feat(auth): clear local IndexedDB and sync state on explicit logout

Wipe Dexie databases (main + CRDT sync state) and reset the sync queue
when the user explicitly logs out so the next account on the same device
starts from a clean local store. Session expiry deliberately keeps local
data intact so a returning user finds their offline work waiting.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

1 files changed, 7 insertions, 2 deletions

diff --git a/src/client/atoms/auth.ts b/src/client/atoms/auth.ts
index 9ee69cf..1ddfd53 100644
--- a/src/client/atoms/auth.ts
+++ b/src/client/atoms/auth.ts
@@ -3,6 +3,7 @@ import { atomWithStorage } from "jotai/utils";
 import { useEffect } from "react";
 import { useLocation } from "wouter";
 import { apiClient, type User } from "../api/client";
+import { clearAllLocalData } from "../db/clear";
 
 // userAtom is the single source of truth for auth state. Persisted to
 // localStorage so that the authenticated user survives page reloads alongside
@@ -27,8 +28,12 @@ export const loginAtom = atom(
 	},
 );
 
-// Action atom - logout
-export const logoutAtom = atom(null, (_get, set) => {
+// Action atom - logout. Wipes locally persisted user-scoped data so the next
+// user (or a fresh re-login) starts from a clean IndexedDB. Session expiry
+// (handled in useAuthInit) intentionally keeps local data so the user finds
+// their offline work waiting after re-authenticating.
+export const logoutAtom = atom(null, async (_get, set) => {
+	await clearAllLocalData();
 	apiClient.logout();
 	set(userAtom, null);
 });