio_backend, all_oauth_tokens) -> str:
    """OAuth token for charlie (cached for session). Uses shared OAuth client."""
    return all_oauth_tokens["charlie"]


@pytest.fixture(scope="session")
-async def diana_oauth_token(all_oauth_tokens) -> str:
+async def diana_oauth_token(anyio_backend, all_oauth_tokens) -> str:
    """OAuth token for diana (cached for session). Uses shared OAuth client."""
    return all_oauth_tokens["diana"]


@pytest.fixture(scope="session")
-async def alice_mcp_client(alice_oauth_token) -> AsyncGenerator[ClientSession, Any]:
+async def alice_mcp_client(
+    anyio_backend,
+    alice_oauth_token: str,
+) -> AsyncGenerator[ClientSession, Any]:
    """MCP client authenticated as alice (owner role)."""
-    token = alice_oauth_token
-
-    # Create MCP client session with proper lifecycle management
-    headers = {"Authorization": f"Bearer {token}"}
-    streamable_context = streamablehttp_client(
-        "http://127.0.0.1:8001/mcp", headers=headers
-    )
-    session_context = None
-
-    try:
-        read_stream, write_stream, _ = await streamable_context.__aenter__()
-        session_context = ClientSession(read_stream, write_stream)
-        session = await session_context.__aenter__()
-        await session.initialize()
-        logger.info("Alice MCP client session initialized")
-
+    async for session in create_mcp_client_session(
+        url="http://127.0.0.1:8001/mcp",
+        token=alice_oauth_token,
+        client_name="Alice MCP",
+    ):
        yield session

-    finally:
-        if session_context is not None:
-            try:
-                await session_context.__aexit__(None, None, None)
-            except Exception as e:
-                logger.debug(f"Error closing alice session: {e}")
-        try:
-            await streamable_context.__aexit__(None, None, None)
-        except Exception as e:
-            logger.debug(f"Error closing alice streamable context: {e}")
-

@pytest.fixture(scope="session")
-async def bob_mcp_client(bob_oauth_token) -> AsyncGenerator[ClientSession, Any]:
+async def bob_mcp_client(
+    anyio_backend, bob_oauth_token: str
+) -> AsyncGenerator[ClientSession, Any]:
    """MCP client authenticated as bob (viewer role)."""
-    token = bob_oauth_token
-
-    headers = {"Authorization": f"Bearer {token}"}
-    streamable_context = streamablehttp_client(
-        "http://127.0.0.1:8001/mcp", headers=headers
-    )
-    session_context = None
-
-    try:
-        read_stream, write_stream, _ = await streamable_context.__aenter__()
-        session_context = ClientSession(read_stream, write_stream)
-        session = await session_context.__aenter__()
-        await session.initialize()
-        logger.info("Bob MCP client session initialized")
-
+    async for session in create_mcp_client_session(
+        url="http://127.0.0.1:8001/mcp",
+        token=bob_oauth_token,
+        client_name="Bob MCP",
+    ):
        yield session

-    finally:
-        if session_context is not None:
-            try:
-                await session_context.__aexit__(None, None, None)
-            except Exception as e:
-                logger.debug(f"Error closing bob session: {e}")
-        try:
-            await streamable_context.__aexit__(None, None, None)
-        except Exception as e:
-            logger.debug(f"Error closing bob streamable context: {e}")
-

@pytest.fixture(scope="session")
-async def charlie_mcp_client(charlie_oauth_token) -> AsyncGenerator[ClientSession, Any]:
+async def charlie_mcp_client(
+    anyio_backend,
+    charlie_oauth_token: str,
+) -> AsyncGenerator[ClientSession, Any]:
    """MCP client authenticated as charlie (editor role, in 'editors' group)."""
-    token = charlie_oauth_token
-
-    headers = {"Authorization": f"Bearer {token}"}
-    streamable_context = streamablehttp_client(
-        "http://127.0.0.1:8001/mcp", headers=headers
-    )
-    session_context = None
-
-    try:
-        read_stream, write_stream, _ = await streamable_context.__aenter__()
-        session_context = ClientSession(read_stream, write_stream)
-        session = await session_context.__aenter__()
-        await session.initialize()
-        logger.info("Charlie MCP client session initialized")
-
+    async for session in create_mcp_client_session(
+        url="http://127.0.0.1:8001/mcp",
+        token=charlie_oauth_token,
+        client_name="Charlie MCP",
+    ):
        yield session

-    finally:
-        if session_context is not None:
-            try:
-                await session_context.__aexit__(None, None, None)
-            except Exception as e:
-                logger.debug(f"Error closing charlie session: {e}")
-        try:
-            await streamable_context.__aexit__(None, None, None)
-        except Exception as e:
-            logger.debug(f"Error closing charlie streamable context: {e}")
-

@pytest.fixture(scope="session")
-async def diana_mcp_client(diana_oauth_token) -> AsyncGenerator[ClientSession, Any]:
+async def diana_mcp_client(
+    anyio_backend,
+    diana_oauth_token: str,
+) -> AsyncGenerator[ClientSession, Any]:
    """MCP client authenticated as diana (no-access role)."""
-    token = diana_oauth_token
-
-    headers = {"Authorization": f"Bearer {token}"}
-    streamable_context = streamablehttp_client(
-        "http://127.0.0.1:8001/mcp", headers=headers
-    )
-    session_context = None
-
-    try:
-        read_stream, write_stream, _ = await streamable_context.__aenter__()
-        session_context = ClientSession(read_stream, write_stream)
-        session = await session_context.__aenter__()
-        await session.initialize()
-        logger.info("Diana MCP client session initialized")
-
+    async for session in create_mcp_client_session(
+        url="http://127.0.0.1:8001/mcp",
+        token=diana_oauth_token,
+        client_name="Diana MCP",
+    ):
        yield session

-    finally:
-        if session_context is not None:
-            try:
-                await session_context.__aexit__(None, None, None)
-            except Exception as e:
-                logger.debug(f"Error closing diana session: {e}")
-        try:
-            await streamable_context.__aexit__(None, None, None)
-        except Exception as e:
-            logger.debug(f"Error closing diana streamable context: {e}")
-

 # Test user/group fixtures for clean test isolation
@pytest.fixture
@@ -0,0 +1,24 @@
+events {
+    worker_connections 1024;
+}
+
+http {
+    include /etc/nginx/mime.types;
+    default_type text/html;
+
+    server {
+        listen 80;
+        server_name _;
+
+        location / {
+            root /usr/share/nginx/html;
+            try_files $uri $uri.html =404;
+        }
+
+        # Serve test_recipe.html at /black-pepper-tofu
+        location = /black-pepper-tofu {
+            root /usr/share/nginx/html;
+            try_files /test_recipe.html =404;
+        }
+    }
+}
@@ -0,0 +1,133 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <title>Black Pepper Tofu Recipe - Test Recipe</title>
+    <script type="application/ld+json">
+    {
+      "@context": "https://schema.org",
+      "@type": "Recipe",
+      "name": "Black Pepper Tofu",
+      "author": {
+        "@type": "Person",
+        "name": "Yotam Ottolenghi"
+      },
+      "datePublished": "2024-01-15",
+      "description": "A flavorful black pepper tofu dish with aromatic spices and crispy texture. Inspired by Yotam Ottolenghi's signature style.",
+      "prepTime": "PT15M",
+      "cookTime": "PT20M",
+      "totalTime": "PT35M",
+      "recipeYield": "4",
+      "recipeCategory": "Main Course",
+      "recipeCuisine": "Asian Fusion",
+      "keywords": "tofu, black pepper, vegetarian, vegan, ottolenghi",
+      "image": "https://example.com/black-pepper-tofu.jpg",
+      "recipeIngredient": [
+        "400g firm tofu, pressed and cubed",
+        "2 tablespoons black peppercorns, coarsely ground",
+        "3 tablespoons soy sauce",
+        "2 tablespoons rice vinegar",
+        "1 tablespoon maple syrup",
+        "2 tablespoons cornstarch",
+        "3 tablespoons vegetable oil",
+        "4 cloves garlic, minced",
+        "1 tablespoon fresh ginger, grated",
+        "2 spring onions, sliced",
+        "1 red bell pepper, sliced",
+        "Sesame seeds for garnish"
+      ],
+      "recipeInstructions": [
+        {
+          "@type": "HowToStep",
+          "text": "Press the tofu for at least 15 minutes to remove excess moisture. Cut into 2cm cubes."
+        },
+        {
+          "@type": "HowToStep",
+          "text": "Toss tofu cubes with cornstarch until evenly coated."
+        },
+        {
+          "@type": "HowToStep",
+          "text": "Heat 2 tablespoons of oil in a large pan over medium-high heat. Add tofu and cook until golden and crispy on all sides, about 8-10 minutes. Remove and set aside."
+        },
+        {
+          "@type": "HowToStep",
+          "text": "In the same pan, add remaining oil. Add garlic, ginger, and ground black pepper. Cook for 1 minute until fragrant."
+        },
+        {
+          "@type": "HowToStep",
+          "text": "Add bell pepper and cook for 2-3 minutes until slightly softened."
+        },
+        {
+          "@type": "HowToStep",
+          "text": "Mix soy sauce, rice vinegar, and maple syrup. Pour into the pan and bring to a simmer."
+        },
+        {
+          "@type": "HowToStep",
+          "text": "Return the crispy tofu to the pan and toss to coat in the sauce. Cook for 2 minutes."
+        },
+        {
+          "@type": "HowToStep",
+          "text": "Garnish with spring onions and sesame seeds. Serve immediately with rice or noodles."
+        }
+      ],
+      "nutrition": {
+        "@type": "NutritionInformation",
+        "calories": "280 kcal",
+        "proteinContent": "18 g",
+        "fatContent": "16 g",
+        "carbohydrateContent": "18 g",
+        "fiberContent": "3 g",
+        "servingSize": "1 serving"
+      }
+    }
+    </script>
+</head>
+<body>
+    <article>
+        <h1>Black Pepper Tofu</h1>
+        <p class="author">By Yotam Ottolenghi</p>
+        <p class="description">
+            A flavorful black pepper tofu dish with aromatic spices and crispy texture.
+            Inspired by Yotam Ottolenghi's signature style.
+        </p>
+
+        <div class="recipe-meta">
+            <p><strong>Prep Time:</strong> 15 minutes</p>
+            <p><strong>Cook Time:</strong> 20 minutes</p>
+            <p><strong>Total Time:</strong> 35 minutes</p>
+            <p><strong>Servings:</strong> 4</p>
+        </div>
+
+        <h2>Ingredients</h2>
+        <ul>
+            <li>400g firm tofu, pressed and cubed</li>
+            <li>2 tablespoons black peppercorns, coarsely ground</li>
+            <li>3 tablespoons soy sauce</li>
+            <li>2 tablespoons rice vinegar</li>
+            <li>1 tablespoon maple syrup</li>
+            <li>2 tablespoons cornstarch</li>
+            <li>3 tablespoons vegetable oil</li>
+            <li>4 cloves garlic, minced</li>
+            <li>1 tablespoon fresh ginger, grated</li>
+            <li>2 spring onions, sliced</li>
+            <li>1 red bell pepper, sliced</li>
+            <li>Sesame seeds for garnish</li>
+        </ul>
+
+        <h2>Instructions</h2>
+        <ol>
+            <li>Press the tofu for at least 15 minutes to remove excess moisture. Cut into 2cm cubes.</li>
+            <li>Toss tofu cubes with cornstarch until evenly coated.</li>
+            <li>Heat 2 tablespoons of oil in a large pan over medium-high heat. Add tofu and cook until golden and crispy on all sides, about 8-10 minutes. Remove and set aside.</li>
+            <li>In the same pan, add remaining oil. Add garlic, ginger, and ground black pepper. Cook for 1 minute until fragrant.</li>
+            <li>Add bell pepper and cook for 2-3 minutes until slightly softened.</li>
+            <li>Mix soy sauce, rice vinegar, and maple syrup. Pour into the pan and bring to a simmer.</li>
+            <li>Return the crispy tofu to the pan and toss to coat in the sauce. Cook for 2 minutes.</li>
+            <li>Garnish with spring onions and sesame seeds. Serve immediately with rice or noodles.</li>
+        </ol>
+
+        <h2>Nutrition Information</h2>
+        <p>Per serving: 280 calories, 18g protein, 16g fat, 18g carbohydrates, 3g fiber</p>
+    </article>
+</body>
+</html>
@@ -0,0 +1,534 @@
+# OAuth Multi-User Load Testing Framework
+
+Comprehensive multi-user benchmarking system for testing OAuth-authenticated Nextcloud MCP server with realistic collaborative workflows.
+
+## Quick Start
+
+```bash
+# 1. Ensure docker-compose is running
+docker-compose up -d
+
+# 2. Run a benchmark with 2 users for 30 seconds
+uv run python -m tests.load.oauth_benchmark --users 2 --duration 30
+
+# 3. Clean up test users (IMPORTANT - always run after benchmark)
+uv run python -m tests.load.cleanup_loadtest_users
+
+# Optional: Verify cleanup
+uv run python -m tests.load.cleanup_loadtest_users --dry-run
+```
+
+## Overview
+
+This framework extends the basic load testing infrastructure to support:
+- **Multiple OAuth-authenticated users** running concurrently
+- **Coordinated workflows** spanning multiple users (sharing, collaboration, permissions)
+- **Per-user metrics** tracking individual user performance
+- **Workflow-specific metrics** measuring cross-user operation latencies
+- **Realistic scenarios** mimicking actual user collaboration patterns
+- **Concurrent user creation** - all users created and authenticated in parallel for fast setup
+
+## Architecture
+
+### Components
+
+```
+tests/load/
+├── oauth_pool.py          # OAuth user pool management
+├── oauth_workloads.py     # Multi-user workflow definitions
+├── oauth_metrics.py       # Enhanced metrics collection
+├── oauth_benchmark.py     # Main CLI entry point
+└── README_OAUTH.md        # This file
+```
+
+### Key Classes
+
+**OAuthUserPool** (`oauth_pool.py`)
+- Manages N OAuth-authenticated users
+- Handles token acquisition and storage
+- Creates and manages MCP sessions per user
+- Tracks per-user operation statistics
+
+**UserSessionWrapper** (`oauth_pool.py`)
+- Wraps MCP ClientSession for a specific user
+- Automatic operation tracking
+- Convenient tool/resource access methods
+
+**Workflow** (`oauth_workloads.py`)
+- Base class for multi-user coordinated workflows
+- Step-by-step execution with timing
+- Comprehensive error handling and reporting
+
+**OAuthBenchmarkMetrics** (`oauth_metrics.py`)
+- Per-user operation counts and latencies
+- Workflow completion rates and timings
+- Baseline operation statistics
+- Detailed reporting and JSON export
+
+## Available Workflows
+
+### 1. NoteShareWorkflow
+**Scenario**: Alice creates a note and shares it with Bob, who then reads it.
+
+**Steps**:
+1. User A creates a note
+2. User A shares note with User B (read-only permissions)
+3. User B lists their shared notes (measures propagation delay)
+4. User B reads the shared note
+
+**Metrics**: Creation latency, share propagation time, read latency
+
+### 2. CollaborativeEditWorkflow
+**Scenario**: Multiple users concurrently edit the same note.
+
+**Steps**:
+1. Owner creates a note
+2. All users read the note simultaneously
+3. All users append content concurrently
+4. Owner verifies final state
+
+**Metrics**: Concurrent read latency, concurrent write conflicts, final state consistency
+
+### 3. FileShareAndDownloadWorkflow
+**Scenario**: Alice uploads a file, shares it with Bob, who then downloads it.
+
+**Steps**:
+1. User A creates a file via WebDAV
+2. User A shares file with User B (read-only)
+3. User B lists their shares
+4. User B downloads the file
+
+**Metrics**: Upload latency, share creation, download latency
+
+### 4. MixedOAuthWorkload
+**Distribution**:
+- 50% Baseline operations (individual user CRUD)
+- 30% Note sharing workflows
+- 15% Collaborative editing workflows
+- 5% File sharing workflows
+
+## Usage
+
+### Basic Usage
+
+```bash
+# 4 users, 60-second test with mixed workload
+uv run python -m tests.load.oauth_benchmark --users 4 --duration 60
+
+# 10 users, 5-minute test
+uv run python -m tests.load.oauth_benchmark -u 10 -d 300
+
+# Export results to JSON
+uv run python -m tests.load.oauth_benchmark -u 5 -d 120 --output results.json
+```
+
+### Advanced Options
+
+```bash
+# Sharing-focused workload
+uv run python -m tests.load.oauth_benchmark --workload sharing -u 8 -d 180
+
+# Collaborative editing workload
+uv run python -m tests.load.oauth_benchmark --workload collaboration -u 6 -d 120
+
+# Baseline operations only (no workflows)
+uv run python -m tests.load.oauth_benchmark --workload baseline -u 10 -d 60
+
+# Verbose logging for debugging
+uv run python -m tests.load.oauth_benchmark -u 2 -d 30 --verbose
+```
+
+### CLI Options
+
+| Option | Short | Default | Description |
+|--------|-------|---------|-------------|
+| `--users` | `-u` | 2 | Number of concurrent users (dynamically created) |
+| `--duration` | `-d` | 30.0 | Test duration in seconds |
+| `--warmup` | `-w` | 5.0 | Warmup period before metrics collection (seconds) |
+| `--url` | | `http://127.0.0.1:8001/mcp` | MCP OAuth server URL |
+| `--output` | `-o` | None | JSON output file path |
+| `--workload` | | `mixed` | Workload type: mixed, sharing, collaboration, baseline |
+| `--user-prefix` | | `loadtest` | Prefix for dynamically created usernames |
+| `--cleanup/--no-cleanup` | | `cleanup` | Delete created users after benchmark |
+| `--browser` | | `chromium` | Playwright browser: firefox, chromium, webkit |
+| `--headed` | | False | Run browser in headed mode (visible window) |
+| `--verbose` | `-v` | False | Enable verbose logging |
+
+## Test User Creation
+
+The framework **dynamically creates test users** on-demand with OAuth authentication:
+
+- **Naming**: Users are created with the pattern `{prefix}_user_{n}` (default: `loadtest_user_1`, `loadtest_user_2`, etc.)
+- **Customization**: Use `--user-prefix` to change the prefix (e.g., `--user-prefix mytest` → `mytest_user_1`)
+- **Scalability**: No limit on user count - create as many concurrent users as your system can handle
+- **Credentials**: Each user gets a randomly generated secure password
+- **OAuth Tokens**: All users authenticate via automated OAuth flow using Playwright
+- **Cleanup**: Users are automatically deleted after the benchmark (disable with `--no-cleanup`)
+
+**Example**: Running `--users 5` creates:
+- `loadtest_user_1` (Display: Load Test User 1, Email: loadtest_user_1@benchmark.local)
+- `loadtest_user_2` (Display: Load Test User 2, Email: loadtest_user_2@benchmark.local)
+- `loadtest_user_3` (Display: Load Test User 3, Email: loadtest_user_3@benchmark.local)
+- `loadtest_user_4` (Display: Load Test User 4, Email: loadtest_user_4@benchmark.local)
+- `loadtest_user_5` (Display: Load Test User 5, Email: loadtest_user_5@benchmark.local)
+
+## Metrics Output
+
+### Console Report
+
+```
+================================================================================
+OAUTH MULTI-USER BENCHMARK RESULTS
+================================================================================
+
+Duration: 120.45s
+Total Users: 5
+Total Workflows Executed: 312
+Total Baseline Operations: 678
+
+--------------------------------------------------------------------------------
+WORKFLOW STATISTICS
+--------------------------------------------------------------------------------
+Workflow                         Total  Success     Rate        P50        P95
+--------------------------------------------------------------------------------
+note_share                         112      109    97.3%   0.2341s   0.4782s
+collaborative_edit                  65       61    93.8%   0.5123s   0.9234s
+file_share                          29       29   100.0%   0.3456s   0.6123s
+
+--------------------------------------------------------------------------------
+PER-USER STATISTICS
+--------------------------------------------------------------------------------
+User                  Total Ops    Success   Errors     Rate        P50
+--------------------------------------------------------------------------------
+loadtest_user_1              289        283        6    97.9%   0.2456s
+loadtest_user_2              245        241        4    98.4%   0.2123s
+loadtest_user_3              231        226        5    97.8%   0.2345s
+loadtest_user_4              198        195        3    98.5%   0.2234s
+loadtest_user_5              187        184        3    98.4%   0.2189s
+
+--------------------------------------------------------------------------------
+BASELINE OPERATIONS
+--------------------------------------------------------------------------------
+Total Operations: 678
+Success Rate: 98.2%
+Latency: min=0.0234s, p50=0.1234s, p95=0.3456s, max=0.8123s
+================================================================================
+```
+
+### JSON Export
+
+```json
+{
+  "summary": {
+    "duration": 120.45,
+    "total_workflows": 312,
+    "total_baseline_ops": 678,
+    "total_users": 5
+  },
+  "workflows": {
+    "note_share": {
+      "total_executions": 112,
+      "successful_executions": 109,
+      "failed_executions": 3,
+      "success_rate": 97.3,
+      "latency": {
+        "min": 0.1234,
+        "max": 0.8765,
+        "mean": 0.2891,
+        "median": 0.2341,
+        "p90": 0.4123,
+        "p95": 0.4782,
+        "p99": 0.7234
+      },
+      "step_latencies": {
+        "create_note": {...},
+        "share_note": {...},
+        "list_shared_with_me": {...},
+        "read_shared_note": {...}
+      }
+    }
+  },
+  "users": {
+    "loadtest_user_1": {
+      "total_operations": 289,
+      "successful_operations": 283,
+      "failed_operations": 6,
+      "success_rate": 97.9,
+      "latency": {...},
+      "operations_breakdown": {...},
+      "errors_breakdown": {...}
+    },
+    "loadtest_user_2": {...},
+    "loadtest_user_3": {...},
+    "loadtest_user_4": {...},
+    "loadtest_user_5": {...}
+  },
+  "baseline": {...}
+}
+```
+
+## Implementation Status
+
+### ✅ Completed Components
+
+**Framework:**
+- OAuth user pool management with dynamic user creation
+- User session wrappers with automatic tracking
+- Workflow base classes and framework
+- 3 example workflows (note share, collaborative edit, file share)
+- Enhanced metrics with per-user and workflow tracking
+- CLI interface with multiple workload options
+- Comprehensive reporting (console + JSON)
+
+**OAuth Integration:**
+- ✅ Playwright browser automation for OAuth login
+- ✅ OAuth callback server for auth code capture
+- ✅ Token exchange with OIDC provider
+- ✅ OAuth token injection into MCP sessions via Authorization headers
+- ✅ Cancel scope error handling for reliable cleanup
+- ✅ Dynamic user creation and deletion via Nextcloud Users API
+
+**Implementation Details:**
+The benchmark now successfully:
+1. Creates Nextcloud users dynamically with unique passwords
+2. Acquires OAuth tokens via automated Playwright browser flows
+3. Creates MCP client sessions with proper `Authorization: Bearer {token}` headers
+4. Executes coordinated multi-user workflows
+5. Tracks per-user and per-workflow metrics
+6. Provides standalone cleanup utility for test users
+
+**Key Fix (oauth_pool.py:163-164)**:
+```python
+# Pass OAuth token as Authorization header
+headers = {"Authorization": f"Bearer {profile.token}"}
+streamable_context = streamablehttp_client(mcp_url, headers=headers)
+```
+
+## Creating Custom Workflows
+
+### Example: Permission Escalation Workflow
+
+```python
+class PermissionEscalationWorkflow(Workflow):
+    """Test sharing permission changes."""
+
+    def __init__(self):
+        super().__init__("permission_escalation")
+
+    async def execute(self, users: list[UserSessionWrapper]) -> WorkflowResult:
+        self.start_time = time.time()
+
+        if len(users) < 2:
+            return self._finish(False, error="Requires 2+ users")
+
+        owner, collaborator = users[0], users[1]
+
+        # Step 1: Owner creates note
+        create_result = await self._execute_step(
+            "create_note",
+            owner,
+            lambda: owner.call_tool("nc_notes_create_note", {...})
+        )
+
+        # Step 2: Share read-only
+        await self._execute_step(
+            "share_readonly",
+            owner,
+            lambda: owner.call_tool("nc_share_create", {
+                "permissions": 1  # Read-only
+            })
+        )
+
+        # Step 3: Upgrade to edit permissions
+        await self._execute_step(
+            "upgrade_permissions",
+            owner,
+            lambda: owner.call_tool("nc_share_update", {
+                "permissions": 15  # Read+update+create+delete
+            })
+        )
+
+        # Step 4: Collaborator edits
+        await self._execute_step(
+            "collaborator_edit",
+            collaborator,
+            lambda: collaborator.call_tool("nc_notes_update_note", {...})
+        )
+
+        return self._finish(success=True)
+```
+
+### Registering Custom Workflows
+
+```python
+# In oauth_workloads.py
+class MixedOAuthWorkload:
+    def __init__(self, users: list[UserSessionWrapper]):
+        self.users = users
+        self.workflows = {
+            "note_share": NoteShareWorkflow(),
+            "collaborative_edit": CollaborativeEditWorkflow(),
+            "file_share": FileShareAndDownloadWorkflow(),
+            "permission_escalation": PermissionEscalationWorkflow(),  # Add your workflow
+        }
+```
+
+## Performance Expectations
+
+### Baseline Performance (basic auth, from existing benchmarks)
+- **Throughput**: 50-200 RPS for mixed workload
+- **Latency**: p50 <100ms, p95 <500ms, p99 <1000ms
+
+### OAuth Multi-User Expectations
+- **Lower throughput**: ~30-60% of baseline due to:
+  - OAuth token validation overhead
+  - Cross-user synchronization delays
+  - Workflow coordination overhead
+- **Higher p99 latency**: Due to workflow step dependencies
+- **Focus**: End-to-end workflow completion time more important than raw RPS
+
+### Common Bottlenecks
+1. **OAuth token validation**: Per-request overhead
+2. **Share propagation**: Time for shares to become visible to recipients
+3. **Concurrent edit conflicts**: ETags and conflict resolution
+4. **Permission checks**: Cross-user access validation
+
+## Best Practices
+
+1. **Start Small**: Begin with 2-3 users to validate workflows
+2. **Monitor Errors**: Watch for permission errors and conflicts
+3. **Adjust Delays**: Tune sleep delays between operations based on server response
+4. **Profile Workflows**: Use step latencies to identify bottlenecks
+5. **Export Results**: Always export to JSON for historical comparison
+
+## Performance Optimizations
+
+### Concurrent User Creation
+
+The benchmark creates and authenticates users **concurrently** for maximum performance:
+
+**Step 5: User Creation & OAuth Authentication**
+- All N users are created in parallel using `asyncio.gather()`
+- Each user runs through the full OAuth flow simultaneously
+- Multiple Playwright browser contexts operate independently
+
+**Step 6: MCP Session Creation**
+- All user sessions are created concurrently
+- OAuth tokens passed as Authorization headers to each session
+
+**Performance Impact:**
+- **Sequential** (old): ~10-12s per user → 40-48s for 4 users
+- **Concurrent** (new): ~12-15s total for 4 users (3-4x speedup!)
+
+Example output showing concurrent execution:
+```
+Step 5/6: Creating 4 users and acquiring OAuth tokens...
+(Running concurrently for faster setup)
+
+  [1/4] Creating user 'loadtest_user_1'...
+  [2/4] Creating user 'loadtest_user_2'...
+  [3/4] Creating user 'loadtest_user_3'...
+  [4/4] Creating user 'loadtest_user_4'...
+  ✓ User 'loadtest_user_4' authenticated
+  ✓ User 'loadtest_user_2' authenticated
+  ✓ User 'loadtest_user_1' authenticated
+  ✓ User 'loadtest_user_3' authenticated
+
+✓ Successfully created and authenticated 4 users
+```
+
+**Implementation** (oauth_benchmark.py:402-437):
+```python
+# Create tasks for all users
+tasks = [
+    create_user_task(i, browser, callback_server.auth_states)
+    for i in range(num_users)
+]
+# Run all concurrently
+results = await asyncio.gather(*tasks, return_exceptions=True)
+```
+
+## Cleanup
+
+**Important**: Due to asyncio scoping issues with the MCP client library, automatic cleanup in the benchmark's finally block may not execute reliably. Always use the cleanup utility after running benchmarks.
+
+### Cleanup Utility (Recommended)
+
+Use the cleanup utility to remove test users:
+
+```bash
+# Dry run - see what would be deleted
+uv run python -m tests.load.cleanup_loadtest_users --dry-run
+
+# Delete all loadtest users
+uv run python -m tests.load.cleanup_loadtest_users
+
+# Delete users with custom prefix
+uv run python -m tests.load.cleanup_loadtest_users --prefix mytest
+```
+
+### Disable Automatic Cleanup
+
+To keep test users after the benchmark for inspection:
+
+```bash
+uv run python -m tests.load.oauth_benchmark --users 2 --no-cleanup
+```
+
+## Troubleshooting
+
+### Leftover Test Users
+**Symptom**: Test users remain in Nextcloud after benchmark crashes
+
+**Solution**: Run the cleanup utility:
+```bash
+uv run python -m tests.load.cleanup_loadtest_users
+```
+
+### "User X not in pool" Error
+- Ensure user count doesn't exceed configured limits
+- Check that user creation succeeded in previous steps
+
+### CancelledError During Benchmark
+**Symptom**: Error message like `'CancelledError' object has no attribute 'username'` appears in logs
+
+**Cause**: Async task cancellation during benchmark shutdown or errors can cause race conditions in error handling
+
+**Solution**: This has been mitigated with defensive error handling. The worker now:
+- Catches `asyncio.CancelledError` specifically before general exceptions
+- Logs cancellation gracefully without attempting to access potentially invalid state
+- Re-raises the exception to allow proper cleanup chain
+
+If you still see this error, it's likely harmless and occurs during shutdown. The benchmark results should still be valid.
+
+### High Error Rates
+- Increase delay between operations (`await asyncio.sleep()` in worker)
+- Check OAuth token validity
+- Verify MCP OAuth server is running and accessible (port 8001)
+- Rebuild mcp-oauth container after code changes: `docker-compose up --build -d mcp-oauth`
+
+### Workflows Failing
+- Check step-by-step latencies to identify failing steps
+- Verify users have correct permissions
+- Review server logs for errors
+
+### MCP Session Creation Fails (401 Unauthorized)
+**Solution**: This issue has been fixed! OAuth tokens are now properly passed as Authorization headers when creating MCP sessions.
+
+If you still see 401 errors:
+- Rebuild the mcp-oauth container: `docker-compose up --build -d mcp-oauth`
+- Verify OAuth tokens are being acquired successfully in verbose mode
+- Check that the token hasn't expired (use shorter test durations during troubleshooting)
+
+## Future Enhancements
+
+- [x] Dynamic user creation (beyond 4 default users) - **COMPLETED**
+- [x] OAuth token injection for MCP sessions - **COMPLETED**
+- [x] Cancel scope error handling - **COMPLETED**
+- [x] Concurrent user creation and authentication - **COMPLETED** (3-4x speedup!)
+- [ ] Workflow templates for common patterns
+- [ ] Real-time dashboard for live monitoring
+- [ ] Historical comparison and regression detection
+- [ ] Load ramping (gradual user increase)
+- [ ] Geographic distribution simulation (latency injection)
+- [ ] Improve cleanup reliability in finally block
@@ -0,0 +1 @@
+"""Load testing utilities for Nextcloud MCP Server."""
@@ -0,0 +1,504 @@
+#!/usr/bin/env python3
+"""
+Load testing benchmark for Nextcloud MCP Server.
+
+Usage:
+    uv run python -m tests.load.benchmark --concurrency 10 --duration 30
+    uv run python -m tests.load.benchmark -c 50 -d 300 --output results.json
+"""
+
+import json
+import logging
+import signal
+import statistics
+import sys
+import time
+from collections import Counter
+from contextlib import asynccontextmanager
+from typing import Any
+
+import anyio
+import click
+from mcp import ClientSession
+from mcp.client.streamable_http import streamablehttp_client
+
+from tests.load.workloads import MixedWorkload, OperationResult, WorkloadOperations
+
+logging.basicConfig(
+    level=logging.WARNING, format="%(levelname)s [%(asctime)s] %(name)s - %(message)s"
+)
+logger = logging.getLogger(__name__)
+
+
+class BenchmarkMetrics:
+    """Collect and analyze benchmark metrics."""
+
+    def __init__(self):
+        self.results: list[OperationResult] = []
+        self.start_time: float | None = None
+        self.end_time: float | None = None
+        self._operation_counts: Counter = Counter()
+        self._operation_errors: Counter = Counter()
+
+    def add_result(self, result: OperationResult):
+        """Add a single operation result."""
+        self.results.append(result)
+        self._operation_counts[result.operation] += 1
+        if not result.success:
+            self._operation_errors[result.operation] += 1
+
+    def start(self):
+        """Mark the start of the benchmark."""
+        self.start_time = time.time()
+
+    def stop(self):
+        """Mark the end of the benchmark."""
+        self.end_time = time.time()
+
+    @property
+    def duration(self) -> float:
+        """Total benchmark duration in seconds."""
+        if self.start_time is None or self.end_time is None:
+            return 0.0
+        return self.end_time - self.start_time
+
+    @property
+    def total_requests(self) -> int:
+        """Total number of requests made."""
+        return len(self.results)
+
+    @property
+    def successful_requests(self) -> int:
+        """Number of successful requests."""
+        return sum(1 for r in self.results if r.success)
+
+    @property
+    def failed_requests(self) -> int:
+        """Number of failed requests."""
+        return sum(1 for r in self.results if not r.success)
+
+    @property
+    def error_rate(self) -> float:
+        """Error rate as a percentage."""
+        if self.total_requests == 0:
+            return 0.0
+        return (self.failed_requests / self.total_requests) * 100
+
+    @property
+    def requests_per_second(self) -> float:
+        """Average requests per second."""
+        if self.duration == 0:
+            return 0.0
+        return self.total_requests / self.duration
+
+    def latency_stats(self) -> dict[str, float]:
+        """Calculate latency statistics."""
+        if not self.results:
+            return {
+                "min": 0.0,
+                "max": 0.0,
+                "mean": 0.0,
+                "median": 0.0,
+                "p90": 0.0,
+                "p95": 0.0,
+                "p99": 0.0,
+            }
+
+        durations = [r.duration for r in self.results]
+        sorted_durations = sorted(durations)
+
+        def percentile(data: list[float], p: float) -> float:
+            k = (len(data) - 1) * p
+            f = int(k)
+            c = f + 1
+            if c >= len(data):
+                return data[-1]
+            return data[f] + (k - f) * (data[c] - data[f])
+
+        return {
+            "min": min(durations),
+            "max": max(durations),
+            "mean": statistics.mean(durations),
+            "median": statistics.median(durations),
+            "p90": percentile(sorted_durations, 0.90),
+            "p95": percentile(sorted_durations, 0.95),
+            "p99": percentile(sorted_durations, 0.99),
+        }
+
+    def operation_breakdown(self) -> dict[str, dict[str, Any]]:
+        """Get per-operation statistics."""
+        breakdown = {}
+        for op_name in self._operation_counts:
+            op_results = [r for r in self.results if r.operation == op_name]
+            op_durations = [r.duration for r in op_results if r.success]
+
+            if op_durations:
+                sorted_durations = sorted(op_durations)
+                p50 = statistics.median(sorted_durations)
+                p95_idx = int(len(sorted_durations) * 0.95)
+                p95 = sorted_durations[min(p95_idx, len(sorted_durations) - 1)]
+            else:
+                p50 = p95 = 0.0
+
+            breakdown[op_name] = {
+                "count": self._operation_counts[op_name],
+                "errors": self._operation_errors[op_name],
+                "success_rate": (
+                    (self._operation_counts[op_name] - self._operation_errors[op_name])
+                    / self._operation_counts[op_name]
+                    * 100
+                ),
+                "p50_latency": p50,
+                "p95_latency": p95,
+            }
+
+        return breakdown
+
+    def to_dict(self) -> dict[str, Any]:
+        """Convert metrics to dictionary for JSON export."""
+        return {
+            "summary": {
+                "duration": self.duration,
+                "total_requests": self.total_requests,
+                "successful_requests": self.successful_requests,
+                "failed_requests": self.failed_requests,
+                "error_rate": self.error_rate,
+                "requests_per_second": self.requests_per_second,
+            },
+            "latency": self.latency_stats(),
+            "operations": self.operation_breakdown(),
+        }
+
+    def print_report(self):
+        """Print human-readable benchmark report."""
+        print("\n" + "=" * 80)
+        print("BENCHMARK RESULTS")
+        print("=" * 80)
+
+        print(f"\nDuration: {self.duration:.2f}s")
+        print(f"Total Requests: {self.total_requests}")
+        print(f"Successful: {self.successful_requests}")
+        print(f"Failed: {self.failed_requests}")
+        print(f"Error Rate: {self.error_rate:.2f}%")
+        print(f"Requests/Second: {self.requests_per_second:.2f}")
+
+        print("\n" + "-" * 80)
+        print("LATENCY (seconds)")
+        print("-" * 80)
+        latency = self.latency_stats()
+        print(f"Min:    {latency['min']:.4f}s")
+        print(f"Mean:   {latency['mean']:.4f}s")
+        print(f"Median: {latency['median']:.4f}s")
+        print(f"P90:    {latency['p90']:.4f}s")
+        print(f"P95:    {latency['p95']:.4f}s")
+        print(f"P99:    {latency['p99']:.4f}s")
+        print(f"Max:    {latency['max']:.4f}s")
+
+        print("\n" + "-" * 80)
+        print("OPERATION BREAKDOWN")
+        print("-" * 80)
+        print(
+            f"{'Operation':<25} {'Count':>8} {'Errors':>8} {'Success':>9} {'P50':>10} {'P95':>10}"
+        )
+        print("-" * 80)
+
+        breakdown = self.operation_breakdown()
+        for op_name, stats in sorted(breakdown.items()):
+            print(
+                f"{op_name:<25} {stats['count']:>8} {stats['errors']:>8} "
+                f"{stats['success_rate']:>8.1f}% {stats['p50_latency']:>9.4f}s {stats['p95_latency']:>9.4f}s"
+            )
+
+        print("=" * 80 + "\n")
+
+
+@asynccontextmanager
+async def create_mcp_session(url: str):
+    """Create an MCP client session with proper cleanup."""
+    logger.info(f"Creating MCP client session for {url}")
+    streamable_context = streamablehttp_client(url)
+    session_context = None
+
+    try:
+        read_stream, write_stream, _ = await streamable_context.__aenter__()
+        session_context = ClientSession(read_stream, write_stream)
+        session = await session_context.__aenter__()
+        await session.initialize()
+        logger.info("MCP client session initialized")
+        yield session
+    finally:
+        if session_context is not None:
+            try:
+                await session_context.__aexit__(None, None, None)
+            except Exception as e:
+                logger.debug(f"Error closing session: {e}")
+
+        try:
+            await streamable_context.__aexit__(None, None, None)
+        except Exception as e:
+            logger.debug(f"Error closing streamable context: {e}")
+
+
+async def wait_for_mcp_server(url: str, max_attempts: int = 10) -> bool:
+    """Wait for MCP server to be ready."""
+    logger.info(f"Waiting for MCP server at {url}...")
+
+    for attempt in range(1, max_attempts + 1):
+        try:
+            async with create_mcp_session(url) as session:
+                # Try to get capabilities
+                await session.read_resource("nc://capabilities")
+                logger.info("MCP server is ready")
+                return True
+        except Exception as e:
+            if attempt < max_attempts:
+                logger.debug(f"Attempt {attempt}/{max_attempts}: {e}")
+                await anyio.sleep(2)
+            else:
+                logger.error(f"MCP server not ready after {max_attempts} attempts")
+                return False
+
+    return False
+
+
+async def benchmark_worker(
+    worker_id: int,
+    url: str,
+    duration: float,
+    metrics: BenchmarkMetrics,
+    stop_event: anyio.Event,
+):
+    """Single worker that runs operations for the specified duration."""
+    logger.info(f"Worker {worker_id} starting...")
+
+    try:
+        async with create_mcp_session(url) as session:
+            ops = WorkloadOperations(session)
+            workload = MixedWorkload(ops)
+
+            # Warmup
+            await workload.warmup(count=5)
+
+            # Run operations until duration expires or stop event is set
+            start_time = time.time()
+            operation_count = 0
+
+            while not stop_event.is_set():
+                if time.time() - start_time >= duration:
+                    break
+
+                result = await workload.run_operation()
+                metrics.add_result(result)
+                operation_count += 1
+
+                # Small delay to prevent overwhelming the server
+                await anyio.sleep(0.01)
+
+            # Cleanup
+            await ops.cleanup()
+
+            logger.info(f"Worker {worker_id} completed {operation_count} operations")
+
+    except Exception as e:
+        logger.error(f"Worker {worker_id} error: {e}", exc_info=True)
+
+
+async def run_benchmark(
+    url: str,
+    concurrency: int,
+    duration: float,
+    warmup: float = 5.0,
+) -> BenchmarkMetrics:
+    """Run the benchmark with specified parameters."""
+    metrics = BenchmarkMetrics()
+    stop_event = anyio.Event()
+
+    # Setup signal handlers for graceful shutdown
+    def signal_handler(sig, frame):
+        logger.warning("Received interrupt signal, stopping benchmark...")
+        stop_event.set()
+
+    signal.signal(signal.SIGINT, signal_handler)
+    signal.signal(signal.SIGTERM, signal_handler)
+
+    print(
+        f"\nStarting benchmark with {concurrency} concurrent workers for {duration}s..."
+    )
+    print(f"Target: {url}")
+    print(f"Warmup period: {warmup}s\n")
+
+    # Warmup period
+    if warmup > 0:
+        print("Warming up...")
+        await anyio.sleep(warmup)
+
+    # Start metrics collection
+    metrics.start()
+
+    # Create and run workers using anyio task groups
+    async with anyio.create_task_group() as tg:
+        # Start all workers
+        for i in range(concurrency):
+            tg.start_soon(benchmark_worker, i, url, duration, metrics, stop_event)
+
+        # Show progress
+        tg.start_soon(show_progress, duration, metrics, stop_event)
+
+    # Stop metrics (tasks already completed when task group exits)
+    metrics.stop()
+
+    return metrics
+
+
+async def show_progress(
+    duration: float,
+    metrics: BenchmarkMetrics,
+    stop_event: anyio.Event,
+):
+    """Show real-time progress during benchmark."""
+    start_time = time.time()
+
+    while not stop_event.is_set():
+        elapsed = time.time() - start_time
+        if elapsed >= duration:
+            break
+
+        # Calculate progress
+        progress = min(elapsed / duration * 100, 100)
+        rps = metrics.total_requests / max(elapsed, 0.1)
+
+        # Print progress bar
+        bar_length = 40
+        filled = int(bar_length * progress / 100)
+        bar = "█" * filled + "░" * (bar_length - filled)
+
+        print(
+            f"\r[{bar}] {progress:5.1f}% | "
+            f"Requests: {metrics.total_requests:6d} | "
+            f"RPS: {rps:6.1f} | "
+            f"Errors: {metrics.failed_requests:4d}",
+            end="",
+            flush=True,
+        )
+
+        await anyio.sleep(0.5)
+
+    print()  # New line after progress
+
+
+@click.command()
+@click.option(
+    "--concurrency",
+    "-c",
+    type=int,
+    default=10,
+    show_default=True,
+    help="Number of concurrent workers",
+)
+@click.option(
+    "--duration",
+    "-d",
+    type=float,
+    default=30.0,
+    show_default=True,
+    help="Test duration in seconds",
+)
+@click.option(
+    "--warmup",
+    "-w",
+    type=float,
+    default=5.0,
+    show_default=True,
+    help="Warmup duration before collecting metrics (seconds)",
+)
+@click.option(
+    "--url",
+    "-u",
+    default="http://127.0.0.1:8000/mcp",
+    show_default=True,
+    help="MCP server URL",
+)
+@click.option(
+    "--output",
+    "-o",
+    type=click.Path(),
+    help="Output file for JSON results (optional)",
+)
+@click.option(
+    "--wait-for-server/--no-wait",
+    default=True,
+    show_default=True,
+    help="Wait for MCP server to be ready before starting",
+)
+@click.option(
+    "--verbose",
+    "-v",
+    is_flag=True,
+    help="Enable verbose logging",
+)
+def main(
+    concurrency: int,
+    duration: float,
+    warmup: float,
+    url: str,
+    output: str | None,
+    wait_for_server: bool,
+    verbose: bool,
+):
+    """
+    Load testing benchmark for Nextcloud MCP Server.
+
+    Runs a mixed workload of realistic MCP operations against the server
+    and reports detailed performance metrics.
+
+    Examples:
+
+        # Quick 30-second test with 10 workers
+        uv run python -m tests.load.benchmark --concurrency 10 --duration 30
+
+        # Extended test with 50 workers for 5 minutes
+        uv run python -m tests.load.benchmark -c 50 -d 300
+
+        # Export results to JSON
+        uv run python -m tests.load.benchmark -c 20 -d 60 --output results.json
+
+        # Test OAuth server on port 8001
+        uv run python -m tests.load.benchmark --url http://127.0.0.1:8001/mcp
+    """
+    if verbose:
+        logging.getLogger().setLevel(logging.DEBUG)
+        logging.getLogger("tests.load").setLevel(logging.DEBUG)
+
+    async def run():
+        # Wait for server if requested
+        if wait_for_server:
+            if not await wait_for_mcp_server(url):
+                print("ERROR: MCP server is not ready", file=sys.stderr)
+                sys.exit(1)
+
+        # Run benchmark
+        metrics = await run_benchmark(url, concurrency, duration, warmup)
+
+        # Print report
+        metrics.print_report()
+
+        # Export to JSON if requested
+        if output:
+            with open(output, "w") as f:
+                json.dump(metrics.to_dict(), f, indent=2)
+            print(f"Results exported to: {output}")
+
+    try:
+        anyio.run(run)
+    except KeyboardInterrupt:
+        print("\nBenchmark interrupted by user")
+        sys.exit(130)
+    except Exception as e:
+        print(f"ERROR: {e}", file=sys.stderr)
+        if verbose:
+            raise
+        sys.exit(1)
+
+
+if __name__ == "__main__":
+    main()
@@ -0,0 +1,117 @@
+#!/usr/bin/env python3
+"""
+Cleanup utility for loadtest users.
+
+Searches for and deletes all users with 'loadtest' prefix in their username.
+Useful for cleaning up after failed benchmark runs.
+
+Usage:
+    uv run python -m tests.load.cleanup_loadtest_users
+    uv run python -m tests.load.cleanup_loadtest_users --prefix mytest
+    uv run python -m tests.load.cleanup_loadtest_users --dry-run
+"""
+
+import sys
+
+import anyio
+import click
+
+from nextcloud_mcp_server.client import NextcloudClient
+
+
+async def cleanup_users(prefix: str = "loadtest", dry_run: bool = False):
+    """
+    Search for and delete users with the specified prefix.
+
+    Args:
+        prefix: Username prefix to search for
+        dry_run: If True, only list users without deleting them
+    """
+    print(f"Searching for users with prefix '{prefix}'...")
+
+    try:
+        client = NextcloudClient.from_env()
+        users = await client.users.search_users(search=prefix)
+
+        if not users:
+            print(f"✓ No users found with prefix '{prefix}'")
+            return
+
+        print(f"Found {len(users)} user(s): {', '.join(users)}\n")
+
+        if dry_run:
+            print("DRY RUN - No users will be deleted")
+            for user in users:
+                print(f"  Would delete: {user}")
+            print("\nTo actually delete these users, run without --dry-run flag")
+            return
+
+        # Delete users
+        deleted = []
+        failed = []
+
+        for user in users:
+            try:
+                print(f"  Deleting {user}...")
+                await client.users.delete_user(userid=user)
+                deleted.append(user)
+                print(f"  ✓ Deleted {user}")
+            except Exception as e:
+                failed.append((user, str(e)))
+                print(f"  ✗ Failed to delete {user}: {e}")
+
+        # Summary
+        print(f"\n{'=' * 60}")
+        print("Cleanup Summary")
+        print(f"{'=' * 60}")
+        print(f"Successfully deleted: {len(deleted)}")
+        print(f"Failed to delete: {len(failed)}")
+
+        if failed:
+            print("\nFailed deletions:")
+            for user, error in failed:
+                print(f"  - {user}: {error}")
+            sys.exit(1)
+        else:
+            print("\n✓ All users cleaned up successfully")
+
+    except Exception as e:
+        print(f"ERROR: {e}", file=sys.stderr)
+        sys.exit(1)
+
+
+@click.command()
+@click.option(
+    "--prefix",
+    default="loadtest",
+    show_default=True,
+    help="Username prefix to search for",
+)
+@click.option(
+    "--dry-run",
+    is_flag=True,
+    help="List users without deleting them",
+)
+def main(prefix: str, dry_run: bool):
+    """
+    Cleanup loadtest users from Nextcloud.
+
+    Searches for all users with the specified prefix and deletes them.
+    Useful for cleaning up after failed benchmark runs.
+
+    Examples:
+
+        # Dry run to see what would be deleted
+        uv run python -m tests.load.cleanup_loadtest_users --dry-run
+
+        # Delete all loadtest users
+        uv run python -m tests.load.cleanup_loadtest_users
+
+        # Delete users with custom prefix
+        uv run python -m tests.load.cleanup_loadtest_users --prefix mytest
+    """
+    anyio.run(cleanup_users, prefix, dry_run)
+
+
+if __name__ == "__main__":
+    main()
@@ -0,0 +1,768 @@
+#!/usr/bin/env python3
+"""
+OAuth Multi-User Load Testing for Nextcloud MCP Server.
+
+Simulates realistic multi-user scenarios with coordinated workflows
+like note sharing, collaborative editing, and file operations.
+
+Usage:
+    uv run python -m tests.load.oauth_benchmark --users 4 --duration 60
+    uv run python -m tests.load.oauth_benchmark -u 10 -d 300 --workload sharing
+"""
+
+import json
+import logging
+import os
+import secrets
+import signal
+import sys
+import threading
+import time
+from http.server import BaseHTTPRequestHandler, HTTPServer
+from typing import Any
+from urllib.parse import parse_qs, urlparse
+
+import anyio
+import click
+import httpx
+from playwright.async_api import async_playwright
+
+from nextcloud_mcp_server.auth.client_registration import load_or_register_client
+from nextcloud_mcp_server.client import NextcloudClient
+from tests.load.oauth_metrics import OAuthBenchmarkMetrics
+from tests.load.oauth_pool import (
+    OAuthUserPool,
+    UserSessionWrapper,
+    generate_secure_password,
+)
+from tests.load.oauth_workloads import MixedOAuthWorkload, WorkflowResult
+
+logging.basicConfig(
+    level=logging.WARNING, format="%(levelname)s [%(asctime)s] %(name)s - %(message)s"
+)
+logger = logging.getLogger(__name__)
+
+
+class OAuthCallbackServer:
+    """
+    Temporary HTTP server to capture OAuth authorization codes.
+
+    Runs in a background thread, captures auth codes via state parameter
+    correlation, and stores them in a shared dictionary.
+    """
+
+    def __init__(self, host: str = "127.0.0.1", port: int = 8081):
+        self.host = host
+        self.port = port
+        self.auth_states: dict[str, str] = {}
+        self.server: HTTPServer | None = None
+        self.thread: threading.Thread | None = None
+
+    def start(self):
+        """Start the callback server in a background thread."""
+
+        class CallbackHandler(BaseHTTPRequestHandler):
+            auth_states = self.auth_states
+
+            def do_GET(self):
+                parsed = urlparse(self.path)
+                if parsed.path == "/callback":
+                    params = parse_qs(parsed.query)
+                    code = params.get("code", [None])[0]
+                    state = params.get("state", [None])[0]
+
+                    if code and state:
+                        self.auth_states[state] = code
+                        logger.info(f"Captured auth code for state {state[:16]}...")
+
+                    self.send_response(200)
+                    self.send_header("Content-type", "text/html")
+                    self.end_headers()
+                    self.wfile.write(
+                        b"<html><body><h1>Authorization successful!</h1>"
+                        b"<p>You can close this window.</p></body></html>"
+                    )
+                else:
+                    self.send_response(404)
+                    self.end_headers()
+
+            def log_message(self, format, *args):
+                # Suppress default logging
+                pass
+
+        self.server = HTTPServer((self.host, self.port), CallbackHandler)
+
+        def run():
+            logger.info(f"OAuth callback server listening on {self.host}:{self.port}")
+            self.server.serve_forever()
+
+        self.thread = threading.Thread(target=run, daemon=True)
+        self.thread.start()
+        logger.info("OAuth callback server started")
+
+    def stop(self):
+        """Stop the callback server."""
+        if self.server:
+            self.server.shutdown()
+            logger.info("OAuth callback server stopped")
+
+    def get_auth_code(self, state: str) -> str | None:
+        """Get auth code for a given state parameter."""
+        return self.auth_states.get(state)
+
+
+async def discover_oidc_endpoints(nextcloud_host: str) -> dict[str, str]:
+    """
+    Discover OIDC endpoints from Nextcloud's .well-known configuration.
+
+    Args:
+        nextcloud_host: Nextcloud host URL (e.g., http://localhost:8080)
+
+    Returns:
+        Dict with authorization_endpoint, token_endpoint, and registration_endpoint
+    """
+    logger.info("Discovering OIDC endpoints...")
+    async with httpx.AsyncClient(verify=False, timeout=30.0) as client:
+        response = await client.get(
+            f"{nextcloud_host}/.well-known/openid-configuration"
+        )
+        response.raise_for_status()
+        config = response.json()
+
+    endpoints = {
+        "authorization_endpoint": config["authorization_endpoint"],
+        "token_endpoint": config["token_endpoint"],
+        "registration_endpoint": config["registration_endpoint"],
+    }
+    logger.info(f"Discovered endpoints: {endpoints}")
+    return endpoints
+
+
+async def setup_oauth_client(
+    nextcloud_host: str, callback_url: str, registration_endpoint: str
+) -> dict[str, str]:
+    """
+    Setup OAuth client using load_or_register_client.
+
+    Args:
+        nextcloud_host: Nextcloud host URL
+        callback_url: OAuth callback URL
+        registration_endpoint: OAuth registration endpoint URL
+
+    Returns:
+        Dict with client_id and client_secret
+    """
+    logger.info("Setting up OAuth client...")
+
+    # Use the client registration utility
+    client_info = await load_or_register_client(
+        nextcloud_url=nextcloud_host,
+        registration_endpoint=registration_endpoint,
+        storage_path=".nextcloud_oauth_benchmark_client.json",
+        client_name="OAuth Benchmark Test Client",
+        redirect_uris=[callback_url],
+    )
+
+    logger.info(f"OAuth client setup complete (client_id: {client_info.client_id})")
+    return {
+        "client_id": client_info.client_id,
+        "client_secret": client_info.client_secret,
+    }
+
+
+async def create_and_authenticate_user(
+    user_pool: OAuthUserPool,
+    browser: Any,
+    auth_states: dict[str, str],
+    username: str,
+    password: str,
+    display_name: str | None = None,
+) -> str:
+    """
+    Create Nextcloud user and acquire OAuth token via Playwright.
+
+    Args:
+        user_pool: OAuthUserPool instance
+        browser: Playwright browser instance
+        auth_states: Shared auth_states dict for callback server
+        username: Username to create
+        password: Password for the user
+        display_name: Optional display name
+
+    Returns:
+        OAuth access token for the user
+    """
+    logger.info(f"Creating and authenticating user: {username}")
+
+    # Create Nextcloud user
+    await user_pool.create_nextcloud_user(
+        username=username,
+        password=password,
+        display_name=display_name or username,
+    )
+
+    # Generate unique state for this OAuth flow
+    state = secrets.token_urlsafe(32)
+
+    # Acquire OAuth token via Playwright
+    token = await user_pool.acquire_token_playwright(
+        browser=browser,
+        username=username,
+        password=password,
+        state=state,
+        auth_states=auth_states,
+    )
+
+    logger.info(f"Successfully authenticated user: {username}")
+    return token
+
+
+async def oauth_benchmark_worker(
+    user_wrapper: UserSessionWrapper,
+    workload: MixedOAuthWorkload,
+    duration: float,
+    metrics: OAuthBenchmarkMetrics,
+    stop_event: anyio.Event,
+):
+    """
+    Single worker executing operations for one user.
+
+    Args:
+        user_wrapper: UserSessionWrapper for this worker
+        workload: MixedOAuthWorkload instance
+        duration: Test duration in seconds
+        metrics: Metrics collector
+        stop_event: Event to signal stop
+    """
+    logger.info(f"Worker for {user_wrapper.username} starting...")
+
+    start_time = time.time()
+    operation_count = 0
+
+    try:
+        while not stop_event.is_set():
+            if time.time() - start_time >= duration:
+                break
+
+            # Run an operation (might be baseline or workflow)
+            result = await workload.run_operation()
+
+            # Record metrics
+            if isinstance(result, WorkflowResult):
+                metrics.add_workflow_result(result)
+            else:
+                # Baseline operation
+                metrics.add_baseline_operation(result)
+
+            operation_count += 1
+
+            # Small delay to prevent overwhelming the server
+            await anyio.sleep(0.05)
+
+        logger.info(
+            f"Worker for {user_wrapper.username} completed {operation_count} operations"
+        )
+
+    except anyio.get_cancelled_exc_class():
+        # Handle task cancellation gracefully (e.g., during benchmark shutdown)
+        logger.info(
+            f"Worker for {user_wrapper.username} was cancelled "
+            f"(completed {operation_count} operations)"
+        )
+        raise  # Re-raise to allow proper cleanup
+    except Exception as e:
+        logger.error(f"Worker {user_wrapper.username} error: {e}", exc_info=True)
+
+
+async def show_progress(
+    duration: float,
+    metrics: OAuthBenchmarkMetrics,
+    stop_event: anyio.Event,
+):
+    """Show real-time progress during benchmark."""
+    start_time = time.time()
+
+    while not stop_event.is_set():
+        elapsed = time.time() - start_time
+        if elapsed >= duration:
+            break
+
+        # Calculate progress
+        progress = min(elapsed / duration * 100, 100)
+        total_ops = len(metrics.baseline_operations) + len(metrics.workflows)
+        workflows = len(metrics.workflows)
+
+        # Print progress bar
+        bar_length = 40
+        filled = int(bar_length * progress / 100)
+        bar = "█" * filled + "░" * (bar_length - filled)
+
+        print(
+            f"\r[{bar}] {progress:5.1f}% | "
+            f"Total Ops: {total_ops:6d} | "
+            f"Workflows: {workflows:4d}",
+            end="",
+            flush=True,
+        )
+
+        await anyio.sleep(0.5)
+
+    print()  # New line after progress
+
+
+async def run_oauth_benchmark(
+    num_users: int,
+    duration: float,
+    mcp_url: str,
+    warmup: float = 5.0,
+    user_prefix: str = "loadtest",
+    cleanup: bool = True,
+    browser_type: str = "firefox",
+    headed: bool = False,
+) -> OAuthBenchmarkMetrics:
+    """
+    Run the OAuth multi-user benchmark with dynamic user creation.
+
+    Args:
+        num_users: Number of concurrent users to create
+        duration: Test duration in seconds
+        mcp_url: MCP server URL
+        warmup: Warmup period in seconds
+        user_prefix: Prefix for generated usernames
+        cleanup: Whether to delete users after benchmark
+        browser_type: Playwright browser type (firefox, chromium, webkit)
+        headed: Whether to run browser in headed mode
+
+    Returns:
+        OAuthBenchmarkMetrics with results
+    """
+    metrics = OAuthBenchmarkMetrics()
+    stop_event = anyio.Event()
+    created_users: list[str] = []
+    callback_server: OAuthCallbackServer | None = None
+    user_pool: OAuthUserPool | None = None
+    admin_client: NextcloudClient | None = None
+
+    # Setup signal handlers for graceful shutdown
+    def signal_handler(sig, frame):
+        logger.warning("Received interrupt signal, stopping benchmark...")
+        stop_event.set()
+
+    signal.signal(signal.SIGINT, signal_handler)
+    signal.signal(signal.SIGTERM, signal_handler)
+
+    print(f"\n{'=' * 80}")
+    print("OAUTH MULTI-USER BENCHMARK")
+    print(f"{'=' * 80}")
+    print(f"Users: {num_users} | Duration: {duration}s | Warmup: {warmup}s")
+    print(f"Target: {mcp_url}")
+    print(f"User Prefix: {user_prefix} | Cleanup: {cleanup}")
+    print(f"Browser: {browser_type} | Headed: {headed}")
+    print(f"{'=' * 80}\n")
+
+    try:
+        # Get environment variables
+        nextcloud_host = os.getenv("NEXTCLOUD_HOST", "http://localhost:8080")
+        callback_url = "http://127.0.0.1:8081/callback"
+
+        # Step 1: Start OAuth callback server
+        print("Step 1/6: Starting OAuth callback server...")
+        callback_server = OAuthCallbackServer(host="127.0.0.1", port=8081)
+        callback_server.start()
+        print("✓ Callback server listening on http://127.0.0.1:8081\n")
+
+        # Step 2: Discover OIDC endpoints
+        print("Step 2/6: Discovering OIDC endpoints...")
+        endpoints = await discover_oidc_endpoints(nextcloud_host)
+        print(f"✓ Authorization endpoint: {endpoints['authorization_endpoint']}")
+        print(f"✓ Token endpoint: {endpoints['token_endpoint']}")
+        print(f"✓ Registration endpoint: {endpoints['registration_endpoint']}\n")
+
+        # Step 3: Setup OAuth client
+        print("Step 3/6: Setting up OAuth client...")
+        oauth_credentials = await setup_oauth_client(
+            nextcloud_host, callback_url, endpoints["registration_endpoint"]
+        )
+        print(f"✓ OAuth client registered (ID: {oauth_credentials['client_id']})\n")
+
+        # Step 4: Create admin client and user pool
+        print("Step 4/6: Initializing admin client and user pool...")
+        admin_client = NextcloudClient.from_env()
+        user_pool = OAuthUserPool(
+            admin_client=admin_client,
+            client_id=oauth_credentials["client_id"],
+            client_secret=oauth_credentials["client_secret"],
+            callback_url=callback_url,
+            token_endpoint=endpoints["token_endpoint"],
+            authorization_endpoint=endpoints["authorization_endpoint"],
+        )
+
+        async with user_pool:
+            print("✓ User pool initialized\n")
+
+            # Step 5: Create users and acquire OAuth tokens (concurrently)
+            print(f"Step 5/6: Creating {num_users} users and acquiring OAuth tokens...")
+            print("(Running concurrently for faster setup)\n")
+
+            async def create_user_task(
+                i: int, browser, auth_states: dict
+            ) -> tuple[str, str, str] | None:
+                """Create and authenticate a single user. Returns (username, password, token) or None on failure."""
+                username = f"{user_prefix}_user_{i + 1}"
+                password = generate_secure_password(16)
+
+                print(f"  [{i + 1}/{num_users}] Creating user '{username}'...")
+
+                try:
+                    token = await create_and_authenticate_user(
+                        user_pool=user_pool,
+                        browser=browser,
+                        auth_states=auth_states,
+                        username=username,
+                        password=password,
+                        display_name=f"Load Test User {i + 1}",
+                    )
+
+                    print(f"  ✓ User '{username}' authenticated\n")
+                    return (username, password, token)
+
+                except Exception as e:
+                    logger.error(f"Failed to create/authenticate user {username}: {e}")
+                    return None
+
+            async with async_playwright() as p:
+                # Launch browser
+                browser_launcher = getattr(p, browser_type)
+                browser = await browser_launcher.launch(headless=not headed)
+
+                try:
+                    # Create all users concurrently using anyio task groups
+                    results = []
+
+                    async def run_and_collect(i: int):
+                        """Wrapper to collect results from tasks."""
+                        try:
+                            result = await create_user_task(
+                                i, browser, callback_server.auth_states
+                            )
+                            results.append(result)
+                        except Exception as e:
+                            logger.error(f"User creation task failed: {e}")
+                            results.append(e)
+
+                    async with anyio.create_task_group() as tg:
+                        for i in range(num_users):
+                            tg.start_soon(run_and_collect, i)
+
+                    # Process results
+                    for result in results:
+                        if isinstance(result, Exception):
+                            logger.error(f"User creation task failed: {result}")
+                            continue
+                        if result is None:
+                            continue
+
+                        username, password, token = result
+                        await user_pool.add_user(
+                            username=username, password=password, token=token
+                        )
+                        created_users.append(username)
+
+                finally:
+                    await browser.close()
+
+            if not created_users:
+                raise RuntimeError("Failed to create any users")
+
+            print(
+                f"✓ Successfully created and authenticated {len(created_users)} users\n"
+            )
+
+        # Step 6: Create MCP sessions for each user (concurrently)
+        print("Step 6/6: Creating MCP sessions for users...")
+        user_wrappers = []
+        async with user_pool:
+
+            async def create_session_task(username: str) -> UserSessionWrapper | None:
+                """Create MCP session for a user. Returns wrapper or None on failure."""
+                try:
+                    session = await user_pool.create_user_session(username, mcp_url)
+                    wrapper = UserSessionWrapper(username, session, user_pool)
+                    print(f"  ✓ Session created for '{username}'")
+                    return wrapper
+                except Exception as e:
+                    logger.error(f"Failed to create session for {username}: {e}")
+                    return None
+
+            # Create all sessions concurrently using anyio task groups
+            session_results = []
+
+            async def run_and_collect_session(username: str):
+                """Wrapper to collect session results from tasks."""
+                try:
+                    result = await create_session_task(username)
+                    session_results.append(result)
+                except Exception as e:
+                    logger.error(f"Session creation task failed: {e}")
+                    session_results.append(e)
+
+            async with anyio.create_task_group() as tg:
+                for username in created_users:
+                    tg.start_soon(run_and_collect_session, username)
+
+            # Process results
+            for result in session_results:
+                if isinstance(result, Exception):
+                    logger.error(f"Session creation task failed: {result}")
+                    continue
+                if result is not None:
+                    user_wrappers.append(result)
+
+            if not user_wrappers:
+                raise RuntimeError("Failed to create any user sessions")
+
+            print(f"✓ Created {len(user_wrappers)} MCP sessions\n")
+
+            # Warmup period
+            if warmup > 0:
+                print(f"Warmup period: {warmup}s...")
+                await anyio.sleep(warmup)
+                print()
+
+            # Start benchmark
+            print(f"{'=' * 80}")
+            print("STARTING BENCHMARK")
+            print(f"{'=' * 80}\n")
+
+            metrics.start()
+
+            # Create workload and workers using anyio task groups
+            workload = MixedOAuthWorkload(user_wrappers)
+
+            # Run workers with progress display
+            async with anyio.create_task_group() as tg:
+                # Start all workers
+                for wrapper in user_wrappers:
+                    tg.start_soon(
+                        oauth_benchmark_worker,
+                        wrapper,
+                        workload,
+                        duration,
+                        metrics,
+                        stop_event,
+                    )
+
+                # Show progress
+                tg.start_soon(show_progress, duration, metrics, stop_event)
+
+            # Tasks already completed when task group exits
+            metrics.stop()
+
+            print(f"\n{'=' * 80}")
+            print("BENCHMARK COMPLETE")
+            print(f"{'=' * 80}\n")
+
+            # Cleanup user sessions
+            print("Closing user sessions...")
+            await user_pool.close_all_sessions()
+            print("✓ All sessions closed\n")
+
+    except Exception as e:
+        logger.error(f"Benchmark error: {e}", exc_info=True)
+        # Don't re-raise here - we want cleanup to run
+
+    finally:
+        # Cleanup callback server
+        if callback_server:
+            try:
+                callback_server.stop()
+                logger.info("OAuth callback server stopped")
+            except Exception as e:
+                logger.warning(f"Error stopping callback server: {e}")
+
+        # Cleanup test users
+        if cleanup and created_users:
+            print(f"\nCleaning up {len(created_users)} test users...")
+            # Create a new admin client for cleanup (don't rely on the existing one)
+            try:
+                cleanup_client = NextcloudClient.from_env()
+                for username in created_users:
+                    try:
+                        await cleanup_client.users.delete_user(userid=username)
+                        print(f"  ✓ Deleted user '{username}'")
+                    except Exception as e:
+                        logger.warning(f"Failed to delete user {username}: {e}")
+                print("✓ Cleanup complete\n")
+            except Exception as e:
+                logger.error(f"Error during user cleanup: {e}")
+                print(
+                    "⚠️  Failed to cleanup users. Please run cleanup script manually.\n"
+                )
+        elif created_users:
+            print(
+                f"\n⚠️  {len(created_users)} test users were NOT deleted (cleanup=False)"
+            )
+            print(f"Users: {', '.join(created_users)}\n")
+
+    return metrics
+
+
+@click.command()
+@click.option(
+    "--users",
+    "-u",
+    type=int,
+    default=2,
+    show_default=True,
+    help="Number of concurrent users to create dynamically",
+)
+@click.option(
+    "--duration",
+    "-d",
+    type=float,
+    default=30.0,
+    show_default=True,
+    help="Test duration in seconds",
+)
+@click.option(
+    "--warmup",
+    "-w",
+    type=float,
+    default=5.0,
+    show_default=True,
+    help="Warmup duration before collecting metrics (seconds)",
+)
+@click.option(
+    "--url",
+    default="http://127.0.0.1:8001/mcp",
+    show_default=True,
+    help="MCP OAuth server URL",
+)
+@click.option(
+    "--output",
+    "-o",
+    type=click.Path(),
+    help="Output file for JSON results (optional)",
+)
+@click.option(
+    "--workload",
+    type=click.Choice(["mixed", "sharing", "collaboration", "baseline"]),
+    default="mixed",
+    show_default=True,
+    help="Workload type to execute",
+)
+@click.option(
+    "--user-prefix",
+    default="loadtest",
+    show_default=True,
+    help="Prefix for dynamically created usernames",
+)
+@click.option(
+    "--cleanup/--no-cleanup",
+    default=True,
+    show_default=True,
+    help="Delete created users after benchmark",
+)
+@click.option(
+    "--browser",
+    type=click.Choice(["firefox", "chromium", "webkit"]),
+    default="firefox",
+    show_default=True,
+    help="Playwright browser type for OAuth automation",
+)
+@click.option(
+    "--headed",
+    is_flag=True,
+    help="Run browser in headed mode (visible window, useful for debugging)",
+)
+@click.option(
+    "--verbose",
+    "-v",
+    is_flag=True,
+    help="Enable verbose logging",
+)
+def main(
+    users: int,
+    duration: float,
+    warmup: float,
+    url: str,
+    output: str | None,
+    workload: str,
+    user_prefix: str,
+    cleanup: bool,
+    browser: str,
+    headed: bool,
+    verbose: bool,
+):
+    """
+    OAuth Multi-User Load Testing for Nextcloud MCP Server.
+
+    Dynamically creates N users, authenticates them via OAuth using Playwright
+    browser automation, and simulates realistic multi-user scenarios with
+    coordinated workflows like note sharing, collaborative editing, and file operations.
+
+    Examples:
+
+        # 2 users, 30-second test (default settings)
+        uv run python -m tests.load.oauth_benchmark
+
+        # 4 users, 60-second test with mixed workload
+        uv run python -m tests.load.oauth_benchmark --users 4 --duration 60
+
+        # 10 users, 5-minute sharing-focused test
+        uv run python -m tests.load.oauth_benchmark -u 10 -d 300 --workload sharing
+
+        # Export results to JSON
+        uv run python -m tests.load.oauth_benchmark -u 5 -d 120 --output results.json
+
+        # Custom user prefix and keep users after benchmark
+        uv run python -m tests.load.oauth_benchmark -u 3 --user-prefix mytest --no-cleanup
+
+        # Debug with visible browser (headed mode)
+        uv run python -m tests.load.oauth_benchmark -u 2 -d 10 --headed --verbose
+
+    Requirements:
+        - docker-compose up (mcp-oauth container running on port 8001)
+        - NEXTCLOUD_HOST, NEXTCLOUD_USERNAME, NEXTCLOUD_PASSWORD env vars set
+        - Playwright browser installed: uv run playwright install firefox
+    """
+    if verbose:
+        logging.getLogger().setLevel(logging.DEBUG)
+        logging.getLogger("tests.load").setLevel(logging.DEBUG)
+
+    async def run():
+        # Run benchmark
+        metrics = await run_oauth_benchmark(
+            num_users=users,
+            duration=duration,
+            mcp_url=url,
+            warmup=warmup,
+            user_prefix=user_prefix,
+            cleanup=cleanup,
+            browser_type=browser,
+            headed=headed,
+        )
+
+        # Print report
+        metrics.print_report()
+
+        # Export to JSON if requested
+        if output:
+            with open(output, "w") as f:
+                json.dump(metrics.to_dict(), f, indent=2)
+            print(f"Results exported to: {output}")
+
+    try:
+        anyio.run(run)
+    except KeyboardInterrupt:
+        print("\nBenchmark interrupted by user")
+        sys.exit(130)
+    except Exception as e:
+        print(f"ERROR: {e}", file=sys.stderr)
+        if verbose:
+            raise
+        sys.exit(1)
+
+
+if __name__ == "__main__":
+    main()
@@ -0,0 +1,329 @@
+"""
+Enhanced metrics collection for OAuth multi-user load testing.
+
+Extends the base BenchmarkMetrics to track per-user statistics,
+workflow completion rates, and cross-user operation latencies.
+"""
+
+import statistics
+from collections import Counter, defaultdict
+from typing import Any
+
+from tests.load.oauth_workloads import WorkflowResult
+
+
+class OAuthBenchmarkMetrics:
+    """
+    Enhanced metrics for OAuth multi-user load testing.
+
+    Tracks:
+    - Per-user operation counts and latencies
+    - Workflow completion rates and timings
+    - Cross-user operation metrics
+    - Step-by-step workflow breakdowns
+    """
+
+    def __init__(self):
+        # Base metrics
+        self.start_time: float | None = None
+        self.end_time: float | None = None
+
+        # Per-user tracking
+        self.user_operations: dict[str, list[dict[str, Any]]] = defaultdict(list)
+        self.user_operation_counts: dict[str, Counter] = defaultdict(Counter)
+        self.user_errors: dict[str, Counter] = defaultdict(Counter)
+
+        # Workflow tracking
+        self.workflows: list[WorkflowResult] = []
+        self.workflow_counts: Counter = Counter()
+        self.workflow_successes: Counter = Counter()
+        self.workflow_durations: dict[str, list[float]] = defaultdict(list)
+
+        # Baseline operations (non-workflow)
+        self.baseline_operations: list[dict[str, Any]] = []
+
+    def start(self):
+        """Mark the start of the benchmark."""
+        import time
+
+        self.start_time = time.time()
+
+    def stop(self):
+        """Mark the end of the benchmark."""
+        import time
+
+        self.end_time = time.time()
+
+    @property
+    def duration(self) -> float:
+        """Total benchmark duration in seconds."""
+        if self.start_time is None or self.end_time is None:
+            return 0.0
+        return self.end_time - self.start_time
+
+    def add_workflow_result(self, result: WorkflowResult):
+        """
+        Add a workflow execution result.
+
+        Args:
+            result: WorkflowResult from workflow execution
+        """
+        self.workflows.append(result)
+        self.workflow_counts[result.workflow_name] += 1
+        if result.success:
+            self.workflow_successes[result.workflow_name] += 1
+        self.workflow_durations[result.workflow_name].append(result.total_duration)
+
+        # Track per-user operations from workflow steps
+        for step in result.steps:
+            self.user_operation_counts[step.user][step.step_name] += 1
+            if not step.success:
+                self.user_errors[step.user][step.step_name] += 1
+
+            self.user_operations[step.user].append(
+                {
+                    "type": "workflow_step",
+                    "workflow": result.workflow_name,
+                    "step": step.step_name,
+                    "success": step.success,
+                    "duration": step.duration,
+                    "error": step.error,
+                }
+            )
+
+    def add_baseline_operation(self, operation: dict[str, Any]):
+        """
+        Add a baseline (non-workflow) operation result.
+
+        Args:
+            operation: Dict with keys: type, operation, user, success, duration, error (optional)
+        """
+        self.baseline_operations.append(operation)
+
+        user = operation.get("user", "unknown")
+        op_name = operation.get("operation", "unknown")
+        success = operation.get("success", False)
+
+        self.user_operation_counts[user][op_name] += 1
+        if not success:
+            self.user_errors[user][op_name] += 1
+
+        self.user_operations[user].append(operation)
+
+    def get_user_stats(self) -> dict[str, dict[str, Any]]:
+        """
+        Get per-user statistics.
+
+        Returns:
+            Dict mapping username to their stats
+        """
+        stats = {}
+        for user, operations in self.user_operations.items():
+            total_ops = len(operations)
+            successful_ops = sum(1 for op in operations if op.get("success", False))
+            durations = [op["duration"] for op in operations if "duration" in op]
+
+            stats[user] = {
+                "total_operations": total_ops,
+                "successful_operations": successful_ops,
+                "failed_operations": total_ops - successful_ops,
+                "success_rate": (successful_ops / total_ops * 100)
+                if total_ops > 0
+                else 0.0,
+                "latency": self._calculate_latency_stats(durations),
+                "operations_breakdown": dict(self.user_operation_counts[user]),
+                "errors_breakdown": dict(self.user_errors[user]),
+            }
+        return stats
+
+    def get_workflow_stats(self) -> dict[str, dict[str, Any]]:
+        """
+        Get workflow execution statistics.
+
+        Returns:
+            Dict mapping workflow name to its stats
+        """
+        stats = {}
+        for workflow_name in self.workflow_counts:
+            total = self.workflow_counts[workflow_name]
+            successes = self.workflow_successes[workflow_name]
+            durations = self.workflow_durations[workflow_name]
+
+            # Calculate per-step latencies
+            step_latencies = defaultdict(list)
+            for workflow in self.workflows:
+                if workflow.workflow_name == workflow_name:
+                    for step in workflow.steps:
+                        if step.success:
+                            step_latencies[step.step_name].append(step.duration)
+
+            step_stats = {}
+            for step_name, latencies in step_latencies.items():
+                if latencies:
+                    step_stats[step_name] = self._calculate_latency_stats(latencies)
+
+            stats[workflow_name] = {
+                "total_executions": total,
+                "successful_executions": successes,
+                "failed_executions": total - successes,
+                "success_rate": (successes / total * 100) if total > 0 else 0.0,
+                "latency": self._calculate_latency_stats(durations),
+                "step_latencies": step_stats,
+            }
+        return stats
+
+    def get_baseline_stats(self) -> dict[str, Any]:
+        """
+        Get statistics for baseline operations.
+
+        Returns:
+            Dict with baseline operation stats
+        """
+        if not self.baseline_operations:
+            return {
+                "total_operations": 0,
+                "success_rate": 0.0,
+                "latency": self._calculate_latency_stats([]),
+            }
+
+        total = len(self.baseline_operations)
+        successes = sum(
+            1 for op in self.baseline_operations if op.get("success", False)
+        )
+        durations = [
+            op["duration"] for op in self.baseline_operations if "duration" in op
+        ]
+
+        # Per-operation breakdown
+        operation_counts = Counter()
+        operation_errors = Counter()
+        for op in self.baseline_operations:
+            op_name = op.get("operation", "unknown")
+            operation_counts[op_name] += 1
+            if not op.get("success", False):
+                operation_errors[op_name] += 1
+
+        return {
+            "total_operations": total,
+            "successful_operations": successes,
+            "failed_operations": total - successes,
+            "success_rate": (successes / total * 100) if total > 0 else 0.0,
+            "latency": self._calculate_latency_stats(durations),
+            "operations_breakdown": dict(operation_counts),
+            "errors_breakdown": dict(operation_errors),
+        }
+
+    def _calculate_latency_stats(self, durations: list[float]) -> dict[str, float]:
+        """Calculate latency statistics from a list of durations."""
+        if not durations:
+            return {
+                "min": 0.0,
+                "max": 0.0,
+                "mean": 0.0,
+                "median": 0.0,
+                "p90": 0.0,
+                "p95": 0.0,
+                "p99": 0.0,
+            }
+
+        sorted_durations = sorted(durations)
+
+        def percentile(data: list[float], p: float) -> float:
+            k = (len(data) - 1) * p
+            f = int(k)
+            c = f + 1
+            if c >= len(data):
+                return data[-1]
+            return data[f] + (k - f) * (data[c] - data[f])
+
+        return {
+            "min": min(durations),
+            "max": max(durations),
+            "mean": statistics.mean(durations),
+            "median": statistics.median(durations),
+            "p90": percentile(sorted_durations, 0.90),
+            "p95": percentile(sorted_durations, 0.95),
+            "p99": percentile(sorted_durations, 0.99),
+        }
+
+    def to_dict(self) -> dict[str, Any]:
+        """Convert metrics to dictionary for JSON export."""
+        return {
+            "summary": {
+                "duration": self.duration,
+                "total_workflows": len(self.workflows),
+                "total_baseline_ops": len(self.baseline_operations),
+                "total_users": len(self.user_operations),
+            },
+            "workflows": self.get_workflow_stats(),
+            "baseline": self.get_baseline_stats(),
+            "users": self.get_user_stats(),
+        }
+
+    def print_report(self):
+        """Print human-readable benchmark report."""
+        print("\n" + "=" * 80)
+        print("OAUTH MULTI-USER BENCHMARK RESULTS")
+        print("=" * 80)
+
+        # Summary
+        print(f"\nDuration: {self.duration:.2f}s")
+        print(f"Total Users: {len(self.user_operations)}")
+        print(f"Total Workflows Executed: {len(self.workflows)}")
+        print(f"Total Baseline Operations: {len(self.baseline_operations)}")
+
+        # Workflow Stats
+        if self.workflows:
+            print("\n" + "-" * 80)
+            print("WORKFLOW STATISTICS")
+            print("-" * 80)
+            print(
+                f"{'Workflow':<30} {'Total':>8} {'Success':>8} {'Rate':>8} {'P50':>10} {'P95':>10}"
+            )
+            print("-" * 80)
+
+            workflow_stats = self.get_workflow_stats()
+            for name, stats in sorted(workflow_stats.items()):
+                latency = stats["latency"]
+                print(
+                    f"{name:<30} {stats['total_executions']:>8} "
+                    f"{stats['successful_executions']:>8} "
+                    f"{stats['success_rate']:>7.1f}% "
+                    f"{latency['median']:>9.4f}s {latency['p95']:>9.4f}s"
+                )
+
+        # Per-User Stats
+        print("\n" + "-" * 80)
+        print("PER-USER STATISTICS")
+        print("-" * 80)
+        print(
+            f"{'User':<20} {'Total Ops':>10} {'Success':>10} {'Errors':>8} {'Rate':>8} {'P50':>10}"
+        )
+        print("-" * 80)
+
+        user_stats = self.get_user_stats()
+        for username, stats in sorted(user_stats.items()):
+            latency = stats["latency"]
+            print(
+                f"{username:<20} {stats['total_operations']:>10} "
+                f"{stats['successful_operations']:>10} "
+                f"{stats['failed_operations']:>8} "
+                f"{stats['success_rate']:>7.1f}% "
+                f"{latency['median']:>9.4f}s"
+            )
+
+        # Baseline Stats
+        if self.baseline_operations:
+            print("\n" + "-" * 80)
+            print("BASELINE OPERATIONS")
+            print("-" * 80)
+            baseline = self.get_baseline_stats()
+            print(f"Total Operations: {baseline['total_operations']}")
+            print(f"Success Rate: {baseline['success_rate']:.1f}%")
+            latency = baseline["latency"]
+            print(
+                f"Latency: min={latency['min']:.4f}s, p50={latency['median']:.4f}s, "
+                f"p95={latency['p95']:.4f}s, max={latency['max']:.4f}s"
+            )
+
+        print("=" * 80 + "\n")
@@ -0,0 +1,485 @@
+"""
+OAuth User Pool Management for Load Testing.
+
+Manages multiple OAuth-authenticated users for realistic multi-user load testing scenarios.
+"""
+
+import asyncio
+import logging
+from dataclasses import dataclass
+from typing import Any
+
+import httpx
+from mcp import ClientSession
+from mcp.client.streamable_http import streamablehttp_client
+
+logger = logging.getLogger(__name__)
+
+
+@dataclass
+class UserConfig:
+    """Configuration for a single test user."""
+
+    username: str
+    password: str
+    display_name: str
+    email: str
+    groups: list[str]
+
+
+@dataclass
+class UserProfile:
+    """Profile for an OAuth-authenticated user."""
+
+    username: str
+    password: str
+    token: str
+    session: ClientSession | None = None
+    streamable_context: Any | None = None  # Store for proper cleanup
+    operation_count: int = 0
+    error_count: int = 0
+
+
+class OAuthUserPool:
+    """
+    Manages a pool of OAuth-authenticated users for load testing.
+
+    Handles token acquisition, session management, and user lifecycle.
+    """
+
+    def __init__(
+        self,
+        admin_client: Any,  # NextcloudClient with admin credentials
+        client_id: str,
+        client_secret: str,
+        callback_url: str,
+        token_endpoint: str,
+        authorization_endpoint: str,
+    ):
+        self.admin_client = admin_client  # For user management
+        self.nextcloud_host = str(admin_client._client.base_url)
+        self.client_id = client_id
+        self.client_secret = client_secret
+        self.callback_url = callback_url
+        self.token_endpoint = token_endpoint
+        self.authorization_endpoint = authorization_endpoint
+        self.users: dict[str, UserProfile] = {}
+        self._http_client: httpx.AsyncClient | None = None
+
+    async def __aenter__(self):
+        """Initialize HTTP client."""
+        self._http_client = httpx.AsyncClient(verify=False, timeout=30.0)
+        return self
+
+    async def __aexit__(self, exc_type, exc_val, exc_tb):
+        """Cleanup HTTP client."""
+        if self._http_client:
+            await self._http_client.aclose()
+
+    async def acquire_token(self, username: str, password: str, auth_code: str) -> str:
+        """
+        Exchange authorization code for OAuth access token.
+
+        Args:
+            username: Username for logging
+            password: Password (for logging/debugging)
+            auth_code: Authorization code from OAuth flow
+
+        Returns:
+            OAuth access token
+        """
+        logger.info(f"Exchanging auth code for access token (user: {username})...")
+
+        if not self._http_client:
+            raise RuntimeError(
+                "HTTP client not initialized - use async context manager"
+            )
+
+        # Exchange authorization code for access token
+        token_response = await self._http_client.post(
+            self.token_endpoint,
+            data={
+                "grant_type": "authorization_code",
+                "code": auth_code,
+                "redirect_uri": self.callback_url,
+                "client_id": self.client_id,
+                "client_secret": self.client_secret,
+            },
+            headers={"Content-Type": "application/x-www-form-urlencoded"},
+        )
+        token_response.raise_for_status()
+        token_data = token_response.json()
+
+        access_token = token_data.get("access_token")
+        if not access_token:
+            raise ValueError(f"No access token in response for {username}")
+
+        logger.info(f"Successfully acquired OAuth token for {username}")
+        return access_token
+
+    async def add_user(self, username: str, password: str, token: str) -> UserProfile:
+        """
+        Add a user to the pool with their OAuth token.
+
+        Args:
+            username: Username
+            password: Password (for future re-auth if needed)
+            token: OAuth access token
+
+        Returns:
+            UserProfile for the added user
+        """
+        if username in self.users:
+            logger.warning(f"User {username} already in pool, updating token")
+
+        profile = UserProfile(username=username, password=password, token=token)
+        self.users[username] = profile
+        logger.info(f"Added user {username} to pool (total: {len(self.users)})")
+        return profile
+
+    async def create_user_session(
+        self, username: str, mcp_url: str = "http://127.0.0.1:8001/mcp"
+    ) -> ClientSession:
+        """
+        Create an MCP client session for a user.
+
+        Args:
+            username: Username to create session for
+            mcp_url: MCP server URL
+
+        Returns:
+            Initialized ClientSession
+
+        Raises:
+            KeyError: If user not in pool
+        """
+        if username not in self.users:
+            raise KeyError(f"User {username} not in pool")
+
+        profile = self.users[username]
+
+        # Create streamable HTTP connection with OAuth token in Authorization header
+        # This matches the pattern from tests/conftest.py create_mcp_client_session()
+        headers = {"Authorization": f"Bearer {profile.token}"}
+        streamable_context = streamablehttp_client(mcp_url, headers=headers)
+
+        try:
+            read_stream, write_stream, _ = await streamable_context.__aenter__()
+
+            session = ClientSession(read_stream, write_stream)
+            await session.__aenter__()
+            await session.initialize()
+
+            # Store both session and context for proper cleanup
+            profile.session = session
+            profile.streamable_context = streamable_context
+            logger.info(f"Created MCP session for {username}")
+            return session
+
+        except Exception as e:
+            # Clean up streamable context if session creation failed
+            try:
+                await streamable_context.__aexit__(None, None, None)
+            except Exception as cleanup_error:
+                logger.debug(f"Error during cleanup: {cleanup_error}")
+            raise e
+
+    async def close_user_session(self, username: str):
+        """Close the MCP session for a user."""
+        if username not in self.users:
+            return
+
+        profile = self.users[username]
+
+        # Close ClientSession
+        if profile.session:
+            try:
+                await profile.session.__aexit__(None, None, None)
+            except Exception as e:
+                logger.debug(f"Error closing session for {username}: {e}")
+            profile.session = None
+
+        # Close streamable context
+        if profile.streamable_context:
+            try:
+                await profile.streamable_context.__aexit__(None, None, None)
+            except Exception as e:
+                logger.debug(f"Error closing streamable context for {username}: {e}")
+            profile.streamable_context = None
+
+    async def close_all_sessions(self):
+        """Close all user sessions."""
+        for username in list(self.users.keys()):
+            await self.close_user_session(username)
+
+    def get_user(self, username: str) -> UserProfile:
+        """Get user profile by username."""
+        if username not in self.users:
+            raise KeyError(f"User {username} not in pool")
+        return self.users[username]
+
+    def get_all_users(self) -> list[UserProfile]:
+        """Get all user profiles."""
+        return list(self.users.values())
+
+    def record_operation(self, username: str, success: bool = True):
+        """Record an operation for user stats."""
+        if username in self.users:
+            self.users[username].operation_count += 1
+            if not success:
+                self.users[username].error_count += 1
+
+    def get_stats(self) -> dict[str, dict[str, int | float]]:
+        """Get per-user operation statistics."""
+        return {
+            username: {
+                "operations": profile.operation_count,
+                "errors": profile.error_count,
+                "success_rate": (
+                    (profile.operation_count - profile.error_count)
+                    / max(profile.operation_count, 1)
+                    * 100
+                ),
+            }
+            for username, profile in self.users.items()
+        }
+
+    async def create_nextcloud_user(
+        self,
+        username: str,
+        password: str,
+        display_name: str | None = None,
+        email: str | None = None,
+    ) -> UserConfig:
+        """
+        Create a Nextcloud user via the Users API.
+
+        Args:
+            username: Username for the new user
+            password: Password for the new user
+            display_name: Optional display name
+            email: Optional email address
+
+        Returns:
+            UserConfig for the created user
+
+        Raises:
+            HTTPStatusError: If user creation fails
+        """
+        logger.info(f"Creating Nextcloud user: {username}")
+
+        await self.admin_client.users.create_user(
+            userid=username,
+            password=password,
+            display_name=display_name or username,
+            email=email or f"{username}@benchmark.local",
+        )
+
+        logger.info(f"Successfully created Nextcloud user: {username}")
+
+        return UserConfig(
+            username=username,
+            password=password,
+            display_name=display_name or username,
+            email=email or f"{username}@benchmark.local",
+            groups=[],
+        )
+
+    async def delete_nextcloud_user(self, username: str):
+        """
+        Delete a Nextcloud user via the Users API.
+
+        Args:
+            username: Username to delete
+        """
+        logger.info(f"Deleting Nextcloud user: {username}")
+
+        try:
+            await self.admin_client.users.delete_user(userid=username)
+            logger.info(f"Successfully deleted Nextcloud user: {username}")
+        except Exception as e:
+            logger.warning(f"Failed to delete user {username}: {e}")
+
+    async def acquire_token_playwright(
+        self,
+        browser: Any,
+        username: str,
+        password: str,
+        state: str,
+        auth_states: dict[str, str],
+    ) -> str:
+        """
+        Acquire OAuth token via Playwright browser automation.
+
+        Based on conftest.py playwright_oauth_token fixture.
+        Automates the full OAuth flow:
+        1. Navigate to authorization URL
+        2. Fill login form
+        3. Handle OAuth consent
+        4. Wait for callback server to receive auth code
+        5. Exchange code for access token
+
+        Args:
+            browser: Playwright browser instance
+            username: Username to authenticate
+            password: Password for the user
+            state: Unique state parameter for this OAuth flow
+            auth_states: Dict mapping state -> auth_code (shared with callback server)
+
+        Returns:
+            OAuth access token
+
+        Raises:
+            TimeoutError: If callback not received within timeout
+            ValueError: If token exchange fails
+        """
+        import time
+        from urllib.parse import quote
+
+        logger.info(f"Starting Playwright OAuth flow for {username}...")
+        logger.debug(f"Using state: {state[:16]}...")
+
+        # Construct authorization URL
+        auth_url = (
+            f"{self.authorization_endpoint}?"
+            f"response_type=code&"
+            f"client_id={self.client_id}&"
+            f"redirect_uri={quote(self.callback_url, safe='')}&"
+            f"state={state}&"
+            f"scope=openid%20profile%20email"
+        )
+
+        # Browser automation
+        context = await browser.new_context(ignore_https_errors=True)
+        page = await context.new_page()
+
+        try:
+            # Navigate to authorization URL
+            logger.debug("Navigating to authorization URL...")
+            await page.goto(auth_url, wait_until="networkidle", timeout=30000)
+            current_url = page.url
+
+            # Login if needed
+            if "/login" in current_url or "/index.php/login" in current_url:
+                logger.info(f"Logging in as {username}...")
+                await page.wait_for_selector('input[name="user"]', timeout=10000)
+                await page.fill('input[name="user"]', username)
+                await page.fill('input[name="password"]', password)
+                await page.click('button[type="submit"]')
+                await page.wait_for_load_state("networkidle", timeout=30000)
+                current_url = page.url
+                logger.info("Login completed")
+
+            # Handle OAuth consent if present
+            try:
+                authorize_button = await page.query_selector(
+                    'button:has-text("Authorize"), button:has-text("Allow"), input[type="submit"][value*="uthoriz"]'
+                )
+                if authorize_button:
+                    logger.info("Authorizing OAuth client...")
+                    await authorize_button.click()
+                    await page.wait_for_load_state("networkidle", timeout=10000)
+            except Exception as e:
+                logger.debug(f"No authorization needed: {e}")
+
+            # Wait for callback server to receive auth code
+            logger.info("Waiting for OAuth callback...")
+            timeout_seconds = 30
+            start_time = time.time()
+            while state not in auth_states:
+                if time.time() - start_time > timeout_seconds:
+                    screenshot_path = f"/tmp/oauth_timeout_{username}.png"
+                    await page.screenshot(path=screenshot_path)
+                    logger.error(f"Screenshot saved to {screenshot_path}")
+                    raise TimeoutError(
+                        f"Timeout waiting for OAuth callback for {username}"
+                    )
+                await asyncio.sleep(0.5)
+
+            auth_code = auth_states[state]
+            logger.info(f"Received auth code for {username}")
+
+        finally:
+            await context.close()
+
+        # Exchange code for token
+        logger.info(f"Exchanging auth code for access token ({username})...")
+        token_response = await self._http_client.post(
+            self.token_endpoint,
+            data={
+                "grant_type": "authorization_code",
+                "code": auth_code,
+                "redirect_uri": self.callback_url,
+                "client_id": self.client_id,
+                "client_secret": self.client_secret,
+            },
+            headers={"Content-Type": "application/x-www-form-urlencoded"},
+        )
+        token_response.raise_for_status()
+        token_data = token_response.json()
+
+        access_token = token_data.get("access_token")
+        if not access_token:
+            raise ValueError(f"No access token for {username}: {token_data}")
+
+        logger.info(f"Successfully acquired OAuth token for {username}")
+        return access_token
+
+
+class UserSessionWrapper:
+    """
+    Wrapper for a user-specific MCP session with operation tracking.
+
+    Provides a convenient interface for executing operations as a specific user.
+    """
+
+    def __init__(self, username: str, session: ClientSession, pool: OAuthUserPool):
+        self.username = username
+        self.session = session
+        self.pool = pool
+
+    async def call_tool(self, tool_name: str, arguments: dict[str, Any]) -> Any:
+        """
+        Call an MCP tool and record the operation.
+
+        Args:
+            tool_name: Name of the tool to call
+            arguments: Tool arguments
+
+        Returns:
+            Tool result
+        """
+        try:
+            result = await self.session.call_tool(tool_name, arguments)
+            self.pool.record_operation(self.username, success=True)
+            return result
+        except Exception:
+            self.pool.record_operation(self.username, success=False)
+            raise
+
+    async def read_resource(self, uri: str) -> Any:
+        """
+        Read an MCP resource and record the operation.
+
+        Args:
+            uri: Resource URI
+
+        Returns:
+            Resource data
+        """
+        try:
+            result = await self.session.read_resource(uri)
+            self.pool.record_operation(self.username, success=True)
+            return result
+        except Exception:
+            self.pool.record_operation(self.username, success=False)
+            raise
+
+
+def generate_secure_password(length: int = 20) -> str:
+    """Generate a secure random password."""
+    import secrets
+    import string
+
+    alphabet = string.ascii_letters + string.digits + "!@#$%^&*()"
+    return "".join(secrets.choice(alphabet) for _ in range(length))
@@ -0,0 +1,506 @@
+"""
+Multi-User Workflow Definitions for OAuth Load Testing.
+
+Defines coordinated workflows that span multiple users, simulating realistic
+collaborative scenarios like note sharing, file collaboration, and permission management.
+"""
+
+import asyncio
+import json
+import logging
+import random
+import time
+import uuid
+from abc import ABC, abstractmethod
+from dataclasses import dataclass, field
+from typing import Any, Awaitable, Callable
+
+from tests.load.oauth_pool import UserSessionWrapper
+
+logger = logging.getLogger(__name__)
+
+
+@dataclass
+class WorkflowStepResult:
+    """Result of a single workflow step."""
+
+    step_name: str
+    user: str
+    success: bool
+    duration: float
+    error: str | None = None
+    data: dict[str, Any] = field(default_factory=dict)
+
+
+@dataclass
+class WorkflowResult:
+    """Result of a complete workflow execution."""
+
+    workflow_name: str
+    success: bool
+    total_duration: float
+    steps: list[WorkflowStepResult]
+    participants: list[str]
+    error: str | None = None
+
+    @property
+    def steps_completed(self) -> int:
+        """Count of successfully completed steps."""
+        return sum(1 for step in self.steps if step.success)
+
+    @property
+    def step_latencies(self) -> dict[str, float]:
+        """Map of step names to their durations."""
+        return {step.step_name: step.duration for step in self.steps}
+
+
+class Workflow(ABC):
+    """
+    Base class for multi-user workflows.
+
+    A workflow represents a coordinated sequence of operations across multiple users,
+    such as creating and sharing a note, collaborative editing, or permission management.
+    """
+
+    def __init__(self, name: str):
+        self.name = name
+        self.steps: list[WorkflowStepResult] = []
+        self.start_time: float | None = None
+
+    @abstractmethod
+    async def execute(self, users: list[UserSessionWrapper]) -> WorkflowResult:
+        """
+        Execute the workflow with the given users.
+
+        Args:
+            users: List of UserSessionWrapper instances to use in the workflow
+
+        Returns:
+            WorkflowResult with execution details
+        """
+        pass
+
+    async def _execute_step(
+        self,
+        step_name: str,
+        user: UserSessionWrapper,
+        operation: Callable[..., Awaitable[Any]],
+        **kwargs,
+    ) -> WorkflowStepResult:
+        """
+        Execute a single workflow step with timing and error handling.
+
+        Args:
+            step_name: Name of the step for reporting
+            user: User executing the step
+            operation: Async callable to execute
+            **kwargs: Arguments to pass to the operation
+
+        Returns:
+            WorkflowStepResult
+        """
+        start = time.time()
+        try:
+            result = await operation(**kwargs)
+            duration = time.time() - start
+            step_result = WorkflowStepResult(
+                step_name=step_name,
+                user=user.username,
+                success=True,
+                duration=duration,
+                data={"result": result} if result else {},
+            )
+            self.steps.append(step_result)
+            return step_result
+        except Exception as e:
+            duration = time.time() - start
+            logger.error(f"Step {step_name} failed for user {user.username}: {e}")
+            step_result = WorkflowStepResult(
+                step_name=step_name,
+                user=user.username,
+                success=False,
+                duration=duration,
+                error=str(e),
+            )
+            self.steps.append(step_result)
+            return step_result
+
+    def _finish(self, success: bool, error: str | None = None) -> WorkflowResult:
+        """
+        Finalize workflow and create result.
+
+        Args:
+            success: Whether the overall workflow succeeded
+            error: Optional error message
+
+        Returns:
+            WorkflowResult
+        """
+        duration = time.time() - self.start_time if self.start_time else 0.0
+        participants = list(set(step.user for step in self.steps))
+
+        return WorkflowResult(
+            workflow_name=self.name,
+            success=success,
+            total_duration=duration,
+            steps=self.steps,
+            participants=participants,
+            error=error,
+        )
+
+
+class NoteShareWorkflow(Workflow):
+    """
+    Workflow: User A creates a note and shares it with User B, who then reads it.
+
+    Steps:
+    1. User A creates a note
+    2. User A shares the note with User B (read-only)
+    3. User B lists their shared notes (verify propagation)
+    4. User B reads the shared note
+    """
+
+    def __init__(self):
+        super().__init__("note_share")
+
+    async def execute(self, users: list[UserSessionWrapper]) -> WorkflowResult:
+        """Execute note sharing workflow."""
+        self.start_time = time.time()
+
+        if len(users) < 2:
+            return self._finish(False, error="Requires at least 2 users")
+
+        user_a, user_b = users[0], users[1]
+        unique_id = uuid.uuid4().hex[:8]
+
+        try:
+            # Step 1: User A creates note
+            create_result = await self._execute_step(
+                "create_note",
+                user_a,
+                lambda: user_a.call_tool(
+                    "nc_notes_create_note",
+                    {
+                        "title": f"Shared Note {unique_id}",
+                        "content": f"Content for workflow test {unique_id}",
+                        "category": "Workflows",
+                    },
+                ),
+            )
+
+            if not create_result.success:
+                return self._finish(False, error="Failed to create note")
+
+            # Extract note ID
+            note_data = json.loads(create_result.data["result"].content[0].text)
+            note_id = note_data["id"]
+
+            # Step 2: User A shares note with User B
+            # Note: Sharing files/notes requires using WebDAV path
+            # Create a file first, then share it
+            share_result = await self._execute_step(
+                "share_note",
+                user_a,
+                lambda: user_a.call_tool(
+                    "nc_share_create",
+                    {
+                        "path": f"/Notes/{note_data['category']}/{note_data['title']}.txt",
+                        "share_with": user_b.username,
+                        "share_type": 0,  # User share
+                        "permissions": 1,  # Read-only
+                    },
+                ),
+            )
+
+            if not share_result.success:
+                logger.warning("Share creation failed, continuing anyway")
+
+            # Step 3: User B lists shares (measure propagation)
+            await self._execute_step(
+                "list_shared_with_me",
+                user_b,
+                lambda: user_b.call_tool("nc_share_list", {"shared_with_me": True}),
+            )
+
+            # Step 4: User B reads the note
+            await self._execute_step(
+                "read_shared_note",
+                user_b,
+                lambda: user_b.call_tool("nc_notes_get_note", {"note_id": note_id}),
+            )
+
+            # Cleanup: Delete the note
+            await user_a.call_tool("nc_notes_delete_note", {"note_id": note_id})
+
+            return self._finish(success=True)
+
+        except Exception as e:
+            logger.error(f"Note share workflow failed: {e}")
+            return self._finish(False, error=str(e))
+
+
+class CollaborativeEditWorkflow(Workflow):
+    """
+    Workflow: Multiple users edit the same note concurrently.
+
+    Steps:
+    1. User A creates a note
+    2. User A shares note with Users B, C (edit permissions)
+    3. All users read the note simultaneously
+    4. All users update the note simultaneously (test concurrent edits)
+    5. User A verifies final state
+    """
+
+    def __init__(self):
+        super().__init__("collaborative_edit")
+
+    async def execute(self, users: list[UserSessionWrapper]) -> WorkflowResult:
+        """Execute collaborative editing workflow."""
+        self.start_time = time.time()
+
+        if len(users) < 2:
+            return self._finish(False, error="Requires at least 2 users")
+
+        owner = users[0]
+        collaborators = users[1:]
+        unique_id = uuid.uuid4().hex[:8]
+
+        try:
+            # Step 1: Owner creates note
+            create_result = await self._execute_step(
+                "create_note",
+                owner,
+                lambda: owner.call_tool(
+                    "nc_notes_create_note",
+                    {
+                        "title": f"Collab Note {unique_id}",
+                        "content": f"Initial content {unique_id}",
+                        "category": "Collaboration",
+                    },
+                ),
+            )
+
+            if not create_result.success:
+                return self._finish(False, error="Failed to create note")
+
+            note_data = json.loads(create_result.data["result"].content[0].text)
+            note_id = note_data["id"]
+
+            # Step 2: Read note concurrently by all users
+            read_tasks = []
+            for i, user in enumerate(users):
+                read_tasks.append(
+                    self._execute_step(
+                        f"concurrent_read_{i}",
+                        user,
+                        lambda uid=note_id: user.call_tool(
+                            "nc_notes_get_note", {"note_id": uid}
+                        ),
+                    )
+                )
+
+            await asyncio.gather(*read_tasks)
+
+            # Step 3: Append content concurrently by all collaborators
+            append_tasks = []
+            for i, user in enumerate(collaborators):
+                append_tasks.append(
+                    self._execute_step(
+                        f"concurrent_append_{i}",
+                        user,
+                        lambda _=i, u=user: u.call_tool(
+                            "nc_notes_append_content",
+                            {
+                                "note_id": note_id,
+                                "content": f"Addition from {u.username} at {time.time()}",
+                            },
+                        ),
+                    )
+                )
+
+            await asyncio.gather(*append_tasks)
+
+            # Step 4: Owner verifies final state
+            await self._execute_step(
+                "verify_final_state",
+                owner,
+                lambda: owner.call_tool("nc_notes_get_note", {"note_id": note_id}),
+            )
+
+            # Cleanup
+            await owner.call_tool("nc_notes_delete_note", {"note_id": note_id})
+
+            return self._finish(success=True)
+
+        except Exception as e:
+            logger.error(f"Collaborative edit workflow failed: {e}")
+            return self._finish(False, error=str(e))
+
+
+class FileShareAndDownloadWorkflow(Workflow):
+    """
+    Workflow: User A uploads a file, shares it with User B, who then downloads it.
+
+    Steps:
+    1. User A creates a file via WebDAV
+    2. User A shares the file with User B (read-only)
+    3. User B lists their shares
+    4. User B reads/downloads the file
+    """
+
+    def __init__(self):
+        super().__init__("file_share_download")
+
+    async def execute(self, users: list[UserSessionWrapper]) -> WorkflowResult:
+        """Execute file sharing workflow."""
+        self.start_time = time.time()
+
+        if len(users) < 2:
+            return self._finish(False, error="Requires at least 2 users")
+
+        user_a, user_b = users[0], users[1]
+        unique_id = uuid.uuid4().hex[:8]
+        file_path = f"/LoadTest_{unique_id}.txt"
+
+        try:
+            # Step 1: User A creates a file
+            content = f"Test file content {unique_id}\nCreated for workflow testing"
+            create_result = await self._execute_step(
+                "create_file",
+                user_a,
+                lambda: user_a.call_tool(
+                    "nc_webdav_put_file",
+                    {
+                        "path": file_path,
+                        "content": content,
+                        "content_type": "text/plain",
+                    },
+                ),
+            )
+
+            if not create_result.success:
+                return self._finish(False, error="Failed to create file")
+
+            # Step 2: User A shares file with User B
+            share_result = await self._execute_step(
+                "share_file",
+                user_a,
+                lambda: user_a.call_tool(
+                    "nc_share_create",
+                    {
+                        "path": file_path,
+                        "share_with": user_b.username,
+                        "share_type": 0,
+                        "permissions": 1,  # Read-only
+                    },
+                ),
+            )
+
+            if not share_result.success:
+                logger.warning("File share failed, continuing")
+
+            # Step 3: User B lists shared files
+            _ = await self._execute_step(
+                "list_shares",
+                user_b,
+                lambda: user_b.call_tool("nc_share_list", {"shared_with_me": True}),
+            )
+
+            # Step 4: User B downloads the file
+            _ = await self._execute_step(
+                "download_file",
+                user_b,
+                lambda: user_b.call_tool("nc_webdav_get_file", {"path": file_path}),
+            )
+
+            # Cleanup
+            await user_a.call_tool("nc_webdav_delete", {"path": file_path})
+
+            return self._finish(success=True)
+
+        except Exception as e:
+            logger.error(f"File share workflow failed: {e}")
+            return self._finish(False, error=str(e))
+
+
+class MixedOAuthWorkload:
+    """
+    Mixed workload combining baseline operations and coordinated workflows.
+
+    Distribution:
+    - 50% Baseline operations (individual user CRUD)
+    - 30% Note sharing workflows
+    - 15% Collaborative editing workflows
+    - 5% File sharing workflows
+    """
+
+    def __init__(self, users: list[UserSessionWrapper]):
+        self.users = users
+        self.workflows = {
+            "note_share": NoteShareWorkflow(),
+            "collaborative_edit": CollaborativeEditWorkflow(),
+            "file_share": FileShareAndDownloadWorkflow(),
+        }
+
+    async def run_operation(self) -> WorkflowResult | dict[str, Any]:
+        """
+        Execute one random operation (baseline or workflow).
+
+        Returns:
+            WorkflowResult for workflows, dict for baseline operations
+        """
+        rand = random.random()
+
+        # 50% baseline operations (single-user)
+        if rand < 0.50:
+            return await self._run_baseline_operation()
+
+        # 30% note sharing
+        elif rand < 0.80:
+            users = random.sample(self.users, min(2, len(self.users)))
+            return await self.workflows["note_share"].execute(users)
+
+        # 15% collaborative editing
+        elif rand < 0.95:
+            users = random.sample(self.users, min(len(self.users), 3))
+            return await self.workflows["collaborative_edit"].execute(users)
+
+        # 5% file sharing
+        else:
+            users = random.sample(self.users, min(2, len(self.users)))
+            return await self.workflows["file_share"].execute(users)
+
+    async def _run_baseline_operation(self) -> dict[str, Any]:
+        """Run a baseline single-user operation."""
+        user = random.choice(self.users)
+        operations = [
+            (
+                "search_notes",
+                lambda: user.call_tool("nc_notes_search_notes", {"query": ""}),
+            ),
+            ("list_files", lambda: user.call_tool("nc_webdav_list", {"path": "/"})),
+            ("get_capabilities", lambda: user.read_resource("nc://capabilities")),
+        ]
+
+        op_name, operation = random.choice(operations)
+        start = time.time()
+        try:
+            await operation()
+            duration = time.time() - start
+            return {
+                "type": "baseline",
+                "operation": op_name,
+                "user": user.username,
+                "success": True,
+                "duration": duration,
+            }
+        except Exception as e:
+            duration = time.time() - start
+            return {
+                "type": "baseline",
+                "operation": op_name,
+                "user": user.username,
+                "success": False,
+                "duration": duration,
+                "error": str(e),
+            }
@@ -0,0 +1,282 @@
+"""
+Workload definitions for load testing the MCP server.
+
+Defines realistic operation mixes and individual operation functions.
+"""
+
+import logging
+import random
+import time
+import uuid
+
+from mcp import ClientSession
+
+logger = logging.getLogger(__name__)
+
+
+class OperationResult:
+    """Result of a single operation execution."""
+
+    def __init__(
+        self,
+        operation: str,
+        success: bool,
+        duration: float,
+        error: str | None = None,
+    ):
+        self.operation = operation
+        self.success = success
+        self.duration = duration
+        self.error = error
+        self.timestamp = time.time()
+
+
+class WorkloadOperations:
+    """Collection of MCP operations for load testing."""
+
+    def __init__(self, session: ClientSession):
+        self.session = session
+        self._created_notes: list[int] = []
+        self._created_boards: list[int] = []
+
+    async def get_capabilities(self) -> OperationResult:
+        """Fetch server capabilities (lightweight operation)."""
+        start = time.time()
+        try:
+            await self.session.read_resource("nc://capabilities")
+            duration = time.time() - start
+            return OperationResult("get_capabilities", True, duration)
+        except Exception as e:
+            duration = time.time() - start
+            return OperationResult("get_capabilities", False, duration, str(e))
+
+    async def list_notes(self) -> OperationResult:
+        """List all notes (read operation)."""
+        start = time.time()
+        try:
+            await self.session.call_tool("nc_notes_search_notes", {"query": ""})
+            duration = time.time() - start
+            return OperationResult("list_notes", True, duration)
+        except Exception as e:
+            duration = time.time() - start
+            return OperationResult("list_notes", False, duration, str(e))
+
+    async def search_notes(self, query: str = "test") -> OperationResult:
+        """Search notes by query (read operation with filtering)."""
+        start = time.time()
+        try:
+            await self.session.call_tool("nc_notes_search_notes", {"query": query})
+            duration = time.time() - start
+            return OperationResult("search_notes", True, duration)
+        except Exception as e:
+            duration = time.time() - start
+            return OperationResult("search_notes", False, duration, str(e))
+
+    async def create_note(self) -> OperationResult:
+        """Create a new note (write operation)."""
+        start = time.time()
+        unique_id = uuid.uuid4().hex[:8]
+        try:
+            result = await self.session.call_tool(
+                "nc_notes_create_note",
+                {
+                    "title": f"Load Test Note {unique_id}",
+                    "content": f"Content for load test note {unique_id}",
+                    "category": "LoadTesting",
+                },
+            )
+            duration = time.time() - start
+
+            # Track created note ID for cleanup
+            if result and len(result.content) > 0:
+                content = result.content[0]
+                if hasattr(content, "text"):
+                    import json
+
+                    note_data = json.loads(content.text)
+                    note_id = note_data.get("id")
+                    if note_id:
+                        self._created_notes.append(note_id)
+
+            return OperationResult("create_note", True, duration)
+        except Exception as e:
+            duration = time.time() - start
+            return OperationResult("create_note", False, duration, str(e))
+
+    async def get_note(self, note_id: int) -> OperationResult:
+        """Get a specific note by ID (read operation)."""
+        start = time.time()
+        try:
+            await self.session.call_tool("nc_notes_get_note", {"note_id": note_id})
+            duration = time.time() - start
+            return OperationResult("get_note", True, duration)
+        except Exception as e:
+            duration = time.time() - start
+            return OperationResult("get_note", False, duration, str(e))
+
+    async def update_note(self, note_id: int, etag: str) -> OperationResult:
+        """Update an existing note (write operation)."""
+        start = time.time()
+        try:
+            await self.session.call_tool(
+                "nc_notes_update_note",
+                {
+                    "note_id": note_id,
+                    "etag": etag,
+                    "title": f"Updated Note {note_id}",
+                    "content": f"Updated content at {time.time()}",
+                    "category": "LoadTesting",
+                },
+            )
+            duration = time.time() - start
+            return OperationResult("update_note", True, duration)
+        except Exception as e:
+            duration = time.time() - start
+            return OperationResult("update_note", False, duration, str(e))
+
+    async def delete_note(self, note_id: int) -> OperationResult:
+        """Delete a note (write operation)."""
+        start = time.time()
+        try:
+            await self.session.call_tool("nc_notes_delete_note", {"note_id": note_id})
+            duration = time.time() - start
+            # Remove from tracking
+            if note_id in self._created_notes:
+                self._created_notes.remove(note_id)
+            return OperationResult("delete_note", True, duration)
+        except Exception as e:
+            duration = time.time() - start
+            return OperationResult("delete_note", False, duration, str(e))
+
+    async def list_webdav_files(self, path: str = "/") -> OperationResult:
+        """List files via WebDAV (read operation)."""
+        start = time.time()
+        try:
+            await self.session.call_tool("nc_webdav_list", {"path": path})
+            duration = time.time() - start
+            return OperationResult("list_webdav_files", True, duration)
+        except Exception as e:
+            duration = time.time() - start
+            return OperationResult("list_webdav_files", False, duration, str(e))
+
+    async def list_calendars(self) -> OperationResult:
+        """List calendars (read operation)."""
+        start = time.time()
+        try:
+            await self.session.call_tool("nc_calendar_list_calendars", {})
+            duration = time.time() - start
+            return OperationResult("list_calendars", True, duration)
+        except Exception as e:
+            duration = time.time() - start
+            return OperationResult("list_calendars", False, duration, str(e))
+
+    async def list_deck_boards(self) -> OperationResult:
+        """List deck boards (read operation)."""
+        start = time.time()
+        try:
+            await self.session.call_tool("nc_deck_list_boards", {})
+            duration = time.time() - start
+            return OperationResult("list_deck_boards", True, duration)
+        except Exception as e:
+            duration = time.time() - start
+            return OperationResult("list_deck_boards", False, duration, str(e))
+
+    async def cleanup(self):
+        """Clean up any resources created during testing."""
+        logger.info(f"Cleaning up {len(self._created_notes)} test notes...")
+        for note_id in self._created_notes[:]:
+            try:
+                await self.delete_note(note_id)
+            except Exception as e:
+                logger.warning(f"Failed to delete note {note_id}: {e}")
+
+
+class MixedWorkload:
+    """
+    Realistic mixed workload simulating typical MCP server usage.
+
+    Operation distribution:
+    - 40% Notes read (list/get/search)
+    - 20% Notes write (create/update/delete)
+    - 15% Notes search
+    - 10% WebDAV operations
+    - 10% Calendar operations
+    - 5% Other (capabilities, deck)
+    """
+
+    def __init__(self, operations: WorkloadOperations):
+        self.ops = operations
+        # Pre-create some notes for read/update operations
+        self._warmup_note_ids: list[tuple[int, str]] = []
+
+    async def warmup(self, count: int = 10):
+        """Create initial notes for read/update operations."""
+        logger.info(f"Warming up with {count} test notes...")
+        for _ in range(count):
+            result = await self.ops.create_note()
+            if result.success and self.ops._created_notes:
+                note_id = self.ops._created_notes[-1]
+                # Get the note to fetch its etag
+                try:
+                    get_result = await self.ops.session.call_tool(
+                        "nc_notes_get_note", {"note_id": note_id}
+                    )
+                    if get_result and len(get_result.content) > 0:
+                        import json
+
+                        note_data = json.loads(get_result.content[0].text)
+                        etag = note_data.get("etag", "")
+                        self._warmup_note_ids.append((note_id, etag))
+                except Exception as e:
+                    logger.warning(f"Failed to get etag for note {note_id}: {e}")
+
+    async def run_operation(self) -> OperationResult:
+        """Execute one random operation based on the workload distribution."""
+        rand = random.random()
+
+        # 40% reads (list/get/search)
+        if rand < 0.40:
+            op_rand = random.random()
+            if op_rand < 0.5:
+                return await self.ops.list_notes()
+            elif op_rand < 0.8 and self._warmup_note_ids:
+                note_id, _ = random.choice(self._warmup_note_ids)
+                return await self.ops.get_note(note_id)
+            else:
+                return await self.ops.search_notes()
+
+        # 20% writes (create/update/delete)
+        elif rand < 0.60:
+            op_rand = random.random()
+            if op_rand < 0.5:
+                return await self.ops.create_note()
+            elif op_rand < 0.8 and self._warmup_note_ids:
+                note_id, etag = random.choice(self._warmup_note_ids)
+                return await self.ops.update_note(note_id, etag)
+            elif self.ops._created_notes and len(self.ops._created_notes) > 5:
+                # Only delete if we have enough notes
+                note_id = random.choice(self.ops._created_notes)
+                return await self.ops.delete_note(note_id)
+            else:
+                return await self.ops.create_note()
+
+        # 15% search
+        elif rand < 0.75:
+            queries = ["test", "load", "note", "content", ""]
+            return await self.ops.search_notes(random.choice(queries))
+
+        # 10% WebDAV
+        elif rand < 0.85:
+            return await self.ops.list_webdav_files()
+
+        # 10% Calendar
+        elif rand < 0.95:
+            return await self.ops.list_calendars()
+
+        # 5% Other
+        else:
+            op_rand = random.random()
+            if op_rand < 0.5:
+                return await self.ops.get_capabilities()
+            else:
+                return await self.ops.list_deck_boards()
@@ -0,0 +1,476 @@
+"""Integration tests for Calendar VTODO (task) MCP tools."""
+
+import logging
+from datetime import datetime, timedelta
+
+import pytest
+from mcp import ClientSession
+
+from nextcloud_mcp_server.client import NextcloudClient
+
+logger = logging.getLogger(__name__)
+pytestmark = pytest.mark.integration
+
+
+async def test_mcp_todo_complete_workflow(
+    nc_mcp_client: ClientSession, nc_client: NextcloudClient, temporary_calendar: str
+):
+    """Test complete todo workflow via MCP tools with verification via NextcloudClient."""
+
+    calendar_name = temporary_calendar
+    todo_uid = None
+
+    try:
+        # 1. Create todo via MCP
+        logger.info(f"Creating todo in {calendar_name} via MCP")
+        tomorrow = datetime.now() + timedelta(days=1)
+
+        create_result = await nc_mcp_client.call_tool(
+            "nc_calendar_create_todo",
+            {
+                "calendar_name": calendar_name,
+                "summary": "MCP Test Task",
+                "description": "Test task created via MCP tools",
+                "status": "NEEDS-ACTION",
+                "priority": 3,
+                "due": tomorrow.strftime("%Y-%m-%dT18:00:00"),
+                "categories": "testing,mcp",
+            },
+        )
+        assert create_result.isError is False
+
+        # Extract UID from the result
+        result_data = create_result.content[0].text
+        import json
+
+        result_json = json.loads(result_data)
+        todo_uid = result_json["uid"]
+        logger.info(f"Created todo with UID: {todo_uid}")
+
+        # 2. Verify todo creation via client
+        todos = await nc_client.calendar.list_todos(calendar_name)
+        assert any(t["uid"] == todo_uid for t in todos)
+        created_todo = next(t for t in todos if t["uid"] == todo_uid)
+        assert created_todo["summary"] == "MCP Test Task"
+        assert created_todo["status"] == "NEEDS-ACTION"
+        assert created_todo["priority"] == 3
+
+        # 3. List todos via MCP
+        logger.info(f"Listing todos in {calendar_name} via MCP")
+        list_result = await nc_mcp_client.call_tool(
+            "nc_calendar_list_todos",
+            {"calendar_name": calendar_name},
+        )
+        assert list_result.isError is False
+
+        list_data = json.loads(list_result.content[0].text)
+        assert "todos" in list_data
+        assert any(t["uid"] == todo_uid for t in list_data["todos"])
+
+        # 4. Update todo via MCP
+        logger.info(f"Updating todo {todo_uid} via MCP")
+        update_result = await nc_mcp_client.call_tool(
+            "nc_calendar_update_todo",
+            {
+                "calendar_name": calendar_name,
+                "todo_uid": todo_uid,
+                "summary": "MCP Test Task Updated",
+                "status": "IN-PROCESS",
+                "priority": 1,
+                "percent_complete": 50,
+            },
+        )
+        assert update_result.isError is False
+
+        # 5. Verify update via client
+        todos = await nc_client.calendar.list_todos(calendar_name)
+        updated_todo = next(t for t in todos if t["uid"] == todo_uid)
+        assert updated_todo["summary"] == "MCP Test Task Updated"
+        assert updated_todo["status"] == "IN-PROCESS"
+        assert updated_todo["priority"] == 1
+        assert updated_todo["percent_complete"] == 50
+
+        # 6. Delete todo via MCP
+        logger.info(f"Deleting todo {todo_uid} via MCP")
+        delete_result = await nc_mcp_client.call_tool(
+            "nc_calendar_delete_todo",
+            {"calendar_name": calendar_name, "todo_uid": todo_uid},
+        )
+        assert delete_result.isError is False
+
+        # 7. Verify deletion via client
+        todos = await nc_client.calendar.list_todos(calendar_name)
+        assert not any(t["uid"] == todo_uid for t in todos)
+
+        logger.info("Complete todo workflow test passed")
+
+    finally:
+        # Cleanup in case of failure
+        if todo_uid:
+            try:
+                await nc_client.calendar.delete_todo(calendar_name, todo_uid)
+            except Exception:
+                pass
+
+
+async def test_mcp_list_todos_with_filters(
+    nc_mcp_client: ClientSession, nc_client: NextcloudClient, temporary_calendar: str
+):
+    """Test listing todos with various filters via MCP tools."""
+
+    calendar_name = temporary_calendar
+    created_uids = []
+
+    try:
+        # Create test todos with different properties
+        test_todos = [
+            {
+                "summary": "High Priority Task",
+                "status": "NEEDS-ACTION",
+                "priority": 1,
+                "categories": "urgent,work",
+            },
+            {
+                "summary": "In Progress Task",
+                "status": "IN-PROCESS",
+                "priority": 5,
+                "categories": "work",
+            },
+            {
+                "summary": "Low Priority Task",
+                "status": "NEEDS-ACTION",
+                "priority": 9,
+                "categories": "someday",
+            },
+        ]
+
+        # Create todos via client
+        for todo_data in test_todos:
+            result = await nc_client.calendar.create_todo(calendar_name, todo_data)
+            created_uids.append(result["uid"])
+
+        # Test 1: Filter by status
+        logger.info("Testing filter by status")
+        result = await nc_mcp_client.call_tool(
+            "nc_calendar_list_todos",
+            {"calendar_name": calendar_name, "status": "NEEDS-ACTION"},
+        )
+        assert result.isError is False
+        import json
+
+        data = json.loads(result.content[0].text)
+        needs_action_todos = [t for t in data["todos"] if t["uid"] in created_uids]
+        assert len(needs_action_todos) == 2  # Two NEEDS-ACTION todos
+
+        # Test 2: Filter by priority
+        logger.info("Testing filter by minimum priority")
+        result = await nc_mcp_client.call_tool(
+            "nc_calendar_list_todos",
+            {"calendar_name": calendar_name, "min_priority": 1},
+        )
+        assert result.isError is False
+        data = json.loads(result.content[0].text)
+        high_priority_todos = [t for t in data["todos"] if t["uid"] in created_uids]
+        assert len(high_priority_todos) >= 1  # At least the priority 1 todo
+
+        # Test 3: Filter by categories
+        logger.info("Testing filter by categories")
+        result = await nc_mcp_client.call_tool(
+            "nc_calendar_list_todos",
+            {"calendar_name": calendar_name, "categories": "work"},
+        )
+        assert result.isError is False
+        data = json.loads(result.content[0].text)
+        work_todos = [t for t in data["todos"] if t["uid"] in created_uids]
+        assert len(work_todos) >= 2  # Two todos with "work" category
+
+        # Test 4: Filter by summary text
+        logger.info("Testing filter by summary text")
+        result = await nc_mcp_client.call_tool(
+            "nc_calendar_list_todos",
+            {"calendar_name": calendar_name, "summary_contains": "Priority"},
+        )
+        assert result.isError is False
+        data = json.loads(result.content[0].text)
+        priority_todos = [t for t in data["todos"] if t["uid"] in created_uids]
+        assert len(priority_todos) == 2  # Two have "Priority" in summary (High, Low)
+
+        logger.info("List todos with filters test passed")
+
+    finally:
+        # Cleanup
+        for uid in created_uids:
+            try:
+                await nc_client.calendar.delete_todo(calendar_name, uid)
+            except Exception:
+                pass
+
+
+async def test_mcp_search_todos_across_calendars(
+    nc_mcp_client: ClientSession,
+    nc_client: NextcloudClient,
+    temporary_calendar: str,
+    shared_calendar_2: str,
+):
+    """Test searching todos across multiple calendars via MCP tools.
+
+    Note: Uses two shared test calendars to avoid rate limiting.
+    """
+
+    cal1_name = temporary_calendar  # First shared test calendar
+    cal2_name = shared_calendar_2  # Second shared test calendar
+    created_uids = []
+
+    try:
+        # Use existing shared calendars (no creation needed, avoiding rate limits)
+
+        # Create todos in both calendars
+        result1 = await nc_client.calendar.create_todo(
+            cal1_name,
+            {
+                "summary": "Task in Calendar 1",
+                "status": "NEEDS-ACTION",
+                "categories": "cal1",
+            },
+        )
+        created_uids.append((cal1_name, result1["uid"]))
+
+        result2 = await nc_client.calendar.create_todo(
+            cal2_name,
+            {
+                "summary": "Task in Calendar 2",
+                "status": "IN-PROCESS",
+                "categories": "cal2",
+            },
+        )
+        created_uids.append((cal2_name, result2["uid"]))
+
+        # Search across all calendars via MCP
+        logger.info("Searching todos across all calendars via MCP")
+        search_result = await nc_mcp_client.call_tool(
+            "nc_calendar_search_todos",
+            {},
+        )
+        assert search_result.isError is False
+
+        import json
+
+        data = json.loads(search_result.content[0].text)
+        assert "todos" in data
+
+        # Verify both todos are in the results
+        found_uids = {t["uid"] for t in data["todos"]}
+        assert result1["uid"] in found_uids
+        assert result2["uid"] in found_uids
+
+        # Verify calendar_name is included
+        our_todos = [
+            t for t in data["todos"] if t["uid"] in [result1["uid"], result2["uid"]]
+        ]
+        for todo in our_todos:
+            assert "calendar_name" in todo
+            assert todo["calendar_name"] in [cal1_name, cal2_name]
+
+        # Test search with status filter
+        logger.info("Searching with status filter via MCP")
+        search_result = await nc_mcp_client.call_tool(
+            "nc_calendar_search_todos",
+            {"status": "IN-PROCESS"},
+        )
+        assert search_result.isError is False
+        data = json.loads(search_result.content[0].text)
+        in_process_todos = [
+            t for t in data["todos"] if t["uid"] in [uid for _, uid in created_uids]
+        ]
+        assert len(in_process_todos) >= 1
+
+        logger.info("Search todos across calendars test passed")
+
+    finally:
+        # Cleanup: Only delete todos, not calendars (they're reused/built-in)
+        for cal_name, uid in created_uids:
+            try:
+                await nc_client.calendar.delete_todo(cal_name, uid)
+            except Exception:
+                pass
+
+
+async def test_mcp_todo_status_transitions(
+    nc_mcp_client: ClientSession, nc_client: NextcloudClient, temporary_calendar: str
+):
+    """Test transitioning through different todo statuses via MCP tools."""
+
+    calendar_name = temporary_calendar
+    todo_uid = None
+
+    try:
+        # Create todo
+        result = await nc_client.calendar.create_todo(
+            calendar_name,
+            {"summary": "Status Transition Test", "status": "NEEDS-ACTION"},
+        )
+        todo_uid = result["uid"]
+
+        # Transition: NEEDS-ACTION → IN-PROCESS
+        logger.info("Transitioning todo to IN-PROCESS via MCP")
+        update_result = await nc_mcp_client.call_tool(
+            "nc_calendar_update_todo",
+            {
+                "calendar_name": calendar_name,
+                "todo_uid": todo_uid,
+                "status": "IN-PROCESS",
+                "percent_complete": 25,
+            },
+        )
+        assert update_result.isError is False
+
+        todos = await nc_client.calendar.list_todos(calendar_name)
+        todo = next(t for t in todos if t["uid"] == todo_uid)
+        assert todo["status"] == "IN-PROCESS"
+        assert todo["percent_complete"] == 25
+
+        # Transition: IN-PROCESS → COMPLETED
+        logger.info("Transitioning todo to COMPLETED via MCP")
+        completed_time = datetime.now().strftime("%Y-%m-%dT%H:%M:%S")
+        update_result = await nc_mcp_client.call_tool(
+            "nc_calendar_update_todo",
+            {
+                "calendar_name": calendar_name,
+                "todo_uid": todo_uid,
+                "status": "COMPLETED",
+                "percent_complete": 100,
+                "completed": completed_time,
+            },
+        )
+        assert update_result.isError is False
+
+        todos = await nc_client.calendar.list_todos(calendar_name)
+        todo = next(t for t in todos if t["uid"] == todo_uid)
+        assert todo["status"] == "COMPLETED"
+        assert todo["percent_complete"] == 100
+        assert "completed" in todo
+
+        logger.info("Todo status transitions test passed")
+
+    finally:
+        if todo_uid:
+            try:
+                await nc_client.calendar.delete_todo(calendar_name, todo_uid)
+            except Exception:
+                pass
+
+
+async def test_mcp_todo_with_dates(
+    nc_mcp_client: ClientSession, nc_client: NextcloudClient, temporary_calendar: str
+):
+    """Test creating and managing todos with date fields via MCP tools."""
+
+    calendar_name = temporary_calendar
+    todo_uid = None
+
+    try:
+        now = datetime.now()
+        start_date = (now + timedelta(days=1)).strftime("%Y-%m-%dT09:00:00")
+        due_date = (now + timedelta(days=7)).strftime("%Y-%m-%dT17:00:00")
+
+        # Create todo with dates via MCP
+        logger.info("Creating todo with dates via MCP")
+        create_result = await nc_mcp_client.call_tool(
+            "nc_calendar_create_todo",
+            {
+                "calendar_name": calendar_name,
+                "summary": "Task with Dates",
+                "description": "Test task with various date fields",
+                "status": "NEEDS-ACTION",
+                "dtstart": start_date,
+                "due": due_date,
+            },
+        )
+        assert create_result.isError is False
+
+        import json
+
+        result_data = json.loads(create_result.content[0].text)
+        todo_uid = result_data["uid"]
+
+        # Verify dates via client
+        todos = await nc_client.calendar.list_todos(calendar_name)
+        created_todo = next(t for t in todos if t["uid"] == todo_uid)
+        assert created_todo["summary"] == "Task with Dates"
+        assert "dtstart" in created_todo
+        assert "due" in created_todo
+
+        logger.info("Todo with dates test passed")
+
+    finally:
+        if todo_uid:
+            try:
+                await nc_client.calendar.delete_todo(calendar_name, todo_uid)
+            except Exception:
+                pass
+
+
+async def test_mcp_todo_categories(
+    nc_mcp_client: ClientSession, nc_client: NextcloudClient, temporary_calendar: str
+):
+    """Test creating and managing todos with categories via MCP tools."""
+
+    calendar_name = temporary_calendar
+    todo_uid = None
+
+    try:
+        # Create todo with multiple categories via MCP
+        logger.info("Creating todo with categories via MCP")
+        create_result = await nc_mcp_client.call_tool(
+            "nc_calendar_create_todo",
+            {
+                "calendar_name": calendar_name,
+                "summary": "Task with Categories",
+                "status": "NEEDS-ACTION",
+                "categories": "work,meeting,important,quarterly",
+            },
+        )
+        assert create_result.isError is False
+
+        import json
+
+        result_data = json.loads(create_result.content[0].text)
+        todo_uid = result_data["uid"]
+
+        # Verify categories via client
+        todos = await nc_client.calendar.list_todos(calendar_name)
+        created_todo = next(t for t in todos if t["uid"] == todo_uid)
+        assert "categories" in created_todo
+        categories_str = created_todo["categories"]
+        assert "work" in categories_str
+        assert "meeting" in categories_str
+        assert "important" in categories_str
+        assert "quarterly" in categories_str
+
+        # Update categories via MCP
+        logger.info("Updating todo categories via MCP")
+        update_result = await nc_mcp_client.call_tool(
+            "nc_calendar_update_todo",
+            {
+                "calendar_name": calendar_name,
+                "todo_uid": todo_uid,
+                "categories": "updated,new-category",
+            },
+        )
+        assert update_result.isError is False
+
+        # Verify updated categories
+        todos = await nc_client.calendar.list_todos(calendar_name)
+        updated_todo = next(t for t in todos if t["uid"] == todo_uid)
+        categories_str = updated_todo["categories"]
+        assert "updated" in categories_str
+        assert "new-category" in categories_str
+
+        logger.info("Todo categories test passed")
+
+    finally:
+        if todo_uid:
+            try:
+                await nc_client.calendar.delete_todo(calendar_name, todo_uid)
+            except Exception:
+                pass
@@ -0,0 +1,554 @@
+import asyncio
+import json
+import logging
+import uuid
+
+import pytest
+from mcp import ClientSession
+
+from nextcloud_mcp_server.client import NextcloudClient
+
+logger = logging.getLogger(__name__)
+pytestmark = pytest.mark.integration
+
+
+async def test_mcp_cookbook_create_and_read_recipe(
+    nc_mcp_client: ClientSession, nc_client: NextcloudClient
+):
+    """Test creating and reading a recipe via MCP tools with verification via NextcloudClient."""
+
+    unique_suffix = uuid.uuid4().hex[:8]
+    recipe_name = f"MCP Test Recipe {unique_suffix}"
+    recipe_data = {
+        "name": recipe_name,
+        "description": "A test recipe created via MCP tools",
+        "recipeIngredient": ["100g flour", "2 eggs", "200ml milk"],
+        "recipeInstructions": ["Mix ingredients", "Cook for 20 minutes", "Serve hot"],
+        "recipeCategory": "MCPTesting",
+        "keywords": f"mcp,testing,{unique_suffix}",
+        "recipeYield": 4,
+        "prepTime": "PT15M",
+        "cookTime": "PT20M",
+        "totalTime": "PT35M",
+    }
+
+    created_recipe_id = None
+
+    try:
+        # 1. Create recipe via MCP
+        logger.info(f"Creating recipe via MCP: {recipe_name}")
+        create_result = await nc_mcp_client.call_tool(
+            "nc_cookbook_create_recipe",
+            {
+                "name": recipe_name,
+                "description": recipe_data["description"],
+                "ingredients": recipe_data["recipeIngredient"],
+                "instructions": recipe_data["recipeInstructions"],
+                "category": recipe_data["recipeCategory"],
+                "keywords": recipe_data["keywords"],
+                "recipe_yield": recipe_data["recipeYield"],
+                "prep_time": recipe_data["prepTime"],
+                "cook_time": recipe_data["cookTime"],
+                "total_time": recipe_data["totalTime"],
+            },
+        )
+
+        assert create_result.isError is False, (
+            f"MCP recipe creation failed: {create_result.content}"
+        )
+
+        create_response = json.loads(create_result.content[0].text)
+        created_recipe_id = create_response["id"]
+        logger.info(f"Recipe created via MCP with ID: {created_recipe_id}")
+
+        # 2. Verify creation via direct NextcloudClient
+        direct_recipe = await nc_client.cookbook.get_recipe(created_recipe_id)
+        assert direct_recipe["name"] == recipe_name
+        assert direct_recipe["description"] == "A test recipe created via MCP tools"
+        assert len(direct_recipe["recipeIngredient"]) == 3
+        assert len(direct_recipe["recipeInstructions"]) == 3
+        assert direct_recipe["recipeCategory"] == "MCPTesting"
+
+        # 3. Read recipe via MCP
+        logger.info(f"Reading recipe via MCP: {created_recipe_id}")
+        read_result = await nc_mcp_client.call_tool(
+            "nc_cookbook_get_recipe", {"recipe_id": created_recipe_id}
+        )
+
+        assert read_result.isError is False, (
+            f"MCP recipe read failed: {read_result.content}"
+        )
+
+        read_recipe = json.loads(read_result.content[0].text)
+        assert read_recipe["name"] == recipe_name
+        assert read_recipe["description"] == "A test recipe created via MCP tools"
+        assert len(read_recipe["recipeIngredient"]) == 3
+
+        logger.info(f"Successfully verified recipe {created_recipe_id} via MCP")
+
+    finally:
+        # Cleanup
+        if created_recipe_id is not None:
+            try:
+                await nc_client.cookbook.delete_recipe(created_recipe_id)
+                logger.info(f"Cleaned up recipe {created_recipe_id}")
+            except Exception as e:
+                logger.warning(f"Failed to cleanup recipe: {e}")
+
+
+async def test_mcp_cookbook_update_recipe(
+    nc_mcp_client: ClientSession, nc_client: NextcloudClient
+):
+    """Test updating a recipe via MCP tools."""
+
+    unique_suffix = uuid.uuid4().hex[:8]
+    recipe_name = f"MCP Update Test {unique_suffix}"
+    recipe_data = {
+        "name": recipe_name,
+        "description": "Original description",
+        "recipeIngredient": ["100g flour"],
+        "recipeInstructions": ["Mix ingredients"],
+        "recipeCategory": "Original",
+    }
+
+    created_recipe_id = None
+
+    try:
+        # 1. Create recipe via direct client
+        logger.info(f"Creating recipe for update test: {recipe_name}")
+        created_recipe_id = await nc_client.cookbook.create_recipe(recipe_data)
+
+        # 2. Update recipe via MCP (tool handles fetching current recipe internally)
+        logger.info(f"Updating recipe via MCP: {created_recipe_id}")
+        update_result = await nc_mcp_client.call_tool(
+            "nc_cookbook_update_recipe",
+            {
+                "recipe_id": created_recipe_id,
+                "description": "Updated via MCP",
+                "ingredients": ["100g flour", "2 eggs"],
+                "instructions": ["Mix ingredients", "Cook"],
+                "category": "Updated",
+            },
+        )
+
+        assert update_result.isError is False, (
+            f"MCP recipe update failed: {update_result.content}"
+        )
+
+        # 4. Verify update via direct NextcloudClient
+        await asyncio.sleep(1)  # Allow propagation
+        updated_recipe = await nc_client.cookbook.get_recipe(created_recipe_id)
+        assert updated_recipe["description"] == "Updated via MCP"
+        assert len(updated_recipe["recipeIngredient"]) == 2
+        assert len(updated_recipe["recipeInstructions"]) == 2
+        assert updated_recipe["recipeCategory"] == "Updated"
+
+        logger.info(f"Successfully updated recipe {created_recipe_id} via MCP")
+
+    finally:
+        # Cleanup
+        if created_recipe_id is not None:
+            try:
+                await nc_client.cookbook.delete_recipe(created_recipe_id)
+                logger.info(f"Cleaned up recipe {created_recipe_id}")
+            except Exception as e:
+                logger.warning(f"Failed to cleanup recipe: {e}")
+
+
+async def test_mcp_cookbook_delete_recipe(
+    nc_mcp_client: ClientSession, nc_client: NextcloudClient
+):
+    """Test deleting a recipe via MCP tools."""
+
+    unique_suffix = uuid.uuid4().hex[:8]
+    recipe_name = f"MCP Delete Test {unique_suffix}"
+    recipe_data = {
+        "name": recipe_name,
+        "description": "Recipe to be deleted",
+        "recipeIngredient": ["test"],
+        "recipeInstructions": ["test"],
+    }
+
+    created_recipe_id = None
+
+    try:
+        # 1. Create recipe via direct client
+        logger.info(f"Creating recipe for delete test: {recipe_name}")
+        created_recipe_id = await nc_client.cookbook.create_recipe(recipe_data)
+
+        # 2. Delete recipe via MCP
+        logger.info(f"Deleting recipe via MCP: {created_recipe_id}")
+        delete_result = await nc_mcp_client.call_tool(
+            "nc_cookbook_delete_recipe", {"recipe_id": created_recipe_id}
+        )
+
+        assert delete_result.isError is False, (
+            f"MCP recipe deletion failed: {delete_result.content}"
+        )
+
+        # 3. Verify deletion via direct NextcloudClient
+        try:
+            await nc_client.cookbook.get_recipe(created_recipe_id)
+            pytest.fail("Recipe should have been deleted but was still found")
+        except Exception:
+            # Expected - recipe should be deleted
+            logger.info(f"Successfully verified recipe {created_recipe_id} was deleted")
+            created_recipe_id = None  # Mark as cleaned up
+
+    finally:
+        # Cleanup in case of test failure
+        if created_recipe_id is not None:
+            try:
+                await nc_client.cookbook.delete_recipe(created_recipe_id)
+                logger.info(f"Cleaned up recipe {created_recipe_id}")
+            except Exception as e:
+                logger.warning(f"Failed to cleanup recipe: {e}")
+
+
+async def test_mcp_cookbook_import_recipe_from_url(
+    nc_mcp_client: ClientSession,
+    nc_client: NextcloudClient,
+):
+    """Test importing a recipe from a URL via MCP tools.
+
+    This is the key feature test - importing recipes from URLs using schema.org metadata.
+    Uses an nginx container to serve reliable, controlled test data.
+    """
+    # Use the nginx container hostname within the Docker network
+    test_url = "http://recipes/black-pepper-tofu"
+
+    created_recipe_id = None
+
+    try:
+        # 1. Import recipe via MCP
+        logger.info(f"Importing recipe from nginx container via MCP: {test_url}")
+        import_result = await nc_mcp_client.call_tool(
+            "nc_cookbook_import_recipe", {"url": test_url}
+        )
+
+        assert import_result.isError is False, (
+            f"MCP recipe import failed: {import_result.content}"
+        )
+
+        import_response = json.loads(import_result.content[0].text)
+        created_recipe_id = int(import_response["recipe_id"])
+        imported_recipe = import_response["recipe"]
+
+        logger.info(f"Successfully imported recipe via MCP: {imported_recipe['name']}")
+
+        # 2. Verify basic recipe structure
+        assert imported_recipe["name"] == "Black Pepper Tofu"
+        assert imported_recipe.get("description")
+        assert len(imported_recipe.get("recipeIngredient", [])) > 0
+        assert len(imported_recipe.get("recipeInstructions", [])) > 0
+        assert imported_recipe.get("recipeCategory") == "Main Course"
+        assert "tofu" in imported_recipe.get("keywords", "").lower()
+
+        # 3. Verify we can read it back via direct NextcloudClient
+        retrieved = await nc_client.cookbook.get_recipe(created_recipe_id)
+        assert retrieved["name"] == imported_recipe["name"]
+        logger.info(f"Verified imported recipe ID: {created_recipe_id}")
+
+    finally:
+        # Cleanup
+        if created_recipe_id is not None:
+            try:
+                await nc_client.cookbook.delete_recipe(created_recipe_id)
+                logger.info(f"Cleaned up imported recipe {created_recipe_id}")
+            except Exception as e:
+                logger.warning(f"Failed to cleanup imported recipe: {e}")
+
+
+async def test_mcp_cookbook_search_recipes(
+    nc_mcp_client: ClientSession, nc_client: NextcloudClient
+):
+    """Test searching recipes via MCP tools."""
+
+    unique_keyword = f"mcptestkeyword{uuid.uuid4().hex[:8]}"
+    recipe_name = f"MCP Search Test {uuid.uuid4().hex[:8]}"
+    recipe_data = {
+        "name": recipe_name,
+        "description": f"Recipe for testing MCP search with {unique_keyword}",
+        "keywords": unique_keyword,
+        "recipeIngredient": ["test ingredient"],
+        "recipeInstructions": ["test instruction"],
+    }
+
+    created_recipe_id = None
+
+    try:
+        # 1. Create recipe via direct client
+        logger.info(f"Creating recipe for search test with keyword: {unique_keyword}")
+        created_recipe_id = await nc_client.cookbook.create_recipe(recipe_data)
+
+        # 2. Allow time for indexing
+        await asyncio.sleep(2)
+
+        # 3. Search for the recipe via MCP
+        logger.info(f"Searching for recipes via MCP with keyword: {unique_keyword}")
+        search_result = await nc_mcp_client.call_tool(
+            "nc_cookbook_search_recipes", {"query": unique_keyword}
+        )
+
+        assert search_result.isError is False, (
+            f"MCP recipe search failed: {search_result.content}"
+        )
+
+        search_response = json.loads(search_result.content[0].text)
+        search_results = search_response["recipes"]
+
+        assert isinstance(search_results, list)
+        assert len(search_results) > 0
+
+        # 4. Verify our recipe is in the results
+        found = any(str(r.get("id")) == str(created_recipe_id) for r in search_results)
+        assert found, f"Recipe {created_recipe_id} not found in search results"
+        logger.info(
+            f"Successfully found recipe {created_recipe_id} in MCP search results"
+        )
+
+    finally:
+        # Cleanup
+        if created_recipe_id is not None:
+            try:
+                await nc_client.cookbook.delete_recipe(created_recipe_id)
+                logger.info(f"Cleaned up recipe {created_recipe_id}")
+            except Exception as e:
+                logger.warning(f"Failed to cleanup recipe: {e}")
+
+
+async def test_mcp_cookbook_list_recipes(
+    nc_mcp_client: ClientSession, nc_client: NextcloudClient
+):
+    """Test listing all recipes via MCP tools."""
+
+    logger.info("Listing all recipes via MCP")
+    list_result = await nc_mcp_client.call_tool("nc_cookbook_list_recipes", {})
+
+    assert list_result.isError is False, (
+        f"MCP list recipes failed: {list_result.content}"
+    )
+
+    list_response = json.loads(list_result.content[0].text)
+    recipes = list_response["recipes"]
+
+    assert isinstance(recipes, list)
+    logger.info(f"Found {len(recipes)} recipes via MCP")
+
+
+async def test_mcp_cookbook_categories_workflow(
+    nc_mcp_client: ClientSession, nc_client: NextcloudClient
+):
+    """Test category listing and filtering via MCP tools."""
+
+    unique_category = f"MCPTestCategory{uuid.uuid4().hex[:8]}"
+    recipe_name = f"MCP Category Test {uuid.uuid4().hex[:8]}"
+    recipe_data = {
+        "name": recipe_name,
+        "recipeCategory": unique_category,
+        "recipeIngredient": ["test"],
+        "recipeInstructions": ["test"],
+    }
+
+    created_recipe_id = None
+
+    try:
+        # 1. Create recipe in test category
+        logger.info(f"Creating recipe in category: {unique_category}")
+        created_recipe_id = await nc_client.cookbook.create_recipe(recipe_data)
+
+        # 2. Allow time for indexing
+        await asyncio.sleep(2)
+
+        # 3. List categories via MCP
+        logger.info("Listing categories via MCP")
+        categories_result = await nc_mcp_client.call_tool(
+            "nc_cookbook_list_categories", {}
+        )
+
+        assert categories_result.isError is False, (
+            f"MCP list categories failed: {categories_result.content}"
+        )
+
+        categories_response = json.loads(categories_result.content[0].text)
+        categories = categories_response["categories"]
+
+        assert isinstance(categories, list)
+        logger.info(f"Found {len(categories)} categories via MCP")
+
+        # 4. Get recipes in this category via MCP
+        logger.info(f"Getting recipes in category via MCP: {unique_category}")
+        category_recipes_result = await nc_mcp_client.call_tool(
+            "nc_cookbook_get_recipes_in_category", {"category": unique_category}
+        )
+
+        assert category_recipes_result.isError is False, (
+            f"MCP get recipes in category failed: {category_recipes_result.content}"
+        )
+
+        category_recipes_response = json.loads(category_recipes_result.content[0].text)
+        recipes_in_category = category_recipes_response["recipes"]
+
+        assert isinstance(recipes_in_category, list)
+        assert len(recipes_in_category) > 0
+
+        # 5. Verify our recipe is in the results
+        found = any(
+            str(r.get("id")) == str(created_recipe_id) for r in recipes_in_category
+        )
+        assert found, (
+            f"Recipe {created_recipe_id} not found in category {unique_category}"
+        )
+        logger.info(f"Successfully found recipe in category {unique_category} via MCP")
+
+    finally:
+        # Cleanup
+        if created_recipe_id is not None:
+            try:
+                await nc_client.cookbook.delete_recipe(created_recipe_id)
+                logger.info(f"Cleaned up recipe {created_recipe_id}")
+            except Exception as e:
+                logger.warning(f"Failed to cleanup recipe: {e}")
+
+
+async def test_mcp_cookbook_keywords_workflow(
+    nc_mcp_client: ClientSession, nc_client: NextcloudClient
+):
+    """Test keyword listing and filtering via MCP tools."""
+
+    unique_keyword = f"mcptesttag{uuid.uuid4().hex[:8]}"
+    recipe_name = f"MCP Keyword Test {uuid.uuid4().hex[:8]}"
+    recipe_data = {
+        "name": recipe_name,
+        "keywords": f"{unique_keyword},mcptesting",
+        "recipeIngredient": ["test"],
+        "recipeInstructions": ["test"],
+    }
+
+    created_recipe_id = None
+
+    try:
+        # 1. Create recipe with test keywords
+        logger.info(f"Creating recipe with keyword: {unique_keyword}")
+        created_recipe_id = await nc_client.cookbook.create_recipe(recipe_data)
+
+        # 2. Allow extra time for indexing and trigger reindex
+        await asyncio.sleep(3)
+        await nc_client.cookbook.reindex()
+        await asyncio.sleep(2)
+
+        # 3. List keywords via MCP
+        logger.info("Listing keywords via MCP")
+        keywords_result = await nc_mcp_client.call_tool("nc_cookbook_list_keywords", {})
+
+        assert keywords_result.isError is False, (
+            f"MCP list keywords failed: {keywords_result.content}"
+        )
+
+        keywords_response = json.loads(keywords_result.content[0].text)
+        keywords = keywords_response["keywords"]
+
+        assert isinstance(keywords, list)
+        logger.info(f"Found {len(keywords)} keywords via MCP")
+
+        # 4. Get recipes with this keyword via MCP
+        logger.info(f"Getting recipes with keyword via MCP: {unique_keyword}")
+        keyword_recipes_result = await nc_mcp_client.call_tool(
+            "nc_cookbook_get_recipes_with_keywords", {"keywords": [unique_keyword]}
+        )
+
+        assert keyword_recipes_result.isError is False, (
+            f"MCP get recipes with keywords failed: {keyword_recipes_result.content}"
+        )
+
+        keyword_recipes_response = json.loads(keyword_recipes_result.content[0].text)
+        recipes_with_keywords = keyword_recipes_response["recipes"]
+
+        assert isinstance(recipes_with_keywords, list)
+
+        # Keyword filtering might not find recipes immediately due to indexing
+        if len(recipes_with_keywords) > 0:
+            # Verify our recipe is in the results if any are found
+            found = any(
+                str(r.get("id")) == str(created_recipe_id)
+                for r in recipes_with_keywords
+            )
+            if found:
+                logger.info(
+                    f"Successfully found recipe with keyword {unique_keyword} via MCP"
+                )
+            else:
+                logger.warning(
+                    f"Recipe {created_recipe_id} not in keyword results via MCP, but other recipes found"
+                )
+        else:
+            logger.warning(
+                f"No recipes found with keyword {unique_keyword} via MCP - may be indexing delay"
+            )
+
+    finally:
+        # Cleanup
+        if created_recipe_id is not None:
+            try:
+                await nc_client.cookbook.delete_recipe(created_recipe_id)
+                logger.info(f"Cleaned up recipe {created_recipe_id}")
+            except Exception as e:
+                logger.warning(f"Failed to cleanup recipe: {e}")
+
+
+async def test_mcp_cookbook_config_and_version(
+    nc_mcp_client: ClientSession, nc_client: NextcloudClient
+):
+    """Test getting Cookbook configuration and version via MCP resources."""
+
+    # 1. Get version via MCP resource
+    logger.info("Getting Cookbook version via MCP resource")
+    version_result = await nc_mcp_client.read_resource("cookbook://version")
+
+    assert len(version_result.contents) > 0
+    version_response = json.loads(version_result.contents[0].text)
+    assert "cookbook_version" in version_response
+    assert "api_version" in version_response
+    logger.info(f"Cookbook version from MCP: {version_response}")
+
+    # 2. Verify version via direct NextcloudClient
+    direct_version = await nc_client.cookbook.get_version()
+    assert direct_version["cookbook_version"] == version_response["cookbook_version"]
+    assert (
+        direct_version["api_version"]["epoch"]
+        == version_response["api_version"]["epoch"]
+    )
+
+    # 3. Get config via MCP resource
+    logger.info("Getting Cookbook config via MCP resource")
+    config_result = await nc_mcp_client.read_resource("cookbook://config")
+
+    assert len(config_result.contents) > 0
+    config_response = json.loads(config_result.contents[0].text)
+    assert isinstance(config_response, dict)
+    logger.info(f"Cookbook config from MCP: {config_response}")
+
+    # 4. Verify config via direct NextcloudClient
+    direct_config = await nc_client.cookbook.get_config()
+    # Both should be dicts - exact match may vary based on config
+    assert isinstance(config_response, dict)
+    assert isinstance(direct_config, dict)
+
+    logger.info("Successfully verified Cookbook version and config via MCP")
+
+
+async def test_mcp_cookbook_reindex(
+    nc_mcp_client: ClientSession, nc_client: NextcloudClient
+):
+    """Test triggering a recipe reindex via MCP tools."""
+
+    logger.info("Triggering recipe reindex via MCP")
+    reindex_result = await nc_mcp_client.call_tool("nc_cookbook_reindex", {})
+
+    assert reindex_result.isError is False, (
+        f"MCP reindex failed: {reindex_result.content}"
+    )
+
+    reindex_response = json.loads(reindex_result.content[0].text)
+    assert isinstance(reindex_response["message"], str)
+    logger.info(f"Reindex result from MCP: {reindex_response['message']}")
@@ -40,6 +40,12 @@ async def test_mcp_connectivity(nc_mcp_client: ClientSession):
        "nc_webdav_write_file",
        "nc_webdav_create_directory",
        "nc_webdav_delete_resource",
+        "nc_webdav_move_resource",
+        "nc_webdav_copy_resource",
+        "nc_webdav_search_files",
+        "nc_webdav_find_by_name",
+        "nc_webdav_find_by_type",
+        "nc_webdav_list_favorites",
        "nc_calendar_list_calendars",
        "nc_calendar_create_event",
        "nc_calendar_list_events",
@@ -51,7 +57,25 @@ async def test_mcp_connectivity(nc_mcp_client: ClientSession):
        "nc_calendar_find_availability",
        "nc_calendar_bulk_operations",
        "nc_calendar_manage_calendar",
+        "nc_calendar_list_todos",
+        "nc_calendar_create_todo",
+        "nc_calendar_update_todo",
+        "nc_calendar_delete_todo",
+        "nc_calendar_search_todos",
        "deck_create_board",
+        "nc_cookbook_import_recipe",
+        "nc_cookbook_list_recipes",
+        "nc_cookbook_get_recipe",
+        "nc_cookbook_create_recipe",
+        "nc_cookbook_update_recipe",
+        "nc_cookbook_delete_recipe",
+        "nc_cookbook_search_recipes",
+        "nc_cookbook_list_categories",
+        "nc_cookbook_get_recipes_in_category",
+        "nc_cookbook_list_keywords",
+        "nc_cookbook_get_recipes_with_keywords",
+        "nc_cookbook_set_config",
+        "nc_cookbook_reindex",
    ]

    for expected_tool in expected_tools:
@@ -85,7 +109,13 @@ async def test_mcp_connectivity(nc_mcp_client: ClientSession):
        resource_uris.append(str(resource.uri))  # Convert to string for comparison

    # Verify expected resources
-    expected_resources = ["nc://capabilities", "notes://settings", "nc://Deck/boards"]
+    expected_resources = [
+        "nc://capabilities",
+        "notes://settings",
+        "nc://Deck/boards",
+        "cookbook://version",
+        "cookbook://config",
+    ]

    for expected_resource in expected_resources:
        assert expected_resource in resource_uris, (
@@ -1,5 +1,6 @@
 import json
 import logging
+
 import pytest

 logger = logging.getLogger(__name__)
@@ -38,11 +39,11 @@ async def test_mcp_oauth_tool_execution(nc_mcp_oauth_client):
    )


-async def test_mcp_oauth_client_with_playwright(nc_mcp_oauth_client_playwright):
+async def test_mcp_oauth_client_with_playwright(nc_mcp_oauth_client):
    """Test that MCP OAuth client via Playwright can execute tools."""

    # Test: Execute the 'nc_notes_search_notes' tool
-    result = await nc_mcp_oauth_client_playwright.call_tool(
+    result = await nc_mcp_oauth_client.call_tool(
        "nc_notes_search_notes", arguments={"query": ""}
    )

@@ -46,7 +46,7 @@ async def delete_board_acl(nc_client, board_id: int, acl_id: int):
    logger.info(f"Deleted ACL {acl_id} from board {board_id}")


-@pytest.mark.asyncio
+@pytest.mark.anyio
 async def test_deck_board_view_permissions(
    nc_client, alice_mcp_client, bob_mcp_client, diana_mcp_client
 ):
@@ -119,7 +119,7 @@ async def test_deck_board_view_permissions(
        await nc_client.deck.delete_board(board_id)


-@pytest.mark.asyncio
+@pytest.mark.anyio
 async def test_deck_board_edit_permissions(
    nc_client, alice_mcp_client, charlie_mcp_client, bob_mcp_client
 ):
@@ -214,7 +214,7 @@ async def test_deck_board_edit_permissions(
        await nc_client.deck.delete_board(board_id)


-@pytest.mark.asyncio
+@pytest.mark.anyio
 async def test_deck_board_manage_permissions(
    nc_client, alice_mcp_client, charlie_mcp_client
 ):
@@ -289,7 +289,7 @@ async def test_deck_board_manage_permissions(
        await nc_client.deck.delete_board(board_id)


-@pytest.mark.asyncio
+@pytest.mark.anyio
 async def test_deck_user_isolation(nc_client, alice_mcp_client, bob_mcp_client):
    """
    Test that users can only see their own boards when not shared.
@@ -18,7 +18,7 @@ logger = logging.getLogger(__name__)
 pytestmark = [pytest.mark.integration, pytest.mark.oauth]


-@pytest.mark.asyncio
+@pytest.mark.anyio
 async def test_file_share_read_permissions(
    alice_mcp_client, bob_mcp_client, diana_mcp_client
 ):
@@ -104,7 +104,7 @@ async def test_file_share_read_permissions(
        )


-@pytest.mark.asyncio
+@pytest.mark.anyio
 async def test_file_share_write_permissions(
    alice_mcp_client, charlie_mcp_client, bob_mcp_client
 ):
@@ -210,7 +210,7 @@ async def test_file_share_write_permissions(
        )


-@pytest.mark.asyncio
+@pytest.mark.anyio
 async def test_file_list_permissions(alice_mcp_client, bob_mcp_client):
    """
    Test that file listing respects share permissions.
@@ -326,7 +326,7 @@ async def test_file_list_permissions(alice_mcp_client, bob_mcp_client):
        )


-@pytest.mark.asyncio
+@pytest.mark.anyio
 async def test_folder_share_permissions(alice_mcp_client, bob_mcp_client):
    """
    Test that folder sharing works correctly.
@@ -15,7 +15,7 @@ logger = logging.getLogger(__name__)
 pytestmark = [pytest.mark.integration, pytest.mark.oauth]


-@pytest.mark.asyncio
+@pytest.mark.anyio
 async def test_notes_share_read_permissions(
    nc_client, alice_mcp_client, bob_mcp_client, diana_mcp_client
 ):
@@ -82,7 +82,7 @@ async def test_notes_share_read_permissions(
        await nc_client.notes.delete_note(note_id)


-@pytest.mark.asyncio
+@pytest.mark.anyio
 async def test_notes_share_write_permissions(
    nc_client, alice_mcp_client, charlie_mcp_client, bob_mcp_client
 ):
@@ -149,7 +149,7 @@ async def test_notes_share_write_permissions(
        await nc_client.notes.delete_note(note_id)


-@pytest.mark.asyncio
+@pytest.mark.anyio
 async def test_user_isolation_notes(nc_client, alice_mcp_client, bob_mcp_client):
    """
    Test that users can only see their own notes when not shared.
@@ -222,7 +222,7 @@ async def test_user_isolation_notes(nc_client, alice_mcp_client, bob_mcp_client)
        await nc_client.notes.delete_note(bob_note_id)


-@pytest.mark.asyncio
+@pytest.mark.anyio
 async def test_oauth_mcp_clients_initialized(
    alice_mcp_client, bob_mcp_client, charlie_mcp_client, diana_mcp_client
 ):
@@ -1,8 +1,9 @@
 import pytest
+
 from nextcloud_mcp_server.client import NextcloudClient


-@pytest.mark.asyncio
+@pytest.mark.anyio
 async def test_create_and_delete_user(nc_client: NextcloudClient, test_user):
    """Test creating a user and verifying deletion (cleanup by fixture)."""
    user_config = test_user
@@ -28,7 +29,7 @@ async def test_create_and_delete_user(nc_client: NextcloudClient, test_user):
    # Note: Fixture cleanup will also try to delete but handle 404 gracefully


-@pytest.mark.asyncio
+@pytest.mark.anyio
 async def test_update_user_field(nc_client: NextcloudClient, test_user):
    """Test updating user fields."""
    user_config = test_user
@@ -43,7 +44,7 @@ async def test_update_user_field(nc_client: NextcloudClient, test_user):
    # Fixture will handle cleanup


-@pytest.mark.asyncio
+@pytest.mark.anyio
 async def test_user_groups(nc_client: NextcloudClient, test_user_in_group):
    """Test adding and removing users from groups."""
    user_config, groupid = test_user_in_group
@@ -60,7 +61,7 @@ async def test_user_groups(nc_client: NextcloudClient, test_user_in_group):
    # Fixtures will handle cleanup


-@pytest.mark.asyncio
+@pytest.mark.anyio
 async def test_user_subadmins(nc_client: NextcloudClient, test_user, test_group):
    """Test promoting and demoting subadmins."""
    user_config = test_user
@@ -81,7 +82,7 @@ async def test_user_subadmins(nc_client: NextcloudClient, test_user, test_group)
    # Fixtures will handle cleanup


-@pytest.mark.asyncio
+@pytest.mark.anyio
 async def test_disable_enable_user(nc_client: NextcloudClient, test_user):
    """Test disabling and enabling users."""
    user_config = test_user
@@ -101,7 +102,7 @@ async def test_disable_enable_user(nc_client: NextcloudClient, test_user):
    # Fixture will handle cleanup


-@pytest.mark.asyncio
+@pytest.mark.anyio
 async def test_get_editable_user_fields(nc_client: NextcloudClient):
    editable_fields = await nc_client.users.get_editable_user_fields()
    assert "displayname" in editable_fields
@@ -0,0 +1,322 @@
+"""Integration tests for WebDAV search MCP tools."""
+
+import json
+import logging
+import uuid
+
+import pytest
+from mcp import ClientSession
+
+from nextcloud_mcp_server.client import NextcloudClient
+
+logger = logging.getLogger(__name__)
+pytestmark = pytest.mark.integration
+
+
+def normalize_search_response(data):
+    """Extract results list from SearchFilesResponse.
+
+    The response is a SearchFilesResponse with a 'results' field containing the list of files.
+    """
+    if isinstance(data, dict) and "results" in data:
+        return data["results"]
+    else:
+        # Fallback for unexpected format
+        return []
+
+
+@pytest.fixture
+async def search_test_files(nc_client: NextcloudClient):
+    """Create test files for WebDAV search testing via MCP."""
+    test_dir = f"mcp_webdav_search_{uuid.uuid4().hex[:8]}"
+
+    # Create base directory
+    await nc_client.webdav.create_directory(test_dir)
+
+    # Create various test files
+    test_files = [
+        # Text files
+        (f"{test_dir}/search_test1.txt", b"Sample document", "text/plain"),
+        (f"{test_dir}/search_test2.txt", b"Another document", "text/plain"),
+        (f"{test_dir}/search_report.txt", b"Report content", "text/plain"),
+        # Markdown files
+        (f"{test_dir}/search_readme.md", b"# README", "text/markdown"),
+        (f"{test_dir}/search_notes.md", b"# Notes", "text/markdown"),
+        # Images (simulated)
+        (f"{test_dir}/search_image.jpg", b"\xff\xd8\xff fake jpg", "image/jpeg"),
+        (f"{test_dir}/search_photo.png", b"\x89PNG fake png", "image/png"),
+        # PDF (simulated)
+        (f"{test_dir}/search_presentation.pdf", b"%PDF-1.4", "application/pdf"),
+    ]
+
+    # Write all test files
+    for file_path, content, content_type in test_files:
+        await nc_client.webdav.write_file(file_path, content, content_type)
+
+    logger.info(f"Created {len(test_files)} test files in {test_dir}")
+
+    yield test_dir
+
+    # Cleanup
+    try:
+        await nc_client.webdav.delete_resource(test_dir)
+        logger.info(f"Cleaned up test directory: {test_dir}")
+    except Exception as e:
+        logger.warning(f"Failed to cleanup {test_dir}: {e}")
+
+
+async def test_nc_webdav_find_by_name(
+    nc_mcp_client: ClientSession, search_test_files: str
+):
+    """Test nc_webdav_find_by_name MCP tool."""
+    # Find all .txt files in the test directory
+    result = await nc_mcp_client.call_tool(
+        "nc_webdav_find_by_name",
+        arguments={
+            "pattern": "search_%.txt",
+            "scope": search_test_files,
+        },
+    )
+
+    # Parse the result
+    content = result.content[0].text
+    files = normalize_search_response(json.loads(content))
+
+    logger.info(f"Found {len(files)} files matching 'search_%.txt'")
+
+    # Should find at least 3 .txt files
+    assert len(files) >= 3, f"Expected at least 3 .txt files, got {len(files)}"
+
+    # Verify all results end with .txt
+    for file in files:
+        name = file.get("name", "")
+        assert name.endswith(".txt"), f"Expected .txt file, got {name}"
+        assert name.startswith("search_"), (
+            f"Expected name to start with 'search_', got {name}"
+        )
+
+
+async def test_nc_webdav_find_by_name_with_limit(
+    nc_mcp_client: ClientSession, search_test_files: str
+):
+    """Test nc_webdav_find_by_name with limit parameter."""
+    # Find files with limit
+    result = await nc_mcp_client.call_tool(
+        "nc_webdav_find_by_name",
+        arguments={
+            "pattern": "search_%.txt",
+            "scope": search_test_files,
+            "limit": 2,
+        },
+    )
+
+    content = result.content[0].text
+    files = normalize_search_response(json.loads(content))
+
+    logger.info(f"Found {len(files)} files with limit=2")
+
+    # Should return at most 2 results
+    assert len(files) <= 2, f"Expected at most 2 files, got {len(files)}"
+    assert len(files) > 0, "Expected at least 1 file"
+
+
+async def test_nc_webdav_find_by_type_images(
+    nc_mcp_client: ClientSession, search_test_files: str
+):
+    """Test nc_webdav_find_by_type for images."""
+    # Find all images
+    result = await nc_mcp_client.call_tool(
+        "nc_webdav_find_by_type",
+        arguments={
+            "mime_type": "image/%",
+            "scope": search_test_files,
+        },
+    )
+
+    content = result.content[0].text
+    files = normalize_search_response(json.loads(content))
+
+    logger.info(f"Found {len(files)} image files")
+
+    # Should find at least 2 image files (jpg and png)
+    assert len(files) >= 2, f"Expected at least 2 image files, got {len(files)}"
+
+    # Verify all results are images
+    for file in files:
+        content_type = file.get("content_type", "")
+        assert content_type.startswith("image/"), (
+            f"Expected image/* type, got {content_type}"
+        )
+
+
+async def test_nc_webdav_find_by_type_specific(
+    nc_mcp_client: ClientSession, search_test_files: str
+):
+    """Test nc_webdav_find_by_type for specific MIME type."""
+    # Find PDF files
+    result = await nc_mcp_client.call_tool(
+        "nc_webdav_find_by_type",
+        arguments={
+            "mime_type": "application/pdf",
+            "scope": search_test_files,
+        },
+    )
+
+    content = result.content[0].text
+    files = normalize_search_response(json.loads(content))
+
+    logger.info(f"Found {len(files)} PDF files")
+
+    # Should find at least 1 PDF
+    assert len(files) >= 1, f"Expected at least 1 PDF file, got {len(files)}"
+
+    # Verify result is PDF
+    for file in files:
+        content_type = file.get("content_type", "")
+        assert content_type == "application/pdf", (
+            f"Expected application/pdf, got {content_type}"
+        )
+
+
+async def test_nc_webdav_search_files_basic(
+    nc_mcp_client: ClientSession, search_test_files: str
+):
+    """Test nc_webdav_search_files with basic filters."""
+    # Search for markdown files
+    result = await nc_mcp_client.call_tool(
+        "nc_webdav_search_files",
+        arguments={
+            "scope": search_test_files,
+            "name_pattern": "%.md",
+        },
+    )
+
+    content = result.content[0].text
+    files = normalize_search_response(json.loads(content))
+
+    logger.info(f"Found {len(files)} markdown files")
+
+    # Should find at least 2 .md files
+    assert len(files) >= 2, f"Expected at least 2 .md files, got {len(files)}"
+
+    # Verify all results are .md files
+    for file in files:
+        name = file.get("name", "")
+        assert name.endswith(".md"), f"Expected .md file, got {name}"
+
+
+async def test_nc_webdav_search_files_combined(
+    nc_mcp_client: ClientSession, search_test_files: str
+):
+    """Test nc_webdav_search_files with combined filters."""
+    # Search for text files with specific name pattern
+    result = await nc_mcp_client.call_tool(
+        "nc_webdav_search_files",
+        arguments={
+            "scope": search_test_files,
+            "name_pattern": "search_test%.txt",
+            "mime_type": "text/plain",
+        },
+    )
+
+    content = result.content[0].text
+    files = normalize_search_response(json.loads(content))
+
+    logger.info(f"Found {len(files)} files matching combined filters")
+
+    # Should find search_test1.txt and search_test2.txt
+    assert len(files) >= 2, f"Expected at least 2 files, got {len(files)}"
+
+    # Verify all results match both conditions
+    for file in files:
+        name = file.get("name", "")
+        content_type = file.get("content_type", "")
+        assert name.endswith(".txt"), f"Expected .txt file, got {name}"
+        assert name.startswith("search_test"), (
+            f"Expected 'search_test' prefix, got {name}"
+        )
+        assert content_type == "text/plain", f"Expected text/plain, got {content_type}"
+
+
+async def test_nc_webdav_search_files_with_limit(
+    nc_mcp_client: ClientSession, search_test_files: str
+):
+    """Test nc_webdav_search_files with result limit."""
+    # Search with limit
+    result = await nc_mcp_client.call_tool(
+        "nc_webdav_search_files",
+        arguments={
+            "scope": search_test_files,
+            "name_pattern": "search_%",
+            "limit": 3,
+        },
+    )
+
+    content = result.content[0].text
+    files = normalize_search_response(json.loads(content))
+
+    logger.info(f"Found {len(files)} files with limit=3")
+
+    # Should return at most 3 results
+    assert len(files) <= 3, f"Expected at most 3 files, got {len(files)}"
+    assert len(files) > 0, "Expected at least 1 file"
+
+
+async def test_nc_webdav_search_no_results(
+    nc_mcp_client: ClientSession, search_test_files: str
+):
+    """Test search that returns no results."""
+    # Search for non-existent pattern
+    result = await nc_mcp_client.call_tool(
+        "nc_webdav_find_by_name",
+        arguments={
+            "pattern": "nonexistent_xyz123.txt",
+            "scope": search_test_files,
+        },
+    )
+
+    # Handle case where empty results might return empty content
+    if result.content and len(result.content) > 0:
+        content = result.content[0].text
+        files = normalize_search_response(json.loads(content))
+    else:
+        files = []
+
+    logger.info("Search correctly returned no results")
+
+    # Should return empty array
+    assert len(files) == 0, f"Expected no results, got {len(files)}"
+
+
+async def test_search_result_properties(
+    nc_mcp_client: ClientSession, search_test_files: str
+):
+    """Test that search results include expected properties."""
+    # Search for a specific file
+    result = await nc_mcp_client.call_tool(
+        "nc_webdav_find_by_name",
+        arguments={
+            "pattern": "search_readme.md",
+            "scope": search_test_files,
+        },
+    )
+
+    content = result.content[0].text
+    files = normalize_search_response(json.loads(content))
+
+    assert len(files) >= 1, "Should find at least one file"
+
+    file = files[0]
+
+    # Check for expected properties
+    assert "name" in file, "Should include name property"
+    assert "path" in file, "Should include path property"
+    assert "is_directory" in file, "Should include is_directory property"
+    assert file["is_directory"] is False, "File should not be a directory"
+
+    # Check for extended properties from search
+    extended_props = ["file_id", "etag", "size", "content_type", "last_modified"]
+    present_props = [prop for prop in extended_props if prop in file]
+
+    logger.info(f"Search result properties: {list(file.keys())}")
+    assert len(present_props) > 0, f"Should have at least one of {extended_props}"
@@ -1,674 +0,0 @@
-=========================
-Instruction set for users
-=========================
-
-Add a new user
--------------
-
-Create a new user on the Nextcloud server. Authentication is done by sending a
-basic HTTP authentication header.
-
-**Syntax: ocs/v1.php/cloud/users**
-
-* HTTP method: POST
-* POST argument: userid - string, the required username for the new user
-* POST argument: password - string, the password for the new user, leave empty to send welcome mail
-* POST argument: displayName - string, the display name for the new user
-* POST argument: email - string, the email for the new user, required if password empty
-* POST argument: groups - array, the groups for the new user
-* POST argument: subadmin - array, the groups in which the new user is subadmin
-* POST argument: quota - string, quota for the new user
-* POST argument: language - string, language for the new user
-
-Status codes:
-
-* 101 - invalid argument
-* 102 - user already exists
-* 103 - cannot create sub-admins for admin group
-* 104 - group does not exist
-* 105 - insufficient privileges for group
-* 106 - no group specified (required for sub-admins)
-* 107 - hint exceptions
-* 108 - an email address is required, to send a password link to the user.
-* 109 - sub-admin group does not exist
-* 110 - required email address was not provided
-* 111 - could not create non-existing user ID
-
-Example
-^^^^^^^
-::
-
-  $ curl -X POST http://admin:secret@example.com/ocs/v1.php/cloud/users -d userid="Frank" -d password="frankspassword" -H "OCS-APIRequest: true"
-
-* Creates the user ``Frank`` with password ``frankspassword``
-* optionally groups can be specified by one or more ``groups[]`` query parameters:
-  ``URL -d groups[]="admin" -D groups[]="Team1"``
-
-XML output
-^^^^^^^^^^
-
-.. code-block:: xml
-
- <?xml version="1.0"?>
- <ocs>
-  <meta>
-   <status>ok</status>
-   <statuscode>100</statuscode>
-   <message/>
-  </meta>
-  <data/>
- </ocs>
-
-Search/get users
----------------
-
-Retrieves a list of users from the Nextcloud server. Authentication is done by
-sending a Basic HTTP Authorization header.
-
-**Syntax: ocs/v1.php/cloud/users**
-
-* HTTP method: GET
-* url arguments: search - string, optional search string
-* url arguments: limit - int, optional limit value
-* url arguments: offset - int, optional offset value
-
-Status codes:
-
-* 100 - successful
-
-Example
-^^^^^^^
-::
-
-  $ curl -X GET http://admin:secret@example.com/ocs/v1.php/cloud/users?search=Frank -H "OCS-APIRequest: true"
-
-* Returns list of users matching the search string.
-
-XML output
-^^^^^^^^^^
-
-.. code-block:: xml
-
-  <?xml version="1.0"?>
-  <ocs>
-    <meta>
-      <statuscode>100</statuscode>
-      <status>ok</status>
-    </meta>
-    <data>
-      <users>
-        <element>Frank</element>
-       </users>
-    </data>
-  </ocs>
-
-Get data of a single user
-------------------------
-
-Retrieves information about a single user. Authentication is done by sending a
-Basic HTTP Authorization header.
-
-**Syntax: ocs/v1.php/cloud/users/{userid}**
-
-* HTTP method: GET
-
-Status codes:
-
-* 100 - successful
-
-Example
-^^^^^^^
-
-::
-
-  $ curl -X GET http://admin:secret@example.com/ocs/v1.php/cloud/users/Frank -H "OCS-APIRequest: true"
-
-* Returns information on the user ``Frank``
-
-XML output
-^^^^^^^^^^
-
-.. code-block:: xml
-
-  <?xml version="1.0"?>
-  <ocs>
-    <meta>
-      <statuscode>100</statuscode>
-      <status>ok</status>
-    </meta>
-    <data>
-      <enabled>true</enabled>
-      <id>Frank</id>
-      <quota>0</quota>
-      <email>frank@example.org</email>
-      <displayname>Frank K.</displayname>
-      <display-name>Frank K.</display-name>
-      <phone>0123 / 456 789</phone>
-      <address>Foobar 12, 12345 Town</address>
-      <website>https://nextcloud.com</website>
-      <twitter>Nextcloud</twitter>
-      <groups>
-       <element>group1</element>
-       <element>group2</element>
-      </groups>
-    </data>
-  </ocs>
-
-Edit data of a single user
--------------------------
-
-Edits attributes related to a user. Users are able to edit email, displayname
-and password; admins can also edit the quota value. Further restrictions may apply,
-check the `List of editable data fields`_ endpoint. Authentication
-is done by sending a Basic HTTP Authorization header.
-
-**Syntax: ocs/v1.php/cloud/users/{userid}**
-
-* HTTP method: PUT
-* PUT argument: key, the field to edit:
-
-  + email
-  + quota
-  + displayname
-  + display (**deprecated** use `displayname` instead)
-  + phone
-  + address
-  + website
-  + twitter
-  + password
-
-* PUT argument: value, the new value for the field
-
-Status codes:
-
-* 101 - invalid argument
-* 107 - password policy (hint exception)
-* 112 - Setting the password is not supported by the users backend
-* 113 - editing field not allowed / field doesn’t exist
-
-Examples
-^^^^^^^^
-
-::
-
-  $ curl -X PUT http://admin:secret@example.com/ocs/v1.php/cloud/users/Frank -d key="email" -d value="franksnewemail@example.org" -H "OCS-APIRequest: true"
-
-* Updates the email address for the user ``Frank``
-
-::
-
-  $ curl -X PUT http://admin:secret@example.com/ocs/v1.php/cloud/users/Frank -d key="quota" -d value="100MB" -H "OCS-APIRequest: true"
-
-* Updates the quota for the user ``Frank``
-
-XML output
-^^^^^^^^^^
-
-.. code-block:: xml
-
-  <?xml version="1.0"?>
-  <ocs>
-    <meta>
-      <statuscode>100</statuscode>
-      <status>ok</status>
-    </meta>
-    <data/>
-  </ocs>
-
-.. _editable_field_list:
-
-List of editable data fields
----------------------------
-
-Edits attributes related to a user. Users are able to edit email, displayname
-and password; admins can also edit the quota value. Authentication is done by
-sending a Basic HTTP Authorization header.
-
-**Syntax: ocs/v1.php/cloud/user/fields**
-
-* HTTP method: GET
-
-Status codes:
-
-* 100 - successful
-
-Examples
-^^^^^^^^
-
-::
-
-  $ curl -X GET http://admin:secret@example.com/ocs/v1.php/cloud/user/fields -H "OCS-APIRequest: true"
-
-* Gets the list of fields
-
-XML output
-^^^^^^^^^^
-
-.. code-block:: xml
-
-  <?xml version="1.0"?>
-  <ocs>
-   <meta>
-    <status>ok</status>
-    <statuscode>100</statuscode>
-    <message>OK</message>
-   </meta>
-   <data>
-    <element>displayname</element>
-    <element>email</element>
-    <element>phone</element>
-    <element>address</element>
-    <element>website</element>
-    <element>twitter</element>
-   </data>
-  </ocs>
-
-
-Disable a user
--------------
-
-Disables a user on the Nextcloud server so that the user cannot login anymore.
-Authentication is done by sending a Basic HTTP Authorization header.
-
-**Syntax: ocs/v1.php/cloud/users/{userid}/disable**
-
-* HTTP method: PUT
-
-Statuscodes:
-
-* 100 - successful
-* 101 - failure
-
-Example
-^^^^^^^
-
-::
-
-  $ curl -X PUT http://admin:secret@example.com/ocs/v1.php/cloud/users/Frank/disable -H "OCS-APIRequest: true"
-
-* Disables the user ``Frank``
-
-XML output
-^^^^^^^^^^
-
-.. code-block:: xml
-
-  <?xml version="1.0"?>
-  <ocs>
-    <meta>
-      <status>ok</status>
-      <statuscode>100</statuscode>
-      <message/>
-    </meta>
-    <data/>
-  </ocs>
-
-Enable a user
-------------
-
-Enables a user on the Nextcloud server so that the user can login again.
-Authentication is done by sending a Basic HTTP Authorization header.
-
-**Syntax: ocs/v1.php/cloud/users/{userid}/enable**
-
-* HTTP method: PUT
-
-Statuscodes:
-
-* 100 - successful
-* 101 - failure
-
-Example
-^^^^^^^
-
-::
-
-  $ curl -X PUT http://admin:secret@example.com/ocs/v1.php/cloud/users/Frank/enable -H "OCS-APIRequest: true"
-
-* Enables the user ``Frank``
-
-XML output
-^^^^^^^^^^
-
-.. code-block:: xml
-
-  <?xml version="1.0"?>
-  <ocs>
-    <meta>
-      <status>ok</status>
-      <statuscode>100</statuscode>
-      <message/>
-    </meta>
-    <data/>
-  </ocs>
-
-Delete a user
-------------
-
-Deletes a user from the Nextcloud server. Authentication is done by sending a
-Basic HTTP Authorization header.
-
-**Syntax: ocs/v1.php/cloud/users/{userid}**
-
-* HTTP method: DELETE
-
-Statuscodes:
-
-* 100 - successful
-* 101 - failure
-
-Example
-^^^^^^^
-
-::
-
-  $ curl -X DELETE http://admin:secret@example.com/ocs/v1.php/cloud/users/Frank -H "OCS-APIRequest: true"
-
-* Deletes the user ``Frank``
-
-XML output
-^^^^^^^^^^
-
-.. code-block:: xml
-
-  <?xml version="1.0"?>
-  <ocs>
-    <meta>
-      <statuscode>100</statuscode>
-      <status>ok</status>
-    </meta>
-    <data/>
-  </ocs>
-
-Get user's groups
-----------------
-
-Retrieves a list of groups the specified user is a member of. Authentication is
-done by sending a Basic HTTP Authorization header.
-
-**Syntax: ocs/v1.php/cloud/users/{userid}/groups**
-
-* HTTP method: GET
-
-Status codes:
-
-* 100 - successful
-
-Example
-^^^^^^^
-
-::
-
-  $ curl -X GET http://admin:secret@example.com/ocs/v1.php/cloud/users/Frank/groups -H "OCS-APIRequest: true"
-
-* Retrieves a list of groups of which ``Frank`` is a member
-
-XML output
-^^^^^^^^^^
-
-.. code-block:: xml
-
-  <?xml version="1.0"?>
-  <ocs>
-    <meta>
-      <statuscode>100</statuscode>
-      <status>ok</status>
-    </meta>
-    <data>
-      <groups>
-        <element>admin</element>
-        <element>group1</element>
-      </groups>
-    </data>
-  </ocs>
-
-Add user to group
-----------------
-
-Adds the specified user to the specified group. Authentication is done by
-sending a Basic HTTP Authorization header.
-
-**Syntax: ocs/v1.php/cloud/users/{userid}/groups**
-
-* HTTP method: POST
-* POST argument: groupid, string - the group to add the user to
-
-Status codes:
-
-* 100 - successful
-* 101 - no group specified
-* 102 - group does not exist
-* 103 - user does not exist
-* 104 - insufficient privileges
-* 105 - failed to add user to group
-
-Example
-^^^^^^^
-
-::
-
-  $ curl -X POST http://admin:secret@example.com/ocs/v1.php/cloud/users/Frank/groups -d groupid="newgroup" -H "OCS-APIRequest: true"
-
-* Adds the user ``Frank`` to the group ``newgroup``
-
-XML output
-^^^^^^^^^^
-
-.. code-block:: xml
-
-  <?xml version="1.0"?>
-  <ocs>
-    <meta>
-      <statuscode>100</statuscode>
-      <status>ok</status>
-    </meta>
-    <data/>
-  </ocs>
-
-Remove user from group
----------------------
-
-Removes the specified user from the specified group. Authentication is done by
-sending a Basic HTTP Authorization header.
-
-**Syntax: ocs/v1.php/cloud/users/{userid}/groups**
-
-* HTTP method: DELETE
-* DELETE argument: groupid, string - the group to remove the user from
-
-Status codes:
-
-* 100 - successful
-* 101 - no group specified
-* 102 - group does not exist
-* 103 - user does not exist
-* 104 - insufficient privileges
-* 105 - failed to remove user from group
-
-Example
-^^^^^^^
-
-::
-
-  $ curl -X DELETE http://admin:secret@example.com/ocs/v1.php/cloud/users/Frank/groups -d groupid="newgroup" -H "OCS-APIRequest: true"
-
-* Removes the user ``Frank`` from the group ``newgroup``
-
-XML output
-^^^^^^^^^^
-
-.. code-block:: xml
-
-  <?xml version="1.0"?>
-  <ocs>
-    <meta>
-      <statuscode>100</statuscode>
-      <status>ok</status>
-    </meta>
-    <data/>
-  </ocs>
-
-Promote user to subadmin
------------------------
-
-Makes a user the subadmin of a group. Authentication is done by sending a Basic
-HTTP Authorization header.
-
-**Syntax: ocs/v1.php/cloud/users/{userid}/subadmins**
-
-* HTTP method: POST
-* POST argument: groupid, string - the group of which to make the user a
-  subadmin
-
-Status codes:
-
-* 100 - successful
-* 101 - user does not exist
-* 102 - group does not exist
-* 103 - unknown failure
-
-Example
-^^^^^^^
-
-::
-
-  $ curl -X POST https://admin:secret@example.com/ocs/v1.php/cloud/users/Frank/subadmins -d groupid="group" -H "OCS-APIRequest: true"
-
-* Makes the user ``Frank`` a subadmin of the ``group`` group
-
-XML output
-^^^^^^^^^^
-
-.. code-block:: xml
-
-  <?xml version="1.0"?>
-  <ocs>
-    <meta>
-      <statuscode>100</statuscode>
-      <status>ok</status>
-    </meta>
-    <data/>
-  </ocs>
-
-Demote user from subadmin
-------------------------
-
-Removes the subadmin rights for the user specified from the group specified.
-Authentication is done by sending a Basic HTTP Authorization header.
-
-**Syntax: ocs/v1.php/cloud/users/{userid}/subadmins**
-
-* HTTP method: DELETE
-* DELETE argument: groupid, string - the group from which to remove the user's
-  subadmin rights
-
-Status codes:
-
-* 100 - successful
-* 101 - user does not exist
-* 102 - user is not a subadmin of the group / group does not exist
-* 103 - unknown failure
-
-Example
-^^^^^^^
-
-::
-
-  $ curl -X DELETE https://admin:secret@example.com/ocs/v1.php/cloud/users/Frank/subadmins -d groupid="oldgroup" -H "OCS-APIRequest: true"
-
-* Removes ``Frank's`` subadmin rights from the ``oldgroup`` group
-
-XML output
-^^^^^^^^^^
-
-.. code-block:: xml
-
-  <?xml version="1.0"?>
-  <ocs>
-    <meta>
-      <statuscode>100</statuscode>
-      <status>ok</status>
-    </meta>
-    <data/>
-  </ocs>
-
-Get user's subadmin groups
--------------------------
-
-Returns the groups in which the user is a subadmin. Authentication is done by
-sending a Basic HTTP Authorization header.
-
-**Syntax: ocs/v1.php/cloud/users/{userid}/subadmins**
-
-* HTTP method: GET
-
-Status codes:
-
-* 100 - successful
-* 101 - user does not exist
-* 102 - unknown failure
-
-Example
-^^^^^^^
-
-::
-
-  $ curl -X GET https://admin:secret@example.com/ocs/v1.php/cloud/users/Frank/subadmins -H "OCS-APIRequest: true"
-
-* Returns the groups of which ``Frank`` is a subadmin
-
-XML output
-^^^^^^^^^^
-
-.. code-block:: xml
-
-  <?xml version="1.0"?>
-  <ocs>
-    <meta>
-        <status>ok</status>
-        <statuscode>100</statuscode>
-      <message/>
-    </meta>
-    <data>
-      <element>testgroup</element>
-    </data>
-  </ocs>
-
-Resend the welcome email
------------------------
-
-The request to this endpoint triggers the welcome email for this user again.
-
-**Syntax: ocs/v1.php/cloud/users/{userid}/welcome**
-
-* HTTP method: POST
-
-Status codes:
-
-* 100 - successful
-* 101 - email address not available
-* 102 - sending email failed
-
-Example
-^^^^^^^
-
-::
-
-  $ curl -X POST https://admin:secret@example.com/ocs/v1.php/cloud/users/Frank/welcome -H "OCS-APIRequest: true"
-
-* Sends the welcome email to ``Frank``
-
-XML output
-^^^^^^^^^^
-
-.. code-block:: xml
-
-  <?xml version="1.0"?>
-  <ocs>
-    <meta>
-        <status>ok</status>
-        <statuscode>100</statuscode>
-      <message/>
-    </meta>
-    <data/>
-  </ocs>
Author	SHA1	Message	Date
github-actions[bot]	45bbf97033	bump: version 0.16.0 → 0.17.0	2025-10-19 22:55:23 +00:00
Chris Coutinho	14a0f166fe	Merge pull request #223 from cbcoutinho/feature/caldav Migrate to caldav and add support for VTODOs	2025-10-20 00:54:51 +02:00
Chris Coutinho	71f09a47ca	docs: Update CalendarClient docstrings [skip ci]	2025-10-20 00:54:35 +02:00
Chris Coutinho	61bb8cc048	Merge pull request #224 from cbcoutinho/renovate/astral-sh-setup-uv-7.x chore(deps): update astral-sh/setup-uv action to v7.1.1	2025-10-20 00:15:05 +02:00
renovate-bot-cbcoutinho[bot]	ad9b9f25a1	chore(deps): update astral-sh/setup-uv action to v7.1.1	2025-10-19 22:05:34 +00:00
Chris Coutinho	f4dd68735c	test: Fix how categories are handled in calendar	2025-10-20 00:04:38 +02:00
Chris Coutinho	c75f0c0a17	test: Revert creation	2025-10-19 23:59:07 +02:00
Chris Coutinho	a143123acc	fix(caldav): Check that calendar exists after creation to avoid race condition Verify that field preservation tests still operate	2025-10-19 23:44:39 +02:00
Chris Coutinho	1dc2ddfdb7	fix(caldav): Properly parse datetimes as vDDDTypes	2025-10-19 20:13:05 +02:00
Chris Coutinho	92e18825bc	feat(caldav): Add support for tasks	2025-10-19 18:02:43 +02:00
Chris Coutinho	d398a8c8e6	refactor: Migrate from internal CalendarClient to caldav library	2025-10-19 15:47:17 +02:00
Chris Coutinho	39dfa13895	docs: Remove user API docs	2025-10-19 14:06:14 +02:00
github-actions[bot]	cb7a609ec2	bump: version 0.15.2 → 0.16.0	2025-10-19 00:13:49 +00:00
Chris Coutinho	b8d241b596	Merge pull request #219 from cbcoutinho/feature/load-testing Feature/load testing	2025-10-19 02:13:18 +02:00
Chris Coutinho	5395f8d3d6	chore: Update lock file	2025-10-19 02:02:05 +02:00
Chris Coutinho	198d7495f0	ci: Remove --setup-show from pytest args	2025-10-19 01:58:22 +02:00
Chris Coutinho	c2f6c6ce0d	ci: Set cookbook recipe import timeout to 5min	2025-10-19 01:49:21 +02:00
Chris Coutinho	5757f2582b	ci: Run oauth tests	2025-10-19 00:49:55 +02:00
Chris Coutinho	d5e6411c45	test: disable asyncio fixture	2025-10-19 00:49:24 +02:00
Chris Coutinho	f0c03ceede	Merge pull request #221 from cbcoutinho/renovate/ghcr.io-astral-sh-uv-0.9.4-python3.11-alpine chore(deps): update ghcr.io/astral-sh/uv:0.9.4-python3.11-alpine docker digest to 1a51c77	2025-10-19 00:28:59 +02:00
Chris Coutinho	7818eb104e	ci: Add --setup-show to pytest	2025-10-19 00:28:28 +02:00
Chris Coutinho	b72514bb32	ci: Add pytest-timeout to dev deps	2025-10-19 00:27:19 +02:00
renovate-bot-cbcoutinho[bot]	f51d3a2101	chore(deps): update ghcr.io/astral-sh/uv:0.9.4-python3.11-alpine docker digest to 1a51c77	2025-10-18 22:07:46 +00:00
Chris Coutinho	5de4055f9f	ci: Set log level INFO	2025-10-19 00:05:00 +02:00
Chris Coutinho	95da43ea0f	ci: Increase playwright timeout to 60s	2025-10-18 23:26:50 +02:00
Chris Coutinho	ae47c5f3e6	ci: Use chromium	2025-10-18 23:12:53 +02:00
Chris Coutinho	31ffeba69b	chore: Move timeout to recipe import	2025-10-18 23:12:31 +02:00
Chris Coutinho	963a504ae2	ci: Replace 0.5 stagger with 10s in CI	2025-10-18 22:57:47 +02:00
Chris Coutinho	ead298c132	chore: revert conftest.py	2025-10-18 22:44:51 +02:00
Chris Coutinho	2f805e54b7	test: Migrate load test benchmark scripts to anyio Remove unused redis container	2025-10-18 22:40:50 +02:00
Chris Coutinho	6158a890af	feat(webdav): Add search and list favorite response tools	2025-10-18 22:02:26 +02:00
Chris Coutinho	240ceb3808	test: Migrate load test framework to anyio as well	2025-10-18 22:02:25 +02:00
Chris Coutinho	1459fe9bc8	test: Replace pytest-asyncio plugin fixtures with anyio fixtures	2025-10-18 22:02:25 +02:00
Chris Coutinho	37164dbdbc	chore: sort imports	2025-10-18 22:02:25 +02:00
Chris Coutinho	c3ff92a8c1	test: Cleanup testing fixtures regarding canceled scopes	2025-10-18 22:02:25 +02:00
Chris Coutinho	371d0c93a5	test: Update oauth benchmark tests	2025-10-18 22:02:25 +02:00
Chris Coutinho	644c59bf78	docs: remove old docs	2025-10-18 22:02:25 +02:00
Chris Coutinho	056b6fc9d6	test: Initialize load testing framework	2025-10-18 22:02:24 +02:00
Chris Coutinho	83917b3786	perf(notes): Improve notes search performance using async iterators	2025-10-18 22:02:19 +02:00
Chris Coutinho	955ad78f13	test: Add load testing framework	2025-10-18 22:02:19 +02:00
Chris Coutinho	3f04449a86	Merge pull request #220 from cbcoutinho/renovate/ghcr.io-astral-sh-uv-0.9.4-python3.11-alpine chore(deps): update ghcr.io/astral-sh/uv:0.9.4-python3.11-alpine docker digest to 4992e5c	2025-10-18 18:31:01 +02:00
renovate-bot-cbcoutinho[bot]	144a54c1ad	chore(deps): update ghcr.io/astral-sh/uv:0.9.4-python3.11-alpine docker digest to 4992e5c	2025-10-18 16:08:33 +00:00
Chris Coutinho	90b4b2a038	Merge pull request #218 from cbcoutinho/renovate/ghcr.io-astral-sh-uv-0.x chore(deps): update ghcr.io/astral-sh/uv docker tag to v0.9.4	2025-10-18 12:41:19 +02:00
renovate-bot-cbcoutinho[bot]	cdfab26c75	chore(deps): update ghcr.io/astral-sh/uv docker tag to v0.9.4	2025-10-18 04:07:22 +00:00
github-actions[bot]	a389f2940e	bump: version 0.15.1 → 0.15.2	2025-10-17 23:17:32 +00:00
Chris Coutinho	5e829fc7e7	refactor: Unify logging & remove factory deployment	2025-10-18 01:15:06 +02:00
Chris Coutinho	9c909b6e42	Merge pull request #217 from cbcoutinho/renovate/pin-dependencies chore(deps): pin docker.io/library/nginx docker tag to 61e0128	2025-10-17 09:21:50 +02:00
renovate-bot-cbcoutinho[bot]	9b29eabfaa	chore(deps): pin docker.io/library/nginx docker tag to 61e0128	2025-10-17 04:07:05 +00:00
github-actions[bot]	7549c988f4	bump: version 0.15.0 → 0.15.1	2025-10-17 02:49:37 +00:00
Chris Coutinho	0145be4bbd	Merge pull request #216 from cbcoutinho/feature/trigger Fix timeouts (in CI)	2025-10-17 04:49:17 +02:00
Chris Coutinho	b1207770ca	docs: revert README	2025-10-17 04:47:46 +02:00
Chris Coutinho	d694243723	test: Remove filter	2025-10-17 04:46:43 +02:00
Chris Coutinho	8e7191e0ea	fix: Increase HTTP client timeout to 30s The default 5s timeout was too short for Nextcloud Cookbook app to fetch and process recipes from external URLs, causing intermittent test failures with ReadTimeout errors. Fixes intermittent CI failures in cookbook import tests.	2025-10-17 04:41:28 +02:00
Chris Coutinho	dbcf9d93ca	chore: Improve RequestError message details Show exception type and cause when str(e) is empty for better debugging	2025-10-17 04:37:31 +02:00
Chris Coutinho	27519d0f62	test: Replace http server for recipes with nginx container	2025-10-17 04:30:03 +02:00
Chris Coutinho	2999d4b65e	fix: Handle RequestError in mcp tools	2025-10-17 04:17:41 +02:00
Chris Coutinho	0fd32ecd34	test: Fix test networking	2025-10-17 03:58:36 +02:00
Chris Coutinho	604a2065cb	chore: trigger	2025-10-17 03:40:40 +02:00
github-actions[bot]	0aeef1b87e	bump: version 0.14.3 → 0.15.0	2025-10-17 01:25:56 +00:00
Chris Coutinho	b65f10ed8e	Merge pull request #215 from cbcoutinho/feature/cookbook-app feat(cookbook): Add full Cookbook app support with 13 tools and 2 res…	2025-10-17 03:25:31 +02:00
Chris Coutinho	038fcddd48	docs: remove duplicate	2025-10-17 03:24:23 +02:00
Chris Coutinho	394b27ee4a	docs: Update README with experimental warnings of OIDC support	2025-10-17 03:21:54 +02:00
Chris Coutinho	9de59db718	feat(cookbook): Add full Cookbook app support with 13 tools and 2 resources - Import recipes from URLs using schema.org metadata - Full CRUD operations for recipes - Search, categorize, and organize recipes - Manage keywords/tags and categories - Configure app settings and trigger reindexing	2025-10-17 03:08:16 +02:00
github-actions[bot]	6734de8389	bump: version 0.14.2 → 0.14.3	2025-10-17 00:04:25 +00:00
Chris Coutinho	3cb31d07f1	Merge pull request #214 from cbcoutinho/renovate/mcp-1.x fix(deps): update dependency mcp to >=1.18,<1.19	2025-10-17 02:04:00 +02:00
renovate-bot-cbcoutinho[bot]	16b9123af3	fix(deps): update dependency mcp to >=1.18,<1.19	2025-10-16 19:20:47 +00:00
Chris Coutinho	51d1f075f5	test: Remove duplicated/interactive testing fixtures All integration tests now run without interactive browser usage, simplifying CI and testing infrastructure	2025-10-16 19:46:29 +02:00
github-actions[bot]	e0a68d47a5	bump: version 0.14.1 → 0.14.2	2025-10-16 08:32:29 +00:00
Chris Coutinho	832cb51dd3	Merge pull request #213 from cbcoutinho/renovate/pillow-12.x fix(deps): update dependency pillow to v12	2025-10-16 10:32:04 +02:00
Chris Coutinho	f6256c10db	Merge pull request #212 from cbcoutinho/renovate/ghcr.io-astral-sh-uv-0.x chore(deps): update ghcr.io/astral-sh/uv docker tag to v0.9.3	2025-10-16 00:24:01 +02:00
renovate-bot-cbcoutinho[bot]	7b2002c1b5	fix(deps): update dependency pillow to v12	2025-10-15 22:09:01 +00:00
renovate-bot-cbcoutinho[bot]	d150cf2e72	chore(deps): update ghcr.io/astral-sh/uv docker tag to v0.9.3	2025-10-15 22:08:49 +00:00
Chris Coutinho	3921d9b982	test: Refactor test fixtures into a oauth token factory	2025-10-15 21:15:18 +02:00
github-actions[bot]	9e4c20a4b1	bump: version 0.14.0 → 0.14.1	2025-10-15 15:26:35 +00:00
Chris Coutinho	f26bca13f1	Merge pull request #211 from cbcoutinho/feature/docs-oauth fix(oauth): Remove the option to force_register new clients	2025-10-15 17:26:09 +02:00
				`@@ -0,0 +1 @@`
				`"""Load testing utilities for Nextcloud MCP Server."""`