46 changed files with 3000 additions and 6352 deletions
--- a/.gitignore
+++ b/.gitignore
@ -2,15 +2,3 @@ node_modules/
 release/
 __pycache__/
 *.pyc
 electron-config.json
 electron-config.json.bak
 electron-config.json.tmp
 electron-config.pre-import-*.json
 *.log
 debug.log
 fileuploader.log
 account-rotation.log
 doodstream-debug.log
 upload-debug.log
 release-*.log
--- a/electron-config.json
+++ b/electron-config.json
@ -0,0 +1,428 @@
 {
  "hosters": {
    "doodstream.com": {
      "enabled": false,
      "apiKey": "",
      "username": "",
      "password": ""
    },
    "voe.sx": {
      "enabled": true,
      "apiKey": "exZEXqkwEnb8eLR79eUI6WVt3JYGFzAfuPsjuGp2nAn7NATGaYhY86NVK5EX1PzD"
    },
    "vidmoly.me": {
      "enabled": true,
      "authType": "login",
      "username": "bariusgariusdi",
      "password": "Paluffel123!"
    },
    "byse.sx": {
      "enabled": true,
      "apiKey": "83124r74v61t9dmojm4gz"
    }
  },
  "hosterSettings": {
    "doodstream.com": {
      "retries": 3,
      "maxSpeedKbs": 0,
      "parallelCount": 2,
      "restartBelowKbs": 0,
      "timeIntervalSec": 0,
      "maxSizeMb": 0
    },
    "voe.sx": {
      "retries": 3,
      "maxSpeedKbs": 0,
      "parallelCount": 2,
      "restartBelowKbs": 0,
      "timeIntervalSec": 0,
      "maxSizeMb": 0
    },
    "vidmoly.me": {
      "retries": 25,
      "maxSpeedKbs": 0,
      "parallelCount": 2,
      "restartBelowKbs": 0,
      "timeIntervalSec": 1,
      "maxSizeMb": 0
    },
    "byse.sx": {
      "retries": 3,
      "maxSpeedKbs": 0,
      "parallelCount": 2,
      "restartBelowKbs": 0,
      "timeIntervalSec": 0,
      "maxSizeMb": 0
    }
  },
  "globalSettings": {
    "alwaysOnTop": false,
    "shutdownAfterFinish": "nothing",
    "logFilePath": "",
    "sessionLog": false,
    "resumeQueueOnLaunch": true,
    "parallelUploadCount": 0,
    "scaleParallelUploads": true,
    "removeFromQueueOnDone": false,
    "globalMaxSpeedKbs": 0,
    "pendingQueue": {
      "selectedUploadHosters": [
        "doodstream.com",
        "voe.sx",
        "vidmoly.me",
        "byse.sx"
      ],
      "selectedFiles": [
        {
          "path": "C:\\Users\\ploet\\Downloads\\Einfach mal die Fresse halten!!!.mp4",
          "name": "Einfach mal die Fresse halten!!!.mp4",
          "size": 0
        }
      ],
      "queueJobs": [
        {
          "id": "preview-1773271047205-k8l83r",
          "file": "C:\\Users\\ploet\\Downloads\\Einfach mal die Fresse halten!!!.mp4",
          "fileName": "Einfach mal die Fresse halten!!!.mp4",
          "hoster": "doodstream.com",
          "status": "preview",
          "bytesTotal": 0,
          "error": null,
          "result": null,
          "maxAttempts": 0
        },
        {
          "id": "preview-1773271047206-npnpph",
          "file": "C:\\Users\\ploet\\Downloads\\Einfach mal die Fresse halten!!!.mp4",
          "fileName": "Einfach mal die Fresse halten!!!.mp4",
          "hoster": "voe.sx",
          "status": "preview",
          "bytesTotal": 0,
          "error": null,
          "result": null,
          "maxAttempts": 0
        },
        {
          "id": "preview-1773271047206-q2skl1",
          "file": "C:\\Users\\ploet\\Downloads\\Einfach mal die Fresse halten!!!.mp4",
          "fileName": "Einfach mal die Fresse halten!!!.mp4",
          "hoster": "vidmoly.me",
          "status": "preview",
          "bytesTotal": 0,
          "error": null,
          "result": null,
          "maxAttempts": 0
        },
        {
          "id": "preview-1773271047206-cek27b",
          "file": "C:\\Users\\ploet\\Downloads\\Einfach mal die Fresse halten!!!.mp4",
          "fileName": "Einfach mal die Fresse halten!!!.mp4",
          "hoster": "byse.sx",
          "status": "preview",
          "bytesTotal": 0,
          "error": null,
          "result": null,
          "maxAttempts": 0
        }
      ]
    },
    "scramble": {
      "active": false,
      "prefix": "",
      "suffix": "",
      "chars": "both",
      "length": 0
    }
  },
  "history": [
    {
      "id": "batch-1771639560711",
      "timestamp": "2026-02-21T02:06:04.634Z",
      "total": 3,
      "succeeded": 1,
      "failed": 2,
      "files": [
        {
          "name": "ssstwitter.com_1770829061540.mp4",
          "size": 7799235,
          "results": [
            {
              "hoster": "doodstream.com",
              "status": "error",
              "error": "Invalid URL",
              "download_url": null,
              "embed_url": null,
              "file_code": null
            },
            {
              "hoster": "byse.sx",
              "status": "error",
              "error": "Kein Upload-Server erhalten. API-Key pruefen.",
              "download_url": null,
              "embed_url": null,
              "file_code": null
            },
            {
              "hoster": "voe.sx",
              "status": "done",
              "download_url": "https://voe.sx/nnxl9k1bsmpj",
              "embed_url": "https://voe.sx/e/nnxl9k1bsmpj",
              "file_code": "nnxl9k1bsmpj"
            }
          ]
        }
      ]
    },
    {
      "id": "batch-1771639617785",
      "timestamp": "2026-02-21T02:07:01.083Z",
      "total": 4,
      "succeeded": 1,
      "failed": 3,
      "files": [
        {
          "name": "ssstwitter.com_1770829061540.mp4",
          "size": 7799235,
          "results": [
            {
              "hoster": "vidmoly.me",
              "status": "error",
              "error": "maxRedirections is not supported, use the redirect interceptor",
              "download_url": null,
              "embed_url": null,
              "file_code": null
            },
            {
              "hoster": "byse.sx",
              "status": "error",
              "error": "Kein Upload-Server erhalten. API-Key pruefen.",
              "download_url": null,
              "embed_url": null,
              "file_code": null
            },
            {
              "hoster": "doodstream.com",
              "status": "error",
              "error": "Invalid URL",
              "download_url": null,
              "embed_url": null,
              "file_code": null
            },
            {
              "hoster": "voe.sx",
              "status": "done",
              "download_url": "https://voe.sx/ujoqyizmrayw",
              "embed_url": "https://voe.sx/e/ujoqyizmrayw",
              "file_code": "ujoqyizmrayw"
            }
          ]
        }
      ]
    },
    {
      "id": "batch-1771639907565",
      "timestamp": "2026-02-21T02:13:33.560Z",
      "total": 4,
      "succeeded": 3,
      "failed": 1,
      "files": [
        {
          "name": "video_1770829348221_0hmfi8.mp4",
          "size": 107220796,
          "results": [
            {
              "hoster": "vidmoly.me",
              "status": "error",
              "error": "Vidmoly Upload-Ergebnis: Kein Download-Link gefunden",
              "download_url": null,
              "embed_url": null,
              "file_code": null
            },
            {
              "hoster": "voe.sx",
              "status": "done",
              "download_url": "https://voe.sx/f38bgbhvia4x",
              "embed_url": "https://voe.sx/e/f38bgbhvia4x",
              "file_code": "f38bgbhvia4x"
            },
            {
              "hoster": "byse.sx",
              "status": "done",
              "download_url": "https://byse.sx/zwbsud9yjxks",
              "embed_url": "https://byse.sx/e/zwbsud9yjxks",
              "file_code": "zwbsud9yjxks"
            },
            {
              "hoster": "doodstream.com",
              "status": "done",
              "download_url": "https://dsvplay.com/d/cv1y50vfrf7f",
              "embed_url": "https://dsvplay.com/e/cv1y50vfrf7f",
              "file_code": "cv1y50vfrf7f"
            }
          ]
        }
      ]
    },
    {
      "id": "batch-1771640325234",
      "timestamp": "2026-02-21T02:18:52.471Z",
      "total": 4,
      "succeeded": 2,
      "failed": 2,
      "files": [
        {
          "name": "ssstwitter.com_1770829061540.mp4",
          "size": 7799235,
          "results": [
            {
              "hoster": "doodstream.com",
              "status": "error",
              "error": "Invalid URL",
              "download_url": null,
              "embed_url": null,
              "file_code": null
            },
            {
              "hoster": "voe.sx",
              "status": "done",
              "download_url": "https://voe.sx/y4zhied9n4f5",
              "embed_url": "https://voe.sx/e/y4zhied9n4f5",
              "file_code": "y4zhied9n4f5"
            },
            {
              "hoster": "vidmoly.me",
              "status": "error",
              "error": "Vidmoly Upload-Ergebnis: Kein Download-Link gefunden",
              "download_url": null,
              "embed_url": null,
              "file_code": null
            },
            {
              "hoster": "byse.sx",
              "status": "done",
              "download_url": "https://byse.sx/3caubwbj6jxu",
              "embed_url": "https://byse.sx/e/3caubwbj6jxu",
              "file_code": "3caubwbj6jxu"
            }
          ]
        }
      ]
    },
    {
      "id": "batch-1771643316134",
      "timestamp": "2026-02-21T03:09:10.532Z",
      "total": 4,
      "succeeded": 4,
      "failed": 0,
      "files": [
        {
          "name": "ssstwitter.com_1770829061540.mp4",
          "size": 7799235,
          "results": [
            {
              "hoster": "voe.sx",
              "status": "done",
              "download_url": "https://voe.sx/juoamb17cdea",
              "embed_url": "https://voe.sx/e/juoamb17cdea",
              "file_code": "juoamb17cdea"
            },
            {
              "hoster": "byse.sx",
              "status": "done",
              "download_url": "https://byse.sx/mu8p6ikpsabf",
              "embed_url": "https://byse.sx/e/mu8p6ikpsabf",
              "file_code": "mu8p6ikpsabf"
            },
            {
              "hoster": "vidmoly.me",
              "status": "done",
              "download_url": "https://vidmoly.me/w/7460ei78oj22",
              "embed_url": "https://vidmoly.me/embed-7460ei78oj22.html",
              "file_code": "7460ei78oj22"
            },
            {
              "hoster": "doodstream.com",
              "status": "done",
              "download_url": "https://dsvplay.com/d/l4rm1kbpkgt0",
              "embed_url": "https://dsvplay.com/e/l4rm1kbpkgt0",
              "file_code": "l4rm1kbpkgt0"
            }
          ]
        }
      ]
    },
    {
      "id": "batch-1773173725103",
      "timestamp": "2026-03-10T20:15:25.339Z",
      "total": 1,
      "succeeded": 1,
      "failed": 0,
      "files": [
        {
          "name": "test-e2e-upload.txt",
          "size": 22,
          "results": [
            {
              "hoster": "voe.sx",
              "status": "done",
              "download_url": null,
              "embed_url": null,
              "file_code": null
            }
          ]
        }
      ]
    },
    {
      "id": "batch-1773176124038",
      "timestamp": "2026-03-10T20:55:24.931Z",
      "total": 1,
      "succeeded": 1,
      "failed": 0,
      "files": [
        {
          "name": "Einfach mal die Fresse halten!!!.mp4",
          "size": 172248,
          "results": [
            {
              "hoster": "voe.sx",
              "status": "done",
              "download_url": "https://voe.sx/nlvswooic50v",
              "embed_url": "https://voe.sx/e/nlvswooic50v",
              "file_code": "nlvswooic50v"
            }
          ]
        }
      ]
    },
    {
      "id": "batch-1773176209320",
      "timestamp": "2026-03-10T20:56:59.349Z",
      "total": 2,
      "succeeded": 2,
      "failed": 0,
      "files": [
        {
          "name": "export_1771588307185.mov",
          "size": 7330963,
          "results": [
            {
              "hoster": "voe.sx",
              "status": "done",
              "download_url": "https://voe.sx/qh1jriyz5up7",
              "embed_url": "https://voe.sx/e/qh1jriyz5up7",
              "file_code": "qh1jriyz5up7"
            },
            {
              "hoster": "doodstream.com",
              "status": "done",
              "download_url": "https://dsvplay.com/d/q5tib39woqq4",
              "embed_url": "https://dsvplay.com/e/q5tib39woqq4",
              "file_code": "q5tib39woqq4"
            }
          ]
        }
      ]
    }
  ]
 }
--- a/eslint.config.mjs
+++ b/eslint.config.mjs
@ -25,7 +25,6 @@ export default [
        URL: 'readonly',
        fetch: 'readonly',
        AbortController: 'readonly',
        AbortSignal: 'readonly',
        navigator: 'readonly',
        document: 'readonly',
        window: 'readonly',
--- a/lib/account-auth.js
+++ b/lib/account-auth.js
@ -1,36 +0,0 @@
 // Decides which credential an upload task should use for a given hoster.
 // Extracted from main.js buildTaskFromAccount so the routing can be unit-tested
 // without Electron.
 //
 // DOODSTREAM SPECIAL CASE: prefer the official doodapi.co API key whenever the
 // account has one. The web-login path (username/password) drives doodstream's
 // browser upload flow, which hands the filecode back inside an XFileSharing
 // HTML form. On long/large uploads that form comes back empty (no fn) because a
 // per-page-load sess_id token ages out over the multi-minute upload and/or the
 // server-side file-registration callback times out — the upload then "succeeds"
 // (bytes sent, HTTP 200) but yields no link. The JSON API returns the filecode
 // directly in result[0].filecode and authenticates with a persistent api_key,
 // so it has no empty-form failure mode for result retrieval. The API path was
 // doodstream's ORIGINAL upload path (present since the initial commit); web
 // login was added later only as an alternative for keyless accounts — so
 // preferring the key here restores the intended primary path, it doesn't fight
 // a deliberate choice. Keyless accounts keep using web login unchanged.
 function selectUploadAuth(hoster, account) {
  if (!account || typeof account !== 'object') return {};
  if (hoster === 'doodstream.com' && account.apiKey) {
    return { apiKey: account.apiKey };
  }
  if (account.authType === 'api' && account.apiKey) {
    return { apiKey: account.apiKey };
  }
  if (account.username && account.password) {
    return { username: account.username, password: account.password };
  }
  if (account.apiKey) {
    return { apiKey: account.apiKey };
  }
  return {};
 }
 module.exports = { selectUploadAuth };
--- a/lib/coalesced-set.js
+++ b/lib/coalesced-set.js
@ -1,73 +0,0 @@
 // Microtask-coalesced set. Adds are O(1); the apply callback runs once per
 // scheduler tick with every id collected since the last flush.
 //
 // Used by the renderer to merge a burst of done-jobs (e.g. 500 jobs all
 // finishing within milliseconds) into a single queueJobs.filter() pass —
 // without this each event was its own O(N) sweep, so 500 finishes were
 // O(N²) and visibly froze the UI on completion.
 //
 // Loaded both as a CommonJS module (Node tests) and as a browser global
 // (renderer/app.js via index.html script tag).
 (function (root) {
  'use strict';
  /**
   * Build a coalesced set.
   * @param {{ apply: (Set) => void, scheduler?: (cb: () => void) => void }} opts
   *   apply: called once per scheduler tick with the accumulated ids.
   *   scheduler: defaults to queueMicrotask. Tests can pass a synchronous
   *   stand-in to avoid async waits.
   */
  function makeCoalescedSet(opts) {
    if (!opts || typeof opts.apply !== 'function') {
      throw new TypeError('makeCoalescedSet: { apply: fn } required');
    }
    const apply = opts.apply;
    const scheduler = typeof opts.scheduler === 'function'
      ? opts.scheduler
      : (typeof queueMicrotask === 'function' ? queueMicrotask : (cb) => Promise.resolve().then(cb));
    let pending = new Set();
    let scheduled = false;
    function flush() {
      scheduled = false;
      if (pending.size === 0) return;
      const drop = pending;
      pending = new Set();
      try { apply(drop); } catch (e) {
        // Don't let a failing apply lock out the next batch — surface it
        // but keep the coalescer usable.
        if (typeof console !== 'undefined' && console.error) console.error(e);
      }
    }
    return {
      add(id) {
        pending.add(id);
        if (!scheduled) {
          scheduled = true;
          scheduler(flush);
        }
      },
      /**
       * Synchronously consume any pending ids. Used by beforeunload paths
       * where we can't wait for the next microtask before persisting.
       */
      drainSync() {
        if (pending.size === 0) return;
        const drop = pending;
        pending = new Set();
        scheduled = false;
        apply(drop);
      },
      /** Introspection for tests + diagnostics. */
      pendingSize() { return pending.size; },
      isScheduled() { return scheduled; }
    };
  }
  const api = { makeCoalescedSet };
  if (typeof module !== 'undefined' && module.exports) module.exports = api;
  else if (root) root.CoalescedSet = api;
 })(typeof window !== 'undefined' ? window : this);
--- a/lib/config-store.js
+++ b/lib/config-store.js
@ -1,7 +1,6 @@
 const fs = require('fs');
 const path = require('path');
 const secretStore = require('./secret-store');
 const { normalizeLogMode } = require('./log-mode');
 const HOSTER_SETTINGS_DEFAULTS = {
  retries: 3,
@ -9,8 +8,7 @@ const HOSTER_SETTINGS_DEFAULTS = {
  parallelCount: 2,     // 1-100
  restartBelowKbs: 0,   // 0 = off
  timeIntervalSec: 0,   // delay between jobs
-  maxSizeMb: 0,         // 0 = unlimited
+  maxSizeMb: 0          // 0 = unlimited
  logToFile: true       // write this hoster's successful links to fileuploader.log
 };
 // Template for each hoster type (used as defaults for new accounts)
@ -57,12 +55,7 @@ const DEFAULTS = {
    alwaysOnTop: false,
    shutdownAfterFinish: 'nothing', // nothing | sleep | shutdown | restart
    logFilePath: '',
-    sessionLog: false,                  // legacy boolean (kept for back-compat reads); normalized into logMode on load
+    sessionLog: false,
    logVerbose: false,                  // when true, [DEBUG] level entries are written to debug.log
    // NOTE: logMode is intentionally NOT in DEFAULTS. If it were, the deep-merge
    // would seed logMode='single' for every load, which would beat (and silently
    // erase) the legacy sessionLog:true → "daily" migration. normalizeLogMode in
    // load() sets logMode after the merge, looking at the saved-only data.
    resumeQueueOnLaunch: true,
    parallelUploadCount: 0, // 0 = use per-hoster limits only
    scaleParallelUploads: false,
@ -151,11 +144,7 @@ class ConfigStore {
        const backupPath = this.filePath + '.bak';
        try { data = this._readAndParse(backupPath); } catch {}
      }
-      if (!data) {
+      if (!data) return JSON.parse(JSON.stringify(DEFAULTS));
        const fresh = JSON.parse(JSON.stringify(DEFAULTS));
        fresh.globalSettings.logMode = normalizeLogMode(fresh.globalSettings);
        return fresh;
      }
      // Migrate old single-object format to array format
      for (const [name, val] of Object.entries(data.hosters || {})) {
@ -217,20 +206,13 @@ class ConfigStore {
          globalSettings[key] = { ...def, ...(savedGlobal[key] || {}) };
        }
      }
      // Normalize logMode at this single boundary. Legacy sessionLog: true
      // means *daily* (the old field was named after a misnomer); see log-mode.js.
      // Downstream readers consume logMode only and must NOT derive from
      // sessionLog at call sites.
      globalSettings.logMode = normalizeLogMode(globalSettings);
      const result = { hosters, hosterSettings, globalSettings, history: data.history || [] };
      // Decrypt credentials stored with safeStorage so the rest of the app
      // keeps working with plaintext in memory.
      secretStore.decryptCredentials(result);
      return result;
    } catch {
-      const fresh = JSON.parse(JSON.stringify(DEFAULTS));
+      return JSON.parse(JSON.stringify(DEFAULTS));
      fresh.globalSettings.logMode = normalizeLogMode(fresh.globalSettings);
      return fresh;
    }
  }
@ -269,23 +251,12 @@ class ConfigStore {
      fs.writeFile(tmpPath, data, 'utf-8', (err) => {
        if (err) return reject(err);
        try {
-          // Refresh .bak from the previous live file. Wrapped in try/catch
+          if (fs.existsSync(this.filePath)) {
-          // so an AV/indexer briefly locking the file doesn't fail the whole
+            const existing = fs.readFileSync(this.filePath, 'utf-8');
-          // save — the rename to the live path is the part that matters,
+            if (existing && existing.trim().length > 2) {
-          // a stale .bak is preferable to losing the new write entirely.
+              fs.writeFileSync(backupPath, existing, 'utf-8');
          try {
            if (fs.existsSync(this.filePath)) {
              const existing = fs.readFileSync(this.filePath, 'utf-8');
              if (existing && existing.trim().length > 2) {
                let isValid = false;
                try {
                  const parsed = JSON.parse(existing);
                  isValid = parsed && typeof parsed === 'object' && (parsed.hosters || parsed.hosterSettings || parsed.globalSettings);
                } catch {}
                if (isValid) fs.writeFileSync(backupPath, existing, 'utf-8');
              }
            }
-          } catch {}
+          }
          fs.renameSync(tmpPath, this.filePath);
        } catch (e) { return reject(e); }
        resolve();
--- a/lib/doodstream-upload.js
+++ b/lib/doodstream-upload.js
@ -7,32 +7,10 @@ const BASE_URL = 'https://doodstream.com';
 const USER_AGENT = 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36';
 const UPLOAD_TIMEOUT = 1800000; // 30 min
 // Cap doodstream's per-hoster debug log alongside the main log files so
 // dev-mode sessions don't accumulate gigabytes of upload trace.
 const { maybeRotateLogFile } = require('./log-rotation');
 const _DOODSTREAM_LOG_MAX_BYTES = 10 * 1024 * 1024;
 const _DOODSTREAM_LOG_MAX_BACKUPS = 1;
 // Resolve the log path at write-time. In a packaged build __dirname lives
 // inside app.asar (read-only) — writing there fails silently and we lose every
 // production trace. Prefer Electron's writable userData dir, fall back to the
 // repo root only when running outside Electron (tests / plain node).
 function _doodstreamLogPath() {
  try {
    const { app } = require('electron');
    if (app && typeof app.getPath === 'function') {
      return path.join(app.getPath('userData'), 'doodstream-debug.log');
    }
  } catch { /* not running under Electron */ }
  return path.join(__dirname, '..', 'doodstream-debug.log');
 }
 function _debugLog(msg) {
  try {
    const logPath = _doodstreamLogPath();
    maybeRotateLogFile(logPath, _DOODSTREAM_LOG_MAX_BYTES, _DOODSTREAM_LOG_MAX_BACKUPS);
    const ts = new Date().toISOString();
-    fs.appendFileSync(logPath, `[${ts}] ${msg}\n`);
+    fs.appendFileSync(path.join(__dirname, '..', 'doodstream-debug.log'), `[${ts}] ${msg}\n`);
  } catch {}
 }
@ -40,7 +18,6 @@ class DoodstreamUploader {
  constructor() {
    this.cookies = new Map();
    this.sessId = '';
    this.apiKey = ''; // optionally derived from the logged-in session (deriveApiKey)
  }
  _cookieHeader() {
@ -77,27 +54,11 @@ class DoodstreamUploader {
      headers['Cookie'] = this._cookieHeader();
    }
-    // The small discovery/result requests that bookend a multi-minute upload
+    const res = await fetch(url, {
-    // occasionally hit a transient blip ("fetch failed", ECONNRESET, a hung TLS
+      ...opts,
-    // handshake). A blip here shouldn't throw away the whole upload, so retry a
+      headers,
-    // few times with short backoff. Each attempt gets its own 20s timeout —
+      redirect: 'manual'
-    // Node's fetch has none by default, and a hung socket would otherwise stall
+    });
    // the attempt for minutes. The big file upload (undici) is retried at the
    // upload-manager level, not here.
    let res;
    for (let attempt = 1; ; attempt++) {
      const timeoutSignal = AbortSignal.timeout(20000);
      const signal = opts.signal ? AbortSignal.any([opts.signal, timeoutSignal]) : timeoutSignal;
      try {
        res = await fetch(url, { ...opts, headers, redirect: 'manual', signal });
        break;
      } catch (err) {
        if (opts.signal && opts.signal.aborted) throw err; // caller abort: don't retry
        if (attempt >= 3) throw err;
        _debugLog(`_fetch transient (${attempt}/3) ${url}: ${err && err.message}; retry`);
        await new Promise(r => setTimeout(r, 400 * attempt));
      }
    }
    this._parseCookiesFromHeaders(res.headers);
@ -215,8 +176,6 @@ class DoodstreamUploader {
    // Use the standard upload server endpoint
    const res = await this._fetch(BASE_URL + '/?op=upload_server');
    const text = await res.text();
    const ctype = (res.headers && res.headers.get) ? (res.headers.get('content-type') || '') : '';
    _debugLog(`upload_server: status=${res.status} ctype=${ctype} body(800)=${(text || '').slice(0, 800)}`);
    let json;
    try { json = JSON.parse(text); } catch { json = null; }
@ -227,78 +186,11 @@ class DoodstreamUploader {
    // Fallback: try fetching from upload page HTML
    const pageRes = await this._fetch(BASE_URL + '/?op=upload');
    const html = await pageRes.text();
    // Current doodstream format: the upload server is the action of the
    // multipart upload form, e.g.
    //   <form name="file" enctype="multipart/form-data"
    //         action="https://xxx.cloudatacdn.com/upload/01?SESSID" ...>
    //   <input type="hidden" name="sess_id" value="SESSID">
    // The node is assigned per page-load and the action carries a session token
    // in its query string that matches the page's hidden sess_id. We refresh
    // this.sessId from THIS page so the multipart sess_id field matches the node
    // URL — login-time and node tokens otherwise diverge and the upload comes
    // back with an empty filecode.
    const actionMatch = html.match(/action=["'](https?:\/\/[^"']+\/upload\/[^"']*)["']/i);
    if (actionMatch) {
      const url = actionMatch[1].replace(/&amp;/g, '&'); // un-escape HTML entities in query
      const freshSess = html.match(/name=["']sess_id["'][^>]*value=["']([a-zA-Z0-9]+)["']/);
      if (freshSess) {
        this.sessId = freshSess[1];
      } else {
        _debugLog('upload_server: form action found but no sess_id on page; keeping existing sessId');
      }
      // Capture the form's real fields so upload() submits exactly what the
      // browser would (file_title, submit_btn, …) instead of stale hardcoded ones.
      this._uploadFormFields = this._parseUploadFormFields(html);
      _debugLog(`upload_server: using form action node=${url} sess=${this.sessId} fields=${Object.keys(this._uploadFormFields).join(',')}`);
      return url;
    }
    // Legacy fallback: srv_url JS variable (older doodstream theme).
    const srvMatch = html.match(/srv_url['":\s]+['"]?(https?:\/\/[^'">\s]+)['"]?/i);
    if (srvMatch) return srvMatch[1];
-    // No upload server could be extracted. We MUST NOT silently fall back to a
+    // Last resort fallback
-    // hardcoded node: that node is stale and accepts the bytes but returns an
+    return 'https://tr1128ve.cloudatacdn.com/upload/01';
    // empty form (no filecode) — so the user wastes ~90s uploading 95 MB into a
    // dead end and gets a cryptic "kein Filecode" 90s later. Fail fast and put
    // the raw responses in the error so the real format change is diagnosable.
    const urlHints = (html.match(/https?:\/\/[^'">\s]+/g) || []).slice(0, 4).join(' , ');
    _debugLog(`upload_server: NO SERVER. upload-page html(2000)=${(html || '').slice(0, 2000)}`);
    throw new Error(
      `Doodstream: konnte Upload-Server nicht ermitteln (Endpoint geaendert?). ` +
      `op=upload_server status=${res.status} ctype=${ctype} body=${(text || '').slice(0, 300)} ` +
      `| upload-page URL-Treffer: ${urlHints || 'keine'}`
    );
  }
  /**
   * Replicate the non-file fields of doodstream's CURRENT upload form so our
   * POST matches what the browser actually submits. Doodstream dropped the old
   * `utype` field and added file_title / fakefilepc / submit_btn; submitting a
   * stale/incomplete field set can make the node accept the bytes but skip
   * registration (→ empty result form). We parse the live form rather than
   * hardcode, so we track whatever fields doodstream uses now. The file input
   * (type=file) is excluded — the file is streamed separately.
   */
  _parseUploadFormFields(html) {
    const fields = {};
    if (!html) return fields;
    // Narrow to the upload form (its action points at a /upload/ node).
    const formMatch = html.match(/<form[^>]*\baction=["'][^"']*\/upload\/[^"']*["'][\s\S]*?<\/form>/i);
    const scope = formMatch ? formMatch[0] : html;
    const re = /<(?:input|button)\b([^>]*)>/gi;
    let m;
    while ((m = re.exec(scope)) !== null) {
      const attrs = m[1];
      const typeM = attrs.match(/\btype=["']([^"']*)["']/i);
      if (typeM && typeM[1].toLowerCase() === 'file') continue;
      const nameM = attrs.match(/\bname=["']([^"']+)["']/i);
      if (!nameM) continue;
      const valM = attrs.match(/\bvalue=["']([^"']*)["']/i);
      fields[nameM[1]] = valM ? valM[1] : '';
    }
    return fields;
  }
  /**
@ -310,23 +202,14 @@ class DoodstreamUploader {
    // Get upload server
    const uploadUrl = await this._getUploadServer();
    // Remember which CDN node handled this upload so a later parse failure can
    // report it — failures sometimes correlate with a specific node.
    this._lastUploadUrl = uploadUrl;
    // Build multipart form
    const boundary = `----WebKitFormBoundary${crypto.randomBytes(16).toString('hex')}`;
-    // Build form parts. Submit the live form's fields (parsed in
+    // Build form parts
    // _getUploadServer) so our POST matches the browser; merge in sess_id (the
    // fresh node token) and keep utype=reg as a harmless compatibility extra.
    // Falls back to the minimal known-good set if the form wasn't parsed.
    const formFields = { utype: 'reg', ...(this._uploadFormFields || {}) };
    formFields.sess_id = this.sessId;
    let preamble = '';
-    for (const [name, value] of Object.entries(formFields)) {
+    preamble += `--${boundary}\r\nContent-Disposition: form-data; name="sess_id"\r\n\r\n${this.sessId}\r\n`;
-      preamble += `--${boundary}\r\nContent-Disposition: form-data; name="${name}"\r\n\r\n${value}\r\n`;
+    preamble += `--${boundary}\r\nContent-Disposition: form-data; name="utype"\r\n\r\nreg\r\n`;
    }
    const safeFileName = fileName.replace(/\\/g, '\\\\').replace(/"/g, '\\"');
    preamble += `--${boundary}\r\nContent-Disposition: form-data; name="file"; filename="${safeFileName}"\r\nContent-Type: application/octet-stream\r\n\r\n`;
@ -351,31 +234,19 @@ class DoodstreamUploader {
      yield epilogueBuf;
    }
-    let uploadRes;
+    const uploadRes = await request(uploadUrl, {
-    try {
+      method: 'POST',
-      uploadRes = await request(uploadUrl, {
+      headers: {
-        method: 'POST',
+        'Content-Type': `multipart/form-data; boundary=${boundary}`,
-        headers: {
+        'Content-Length': String(totalSize),
-          'Content-Type': `multipart/form-data; boundary=${boundary}`,
+        'User-Agent': USER_AGENT,
-          'Content-Length': String(totalSize),
+        'Cookie': this._cookieHeader()
-          'User-Agent': USER_AGENT,
+      },
-          'Cookie': this._cookieHeader()
+      body: generate(),
-        },
+      signal,
-        body: generate(),
+      bodyTimeout: UPLOAD_TIMEOUT,
-        signal,
+      headersTimeout: 60000
-        bodyTimeout: UPLOAD_TIMEOUT,
+    });
        headersTimeout: 60000
      });
    } catch (err) {
      // Label which phase failed so a future "fetch failed"/"terminated" is
      // attributable to the big upload POST vs the small bookend requests. The
      // original message is preserved as a substring so upload-manager's
      // transient classification still matches. NOTE: undici may surface
      // "terminated"/"other side closed", which are not yet in that transient
      // list — revisit if logs show them.
      const mb = Math.round(bytesRead / 1048576);
      throw new Error(`Doodstream Upload-POST (${mb} MB an ${uploadUrl}): ${err && err.message ? err.message : err}`);
    }
    const statusCode = uploadRes.statusCode;
    _debugLog(`Upload response status: ${statusCode}`);
@ -472,28 +343,15 @@ class DoodstreamUploader {
      _debugLog(`Submitting upload_result to ${BASE_URL}/ with fields: ${JSON.stringify(hiddenFields)}`);
      const formData = new URLSearchParams(hiddenFields);
-      let followText = '';
+      const followRes = await this._fetch(BASE_URL + '/', {
-      try {
+        method: 'POST',
-        const followRes = await this._fetch(BASE_URL + '/', {
+        headers: {
-          method: 'POST',
+          'Content-Type': 'application/x-www-form-urlencoded',
-          headers: {
+          'Referer': BASE_URL + '/'
-            'Content-Type': 'application/x-www-form-urlencoded',
+        },
-            'Referer': BASE_URL + '/'
+        body: formData.toString()
-          },
+      });
-          body: formData.toString()
+      const followText = await followRes.text();
        });
        followText = await followRes.text();
      } catch (err) {
        // The file already uploaded to the CDN; this POST only registers it on
        // doodstream's side. If it fails transiently (even after _fetch's own
        // retries) but we already hold the filecode, the upload succeeded from
        // the user's view — return it rather than discarding a done upload.
        if (fnCode && fnCode.length >= 8) {
          _debugLog(`upload_result submit failed (${err && err.message}); using fn ${fnCode}`);
          return this._buildResult(fnCode);
        }
        throw err;
      }
      _debugLog(`upload_result response (first 500): ${followText.slice(0, 500)}`);
      // Try to find filecode in result page
@ -513,28 +371,7 @@ class DoodstreamUploader {
        return this._buildResult(dlMatch[1]);
      }
-      // No filecode anywhere. Surface WHY: XFileSharing puts the real reason
+      throw new Error(`Doodstream Upload: upload_result Seite hat keinen filecode (${followText.slice(0, 150)})`);
      // in the `st` field (anything other than "OK" means the backend refused
      // the file — copyright/hash match, duplicate, size, quota, …). The
      // download link being empty while the page structure is unchanged points
      // at doodstream's backend, not at a parsing bug on our side.
      const st = hiddenFields.st || '';
      const fnInfo = fnCode ? `"${fnCode}"(len ${fnCode.length})` : 'fehlt/leer';
      const node = this._lastUploadUrl || '?';
      _debugLog(`No filecode. st=${st} fn=${fnInfo} node=${node} CDN-body=${(resText || '').slice(0, 400)}`);
      if (st && st !== 'OK') {
        throw new Error(`Doodstream lehnt Datei ab (Server-Status: ${st}). CDN=${node}`);
      }
      // Empty form (no fn, no st) is a doodstream-side processing flake — same
      // account + same file works on a later attempt. Tag it explicitly so the
      // upload-manager classifies this as a hoster-transient error and does NOT
      // blacklist the account (otherwise one of these flakes poisons the whole
      // session and later batches hit `pre-job-swap-blocked` for no fault of
      // the account). The flag is the primary signal; the message text is a
      // belt-and-suspenders regex fallback in the classifier.
      const emptyLinkErr = new Error(`Doodstream Upload: kein Filecode — Server gab leeren Link zurueck (st=${st || '?'}, fn=${fnInfo}, CDN=${node}). CDN-Antwort: ${(resText || '').slice(0, 200)}`);
      emptyLinkErr.hosterTransient = true;
      throw emptyLinkErr;
    }
    // 4. Fallback: follow form action as-is (for non-XFS forms)
@ -616,85 +453,6 @@ class DoodstreamUploader {
      file_code: fileCode
    };
  }
  /**
   * Pull candidate API-key tokens out of a logged-in settings page. We do NOT
   * rely on knowing doodstream's exact (cookie-gated, unseen) settings DOM —
   * instead we gather every plausible long token from form-field values and
   * element contents, ranked so tokens near an "api" mention are tried first.
   * The caller validates each against the official API, so a wrong guess is
   * harmless (it just fails validation). Returned newest-/most-likely-first.
   */
  _extractApiKeyCandidates(html) {
    if (!html) return [];
    const cands = new Set();
    const patterns = [
      /value=["']([A-Za-z0-9]{20,})["']/gi,                                  // <input value="KEY">
      /<(?:textarea|code|span|pre|input)[^>]*>\s*([A-Za-z0-9]{20,})\s*</gi,   // <textarea>KEY</textarea>
      /\b(?:api[_-]?key|apikey)\b["':\s=>]*["']?([A-Za-z0-9]{20,})/gi         // api_key: "KEY"
    ];
    for (const re of patterns) {
      let m;
      while ((m = re.exec(html)) !== null) cands.add(m[1]);
    }
    // Rank tokens whose preceding context mentions "api" ahead of the rest.
    return [...cands]
      .map(t => {
        const idx = html.indexOf(t);
        const ctx = html.slice(Math.max(0, idx - 160), idx).toLowerCase();
        return { t, near: /api/.test(ctx) ? 0 : 1 };
      })
      .sort((a, b) => a.near - b.near)
      .map(s => s.t);
  }
  /**
   * Validate a candidate key against the official API. Only the account's real
   * key returns status 200, so this is what makes the brute-force extraction
   * safe regardless of the settings-page markup.
   */
  async _validateApiKey(key) {
    try {
      const res = await fetch(`https://doodapi.co/api/account/info?key=${encodeURIComponent(key)}`, {
        method: 'GET', redirect: 'follow', signal: AbortSignal.timeout(15000)
      });
      const json = await res.json().catch(() => null);
      return !!(json && Number(json.status) === 200);
    } catch {
      return false;
    }
  }
  /**
   * Derive the account's doodapi API key from the logged-in web session, so a
   * login-only account can upload via the reliable JSON API (which returns the
   * filecode directly) instead of the fragile web upload form. Best-effort:
   * returns null if no valid key can be found, and the caller falls back to the
   * web-form upload. Requires login() to have run first (needs the cookies).
   */
  async deriveApiKey() {
    if (this.apiKey) return this.apiKey;
    let html = '';
    for (const page of ['/?op=my_account', '/settings', '/?op=profile']) {
      try {
        const res = await this._fetch(BASE_URL + page);
        const text = await res.text();
        if (text && /api[\s_-]?key/i.test(text)) { html = text; break; }
        if (text && !html) html = text;
      } catch { /* try next page */ }
    }
    const candidates = this._extractApiKeyCandidates(html);
    // Cap validation calls (rate limit 10/s; settings page yields few tokens).
    for (const key of candidates.slice(0, 15)) {
      if (await this._validateApiKey(key)) {
        this.apiKey = key;
        _debugLog(`api-key derive: validated key (len ${key.length})`);
        return key;
      }
    }
    _debugLog(`api-key derive: ${candidates.length} candidate(s), none validated. settings html(2500)=${(html || '').slice(0, 2500)}`);
    return null;
  }
 }
 module.exports = DoodstreamUploader;
--- a/lib/file-probe.js
+++ b/lib/file-probe.js
@ -1,73 +0,0 @@
 const fs = require('fs');
 const SIGNATURES = [
  { kind: 'mp4-iso', test: (b) => b.length >= 12 && b.slice(4, 8).toString('ascii') === 'ftyp' },
  { kind: 'matroska', test: (b) => b.length >= 4 && b[0] === 0x1A && b[1] === 0x45 && b[2] === 0xDF && b[3] === 0xA3 },
  { kind: 'avi', test: (b) => b.length >= 12 && b.slice(0, 4).toString('ascii') === 'RIFF' && b.slice(8, 12).toString('ascii') === 'AVI ' },
  { kind: 'wav', test: (b) => b.length >= 12 && b.slice(0, 4).toString('ascii') === 'RIFF' && b.slice(8, 12).toString('ascii') === 'WAVE' },
  { kind: 'flv', test: (b) => b.length >= 3 && b.slice(0, 3).toString('ascii') === 'FLV' },
  { kind: 'asf-wmv', test: (b) => b.length >= 4 && b[0] === 0x30 && b[1] === 0x26 && b[2] === 0xB2 && b[3] === 0x75 },
  { kind: 'mpeg-ps', test: (b) => b.length >= 4 && b[0] === 0x00 && b[1] === 0x00 && b[2] === 0x01 && (b[3] === 0xBA || b[3] === 0xB3) },
  { kind: 'mpeg-ts', test: (b) => b.length >= 1 && b[0] === 0x47 },
  { kind: 'mp3', test: (b) => b.length >= 3 && (b.slice(0, 3).toString('ascii') === 'ID3' || (b[0] === 0xFF && (b[1] & 0xE0) === 0xE0)) },
  { kind: 'ogg', test: (b) => b.length >= 4 && b.slice(0, 4).toString('ascii') === 'OggS' },
  { kind: 'jpeg', test: (b) => b.length >= 3 && b[0] === 0xFF && b[1] === 0xD8 && b[2] === 0xFF },
  { kind: 'png', test: (b) => b.length >= 8 && b[0] === 0x89 && b.slice(1, 4).toString('ascii') === 'PNG' },
  { kind: 'pdf', test: (b) => b.length >= 5 && b.slice(0, 5).toString('ascii') === '%PDF-' },
  { kind: 'zip', test: (b) => b.length >= 4 && b[0] === 0x50 && b[1] === 0x4B && (b[2] === 0x03 || b[2] === 0x05 || b[2] === 0x07) },
  { kind: 'html', test: (b) => {
    const s = b.toString('ascii', 0, Math.min(b.length, 64)).trimStart().toLowerCase();
    return s.startsWith('<!doctype html') || s.startsWith('<html');
  } }
 ];
 const VIDEO_KINDS = new Set(['mp4-iso', 'matroska', 'avi', 'flv', 'asf-wmv', 'mpeg-ps', 'mpeg-ts']);
 function detectKind(buf) {
  if (!buf || buf.length === 0) return 'empty';
  for (const sig of SIGNATURES) {
    try { if (sig.test(buf)) return sig.kind; } catch { /* ignore malformed buffer slice */ }
  }
  return 'unknown';
 }
 function isVideoLikeKind(kind) {
  return VIDEO_KINDS.has(kind);
 }
 function probeFileHead(filePath, bytes) {
  const want = Number.isFinite(bytes) && bytes > 0 ? bytes : 64;
  return new Promise((resolve) => {
    fs.open(filePath, 'r', (err, fd) => {
      if (err) return resolve({ ok: false, error: err.message, kind: 'unreadable' });
      const buf = Buffer.alloc(want);
      fs.read(fd, buf, 0, want, 0, (rerr, bytesRead) => {
        fs.close(fd, () => {});
        if (rerr) return resolve({ ok: false, error: rerr.message, kind: 'unreadable' });
        const slice = buf.slice(0, bytesRead);
        resolve({
          ok: true,
          bytesRead,
          kind: detectKind(slice),
          isVideoLike: isVideoLikeKind(detectKind(slice)),
          headHex: slice.toString('hex')
        });
      });
    });
  });
 }
 function summarizeFileStat(filePath) {
  try {
    const st = fs.statSync(filePath);
    return {
      size: st.size,
      mtime: st.mtime.toISOString(),
      isFile: st.isFile()
    };
  } catch (err) {
    return { error: err.message };
  }
 }
 module.exports = { detectKind, isVideoLikeKind, probeFileHead, summarizeFileStat, VIDEO_KINDS, SIGNATURES };
--- a/lib/hosters.js
+++ b/lib/hosters.js
@ -34,10 +34,7 @@ const HOSTER_CONFIGS = {
  'doodstream.com': {
    apiBase: 'https://doodapi.co',
    serverEndpoints: ['/api/upload/server'],
-    // No hardcoded fallback node: that stale CDN host (tr1128ve.cloudatacdn.com)
+    fallbackUploadServers: ['https://tr1128ve.cloudatacdn.com/upload/01'],
    // accepts the bytes but returns an empty result form with no filecode, so a
    // failed server lookup must throw cleanly rather than upload ~1 GB into a
    // dead end. (Same reasoning as the web-session path's fail-fast.)
    buildUploadUrl: (url, key) => appendRawQuery(url, key),
    formFields: (key) => ({ api_key: key }),
    parseResult: parseDoodstreamResult
@ -163,9 +160,7 @@ function sleep(ms, signal) {
 // Doodstream: { result: [{ download_url, protected_embed, filecode, protected_dl }] }
 function parseDoodstreamResult(payload) {
  let item = {};
-  // Defensive: also handle direct callers that bypass uploadFile's payload
+  const result = payload.result;
  // normalisation (e.g. unit tests, future callers).
  const result = payload && payload.result;
  if (Array.isArray(result) && result.length > 0) {
    item = result[0];
  } else if (result && typeof result === 'object') {
@ -200,20 +195,18 @@ function parseVoeResult(payload) {
 // Byse: { files: [{ filecode, filename, status }] }
 function parseByseResult(payload) {
  // Defensive: bypass-callers may pass null/non-object directly.
  if (!payload || typeof payload !== 'object') payload = {};
  let file_code = null;
  let perFileError = null;
  // Primary: files array (per official Byse API docs)
  if (Array.isArray(payload.files) && payload.files.length > 0) {
    const f = payload.files[0];
-    file_code = f && (f.filecode || f.file_code) || null;
+    file_code = f.filecode || f.file_code || null;
    // Byse returns HTTP 200 + msg=OK even when a specific file was rejected
    // ("Not video file format", "Duplicate", "File too small", ...). When
    // filecode is empty and status carries a non-OK message, that IS the
    // actual per-file error, not a server problem.
-    if (!file_code && f && f.status && !/^(ok|success|done)$/i.test(String(f.status))) {
+    if (!file_code && f.status && !/^(ok|success|done)$/i.test(String(f.status))) {
      perFileError = String(f.status).trim();
    }
  }
@ -378,13 +371,7 @@ async function getUploadServer(hosterName, hosterConfig, apiKey, signal) {
  }
  if (lastMessage) {
-    const e = new Error(`Kein Upload-Server erhalten: ${lastMessage}`);
+    throw new Error(`Kein Upload-Server erhalten: ${lastMessage}`);
    // "no servers available" / busy / try-again is a transient hoster-side
    // condition, not an account fault — tag it so the account isn't blacklisted.
    // Genuine auth failures (invalid key / unauthorized / forbidden) make
    // shouldRetryServerLookup return false and stay classified as account errors.
    if (shouldRetryServerLookup(lastMessage)) e.hosterTransient = true;
    throw e;
  }
  throw new Error('Kein Upload-Server erhalten. API-Key pruefen.');
 }
@ -428,12 +415,9 @@ async function _resolveByseUploadByName(apiKey, fileName, baselineCodes, signal)
    if (signal && signal.aborted) return null;
    const list = await _fetchByseFileList(apiKey, signal);
    const newFiles = list.filter(f => !baselineCodes.has(f.file_code));
-    // Exact-normalized filename match ONLY. The old fallback ("only one new
+    // Prefer exact filename match (ignoring case/punctuation/extension)
-    // file → take it") was unsafe during parallel byse uploads: job A's
+    const match = newFiles.find(f => _normalizeFileTitle(f.file_name) === expected)
-    // poller could claim job B's newly appeared file and return the wrong
+      || (newFiles.length === 1 ? newFiles[0] : null);
    // URL. At the cost of a few false-negatives when byse mangles the
    // filename beyond our normalizer, correctness for parallel uploads wins.
    const match = newFiles.find(f => _normalizeFileTitle(f.file_name) === expected);
    if (match) {
      return {
        download_url: `https://byse.sx/d/${match.file_code}`,
@ -446,80 +430,17 @@ async function _resolveByseUploadByName(apiKey, fileName, baselineCodes, signal)
  return null;
 }
-async function _fetchDoodstreamFileList(apiKey, signal) {
+async function uploadFile(hosterName, filePath, apiKey, onProgress, signal, throttle) {
  // doodapi.co file list: { msg, status:200, result: { files: [{ file_code, title, uploaded, ... }] } }
  // sort=created&order=desc forces newest-first — VERIFIED against a real 90k-file
  // account, where a single page without it could miss a just-uploaded file. The
  // recovery only needs the most recent uploads, so page 1 newest-first suffices.
  const url = `https://doodapi.co/api/file/list?key=${encodeURIComponent(apiKey)}&per_page=200&sort=created&order=desc`;
  try {
    const { body, statusCode } = await request(url, {
      method: 'GET', signal,
      headers: { 'Accept': 'application/json', 'User-Agent': 'multi-hoster-uploader/1.1' },
      headersTimeout: 30_000, bodyTimeout: 30_000
    });
    const text = await body.text();
    if (statusCode < 200 || statusCode >= 300) return [];
    const data = JSON.parse(text);
    const files = data && data.result && Array.isArray(data.result.files) ? data.result.files : [];
    return files.map(f => ({
      file_code: String(f.file_code || f.filecode || '').trim(),
      file_name: String(f.title || f.file_name || f.name || '').trim()
    })).filter(f => f.file_code);
  } catch {
    return [];
  }
 }
 const DOODSTREAM_POLL = { attempts: 12, delayMs: 2500 }; // test-tunable via __test
 async function _resolveDoodstreamUploadByName(apiKey, fileName, baselineCodes, signal) {
  // Same recovery byse uses: the upload POST returned no filecode, but the file
  // may register in the account a little later. Poll the list for a NEW file
  // whose normalized title matches what we uploaded. Exact-name match only
  // (never "take the only new one") so parallel doodstream uploads can't claim
  // each other's files.
  const expected = _normalizeFileTitle(fileName);
  const POLL_ATTEMPTS = DOODSTREAM_POLL.attempts;
  const POLL_DELAY_MS = DOODSTREAM_POLL.delayMs;
  for (let i = 0; i < POLL_ATTEMPTS; i++) {
    if (signal && signal.aborted) return null;
    const list = await _fetchDoodstreamFileList(apiKey, signal);
    const fresh = list.filter(f => !baselineCodes.has(f.file_code));
    const match = fresh.find(f => _normalizeFileTitle(f.file_name) === expected);
    if (match) {
      return {
        download_url: `https://doodstream.com/d/${match.file_code}`,
        embed_url: `https://doodstream.com/e/${match.file_code}`,
        file_code: match.file_code
      };
    }
    if (i < POLL_ATTEMPTS - 1) await sleep(POLL_DELAY_MS, signal);
  }
  return null;
 }
 async function uploadFile(hosterName, filePath, apiKey, onProgress, signal, throttle, opts) {
  const config = HOSTER_CONFIGS[hosterName];
  if (!config) throw new Error(`Unbekannter Hoster: ${hosterName}`);
  // For byse: snapshot the current file-code list so the post-upload poller
  // can identify new arrivals even when the initial POST response has an
  // empty filecode.
  let byseBaseline = null;
  if (hosterName === 'byse.sx') {
-    if (opts && opts.byseBaseline instanceof Set) {
+    const baseline = await _fetchByseFileList(apiKey, signal);
-      byseBaseline = opts.byseBaseline;
+    byseBaseline = new Set(baseline.map(f => f.file_code));
    } else {
      const baseline = await _fetchByseFileList(apiKey, signal);
      byseBaseline = new Set(baseline.map(f => f.file_code));
    }
  }
  let doodBaseline = null;
  if (hosterName === 'doodstream.com') {
    if (opts && opts.doodBaseline instanceof Set) {
      doodBaseline = opts.doodBaseline;
    } else {
      const baseline = await _fetchDoodstreamFileList(apiKey, signal);
      doodBaseline = new Set(baseline.map(f => f.file_code));
    }
  }
  // Step 1: Get upload server
@ -555,16 +476,6 @@ async function uploadFile(hosterName, filePath, apiKey, onProgress, signal, thro
      `Upload-Antwort von ${hosterName} war kein JSON (HTTP ${statusCode}${snippet ? `): ${snippet}` : ')'}`
    );
  }
  // Normalize valid-but-not-object JSON (JSON.parse('null') → null;
  // JSON.parse('"foo"') → string; JSON.parse('[1]') → array). Without this
  // the downstream `payload.msg` / `payload.status` / parseResult(payload)
  // calls crash with a confusing TypeError instead of letting the existing
  // fallback defaults kick in. Arrays from servers that return a top-level
  // list (rare but seen in the wild) are kept addressable as `payload.X`
  // → undefined, which the parsers already handle.
  if (payload === null || typeof payload !== 'object') {
    payload = {};
  }
  if (statusCode < 200 || statusCode >= 300) {
    throw new Error(
@ -583,17 +494,6 @@ async function uploadFile(hosterName, filePath, apiKey, onProgress, signal, thro
  try {
    result = config.parseResult(payload);
  } catch (err) {
    if (err && typeof err === 'object' && !err.diagnostic) {
      try {
        err.diagnostic = {
          hoster: hosterName,
          http: statusCode,
          contentType: (headers && headers['content-type']) || null,
          payloadSnippet: JSON.stringify(payload).slice(0, 1000),
          uploadUrl: targetUrl
        };
      } catch { /* JSON cycle — skip diagnostic */ }
    }
    parseErr = err;
  }
  if (result && (result.file_code || result.download_url || result.embed_url)) {
@ -611,15 +511,6 @@ async function uploadFile(hosterName, filePath, apiKey, onProgress, signal, thro
    if (polled) return polled;
  }
  // Doodstream: the doodapi upload POST returned no filecode (the same backend
  // hiccup that empties the web form). Poll the account file list by name — if
  // the file did register, claim its code instead of failing the upload.
  if (hosterName === 'doodstream.com' && doodBaseline) {
    const fileName = path.basename(filePath);
    const polled = await _resolveDoodstreamUploadByName(apiKey, fileName, doodBaseline, signal);
    if (polled) return polled;
  }
  if (parseErr) throw parseErr;
  if (payload.success === false) {
@ -634,45 +525,18 @@ async function uploadFile(hosterName, filePath, apiKey, onProgress, signal, thro
  const isOkishNoPayload = /^(ok|success|done|accepted)$/i.test(msg);
  if (isOkishNoPayload || !msg) {
    const snippet = JSON.stringify(payload).slice(0, 400);
-    // 2xx with no filecode: the hoster accepted the upload (bytes sent, status
+    throw new Error(
    // OK) but returned no usable link. For doodstream this is the API-path
    // analog of the web empty-form — the backend file-registration timing out
    // under large-file load. It's a hoster-side flake, NOT an account problem,
    // so tag it hosterTransient: the upload-manager then fails this file WITHOUT
    // blacklisting the account (same protection the web path got in 3.3.29) and
    // the account stays usable for the next retry/batch.
    const err = new Error(
      `Upload zu ${hosterName} lieferte keine file_code-Antwort (Payload: ${snippet})`
    );
    err.hosterTransient = true;
    throw err;
  }
  throw new Error(msg);
 }
 async function prefetchBaseline(hosterName, apiKey, signal) {
  try {
    if (hosterName === 'byse.sx') {
      const baseline = await _fetchByseFileList(apiKey, signal);
      return new Set(baseline.map(f => f.file_code));
    }
    if (hosterName === 'doodstream.com') {
      const baseline = await _fetchDoodstreamFileList(apiKey, signal);
      return new Set(baseline.map(f => f.file_code));
    }
  } catch { /* leave caller to fall back to per-job fetch */ }
  return null;
 }
 module.exports = {
  uploadFile,
  prefetchBaseline,
  HOSTER_CONFIGS,
  __test: {
    extractUploadServerUrl,
-    parseVoeResult,
+    parseVoeResult
    parseDoodstreamResult,
    parseByseResult,
    DOODSTREAM_POLL
  }
 };
--- a/lib/log-mode.js
+++ b/lib/log-mode.js
@ -1,107 +0,0 @@
 // Log-file mode resolution for fileuploader.log:
 //   - "single"  → one file:   fileuploader.log
 //   - "daily"   → per-day:    fileuploader-YYYY-MM-DD.log
 //   - "session" → per-launch: fileuploader-session-YYYY-MM-DD_HH-MM-SS-<pid>.log
 //
 // Pure functions only — no fs, no Date.now() at call time — so they unit-test
 // cleanly and the main.js call sites pass in `new Date()` + the session stamp.
 //
 // MIGRATION TRAP this lib protects against: the legacy boolean was named
 // `sessionLog` but actually toggled *daily* mode. A naive rename would silently
 // flip every per-day user onto per-session. normalizeLogMode below maps the
 // legacy `sessionLog: true` to "daily", NOT "session". Read logMode everywhere
 // downstream; do not derive from sessionLog at call sites.
 //
 // Loaded both as CommonJS (main.js, tests) and as a browser global
 // (renderer/app.js via index.html script tag) so a single implementation backs
 // runtime and tests — same pattern as queue-prune.js / queue-dedup.js.
 (function (root) {
  'use strict';
  const VALID_MODES = new Set(['single', 'daily', 'session']);
  function normalizeLogMode(globalSettings) {
    const gs = globalSettings && typeof globalSettings === 'object' ? globalSettings : {};
    if (typeof gs.logMode === 'string' && VALID_MODES.has(gs.logMode)) {
      return gs.logMode;
    }
    // Legacy boolean migration: sessionLog *named* like "session" but actually
    // implemented "daily" — preserve daily users on the migration path.
    if (gs.sessionLog === true) return 'daily';
    return 'single';
  }
  function _two(n) { return String(n).padStart(2, '0'); }
  function formatDateStamp(date) {
    return `${date.getFullYear()}-${_two(date.getMonth() + 1)}-${_two(date.getDate())}`;
  }
  function formatSessionStamp(date, pid) {
    const d = `${date.getFullYear()}-${_two(date.getMonth() + 1)}-${_two(date.getDate())}`;
    const t = `${_two(date.getHours())}-${_two(date.getMinutes())}-${_two(date.getSeconds())}`;
    // PID disambiguates a same-second close→reopen — a human can't but two
    // automated runs might. Cheap belt to a suspenders-not-required problem.
    const pidStr = pid !== undefined && pid !== null ? `-${pid}` : '';
    return `${d}_${t}${pidStr}`;
  }
  /**
   * Compute the log filename for the given mode + clock.
   * @param {Object} args
   * @param {string} args.baseName    e.g. "fileuploader"
   * @param {string} args.ext         e.g. ".log"
   * @param {string} args.mode        "single" | "daily" | "session"
   * @param {Date}   args.date        current timestamp
   * @param {string} [args.sessionId] required when mode === "session"
   * @returns {string} the bare filename (no directory)
   */
  function resolveLogFileName(args) {
    const a = args || {};
    const base = String(a.baseName || 'fileuploader');
    const ext = String(a.ext || '.log');
    const mode = VALID_MODES.has(a.mode) ? a.mode : 'single';
    if (mode === 'single') return `${base}${ext}`;
    if (mode === 'daily') {
      const date = a.date instanceof Date ? a.date : new Date();
      return `${base}-${formatDateStamp(date)}${ext}`;
    }
    // session
    const sid = a.sessionId && String(a.sessionId).trim();
    if (sid) return `${base}-session-${sid}${ext}`;
    // Defensive: if a session-id wasn't passed, fall back to single rather
    // than emit a malformed name. main.js always supplies one.
    return `${base}${ext}`;
  }
  /**
   * Reverse of resolveLogFileName: given a full filename like
   * "fileuploader-2026-06-03.log" or
   * "fileuploader-session-2026-06-03_18-16-20-8132.log", strip the mode-stamp
   * so the bare base ("fileuploader.log") remains. Used when persisting an
   * auto-resolved fallback path back into config — otherwise the saved path
   * would keep growing a new stamp on every reload.
   */
  function stripModeStampFromFileName(fileName) {
    if (!fileName || typeof fileName !== 'string') return fileName;
    // Order matters: session first (longer, more specific) before daily.
    // Both regexes are anchored to $ with no nested/ambiguous quantifiers, so
    // matching is linear — the eslint security warning is precautionary.
    // eslint-disable-next-line security/detect-unsafe-regex
    const sessionRe = /-session-\d{4}-\d{2}-\d{2}_\d{2}-\d{2}-\d{2}(?:-\d+)?(\.[^.]+)?$/;
    // eslint-disable-next-line security/detect-unsafe-regex
    const dailyRe = /-\d{4}-\d{2}-\d{2}(\.[^.]+)?$/;
    let out = fileName.replace(sessionRe, (m, ext) => ext || '');
    out = out.replace(dailyRe, (m, ext) => ext || '');
    return out;
  }
  const api = { normalizeLogMode, resolveLogFileName, formatDateStamp, formatSessionStamp, stripModeStampFromFileName, VALID_MODES };
  if (typeof module !== 'undefined' && module.exports) {
    module.exports = api;
  } else if (root) {
    root.LogMode = api;
  }
 })(typeof window !== 'undefined' ? window : this);
--- a/lib/log-policy.js
+++ b/lib/log-policy.js
@ -1,17 +0,0 @@
 // Per-hoster upload-log policy. Decides whether a hoster's successful upload
 // links get written to fileuploader.log. Pure + dependency-free so it's
 // trivially unit-testable and shared between the runtime decision and tests.
 //
 // Contract: logging is ON unless the hoster's settings explicitly set
 // logToFile === false. Missing settings / missing hoster / malformed input
 // all default to ON, so the feature is strictly opt-out and never silently
 // drops links because a config key wasn't present.
 function hosterLogToFileEnabled(hosterSettings, hoster) {
  if (!hosterSettings || typeof hosterSettings !== 'object') return true;
  const hs = hosterSettings[hoster];
  if (!hs || typeof hs !== 'object') return true;
  return hs.logToFile !== false;
 }
 module.exports = { hosterLogToFileEnabled };
--- a/lib/log-rotation.js
+++ b/lib/log-rotation.js
@ -1,52 +0,0 @@
 // Generic numbered-backup log rotation. Used by the upload log + can be
 // reused by other long-lived log files (debug log, account-rotation log).
 //
 // Behaviour:
 // - File missing → no-op, returns false.
 // - File ≤ maxBytes → no-op, returns false.
 // - File > maxBytes → drop oldest .N backup, shift .K → .K+1, rename live
 //   file to .1, return true. Caller (or the next append) creates a fresh
 //   primary on demand.
 //
 // Errors are reported via `log` (e.g. debugLog) but never thrown — rotation
 // is best-effort; the caller's append happens anyway.
 const fs = require('fs');
 const path = require('path');
 function maybeRotateLogFile(filePath, maxBytes, maxBackups = 3, log = () => {}) {
  if (!filePath || !Number.isFinite(maxBytes) || maxBytes <= 0) return false;
  let size = 0;
  try {
    const st = fs.statSync(filePath);
    size = st.size;
  } catch (err) {
    // ENOENT is normal — nothing to rotate yet.
    if (err && err.code !== 'ENOENT') {
      log(`logRotation: stat ${filePath} failed: ${err.message}`);
    }
    return false;
  }
  if (size <= maxBytes) return false;
  const ext = path.extname(filePath);
  const base = filePath.slice(0, filePath.length - ext.length);
  // Drop the oldest backup if it exists, then shift each numbered backup up
  // one slot. Errors are ignored: missing intermediate backups are normal,
  // failed renames just mean we'll rotate again next time.
  try { fs.unlinkSync(`${base}.${maxBackups}${ext}`); } catch {}
  for (let i = maxBackups - 1; i >= 1; i--) {
    try { fs.renameSync(`${base}.${i}${ext}`, `${base}.${i + 1}${ext}`); } catch {}
  }
  try {
    fs.renameSync(filePath, `${base}.1${ext}`);
    log(`logRotation: rotated ${filePath} (${(size / 1024 / 1024).toFixed(1)} MB) → ${base}.1${ext}`);
    return true;
  } catch (err) {
    log(`logRotation: rename ${filePath} → ${base}.1${ext} failed: ${err.message}`);
    return false;
  }
 }
 module.exports = { maybeRotateLogFile };
--- a/lib/queue-dedup.js
+++ b/lib/queue-dedup.js
@ -1,65 +0,0 @@
 // Startup queue auto-dedup logic. Extracted from renderer/app.js
 // _autoDeduplicateFromLog so the decision can be unit-tested without a DOM or
 // the renderer's module-level state.
 //
 // Loaded both as a CommonJS module (Node tests) and as a browser global
 // (renderer/app.js via index.html script tag) so a single implementation backs
 // runtime and tests — no drift.
 //
 // Behaviour: on launch the restored queue is compared against the lifetime
 // upload log. ONLY genuinely-completed ('done') jobs that also appear in the
 // log are dropped — that's pure decluttering of work that already finished.
 //
 // Pending jobs (preview / queued) and failed ones (error / aborted) are NEVER
 // dropped here, even if a same-name+hoster line exists in the log. Those are
 // work the user intentionally has queued (often a deliberate re-upload of a
 // file that was uploaded before). The old code filtered on log-presence alone,
 // regardless of status, so the ENTIRE restored queue vanished on the next
 // restart/update whenever the files had been uploaded previously — surfacing as
 // an empty "Dateien hierhin ziehen oder klicken" queue. Manual log import
 // (importUploadLog) stays separate and explicit for users who do want bulk
 // dedup of pending jobs.
 (function (root) {
  'use strict';
  function _key(fileName, hoster) {
    return `${String(fileName).toLowerCase()}|${String(hoster).toLowerCase()}`;
  }
  /**
   * Partition restored queue jobs into kept vs removed, given lifetime log
   * entries. Removes only 'done' jobs whose fileName|hoster is in the log.
   * @param {Array<{status:string,fileName:string,hoster:string}>} jobs
   * @param {Array<{fileName:string,hoster:string}>} logEntries
   * @returns {{ kept: Array, removed: Array }}
   */
  function partitionRestoredJobsByLog(jobs, logEntries) {
    const kept = [];
    const removed = [];
    if (!Array.isArray(jobs) || jobs.length === 0) return { kept, removed };
    const logKeys = new Set();
    for (const e of (Array.isArray(logEntries) ? logEntries : [])) {
      if (e && e.fileName && e.hoster) logKeys.add(_key(e.fileName, e.hoster));
    }
    for (const job of jobs) {
      const isDone = job && job.status === 'done' && job.fileName && job.hoster;
      if (isDone && logKeys.has(_key(job.fileName, job.hoster))) {
        removed.push(job);
      } else {
        kept.push(job);
      }
    }
    return { kept, removed };
  }
  const api = { partitionRestoredJobsByLog };
  if (typeof module !== 'undefined' && module.exports) {
    module.exports = api;
  } else if (root) {
    root.QueueDedup = api;
  }
 })(typeof window !== 'undefined' ? window : this);
--- a/lib/queue-prune.js
+++ b/lib/queue-prune.js
@ -1,59 +0,0 @@
 // Queue auto-prune logic. Extracted from renderer/app.js handleBatchDone so
 // the algorithm can be unit-tested without needing a DOM or the renderer's
 // module-level state (queueJobs, _jobIndexById).
 //
 // Loaded both as a CommonJS module (Node tests) and as a browser global
 // (renderer/app.js via index.html script tag) so the same single
 // implementation backs both runtime and tests — no drift between them.
 //
 // Behaviour: when the number of terminal-status jobs (done / skipped /
 // error / aborted) in the queue exceeds `limit`, drop the oldest terminal
 // jobs (insertion order) until we're back at the limit. Non-terminal jobs
 // (queued / preview / uploading / retrying / getting-server) are always
 // kept — those are work the user can still act on. Without this cap a
 // long session accumulates thousands of done rows and every render becomes
 // O(N) on a perpetually-growing N.
 (function (root) {
  'use strict';
  const TERMINAL_STATUSES = new Set(['done', 'skipped', 'error', 'aborted']);
  /**
   * Compute which jobs to keep vs drop, given a queue and a terminal-jobs cap.
   * @param {Array<{id: string, status: string}>} jobs the current queue
   * @param {number} limit max terminal jobs to keep
   * @returns {null | { kept: Array, dropped: Array }} null when nothing changed
   */
  function pruneOldestTerminalJobs(jobs, limit) {
    if (!Array.isArray(jobs) || jobs.length === 0) return null;
    if (!Number.isFinite(limit) || limit < 0) return null;
    // Walk once, record indices of terminal jobs in insertion order.
    const terminalIdxs = [];
    for (let i = 0; i < jobs.length; i++) {
      const j = jobs[i];
      if (j && TERMINAL_STATUSES.has(j.status)) terminalIdxs.push(i);
    }
    if (terminalIdxs.length <= limit) return null;
    const dropCount = terminalIdxs.length - limit;
    const dropSet = new Set(terminalIdxs.slice(0, dropCount));
    const kept = [];
    const dropped = [];
    for (let i = 0; i < jobs.length; i++) {
      if (dropSet.has(i)) dropped.push(jobs[i]);
      else kept.push(jobs[i]);
    }
    return { kept, dropped };
  }
  const api = { pruneOldestTerminalJobs, TERMINAL_STATUSES };
  if (typeof module !== 'undefined' && module.exports) {
    module.exports = api;
  } else if (root) {
    root.QueuePrune = api;
  }
 })(typeof window !== 'undefined' ? window : this);
--- a/lib/stats.js
+++ b/lib/stats.js
@ -1,142 +0,0 @@
 (function (root) {
  function summarizePerHoster(history, opts) {
    const out = {};
    if (!Array.isArray(history)) return out;
    const cutoff = opts && Number.isFinite(opts.sinceMs) ? opts.sinceMs : null;
    const limitBatches = opts && Number.isFinite(opts.lastNBatches) && opts.lastNBatches > 0 ? opts.lastNBatches : null;
    const entries = [...history];
    entries.sort((a, b) => {
      const ta = a && a.timestamp ? Date.parse(a.timestamp) : 0;
      const tb = b && b.timestamp ? Date.parse(b.timestamp) : 0;
      return tb - ta;
    });
    const sliced = limitBatches ? entries.slice(0, limitBatches) : entries;
    for (const batch of sliced) {
      if (!batch || !Array.isArray(batch.files)) continue;
      if (cutoff !== null) {
        const ts = batch.timestamp ? Date.parse(batch.timestamp) : 0;
        if (!ts || ts < cutoff) continue;
      }
      for (const file of batch.files) {
        if (!file || !Array.isArray(file.results)) continue;
        for (const r of file.results) {
          if (!r || !r.hoster) continue;
          const bucket = out[r.hoster] || (out[r.hoster] = { ok: 0, fail: 0, total: 0 });
          bucket.total++;
          if (r.status === 'done') bucket.ok++;
          else bucket.fail++;
        }
      }
    }
    for (const h of Object.keys(out)) {
      const b = out[h];
      b.rate = b.total > 0 ? b.ok / b.total : null;
    }
    return out;
  }
  function classifyErrorCategory(err) {
    if (!err || typeof err !== 'string') return 'unknown';
    const s = err.toLowerCase();
    if (/abgebrochen|aborted|cancel/.test(s)) return 'aborted';
    if (/not video file format|kein videoformat|invalid file|wrong format|duplicate|already exists|file too (small|big|large)|datei zu (gro|klein)/.test(s)) return 'file-rejected';
    if (/quota|storage (full|exhausted|voll)|account (full|banned|suspended)|disk (space )?full|insufficient (disk )?space|not enough (disk )?(space|storage)/.test(s)) return 'account-error';
    if (/csrf|kein upload-server|server.*?(busy|unavailable|try again)|no servers available|filecode|kein filecode|empty.*?(form|response)/.test(s)) return 'hoster-transient';
    if (/timeout|econnreset|enotfound|fetch failed|network|socket hang up|abort/.test(s)) return 'network';
    return 'unknown';
  }
  function summarizeBatchErrors(batchSummary) {
    const buckets = {
      'file-rejected': [],
      'account-error': [],
      'hoster-transient': [],
      'network': [],
      'unknown': [],
      'aborted': []
    };
    if (!batchSummary || !Array.isArray(batchSummary.files)) return buckets;
    for (const f of batchSummary.files) {
      if (!f || !Array.isArray(f.results)) continue;
      for (const r of f.results) {
        if (!r || r.status === 'done') continue;
        const cat = classifyErrorCategory(r.error);
        buckets[cat].push({
          fileName: f.name || f.fileName || '',
          hoster: r.hoster || '',
          error: r.error || '',
          jobId: r.jobId || null
        });
      }
    }
    return buckets;
  }
  const RETRYABLE_CATEGORIES = new Set(['hoster-transient', 'network', 'unknown']);
  function isRetryableCategory(cat) {
    return RETRYABLE_CATEGORIES.has(cat);
  }
  const CATEGORY_LABELS = {
    'file-rejected': 'Datei abgelehnt',
    'account-error': 'Account-Problem',
    'hoster-transient': 'Hoster-Flake',
    'network': 'Netzwerk',
    'unknown': 'Unbekannt',
    'aborted': 'Abgebrochen'
  };
  function formatLinks(rows, format) {
    if (!Array.isArray(rows)) return '';
    const safe = rows.filter(r => r && r.url);
    if (safe.length === 0) return '';
    switch (format) {
      case 'plain':
        return safe.map(r => r.url).join('\n');
      case 'bbcode':
        return safe.map(r => {
          const label = r.fileName || r.hoster || r.url;
          return `[url=${r.url}]${label}[/url]`;
        }).join('\n');
      case 'markdown':
        return safe.map(r => {
          const label = r.fileName || r.hoster || r.url;
          return `- [${label}](${r.url})`;
        }).join('\n');
      case 'html':
        return safe.map(r => {
          const label = r.fileName || r.hoster || r.url;
          return `<a href="${r.url}">${label}</a>`;
        }).join('\n');
      case 'csv': {
        const head = 'fileName,hoster,url\n';
        return head + safe.map(r => {
          const esc = (v) => `"${String(v || '').replace(/"/g, '""')}"`;
          return [esc(r.fileName), esc(r.hoster), esc(r.url)].join(',');
        }).join('\n');
      }
      case 'json':
        return JSON.stringify(safe.map(r => ({ fileName: r.fileName || '', hoster: r.hoster || '', url: r.url })), null, 2);
      default:
        return safe.map(r => r.url).join('\n');
    }
  }
  const api = {
    summarizePerHoster,
    classifyErrorCategory,
    summarizeBatchErrors,
    isRetryableCategory,
    RETRYABLE_CATEGORIES,
    CATEGORY_LABELS,
    formatLinks
  };
  if (typeof module !== 'undefined' && module.exports) {
    module.exports = api;
  } else if (root) {
    root.Stats = api;
  }
 })(typeof window !== 'undefined' ? window : this);
--- a/lib/support-bundle.js
+++ b/lib/support-bundle.js
@ -1,64 +0,0 @@
 const fs = require('fs');
 const CRED_KEYS = new Set(['password', 'apiKey', 'token', 'cookie', 'sessionId']);
 const REDACTED = '<redacted>';
 function sanitizeConfig(config) {
  if (!config || typeof config !== 'object') return config;
  const clone = JSON.parse(JSON.stringify(config));
  (function walk(o) {
    if (!o) return;
    if (Array.isArray(o)) { for (const e of o) walk(e); return; }
    if (typeof o !== 'object') return;
    for (const k of Object.keys(o)) {
      if (CRED_KEYS.has(k) && typeof o[k] === 'string' && o[k]) o[k] = REDACTED;
      else walk(o[k]);
    }
  })(clone);
  return clone;
 }
 function collectFile(filePath, label, maxBytes) {
  if (!filePath) return `=== ${label} ===\n<no path configured>\n\n`;
  let stat;
  try { stat = fs.statSync(filePath); }
  catch (err) {
    if (err && err.code === 'ENOENT') return `=== ${label} (${filePath}) ===\n<file does not exist yet>\n\n`;
    return `=== ${label} (${filePath}) ===\n<stat error: ${err.message}>\n\n`;
  }
  const cap = Number.isFinite(maxBytes) && maxBytes > 0 ? maxBytes : 5 * 1024 * 1024;
  let content;
  try {
    if (stat.size > cap) {
      const fd = fs.openSync(filePath, 'r');
      const buf = Buffer.alloc(cap);
      fs.readSync(fd, buf, 0, cap, stat.size - cap);
      fs.closeSync(fd);
      const skipped = stat.size - cap;
      content = `<truncated: skipped first ${skipped} bytes; showing last ${cap} bytes of ${stat.size}>\n` + buf.toString('utf-8');
    } else {
      content = fs.readFileSync(filePath, 'utf-8');
    }
  } catch (err) {
    content = `<read error: ${err.message}>`;
  }
  return `=== ${label} (${filePath}, size=${stat.size} bytes) ===\n${content}\n\n`;
 }
 function buildSupportBundleText({ header, sanitizedConfig, files }) {
  const parts = [];
  parts.push('=== Multi-Hoster-Upload Support Bundle ===\n');
  if (header && typeof header === 'object') {
    for (const [k, v] of Object.entries(header)) parts.push(`${k}: ${v}\n`);
  }
  parts.push('\n');
  parts.push('=== Config (sanitized — password/apiKey/token/cookie/sessionId redacted) ===\n');
  parts.push(JSON.stringify(sanitizedConfig, null, 2));
  parts.push('\n\n');
  for (const f of (files || [])) {
    parts.push(collectFile(f.path, f.label || f.path, f.maxBytes));
  }
  return parts.join('');
 }
 module.exports = { sanitizeConfig, collectFile, buildSupportBundleText, CRED_KEYS, REDACTED };
--- a/lib/throttled-cache.js
+++ b/lib/throttled-cache.js
@ -1,51 +0,0 @@
 // Time-windowed memoization. Reuses a previously-computed value if the
 // signature + input identity match AND the cached entry is younger than
 // `refreshMs`. Used by the renderer's dynamic-key sort throttle (every
 // progress tick re-sorts a 5000-row queue → reuse for 200 ms, the user
 // can't perceive sub-200 ms reorder lag).
 //
 // Loaded both as a CommonJS module (Node tests) and as a browser global
 // (renderer/app.js via index.html script tag) — same single implementation
 // across runtime and tests.
 (function (root) {
  'use strict';
  /**
   * Build a throttled cache. The clock is injected so tests don't have to
   * sleep — pass `() => fakeClock.value` from tests.
   *
   * @param {number} refreshMs cache TTL in milliseconds
   * @param {() => number} [now] clock source, defaults to Date.now
   */
  function makeThrottledCache(refreshMs, now) {
    if (!Number.isFinite(refreshMs) || refreshMs < 0) {
      throw new TypeError('refreshMs must be a non-negative finite number');
    }
    const clock = typeof now === 'function' ? now : () => Date.now();
    let entry = null;
    return {
      get(sig, input) {
        if (!entry) return undefined;
        if (entry.sig !== sig) return undefined;
        if (entry.input !== input) return undefined;
        if (clock() - entry.ts >= refreshMs) return undefined;
        return entry.value;
      },
      set(sig, input, value) {
        entry = { sig, input, value, ts: clock() };
        return value;
      },
      clear() { entry = null; },
      // Introspection (mainly for tests/debug). Returns null when empty.
      peek() {
        if (!entry) return null;
        return { sig: entry.sig, ts: entry.ts, age: clock() - entry.ts };
      }
    };
  }
  const api = { makeThrottledCache };
  if (typeof module !== 'undefined' && module.exports) module.exports = api;
  else if (root) root.ThrottledCache = api;
 })(typeof window !== 'undefined' ? window : this);
--- a/lib/updater.js
+++ b/lib/updater.js
@ -233,20 +233,7 @@ async function installUpdate(onProgress) {
    // Stage: done
    if (onProgress) onProgress({ stage: 'done', percent: 100 });
-    const _doQuit = () => setTimeout(() => app.quit(), 900);
+    setTimeout(() => app.quit(), 900);
    const _getActive = () => {
      try { return globalThis._mhuUploadManagerRef && globalThis._mhuUploadManagerRef.getActiveJobCount ? globalThis._mhuUploadManagerRef.getActiveJobCount() : 0; }
      catch { return 0; }
    };
    if (_getActive() > 0) {
      const POLL_MS = 3000;
      const poller = setInterval(() => {
        if (_getActive() === 0) { clearInterval(poller); _doQuit(); }
      }, POLL_MS);
      setTimeout(() => { try { clearInterval(poller); } catch {} _doQuit(); }, 30 * 60 * 1000);
    } else {
      _doQuit();
    }
  } catch (err) {
    if (onProgress) onProgress({ stage: 'error', error: err.message });
--- a/lib/upload-manager.js
+++ b/lib/upload-manager.js
@ -2,14 +2,13 @@ const { EventEmitter } = require('events');
 const path = require('path');
 const fs = require('fs');
 const crypto = require('crypto');
-const { uploadFile, prefetchBaseline } = require('./hosters');
+const { uploadFile } = require('./hosters');
 const VidmolyUploader = require('./vidmoly-upload');
 const VoeUploader = require('./voe-upload');
 const DoodstreamUploader = require('./doodstream-upload');
 const ClouddropUploader = require('./clouddrop-upload');
 const Semaphore = require('./semaphore');
 const Throttle = require('./throttle');
 const { probeFileHead } = require('./file-probe');
 const DEFAULT_SETTINGS = {
  retries: 3,
@ -41,8 +40,6 @@ class UploadManager extends EventEmitter {
    this.globalThrottle = null;
    this._failedAccounts = new Map(); // hoster -> Set of failed accountIds
    this._accountOverrides = new Map(); // hoster -> fallback account object
    this._doodApiKeyCache = new Map(); // accountId/username -> derived doodstream API key ('' = tried, none)
    this._baselineCache = new Map(); // hoster:apiKey -> Promise<Set<file_code>> (one fetch shared across all jobs in batch)
  }
  switchAccount(hoster, fallbackAccount) {
@ -67,33 +64,6 @@ class UploadManager extends EventEmitter {
    return this._accountOverrides.get(hoster) || null;
  }
  getActiveJobCount() {
    return this.activeJobs.size;
  }
  clearFailedAccount(hoster, accountId) {
    return this._failedAccounts.delete(`${hoster}:${accountId}`);
  }
  clearAllFailedAccounts() {
    const n = this._failedAccounts.size;
    this._failedAccounts.clear();
    return n;
  }
  // True if the hoster has a usable override stored that differs from the
  // account currently in the task and isn't itself already marked failed.
  // Used by the retry loop to decide "retry on same account vs break to
  // rotation" — skipping wasted attempts on a likely-bad primary when a
  // pre-resolved fallback is ready to try.
  _hasPendingOverride(hoster, currentAccountId) {
    const override = this._accountOverrides.get(hoster);
    if (!override) return false;
    if (override.id === currentAccountId) return false;
    if (this._failedAccounts.has(hoster + ':' + override.id)) return false;
    return true;
  }
  _rotLog(event, data) {
    this.emit('rot-log', { ts: Date.now(), event, ...data });
  }
@ -114,22 +84,6 @@ class UploadManager extends EventEmitter {
    return /(Not video file format|Duplicate|Datei zu (klein|gross|groß)|File too (small|large)|Invalid file|Unsupported format)/i.test(m);
  }
  // Hoster-side transient flake — the hoster's backend accepted the upload but
  // returned a malformed/empty result (e.g. doodstream CDN form with no fn/no
  // st). Same account + same file works on a later attempt; this is NOT an
  // account problem. Treated exactly like a transient network error: skip
  // remaining in-batch retries (the flake won't clear in 3s and a re-upload of
  // 95 MB is expensive), don't blacklist the account, fail this file cleanly.
  // The user's next manual retry — or a later batch — can use the same account.
  _isHosterTransientError(err) {
    if (!err) return false;
    if (err.hosterTransient === true) return true; // explicit flag — primary
    if (!err.message) return false;
    // Defensive fallback: catch the same class of error if it bubbles up
    // wrapped (e.g. through a different code path) without the flag set.
    return /Server gab leeren Link zurueck|kein Filecode/i.test(String(err.message));
  }
  // Transient network errors — the account is fine, the network or the
  // hoster's own backend hiccuped. Retrying on the SAME account is the right
  // move; marking it failed would wrongly poison the fallback chain. If all
@ -273,7 +227,7 @@ class UploadManager extends EventEmitter {
    return this.semaphores[hoster];
  }
-  async startBatch(tasks, opts = {}) {
+  async startBatch(tasks) {
    this.running = true;
    this.stopAfterActive = false;
    this.abortController = new AbortController();
@ -282,31 +236,17 @@ class UploadManager extends EventEmitter {
    this.activeJobs.clear();
    this.jobAbortControllers.clear();
    this.cancelledJobIds.clear();
    this._doodApiKeyCache.clear(); // re-derive doodstream keys fresh each batch
    this._baselineCache.clear(); // re-fetch baselines per batch (a long batch could outlast remote-side relevance)
    this.semaphores = {};
    this.globalSemaphore = null;
    this.globalThrottle = null;
    this.lastStartTime = {};
-    // Reset account-rotation state each batch — but optionally re-prime from
+    // Reset account-rotation state each batch. Otherwise a previously failed
-    // app-session memory so a "Retry failed" right after batch-done doesn't
+    // account (e.g. rate-limited during the last batch) stays permanently
-    // burn 5 retries on the account we already know is dead. Caller (main.js)
+    // blacklisted until the app restarts — every upload would silently skip
-    // passes the session-scoped failed/override state.
+    // straight to the fallback even after the original recovered.
    this._failedAccounts.clear();
    this._accountOverrides.clear();
-    if (Array.isArray(opts.primeFailedAccounts)) {
+    this._rotLog('batch-start', { taskCount: tasks.length });
      for (const key of opts.primeFailedAccounts) this._failedAccounts.set(key, true);
    }
    if (Array.isArray(opts.primeOverrides)) {
      for (const entry of opts.primeOverrides) {
        if (Array.isArray(entry) && entry.length === 2) this._accountOverrides.set(entry[0], entry[1]);
      }
    }
    this._rotLog('batch-start', {
      taskCount: tasks.length,
      primedFailed: this._failedAccounts.size,
      primedOverrides: this._accountOverrides.size
    });
    const { signal } = this.abortController;
    const batchId = `batch-${Date.now()}`;
@ -314,32 +254,18 @@ class UploadManager extends EventEmitter {
    this._batchResults = results;
    this._additionalPromises = []; // Track jobs added mid-batch via addJobs()
-    const DEDUP_CHUNK = 200;
+    for (const task of tasks) {
-    for (let i = 0; i < tasks.length; i += DEDUP_CHUNK) {
+      const fileName = path.basename(task.file);
-      if (signal.aborted) break;
+      if (!results.has(task.file)) {
-      const end = Math.min(i + DEDUP_CHUNK, tasks.length);
+        let size = 0;
-      for (let j = i; j < end; j++) {
+        try { size = fs.statSync(task.file).size; } catch {}
-        const task = tasks[j];
+        results.set(task.file, { name: fileName, size, results: [] });
        if (!results.has(task.file)) {
          const fileName = path.basename(task.file);
          let size = 0;
          try { size = fs.statSync(task.file).size; } catch {}
          results.set(task.file, { name: fileName, size, results: [] });
        }
      }
      if (end < tasks.length) await new Promise(setImmediate);
    }
    this._startStatsTimer();
-    const SPAWN_CHUNK = 100;
+    const promises = tasks.map((task) => this._runJob(task, results, signal));
    const promises = [];
    for (let i = 0; i < tasks.length; i += SPAWN_CHUNK) {
      if (signal.aborted) break;
      const end = Math.min(i + SPAWN_CHUNK, tasks.length);
      for (let j = i; j < end; j++) promises.push(this._runJob(tasks[j], results, signal));
      if (end < tasks.length) await new Promise(setImmediate);
    }
    await Promise.allSettled(promises);
    // Wait for any jobs added mid-batch via addJobs()
    while (this._additionalPromises.length > 0) {
@ -375,12 +301,7 @@ class UploadManager extends EventEmitter {
    const fileName = path.basename(task.file);
    let fileSize = 0;
    let fileNotFound = false;
-    const cachedResult = results && results.get(task.file);
+    try { fileSize = fs.statSync(task.file).size; } catch { fileNotFound = true; }
    if (cachedResult && typeof cachedResult.size === 'number' && cachedResult.size > 0) {
      fileSize = cachedResult.size;
    } else {
      try { fileSize = fs.statSync(task.file).size; } catch { fileNotFound = true; }
    }
    const maxAttempts = Math.max(1, (settings.retries || 0) + 1);
    const jobAbortController = new AbortController();
@ -409,7 +330,7 @@ class UploadManager extends EventEmitter {
    };
    const emitFinalStatus = (status, payload = {}) => {
-      this._emitProgress(uploadId, fileName, task.hoster, { accountId: task.accountId,
+      this._emitProgress(uploadId, fileName, task.hoster, {
        jobId,
        status,
        progress: status === 'done' ? 1 : 0,
@ -445,30 +366,26 @@ class UploadManager extends EventEmitter {
        return;
      }
-      // The initial 'queued' emit per job is suppressed: with N=2000+ tasks
+      this._emitProgress(uploadId, fileName, task.hoster, {
-      // it produces 2000+ main→renderer IPCs back-to-back at startBatch and
+        jobId,
-      // freezes the renderer event loop for tens of seconds. The renderer
+        status: 'queued',
-      // already holds each job in 'queued'/'preview' state from its own
+        progress: 0,
-      // queueJobs array; the first event it actually needs from main is the
+        bytesUploaded: 0,
-      // 'getting-server' / 'uploading' transition for the jobs that the
+        bytesTotal: fileSize,
-      // semaphore lets through.
+        speedKbs: 0,
        elapsed: 0,
        remaining: 0,
        error: null,
        result: null,
        attempt: 0,
        maxAttempts
      });
      // Acquire hoster semaphore first so jobs waiting for a hoster slot
      // don't waste global slots (prevents underutilization)
      await hosterSemaphore.acquire(signal);
      hosterSlotAcquired = true;
      let fileProbe = null;
      try {
        fileProbe = await probeFileHead(task.file, 64);
      } catch (err) {
        fileProbe = { ok: false, error: err && err.message, kind: 'unreadable' };
      }
      this._rotLog('upload-start', {
        jobId, hoster: task.hoster, accountId: task.accountId, fileName,
        fileSize,
        detectedKind: fileProbe && fileProbe.kind ? fileProbe.kind : 'unknown',
        isVideoLike: !!(fileProbe && fileProbe.isVideoLike),
        headHex: fileProbe && fileProbe.headHex ? fileProbe.headHex.slice(0, 32) : null
      });
      if (globalSemaphore) {
        await globalSemaphore.acquire(signal);
        globalSlotAcquired = true;
@ -487,7 +404,7 @@ class UploadManager extends EventEmitter {
        const override = this._accountOverrides.get(task.hoster);
        if (override && !this._failedAccounts.has(task.hoster + ':' + override.id)) {
          this._rotLog('pre-job-swap', {
-            jobId, hoster: task.hoster, fileName, fromAccountId: task.accountId, toAccountId: override.id
+            hoster: task.hoster, fileName, fromAccountId: task.accountId, toAccountId: override.id
          });
          task.accountId = override.id;
          task.username = override.username;
@ -495,7 +412,7 @@ class UploadManager extends EventEmitter {
          task.apiKey = override.apiKey;
        } else {
          this._rotLog('pre-job-swap-blocked', {
-            jobId, hoster: task.hoster, fileName, accountId: task.accountId,
+            hoster: task.hoster, fileName, accountId: task.accountId,
            hasOverride: !!override,
            overrideAlsoFailed: override ? this._failedAccounts.has(task.hoster + ':' + override.id) : false
          });
@ -506,7 +423,7 @@ class UploadManager extends EventEmitter {
        if (signal.aborted || this.stopAfterActive) break;
        if (attempt > 1) {
-          this._emitProgress(uploadId, fileName, task.hoster, { accountId: task.accountId,
+          this._emitProgress(uploadId, fileName, task.hoster, {
            jobId,
            status: 'retrying',
            progress: 0,
@ -533,7 +450,7 @@ class UploadManager extends EventEmitter {
        let uploadSignalBundle = { signal, cleanup() {} };
        try {
-          this._emitProgress(uploadId, fileName, task.hoster, { accountId: task.accountId,
+          this._emitProgress(uploadId, fileName, task.hoster, {
            jobId,
            status: 'getting-server',
            progress: 0,
@ -560,16 +477,14 @@ class UploadManager extends EventEmitter {
            speedAbort = new AbortController();
            uploadSignalBundle = this._combineManySignals([signal, speedAbort.signal]);
            speedMonitor = setInterval(() => {
-              try {
+              if (currentSpeedKbs > 0 && currentSpeedKbs < settings.restartBelowKbs) {
-                if (currentSpeedKbs > 0 && currentSpeedKbs < settings.restartBelowKbs) {
+                if (!lowSpeedSince) lowSpeedSince = Date.now();
-                  if (!lowSpeedSince) lowSpeedSince = Date.now();
+                if (Date.now() - lowSpeedSince > 6000) {
-                  if (Date.now() - lowSpeedSince > 6000) {
+                  speedAbort.abort();
                    speedAbort.abort();
                  }
                } else {
                  lowSpeedSince = 0;
                }
-              } catch (e) { this._rotLog('speed-monitor-error', { jobId, error: e && e.message }); }
+              } else {
                lowSpeedSince = 0;
              }
            }, 2000);
          }
@ -583,42 +498,41 @@ class UploadManager extends EventEmitter {
          const PROGRESS_EMIT_INTERVAL = 250; // ms – throttle UI updates
          const progressCb = (bytesUploaded, bytesTotal) => {
-            try {
+            const now = Date.now();
-              const now = Date.now();
+            const elapsed = Math.round((now - jobStart) / 1000);
-              const elapsed = Math.round((now - jobStart) / 1000);
+            const timeDelta = (now - lastSpeedTime) / 1000;
-              const timeDelta = (now - lastSpeedTime) / 1000;
+            if (timeDelta >= 1) {
-              if (Number.isFinite(timeDelta) && timeDelta >= 1) {
+              const bytesDelta = bytesUploaded - lastBytes;
-                const bytesDelta = bytesUploaded - lastBytes;
+              currentSpeedKbs = Math.round(bytesDelta / timeDelta / 1024);
-                currentSpeedKbs = Math.round(bytesDelta / timeDelta / 1024);
+              lastBytes = bytesUploaded;
-                lastBytes = bytesUploaded;
+              lastSpeedTime = now;
-                lastSpeedTime = now;
+            }
              }
-              activeEntry.speedKbs = currentSpeedKbs;
+            activeEntry.speedKbs = currentSpeedKbs;
-              activeEntry.bytesUploaded = bytesUploaded;
+            activeEntry.bytesUploaded = bytesUploaded;
-              if (now - lastEmitTime < PROGRESS_EMIT_INTERVAL) return;
+            // Throttle progress emissions to reduce IPC + rendering overhead
-              lastEmitTime = now;
+            if (now - lastEmitTime < PROGRESS_EMIT_INTERVAL) return;
            lastEmitTime = now;
-              const remaining = currentSpeedKbs > 0
+            const remaining = currentSpeedKbs > 0
-                ? Math.round((bytesTotal - bytesUploaded) / (currentSpeedKbs * 1024))
+              ? Math.round((bytesTotal - bytesUploaded) / (currentSpeedKbs * 1024))
-                : 0;
+              : 0;
-              this._emitProgress(uploadId, fileName, task.hoster, { accountId: task.accountId,
+            this._emitProgress(uploadId, fileName, task.hoster, {
-                jobId,
+              jobId,
-                status: 'uploading',
+              status: 'uploading',
-                progress: bytesTotal > 0 ? Math.min(1, bytesUploaded / bytesTotal) : 0,
+              progress: bytesTotal > 0 ? Math.min(1, bytesUploaded / bytesTotal) : 0,
-                bytesUploaded,
+              bytesUploaded,
-                bytesTotal,
+              bytesTotal,
-                speedKbs: currentSpeedKbs,
+              speedKbs: currentSpeedKbs,
-                elapsed,
+              elapsed,
-                remaining,
+              remaining,
-                error: null,
+              error: null,
-                result: null,
+              result: null,
-                attempt,
+              attempt,
-                maxAttempts
+              maxAttempts
-              });
+            });
            } catch { /* progress callbacks must never throw — swallowing is correct, the stream keeps going */ }
          };
          const result = await this._executeUpload(task, progressCb, uploadSignalBundle.signal, throttle);
@ -639,23 +553,6 @@ class UploadManager extends EventEmitter {
          this.activeJobs.delete(uploadId);
          const isSpeedRestart = speedAbort && speedAbort.signal.aborted && !signal.aborted;
          if (!signal.aborted && !isSpeedRestart) {
            const diag = (err && typeof err === 'object' && err.diagnostic) || {};
            this._rotLog('upload-failure', {
              jobId, hoster: task.hoster, accountId: task.accountId, fileName,
              attempt,
              error: err && err.message ? err.message : String(err),
              fileRejected: !!(err && err.fileRejected),
              accountError: !!(err && err.accountError),
              hosterTransient: !!(err && err.hosterTransient),
              http: diag.http || null,
              contentType: diag.contentType || null,
              detectedKind: (typeof fileProbe !== 'undefined' && fileProbe && fileProbe.kind) ? fileProbe.kind : null,
              isVideoLike: !!(typeof fileProbe !== 'undefined' && fileProbe && fileProbe.isVideoLike),
              headHex: (typeof fileProbe !== 'undefined' && fileProbe && fileProbe.headHex) ? fileProbe.headHex.slice(0, 32) : null,
              payloadSnippet: diag.payloadSnippet || null
            });
          }
          if (signal.aborted) {
            lastError = new Error('Abgebrochen');
            break;
@ -677,35 +574,11 @@ class UploadManager extends EventEmitter {
          // mind. Break out immediately; the outer file-rejected branch then
          // records the final error without burning through 5 × 3s retries.
          if (this._isFileRejectedError(err)) break;
          // Hoster-side transient flake (e.g. doodstream empty CDN form). Server
          // flake won't clear in 3s and re-uploading the whole file 4× is pure
          // bandwidth waste; bail out of the retry loop so the post-loop branch
          // can fail this file without blacklisting the account.
          if (this._isHosterTransientError(err)) {
            this._rotLog('hoster-transient', {
              jobId, hoster: task.hoster, fileName, accountId: task.accountId,
              attempt, error: err && err.message ? err.message : String(err)
            });
            break;
          }
          // Account-specific errors — don't waste retries on the same account,
          // jump straight to rotation.
          if (this._shouldSkipRetryOnAccountError(err)) {
            this._rotLog('fast-fail', {
-              jobId, hoster: task.hoster, fileName, accountId: task.accountId,
+              hoster: task.hoster, fileName, accountId: task.accountId,
              attempt, error: err && err.message ? err.message : String(err)
            });
            break;
          }
          // Generic non-transient error AND a fallback is already resolved for
          // this hoster: bail to rotation instead of burning more retries on a
          // possibly-dead primary. The fallback (pre-resolved at batch-start)
          // deserves a real shot. Transient network errors stay on the same
          // account — the network is the issue, not the account.
          if (!this._isTransientNetworkError(err) &&
              this._hasPendingOverride(task.hoster, task.accountId)) {
            this._rotLog('try-alternate-after-fail', {
              jobId, hoster: task.hoster, fileName, accountId: task.accountId,
              attempt, error: err && err.message ? err.message : String(err)
            });
            break;
@ -737,7 +610,7 @@ class UploadManager extends EventEmitter {
      // already marked it failed). Otherwise the second job falls straight
      // through to final-error instead of using the already-resolved fallback.
      this._rotLog('retries-exhausted', {
-        jobId, hoster: task.hoster, fileName, accountId: task.accountId,
+        hoster: task.hoster, fileName, accountId: task.accountId,
        lastError: lastError ? lastError.message : null
      });
      // File-specific rejection → same file will get the same verdict on
@ -745,7 +618,7 @@ class UploadManager extends EventEmitter {
      // retry siblings, just fail this file cleanly.
      if (this._isFileRejectedError(lastError)) {
        this._rotLog('skip-rotation-file-rejected', {
-          jobId, hoster: task.hoster, fileName, accountId: task.accountId,
+          hoster: task.hoster, fileName, accountId: task.accountId,
          lastError: lastError ? lastError.message : null
        });
        const error = lastError.message || 'Datei abgelehnt';
@ -753,26 +626,12 @@ class UploadManager extends EventEmitter {
        recordFinalResult('error', { error });
        return;
      }
      // Hoster-side transient flake → identical handling to network-transient:
      // the account is fine, don't blacklist it, just fail this file. Critical
      // to keep the account usable across batches — otherwise one empty-form
      // response poisons every subsequent batch with `pre-job-swap-blocked`.
      if (this._isHosterTransientError(lastError)) {
        this._rotLog('skip-rotation-hoster-transient', {
          jobId, hoster: task.hoster, fileName, accountId: task.accountId,
          lastError: lastError ? lastError.message : null
        });
        const error = lastError.message || 'Hoster-Backend lieferte leeres Ergebnis';
        emitFinalStatus('error', { error });
        recordFinalResult('error', { error });
        return;
      }
      // If the reason for failure was a transient network error we do NOT
      // blacklist the account. Other jobs on the same account in this batch
      // can still try fresh. This file just errors out for now.
      if (this._isTransientNetworkError(lastError)) {
        this._rotLog('skip-rotation-transient', {
-          jobId, hoster: task.hoster, fileName, accountId: task.accountId,
+          hoster: task.hoster, fileName, accountId: task.accountId,
          lastError: lastError ? lastError.message : null
        });
        const error = lastError.message || 'Netzwerkfehler';
@ -786,53 +645,48 @@ class UploadManager extends EventEmitter {
        if (!alreadyMarked) {
          this._failedAccounts.set(task.hoster + ':' + task.accountId, true);
          this._rotLog('mark-failed', {
-            jobId, hoster: task.hoster, fileName, accountId: task.accountId,
+            hoster: task.hoster, fileName, accountId: task.accountId,
            lastError: lastError ? lastError.message : null
          });
          this.emit('account-failed', { hoster: task.hoster, accountId: task.accountId });
          await this._sleep(800, signal);
          // Re-check after the await: the user could have cancelled while
          // we were waiting for main.js to resolve the fallback. Without
          // this, rotation proceeds another full attempt-loop's worth of
          // work before the next signal-check inside _executeUpload notices.
          if (signal.aborted || this.stopAfterActive) break;
        } else {
          this._rotLog('already-marked', {
-            jobId, hoster: task.hoster, fileName, accountId: task.accountId
+            hoster: task.hoster, fileName, accountId: task.accountId
          });
        }
        const override = this._accountOverrides.get(task.hoster);
        if (!override) {
          this._rotLog('rotation-end', {
-            jobId, hoster: task.hoster, fileName, reason: 'no-override-set',
+            hoster: task.hoster, fileName, reason: 'no-override-set',
            lastFailedAccountId: task.accountId
          });
          break;
        }
        if (this._failedAccounts.has(task.hoster + ':' + override.id)) {
          this._rotLog('rotation-end', {
-            jobId, hoster: task.hoster, fileName, reason: 'override-already-failed',
+            hoster: task.hoster, fileName, reason: 'override-already-failed',
            overrideId: override.id, lastFailedAccountId: task.accountId
          });
          break;
        }
        if (override.id === task.accountId) {
          this._rotLog('rotation-end', {
-            jobId, hoster: task.hoster, fileName, reason: 'override-same-as-current',
+            hoster: task.hoster, fileName, reason: 'override-same-as-current',
            lastFailedAccountId: task.accountId
          });
          break;
        }
        // Switch to fallback account and retry this file
        this._rotLog('rotate', {
-          jobId, hoster: task.hoster, fileName,
+          hoster: task.hoster, fileName,
          fromAccountId: task.accountId, toAccountId: override.id
        });
        task.accountId = override.id;
        task.username = override.username;
        task.password = override.password;
        task.apiKey = override.apiKey;
-        this._emitProgress(uploadId, fileName, task.hoster, { accountId: task.accountId,
+        this._emitProgress(uploadId, fileName, task.hoster, {
          jobId, status: 'retrying', progress: 0, bytesUploaded: 0, bytesTotal: fileSize,
          speedKbs: 0, elapsed: 0, remaining: 0,
          error: 'Account-Wechsel zu Fallback', result: null, attempt: 1, maxAttempts
@ -843,7 +697,7 @@ class UploadManager extends EventEmitter {
        for (let attempt = 1; attempt <= maxAttempts; attempt++) {
          if (signal.aborted || this.stopAfterActive) break;
          if (attempt > 1) {
-            this._emitProgress(uploadId, fileName, task.hoster, { accountId: task.accountId,
+            this._emitProgress(uploadId, fileName, task.hoster, {
              jobId, status: 'retrying', progress: 0, bytesUploaded: 0, bytesTotal: fileSize,
              speedKbs: 0, elapsed: 0, remaining: 0,
              error: lastError ? lastError.message : '', result: null, attempt, maxAttempts
@ -870,7 +724,7 @@ class UploadManager extends EventEmitter {
              activeEntry.bytesUploaded = bytesUploaded;
              const elapsed = Math.round((now - jobStart) / 1000);
              const remaining = currentSpeedKbs > 0 ? Math.round((bytesTotal - bytesUploaded) / (currentSpeedKbs * 1024)) : 0;
-              this._emitProgress(uploadId, fileName, task.hoster, { accountId: task.accountId,
+              this._emitProgress(uploadId, fileName, task.hoster, {
                jobId, status: 'uploading',
                progress: bytesTotal > 0 ? Math.min(1, bytesUploaded / bytesTotal) : 0,
                bytesUploaded, bytesTotal, speedKbs: currentSpeedKbs,
@ -901,7 +755,7 @@ class UploadManager extends EventEmitter {
      const error = lastError && lastError.message ? lastError.message : 'Unbekannter Fehler';
      this._rotLog('final-error', {
-        jobId, hoster: task.hoster, fileName, lastFailedAccountId: task.accountId, error
+        hoster: task.hoster, fileName, lastFailedAccountId: task.accountId, error
      });
      emitFinalStatus('error', { error });
      recordFinalResult('error', { error });
@ -933,20 +787,6 @@ class UploadManager extends EventEmitter {
      await voe.login(task.username, task.password);
      return voe.upload(task.file, progressCb, signal, throttle);
    } else if (task.hoster === 'doodstream.com' && task.username) {
      // Login-path reliability fix: the web-form upload returns the filecode in
      // an HTML form that comes back empty for large files (doodstream backend
      // registration timeout). Derive the account's API key from the logged-in
      // session ONCE per batch and upload via the official API instead — it
      // returns result[0].filecode directly and has no empty-form failure mode.
      // Falls back to the web-form upload if no valid key can be derived.
      const apiKey = await this._resolveDoodstreamApiKey(task);
      if (apiKey) {
        this._rotLog('doodstream-via-api', { accountId: task.accountId, fileName: path.basename(task.file) });
        return uploadFile('doodstream.com', task.file, apiKey, progressCb, signal, throttle, {
          doodBaseline: await this._getBaseline('doodstream.com', apiKey, signal)
        });
      }
      this._rotLog('doodstream-via-web', { accountId: task.accountId, fileName: path.basename(task.file) });
      const dood = new DoodstreamUploader();
      await dood.login(task.username, task.password);
      return dood.upload(task.file, progressCb, signal, throttle);
@ -954,45 +794,10 @@ class UploadManager extends EventEmitter {
      const clouddrop = new ClouddropUploader(task.apiKey);
      return clouddrop.upload(task.file, progressCb, signal, throttle);
    } else {
-      const baselineOpts = {};
+      return uploadFile(task.hoster, task.file, task.apiKey, progressCb, signal, throttle);
      if (task.hoster === 'byse.sx') baselineOpts.byseBaseline = await this._getBaseline('byse.sx', task.apiKey, signal);
      if (task.hoster === 'doodstream.com') baselineOpts.doodBaseline = await this._getBaseline('doodstream.com', task.apiKey, signal);
      return uploadFile(task.hoster, task.file, task.apiKey, progressCb, signal, throttle, baselineOpts);
    }
  }
  _getBaseline(hosterName, apiKey, signal) {
    if (!apiKey) return Promise.resolve(null);
    const key = `${hosterName}:${apiKey}`;
    let pending = this._baselineCache.get(key);
    if (pending) return pending;
    pending = prefetchBaseline(hosterName, apiKey, signal);
    this._baselineCache.set(key, pending);
    return pending;
  }
  // Resolve (and cache per batch) the doodstream API key for a login-only
  // account by logging in once and scraping+validating it from the session.
  // Returns the key string, or '' when none could be derived (cached either way
  // so a 40-file batch logs in + derives ONCE, not per file). The empty-string
  // sentinel distinguishes "tried, none" from "not yet tried" (undefined).
  async _resolveDoodstreamApiKey(task) {
    const cacheKey = task.accountId || task.username;
    const cached = this._doodApiKeyCache.get(cacheKey);
    if (cached !== undefined) return cached || null;
    let key = '';
    try {
      const probe = new DoodstreamUploader();
      await probe.login(task.username, task.password);
      key = (await probe.deriveApiKey()) || '';
    } catch {
      key = '';
    }
    this._doodApiKeyCache.set(cacheKey, key);
    return key || null;
  }
  _emitProgress(uploadId, fileName, hoster, data) {
    this.emit('progress', { uploadId, fileName, hoster, ...data });
  }
@ -1000,7 +805,7 @@ class UploadManager extends EventEmitter {
  _startStatsTimer() {
    if (this.statsInterval) clearInterval(this.statsInterval);
    this.statsInterval = setInterval(() => {
-      try {
+      // Single pass over active jobs instead of two.
      let globalSpeedKbs = 0;
      let activeCount = 0;
      let inProgressBytes = 0;
@ -1020,7 +825,6 @@ class UploadManager extends EventEmitter {
        activeJobs: activeCount,
        pendingJobs: Object.values(this.semaphores).reduce((sum, semaphore) => sum + semaphore.pending, 0)
      });
      } catch { /* never let a stats tick crash the timer + caller */ }
    }, 1000);
  }
--- a/lib/vidmoly-upload.js
+++ b/lib/vidmoly-upload.js
@ -382,7 +382,7 @@ class VidmolyUploader {
          }
        }
-        if (best && bestScore > 0) {
+        if (best && (bestScore > 0 || newFiles.length === 1)) {
          return this._buildUrlsFromCode(best.file_code);
        }
      }
--- a/main.js
+++ b/main.js
--- a/package-lock.json
+++ b/package-lock.json
--- a/package.json
+++ b/package.json
@ -1,6 +1,6 @@
 {
  "name": "multi-hoster-uploader",
-  "version": "3.3.55",
+  "version": "3.1.5",
  "description": "Upload files to doodstream, voe, vidmoly, byse simultaneously",
  "main": "main.js",
  "scripts": {
@ -16,8 +16,8 @@
    "ws": "^8.19.0"
  },
  "devDependencies": {
-    "electron": "^41.3.0",
+    "electron": "^33.0.0",
-    "electron-builder": "^26.8.1",
+    "electron-builder": "^25.0.0",
    "eslint": "^10.1.0",
    "eslint-plugin-security": "^4.0.0",
    "rcedit": "^4.0.1"
--- a/preload.js
+++ b/preload.js
@ -30,9 +30,7 @@ contextBridge.exposeInMainWorld('api', {
  // File selection
  selectFiles: () => ipcRenderer.invoke('select-files'),
  selectFolder: () => ipcRenderer.invoke('select-folder'),
  selectFolderWithSizes: () => ipcRenderer.invoke('select-folder-with-sizes'),
  resolveFolderFiles: (folderPath) => ipcRenderer.invoke('resolve-folder-files', folderPath),
  getFileSizes: (paths) => ipcRenderer.invoke('get-file-sizes', paths),
  // Upload control
  startUpload: (payload) => ipcRenderer.invoke('start-upload', payload),
@ -41,7 +39,6 @@ contextBridge.exposeInMainWorld('api', {
  addJobsToBatch: (payload) => ipcRenderer.invoke('add-jobs-to-batch', payload),
  finishAfterActive: () => ipcRenderer.invoke('finish-after-active'),
  runHealthCheck: (payload) => ipcRenderer.invoke('run-health-check', payload),
  validateCredentials: (payload) => ipcRenderer.invoke('validate-credentials', payload),
  // Log import
  readOwnUploadLog: () => ipcRenderer.invoke('read-own-upload-log'),
@ -95,9 +92,6 @@ contextBridge.exposeInMainWorld('api', {
  onUploadProgress: (callback) => {
    ipcRenderer.on('upload-progress', (_event, data) => callback(data));
  },
  onUploadProgressBatch: (callback) => {
    ipcRenderer.on('upload-progress-batch', (_event, batch) => callback(batch));
  },
  onUploadBatchDone: (callback) => {
    ipcRenderer.on('upload-batch-done', (_event, data) => callback(data));
  },
@ -114,15 +108,6 @@ contextBridge.exposeInMainWorld('api', {
    ipcRenderer.on('account-rotation-log', (_event, data) => callback(data));
  },
  openLogFolder: () => ipcRenderer.invoke('open-log-folder'),
  getJobLog: (jobId) => ipcRenderer.invoke('get-job-log', jobId),
  getSessionFailedAccounts: () => ipcRenderer.invoke('get-session-failed-accounts'),
  resetSessionFailedAccount: (payload) => ipcRenderer.invoke('reset-session-failed-account', payload),
  resetAllSessionFailedAccounts: () => ipcRenderer.invoke('reset-all-session-failed-accounts'),
  getLogPaths: () => ipcRenderer.invoke('get-log-paths'),
  revealLogFile: (target) => ipcRenderer.invoke('reveal-log-file', target),
  setLogVerbose: (enabled) => ipcRenderer.invoke('set-log-verbose', enabled),
  createSupportBundle: () => ipcRenderer.invoke('create-support-bundle'),
  getAppInfo: () => ipcRenderer.invoke('get-app-info'),
  onLogPathAutoUpdated: (callback) => {
    ipcRenderer.on('log-path-auto-updated', (_event, data) => callback(data));
  },
--- a/renderer/app.js
+++ b/renderer/app.js
--- a/renderer/index.html
+++ b/renderer/index.html
@ -93,14 +93,6 @@
        <div class="queue-actions" id="queueActions" style="display:none">
          <button class="btn btn-xs btn-primary" id="copyAllLinksBtn">Alle Links kopieren</button>
          <select class="hs-input" id="linkExportFormat" title="Ausgabe-Format der kopierten Links" style="max-width:none;width:auto;min-width:130px">
            <option value="plain">Plaintext</option>
            <option value="bbcode">BBCode</option>
            <option value="markdown">Markdown</option>
            <option value="html">HTML</option>
            <option value="csv">CSV</option>
            <option value="json">JSON</option>
          </select>
          <button class="btn btn-xs btn-secondary" id="retryFailedBtn" style="display:none">Fehlgeschlagene erneut</button>
          <button class="btn btn-xs btn-secondary" id="importLogBtn" title="Log importieren — bereits hochgeladene aus Queue entfernen">Log importieren</button>
        </div>
@ -195,10 +187,6 @@
          <label>Hoster</label>
          <select class="key-input" id="accountHosterSelect" style="max-width:300px"></select>
        </div>
        <div class="settings-row">
          <label>Label (optional)</label>
          <input type="text" class="key-input" id="accField_label" placeholder="z.B. Hauptaccount, Premium, Kunde XY" maxlength="60">
        </div>
        <div id="accountCredsFields"></div>
        <div class="account-modal-status" id="accountModalStatus"></div>
      </div>
@ -209,22 +197,6 @@
    </div>
  </div>
  <div class="modal-overlay" id="jobLogModal" style="display:none">
    <div class="modal-card" style="width:min(820px,96%);max-height:80vh;display:flex;flex-direction:column">
      <div class="modal-header">
        <div><h3 id="jobLogTitle">Upload-Log</h3></div>
        <button class="icon-btn" id="closeJobLogBtn" aria-label="Schließen">&times;</button>
      </div>
      <div class="modal-body" style="flex:1 1 auto;overflow:auto">
        <pre id="jobLogBody" style="white-space:pre-wrap;font-family:ui-monospace,Consolas,Menlo,monospace;font-size:12px;line-height:1.4;margin:0">Keine Einträge.</pre>
      </div>
      <div class="modal-footer">
        <button class="btn btn-secondary" id="copyJobLogBtn">In Zwischenablage</button>
        <button class="btn btn-primary" id="closeJobLogBtn2">Schließen</button>
      </div>
    </div>
  </div>
  <div class="modal-overlay" id="deleteAccountModal" style="display:none">
    <div class="modal-card" style="width:min(400px,100%)">
      <div class="modal-header">
@ -269,7 +241,6 @@
  <div class="context-menu" id="contextMenu" style="display:none">
    <div class="ctx-item" data-action="start-selected">Ausgewählte starten</div>
    <div class="ctx-item" data-action="retry-selected">Erneut versuchen</div>
    <div class="ctx-item" data-action="show-log">Log anzeigen</div>
    <div class="ctx-separator"></div>
 	<div class="ctx-item" data-action="copy-links">Links kopieren</div>
    <div class="ctx-item" data-action="copy-all-links">Alle Links kopieren</div>
@ -342,28 +313,6 @@
    </div>
  </div>
  <div class="modal" id="batchSummaryModal" style="display:none">
    <div class="modal-content" style="max-width:680px">
      <div class="modal-header">
        <h2>Batch-Zusammenfassung</h2>
        <button class="icon-btn" id="batchSummaryClose" aria-label="Schließen">&times;</button>
      </div>
      <div class="modal-body">
        <div id="batchSummaryList"></div>
      </div>
      <div class="modal-footer">
        <button class="btn btn-secondary" id="batchSummaryRetryTransient">Transiente erneut hochladen</button>
        <button class="btn btn-primary" id="batchSummaryRetryAll">Alle Fehler erneut versuchen</button>
      </div>
    </div>
  </div>
  <script src="../lib/queue-prune.js"></script>
  <script src="../lib/queue-dedup.js"></script>
  <script src="../lib/log-mode.js"></script>
  <script src="../lib/stats.js"></script>
  <script src="../lib/throttled-cache.js"></script>
  <script src="../lib/coalesced-set.js"></script>
  <script src="app.js"></script>
 </body>
 </html>
--- a/renderer/styles.css
+++ b/renderer/styles.css
@ -305,12 +305,8 @@ body.col-resizing, body.col-resizing * { cursor: col-resize !important; user-sel
 .virtual-spacer td { padding: 0 !important; border: none !important; }
 /* Queue Row States */
-/* Transition only on hover-enter/leave so that status flips during a busy
+.queue-row { transition: background 0.15s; cursor: pointer; }
-   upload (queued→getting-server→uploading→done) don't trigger compositor
+.queue-row:hover { background: rgba(255, 255, 255, 0.04); }
   repaints with 150ms tweens for every visible row. With 30+ rows flipping
   simultaneously the overlapping transitions cost real GPU time. */
 .queue-row { cursor: pointer; }
 .queue-row:hover { background: rgba(255, 255, 255, 0.04); transition: background 0.15s; }
 .queue-row.selected { background: rgba(102, 126, 234, 0.12) !important; }
 .queue-row.status-uploading { background: rgba(102, 126, 234, 0.08); }
@ -713,21 +709,8 @@ body.col-resizing, body.col-resizing * { cursor: col-resize !important; user-sel
  font-size: 12px;
  max-width: 300px;
 }
 /* Checkbox-type .hs-input (e.g. per-hoster "Links in Log schreiben") must
   not inherit the stretched text-input box styling above — render it as a
   normal small checkbox sitting next to its label. */
 .hs-input[type="checkbox"] {
  flex: none;
  width: 16px;
  height: 16px;
  max-width: none;
  padding: 0;
  background: none;
  border: none;
 }
 .key-input:focus, .hs-input:focus { border-color: var(--accent); outline: none; }
 .hs-input { max-width: 100px; }
 select.hs-input { max-width: none; width: auto; min-width: 140px; }
 .hint { font-size: 10px; color: var(--text-dim); }
 .settings-section-label {
  font-size: 10px;
@ -876,96 +859,17 @@ select.hs-input { max-width: none; width: auto; min-width: 140px; }
 .account-hoster-group {
  margin-bottom: 12px;
  border: 1px solid var(--border);
  border-radius: 6px;
  background: var(--bg-card);
  overflow: hidden;
 }
 .account-hoster-group-header {
  display: flex;
  align-items: center;
  gap: 8px;
  padding: 8px 12px;
  cursor: pointer;
  user-select: none;
  background: var(--bg-card);
  transition: background 0.1s;
 }
 .account-hoster-group-header:hover { background: var(--bg-card-hover); }
 .account-hoster-group-title {
  font-size: 12px;
  font-weight: 600;
-  color: var(--text);
+  color: var(--text-muted);
  text-transform: uppercase;
  letter-spacing: 0.5px;
-  flex: 1;
+  margin-bottom: 6px;
-}
+  padding-left: 4px;
 .account-hoster-group-count {
  font-size: 12px;
  color: var(--text-muted);
  font-variant-numeric: tabular-nums;
 }
 .account-hoster-group-meta {
  font-size: 11px;
  color: var(--text-muted);
  padding: 1px 6px;
  border-radius: 4px;
  background: rgba(255,255,255,0.04);
 }
 .account-hoster-group-meta.error {
  color: var(--danger, #e57373);
  background: rgba(229, 115, 115, 0.12);
 }
 .account-session-paused {
  display: inline-flex;
  align-items: center;
  gap: 4px;
  font-size: 10px;
  color: #f0c36c;
  background: rgba(240, 195, 108, 0.12);
  padding: 1px 6px;
  border-radius: 4px;
  margin-left: 6px;
 }
 .account-session-reactivate {
  background: none;
  border: none;
  color: inherit;
  cursor: pointer;
  font-size: 12px;
  line-height: 1;
  padding: 0 2px;
 }
 .account-session-reactivate:hover { color: #fff; }
 .account-session-paused-card { opacity: 0.85; }
 .batch-cat {
  margin-bottom: 10px;
  padding: 6px 8px;
  border-radius: 6px;
  background: rgba(255,255,255,0.03);
 }
 .batch-cat-head { display: flex; align-items: center; gap: 8px; margin-bottom: 4px; font-size: 13px; }
 .batch-cat-count { color: var(--text-muted); font-variant-numeric: tabular-nums; }
 .batch-cat-tag { font-size: 10px; padding: 1px 6px; border-radius: 4px; background: rgba(255,255,255,0.06); color: var(--text-muted); }
 .batch-cat-tag.retryable { background: rgba(76, 175, 80, 0.18); color: #a5d6a7; }
 .batch-cat-list { margin: 0; padding-left: 18px; font-size: 11px; color: var(--text-muted); }
 .batch-cat-list em { color: var(--text-muted); font-style: italic; }
 .account-hoster-group-body {
  padding: 8px;
  border-top: 1px solid var(--border);
 }
 .account-hoster-group .account-card { margin-bottom: 4px; }
 .account-hoster-group .account-card:last-child { margin-bottom: 0; }
 .account-status-dot.status-ok { background: #4caf50; }
 .account-status-dot.status-error { background: #e57373; }
 .account-status-dot.status-checking { background: #f0c36c; }
 .account-status-dot.status-unchecked { background: #6c757d; }
 .account-hoster-group-header .account-status-dot {
  width: 8px;
  height: 8px;
  border-radius: 50%;
  display: inline-block;
 }
 .accounts-empty {
  text-align: center;
--- a/tasks/lessons.md
+++ b/tasks/lessons.md
@ -29,36 +29,3 @@
 **Symptom:** User wartet 5+ min auf Tauri-Build den ich mit "1-2min" angekündigt habe.
 **Regel:** Tauri-Release-Builds brauchen real 3-6 min (Rust + NSIS + MSI). Keine Zeitangabe oder ehrlich "kann 3-6min dauern" schreiben.
 **Wie anwenden:** Wenn User nach Status fragt: sofort `tail` des Logs + `ls` des Bundle-Ordners zitieren, nicht raten.
 ## 2026-05-24 — Packaged-Electron Log-Pfade: nie __dirname/.. zum Schreiben
 **Symptom:** doodstream-debug.log hatte auf dem Server null aktuelle Einträge; nur alte Dev-Logs. Fehler "kein Filecode" war nicht diagnostizierbar.
 **Root cause:** `path.join(__dirname, '..', 'x.log')` zeigt im gepackten Build in `resources/app.asar` (read-only). `fs.appendFileSync` wirft EACCES, der `try/catch` schluckt es → null Production-Logs.
 **Regel:** Schreibbare Pfade IMMER über `app.getPath('userData')` (lazy `require('electron')`, Fallback `__dirname/..` nur für Tests/plain-node). Gilt für jede Datei die der gepackte App schreibt.
 **Wie anwenden:** Bei jedem neuen Log/Cache/State-File prüfen: wohin schreibt das im NSIS-Build? Nicht ins Install-Verzeichnis, nicht in asar.
 ## 2026-05-24 — Hoster-Fehler: echten Status surfacen, nicht generisch schlucken
 **Symptom:** "upload_result Seite hat keinen filecode (<leeres textarea>)" — nichtssagend; User dachte doodstream-Format geändert.
 **Root cause:** XFileSharing liefert den echten Grund im `st`-Feld (Error: duplicate / file too big / …). Code ignorierte `st` komplett und warf nur den leeren Body.
 **Regel:** Bei Hoster-Parsefehlern immer die Server-Statusfelder (st/msg/code) + Kontext (welcher CDN-Node, war filecode da) in die Fehlermeldung packen. Format-Struktur unverändert + leerer Inhalt = Backend-Ablehnung, kein Parsing-Bug.
 ## 2026-05-25 — Queue leer nach Update: Auto-Dedup zu aggressiv (nicht Save/Restore)
 **Symptom:** Queue gestoppt, App-Update -> nach Neustart Queue leer ("Dateien hierhin ziehen"). User dachte Save/Restore kaputt.
 **Root cause:** Queue WIRD korrekt gespeichert (pendingQueue) + restored. ABER `_autoDeduplicateFromLog` (läuft bei init nach restore) entfernte Jobs per `fileName|hoster`-Match gegen das GESAMTE Lifetime-fileuploader.log — UNABHÄNGIG vom Status. Pending 'preview'-Jobs, deren Datei früher mal hochgeladen wurde, flogen alle raus -> komplette Queue weg. "Update-spezifisch" nur weil der Server-App nur beim Update neustartet (normaler Restart hätte dasselbe getan).
 **Verifiziert:** Reale electron-config.json: 4 preview-Jobs, alle 4 Keys im Log -> alte Logik entfernt 4/4. Neue Logik (nur status==='done' droppen) entfernt 0/4.
 **Regel:** Auto-Cleanup/Dedup darf NIE pending/actionable User-Arbeit löschen. Nur genuin abgeschlossene ('done') Jobs decluttern. Lifetime-Logs sind Historie, nicht Session-Fortschritt — nicht als "schon erledigt"-Quelle für pending Jobs missbrauchen.
 **Wie anwenden:** Bei jeder Filter/Remove-Logik auf User-State: nach Status gaten, nicht nur nach Identitäts-Match gegen historische Daten.
 ## 2026-05-28 — Doodstream "kein Filecode": Web-Scraping ist die falsche Ebene, API ist der Fix
 **Symptom:** Wiederkehrend "kein Filecode — Server gab leeren Link zurueck" bei großen Dateien (~1GB/7min Upload), trotz 3.3.26-3.3.29. Queue voll roter Fehler.
 **Root cause (recherchiert + verifiziert):** Der Web-Upload holt den Filecode aus einem XFileSharing-HTML-Formular. Bei langen Uploads kommt das Formular leer zurück, weil (a) der per-Seitenaufruf sess_id-Token über den 7min-Upload altert UND (b) der server-seitige File-Registration-Callback (cgi-bin/fs.cgi-Äquivalent) unter Last timeoutet → kein file_code gemintet. Wichtig: Das ist KEIN async-delay — die Datei taucht NICHT später in der Liste auf (die Registrierung, die sie listen würde, ist genau das was failt). File-list-Polling (wie Byse) hilft hier also kaum.
 **Fix:** Die offizielle doodapi.co JSON-API nutzen, wenn ein API-Key da ist — sie liefert result[0].filecode DIREKT in JSON (kein HTML-Formular) und nutzt einen persistenten api_key (kein alternder sess_id). Git-Historie: die API war der ORIGINAL-Pfad (initial commit); Web-Login kam später nur "als Alternative zum API-Key" — Key-Bevorzugung stellt also den gedachten Primärpfad wieder her, kämpft nicht gegen eine bewusste Entscheidung.
 **Regel:** Bei Hoster-Integrationen die offizielle API der Web-Scraping-Ebene vorziehen wo möglich. Empty-form/codeless-2xx = Hoster-Backend-Flake (hosterTransient), Account NICHT als tot markieren — auf BEIDEN Pfaden (Web + API) gleich klassifizieren.
 **Voraussetzung:** Engagiert nur wenn der Doodstream-Account einen gültigen API-Key hat (doodstream.com/settings). Keyless-Accounts bleiben beim Web-Pfad.
 ## 2026-05-28 — Doodstream empty-form: live diagnosis confirmed API path is the fix
 **Verifiziert mit echtem Account-Key (read-only API-Calls):**
 - account/info → status 200, Key gültig, Storage unlimited. Premium ABGELAUFEN (2025-10-03) — Uploads gehen TROTZDEM.
 - upload/server → liefert gültigen Node (cv1130ed.cloudatacdn.com) auch ohne Premium → API-Upload-Pfad nutzbar.
 - file/list → 90.548 Dateien; Uploads landen server-seitig INTERMITTIEREND (viele Burn-Notice-Folgen genau im "Fehler"-Zeitfenster vorhanden). Das leere Formular ist also nicht "immer kaputt", sondern manchmal — der Web-Form-Registrierungs-Callback (fs-public.intconnect.net) timeoutet sporadisch.
 **Konsequenz:** API-Weg (result[0].filecode inline) umgeht den failenden Callback → richtiger Fix. file/list-Recovery ist NICHT tote Last (Dateien erscheinen ja) — aber bei 90k-Accounts MUSS man sort=created&order=desc erzwingen, sonst ist die frische Datei nicht auf Seite 1.
 **Regel:** Bei "geht manchmal/manchmal nicht" + Hoster mit offizieller API: erst per read-only API-Call (account/info, file/list) gegen den ECHTEN Account verifizieren statt am Client weiterzuraten. Das beendet Spekulations-Schleifen.
--- a/tasks/todo.md
+++ b/tasks/todo.md
@ -1,22 +1,28 @@
-# Feature: Per-Hoster Toggle "Links in fileuploader.log schreiben"
+# Account-Rotation: vollständiger Session-Lernprozess
-## Goal
+## Problem
-Pro Hoster ein-/ausschaltbar machen ob dessen erfolgreiche Upload-Links in die fileuploader.log geschrieben werden.
+1. Byse "disk space full" wurde als file-rejected klassifiziert → keine Rotation. (3.1.4 ✓)
 2. `pre-job-swap` checkte `_failedAccounts` VOR Semaphore-Acquire → alle parallelen Jobs probierten weiter den vollen Account. (3.1.5 ✓)
 3. Wenn beim ersten Fail noch kein Fallback-Account existierte und der User DANACH einen hinzufügt → `_accountOverrides` blieb leer, keine weitere `account-failed`-Emission (nur einmalig pro Account) → System blieb stuck bis zum Neustart. (3.1.5 ✓)
-## Plan
+## Fix
- [x] `lib/config-store.js` — `logToFile: true` zu `HOSTER_SETTINGS_DEFAULTS` (default an).
+- [x] `lib/upload-manager.js` — Pre-Job-Swap hinter `semaphore.acquire` verschoben, plus zwei public getter: `getFailedAccountKeys()`, `getOverride(hoster)`.
- [x] `renderer/app.js renderSettings` — Checkbox "Links in Log schreiben" pro Hoster-Panel (`data-hs="logToFile"`, type=checkbox).
+- [x] `main.js` — `save-config` IPC-Handler ruft nach dem Speichern `getNextFallbackAccount` für alle failed-ohne-Override accounts im aktiven UploadManager. Findet er was, ruft er `switchAccount`. Emittiert `account-switched` an den Renderer.
- [x] `renderer/app.js saveSettings` — collection-loop erweitert: checkbox → boolean.
+- [x] Tests (4 neue):
- [x] `lib/log-policy.js` (neu, testbar) — `hosterLogToFileEnabled(hosterSettings, hoster)`, opt-out semantics.
+  - pre-job-swap greift für parallele Worker nach Semaphore-Queue.
- [x] `main.js` — `shouldLogHosterToFile(hoster)` liest live uploadManager.hosterSettings, fallback configStore, dann default true. Guard vor appendUploadLog im done-handler.
+  - getFailedAccountKeys + getOverride als public API.
- [x] Tests: 8 log-policy + 2 config-store (default true, persist false). 147/147 grün.
+  - Neustart-Reset: fresh Manager hat keine gelernte failed-Historie.
- [x] ESLint clean. Backup-Import robust (default-true bei fehlendem key).
+  - Late-resolved Override wird von Folgejobs genutzt (mid-batch config add).
 - [x] `npm test` — 80/80 grün.
 - [ ] Release als 3.1.5 (auf User-OK).
-## Verifikation
+## Behavior-Matrix
- logToFile default true → bestehendes Verhalten unverändert für alle die's nicht togglen.
+| Szenario | Verhalten |
- Toggle off für Hoster X → uploads von X werden NICHT geloggt, andere Hoster weiter schon.
+|---|---|
- Live-Wirkung: `uploadManager.hosterSettings` wird via updateSettings aktualisiert → greift auch mid-batch nach save.
+| acc1 + acc2 gleich aktiv, acc1 wird voll | acc1→acc2 Rotation, alle weiteren Jobs direkt acc2 ✓ |
 | Nur acc1 aktiv, acc2 mid-batch hinzugefügt BEVOR acc1 voll | Erster Fail resolved gegen frische Config, acc2 wird gezogen ✓ |
 | Nur acc1 aktiv, acc1 wird voll, DANACH acc2 hinzugefügt | `save-config` trigert Late-Resolve, `switchAccount(acc2)` wird aufgerufen, Folgejobs swappen pre-job ✓ |
 | App-Neustart | `_failedAccounts` in-memory → fresh, acc1 wird wieder probiert ✓ |
-## Seiteneffekte zu prüfen
+## Review
- Backup-Import/Export: hosterSettings inkl. logToFile mitnehmen (sollte automatisch da generisches Objekt).
+Drei Ebenen zusammen (3.1.4 Classifier + 3.1.5 pre-swap-after-queue + 3.1.5 late-resolve) machen das Session-Lernen komplett: disk-space-voll wird erkannt, markiert, alle wartenden Jobs sehen es wenn sie dran sind, und spätere Config-Änderungen werden reaktiv aufgegriffen.
 - Settings-autosave (checkbox change-event ist bereits gehandhabt in der bind-loop).
--- a/tests/account-auth.test.js
+++ b/tests/account-auth.test.js
@ -1,44 +0,0 @@
 const { test } = require('node:test');
 const assert = require('node:assert');
 const { selectUploadAuth } = require('../lib/account-auth');
 test('doodstream prefers the API key even when username/password are also set', () => {
  const auth = selectUploadAuth('doodstream.com', {
    apiKey: 'KEY123', username: 'u', password: 'p'
  });
  assert.deepEqual(auth, { apiKey: 'KEY123' }); // API path — no username leaks through
 });
 test('doodstream with only username/password uses web login (keyless fallback)', () => {
  const auth = selectUploadAuth('doodstream.com', { username: 'u', password: 'p' });
  assert.deepEqual(auth, { username: 'u', password: 'p' });
 });
 test('doodstream with empty apiKey + creds falls back to web login (no false API route)', () => {
  const auth = selectUploadAuth('doodstream.com', { apiKey: '', username: 'u', password: 'p' });
  assert.deepEqual(auth, { username: 'u', password: 'p' });
 });
 test('doodstream with nothing usable returns empty', () => {
  assert.deepEqual(selectUploadAuth('doodstream.com', { apiKey: '', username: '', password: '' }), {});
 });
 test('voe.sx is unaffected by the doodstream special-case: username/password wins', () => {
  // voe also supports both, but the empty-form bug is doodstream-specific; do
  // not change voe routing.
  const auth = selectUploadAuth('voe.sx', { apiKey: 'VKEY', username: 'u', password: 'p' });
  assert.deepEqual(auth, { username: 'u', password: 'p' });
 });
 test('authType=api forces the API key for any hoster', () => {
  assert.deepEqual(selectUploadAuth('voe.sx', { authType: 'api', apiKey: 'K', username: 'u', password: 'p' }), { apiKey: 'K' });
 });
 test('api-key-only account (no creds) uses the key', () => {
  assert.deepEqual(selectUploadAuth('byse.sx', { apiKey: 'BKEY' }), { apiKey: 'BKEY' });
 });
 test('null / non-object account does not throw', () => {
  assert.deepEqual(selectUploadAuth('doodstream.com', null), {});
  assert.deepEqual(selectUploadAuth('doodstream.com', undefined), {});
 });
--- a/tests/coalesced-set.test.js
+++ b/tests/coalesced-set.test.js
@ -1,144 +0,0 @@
 const { test } = require('node:test');
 const assert = require('node:assert/strict');
 const { makeCoalescedSet } = require('../lib/coalesced-set');
 // Synchronous scheduler stand-in: collects callbacks instead of running
 // them, so tests can drive the timing explicitly.
 function makeManualScheduler() {
  const queue = [];
  const fn = (cb) => queue.push(cb);
  fn.flush = () => {
    while (queue.length) {
      const cb = queue.shift();
      cb();
    }
  };
  fn.queueLength = () => queue.length;
  return fn;
 }
 test('throws if apply callback missing', () => {
  assert.throws(() => makeCoalescedSet());
  assert.throws(() => makeCoalescedSet({}));
  assert.throws(() => makeCoalescedSet({ apply: 'not-a-fn' }));
 });
 test('multiple adds in one tick coalesce into one apply call', () => {
  const sched = makeManualScheduler();
  const calls = [];
  const cs = makeCoalescedSet({
    apply: (drop) => calls.push([...drop].sort()),
    scheduler: sched
  });
  cs.add('a'); cs.add('b'); cs.add('c');
  assert.equal(sched.queueLength(), 1, 'only one microtask scheduled');
  assert.equal(cs.pendingSize(), 3);
  sched.flush();
  assert.deepEqual(calls, [['a', 'b', 'c']]);
  assert.equal(cs.pendingSize(), 0);
 });
 test('duplicate adds are deduplicated', () => {
  const sched = makeManualScheduler();
  const calls = [];
  const cs = makeCoalescedSet({ apply: (d) => calls.push([...d]), scheduler: sched });
  cs.add('a'); cs.add('a'); cs.add('a');
  sched.flush();
  assert.deepEqual(calls, [['a']]);
 });
 test('two batches in series stay independent', () => {
  const sched = makeManualScheduler();
  const calls = [];
  const cs = makeCoalescedSet({ apply: (d) => calls.push([...d]), scheduler: sched });
  cs.add('x'); cs.add('y');
  sched.flush();
  cs.add('z');
  sched.flush();
  assert.deepEqual(calls, [['x', 'y'], ['z']]);
 });
 test('add after flush re-schedules a new microtask', () => {
  const sched = makeManualScheduler();
  const cs = makeCoalescedSet({ apply: () => {}, scheduler: sched });
  cs.add('a');
  assert.equal(sched.queueLength(), 1);
  sched.flush();
  assert.equal(sched.queueLength(), 0);
  assert.equal(cs.isScheduled(), false);
  cs.add('b');
  assert.equal(sched.queueLength(), 1, 'new add → new microtask');
 });
 test('drainSync flushes synchronously without waiting for scheduler', () => {
  const sched = makeManualScheduler();
  const calls = [];
  const cs = makeCoalescedSet({ apply: (d) => calls.push([...d]), scheduler: sched });
  cs.add('p'); cs.add('q');
  cs.drainSync();
  assert.deepEqual(calls, [['p', 'q']]);
  assert.equal(cs.pendingSize(), 0);
  // Pending microtask was for the same ids — when it runs, pending is empty
  // → apply NOT called twice.
  sched.flush();
  assert.equal(calls.length, 1, 'queued microtask is a no-op after drainSync');
 });
 test('drainSync on empty set is a no-op', () => {
  let called = 0;
  const cs = makeCoalescedSet({ apply: () => called++ });
  cs.drainSync();
  assert.equal(called, 0);
 });
 test('throwing apply does not lock out subsequent batches', () => {
  const sched = makeManualScheduler();
  let attempt = 0;
  const cs = makeCoalescedSet({
    apply: () => { attempt++; if (attempt === 1) throw new Error('boom'); },
    scheduler: sched
  });
  cs.add('a');
  // First flush throws inside apply but is swallowed; coalescer must still work.
  sched.flush();
  cs.add('b');
  sched.flush();
  assert.equal(attempt, 2, 'second batch still ran despite first throwing');
 });
 test('default scheduler is queueMicrotask (or Promise fallback) — runs eventually', async () => {
  const calls = [];
  const cs = makeCoalescedSet({ apply: (d) => calls.push([...d]) });
  cs.add('z');
  // Wait one microtask
  await Promise.resolve();
  assert.deepEqual(calls, [['z']]);
 });
 test('no-op tick: scheduler fires while pending is empty (e.g. drained)', () => {
  const sched = makeManualScheduler();
  let called = 0;
  const cs = makeCoalescedSet({ apply: () => called++, scheduler: sched });
  cs.add('a');
  cs.drainSync();
  assert.equal(called, 1);
  // Pending microtask still in queue → flush; pending is empty → apply NOT called again.
  sched.flush();
  assert.equal(called, 1);
 });
 test('large burst of 5000 adds coalesces to one apply call', () => {
  const sched = makeManualScheduler();
  const calls = [];
  const cs = makeCoalescedSet({ apply: (d) => calls.push(d.size), scheduler: sched });
  for (let i = 0; i < 5000; i++) cs.add('id-' + i);
  assert.equal(sched.queueLength(), 1);
  sched.flush();
  assert.deepEqual(calls, [5000]);
 });
--- a/tests/config-store.test.js
+++ b/tests/config-store.test.js
@ -56,28 +56,6 @@ describe('ConfigStore', () => {
    assert.equal(config.hosters['doodstream.com'][0].apiKey, 'test-key-123');
  });
  it('default logMode is "single"', () => {
    const config = store.load();
    assert.equal(config.globalSettings.logMode, 'single');
  });
  it('regression: legacy sessionLog:true on disk normalizes to logMode "daily" (NOT "session")', async () => {
    // Write a config with the legacy boolean only (what an existing user has).
    await store.save({ globalSettings: { sessionLog: true } });
    const config = store.load();
    // The misnamed legacy field MUST map to daily — mapping to "session" would
    // silently change every per-day user's behaviour on upgrade.
    assert.equal(config.globalSettings.logMode, 'daily');
  });
  it('logMode round-trips for all three values', async () => {
    for (const mode of ['single', 'daily', 'session']) {
      await store.save({ globalSettings: { logMode: mode } });
      const config = store.load();
      assert.equal(config.globalSettings.logMode, mode, `mode ${mode}`);
    }
  });
  it('load merges with defaults for missing hosters', () => {
    // Write partial config in old single-object format (triggers migration)
    fs.writeFileSync(store.filePath, JSON.stringify({
@ -102,21 +80,6 @@ describe('ConfigStore', () => {
    assert.equal(config.hosterSettings['voe.sx'].retries, 5);
    assert.equal(config.hosterSettings['voe.sx'].parallelCount, 2); // default
    assert.equal(config.hosterSettings['voe.sx'].maxSpeedKbs, 0); // default
    assert.equal(config.hosterSettings['voe.sx'].logToFile, true); // default on
  });
  it('logToFile defaults to true for every hoster', () => {
    const config = store.load();
    for (const name of ['doodstream.com', 'voe.sx', 'vidmoly.me', 'byse.sx', 'clouddrop.cc']) {
      assert.equal(config.hosterSettings[name].logToFile, true, `${name} should default logToFile=true`);
    }
  });
  it('logToFile=false persists and survives reload', async () => {
    await store.save({ hosterSettings: { 'voe.sx': { logToFile: false } } });
    const config = store.load();
    assert.equal(config.hosterSettings['voe.sx'].logToFile, false, 'explicit false preserved');
    assert.equal(config.hosterSettings['byse.sx'].logToFile, true, 'other hoster still defaults on');
  });
  it('save only updates provided sections', async () => {
--- a/tests/doodstream-api-upload.test.js
+++ b/tests/doodstream-api-upload.test.js
@ -1,105 +0,0 @@
 const { test, before, after } = require('node:test');
 const assert = require('node:assert');
 const fs = require('fs');
 const os = require('os');
 const path = require('path');
 // Mock the undici transport BEFORE requiring hosters so the destructured
 // `request` picks up our stub. apiGet (getUploadServer) uses global fetch, which
 // we override per-test. This exercises the FULL doodstream API upload + recovery
 // orchestration against the doc-verified response shapes — the gap between the
 // already-tested parseDoodstreamResult helper and the real uploadFile path.
 // (mock.module needs an experimental flag npm test doesn't pass, so we reassign
 // undici.request on the module object and refresh the hosters cache instead.)
 let requestRouter = async () => ({ statusCode: 200, headers: {}, body: { text: async () => '{}' } });
 const undici = require('undici');
 const _origUndiciRequest = undici.request;
 undici.request = (...a) => requestRouter(...a);
 delete require.cache[require.resolve('../lib/hosters')];
 const hostersMod = require('../lib/hosters');
 const { uploadFile } = hostersMod;
 let tmpFile;
 let origFetch;
 before(() => {
  tmpFile = path.join(os.tmpdir(), `dood-itest-${process.pid}.mkv`);
  fs.writeFileSync(tmpFile, Buffer.alloc(2048, 7));
  origFetch = global.fetch;
  // Keep the "never appears" recovery test fast (real default is 12 × 2.5 s).
  hostersMod.__test.DOODSTREAM_POLL.attempts = 3;
  hostersMod.__test.DOODSTREAM_POLL.delayMs = 5;
 });
 after(() => {
  global.fetch = origFetch;
  undici.request = _origUndiciRequest; // restore real transport for other test files
  delete require.cache[require.resolve('../lib/hosters')];
  try { fs.unlinkSync(tmpFile); } catch {}
 });
 // getUploadServer hits /api/upload/server via global fetch.
 function stubUploadServer() {
  global.fetch = async (url) => {
    if (/upload\/server/.test(String(url))) {
      return { status: 200, text: async () => JSON.stringify({ status: 200, result: 'https://node1.cloudatacdn.com/upload/01' }) };
    }
    return { status: 200, text: async () => '{"status":200}' };
  };
 }
 // Build an undici-style router. uploadBody is the POST result; listBodies is a
 // queue consumed by successive /api/file/list calls (baseline, then polls).
 function routeWith(uploadBody, listBodies = []) {
  return async (url, opts) => {
    const u = String(url);
    if (/\/api\/file\/list/.test(u)) {
      const body = listBodies.length ? listBodies.shift() : '{"status":200,"result":{"files":[]}}';
      return { statusCode: 200, headers: {}, body: { text: async () => body } };
    }
    // Upload POST: drain the streamed body so the file handle closes.
    if (opts && opts.body && typeof opts.body[Symbol.asyncIterator] === 'function') {
      for await (const chunk of opts.body) { if (chunk && chunk.length === -1) break; }
    }
    return { statusCode: uploadBody.status, headers: { 'content-type': 'application/json' }, body: { text: async () => uploadBody.body } };
  };
 }
 test('doodstream API upload: filecode returned directly is used', async () => {
  stubUploadServer();
  requestRouter = routeWith({
    status: 200,
    body: JSON.stringify({ status: 200, result: [{ filecode: 'DOODCODE1234', download_url: 'https://doodstream.com/d/DOODCODE1234', protected_embed: 'https://doodstream.com/e/DOODCODE1234' }] })
  });
  const res = await uploadFile('doodstream.com', tmpFile, 'VALIDKEY', null, null, null);
  assert.equal(res.file_code, 'DOODCODE1234');
  assert.equal(res.download_url, 'https://doodstream.com/d/DOODCODE1234');
 });
 test('doodstream API upload: codeless result recovered via file-list name match', async () => {
  stubUploadServer();
  const fileName = path.basename(tmpFile).replace(/\.[^.]+$/, ''); // title doodstream stores
  requestRouter = routeWith(
    { status: 200, body: JSON.stringify({ status: 200, msg: 'OK' }) }, // codeless upload
    [
      '{"status":200,"result":{"files":[]}}',                                  // baseline (pre-upload)
      `{"status":200,"result":{"files":[{"file_code":"RECOVER9999","title":"${fileName}"}]}}` // poll finds it
    ]
  );
  const res = await uploadFile('doodstream.com', tmpFile, 'VALIDKEY', null, null, null);
  assert.equal(res.file_code, 'RECOVER9999');
  assert.equal(res.download_url, 'https://doodstream.com/d/RECOVER9999');
 });
 test('doodstream API upload: codeless + file never appears → throws hosterTransient (no account poison)', async () => {
  stubUploadServer();
  requestRouter = routeWith(
    { status: 200, body: JSON.stringify({ status: 200, msg: 'OK' }) },
    [] // every file/list returns empty
  );
  await assert.rejects(
    () => uploadFile('doodstream.com', tmpFile, 'VALIDKEY', null, null, null),
    (err) => {
      assert.equal(err.hosterTransient, true, 'codeless result must be tagged hosterTransient');
      return true;
    }
  );
 });
--- a/tests/doodstream-upload.test.js
+++ b/tests/doodstream-upload.test.js
@ -1,214 +0,0 @@
 const { test } = require('node:test');
 const assert = require('node:assert');
 const DoodstreamUploader = require('../lib/doodstream-upload');
 // The CDN hands back an XFileSharing form. `fn` is the filecode, `st` is the
 // status ("OK" on success, an error string when the backend refuses the file).
 // These tests pin the parse/error behaviour of _parseUploadResponse without
 // touching the network — _fetch is stubbed to return the upload_result page.
 function cdnForm({ fn = '', st = 'OK' } = {}) {
  return `<HTML><BODY><Form name='F1' action='https://cdn.example/' method='POST'>` +
    `<textarea name="op">upload_result</textarea>` +
    `<textarea name="fn">${fn}</textarea>` +
    `<textarea name="st">${st}</textarea>` +
    `</Form></BODY></HTML>`;
 }
 const EMPTY_RESULT = '<textarea id="copy_dl" readonly class="form-control" rows="5"></textarea>';
 const LINK_RESULT = (code) => `<textarea id="copy_dl" readonly class="form-control" rows="5">https://myvidplay.com/d/${code}</textarea>`;
 function uploaderWithResult(resultHtml) {
  const up = new DoodstreamUploader();
  up._lastUploadUrl = 'https://cdn.example/upload/01';
  // Stub the second-step submit so no real request goes out.
  up._fetch = async () => ({ text: async () => resultHtml });
  return up;
 }
 test('rejected file: empty fn + non-OK st surfaces the real status', async () => {
  const up = uploaderWithResult(EMPTY_RESULT);
  await assert.rejects(
    () => up._parseUploadResponse(cdnForm({ fn: '', st: 'Error: file already exists' })),
    (err) => {
      assert.match(err.message, /lehnt Datei ab/);
      assert.match(err.message, /file already exists/);
      return true;
    }
  );
 });
 test('empty fn + st OK: generic error still reports st, fn-state and CDN node', async () => {
  const up = uploaderWithResult(EMPTY_RESULT);
  await assert.rejects(
    () => up._parseUploadResponse(cdnForm({ fn: '', st: 'OK' })),
    (err) => {
      assert.match(err.message, /kein Filecode/);
      assert.match(err.message, /st=OK/);
      assert.match(err.message, /fehlt\/leer/);
      assert.match(err.message, /cdn\.example/);
      return true;
    }
  );
 });
 test('valid fn but empty result page: still resolves via fn (no regression)', async () => {
  const up = uploaderWithResult(EMPTY_RESULT);
  const res = await up._parseUploadResponse(cdnForm({ fn: '7mnp8xna3123', st: 'OK' }));
  assert.equal(res.file_code, '7mnp8xna3123');
  assert.equal(res.download_url, 'https://doodstream.com/d/7mnp8xna3123');
 });
 test('happy path: link in result page wins', async () => {
  const up = uploaderWithResult(LINK_RESULT('jjsuhr931ds9'));
  const res = await up._parseUploadResponse(cdnForm({ fn: 'jjsuhr931ds9', st: 'OK' }));
  assert.equal(res.file_code, 'jjsuhr931ds9');
 });
 // --- _parseUploadFormFields: replicate the current upload form faithfully ---
 test('_parseUploadFormFields extracts the real form fields and excludes the file input', () => {
  const up = new DoodstreamUploader();
  const html = `
    <form name="file" enctype="multipart/form-data" action="https://uxg.cloudatacdn.com/upload/01?TOK" method="post">
      <input type="hidden" name="sess_id" value="TOK">
      <input name="file" type="file" size="30" id="filepc">
      <input name="fakefilepc" class="d-none" type="text" id="fakefilepc">
      <input type="text" name="file_title" class="form-control">
      <button type="submit" name="submit_btn" class="btn">Upload</button>
    </form>`;
  const f = up._parseUploadFormFields(html);
  assert.equal(f.sess_id, 'TOK');
  assert.equal(f.fakefilepc, '');
  assert.equal(f.file_title, '');
  assert.ok('submit_btn' in f);
  assert.ok(!('file' in f), 'the file input must be excluded (streamed separately)');
 });
 test('_parseUploadFormFields returns {} for markup without a form', () => {
  const up = new DoodstreamUploader();
  assert.deepEqual(up._parseUploadFormFields('<div>no form here</div>'), {});
  assert.deepEqual(up._parseUploadFormFields(''), {});
 });
 // --- deriveApiKey: pull + validate the account API key from the web session ---
 test('_extractApiKeyCandidates finds the key in an input value and ranks api-context first', () => {
  const up = new DoodstreamUploader();
  const html = `
    <input type="text" name="csrf" value="aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa">
    <div class="panel">API Key <input readonly value="bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb"></div>
  `;
  const cands = up._extractApiKeyCandidates(html);
  // The token whose preceding context mentions "API" must rank first.
  assert.equal(cands[0], 'bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb');
  assert.ok(cands.includes('aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'));
 });
 test('_extractApiKeyCandidates handles textarea + api_key: "x" shapes and empty input', () => {
  const up = new DoodstreamUploader();
  assert.deepEqual(up._extractApiKeyCandidates(''), []);
  const ta = up._extractApiKeyCandidates('<textarea id="k">cccccccccccccccccccccccccccccccc</textarea>');
  assert.ok(ta.includes('cccccccccccccccccccccccccccccccc'));
  const js = up._extractApiKeyCandidates('var x = {"api_key":"dddddddddddddddddddddddddddddddd"};');
  assert.ok(js.includes('dddddddddddddddddddddddddddddddd'));
 });
 test('deriveApiKey returns the candidate that validates against the API', async () => {
  const up = new DoodstreamUploader();
  up._fetch = async () => ({ text: async () => '<div>API Key <input value="REALKEY1234567890abcdefGHIJK"></div><input value="notthekey000000000000000000">' });
  up._validateApiKey = async (key) => key === 'REALKEY1234567890abcdefGHIJK';
  const key = await up.deriveApiKey();
  assert.equal(key, 'REALKEY1234567890abcdefGHIJK');
  assert.equal(up.apiKey, 'REALKEY1234567890abcdefGHIJK'); // cached on the instance
 });
 test('deriveApiKey returns null when no candidate validates (→ caller uses web fallback)', async () => {
  const up = new DoodstreamUploader();
  up._fetch = async () => ({ text: async () => '<input value="bogustoken0000000000000000000">' });
  up._validateApiKey = async () => false;
  assert.equal(await up.deriveApiKey(), null);
  assert.equal(up.apiKey, '');
 });
 test('deriveApiKey short-circuits when a key is already set', async () => {
  const up = new DoodstreamUploader();
  up.apiKey = 'PRESET';
  let fetched = false;
  up._fetch = async () => { fetched = true; return { text: async () => '' }; };
  assert.equal(await up.deriveApiKey(), 'PRESET');
  assert.equal(fetched, false);
 });
 // --- _fetch: transient network blips on the small requests self-heal ---
 test('_fetch retries a transient network failure then succeeds', async () => {
  const up = new DoodstreamUploader();
  const origFetch = globalThis.fetch;
  let calls = 0;
  globalThis.fetch = async () => {
    calls++;
    if (calls === 1) throw new TypeError('fetch failed');
    return { status: 200, headers: { getSetCookie: () => [], get: () => null }, text: async () => 'ok' };
  };
  try {
    const res = await up._fetch('https://example.test/x');
    assert.equal(calls, 2); // failed once, retried, succeeded
    assert.equal(await res.text(), 'ok');
  } finally {
    globalThis.fetch = origFetch;
  }
 });
 // --- _getUploadServer: discovery must never fall back to a hardcoded node ---
 function fakeRes(body, { status = 200, ctype = 'text/html' } = {}) {
  return { status, headers: { get: (h) => (h.toLowerCase() === 'content-type' ? ctype : null) }, text: async () => body };
 }
 test('getUploadServer: returns JSON result when present', async () => {
  const up = new DoodstreamUploader();
  up._fetch = async (url) => {
    assert.match(url, /op=upload_server/);
    return fakeRes(JSON.stringify({ result: 'https://node42.cloudatacdn.com/upload/01' }), { ctype: 'application/json' });
  };
  assert.equal(await up._getUploadServer(), 'https://node42.cloudatacdn.com/upload/01');
 });
 test('getUploadServer: falls back to srv_url in upload-page HTML', async () => {
  const up = new DoodstreamUploader();
  up._fetch = async (url) => {
    if (/op=upload_server/.test(url)) return fakeRes('<html>not json</html>');
    return fakeRes('<script>var srv_url: "https://node7.cloudatacdn.com/upload/01";</script>');
  };
  assert.equal(await up._getUploadServer(), 'https://node7.cloudatacdn.com/upload/01');
 });
 test('getUploadServer: parses current form-action node and refreshes sess_id from the same page', async () => {
  const up = new DoodstreamUploader();
  up.sessId = 'stale-from-login';
  up._fetch = async (url) => {
    if (/op=upload_server/.test(url)) return fakeRes('<html>not json</html>');
    return fakeRes('<form name="file" enctype="multipart/form-data" action="https://n9.cloudatacdn.com/upload/01?FRESH123" method="post"><input type="hidden" name="sess_id" value="FRESH123"></form>');
  };
  const url = await up._getUploadServer();
  assert.equal(url, 'https://n9.cloudatacdn.com/upload/01?FRESH123');
  assert.equal(up.sessId, 'FRESH123'); // critical: form-field token must match the node URL token
 });
 test('getUploadServer: un-escapes &amp; in the form-action query string', async () => {
  const up = new DoodstreamUploader();
  up._fetch = async (url) => {
    if (/op=upload_server/.test(url)) return fakeRes('<html>not json</html>');
    return fakeRes('<form name="file" enctype="multipart/form-data" action="https://n9.cloudatacdn.com/upload/01?a=1&amp;b=2" method="post"></form>');
  };
  assert.equal(await up._getUploadServer(), 'https://n9.cloudatacdn.com/upload/01?a=1&b=2');
 });
 test('getUploadServer: throws (no silent dead fallback) when discovery fails', async () => {
  const up = new DoodstreamUploader();
  up._fetch = async () => fakeRes('<html><body>login required</body></html>', { status: 200 });
  await assert.rejects(
    () => up._getUploadServer(),
    (err) => {
      assert.match(err.message, /konnte Upload-Server nicht ermitteln/);
      assert.doesNotMatch(err.message, /tr1128ve\.cloudatacdn\.com/); // never the hardcoded node
      return true;
    }
  );
 });
--- a/tests/file-probe.test.js
+++ b/tests/file-probe.test.js
@ -1,100 +0,0 @@
 const test = require('node:test');
 const assert = require('node:assert');
 const fs = require('fs');
 const os = require('os');
 const path = require('path');
 const { detectKind, isVideoLikeKind, probeFileHead, summarizeFileStat } = require('../lib/file-probe');
 function tmpWrite(name, buf) {
  const p = path.join(os.tmpdir(), `mhu-probe-${Date.now()}-${name}`);
  fs.writeFileSync(p, buf);
  return p;
 }
 test('detectKind recognizes ISO-MP4 (ftyp box at offset 4)', () => {
  const buf = Buffer.concat([Buffer.from([0x00, 0x00, 0x00, 0x20]), Buffer.from('ftypisom', 'ascii'), Buffer.alloc(8, 0)]);
  assert.strictEqual(detectKind(buf), 'mp4-iso');
  assert.strictEqual(isVideoLikeKind('mp4-iso'), true);
 });
 test('detectKind recognizes Matroska / WebM EBML header', () => {
  const buf = Buffer.from([0x1A, 0x45, 0xDF, 0xA3, 0x01, 0x00]);
  assert.strictEqual(detectKind(buf), 'matroska');
  assert.strictEqual(isVideoLikeKind('matroska'), true);
 });
 test('detectKind recognizes AVI (RIFF...AVI )', () => {
  const buf = Buffer.concat([Buffer.from('RIFF', 'ascii'), Buffer.from([0x00, 0x00, 0x00, 0x00]), Buffer.from('AVI ', 'ascii')]);
  assert.strictEqual(detectKind(buf), 'avi');
 });
 test('detectKind recognizes FLV', () => {
  const buf = Buffer.concat([Buffer.from('FLV', 'ascii'), Buffer.from([0x01])]);
  assert.strictEqual(detectKind(buf), 'flv');
 });
 test('detectKind recognizes ASF (WMV)', () => {
  const buf = Buffer.from([0x30, 0x26, 0xB2, 0x75, 0x00, 0x00]);
  assert.strictEqual(detectKind(buf), 'asf-wmv');
 });
 test('detectKind recognizes MPEG-PS (00 00 01 BA)', () => {
  const buf = Buffer.from([0x00, 0x00, 0x01, 0xBA, 0x00]);
  assert.strictEqual(detectKind(buf), 'mpeg-ps');
 });
 test('detectKind recognizes JPEG (non-video)', () => {
  const buf = Buffer.from([0xFF, 0xD8, 0xFF, 0xE0]);
  assert.strictEqual(detectKind(buf), 'jpeg');
  assert.strictEqual(isVideoLikeKind('jpeg'), false);
 });
 test('detectKind recognizes HTML response (non-video)', () => {
  const buf = Buffer.from('<!DOCTYPE html><html><head>', 'ascii');
  assert.strictEqual(detectKind(buf), 'html');
  assert.strictEqual(isVideoLikeKind('html'), false);
 });
 test('detectKind returns empty for zero-length and unknown for noise', () => {
  assert.strictEqual(detectKind(Buffer.alloc(0)), 'empty');
  assert.strictEqual(detectKind(Buffer.from([0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF])), 'unknown');
 });
 test('probeFileHead reads first bytes and returns hex + kind for an MP4-like file', async () => {
  const mp4Head = Buffer.concat([Buffer.from([0x00, 0x00, 0x00, 0x20]), Buffer.from('ftypisom', 'ascii'), Buffer.alloc(16, 0xAA)]);
  const p = tmpWrite('fake.mp4', mp4Head);
  try {
    const res = await probeFileHead(p, 64);
    assert.strictEqual(res.ok, true);
    assert.strictEqual(res.kind, 'mp4-iso');
    assert.strictEqual(res.isVideoLike, true);
    assert.ok(res.headHex.startsWith('0000002066747970'));
    assert.strictEqual(res.bytesRead, mp4Head.length);
  } finally {
    fs.unlinkSync(p);
  }
 });
 test('probeFileHead returns ok:false with kind=unreadable for missing file', async () => {
  const res = await probeFileHead(path.join(os.tmpdir(), `does-not-exist-${Date.now()}.mp4`), 32);
  assert.strictEqual(res.ok, false);
  assert.strictEqual(res.kind, 'unreadable');
  assert.ok(res.error);
 });
 test('summarizeFileStat returns size + mtime for a real file', () => {
  const p = tmpWrite('stat.bin', Buffer.alloc(123, 0xCC));
  try {
    const stat = summarizeFileStat(p);
    assert.strictEqual(stat.size, 123);
    assert.strictEqual(stat.isFile, true);
    assert.ok(stat.mtime);
  } finally {
    fs.unlinkSync(p);
  }
 });
 test('summarizeFileStat returns error for missing file', () => {
  const stat = summarizeFileStat(path.join(os.tmpdir(), `does-not-exist-${Date.now()}.bin`));
  assert.ok(stat.error);
 });
--- a/tests/hosters.test.js
+++ b/tests/hosters.test.js
@ -31,65 +31,4 @@ describe('hosters helpers', () => {
    assert.equal(url, 'https://delivery-hydra.voe-network.net/upload/01');
  });
  it('parseDoodstreamResult tolerates null/non-object payload without throwing', () => {
    // Direct callers may bypass uploadFile's normalisation. The parser must
    // never throw on bad input — empty fields are the contract.
    for (const bad of [null, undefined, 'string', 42, true]) {
      const r = __test.parseDoodstreamResult(bad);
      assert.equal(r.file_code, null);
      assert.equal(r.download_url, null);
      assert.equal(r.embed_url, null);
    }
  });
  it('parseDoodstreamResult handles result-as-array and result-as-object', () => {
    const arr = __test.parseDoodstreamResult({ result: [{ filecode: 'AB1', protected_dl: 'https://x/1', protected_embed: 'https://x/e/1' }] });
    assert.equal(arr.file_code, 'AB1');
    assert.equal(arr.download_url, 'https://x/1');
    assert.equal(arr.embed_url, 'https://x/e/1');
    const obj = __test.parseDoodstreamResult({ result: { filecode: 'OBJ1', download_url: 'https://x/2' } });
    assert.equal(obj.file_code, 'OBJ1');
    assert.equal(obj.download_url, 'https://x/2');
  });
  it('parseByseResult tolerates null/non-object payload without throwing', () => {
    for (const bad of [null, undefined, 'string', 42, []]) {
      const r = __test.parseByseResult(bad);
      assert.equal(r.file_code, null);
      assert.equal(r.download_url, null);
      assert.equal(r.embed_url, null);
    }
  });
  it('parseByseResult handles malformed files entries (null, missing fields)', () => {
    // Files array with a null first element (server returned [null])
    const a = __test.parseByseResult({ files: [null] });
    assert.equal(a.file_code, null);
    // Files array with object missing both filecode and status
    const b = __test.parseByseResult({ files: [{}] });
    assert.equal(b.file_code, null);
  });
  it('parseByseResult throws fileRejected for non-OK status with empty filecode', () => {
    assert.throws(
      () => __test.parseByseResult({ files: [{ status: 'Not video file format' }] }),
      (err) => err.fileRejected === true && /Not video file format/i.test(err.message)
    );
  });
  it('parseByseResult flips to accountError for storage-exhausted phrasing', () => {
    assert.throws(
      () => __test.parseByseResult({ files: [{ status: 'not enough disk space on your account' }] }),
      (err) => err.accountError === true
    );
  });
  it('parseByseResult succeeds with valid filecode in files[0]', () => {
    const r = __test.parseByseResult({ files: [{ filecode: 'GOOD123', status: 'OK' }] });
    assert.equal(r.file_code, 'GOOD123');
    assert.equal(r.download_url, 'https://byse.sx/d/GOOD123');
    assert.equal(r.embed_url, 'https://byse.sx/e/GOOD123');
  });
 });
--- a/tests/log-mode.test.js
+++ b/tests/log-mode.test.js
@ -1,140 +0,0 @@
 const { test } = require('node:test');
 const assert = require('node:assert');
 const { normalizeLogMode, resolveLogFileName, formatDateStamp, formatSessionStamp } = require('../lib/log-mode');
 // --- normalizeLogMode ---
 test('normalizeLogMode: default for empty/null/undefined is "single"', () => {
  assert.equal(normalizeLogMode(), 'single');
  assert.equal(normalizeLogMode(null), 'single');
  assert.equal(normalizeLogMode({}), 'single');
 });
 test('normalizeLogMode: explicit logMode wins for all three valid values', () => {
  assert.equal(normalizeLogMode({ logMode: 'single' }), 'single');
  assert.equal(normalizeLogMode({ logMode: 'daily' }), 'daily');
  assert.equal(normalizeLogMode({ logMode: 'session' }), 'session');
 });
 test('regression: legacy sessionLog:true maps to "daily", NOT "session"', () => {
  // The legacy boolean field was named after a misnomer — it actually toggled
  // per-day logging. Mapping it to "session" would silently flip every existing
  // per-day user onto per-session, which is exactly the bug the migration trap
  // exists to prevent.
  assert.equal(normalizeLogMode({ sessionLog: true }), 'daily');
 });
 test('normalizeLogMode: sessionLog:false / missing maps to "single"', () => {
  assert.equal(normalizeLogMode({ sessionLog: false }), 'single');
 });
 test('normalizeLogMode: explicit logMode beats the legacy sessionLog field', () => {
  // Once a user picks a mode in 3.3.35+, the legacy boolean must NOT override.
  assert.equal(normalizeLogMode({ logMode: 'session', sessionLog: true }), 'session');
  assert.equal(normalizeLogMode({ logMode: 'single', sessionLog: true }), 'single');
 });
 test('normalizeLogMode: invalid logMode strings fall through to single (or legacy if present)', () => {
  assert.equal(normalizeLogMode({ logMode: 'lolnope' }), 'single');
  assert.equal(normalizeLogMode({ logMode: '' }), 'single');
  assert.equal(normalizeLogMode({ logMode: 'lolnope', sessionLog: true }), 'daily');
 });
 // --- resolveLogFileName ---
 test('resolveLogFileName: single mode → bare basename + ext', () => {
  assert.equal(
    resolveLogFileName({ baseName: 'fileuploader', ext: '.log', mode: 'single' }),
    'fileuploader.log'
  );
 });
 test('resolveLogFileName: daily mode → fileuploader-YYYY-MM-DD.log', () => {
  const d = new Date(2026, 4, 28); // May 28, 2026 — month is 0-indexed
  assert.equal(
    resolveLogFileName({ baseName: 'fileuploader', ext: '.log', mode: 'daily', date: d }),
    'fileuploader-2026-05-28.log'
  );
 });
 test('resolveLogFileName: session mode → fileuploader-session-<id>.log', () => {
  assert.equal(
    resolveLogFileName({ baseName: 'fileuploader', ext: '.log', mode: 'session', sessionId: '2026-05-28_22-44-52-12345' }),
    'fileuploader-session-2026-05-28_22-44-52-12345.log'
  );
 });
 test('resolveLogFileName: session mode with missing sessionId falls back to single (never emits malformed name)', () => {
  assert.equal(
    resolveLogFileName({ baseName: 'fileuploader', ext: '.log', mode: 'session' }),
    'fileuploader.log'
  );
 });
 test('resolveLogFileName: unknown mode is treated as single', () => {
  assert.equal(
    resolveLogFileName({ baseName: 'fileuploader', ext: '.log', mode: 'lolnope' }),
    'fileuploader.log'
  );
 });
 // --- stripModeStampFromFileName ---
 const { stripModeStampFromFileName } = require('../lib/log-mode');
 test('stripModeStampFromFileName: leaves bare names alone', () => {
  assert.equal(stripModeStampFromFileName('fileuploader.log'), 'fileuploader.log');
  assert.equal(stripModeStampFromFileName('fileuploader'), 'fileuploader');
 });
 test('stripModeStampFromFileName: strips a daily YYYY-MM-DD suffix', () => {
  assert.equal(stripModeStampFromFileName('fileuploader-2026-06-03.log'), 'fileuploader.log');
 });
 test('stripModeStampFromFileName: strips a session-stamp suffix (with and without pid)', () => {
  assert.equal(
    stripModeStampFromFileName('fileuploader-session-2026-06-03_18-16-20-8132.log'),
    'fileuploader.log'
  );
  assert.equal(
    stripModeStampFromFileName('fileuploader-session-2026-06-03_18-16-20.log'),
    'fileuploader.log'
  );
 });
 test('regression: resolveLogFileName(stripModeStampFromFileName(...)) is idempotent — persisting then re-resolving never compounds stamps', () => {
  // This is the exact bug shape: persist the resolved path, then on next call
  // re-resolve from the saved base — must produce the same file, not a doubled
  // session-stamped one. The fix is the strip; this test guards against
  // regressing _persistFallbackLogPath into the 3.3.35 bug.
  const sessionId = '2026-06-03_18-16-20-8132';
  const dailyDate = new Date(2026, 5, 3);
  for (const mode of ['daily', 'session']) {
    const date = mode === 'daily' ? dailyDate : new Date();
    const initial = resolveLogFileName({ baseName: 'fileuploader', ext: '.log', mode, date, sessionId });
    const stripped = stripModeStampFromFileName(initial);
    // After strip, the base should be back to the bare name.
    assert.equal(stripped, 'fileuploader.log', `${mode}: strip should produce bare base`);
    // Re-resolving from the bare base gives the same final filename — no doubling.
    const reBase = stripped.replace(/\.log$/, '');
    const second = resolveLogFileName({ baseName: reBase, ext: '.log', mode, date, sessionId });
    assert.equal(second, initial, `${mode}: round-trip must be idempotent`);
  }
 });
 // --- format helpers ---
 test('formatDateStamp: zero-pads month and day', () => {
  assert.equal(formatDateStamp(new Date(2026, 0, 3)), '2026-01-03');
  assert.equal(formatDateStamp(new Date(2026, 11, 31)), '2026-12-31');
 });
 test('formatSessionStamp: produces YYYY-MM-DD_HH-MM-SS-pid', () => {
  const d = new Date(2026, 4, 28, 7, 9, 5);
  assert.equal(formatSessionStamp(d, 12345), '2026-05-28_07-09-05-12345');
 });
 test('formatSessionStamp: omits the pid suffix when none provided', () => {
  const d = new Date(2026, 4, 28, 22, 44, 52);
  assert.equal(formatSessionStamp(d), '2026-05-28_22-44-52');
 });
--- a/tests/log-policy.test.js
+++ b/tests/log-policy.test.js
@ -1,52 +0,0 @@
 const { test } = require('node:test');
 const assert = require('node:assert/strict');
 const { hosterLogToFileEnabled } = require('../lib/log-policy');
 test('enabled by default when settings missing entirely', () => {
  assert.equal(hosterLogToFileEnabled(null, 'voe.sx'), true);
  assert.equal(hosterLogToFileEnabled(undefined, 'voe.sx'), true);
  assert.equal(hosterLogToFileEnabled('not-an-object', 'voe.sx'), true);
 });
 test('enabled when hoster has no settings entry', () => {
  assert.equal(hosterLogToFileEnabled({}, 'voe.sx'), true);
  assert.equal(hosterLogToFileEnabled({ 'byse.sx': { logToFile: false } }, 'voe.sx'), true);
 });
 test('enabled when hoster entry has no logToFile key (back-compat with old configs)', () => {
  assert.equal(hosterLogToFileEnabled({ 'voe.sx': { retries: 3 } }, 'voe.sx'), true);
 });
 test('enabled when logToFile is explicitly true', () => {
  assert.equal(hosterLogToFileEnabled({ 'voe.sx': { logToFile: true } }, 'voe.sx'), true);
 });
 test('DISABLED only when logToFile is explicitly false', () => {
  assert.equal(hosterLogToFileEnabled({ 'voe.sx': { logToFile: false } }, 'voe.sx'), false);
 });
 test('truthy-but-not-true values do not accidentally disable', () => {
  // Only the strict boolean false disables — guards against e.g. a stored 0/""
  assert.equal(hosterLogToFileEnabled({ 'voe.sx': { logToFile: 0 } }, 'voe.sx'), true);
  assert.equal(hosterLogToFileEnabled({ 'voe.sx': { logToFile: '' } }, 'voe.sx'), true);
  assert.equal(hosterLogToFileEnabled({ 'voe.sx': { logToFile: null } }, 'voe.sx'), true);
  assert.equal(hosterLogToFileEnabled({ 'voe.sx': { logToFile: undefined } }, 'voe.sx'), true);
 });
 test('per-hoster independence: one off, others on', () => {
  const settings = {
    'voe.sx': { logToFile: false },
    'byse.sx': { logToFile: true },
    'doodstream.com': { retries: 3 }
  };
  assert.equal(hosterLogToFileEnabled(settings, 'voe.sx'), false);
  assert.equal(hosterLogToFileEnabled(settings, 'byse.sx'), true);
  assert.equal(hosterLogToFileEnabled(settings, 'doodstream.com'), true);
  assert.equal(hosterLogToFileEnabled(settings, 'clouddrop.cc'), true); // not present → on
 });
 test('malformed hoster entry (string/number) defaults to on', () => {
  assert.equal(hosterLogToFileEnabled({ 'voe.sx': 'broken' }, 'voe.sx'), true);
  assert.equal(hosterLogToFileEnabled({ 'voe.sx': 42 }, 'voe.sx'), true);
 });
--- a/tests/log-rotation.test.js
+++ b/tests/log-rotation.test.js
@ -1,134 +0,0 @@
 const { test, beforeEach, afterEach } = require('node:test');
 const assert = require('node:assert/strict');
 const fs = require('fs');
 const path = require('path');
 const os = require('os');
 const { maybeRotateLogFile } = require('../lib/log-rotation');
 let tmpDir;
 let logFile;
 beforeEach(() => {
  tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), 'mhu-log-rotation-'));
  logFile = path.join(tmpDir, 'fileuploader.log');
 });
 afterEach(() => {
  try { fs.rmSync(tmpDir, { recursive: true, force: true }); } catch {}
 });
 function writeBytes(p, n, fill = 'a') {
  fs.writeFileSync(p, fill.repeat(n), 'utf-8');
 }
 test('returns false and skips rotation when file does not exist', () => {
  const result = maybeRotateLogFile(logFile, 100);
  assert.equal(result, false);
  assert.equal(fs.existsSync(logFile), false);
 });
 test('returns false when file is below the size cap', () => {
  writeBytes(logFile, 50);
  const result = maybeRotateLogFile(logFile, 100);
  assert.equal(result, false);
  assert.equal(fs.statSync(logFile).size, 50, 'live file untouched');
  assert.equal(fs.existsSync(logFile + '.1'), false, 'no .1 created');
 });
 test('rotates live file to .1 when over cap', () => {
  writeBytes(logFile, 200, 'X');
  const result = maybeRotateLogFile(logFile, 100, 3);
  assert.equal(result, true);
  assert.equal(fs.existsSync(logFile), false, 'live file moved away');
  const expectedBackup = path.join(tmpDir, 'fileuploader.1.log');
  assert.equal(fs.existsSync(expectedBackup), true, '.1 backup exists');
  assert.equal(fs.statSync(expectedBackup).size, 200);
 });
 test('shifts existing backups up: .1 → .2, .2 → .3 on rotation', () => {
  writeBytes(path.join(tmpDir, 'fileuploader.2.log'), 10, 'B');
  writeBytes(path.join(tmpDir, 'fileuploader.1.log'), 20, 'A');
  writeBytes(logFile, 200, 'L');
  const result = maybeRotateLogFile(logFile, 100, 3);
  assert.equal(result, true);
  // Live file → .1 (latest live data)
  assert.equal(fs.statSync(path.join(tmpDir, 'fileuploader.1.log')).size, 200);
  // Old .1 → .2
  assert.equal(fs.statSync(path.join(tmpDir, 'fileuploader.2.log')).size, 20);
  // Old .2 → .3
  assert.equal(fs.statSync(path.join(tmpDir, 'fileuploader.3.log')).size, 10);
 });
 test('drops oldest backup when at maxBackups limit', () => {
  // Pre-populate all three backup slots.
  writeBytes(path.join(tmpDir, 'fileuploader.3.log'), 5, 'C');  // oldest, will be dropped
  writeBytes(path.join(tmpDir, 'fileuploader.2.log'), 10, 'B');
  writeBytes(path.join(tmpDir, 'fileuploader.1.log'), 20, 'A');
  writeBytes(logFile, 200, 'L');
  const result = maybeRotateLogFile(logFile, 100, 3);
  assert.equal(result, true);
  // Old .3 (5 bytes 'C') gone, replaced by old .2.
  const f3 = fs.statSync(path.join(tmpDir, 'fileuploader.3.log'));
  assert.equal(f3.size, 10, 'old .2 became new .3 (the C-file was dropped)');
  // .2 = old .1
  assert.equal(fs.statSync(path.join(tmpDir, 'fileuploader.2.log')).size, 20);
  // .1 = the live file we just rotated
  assert.equal(fs.statSync(path.join(tmpDir, 'fileuploader.1.log')).size, 200);
 });
 test('is idempotent — second call on still-large file rotates again', () => {
  writeBytes(logFile, 200, 'X');
  maybeRotateLogFile(logFile, 100, 3);
  // Simulate fresh writes after the first rotation
  writeBytes(logFile, 200, 'Y');
  const result = maybeRotateLogFile(logFile, 100, 3);
  assert.equal(result, true);
  // The .Y file is now .1, the .X file moved to .2
  assert.equal(fs.readFileSync(path.join(tmpDir, 'fileuploader.1.log'), 'utf-8')[0], 'Y');
  assert.equal(fs.readFileSync(path.join(tmpDir, 'fileuploader.2.log'), 'utf-8')[0], 'X');
 });
 test('maxBackups=1: only keeps a single .1 backup, never .2', () => {
  writeBytes(logFile, 200, 'L');
  maybeRotateLogFile(logFile, 100, 1);
  writeBytes(logFile, 200, 'M');
  maybeRotateLogFile(logFile, 100, 1);
  // .1 holds the latest rotated content (M)
  assert.equal(fs.readFileSync(path.join(tmpDir, 'fileuploader.1.log'), 'utf-8')[0], 'M');
  // .2 must NOT exist
  assert.equal(fs.existsSync(path.join(tmpDir, 'fileuploader.2.log')), false);
 });
 test('invalid maxBytes (0, negative, NaN) is a no-op', () => {
  writeBytes(logFile, 1000, 'X');
  for (const max of [0, -1, NaN]) {
    const r = maybeRotateLogFile(logFile, max);
    assert.equal(r, false, `maxBytes=${max} should be no-op`);
  }
  assert.equal(fs.existsSync(logFile), true);
  assert.equal(fs.existsSync(logFile + '.1'), false);
 });
 test('logs through provided debug callback on rotation', () => {
  writeBytes(logFile, 200, 'X');
  const messages = [];
  maybeRotateLogFile(logFile, 100, 3, (m) => messages.push(m));
  assert.ok(messages.length >= 1, 'at least one log message');
  assert.ok(messages.some(m => m.includes('rotated')), `expected "rotated" in: ${messages.join(' | ')}`);
 });
 test('handles file without extension correctly', () => {
  const noExtFile = path.join(tmpDir, 'plainlog');
  writeBytes(noExtFile, 200, 'P');
  const result = maybeRotateLogFile(noExtFile, 100, 3);
  assert.equal(result, true);
  // base = the full path, ext = '', so backup name is "plainlog.1"
  assert.equal(fs.existsSync(path.join(tmpDir, 'plainlog.1')), true);
  assert.equal(fs.existsSync(noExtFile), false);
 });
--- a/tests/queue-dedup.test.js
+++ b/tests/queue-dedup.test.js
@ -1,72 +0,0 @@
 const { test } = require('node:test');
 const assert = require('node:assert');
 const { partitionRestoredJobsByLog } = require('../lib/queue-dedup');
 function job(status, fileName, hoster) {
  return { status, fileName, hoster, file: `C:/dl/${fileName}` };
 }
 test('regression: pending preview jobs are NEVER dropped, even when all match the log', () => {
  // Exact shape of the reproduced bug: 4 preview jobs for one file across 4
  // hosters, every fileName|hoster present in the lifetime upload log.
  const jobs = [
    job('preview', 'Einfach mal die Fresse halten!!!.mp4', 'doodstream.com'),
    job('preview', 'Einfach mal die Fresse halten!!!.mp4', 'voe.sx'),
    job('preview', 'Einfach mal die Fresse halten!!!.mp4', 'vidmoly.me'),
    job('preview', 'Einfach mal die Fresse halten!!!.mp4', 'byse.sx')
  ];
  const log = [
    { fileName: 'Einfach mal die Fresse halten!!!.mp4', hoster: 'doodstream.com' },
    { fileName: 'Einfach mal die Fresse halten!!!.mp4', hoster: 'voe.sx' },
    { fileName: 'Einfach mal die Fresse halten!!!.mp4', hoster: 'vidmoly.me' },
    { fileName: 'Einfach mal die Fresse halten!!!.mp4', hoster: 'byse.sx' }
  ];
  const { kept, removed } = partitionRestoredJobsByLog(jobs, log);
  assert.equal(removed.length, 0, 'no pending job may be removed');
  assert.equal(kept.length, 4, 'all 4 pending jobs survive restart/update');
 });
 test('done jobs in the log are dropped (declutter); pending/error/aborted kept', () => {
  const jobs = [
    job('done', 'a.mkv', 'doodstream.com'),
    job('preview', 'a.mkv', 'voe.sx'),
    job('error', 'b.mkv', 'doodstream.com'),
    job('aborted', 'c.mkv', 'doodstream.com')
  ];
  const log = [
    { fileName: 'a.mkv', hoster: 'doodstream.com' },
    { fileName: 'a.mkv', hoster: 'voe.sx' },
    { fileName: 'b.mkv', hoster: 'doodstream.com' },
    { fileName: 'c.mkv', hoster: 'doodstream.com' }
  ];
  const { kept, removed } = partitionRestoredJobsByLog(jobs, log);
  assert.equal(removed.length, 1);
  assert.equal(removed[0].status, 'done');
  assert.equal(removed[0].hoster, 'doodstream.com');
  // The preview a.mkv|voe.sx, error b.mkv, aborted c.mkv all survive.
  assert.equal(kept.length, 3);
  assert.ok(kept.some(j => j.status === 'preview' && j.hoster === 'voe.sx'));
  assert.ok(kept.some(j => j.status === 'error'));
  assert.ok(kept.some(j => j.status === 'aborted'));
 });
 test('done job NOT in the log is kept (e.g. hoster had logToFile disabled)', () => {
  const jobs = [job('done', 'd.mkv', 'doodstream.com')];
  const { kept, removed } = partitionRestoredJobsByLog(jobs, []);
  assert.equal(removed.length, 0);
  assert.equal(kept.length, 1);
 });
 test('case-insensitive match on fileName and hoster', () => {
  const jobs = [job('done', 'Movie.MKV', 'DoodStream.com')];
  const log = [{ fileName: 'movie.mkv', hoster: 'doodstream.com' }];
  const { removed } = partitionRestoredJobsByLog(jobs, log);
  assert.equal(removed.length, 1);
 });
 test('empty/missing inputs do not throw', () => {
  assert.deepEqual(partitionRestoredJobsByLog([], []), { kept: [], removed: [] });
  assert.deepEqual(partitionRestoredJobsByLog(null, null), { kept: [], removed: [] });
  const jobs = [job('done', 'x.mkv', 'voe.sx')];
  assert.equal(partitionRestoredJobsByLog(jobs, undefined).kept.length, 1);
 });
--- a/tests/queue-prune.test.js
+++ b/tests/queue-prune.test.js
@ -1,115 +0,0 @@
 const { test } = require('node:test');
 const assert = require('node:assert/strict');
 const { pruneOldestTerminalJobs, TERMINAL_STATUSES } = require('../lib/queue-prune');
 const j = (id, status) => ({ id, status });
 test('returns null on empty / non-array input', () => {
  assert.equal(pruneOldestTerminalJobs([], 5), null);
  assert.equal(pruneOldestTerminalJobs(null, 5), null);
  assert.equal(pruneOldestTerminalJobs(undefined, 5), null);
 });
 test('returns null when all jobs are non-terminal regardless of limit', () => {
  const jobs = [j('a', 'queued'), j('b', 'uploading'), j('c', 'preview')];
  assert.equal(pruneOldestTerminalJobs(jobs, 0), null);
  assert.equal(pruneOldestTerminalJobs(jobs, 100), null);
 });
 test('returns null when terminal count is at or under the limit', () => {
  const jobs = [j('a', 'done'), j('b', 'done'), j('c', 'queued')];
  assert.equal(pruneOldestTerminalJobs(jobs, 2), null, 'terminal=2, limit=2 → no-op');
  assert.equal(pruneOldestTerminalJobs(jobs, 3), null, 'terminal=2, limit=3 → no-op');
 });
 test('drops oldest terminal jobs when over the limit, keeps non-terminal', () => {
  const jobs = [
    j('t1', 'done'),     // oldest terminal — should be dropped
    j('t2', 'done'),     // should be dropped
    j('queued1', 'queued'),
    j('t3', 'error'),    // newest of the dropped block
    j('uploading1', 'uploading'),
    j('t4', 'done'),     // kept (within limit window)
    j('t5', 'skipped'),  // kept
    j('t6', 'aborted'),  // kept
  ];
  // 6 terminal, limit 3 → drop 3 oldest (t1, t2, t3)
  const result = pruneOldestTerminalJobs(jobs, 3);
  assert.notEqual(result, null);
  const droppedIds = result.dropped.map(x => x.id).sort();
  assert.deepEqual(droppedIds, ['t1', 't2', 't3']);
  // Non-terminal jobs always kept; surviving terminals are the newest 3
  const keptIds = result.kept.map(x => x.id);
  assert.deepEqual(keptIds, ['queued1', 'uploading1', 't4', 't5', 't6']);
 });
 test('respects insertion order (oldest by index, not by status)', () => {
  const jobs = [
    j('older-error', 'error'),
    j('newer-done', 'done'),
    j('newest-aborted', 'aborted'),
  ];
  const result = pruneOldestTerminalJobs(jobs, 1);
  assert.deepEqual(result.dropped.map(x => x.id), ['older-error', 'newer-done']);
  assert.deepEqual(result.kept.map(x => x.id), ['newest-aborted']);
 });
 test('drops everything terminal when limit is 0', () => {
  const jobs = [
    j('q', 'queued'),
    j('d1', 'done'),
    j('d2', 'done'),
    j('e1', 'error'),
  ];
  const result = pruneOldestTerminalJobs(jobs, 0);
  assert.deepEqual(result.dropped.map(x => x.id), ['d1', 'd2', 'e1']);
  assert.deepEqual(result.kept.map(x => x.id), ['q']);
 });
 test('rejects negative or non-finite limits', () => {
  const jobs = [j('a', 'done'), j('b', 'done')];
  assert.equal(pruneOldestTerminalJobs(jobs, -1), null);
  assert.equal(pruneOldestTerminalJobs(jobs, NaN), null);
  assert.equal(pruneOldestTerminalJobs(jobs, Infinity), null,
    'Infinity is technically not finite; safer to treat as no-op');
 });
 test('TERMINAL_STATUSES set covers all 4 terminal kinds', () => {
  assert.ok(TERMINAL_STATUSES.has('done'));
  assert.ok(TERMINAL_STATUSES.has('skipped'));
  assert.ok(TERMINAL_STATUSES.has('error'));
  assert.ok(TERMINAL_STATUSES.has('aborted'));
  assert.equal(TERMINAL_STATUSES.size, 4);
  // Non-terminal must not be in the set
  for (const s of ['queued', 'preview', 'uploading', 'retrying', 'getting-server']) {
    assert.equal(TERMINAL_STATUSES.has(s), false, `${s} must not be terminal`);
  }
 });
 test('handles malformed entries (null / missing status) without throwing', () => {
  const jobs = [
    null,
    j('a', 'done'),
    { id: 'no-status' }, // no status
    j('b', 'done'),
  ];
  // 2 terminal, limit 1 → drop oldest (a). null and no-status entries stay
  // because they aren't terminal. The function must not throw on them.
  const result = pruneOldestTerminalJobs(jobs, 1);
  assert.notEqual(result, null);
  assert.deepEqual(result.dropped.map(x => x && x.id), ['a']);
  assert.equal(result.kept.length, 3);
 });
 test('large queue: keeps the newest `limit` terminals', () => {
  const jobs = [];
  for (let i = 0; i < 5000; i++) jobs.push(j(`done-${i}`, 'done'));
  const result = pruneOldestTerminalJobs(jobs, 500);
  assert.notEqual(result, null);
  assert.equal(result.dropped.length, 4500);
  assert.equal(result.kept.length, 500);
  // First kept = done-4500 (the 4501st original entry)
  assert.equal(result.kept[0].id, 'done-4500');
  assert.equal(result.kept[result.kept.length - 1].id, 'done-4999');
 });
--- a/tests/stats.test.js
+++ b/tests/stats.test.js
@ -1,132 +0,0 @@
 const test = require('node:test');
 const assert = require('node:assert');
 const {
  summarizePerHoster,
  classifyErrorCategory,
  summarizeBatchErrors,
  isRetryableCategory
 } = require('../lib/stats');
 function makeBatch(timestamp, results) {
  return {
    id: 'b-' + timestamp,
    timestamp: new Date(timestamp).toISOString(),
    files: [{ name: 'foo.mp4', size: 1, results }]
  };
 }
 test('summarizePerHoster counts ok and fail per hoster across all batches', () => {
  const history = [
    makeBatch(1, [
      { hoster: 'voe.sx', status: 'done' },
      { hoster: 'byse.sx', status: 'error', error: 'Not video file format' }
    ]),
    makeBatch(2, [
      { hoster: 'voe.sx', status: 'done' },
      { hoster: 'voe.sx', status: 'error', error: 'CSRF' },
      { hoster: 'byse.sx', status: 'done' }
    ])
  ];
  const s = summarizePerHoster(history);
  assert.strictEqual(s['voe.sx'].ok, 2);
  assert.strictEqual(s['voe.sx'].fail, 1);
  assert.strictEqual(s['voe.sx'].total, 3);
  assert.strictEqual(Math.round(s['voe.sx'].rate * 100), 67);
  assert.strictEqual(s['byse.sx'].ok, 1);
  assert.strictEqual(s['byse.sx'].fail, 1);
  assert.strictEqual(s['byse.sx'].rate, 0.5);
 });
 test('summarizePerHoster honors sinceMs cutoff', () => {
  const history = [
    makeBatch(1000, [{ hoster: 'voe.sx', status: 'done' }]),
    makeBatch(5000, [{ hoster: 'voe.sx', status: 'error', error: 'x' }])
  ];
  const s = summarizePerHoster(history, { sinceMs: 3000 });
  assert.strictEqual(s['voe.sx'].ok, 0);
  assert.strictEqual(s['voe.sx'].fail, 1);
 });
 test('summarizePerHoster honors lastNBatches (newest first)', () => {
  const history = [
    makeBatch(1000, [{ hoster: 'voe.sx', status: 'done' }]),
    makeBatch(2000, [{ hoster: 'voe.sx', status: 'done' }]),
    makeBatch(3000, [{ hoster: 'voe.sx', status: 'error', error: 'x' }])
  ];
  const s = summarizePerHoster(history, { lastNBatches: 1 });
  assert.strictEqual(s['voe.sx'].ok, 0);
  assert.strictEqual(s['voe.sx'].fail, 1);
 });
 test('summarizePerHoster handles empty / malformed input', () => {
  assert.deepStrictEqual(summarizePerHoster(null), {});
  assert.deepStrictEqual(summarizePerHoster([]), {});
  assert.deepStrictEqual(summarizePerHoster([{ id: 'x', files: null }]), {});
 });
 test('classifyErrorCategory: file-rejected phrases', () => {
  assert.strictEqual(classifyErrorCategory('Byse lehnte Datei ab: Not video file format'), 'file-rejected');
  assert.strictEqual(classifyErrorCategory('Duplicate file already exists'), 'file-rejected');
  assert.strictEqual(classifyErrorCategory('Datei zu groß (Max: 5 GB)'), 'file-rejected');
 });
 test('classifyErrorCategory: account-error phrases', () => {
  assert.strictEqual(classifyErrorCategory('Quota exceeded'), 'account-error');
  assert.strictEqual(classifyErrorCategory('account banned'), 'account-error');
  assert.strictEqual(classifyErrorCategory('not enough disk space'), 'account-error');
 });
 test('classifyErrorCategory: hoster-transient phrases', () => {
  assert.strictEqual(classifyErrorCategory('CSRF-Token nicht gefunden'), 'hoster-transient');
  assert.strictEqual(classifyErrorCategory('Kein Upload-Server erhalten: server busy'), 'hoster-transient');
  assert.strictEqual(classifyErrorCategory('Kein Filecode'), 'hoster-transient');
 });
 test('classifyErrorCategory: network phrases', () => {
  assert.strictEqual(classifyErrorCategory('socket hang up'), 'network');
  assert.strictEqual(classifyErrorCategory('fetch failed'), 'network');
  assert.strictEqual(classifyErrorCategory('Timeout while reading'), 'network');
 });
 test('classifyErrorCategory: aborted is its own bucket (not retryable)', () => {
  assert.strictEqual(classifyErrorCategory('Abgebrochen'), 'aborted');
  assert.strictEqual(isRetryableCategory('aborted'), false);
 });
 test('classifyErrorCategory: unknown for everything else', () => {
  assert.strictEqual(classifyErrorCategory(''), 'unknown');
  assert.strictEqual(classifyErrorCategory(null), 'unknown');
  assert.strictEqual(classifyErrorCategory('Some weird thing'), 'unknown');
 });
 test('summarizeBatchErrors buckets results by category', () => {
  const summary = {
    files: [
      { name: 'a.mp4', results: [
        { hoster: 'voe.sx', status: 'done' },
        { hoster: 'byse.sx', status: 'error', error: 'Not video file format' }
      ] },
      { name: 'b.mp4', results: [
        { hoster: 'voe.sx', status: 'error', error: 'CSRF' },
        { hoster: 'doodstream.com', status: 'error', error: 'socket hang up' }
      ] }
    ]
  };
  const buckets = summarizeBatchErrors(summary);
  assert.strictEqual(buckets['file-rejected'].length, 1);
  assert.strictEqual(buckets['file-rejected'][0].hoster, 'byse.sx');
  assert.strictEqual(buckets['hoster-transient'].length, 1);
  assert.strictEqual(buckets['hoster-transient'][0].hoster, 'voe.sx');
  assert.strictEqual(buckets['network'].length, 1);
  assert.strictEqual(buckets['network'][0].hoster, 'doodstream.com');
  assert.strictEqual(buckets['account-error'].length, 0);
 });
 test('isRetryableCategory: only transient + network + unknown retry-worthy', () => {
  assert.strictEqual(isRetryableCategory('hoster-transient'), true);
  assert.strictEqual(isRetryableCategory('network'), true);
  assert.strictEqual(isRetryableCategory('unknown'), true);
  assert.strictEqual(isRetryableCategory('file-rejected'), false);
  assert.strictEqual(isRetryableCategory('account-error'), false);
  assert.strictEqual(isRetryableCategory('aborted'), false);
 });
--- a/tests/support-bundle.test.js
+++ b/tests/support-bundle.test.js
@ -1,94 +0,0 @@
 const test = require('node:test');
 const assert = require('node:assert');
 const fs = require('fs');
 const os = require('os');
 const path = require('path');
 const { sanitizeConfig, collectFile, buildSupportBundleText, REDACTED } = require('../lib/support-bundle');
 test('sanitizeConfig redacts known credential keys at any nesting depth', () => {
  const input = {
    hosters: {
      'voe.sx': [{ username: 'u', password: 'p1', apiKey: 'k1', enabled: true }],
      'byse.sx': [{ apiKey: 'k2' }, { apiKey: 'k3', token: 't1', label: 'main' }]
    },
    globalSettings: { remote: { token: 'remT' }, scramble: { active: false } }
  };
  const out = sanitizeConfig(input);
  assert.strictEqual(out.hosters['voe.sx'][0].password, REDACTED);
  assert.strictEqual(out.hosters['voe.sx'][0].apiKey, REDACTED);
  assert.strictEqual(out.hosters['voe.sx'][0].username, 'u');
  assert.strictEqual(out.hosters['voe.sx'][0].enabled, true);
  assert.strictEqual(out.hosters['byse.sx'][1].apiKey, REDACTED);
  assert.strictEqual(out.hosters['byse.sx'][1].token, REDACTED);
  assert.strictEqual(out.hosters['byse.sx'][1].label, 'main');
  assert.strictEqual(out.globalSettings.remote.token, REDACTED);
 });
 test('sanitizeConfig does not mutate input', () => {
  const input = { hosters: { 'voe.sx': [{ password: 'secret' }] } };
  const clone = JSON.parse(JSON.stringify(input));
  sanitizeConfig(input);
  assert.deepStrictEqual(input, clone);
 });
 test('sanitizeConfig leaves empty/missing credentials alone', () => {
  const input = { hosters: { 'voe.sx': [{ password: '', apiKey: null }] } };
  const out = sanitizeConfig(input);
  assert.strictEqual(out.hosters['voe.sx'][0].password, '');
  assert.strictEqual(out.hosters['voe.sx'][0].apiKey, null);
 });
 test('sanitizeConfig handles null/undefined input', () => {
  assert.strictEqual(sanitizeConfig(null), null);
  assert.strictEqual(sanitizeConfig(undefined), undefined);
 });
 test('collectFile tails when file exceeds maxBytes', () => {
  const tmp = path.join(os.tmpdir(), `mhu-bundle-${Date.now()}.log`);
  const bigLine = 'x'.repeat(1000) + '\n';
  fs.writeFileSync(tmp, bigLine.repeat(100));
  try {
    const section = collectFile(tmp, 'big.log', 5000);
    assert.match(section, /truncated: skipped first \d+ bytes/);
    assert.ok(section.length < bigLine.length * 100, 'section should be truncated');
  } finally {
    fs.unlinkSync(tmp);
  }
 });
 test('collectFile returns placeholder for missing file', () => {
  const section = collectFile(path.join(os.tmpdir(), `does-not-exist-${Date.now()}.log`), 'missing');
  assert.match(section, /<file does not exist yet>/);
 });
 test('collectFile returns placeholder for null path', () => {
  const section = collectFile(null, 'no-path');
  assert.match(section, /<no path configured>/);
 });
 test('buildSupportBundleText produces structured output with header + config + file sections', () => {
  const tmp = path.join(os.tmpdir(), `mhu-bundle-text-${Date.now()}.log`);
  fs.writeFileSync(tmp, 'line one\nline two\n');
  try {
    const text = buildSupportBundleText({
      header: { Version: '3.3.41', Platform: 'win32' },
      sanitizedConfig: { hosters: { 'voe.sx': [{ apiKey: '<redacted>' }] } },
      files: [{ label: 'debug.log', path: tmp }]
    });
    assert.match(text, /^=== Multi-Hoster-Upload Support Bundle ===/);
    assert.match(text, /Version: 3\.3\.41/);
    assert.match(text, /Platform: win32/);
    assert.match(text, /=== Config \(sanitized/);
    assert.match(text, /"apiKey": "<redacted>"/);
    assert.match(text, /=== debug\.log/);
    assert.match(text, /line one\nline two/);
  } finally {
    fs.unlinkSync(tmp);
  }
 });
 test('buildSupportBundleText handles empty file list and missing header', () => {
  const text = buildSupportBundleText({ sanitizedConfig: {}, files: [] });
  assert.match(text, /=== Multi-Hoster-Upload Support Bundle ===/);
  assert.match(text, /=== Config/);
 });
--- a/tests/throttled-cache.test.js
+++ b/tests/throttled-cache.test.js
@ -1,113 +0,0 @@
 const { test } = require('node:test');
 const assert = require('node:assert/strict');
 const { makeThrottledCache } = require('../lib/throttled-cache');
 function fakeClock(start = 0) {
  let t = start;
  const fn = () => t;
  fn.advance = (ms) => { t += ms; };
  fn.set = (ms) => { t = ms; };
  return fn;
 }
 test('returns undefined when empty', () => {
  const c = makeThrottledCache(100);
  assert.equal(c.get('any', {}), undefined);
 });
 test('returns the set value within the window', () => {
  const clock = fakeClock();
  const c = makeThrottledCache(100, clock);
  const input = [1, 2, 3];
  c.set('sig-a', input, 'value-1');
  assert.equal(c.get('sig-a', input), 'value-1');
  clock.advance(50);
  assert.equal(c.get('sig-a', input), 'value-1', 'still valid at 50/100 ms');
  clock.advance(49);
  assert.equal(c.get('sig-a', input), 'value-1', 'still valid at 99/100 ms');
 });
 test('expires exactly at refreshMs boundary', () => {
  const clock = fakeClock();
  const c = makeThrottledCache(100, clock);
  c.set('s', {}, 'v');
  clock.advance(100);
  assert.equal(c.get('s', {}), undefined, '>= refreshMs is a miss');
 });
 test('miss on different signature', () => {
  const c = makeThrottledCache(1000, fakeClock());
  const input = {};
  c.set('sig-a', input, 'v');
  assert.equal(c.get('sig-b', input), undefined);
 });
 test('miss on different input identity even with same signature', () => {
  const c = makeThrottledCache(1000, fakeClock());
  c.set('sig-a', { a: 1 }, 'v');
  // Different object identity — the cache compares by ===, not by contents
  assert.equal(c.get('sig-a', { a: 1 }), undefined);
 });
 test('overwrite by re-setting same signature', () => {
  const clock = fakeClock();
  const c = makeThrottledCache(100, clock);
  const input = [];
  c.set('s', input, 'old');
  clock.advance(50);
  c.set('s', input, 'new');
  // The new entry has a fresh timestamp → still valid for another 100 ms
  clock.advance(99);
  assert.equal(c.get('s', input), 'new');
 });
 test('clear empties the cache', () => {
  const c = makeThrottledCache(1000, fakeClock());
  c.set('s', {}, 'v');
  c.clear();
  assert.equal(c.get('s', {}), undefined);
  assert.equal(c.peek(), null);
 });
 test('peek reports age and signature', () => {
  const clock = fakeClock();
  const c = makeThrottledCache(1000, clock);
  c.set('mysig', {}, 'v');
  clock.advance(42);
  const p = c.peek();
  assert.equal(p.sig, 'mysig');
  assert.equal(p.age, 42);
  assert.equal(p.ts, 0);
 });
 test('throws on invalid refreshMs', () => {
  assert.throws(() => makeThrottledCache(-1));
  assert.throws(() => makeThrottledCache(NaN));
  assert.throws(() => makeThrottledCache('100'));
 });
 test('refreshMs=0 means every call misses', () => {
  const clock = fakeClock();
  const c = makeThrottledCache(0, clock);
  const input = {};
  c.set('s', input, 'v');
  // Same tick: 0 - 0 = 0 → not less than refreshMs (0) → miss
  assert.equal(c.get('s', input), undefined);
 });
 test('default clock is Date.now when none provided', () => {
  const c = makeThrottledCache(10000);
  const input = {}; // single ref — get and set must use the SAME identity
  c.set('x', input, 'v');
  assert.equal(c.get('x', input), 'v');
 });
 test('large input arrays are tracked by identity, not value', () => {
  const c = makeThrottledCache(1000, fakeClock());
  const arr1 = new Array(10000).fill(0);
  const arr2 = new Array(10000).fill(0);
  c.set('s', arr1, 'cached');
  assert.equal(c.get('s', arr1), 'cached');
  assert.equal(c.get('s', arr2), undefined, 'different array → miss');
 });
--- a/tests/upload-manager.test.js
+++ b/tests/upload-manager.test.js
@ -31,7 +31,6 @@ describe('UploadManager', () => {
    const origRequire = module.constructor.prototype.require;
    const hosters = require('../lib/hosters');
    hosters.uploadFile = mockUploadFile;
    hosters.prefetchBaseline = async () => null;
    // Mock fs.statSync for test file paths
    const fs = require('fs');
@ -56,8 +55,8 @@ describe('UploadManager', () => {
    ]);
    const statuses = events.map(e => e.status);
    assert.ok(statuses.includes('queued'), 'should have queued status');
    assert.ok(statuses.includes('done'), 'should have done status');
    assert.ok(events.length > 0, 'should emit at least one progress event');
  });
  it('emits batch-done with correct summary', async () => {
@ -651,258 +650,6 @@ describe('UploadManager', () => {
      assert.equal(mgr.getOverride('voe.sx'), null, 'unrelated hoster still has no override');
    });
    it('startBatch primes failed-accounts + overrides — retry after batch-done skips dead account', async () => {
      // acc1 fails with disk-space; acc2 succeeds.
      mockUploadFile.mock.mockImplementation(async (hoster, filePath, apiKey, onProgress) => {
        if (apiKey === 'acc1-key') {
          const err = new Error('Byse lehnte Datei ab: not enough disk space');
          err.accountError = true;
          throw err;
        }
        if (onProgress) onProgress(fakeFileSize, fakeFileSize);
        return { download_url: 'ok', embed_url: null, file_code: 'ok' };
      });
      const mgr = new UploadManager(
        { 'byse.sx': { retries: 3, parallelCount: 1, maxSpeedKbs: 0, restartBelowKbs: 0, timeIntervalSec: 0, maxSizeMb: 0 } }
      );
      const rotEvents = [];
      mgr.on('rot-log', (e) => rotEvents.push(e));
      // Simulate a retry-after-batch-done: main.js would pass the
      // session-cached failed-accounts + overrides from the previous batch.
      await mgr.startBatch([
        { file: '/test/a.mp4', hoster: 'byse.sx', apiKey: 'acc1-key', accountId: 'acc1', username: 'u1', password: 'p1' }
      ], {
        primeFailedAccounts: ['byse.sx:acc1'],
        primeOverrides: [['byse.sx', { id: 'acc2', username: 'u2', password: 'p2', apiKey: 'acc2-key' }]]
      });
      const events = rotEvents.map(e => e.event);
      // pre-job-swap should fire on the very first attempt — no fast-fail
      // because acc1 was never touched.
      assert.ok(events.includes('pre-job-swap'),
        `expected pre-job-swap from primed state; got: ${events.join(',')}`);
      assert.ok(!events.includes('fast-fail'),
        `must NOT burn a fast-fail on primed-dead acc1; got: ${events.join(',')}`);
      assert.ok(!events.includes('mark-failed'),
        `acc1 was already marked failed (primed); must not emit mark-failed again; got: ${events.join(',')}`);
      // acc1 must not be touched at all.
      const acc1Calls = mockUploadFile.mock.calls.filter(c => c.arguments[2] === 'acc1-key').length;
      assert.equal(acc1Calls, 0, 'primed-dead acc1 must not receive any upload attempts');
    });
    it('generic error + pre-resolved override: rotates after 1 attempt (no more 5x on primary)', async () => {
      // acc1 throws a generic non-transient, non-account-specific error.
      // acc2 succeeds. With a pre-resolved override (from main.js at batch
      // start), the retry loop must break after 1 attempt on acc1 and rotate.
      let acc1Calls = 0;
      let acc2Calls = 0;
      mockUploadFile.mock.mockImplementation(async (hoster, filePath, apiKey, onProgress) => {
        if (apiKey === 'acc1-key') {
          acc1Calls++;
          throw new Error('VOE Upload: irgendein generischer Fehler');
        }
        acc2Calls++;
        if (onProgress) onProgress(fakeFileSize, fakeFileSize);
        return { download_url: 'ok', embed_url: null, file_code: 'ok' };
      });
      const mgr = new UploadManager(
        { 'voe.sx': { retries: 5, parallelCount: 1, maxSpeedKbs: 0, restartBelowKbs: 0, timeIntervalSec: 0, maxSizeMb: 0 } }
      );
      const events = [];
      mgr.on('rot-log', (e) => events.push(e.event));
      await mgr.startBatch([
        { file: '/test/a.mp4', hoster: 'voe.sx', apiKey: 'acc1-key', accountId: 'acc1' }
      ], {
        // Main.js pre-resolves the fallback at batch start.
        primeOverrides: [['voe.sx', { id: 'acc2', apiKey: 'acc2-key' }]]
      });
      assert.equal(acc1Calls, 1, 'acc1 must get exactly 1 attempt before rotation kicks in');
      assert.ok(acc2Calls >= 1, 'acc2 must take over');
      assert.ok(events.includes('try-alternate-after-fail'),
        `expected try-alternate-after-fail; got: ${events.join(',')}`);
    });
    it('transient error + pre-resolved override: retries SAME acc (network, not acc, is the issue)', async () => {
      let acc1Calls = 0;
      let acc2Calls = 0;
      mockUploadFile.mock.mockImplementation(async (hoster, filePath, apiKey, onProgress) => {
        if (apiKey === 'acc1-key') {
          acc1Calls++;
          if (acc1Calls <= 2) throw new Error('connect ECONNRESET 1.2.3.4:443');
          if (onProgress) onProgress(fakeFileSize, fakeFileSize);
          return { download_url: 'ok-on-acc1-retry', embed_url: null, file_code: 'ok' };
        }
        acc2Calls++;
        if (onProgress) onProgress(fakeFileSize, fakeFileSize);
        return { download_url: 'ok', embed_url: null, file_code: 'ok' };
      });
      const mgr = new UploadManager(
        { 'voe.sx': { retries: 5, parallelCount: 1, maxSpeedKbs: 0, restartBelowKbs: 0, timeIntervalSec: 0, maxSizeMb: 0 } }
      );
      const events = [];
      mgr.on('rot-log', (e) => events.push(e.event));
      await mgr.startBatch([
        { file: '/test/a.mp4', hoster: 'voe.sx', apiKey: 'acc1-key', accountId: 'acc1' }
      ], {
        primeOverrides: [['voe.sx', { id: 'acc2', apiKey: 'acc2-key' }]]
      });
      assert.equal(acc1Calls, 3, 'transient must retry same acc until success');
      assert.equal(acc2Calls, 0, 'must NOT rotate away on transient network errors');
      assert.ok(!events.includes('try-alternate-after-fail'),
        `transient should NOT trigger try-alternate-after-fail; got: ${events.join(',')}`);
    });
    it('generic error + NO override: falls back to classic retry on same account', async () => {
      let acc1Calls = 0;
      mockUploadFile.mock.mockImplementation(async (hoster, filePath, apiKey, onProgress) => {
        acc1Calls++;
        throw new Error('something generic');
      });
      const mgr = new UploadManager(
        { 'voe.sx': { retries: 3, parallelCount: 1, maxSpeedKbs: 0, restartBelowKbs: 0, timeIntervalSec: 0, maxSizeMb: 0 } }
      );
      await mgr.startBatch([
        { file: '/test/a.mp4', hoster: 'voe.sx', apiKey: 'acc1-key', accountId: 'acc1' }
      ]);
      // retries=3 → maxAttempts=4 (retries + 1). Without an override to rotate
      // to, must exhaust all 4 attempts on acc1.
      assert.equal(acc1Calls, 4, 'single-account hoster must retry N+1 times on same account');
    });
    it('startBatch without prime opts still clears state (back-compat)', async () => {
      const mgr = new UploadManager({});
      mgr._failedAccounts.set('byse.sx:acc1', true);
      mgr._accountOverrides.set('byse.sx', { id: 'leftover' });
      mockUploadFile.mock.mockImplementation(async (hoster, filePath, apiKey, onProgress) => {
        if (onProgress) onProgress(fakeFileSize, fakeFileSize);
        return { download_url: 'ok', embed_url: null, file_code: 'ok' };
      });
      await mgr.startBatch([
        { file: '/test/a.mp4', hoster: 'doodstream.com', apiKey: 'k' }
      ]);
      assert.equal(mgr._failedAccounts.size, 0, 'legacy callers still get a clean slate');
      assert.equal(mgr._accountOverrides.size, 0, 'legacy callers still get a clean slate for overrides');
    });
    it('transient network errors skip rotation (account stays fine)', () => {
      const mgr = new UploadManager({});
      const cases = [
        'getaddrinfo ENOTFOUND api.byse.sx',
        'connect ECONNRESET 104.18.10.10:443',
        'connect ETIMEDOUT 1.2.3.4:443',
        'socket hang up',
        'request to https://voe.sx failed, reason: getaddrinfo EAI_AGAIN',
        'fetch failed',
        'connect ECONNREFUSED 127.0.0.1:443',
        'network error'
      ];
      for (const msg of cases) {
        const err = new Error(msg);
        assert.equal(mgr._isTransientNetworkError(err), true, `should mark transient: ${msg}`);
        assert.equal(mgr._isFileRejectedError(err), false, `transient must NOT be file-rejected: ${msg}`);
        assert.equal(mgr._shouldSkipRetryOnAccountError(err), false, `transient must NOT be account-specific: ${msg}`);
      }
    });
    it('transient classification does not swallow real account failures', () => {
      const mgr = new UploadManager({});
      const notTransient = [
        'HTTP 429 Too Many Requests',
        'quota exceeded',
        'account suspended',
        'Byse lehnte Datei ab: Duplicate',
        'Falscher Passwort',
        'Session expired'
      ];
      for (const msg of notTransient) {
        const err = new Error(msg);
        assert.equal(mgr._isTransientNetworkError(err), false,
          `must NOT be transient: "${msg}"`);
      }
    });
    it('hoster-transient flag is recognised (primary path)', () => {
      const mgr = new UploadManager({});
      const err = new Error('whatever');
      err.hosterTransient = true;
      assert.equal(mgr._isHosterTransientError(err), true);
      // Must not be confused with other classes.
      assert.equal(mgr._isFileRejectedError(err), false);
      assert.equal(mgr._isTransientNetworkError(err), false);
      assert.equal(mgr._shouldSkipRetryOnAccountError(err), false);
    });
    it('hoster-transient regex fallback catches wrapped doodstream empty-form errors', () => {
      const mgr = new UploadManager({});
      const cases = [
        'Doodstream Upload: kein Filecode — Server gab leeren Link zurueck (st=?, fn=fehlt/leer ...)',
        'wrapper: Server gab leeren Link zurueck while parsing'
      ];
      for (const msg of cases) {
        assert.equal(mgr._isHosterTransientError(new Error(msg)), true, `should match: ${msg}`);
      }
      // Plain network and account errors must NOT match the hoster-transient class.
      const negatives = [
        'fetch failed',
        'getaddrinfo ENOTFOUND',
        'HTTP 429',
        'quota exceeded',
        'Byse lehnte Datei ab: Duplicate'
      ];
      for (const msg of negatives) {
        assert.equal(mgr._isHosterTransientError(new Error(msg)), false, `must NOT match: ${msg}`);
      }
    });
    it('regression: hoster-transient does NOT blacklist the account (account stays usable across batches)', async () => {
      // Simulate doodstream-upload throwing the tagged empty-form error.
      mockUploadFile.mock.mockImplementation(async () => {
        const err = new Error('Doodstream Upload: kein Filecode — Server gab leeren Link zurueck (st=?, fn=fehlt/leer ...)');
        err.hosterTransient = true;
        throw err;
      });
      const mgr = new UploadManager(
        { 'doodstream.com': { retries: 3, parallelCount: 1, maxSpeedKbs: 0, restartBelowKbs: 0, timeIntervalSec: 0, maxSizeMb: 0 } }
      );
      const rotEvents = [];
      mgr.on('rot-log', (e) => rotEvents.push(e));
      // No username/password so the manager routes through the mocked
      // hosters.uploadFile (instead of DoodstreamUploader directly).
      await mgr.startBatch([
        { file: '/test/Arrested.Development.mkv', hoster: 'doodstream.com', apiKey: 'acc1-key', accountId: 'acc1' }
      ]);
      const events = rotEvents.map(e => e.event);
      // Must NOT poison the account — that's the entire point of this fix.
      assert.equal(mgr._failedAccounts.size, 0, `account must NOT be blacklisted; _failedAccounts=${JSON.stringify(mgr.getFailedAccountKeys())}`);
      assert.ok(!events.includes('mark-failed'), `must NOT mark-failed for hoster-transient; got: ${events.join(',')}`);
      // The in-loop fast-break and the post-loop classification must both fire.
      assert.ok(events.includes('hoster-transient'),
        `expected hoster-transient (in-loop break, no wasted retries); got: ${events.join(',')}`);
      assert.ok(events.includes('skip-rotation-hoster-transient'),
        `expected skip-rotation-hoster-transient (post-loop branch); got: ${events.join(',')}`);
      // And the retry loop must NOT burn the full retries=3 -> only 1 attempt on this account.
      assert.equal(mockUploadFile.mock.calls.length, 1,
        `must fail fast on hoster-transient, not re-upload the file 4× wasting bandwidth; got ${mockUploadFile.mock.calls.length} calls`);
    });
    it('late-resolved override is honored by subsequent jobs (simulates mid-batch config add)', async () => {
      // Only acc1 throws; acc2 succeeds.
      mockUploadFile.mock.mockImplementation(async (hoster, filePath, apiKey, onProgress) => {
--- a/tests/validate-credentials.test.js
+++ b/tests/validate-credentials.test.js
@ -1,195 +0,0 @@
 // Pure unit tests for the validate-credentials shape contract — does NOT spin
 // up Electron or the real per-hoster checkers. Those need network. We verify
 // the SHAPE the ephemeral hosterConfig is built into (which the per-hoster
 // checkers consume) plus the snapshot-key/invalidation invariants that the
 // renderer relies on to enforce "validated creds only".
 //
 // The three assertions the advisor called out as the regression guard for the
 // user's "mehrfach angelegt" complaint:
 //   (a) failed validation persists nothing to config.hosters
 //   (b) a second "Anlegen" click with the guard set persists exactly one entry
 //   (c) OTP-required path persists nothing
 // are exercised at the state-machine level by simulating the renderer's logic
 // (re-implemented here as pure functions for testability — the real ones live
 // in renderer/app.js which can't run under node:test).
 const { test } = require('node:test');
 const assert = require('node:assert');
 // ---- Re-implementations of the renderer's pure helpers ----
 // These mirror the production code exactly so the tests serve as both a guard
 // and executable spec for what saveAccount() must do.
 function credsSnapshotKey(authType, creds) {
  if (authType === 'login') return `login:${creds.username || ''}:${creds.password || ''}`;
  return `api:${creds.apiKey || ''}`;
 }
 function buildEphemeralHosterConfig(payload) {
  return {
    username: payload.username || '',
    password: payload.password || '',
    apiKey: payload.apiKey || '',
    enabled: true
  };
 }
 // State-machine simulator that mirrors saveAccount() WITHOUT DOM/IPC.
 function makeStateMachine({ validateImpl, persistImpl }) {
  let busy = false;
  let validated = null; // { hosterName, authType, snapshot, status }
  const log = []; // log of every persist call, for assertions
  async function click(ctx, creds, otp = '') {
    if (busy) { log.push({ type: 'click-ignored-busy' }); return; }
    const snapshot = credsSnapshotKey(ctx.authType, creds);
    // STEP 2: commit if validated matches.
    if (validated &&
        validated.hosterName === ctx.hosterName &&
        validated.authType === ctx.authType &&
        validated.snapshot === snapshot) {
      busy = true;
      try {
        await persistImpl(ctx, creds);
        log.push({ type: 'persisted', accountId: ctx.accountId || `${ctx.hosterName}-NEW` });
      } finally { busy = false; }
      return;
    }
    // STEP 1: ephemeral validate.
    busy = true;
    let row;
    try {
      row = await validateImpl({ hoster: ctx.hosterName, authType: ctx.authType, ...creds, otp });
    } finally { busy = false; }
    if (row && (row.status === 'ok' || row.status === 'warn')) {
      validated = { hosterName: ctx.hosterName, authType: ctx.authType, snapshot, status: row.status };
      log.push({ type: 'validated', status: row.status });
      return;
    }
    if (row && row.status === 'otp_required') {
      log.push({ type: 'otp-required' });
      return;
    }
    log.push({ type: 'validation-failed', message: row && row.message });
  }
  function editField() { validated = null; log.push({ type: 'invalidated-by-edit' }); }
  return { click, editField, log: () => log.slice(), getValidated: () => validated };
 }
 // ---- Tests ----
 test('regression (a): failed validation persists NOTHING to config.hosters', async () => {
  const persistCalls = [];
  const sm = makeStateMachine({
    validateImpl: async () => ({ status: 'error', message: 'Falsches Passwort' }),
    persistImpl: async (ctx, creds) => persistCalls.push({ ctx, creds })
  });
  await sm.click({ hosterName: 'doodstream.com', authType: 'login', isEdit: false }, { username: 'u', password: 'wrong' });
  assert.equal(persistCalls.length, 0, 'no persist should happen on failed validation');
  assert.equal(sm.getValidated(), null);
  assert.deepEqual(sm.log().map(e => e.type), ['validation-failed']);
 });
 test('regression (b): second click with guard set persists exactly ONE entry — no duplication', async () => {
  const persistCalls = [];
  let validateCount = 0;
  const sm = makeStateMachine({
    validateImpl: async () => { validateCount++; return { status: 'ok' }; },
    persistImpl: async (ctx, creds) => persistCalls.push({ ctx, creds })
  });
  const ctx = { hosterName: 'doodstream.com', authType: 'login', isEdit: false };
  const creds = { username: 'u', password: 'p' };
  // Click 1 = validate → green.
  await sm.click(ctx, creds);
  // Click 2 = commit (same creds, validated snapshot matches).
  await sm.click(ctx, creds);
  // Click 3 = guard prevents a second commit because after persistImpl the
  // state-machine in real code closes the modal. In this simulator the
  // validated snapshot is still set — but a real double-click WHILE persistImpl
  // is in flight would be caught by busy. Simulate that:
  const sm2 = makeStateMachine({
    validateImpl: async () => ({ status: 'ok' }),
    persistImpl: () => new Promise(r => setTimeout(() => { persistCalls.push('slow'); r(); }, 30))
  });
  await sm2.click(ctx, creds); // validate
  const p1 = sm2.click(ctx, creds); // start commit
  const p2 = sm2.click(ctx, creds); // racing click — must be ignored
  await Promise.all([p1, p2]);
  assert.equal(persistCalls.length, 2, 'one persist from the deliberate two-step flow + one from sm2; racing click ignored');
  assert.equal(validateCount, 1, 'second click reused the validated snapshot — no re-validate');
  // The racing click MUST have been ignored by the busy guard.
  assert.ok(sm2.log().some(e => e.type === 'click-ignored-busy'), 'busy guard fired on racing click');
 });
 test('regression (c): OTP-required persists NOTHING — and a follow-up click with OTP re-validates ephemerally', async () => {
  const persistCalls = [];
  let calls = 0;
  const sm = makeStateMachine({
    validateImpl: async (payload) => {
      calls++;
      if (!payload.otp) return { status: 'otp_required', message: 'OTP sent' };
      if (payload.otp === '123456') return { status: 'ok' };
      return { status: 'error', message: 'Bad OTP' };
    },
    persistImpl: async (ctx, creds) => persistCalls.push({ ctx, creds })
  });
  const ctx = { hosterName: 'doodstream.com', authType: 'login', isEdit: false };
  const creds = { username: 'u', password: 'p' };
  await sm.click(ctx, creds, '');         // first click → otp_required
  await sm.click(ctx, creds, '123456');   // retry with otp → ok
  await sm.click(ctx, creds);             // final click → commit
  assert.equal(persistCalls.length, 1, 'exactly one persist after OTP confirmed');
  assert.equal(calls, 2, 'validate ran twice (initial + OTP) before commit');
  assert.deepEqual(
    sm.log().map(e => e.type),
    ['otp-required', 'validated', 'persisted']
  );
 });
 test('field edit after green check invalidates the snapshot — next click is a re-Prüfen, not a commit', async () => {
  const persistCalls = [];
  let validateCount = 0;
  const sm = makeStateMachine({
    validateImpl: async () => { validateCount++; return { status: 'ok' }; },
    persistImpl: async (ctx, creds) => persistCalls.push({ ctx, creds })
  });
  const ctx = { hosterName: 'doodstream.com', authType: 'login', isEdit: false };
  await sm.click(ctx, { username: 'u', password: 'p' });   // validate → green
  sm.editField();                                           // user edits cred field → snapshot dropped
  await sm.click(ctx, { username: 'u', password: 'newpw' }); // creds differ → re-validate
  await sm.click(ctx, { username: 'u', password: 'newpw' }); // now commit the NEW creds
  assert.equal(persistCalls.length, 1, 'one persist of the new (re-validated) creds');
  assert.equal(persistCalls[0].creds.password, 'newpw', 'persisted creds match the re-validated set');
  assert.equal(validateCount, 2, 'second validate was forced by the edit-induced invalidation');
 });
 test('snapshot key is identical for same creds and DIFFERENT for any cred change (excluding label)', () => {
  // Label changes must NOT invalidate validation — label is metadata, not a credential.
  assert.equal(credsSnapshotKey('login', { username: 'u', password: 'p' }),
               credsSnapshotKey('login', { username: 'u', password: 'p', label: 'XYZ' }));
  assert.notEqual(credsSnapshotKey('login', { username: 'u', password: 'p' }),
                  credsSnapshotKey('login', { username: 'u', password: 'P' })); // password char-case
  assert.notEqual(credsSnapshotKey('login', { username: 'u', password: 'p' }),
                  credsSnapshotKey('login', { username: 'U', password: 'p' })); // username diff
  assert.equal(credsSnapshotKey('api', { apiKey: 'KEY' }),
               credsSnapshotKey('api', { apiKey: 'KEY', label: 'mein key' }));
  assert.notEqual(credsSnapshotKey('api', { apiKey: 'KEY' }),
                  credsSnapshotKey('api', { apiKey: 'KEY2' }));
 });
 test('ephemeral hosterConfig shape matches what per-hoster checkers expect', () => {
  // The per-hoster checkers in main.js read .username/.password/.apiKey directly.
  // This guards the validate-credentials IPC contract from drifting.
  const cfg = buildEphemeralHosterConfig({ hoster: 'doodstream.com', username: 'u', password: 'p' });
  assert.equal(cfg.username, 'u');
  assert.equal(cfg.password, 'p');
  assert.equal(cfg.apiKey, '');
  assert.equal(cfg.enabled, true);
  const cfg2 = buildEphemeralHosterConfig({ hoster: 'byse.sx', apiKey: 'K' });
  assert.equal(cfg2.apiKey, 'K');
  assert.equal(cfg2.username, '');
 });