release: v3.3.51

fix(ui): first click on sort header sets default direction instead of toggling
release: v3.3.50
2026-06-08 19:22:54 +02:00 · 2026-06-08 19:22:29 +02:00 · 2026-06-08 14:20:16 +02:00 · 2026-06-08 14:19:47 +02:00 · 2026-06-08 03:04:25 +02:00 · 2026-06-08 03:04:00 +02:00
23 changed files with 2486 additions and 755 deletions
--- a/.gitignore
+++ b/.gitignore
@ -2,3 +2,15 @@ node_modules/
 release/
 __pycache__/
 *.pyc
+
+electron-config.json
+electron-config.json.bak
+electron-config.json.tmp
+electron-config.pre-import-*.json
+*.log
+debug.log
+fileuploader.log
+account-rotation.log
+doodstream-debug.log
+upload-debug.log
+release-*.log
--- a/electron-config.json
+++ b/electron-config.json
@ -1,428 +0,0 @@
-{
-  "hosters": {
-    "doodstream.com": {
-      "enabled": false,
-      "apiKey": "",
-      "username": "",
-      "password": ""
-    },
-    "voe.sx": {
-      "enabled": true,
-      "apiKey": "exZEXqkwEnb8eLR79eUI6WVt3JYGFzAfuPsjuGp2nAn7NATGaYhY86NVK5EX1PzD"
-    },
-    "vidmoly.me": {
-      "enabled": true,
-      "authType": "login",
-      "username": "bariusgariusdi",
-      "password": "Paluffel123!"
-    },
-    "byse.sx": {
-      "enabled": true,
-      "apiKey": "83124r74v61t9dmojm4gz"
-    }
-  },
-  "hosterSettings": {
-    "doodstream.com": {
-      "retries": 3,
-      "maxSpeedKbs": 0,
-      "parallelCount": 2,
-      "restartBelowKbs": 0,
-      "timeIntervalSec": 0,
-      "maxSizeMb": 0
-    },
-    "voe.sx": {
-      "retries": 3,
-      "maxSpeedKbs": 0,
-      "parallelCount": 2,
-      "restartBelowKbs": 0,
-      "timeIntervalSec": 0,
-      "maxSizeMb": 0
-    },
-    "vidmoly.me": {
-      "retries": 25,
-      "maxSpeedKbs": 0,
-      "parallelCount": 2,
-      "restartBelowKbs": 0,
-      "timeIntervalSec": 1,
-      "maxSizeMb": 0
-    },
-    "byse.sx": {
-      "retries": 3,
-      "maxSpeedKbs": 0,
-      "parallelCount": 2,
-      "restartBelowKbs": 0,
-      "timeIntervalSec": 0,
-      "maxSizeMb": 0
-    }
-  },
-  "globalSettings": {
-    "alwaysOnTop": false,
-    "shutdownAfterFinish": "nothing",
-    "logFilePath": "",
-    "sessionLog": false,
-    "resumeQueueOnLaunch": true,
-    "parallelUploadCount": 0,
-    "scaleParallelUploads": true,
-    "removeFromQueueOnDone": false,
-    "globalMaxSpeedKbs": 0,
-    "pendingQueue": {
-      "selectedUploadHosters": [
-        "doodstream.com",
-        "voe.sx",
-        "vidmoly.me",
-        "byse.sx"
-      ],
-      "selectedFiles": [
-        {
-          "path": "C:\\Users\\ploet\\Downloads\\Einfach mal die Fresse halten!!!.mp4",
-          "name": "Einfach mal die Fresse halten!!!.mp4",
-          "size": 0
-        }
-      ],
-      "queueJobs": [
-        {
-          "id": "preview-1773271047205-k8l83r",
-          "file": "C:\\Users\\ploet\\Downloads\\Einfach mal die Fresse halten!!!.mp4",
-          "fileName": "Einfach mal die Fresse halten!!!.mp4",
-          "hoster": "doodstream.com",
-          "status": "preview",
-          "bytesTotal": 0,
-          "error": null,
-          "result": null,
-          "maxAttempts": 0
-        },
-        {
-          "id": "preview-1773271047206-npnpph",
-          "file": "C:\\Users\\ploet\\Downloads\\Einfach mal die Fresse halten!!!.mp4",
-          "fileName": "Einfach mal die Fresse halten!!!.mp4",
-          "hoster": "voe.sx",
-          "status": "preview",
-          "bytesTotal": 0,
-          "error": null,
-          "result": null,
-          "maxAttempts": 0
-        },
-        {
-          "id": "preview-1773271047206-q2skl1",
-          "file": "C:\\Users\\ploet\\Downloads\\Einfach mal die Fresse halten!!!.mp4",
-          "fileName": "Einfach mal die Fresse halten!!!.mp4",
-          "hoster": "vidmoly.me",
-          "status": "preview",
-          "bytesTotal": 0,
-          "error": null,
-          "result": null,
-          "maxAttempts": 0
-        },
-        {
-          "id": "preview-1773271047206-cek27b",
-          "file": "C:\\Users\\ploet\\Downloads\\Einfach mal die Fresse halten!!!.mp4",
-          "fileName": "Einfach mal die Fresse halten!!!.mp4",
-          "hoster": "byse.sx",
-          "status": "preview",
-          "bytesTotal": 0,
-          "error": null,
-          "result": null,
-          "maxAttempts": 0
-        }
-      ]
-    },
-    "scramble": {
-      "active": false,
-      "prefix": "",
-      "suffix": "",
-      "chars": "both",
-      "length": 0
-    }
-  },
-  "history": [
-    {
-      "id": "batch-1771639560711",
-      "timestamp": "2026-02-21T02:06:04.634Z",
-      "total": 3,
-      "succeeded": 1,
-      "failed": 2,
-      "files": [
-        {
-          "name": "ssstwitter.com_1770829061540.mp4",
-          "size": 7799235,
-          "results": [
-            {
-              "hoster": "doodstream.com",
-              "status": "error",
-              "error": "Invalid URL",
-              "download_url": null,
-              "embed_url": null,
-              "file_code": null
-            },
-            {
-              "hoster": "byse.sx",
-              "status": "error",
-              "error": "Kein Upload-Server erhalten. API-Key pruefen.",
-              "download_url": null,
-              "embed_url": null,
-              "file_code": null
-            },
-            {
-              "hoster": "voe.sx",
-              "status": "done",
-              "download_url": "https://voe.sx/nnxl9k1bsmpj",
-              "embed_url": "https://voe.sx/e/nnxl9k1bsmpj",
-              "file_code": "nnxl9k1bsmpj"
-            }
-          ]
-        }
-      ]
-    },
-    {
-      "id": "batch-1771639617785",
-      "timestamp": "2026-02-21T02:07:01.083Z",
-      "total": 4,
-      "succeeded": 1,
-      "failed": 3,
-      "files": [
-        {
-          "name": "ssstwitter.com_1770829061540.mp4",
-          "size": 7799235,
-          "results": [
-            {
-              "hoster": "vidmoly.me",
-              "status": "error",
-              "error": "maxRedirections is not supported, use the redirect interceptor",
-              "download_url": null,
-              "embed_url": null,
-              "file_code": null
-            },
-            {
-              "hoster": "byse.sx",
-              "status": "error",
-              "error": "Kein Upload-Server erhalten. API-Key pruefen.",
-              "download_url": null,
-              "embed_url": null,
-              "file_code": null
-            },
-            {
-              "hoster": "doodstream.com",
-              "status": "error",
-              "error": "Invalid URL",
-              "download_url": null,
-              "embed_url": null,
-              "file_code": null
-            },
-            {
-              "hoster": "voe.sx",
-              "status": "done",
-              "download_url": "https://voe.sx/ujoqyizmrayw",
-              "embed_url": "https://voe.sx/e/ujoqyizmrayw",
-              "file_code": "ujoqyizmrayw"
-            }
-          ]
-        }
-      ]
-    },
-    {
-      "id": "batch-1771639907565",
-      "timestamp": "2026-02-21T02:13:33.560Z",
-      "total": 4,
-      "succeeded": 3,
-      "failed": 1,
-      "files": [
-        {
-          "name": "video_1770829348221_0hmfi8.mp4",
-          "size": 107220796,
-          "results": [
-            {
-              "hoster": "vidmoly.me",
-              "status": "error",
-              "error": "Vidmoly Upload-Ergebnis: Kein Download-Link gefunden",
-              "download_url": null,
-              "embed_url": null,
-              "file_code": null
-            },
-            {
-              "hoster": "voe.sx",
-              "status": "done",
-              "download_url": "https://voe.sx/f38bgbhvia4x",
-              "embed_url": "https://voe.sx/e/f38bgbhvia4x",
-              "file_code": "f38bgbhvia4x"
-            },
-            {
-              "hoster": "byse.sx",
-              "status": "done",
-              "download_url": "https://byse.sx/zwbsud9yjxks",
-              "embed_url": "https://byse.sx/e/zwbsud9yjxks",
-              "file_code": "zwbsud9yjxks"
-            },
-            {
-              "hoster": "doodstream.com",
-              "status": "done",
-              "download_url": "https://dsvplay.com/d/cv1y50vfrf7f",
-              "embed_url": "https://dsvplay.com/e/cv1y50vfrf7f",
-              "file_code": "cv1y50vfrf7f"
-            }
-          ]
-        }
-      ]
-    },
-    {
-      "id": "batch-1771640325234",
-      "timestamp": "2026-02-21T02:18:52.471Z",
-      "total": 4,
-      "succeeded": 2,
-      "failed": 2,
-      "files": [
-        {
-          "name": "ssstwitter.com_1770829061540.mp4",
-          "size": 7799235,
-          "results": [
-            {
-              "hoster": "doodstream.com",
-              "status": "error",
-              "error": "Invalid URL",
-              "download_url": null,
-              "embed_url": null,
-              "file_code": null
-            },
-            {
-              "hoster": "voe.sx",
-              "status": "done",
-              "download_url": "https://voe.sx/y4zhied9n4f5",
-              "embed_url": "https://voe.sx/e/y4zhied9n4f5",
-              "file_code": "y4zhied9n4f5"
-            },
-            {
-              "hoster": "vidmoly.me",
-              "status": "error",
-              "error": "Vidmoly Upload-Ergebnis: Kein Download-Link gefunden",
-              "download_url": null,
-              "embed_url": null,
-              "file_code": null
-            },
-            {
-              "hoster": "byse.sx",
-              "status": "done",
-              "download_url": "https://byse.sx/3caubwbj6jxu",
-              "embed_url": "https://byse.sx/e/3caubwbj6jxu",
-              "file_code": "3caubwbj6jxu"
-            }
-          ]
-        }
-      ]
-    },
-    {
-      "id": "batch-1771643316134",
-      "timestamp": "2026-02-21T03:09:10.532Z",
-      "total": 4,
-      "succeeded": 4,
-      "failed": 0,
-      "files": [
-        {
-          "name": "ssstwitter.com_1770829061540.mp4",
-          "size": 7799235,
-          "results": [
-            {
-              "hoster": "voe.sx",
-              "status": "done",
-              "download_url": "https://voe.sx/juoamb17cdea",
-              "embed_url": "https://voe.sx/e/juoamb17cdea",
-              "file_code": "juoamb17cdea"
-            },
-            {
-              "hoster": "byse.sx",
-              "status": "done",
-              "download_url": "https://byse.sx/mu8p6ikpsabf",
-              "embed_url": "https://byse.sx/e/mu8p6ikpsabf",
-              "file_code": "mu8p6ikpsabf"
-            },
-            {
-              "hoster": "vidmoly.me",
-              "status": "done",
-              "download_url": "https://vidmoly.me/w/7460ei78oj22",
-              "embed_url": "https://vidmoly.me/embed-7460ei78oj22.html",
-              "file_code": "7460ei78oj22"
-            },
-            {
-              "hoster": "doodstream.com",
-              "status": "done",
-              "download_url": "https://dsvplay.com/d/l4rm1kbpkgt0",
-              "embed_url": "https://dsvplay.com/e/l4rm1kbpkgt0",
-              "file_code": "l4rm1kbpkgt0"
-            }
-          ]
-        }
-      ]
-    },
-    {
-      "id": "batch-1773173725103",
-      "timestamp": "2026-03-10T20:15:25.339Z",
-      "total": 1,
-      "succeeded": 1,
-      "failed": 0,
-      "files": [
-        {
-          "name": "test-e2e-upload.txt",
-          "size": 22,
-          "results": [
-            {
-              "hoster": "voe.sx",
-              "status": "done",
-              "download_url": null,
-              "embed_url": null,
-              "file_code": null
-            }
-          ]
-        }
-      ]
-    },
-    {
-      "id": "batch-1773176124038",
-      "timestamp": "2026-03-10T20:55:24.931Z",
-      "total": 1,
-      "succeeded": 1,
-      "failed": 0,
-      "files": [
-        {
-          "name": "Einfach mal die Fresse halten!!!.mp4",
-          "size": 172248,
-          "results": [
-            {
-              "hoster": "voe.sx",
-              "status": "done",
-              "download_url": "https://voe.sx/nlvswooic50v",
-              "embed_url": "https://voe.sx/e/nlvswooic50v",
-              "file_code": "nlvswooic50v"
-            }
-          ]
-        }
-      ]
-    },
-    {
-      "id": "batch-1773176209320",
-      "timestamp": "2026-03-10T20:56:59.349Z",
-      "total": 2,
-      "succeeded": 2,
-      "failed": 0,
-      "files": [
-        {
-          "name": "export_1771588307185.mov",
-          "size": 7330963,
-          "results": [
-            {
-              "hoster": "voe.sx",
-              "status": "done",
-              "download_url": "https://voe.sx/qh1jriyz5up7",
-              "embed_url": "https://voe.sx/e/qh1jriyz5up7",
-              "file_code": "qh1jriyz5up7"
-            },
-            {
-              "hoster": "doodstream.com",
-              "status": "done",
-              "download_url": "https://dsvplay.com/d/q5tib39woqq4",
-              "embed_url": "https://dsvplay.com/e/q5tib39woqq4",
-              "file_code": "q5tib39woqq4"
-            }
-          ]
-        }
-      ]
-    }
-  ]
-}
--- a/lib/config-store.js
+++ b/lib/config-store.js
@ -1,6 +1,7 @@
 const fs = require('fs');
 const path = require('path');
 const secretStore = require('./secret-store');
+const { normalizeLogMode } = require('./log-mode');

 const HOSTER_SETTINGS_DEFAULTS = {
  retries: 3,
@ -56,7 +57,12 @@ const DEFAULTS = {
    alwaysOnTop: false,
    shutdownAfterFinish: 'nothing', // nothing | sleep | shutdown | restart
    logFilePath: '',
-    sessionLog: false,
+    sessionLog: false,                  // legacy boolean (kept for back-compat reads); normalized into logMode on load
+    logVerbose: false,                  // when true, [DEBUG] level entries are written to debug.log
+    // NOTE: logMode is intentionally NOT in DEFAULTS. If it were, the deep-merge
+    // would seed logMode='single' for every load, which would beat (and silently
+    // erase) the legacy sessionLog:true → "daily" migration. normalizeLogMode in
+    // load() sets logMode after the merge, looking at the saved-only data.
    resumeQueueOnLaunch: true,
    parallelUploadCount: 0, // 0 = use per-hoster limits only
    scaleParallelUploads: false,
@ -145,7 +151,11 @@ class ConfigStore {
        const backupPath = this.filePath + '.bak';
        try { data = this._readAndParse(backupPath); } catch {}
      }
-      if (!data) return JSON.parse(JSON.stringify(DEFAULTS));
+      if (!data) {
+        const fresh = JSON.parse(JSON.stringify(DEFAULTS));
+        fresh.globalSettings.logMode = normalizeLogMode(fresh.globalSettings);
+        return fresh;
+      }

      // Migrate old single-object format to array format
      for (const [name, val] of Object.entries(data.hosters || {})) {
@ -207,13 +217,20 @@ class ConfigStore {
          globalSettings[key] = { ...def, ...(savedGlobal[key] || {}) };
        }
      }
+      // Normalize logMode at this single boundary. Legacy sessionLog: true
+      // means *daily* (the old field was named after a misnomer); see log-mode.js.
+      // Downstream readers consume logMode only and must NOT derive from
+      // sessionLog at call sites.
+      globalSettings.logMode = normalizeLogMode(globalSettings);
      const result = { hosters, hosterSettings, globalSettings, history: data.history || [] };
      // Decrypt credentials stored with safeStorage so the rest of the app
      // keeps working with plaintext in memory.
      secretStore.decryptCredentials(result);
      return result;
    } catch {
-      return JSON.parse(JSON.stringify(DEFAULTS));
+      const fresh = JSON.parse(JSON.stringify(DEFAULTS));
+      fresh.globalSettings.logMode = normalizeLogMode(fresh.globalSettings);
+      return fresh;
    }
  }

--- a/lib/file-probe.js
+++ b/lib/file-probe.js
@ -0,0 +1,73 @@
+const fs = require('fs');
+
+const SIGNATURES = [
+  { kind: 'mp4-iso', test: (b) => b.length >= 12 && b.slice(4, 8).toString('ascii') === 'ftyp' },
+  { kind: 'matroska', test: (b) => b.length >= 4 && b[0] === 0x1A && b[1] === 0x45 && b[2] === 0xDF && b[3] === 0xA3 },
+  { kind: 'avi', test: (b) => b.length >= 12 && b.slice(0, 4).toString('ascii') === 'RIFF' && b.slice(8, 12).toString('ascii') === 'AVI ' },
+  { kind: 'wav', test: (b) => b.length >= 12 && b.slice(0, 4).toString('ascii') === 'RIFF' && b.slice(8, 12).toString('ascii') === 'WAVE' },
+  { kind: 'flv', test: (b) => b.length >= 3 && b.slice(0, 3).toString('ascii') === 'FLV' },
+  { kind: 'asf-wmv', test: (b) => b.length >= 4 && b[0] === 0x30 && b[1] === 0x26 && b[2] === 0xB2 && b[3] === 0x75 },
+  { kind: 'mpeg-ps', test: (b) => b.length >= 4 && b[0] === 0x00 && b[1] === 0x00 && b[2] === 0x01 && (b[3] === 0xBA || b[3] === 0xB3) },
+  { kind: 'mpeg-ts', test: (b) => b.length >= 1 && b[0] === 0x47 },
+  { kind: 'mp3', test: (b) => b.length >= 3 && (b.slice(0, 3).toString('ascii') === 'ID3' || (b[0] === 0xFF && (b[1] & 0xE0) === 0xE0)) },
+  { kind: 'ogg', test: (b) => b.length >= 4 && b.slice(0, 4).toString('ascii') === 'OggS' },
+  { kind: 'jpeg', test: (b) => b.length >= 3 && b[0] === 0xFF && b[1] === 0xD8 && b[2] === 0xFF },
+  { kind: 'png', test: (b) => b.length >= 8 && b[0] === 0x89 && b.slice(1, 4).toString('ascii') === 'PNG' },
+  { kind: 'pdf', test: (b) => b.length >= 5 && b.slice(0, 5).toString('ascii') === '%PDF-' },
+  { kind: 'zip', test: (b) => b.length >= 4 && b[0] === 0x50 && b[1] === 0x4B && (b[2] === 0x03 || b[2] === 0x05 || b[2] === 0x07) },
+  { kind: 'html', test: (b) => {
+    const s = b.toString('ascii', 0, Math.min(b.length, 64)).trimStart().toLowerCase();
+    return s.startsWith('<!doctype html') || s.startsWith('<html');
+  } }
+];
+
+const VIDEO_KINDS = new Set(['mp4-iso', 'matroska', 'avi', 'flv', 'asf-wmv', 'mpeg-ps', 'mpeg-ts']);
+
+function detectKind(buf) {
+  if (!buf || buf.length === 0) return 'empty';
+  for (const sig of SIGNATURES) {
+    try { if (sig.test(buf)) return sig.kind; } catch { /* ignore malformed buffer slice */ }
+  }
+  return 'unknown';
+}
+
+function isVideoLikeKind(kind) {
+  return VIDEO_KINDS.has(kind);
+}
+
+function probeFileHead(filePath, bytes) {
+  const want = Number.isFinite(bytes) && bytes > 0 ? bytes : 64;
+  return new Promise((resolve) => {
+    fs.open(filePath, 'r', (err, fd) => {
+      if (err) return resolve({ ok: false, error: err.message, kind: 'unreadable' });
+      const buf = Buffer.alloc(want);
+      fs.read(fd, buf, 0, want, 0, (rerr, bytesRead) => {
+        fs.close(fd, () => {});
+        if (rerr) return resolve({ ok: false, error: rerr.message, kind: 'unreadable' });
+        const slice = buf.slice(0, bytesRead);
+        resolve({
+          ok: true,
+          bytesRead,
+          kind: detectKind(slice),
+          isVideoLike: isVideoLikeKind(detectKind(slice)),
+          headHex: slice.toString('hex')
+        });
+      });
+    });
+  });
+}
+
+function summarizeFileStat(filePath) {
+  try {
+    const st = fs.statSync(filePath);
+    return {
+      size: st.size,
+      mtime: st.mtime.toISOString(),
+      isFile: st.isFile()
+    };
+  } catch (err) {
+    return { error: err.message };
+  }
+}
+
+module.exports = { detectKind, isVideoLikeKind, probeFileHead, summarizeFileStat, VIDEO_KINDS, SIGNATURES };
--- a/lib/hosters.js
+++ b/lib/hosters.js
@ -499,24 +499,27 @@ async function _resolveDoodstreamUploadByName(apiKey, fileName, baselineCodes, s
  return null;
 }

-async function uploadFile(hosterName, filePath, apiKey, onProgress, signal, throttle) {
+async function uploadFile(hosterName, filePath, apiKey, onProgress, signal, throttle, opts) {
  const config = HOSTER_CONFIGS[hosterName];
  if (!config) throw new Error(`Unbekannter Hoster: ${hosterName}`);

-  // For byse: snapshot the current file-code list so the post-upload poller
-  // can identify new arrivals even when the initial POST response has an
-  // empty filecode.
  let byseBaseline = null;
  if (hosterName === 'byse.sx') {
-    const baseline = await _fetchByseFileList(apiKey, signal);
-    byseBaseline = new Set(baseline.map(f => f.file_code));
+    if (opts && opts.byseBaseline instanceof Set) {
+      byseBaseline = opts.byseBaseline;
+    } else {
+      const baseline = await _fetchByseFileList(apiKey, signal);
+      byseBaseline = new Set(baseline.map(f => f.file_code));
+    }
  }
-  // Doodstream: same snapshot so a codeless upload response can be recovered by
-  // matching a newly-appeared file in the account by name (see below).
  let doodBaseline = null;
  if (hosterName === 'doodstream.com') {
-    const baseline = await _fetchDoodstreamFileList(apiKey, signal);
-    doodBaseline = new Set(baseline.map(f => f.file_code));
+    if (opts && opts.doodBaseline instanceof Set) {
+      doodBaseline = opts.doodBaseline;
+    } else {
+      const baseline = await _fetchDoodstreamFileList(apiKey, signal);
+      doodBaseline = new Set(baseline.map(f => f.file_code));
+    }
  }

  // Step 1: Get upload server
@ -580,6 +583,17 @@ async function uploadFile(hosterName, filePath, apiKey, onProgress, signal, thro
  try {
    result = config.parseResult(payload);
  } catch (err) {
+    if (err && typeof err === 'object' && !err.diagnostic) {
+      try {
+        err.diagnostic = {
+          hoster: hosterName,
+          http: statusCode,
+          contentType: (headers && headers['content-type']) || null,
+          payloadSnippet: JSON.stringify(payload).slice(0, 1000),
+          uploadUrl: targetUrl
+        };
+      } catch { /* JSON cycle — skip diagnostic */ }
+    }
    parseErr = err;
  }
  if (result && (result.file_code || result.download_url || result.embed_url)) {
@ -636,8 +650,23 @@ async function uploadFile(hosterName, filePath, apiKey, onProgress, signal, thro
  throw new Error(msg);
 }

+async function prefetchBaseline(hosterName, apiKey, signal) {
+  try {
+    if (hosterName === 'byse.sx') {
+      const baseline = await _fetchByseFileList(apiKey, signal);
+      return new Set(baseline.map(f => f.file_code));
+    }
+    if (hosterName === 'doodstream.com') {
+      const baseline = await _fetchDoodstreamFileList(apiKey, signal);
+      return new Set(baseline.map(f => f.file_code));
+    }
+  } catch { /* leave caller to fall back to per-job fetch */ }
+  return null;
+}
+
 module.exports = {
  uploadFile,
+  prefetchBaseline,
  HOSTER_CONFIGS,
  __test: {
    extractUploadServerUrl,
--- a/lib/log-mode.js
+++ b/lib/log-mode.js
@ -0,0 +1,107 @@
+// Log-file mode resolution for fileuploader.log:
+//   - "single"  → one file:   fileuploader.log
+//   - "daily"   → per-day:    fileuploader-YYYY-MM-DD.log
+//   - "session" → per-launch: fileuploader-session-YYYY-MM-DD_HH-MM-SS-<pid>.log
+//
+// Pure functions only — no fs, no Date.now() at call time — so they unit-test
+// cleanly and the main.js call sites pass in `new Date()` + the session stamp.
+//
+// MIGRATION TRAP this lib protects against: the legacy boolean was named
+// `sessionLog` but actually toggled *daily* mode. A naive rename would silently
+// flip every per-day user onto per-session. normalizeLogMode below maps the
+// legacy `sessionLog: true` to "daily", NOT "session". Read logMode everywhere
+// downstream; do not derive from sessionLog at call sites.
+//
+// Loaded both as CommonJS (main.js, tests) and as a browser global
+// (renderer/app.js via index.html script tag) so a single implementation backs
+// runtime and tests — same pattern as queue-prune.js / queue-dedup.js.
+
+(function (root) {
+  'use strict';
+
+  const VALID_MODES = new Set(['single', 'daily', 'session']);
+
+  function normalizeLogMode(globalSettings) {
+    const gs = globalSettings && typeof globalSettings === 'object' ? globalSettings : {};
+    if (typeof gs.logMode === 'string' && VALID_MODES.has(gs.logMode)) {
+      return gs.logMode;
+    }
+    // Legacy boolean migration: sessionLog *named* like "session" but actually
+    // implemented "daily" — preserve daily users on the migration path.
+    if (gs.sessionLog === true) return 'daily';
+    return 'single';
+  }
+
+  function _two(n) { return String(n).padStart(2, '0'); }
+
+  function formatDateStamp(date) {
+    return `${date.getFullYear()}-${_two(date.getMonth() + 1)}-${_two(date.getDate())}`;
+  }
+
+  function formatSessionStamp(date, pid) {
+    const d = `${date.getFullYear()}-${_two(date.getMonth() + 1)}-${_two(date.getDate())}`;
+    const t = `${_two(date.getHours())}-${_two(date.getMinutes())}-${_two(date.getSeconds())}`;
+    // PID disambiguates a same-second close→reopen — a human can't but two
+    // automated runs might. Cheap belt to a suspenders-not-required problem.
+    const pidStr = pid !== undefined && pid !== null ? `-${pid}` : '';
+    return `${d}_${t}${pidStr}`;
+  }
+
+  /**
+   * Compute the log filename for the given mode + clock.
+   * @param {Object} args
+   * @param {string} args.baseName    e.g. "fileuploader"
+   * @param {string} args.ext         e.g. ".log"
+   * @param {string} args.mode        "single" | "daily" | "session"
+   * @param {Date}   args.date        current timestamp
+   * @param {string} [args.sessionId] required when mode === "session"
+   * @returns {string} the bare filename (no directory)
+   */
+  function resolveLogFileName(args) {
+    const a = args || {};
+    const base = String(a.baseName || 'fileuploader');
+    const ext = String(a.ext || '.log');
+    const mode = VALID_MODES.has(a.mode) ? a.mode : 'single';
+    if (mode === 'single') return `${base}${ext}`;
+    if (mode === 'daily') {
+      const date = a.date instanceof Date ? a.date : new Date();
+      return `${base}-${formatDateStamp(date)}${ext}`;
+    }
+    // session
+    const sid = a.sessionId && String(a.sessionId).trim();
+    if (sid) return `${base}-session-${sid}${ext}`;
+    // Defensive: if a session-id wasn't passed, fall back to single rather
+    // than emit a malformed name. main.js always supplies one.
+    return `${base}${ext}`;
+  }
+
+  /**
+   * Reverse of resolveLogFileName: given a full filename like
+   * "fileuploader-2026-06-03.log" or
+   * "fileuploader-session-2026-06-03_18-16-20-8132.log", strip the mode-stamp
+   * so the bare base ("fileuploader.log") remains. Used when persisting an
+   * auto-resolved fallback path back into config — otherwise the saved path
+   * would keep growing a new stamp on every reload.
+   */
+  function stripModeStampFromFileName(fileName) {
+    if (!fileName || typeof fileName !== 'string') return fileName;
+    // Order matters: session first (longer, more specific) before daily.
+    // Both regexes are anchored to $ with no nested/ambiguous quantifiers, so
+    // matching is linear — the eslint security warning is precautionary.
+    // eslint-disable-next-line security/detect-unsafe-regex
+    const sessionRe = /-session-\d{4}-\d{2}-\d{2}_\d{2}-\d{2}-\d{2}(?:-\d+)?(\.[^.]+)?$/;
+    // eslint-disable-next-line security/detect-unsafe-regex
+    const dailyRe = /-\d{4}-\d{2}-\d{2}(\.[^.]+)?$/;
+    let out = fileName.replace(sessionRe, (m, ext) => ext || '');
+    out = out.replace(dailyRe, (m, ext) => ext || '');
+    return out;
+  }
+
+  const api = { normalizeLogMode, resolveLogFileName, formatDateStamp, formatSessionStamp, stripModeStampFromFileName, VALID_MODES };
+
+  if (typeof module !== 'undefined' && module.exports) {
+    module.exports = api;
+  } else if (root) {
+    root.LogMode = api;
+  }
+})(typeof window !== 'undefined' ? window : this);
--- a/lib/stats.js
+++ b/lib/stats.js
@ -0,0 +1,142 @@
+(function (root) {
+  function summarizePerHoster(history, opts) {
+    const out = {};
+    if (!Array.isArray(history)) return out;
+    const cutoff = opts && Number.isFinite(opts.sinceMs) ? opts.sinceMs : null;
+    const limitBatches = opts && Number.isFinite(opts.lastNBatches) && opts.lastNBatches > 0 ? opts.lastNBatches : null;
+
+    const entries = [...history];
+    entries.sort((a, b) => {
+      const ta = a && a.timestamp ? Date.parse(a.timestamp) : 0;
+      const tb = b && b.timestamp ? Date.parse(b.timestamp) : 0;
+      return tb - ta;
+    });
+    const sliced = limitBatches ? entries.slice(0, limitBatches) : entries;
+
+    for (const batch of sliced) {
+      if (!batch || !Array.isArray(batch.files)) continue;
+      if (cutoff !== null) {
+        const ts = batch.timestamp ? Date.parse(batch.timestamp) : 0;
+        if (!ts || ts < cutoff) continue;
+      }
+      for (const file of batch.files) {
+        if (!file || !Array.isArray(file.results)) continue;
+        for (const r of file.results) {
+          if (!r || !r.hoster) continue;
+          const bucket = out[r.hoster] || (out[r.hoster] = { ok: 0, fail: 0, total: 0 });
+          bucket.total++;
+          if (r.status === 'done') bucket.ok++;
+          else bucket.fail++;
+        }
+      }
+    }
+    for (const h of Object.keys(out)) {
+      const b = out[h];
+      b.rate = b.total > 0 ? b.ok / b.total : null;
+    }
+    return out;
+  }
+
+  function classifyErrorCategory(err) {
+    if (!err || typeof err !== 'string') return 'unknown';
+    const s = err.toLowerCase();
+    if (/abgebrochen|aborted|cancel/.test(s)) return 'aborted';
+    if (/not video file format|kein videoformat|invalid file|wrong format|duplicate|already exists|file too (small|big|large)|datei zu (gro|klein)/.test(s)) return 'file-rejected';
+    if (/quota|storage (full|exhausted|voll)|account (full|banned|suspended)|disk (space )?full|insufficient (disk )?space|not enough (disk )?(space|storage)/.test(s)) return 'account-error';
+    if (/csrf|kein upload-server|server.*?(busy|unavailable|try again)|no servers available|filecode|kein filecode|empty.*?(form|response)/.test(s)) return 'hoster-transient';
+    if (/timeout|econnreset|enotfound|fetch failed|network|socket hang up|abort/.test(s)) return 'network';
+    return 'unknown';
+  }
+
+  function summarizeBatchErrors(batchSummary) {
+    const buckets = {
+      'file-rejected': [],
+      'account-error': [],
+      'hoster-transient': [],
+      'network': [],
+      'unknown': [],
+      'aborted': []
+    };
+    if (!batchSummary || !Array.isArray(batchSummary.files)) return buckets;
+    for (const f of batchSummary.files) {
+      if (!f || !Array.isArray(f.results)) continue;
+      for (const r of f.results) {
+        if (!r || r.status === 'done') continue;
+        const cat = classifyErrorCategory(r.error);
+        buckets[cat].push({
+          fileName: f.name || f.fileName || '',
+          hoster: r.hoster || '',
+          error: r.error || '',
+          jobId: r.jobId || null
+        });
+      }
+    }
+    return buckets;
+  }
+
+  const RETRYABLE_CATEGORIES = new Set(['hoster-transient', 'network', 'unknown']);
+  function isRetryableCategory(cat) {
+    return RETRYABLE_CATEGORIES.has(cat);
+  }
+
+  const CATEGORY_LABELS = {
+    'file-rejected': 'Datei abgelehnt',
+    'account-error': 'Account-Problem',
+    'hoster-transient': 'Hoster-Flake',
+    'network': 'Netzwerk',
+    'unknown': 'Unbekannt',
+    'aborted': 'Abgebrochen'
+  };
+
+  function formatLinks(rows, format) {
+    if (!Array.isArray(rows)) return '';
+    const safe = rows.filter(r => r && r.url);
+    if (safe.length === 0) return '';
+    switch (format) {
+      case 'plain':
+        return safe.map(r => r.url).join('\n');
+      case 'bbcode':
+        return safe.map(r => {
+          const label = r.fileName || r.hoster || r.url;
+          return `[url=${r.url}]${label}[/url]`;
+        }).join('\n');
+      case 'markdown':
+        return safe.map(r => {
+          const label = r.fileName || r.hoster || r.url;
+          return `- [${label}](${r.url})`;
+        }).join('\n');
+      case 'html':
+        return safe.map(r => {
+          const label = r.fileName || r.hoster || r.url;
+          return `<a href="${r.url}">${label}</a>`;
+        }).join('\n');
+      case 'csv': {
+        const head = 'fileName,hoster,url\n';
+        return head + safe.map(r => {
+          const esc = (v) => `"${String(v || '').replace(/"/g, '""')}"`;
+          return [esc(r.fileName), esc(r.hoster), esc(r.url)].join(',');
+        }).join('\n');
+      }
+      case 'json':
+        return JSON.stringify(safe.map(r => ({ fileName: r.fileName || '', hoster: r.hoster || '', url: r.url })), null, 2);
+      default:
+        return safe.map(r => r.url).join('\n');
+    }
+  }
+
+  const api = {
+    summarizePerHoster,
+    classifyErrorCategory,
+    summarizeBatchErrors,
+    isRetryableCategory,
+    RETRYABLE_CATEGORIES,
+    CATEGORY_LABELS,
+    formatLinks
+  };
+
+  if (typeof module !== 'undefined' && module.exports) {
+    module.exports = api;
+  } else if (root) {
+    root.Stats = api;
+  }
+})(typeof window !== 'undefined' ? window : this);
--- a/lib/support-bundle.js
+++ b/lib/support-bundle.js
@ -0,0 +1,64 @@
+const fs = require('fs');
+
+const CRED_KEYS = new Set(['password', 'apiKey', 'token', 'cookie', 'sessionId']);
+const REDACTED = '<redacted>';
+
+function sanitizeConfig(config) {
+  if (!config || typeof config !== 'object') return config;
+  const clone = JSON.parse(JSON.stringify(config));
+  (function walk(o) {
+    if (!o) return;
+    if (Array.isArray(o)) { for (const e of o) walk(e); return; }
+    if (typeof o !== 'object') return;
+    for (const k of Object.keys(o)) {
+      if (CRED_KEYS.has(k) && typeof o[k] === 'string' && o[k]) o[k] = REDACTED;
+      else walk(o[k]);
+    }
+  })(clone);
+  return clone;
+}
+
+function collectFile(filePath, label, maxBytes) {
+  if (!filePath) return `=== ${label} ===\n<no path configured>\n\n`;
+  let stat;
+  try { stat = fs.statSync(filePath); }
+  catch (err) {
+    if (err && err.code === 'ENOENT') return `=== ${label} (${filePath}) ===\n<file does not exist yet>\n\n`;
+    return `=== ${label} (${filePath}) ===\n<stat error: ${err.message}>\n\n`;
+  }
+  const cap = Number.isFinite(maxBytes) && maxBytes > 0 ? maxBytes : 5 * 1024 * 1024;
+  let content;
+  try {
+    if (stat.size > cap) {
+      const fd = fs.openSync(filePath, 'r');
+      const buf = Buffer.alloc(cap);
+      fs.readSync(fd, buf, 0, cap, stat.size - cap);
+      fs.closeSync(fd);
+      const skipped = stat.size - cap;
+      content = `<truncated: skipped first ${skipped} bytes; showing last ${cap} bytes of ${stat.size}>\n` + buf.toString('utf-8');
+    } else {
+      content = fs.readFileSync(filePath, 'utf-8');
+    }
+  } catch (err) {
+    content = `<read error: ${err.message}>`;
+  }
+  return `=== ${label} (${filePath}, size=${stat.size} bytes) ===\n${content}\n\n`;
+}
+
+function buildSupportBundleText({ header, sanitizedConfig, files }) {
+  const parts = [];
+  parts.push('=== Multi-Hoster-Upload Support Bundle ===\n');
+  if (header && typeof header === 'object') {
+    for (const [k, v] of Object.entries(header)) parts.push(`${k}: ${v}\n`);
+  }
+  parts.push('\n');
+  parts.push('=== Config (sanitized — password/apiKey/token/cookie/sessionId redacted) ===\n');
+  parts.push(JSON.stringify(sanitizedConfig, null, 2));
+  parts.push('\n\n');
+  for (const f of (files || [])) {
+    parts.push(collectFile(f.path, f.label || f.path, f.maxBytes));
+  }
+  return parts.join('');
+}
+
+module.exports = { sanitizeConfig, collectFile, buildSupportBundleText, CRED_KEYS, REDACTED };
--- a/lib/upload-manager.js
+++ b/lib/upload-manager.js
@ -2,13 +2,14 @@ const { EventEmitter } = require('events');
 const path = require('path');
 const fs = require('fs');
 const crypto = require('crypto');
-const { uploadFile } = require('./hosters');
+const { uploadFile, prefetchBaseline } = require('./hosters');
 const VidmolyUploader = require('./vidmoly-upload');
 const VoeUploader = require('./voe-upload');
 const DoodstreamUploader = require('./doodstream-upload');
 const ClouddropUploader = require('./clouddrop-upload');
 const Semaphore = require('./semaphore');
 const Throttle = require('./throttle');
+const { probeFileHead } = require('./file-probe');

 const DEFAULT_SETTINGS = {
  retries: 3,
@ -41,6 +42,7 @@ class UploadManager extends EventEmitter {
    this._failedAccounts = new Map(); // hoster -> Set of failed accountIds
    this._accountOverrides = new Map(); // hoster -> fallback account object
    this._doodApiKeyCache = new Map(); // accountId/username -> derived doodstream API key ('' = tried, none)
+    this._baselineCache = new Map(); // hoster:apiKey -> Promise<Set<file_code>> (one fetch shared across all jobs in batch)
  }

  switchAccount(hoster, fallbackAccount) {
@ -65,6 +67,16 @@ class UploadManager extends EventEmitter {
    return this._accountOverrides.get(hoster) || null;
  }

+  clearFailedAccount(hoster, accountId) {
+    return this._failedAccounts.delete(`${hoster}:${accountId}`);
+  }
+
+  clearAllFailedAccounts() {
+    const n = this._failedAccounts.size;
+    this._failedAccounts.clear();
+    return n;
+  }
+
  // True if the hoster has a usable override stored that differs from the
  // account currently in the task and isn't itself already marked failed.
  // Used by the retry loop to decide "retry on same account vs break to
@ -267,6 +279,7 @@ class UploadManager extends EventEmitter {
    this.jobAbortControllers.clear();
    this.cancelledJobIds.clear();
    this._doodApiKeyCache.clear(); // re-derive doodstream keys fresh each batch
+    this._baselineCache.clear(); // re-fetch baselines per batch (a long batch could outlast remote-side relevance)
    this.semaphores = {};
    this.globalSemaphore = null;
    this.globalThrottle = null;
@ -297,18 +310,30 @@ class UploadManager extends EventEmitter {
    this._batchResults = results;
    this._additionalPromises = []; // Track jobs added mid-batch via addJobs()

-    for (const task of tasks) {
-      const fileName = path.basename(task.file);
-      if (!results.has(task.file)) {
-        let size = 0;
-        try { size = fs.statSync(task.file).size; } catch {}
-        results.set(task.file, { name: fileName, size, results: [] });
+    const DEDUP_CHUNK = 200;
+    for (let i = 0; i < tasks.length; i += DEDUP_CHUNK) {
+      const end = Math.min(i + DEDUP_CHUNK, tasks.length);
+      for (let j = i; j < end; j++) {
+        const task = tasks[j];
+        if (!results.has(task.file)) {
+          const fileName = path.basename(task.file);
+          let size = 0;
+          try { size = fs.statSync(task.file).size; } catch {}
+          results.set(task.file, { name: fileName, size, results: [] });
+        }
      }
+      if (end < tasks.length) await new Promise(setImmediate);
    }

    this._startStatsTimer();

-    const promises = tasks.map((task) => this._runJob(task, results, signal));
+    const SPAWN_CHUNK = 100;
+    const promises = [];
+    for (let i = 0; i < tasks.length; i += SPAWN_CHUNK) {
+      const end = Math.min(i + SPAWN_CHUNK, tasks.length);
+      for (let j = i; j < end; j++) promises.push(this._runJob(tasks[j], results, signal));
+      if (end < tasks.length) await new Promise(setImmediate);
+    }
    await Promise.allSettled(promises);
    // Wait for any jobs added mid-batch via addJobs()
    while (this._additionalPromises.length > 0) {
@ -344,7 +369,12 @@ class UploadManager extends EventEmitter {
    const fileName = path.basename(task.file);
    let fileSize = 0;
    let fileNotFound = false;
-    try { fileSize = fs.statSync(task.file).size; } catch { fileNotFound = true; }
+    const cachedResult = results && results.get(task.file);
+    if (cachedResult && typeof cachedResult.size === 'number' && cachedResult.size > 0) {
+      fileSize = cachedResult.size;
+    } else {
+      try { fileSize = fs.statSync(task.file).size; } catch { fileNotFound = true; }
+    }

    const maxAttempts = Math.max(1, (settings.retries || 0) + 1);
    const jobAbortController = new AbortController();
@ -409,26 +439,30 @@ class UploadManager extends EventEmitter {
        return;
      }

-      this._emitProgress(uploadId, fileName, task.hoster, { accountId: task.accountId,
-        jobId,
-        status: 'queued',
-        progress: 0,
-        bytesUploaded: 0,
-        bytesTotal: fileSize,
-        speedKbs: 0,
-        elapsed: 0,
-        remaining: 0,
-        error: null,
-        result: null,
-        attempt: 0,
-        maxAttempts
-      });
-
-      // Acquire hoster semaphore first so jobs waiting for a hoster slot
-      // don't waste global slots (prevents underutilization)
+      // The initial 'queued' emit per job is suppressed: with N=2000+ tasks
+      // it produces 2000+ main→renderer IPCs back-to-back at startBatch and
+      // freezes the renderer event loop for tens of seconds. The renderer
+      // already holds each job in 'queued'/'preview' state from its own
+      // queueJobs array; the first event it actually needs from main is the
+      // 'getting-server' / 'uploading' transition for the jobs that the
+      // semaphore lets through.
      await hosterSemaphore.acquire(signal);
      hosterSlotAcquired = true;

+      let fileProbe = null;
+      try {
+        fileProbe = await probeFileHead(task.file, 64);
+      } catch (err) {
+        fileProbe = { ok: false, error: err && err.message, kind: 'unreadable' };
+      }
+      this._rotLog('upload-start', {
+        jobId, hoster: task.hoster, accountId: task.accountId, fileName,
+        fileSize,
+        detectedKind: fileProbe && fileProbe.kind ? fileProbe.kind : 'unknown',
+        isVideoLike: !!(fileProbe && fileProbe.isVideoLike),
+        headHex: fileProbe && fileProbe.headHex ? fileProbe.headHex.slice(0, 32) : null
+      });
+
      if (globalSemaphore) {
        await globalSemaphore.acquire(signal);
        globalSlotAcquired = true;
@ -596,6 +630,23 @@ class UploadManager extends EventEmitter {
          this.activeJobs.delete(uploadId);

          const isSpeedRestart = speedAbort && speedAbort.signal.aborted && !signal.aborted;
+          if (!signal.aborted && !isSpeedRestart) {
+            const diag = (err && typeof err === 'object' && err.diagnostic) || {};
+            this._rotLog('upload-failure', {
+              jobId, hoster: task.hoster, accountId: task.accountId, fileName,
+              attempt,
+              error: err && err.message ? err.message : String(err),
+              fileRejected: !!(err && err.fileRejected),
+              accountError: !!(err && err.accountError),
+              hosterTransient: !!(err && err.hosterTransient),
+              http: diag.http || null,
+              contentType: diag.contentType || null,
+              detectedKind: (typeof fileProbe !== 'undefined' && fileProbe && fileProbe.kind) ? fileProbe.kind : null,
+              isVideoLike: !!(typeof fileProbe !== 'undefined' && fileProbe && fileProbe.isVideoLike),
+              headHex: (typeof fileProbe !== 'undefined' && fileProbe && fileProbe.headHex) ? fileProbe.headHex.slice(0, 32) : null,
+              payloadSnippet: diag.payloadSnippet || null
+            });
+          }
          if (signal.aborted) {
            lastError = new Error('Abgebrochen');
            break;
@ -882,7 +933,9 @@ class UploadManager extends EventEmitter {
      const apiKey = await this._resolveDoodstreamApiKey(task);
      if (apiKey) {
        this._rotLog('doodstream-via-api', { accountId: task.accountId, fileName: path.basename(task.file) });
-        return uploadFile('doodstream.com', task.file, apiKey, progressCb, signal, throttle);
+        return uploadFile('doodstream.com', task.file, apiKey, progressCb, signal, throttle, {
+          doodBaseline: await this._getBaseline('doodstream.com', apiKey, signal)
+        });
      }
      this._rotLog('doodstream-via-web', { accountId: task.accountId, fileName: path.basename(task.file) });
      const dood = new DoodstreamUploader();
@ -892,10 +945,23 @@ class UploadManager extends EventEmitter {
      const clouddrop = new ClouddropUploader(task.apiKey);
      return clouddrop.upload(task.file, progressCb, signal, throttle);
    } else {
-      return uploadFile(task.hoster, task.file, task.apiKey, progressCb, signal, throttle);
+      const baselineOpts = {};
+      if (task.hoster === 'byse.sx') baselineOpts.byseBaseline = await this._getBaseline('byse.sx', task.apiKey, signal);
+      if (task.hoster === 'doodstream.com') baselineOpts.doodBaseline = await this._getBaseline('doodstream.com', task.apiKey, signal);
+      return uploadFile(task.hoster, task.file, task.apiKey, progressCb, signal, throttle, baselineOpts);
    }
  }

+  _getBaseline(hosterName, apiKey, signal) {
+    if (!apiKey) return Promise.resolve(null);
+    const key = `${hosterName}:${apiKey}`;
+    let pending = this._baselineCache.get(key);
+    if (pending) return pending;
+    pending = prefetchBaseline(hosterName, apiKey, signal);
+    this._baselineCache.set(key, pending);
+    return pending;
+  }
+
  // Resolve (and cache per batch) the doodstream API key for a login-only
  // account by logging in once and scraping+validating it from the session.
  // Returns the key string, or '' when none could be derived (cached either way
--- a/main.js
+++ b/main.js
@ -16,6 +16,7 @@ const FolderMonitor = require('./lib/folder-monitor');
 const RemoteServer = require('./lib/remote-server');
 const { maybeRotateLogFile } = require('./lib/log-rotation');
 const { hosterLogToFileEnabled } = require('./lib/log-policy');
+const { sanitizeConfig, buildSupportBundleText } = require('./lib/support-bundle');

 let mainWindow;
 let _lastImportPath = null;
@ -115,6 +116,49 @@ function debugLog(msg) {
  } catch {}
 }

+let _logVerbose = false;
+function setLogVerbose(v) { _logVerbose = !!v; }
+function _ctxTag(ctx) {
+  if (!ctx || typeof ctx !== 'object') return '';
+  const tags = [];
+  if (ctx.batch) tags.push(`b:${String(ctx.batch).slice(0, 8)}`);
+  if (ctx.job) tags.push(`j:${String(ctx.job).slice(-8)}`);
+  if (ctx.hoster) tags.push(ctx.hoster);
+  if (ctx.attempt !== undefined && ctx.attempt !== null) tags.push(`a:${ctx.attempt}`);
+  return tags.length ? `[${tags.join(' ')}] ` : '';
+}
+function _split(a, b) {
+  if (typeof a === 'string') return { ctx: null, msg: a, extra: b };
+  return { ctx: a, msg: b, extra: arguments[2] };
+}
+function logDebug(a, b) {
+  if (!_logVerbose) return;
+  const s = _split(a, b);
+  debugLog(`[DEBUG] ${_ctxTag(s.ctx)}${s.msg}`);
+}
+function logInfo(a, b) {
+  const s = _split(a, b);
+  debugLog(`[INFO ] ${_ctxTag(s.ctx)}${s.msg}`);
+}
+function logWarn(a, b) {
+  const s = _split(a, b);
+  debugLog(`[WARN ] ${_ctxTag(s.ctx)}${s.msg}`);
+}
+function logError(a, b, c) {
+  let ctx, msg, err;
+  if (typeof a === 'string') { ctx = null; msg = a; err = b; }
+  else { ctx = a; msg = b; err = c; }
+  const errStr = err ? ` :: ${err.stack || err.message || err}` : '';
+  debugLog(`[ERROR] ${_ctxTag(ctx)}${msg}${errStr}`);
+}
+function logMarker(label, fields) {
+  let extra = '';
+  if (fields && typeof fields === 'object') {
+    extra = ' ' + Object.entries(fields).map(([k, v]) => `${k}=${v}`).join(' ');
+  }
+  debugLog(`────── ${label}${extra} ──────`);
+}
+
 // Dedicated account-rotation log so users can trace fallback decisions
 // without wading through general debug output. Writes to account-rotation.log
 // in the same directory as fileuploader.log (honors user's configured path).
@ -154,27 +198,28 @@ function _flushRotLog() {
  write(0);
 }

+function getAllLogPaths() {
+  const upload = getLogFilePath();
+  const debugPath = getDebugLogPath();
+  const rot = getRotLogPath();
+  const dir = path.dirname(debugPath);
+  return {
+    fileuploader: upload,
+    debug: debugPath,
+    accountRotation: rot,
+    doodstreamDebug: path.join(dir, 'doodstream-debug.log'),
+    logDir: dir
+  };
+}
+
 function rotLog(msg, ts) {
  try {
    const iso = new Date(ts || Date.now()).toISOString();
    const line = `[${iso}] ${msg}\n`;
-    // Write synchronously. Rotation events are rare (a handful per batch) so
-    // the batching optimization from debugLog doesn't buy us anything, and
-    // syncing guarantees the user can refresh the file and see fresh entries
-    // without waiting on a flush timer.
-    const candidates = [
-      getRotLogPath(),
-      path.join(app.getPath('desktop') || app.getPath('userData'), 'account-rotation.log'),
-      path.join(app.getPath('userData'), 'account-rotation.log')
-    ];
-    for (const target of candidates) {
-      try {
-        fs.mkdirSync(path.dirname(target), { recursive: true });
-        fs.appendFileSync(target, line, 'utf-8');
-        break;
-      } catch {}
+    _rotLogBuffer.push(line);
+    if (!_rotLogFlushTimer) {
+      _rotLogFlushTimer = setTimeout(() => { _rotLogFlushTimer = null; _flushRotLog(); }, 500);
    }
-    // Mirror into the main debug log for single-file-grep convenience.
    _debugLogBuffer.push(`[${iso}] [ROT] ${msg}\n`);
    if (!_debugLogFlushTimer) {
      _debugLogFlushTimer = setTimeout(() => { _debugLogFlushTimer = null; _flushDebugLog(); }, 500);
@ -240,40 +285,41 @@ function getBaseLogFilePath() {
  return customPath || getDefaultLogFilePath();
 }

-// Daily log: one file per day, reused across sessions on the same day
-let _dailyLogPath = null;
-let _dailyLogDate = null;
+// Log-mode bookkeeping. Three modes (see lib/log-mode.js): single, daily, session.
+// The session-id is stamped ONCE at main-process startup so every write of a
+// given session lands in the same file. A close→reopen of the app starts a new
+// main process, so a new SESSION_ID, so a new session file. PID is appended as
+// a cheap hedge against same-second restart collisions.
+const { resolveLogFileName, formatSessionStamp, formatDateStamp, stripModeStampFromFileName } = require('./lib/log-mode');
+const SESSION_ID = formatSessionStamp(new Date(), process.pid);
+let _activeLogKey = null;   // remembers (mode + date-or-session) so cache rolls correctly
+let _activeLogPath = null;

 function getLogFilePath() {
  const config = configStore.load();
-  const useDailyLog = config && config.globalSettings && config.globalSettings.sessionLog;
-  if (!useDailyLog) return getBaseLogFilePath();
-
+  const mode = (config && config.globalSettings && config.globalSettings.logMode) || 'single';
+  const base = getBaseLogFilePath();
+  const dir = path.dirname(base);
+  const ext = path.extname(base);
+  const name = path.basename(base, ext);
  const now = new Date();
-  const pad = (n) => String(n).padStart(2, '0');
-  const today = `${now.getFullYear()}-${pad(now.getMonth() + 1)}-${pad(now.getDate())}`;
-
-  // Reuse path if same day, otherwise generate new
-  if (_dailyLogDate !== today) {
-    const base = getBaseLogFilePath();
-    const dir = path.dirname(base);
-    const ext = path.extname(base);
-    const name = path.basename(base, ext);
-    _dailyLogPath = path.join(dir, `${name}-${today}${ext}`);
-    _dailyLogDate = today;
+  // Cache key changes when the user toggles mode mid-run OR when the daily date
+  // rolls over at midnight — so the cached path can't be served stale.
+  const datePart = mode === 'daily' ? formatDateStamp(now) : '';
+  const key = `${mode}|${datePart}|${SESSION_ID}|${base}`;
+  if (_activeLogKey !== key) {
+    _activeLogPath = path.join(dir, resolveLogFileName({ baseName: name, ext, mode, date: now, sessionId: SESSION_ID }));
+    _activeLogKey = key;
  }
-  return _dailyLogPath;
+  return _activeLogPath;
 }

 function buildFallbackLogName(dir) {
-  // Match the daily-log naming when enabled, so fallback files stay consistent.
+  // Match the active log-mode's naming so the fallback file is consistent with
+  // what the primary write would have produced.
  const config = configStore.load();
-  const useDailyLog = config && config.globalSettings && config.globalSettings.sessionLog;
-  if (!useDailyLog) return path.join(dir, 'fileuploader.log');
-  const now = new Date();
-  const pad = (n) => String(n).padStart(2, '0');
-  const today = `${now.getFullYear()}-${pad(now.getMonth() + 1)}-${pad(now.getDate())}`;
-  return path.join(dir, `fileuploader-${today}.log`);
+  const mode = (config && config.globalSettings && config.globalSettings.logMode) || 'single';
+  return path.join(dir, resolveLogFileName({ baseName: 'fileuploader', ext: '.log', mode, date: new Date(), sessionId: SESSION_ID }));
 }

 function getSafeDesktopDir() {
@ -305,7 +351,10 @@ function _invalidateUploadLogTargetCache() {

 function _resolveUploadLogTarget() {
  const primary = getLogFilePath();
-  const key = `${primary}|${_dailyLogDate || ''}`;
+  // The primary path already encodes the mode + date/session, so it changes
+  // when the user toggles mode, daily rolls at midnight, or this is a new
+  // process — cache invalidates naturally on path change.
+  const key = primary;
  if (_cachedUploadLogKey === key && _cachedUploadLogTarget) return _cachedUploadLogTarget;

  const commit = (t) => {
@ -394,16 +443,18 @@ function _persistFallbackLogPath(workingPath) {
  try {
    const cfg = configStore.load();
    const gs = cfg.globalSettings || {};
-    // If daily-log is on, workingPath has a date suffix (fileuploader-YYYY-MM-DD.log).
-    // Strip that before saving so the base path rolls forward to tomorrow's
-    // file correctly — otherwise the next day's getLogFilePath would append
-    // another date onto the already-dated base.
+    const mode = gs.logMode || 'single';
+    // Strip the mode-specific suffix so logFilePath stores the BARE base path.
+    // Otherwise daily would compound into "...-2026-06-03-2026-06-04.log" and
+    // session would compound a second session-stamp onto the first — which split
+    // a session's lines across two files (the first few before _persistFallback
+    // ran, the rest after, into the doubly-stamped path). gated on logMode (the
+    // legacy `sessionLog` field is no longer the source of truth).
    let toSave = workingPath;
-    if (gs.sessionLog) {
+    if (mode === 'daily' || mode === 'session') {
      const dir = path.dirname(workingPath);
      const base = path.basename(workingPath);
-      const stripped = base.replace(/-\d{4}-\d{2}-\d{2}(\.[^.]+)$/, '$1');
-      toSave = path.join(dir, stripped);
+      toSave = path.join(dir, stripModeStampFromFileName(base));
    }
    if (gs.logFilePath === toSave) return;
    gs.logFilePath = toSave;
@ -830,35 +881,52 @@ async function runHosterHealthCheck(config, requestedChecks) {
    checks = requestedChecks;
  }

-  const results = await Promise.all(checks.map(async ({ hoster, accountId, otp }) => {
+  {
+    const seen = new Set();
+    const cleaned = [];
+    for (const c of checks) {
+      if (!c || !c.hoster) continue;
+      if (!c.accountId) { cleaned.push({ ...c, _invalid: true }); continue; }
+      const key = `${c.hoster}|${c.accountId}`;
+      if (seen.has(key)) continue;
+      seen.add(key);
+      cleaned.push(c);
+    }
+    checks = cleaned;
+  }
+
+  const runOne = async ({ hoster, accountId, otp, _invalid }) => {
+    if (_invalid) {
+      return { hoster, accountId, status: 'error', message: 'Account-ID fehlt im Check-Payload' };
+    }
    if (!allowed.includes(hoster)) {
      return { hoster, accountId, status: 'skipped', message: 'Kein Health-Check fuer diesen Hoster' };
    }
-
-    // Find specific account
    const accounts = config.hosters[hoster];
    const hosterConfig = Array.isArray(accounts) ? accounts.find(a => a.id === accountId) : null;
-
    try {
-      let result;
-      if (hoster === 'doodstream.com') {
-        result = await withTimeout(checkDoodstreamHealth(hosterConfig, otp), HEALTH_CHECK_TIMEOUT, 'Doodstream-Check');
-      } else if (hoster === 'vidmoly.me') {
-        result = await withTimeout(checkVidmolyHealth(hosterConfig), HEALTH_CHECK_TIMEOUT, 'Vidmoly-Check');
-      } else if (hoster === 'voe.sx') {
-        result = await withTimeout(checkVoeHealth(hosterConfig), HEALTH_CHECK_TIMEOUT, 'VOE-Check');
-      } else if (hoster === 'byse.sx') {
-        result = await withTimeout(checkByseHealth(hosterConfig), HEALTH_CHECK_TIMEOUT, 'Byse-Check');
-      } else if (hoster === 'clouddrop.cc') {
-        result = await withTimeout(checkClouddropHealth(hosterConfig), HEALTH_CHECK_TIMEOUT, 'Clouddrop-Check');
-      } else {
-        return { hoster, accountId, status: 'skipped', message: 'Kein Health-Check fuer diesen Hoster' };
-      }
+      const result = await _dispatchHealthCheck(hoster, hosterConfig, otp || '');
      return { hoster, accountId, ...result };
    } catch (err) {
      return { hoster, accountId, status: 'error', message: err && err.message ? err.message : 'Health-Check fehlgeschlagen' };
    }
+  };
+
+  const groups = new Map();
+  for (const c of checks) {
+    if (!groups.has(c.hoster)) groups.set(c.hoster, []);
+    groups.get(c.hoster).push(c);
+  }
+  const groupResults = await Promise.all(Array.from(groups.values()).map(async (group) => {
+    const out = [];
+    for (const c of group) {
+      out.push(await runOne(c));
+    }
+    return out;
  }));
+  const indexByCheck = new Map();
+  groupResults.flat().forEach((r) => { indexByCheck.set(`${r.hoster}|${r.accountId || ''}`, r); });
+  const results = checks.map(c => indexByCheck.get(`${c.hoster}|${c.accountId || ''}`));

  return { checkedAt: new Date().toISOString(), results };
 }
@ -904,6 +972,19 @@ function updateTrayTooltip(text) {
 }

 app.whenReady().then(() => {
+  try {
+    const _bootCfg = configStore.load();
+    setLogVerbose(!!(_bootCfg.globalSettings && _bootCfg.globalSettings.logVerbose));
+  } catch {}
+  logMarker('APP START', {
+    version: app.getVersion(),
+    electron: process.versions.electron,
+    node: process.versions.node,
+    platform: process.platform,
+    arch: process.arch,
+    verbose: _logVerbose,
+    pid: process.pid
+  });
  createWindow();
  createTray();

@ -920,7 +1001,7 @@ app.whenReady().then(() => {
      if (fs.existsSync(fm.folderPath)) {
        startFolderMonitor(fm);
      } else {
-        debugLog(`folder-monitor auto-start skipped: path not found (${fm.folderPath})`);
+        logWarn(`folder-monitor auto-start skipped: path not found (${fm.folderPath})`);
        // Persist the disable so the user gets a clean state on next launch
        const gs = { ...launchConfig.globalSettings, folderMonitor: { ...fm, enabled: false } };
        configStore.save({ globalSettings: gs }).catch(() => {});
@ -954,14 +1035,15 @@ app.whenReady().then(() => {
  // Auto-check for updates after 3 seconds
  setTimeout(async () => {
    try {
-      debugLog('update-check: starting');
+      logInfo('update-check: starting');
      const result = await checkForUpdate();
-      debugLog(`update-check: available=${result && result.available}, remote=${result && result.remoteVersion}`);
+      logInfo(`update-check: available=${result && result.available}, remote=${result && result.remoteVersion}`);
+      logDebug(`update-check result: ${JSON.stringify(result)}`);
      if (result && result.available && mainWindow && !mainWindow.isDestroyed()) {
        mainWindow.webContents.send('app:update-available', result);
      }
    } catch (err) {
-      debugLog(`update-check failed: ${err && err.message || err}`);
+      logError('update-check failed', err);
    }
  }, 3000);
 });
@ -1014,6 +1096,11 @@ ipcMain.handle('get-config', () => {

 ipcMain.handle('save-config', async (_event, config) => {
  await configStore.save(config);
+  try {
+    if (config && config.globalSettings && Object.prototype.hasOwnProperty.call(config.globalSettings, 'logVerbose')) {
+      setLogVerbose(!!config.globalSettings.logVerbose);
+    }
+  } catch {}
  // If a batch is running and some accounts got marked failed before any
  // fallback existed, re-resolve now — the user may have just added one.
  // Without this re-probe, those accounts stay stuck with no override until
@ -1109,6 +1196,52 @@ ipcMain.handle('run-health-check', async (_event, payload) => {
  return runHosterHealthCheck(config, hosters);
 });

+// Validate ephemeral credentials WITHOUT persisting them to config.hosters.
+// This is the IPC that backs the two-step "Prüfen → Anlegen" modal flow: the
+// new account is never on disk until the user confirms after a green check, so
+// failed/OTP-pending creds can't leak into config (and a double-click on the
+// Prüfen button cannot create duplicates because nothing is written until the
+// second, distinct "Anlegen" click). NOTE: this payload carries plaintext creds
+// across the IPC boundary — same trust level as save-config — DO NOT log it.
+ipcMain.handle('validate-credentials', async (_event, payload) => {
+  if (!payload || !payload.hoster) {
+    return { status: 'error', message: 'Hoster fehlt' };
+  }
+  const ephemeralHosterConfig = {
+    username: payload.username || '',
+    password: payload.password || '',
+    apiKey: payload.apiKey || '',
+    enabled: true
+  };
+  try {
+    return await _dispatchHealthCheck(payload.hoster, ephemeralHosterConfig, payload.otp || '');
+  } catch (err) {
+    return { status: 'error', message: err && err.message ? err.message : 'Validierung fehlgeschlagen' };
+  }
+});
+
+async function _dispatchHealthCheck(hoster, hosterConfig, otp) {
+  // Mirrors the per-hoster switch in runHosterHealthCheck so both code paths
+  // (batch check by accountId and ephemeral validate) go through identical
+  // checkers + timeout wrappers and surface identical result shapes.
+  if (hoster === 'doodstream.com') {
+    return withTimeout(checkDoodstreamHealth(hosterConfig, otp), HEALTH_CHECK_TIMEOUT, 'Doodstream-Check');
+  }
+  if (hoster === 'vidmoly.me') {
+    return withTimeout(checkVidmolyHealth(hosterConfig), HEALTH_CHECK_TIMEOUT, 'Vidmoly-Check');
+  }
+  if (hoster === 'voe.sx') {
+    return withTimeout(checkVoeHealth(hosterConfig), HEALTH_CHECK_TIMEOUT, 'VOE-Check');
+  }
+  if (hoster === 'byse.sx') {
+    return withTimeout(checkByseHealth(hosterConfig), HEALTH_CHECK_TIMEOUT, 'Byse-Check');
+  }
+  if (hoster === 'clouddrop.cc') {
+    return withTimeout(checkClouddropHealth(hosterConfig), HEALTH_CHECK_TIMEOUT, 'Clouddrop-Check');
+  }
+  return { status: 'skipped', message: 'Kein Health-Check fuer diesen Hoster' };
+}
+
 ipcMain.handle('select-files', async () => {
  const result = await dialog.showOpenDialog(mainWindow, {
    properties: ['openFile', 'multiSelections'],
@ -1151,33 +1284,32 @@ ipcMain.handle('select-folder', async () => {
  });
  if (result.canceled || !result.filePaths.length) return null;

-  // Recursively collect all files from selected folders
  const files = [];
-  const walk = (dir) => {
-    try {
-      for (const entry of fs.readdirSync(dir, { withFileTypes: true })) {
-        const full = path.join(dir, entry.name);
-        if (entry.isDirectory()) walk(full);
-        else if (entry.isFile()) files.push(full);
-      }
-    } catch {}
-  };
-  for (const folder of result.filePaths) walk(folder);
+  for (const folder of result.filePaths) await walkFolderAsync(folder, files);
  return files.length > 0 ? files : null;
 });

+async function walkFolderAsync(rootDir, outFiles) {
+  const fsp = fs.promises;
+  const stack = [rootDir];
+  let scanned = 0;
+  while (stack.length > 0) {
+    const dir = stack.pop();
+    let entries;
+    try { entries = await fsp.readdir(dir, { withFileTypes: true }); }
+    catch { continue; }
+    for (const entry of entries) {
+      const full = path.join(dir, entry.name);
+      if (entry.isDirectory()) stack.push(full);
+      else if (entry.isFile()) outFiles.push(full);
+    }
+    if ((++scanned % 8) === 0) await new Promise(setImmediate);
+  }
+}
+
 ipcMain.handle('resolve-folder-files', async (_event, folderPath) => {
  const files = [];
-  const walk = (dir) => {
-    try {
-      for (const entry of fs.readdirSync(dir, { withFileTypes: true })) {
-        const full = path.join(dir, entry.name);
-        if (entry.isDirectory()) walk(full);
-        else if (entry.isFile()) files.push(full);
-      }
-    } catch {}
-  };
-  walk(folderPath);
+  await walkFolderAsync(folderPath, files);
  return files;
 });

@ -1189,6 +1321,7 @@ ipcMain.handle('start-upload', (_event, payload) => {

  // At 500+ jobs JSON.stringify blew up the debug log with MB-sized lines
  // per start-upload and added noticeable delay — log counts only.
+  logMarker('BATCH START', { files: files.length, hosters: hosters.length, jobs: jobs.length });
  debugLog(`start-upload: files=${files.length}, hosters=${hosters.length}, jobs=${jobs.length}`);

  const tasks = jobs.length > 0
@ -1236,8 +1369,27 @@ ipcMain.handle('start-upload', (_event, payload) => {
  // Pass hoster settings to the upload manager
  uploadManager = new UploadManager(config.hosterSettings || {}, config.globalSettings || {});

+  const _progressByJob = new Map();
+  const _progressTerminalQueue = [];
+  let _progressFlushTimer = null;
+  const PROGRESS_BATCH_INTERVAL_MS = 100;
+  function _scheduleProgressFlush() {
+    if (_progressFlushTimer) return;
+    _progressFlushTimer = setTimeout(() => {
+      _progressFlushTimer = null;
+      if (!mainWindow || mainWindow.isDestroyed()) {
+        _progressByJob.clear();
+        _progressTerminalQueue.length = 0;
+        return;
+      }
+      const batch = _progressTerminalQueue.splice(0);
+      for (const v of _progressByJob.values()) batch.push(v);
+      _progressByJob.clear();
+      if (batch.length) mainWindow.webContents.send('upload-progress-batch', batch);
+    }, PROGRESS_BATCH_INTERVAL_MS);
+  }
+
  uploadManager.on('progress', (data) => {
-    // Only log state changes, not continuous progress updates
    if (data.status !== 'uploading') {
      debugLog(`progress: ${data.fileName} ${data.hoster} ${data.status} ${data.error || ''}`);
      _appendJobLog(data.jobId, {
@ -1246,10 +1398,6 @@ ipcMain.handle('start-upload', (_event, payload) => {
        error: data.error || null, attempt: data.attempt || 0, maxAttempts: data.maxAttempts || 0
      });
    }
-    // Write to fileuploader.log immediately when a single upload finishes —
-    // unless the user disabled logging for this hoster (per-hoster toggle).
-    // Read from the live uploadManager.hosterSettings so a mid-batch toggle
-    // (which calls updateSettings) takes effect immediately.
    if (data.status === 'done' && data.result) {
      const link = data.result.download_url || data.result.embed_url || data.result.file_code || '';
      if (link) {
@ -1262,9 +1410,16 @@ ipcMain.handle('start-upload', (_event, payload) => {
        debugLog(`WARNING: done but no link for ${data.fileName} @ ${data.hoster}: ${JSON.stringify(data.result)}`);
      }
    }
-    if (mainWindow && !mainWindow.isDestroyed()) {
-      mainWindow.webContents.send('upload-progress', data);
+    const isTerminal = data.status === 'done' || data.status === 'error' || data.status === 'aborted' || data.status === 'skipped';
+    if (isTerminal) {
+      if (data.jobId) _progressByJob.delete(data.jobId);
+      _progressTerminalQueue.push(data);
+    } else if (data.jobId) {
+      _progressByJob.set(data.jobId, data);
+    } else {
+      _progressTerminalQueue.push(data);
    }
+    _scheduleProgressFlush();
  });

  uploadManager.on('stats', (data) => {
@ -1298,6 +1453,15 @@ ipcMain.handle('start-upload', (_event, payload) => {
    }
  });

+  const ROT_LOG_RENDERER_EVENTS = new Set([
+    'switchAccount',
+    'pre-job-swap',
+    'try-alternate-after-fail',
+    'mark-failed',
+    'rotation-end',
+    'doodstream-via-api',
+    'doodstream-via-web'
+  ]);
  uploadManager.on('rot-log', (entry) => {
    const { ts, event, ...rest } = entry;
    const pairs = Object.entries(rest)
@ -1307,7 +1471,7 @@ ipcMain.handle('start-upload', (_event, payload) => {
    if (entry.jobId) {
      _appendJobLog(entry.jobId, { ts: ts || Date.now(), kind: 'rot', event, ...rest });
    }
-    if (mainWindow && !mainWindow.isDestroyed()) {
+    if (mainWindow && !mainWindow.isDestroyed() && ROT_LOG_RENDERER_EVENTS.has(event)) {
      mainWindow.webContents.send('account-rotation-log', entry);
    }
  });
@ -1321,6 +1485,7 @@ ipcMain.handle('start-upload', (_event, payload) => {
  const _thisManager = uploadManager;
  uploadManager.on('batch-done', async (summary) => {
    debugLog(`batch-done: total=${summary.total} ok=${summary.succeeded} fail=${summary.failed}`);
+    logMarker('BATCH END', { total: summary.total, ok: summary.succeeded, fail: summary.failed });
    logMemorySnapshot('batch-done');
    try { await configStore.appendHistory(summary); } catch (err) {
      debugLog(`appendHistory failed: ${err.message}`);
@ -1427,12 +1592,135 @@ ipcMain.handle('finish-after-active', () => {
  return true;
 });

+ipcMain.handle('get-session-failed-accounts', () => {
+  return Array.from(_sessionFailedAccounts.keys());
+});
+
+ipcMain.handle('reset-session-failed-account', (_event, payload) => {
+  if (!payload || typeof payload !== 'object') return { ok: false };
+  const { hoster, accountId } = payload;
+  if (!hoster || !accountId) return { ok: false };
+  const key = `${hoster}:${accountId}`;
+  const removed = _sessionFailedAccounts.delete(key);
+  if (uploadManager && typeof uploadManager.clearFailedAccount === 'function') {
+    try { uploadManager.clearFailedAccount(hoster, accountId); } catch {}
+  }
+  rotLog(`session-failed: manual reset ${key} (was set: ${removed})`);
+  return { ok: true, removed };
+});
+
+ipcMain.handle('reset-all-session-failed-accounts', () => {
+  const count = _sessionFailedAccounts.size;
+  _sessionFailedAccounts.clear();
+  if (uploadManager && typeof uploadManager.clearAllFailedAccounts === 'function') {
+    try { uploadManager.clearAllFailedAccounts(); } catch {}
+  }
+  rotLog(`session-failed: cleared all (${count})`);
+  return { ok: true, count };
+});
+
 ipcMain.handle('get-job-log', (_event, jobId) => {
  if (!jobId || typeof jobId !== 'string') return [];
  const arr = _jobLogCollector.get(jobId);
  return Array.isArray(arr) ? arr.slice() : [];
 });

+ipcMain.handle('get-log-paths', () => {
+  return getAllLogPaths();
+});
+
+ipcMain.handle('get-app-info', () => {
+  return {
+    name: app.getName(),
+    version: app.getVersion(),
+    electron: process.versions.electron,
+    node: process.versions.node,
+    chrome: process.versions.chrome,
+    platform: process.platform,
+    arch: process.arch,
+    osRelease: require('os').release(),
+    pid: process.pid,
+    isPackaged: app.isPackaged,
+    logVerbose: _logVerbose
+  };
+});
+
+ipcMain.handle('reveal-log-file', async (_event, target) => {
+  const { shell } = require('electron');
+  const paths = getAllLogPaths();
+  const file = (target && typeof target === 'string' && paths[target]) || null;
+  try {
+    if (file && fs.existsSync(file)) {
+      shell.showItemInFolder(file);
+      return { ok: true, path: file };
+    }
+    const dir = paths.logDir;
+    if (dir) {
+      fs.mkdirSync(dir, { recursive: true });
+      shell.openPath(dir);
+      return { ok: true, path: dir };
+    }
+    return { ok: false, error: 'Kein Log-Pfad gefunden' };
+  } catch (err) {
+    return { ok: false, error: err.message };
+  }
+});
+
+ipcMain.handle('set-log-verbose', (_event, enabled) => {
+  setLogVerbose(enabled);
+  logMarker('VERBOSE TOGGLE', { enabled: _logVerbose });
+  return { ok: true, verbose: _logVerbose };
+});
+
+ipcMain.handle('create-support-bundle', async () => {
+  const { dialog } = require('electron');
+  try {
+    if (_debugLogBuffer.length) {
+      try { fs.appendFileSync(getDebugLogPath(), _debugLogBuffer.join(''), 'utf-8'); _debugLogBuffer.length = 0; } catch {}
+    }
+    const stamp = new Date().toISOString().replace(/[:.]/g, '-').slice(0, 19);
+    const defaultName = `multi-hoster-support-${stamp}.txt`;
+    const desktop = (() => { try { return app.getPath('desktop'); } catch { return app.getPath('userData'); } })();
+    const res = await dialog.showSaveDialog(mainWindow || undefined, {
+      title: 'Diagnose-Paket speichern',
+      defaultPath: path.join(desktop, defaultName),
+      filters: [{ name: 'Text', extensions: ['txt'] }]
+    });
+    if (res.canceled || !res.filePath) return { ok: false, canceled: true };
+    const paths = getAllLogPaths();
+    const cfg = configStore.load();
+    const text = buildSupportBundleText({
+      header: {
+        App: app.getName(),
+        Version: app.getVersion(),
+        Electron: process.versions.electron,
+        Node: process.versions.node,
+        Chrome: process.versions.chrome,
+        Platform: process.platform,
+        Arch: process.arch,
+        OS: `${require('os').type()} ${require('os').release()}`,
+        Packaged: app.isPackaged,
+        Verbose: _logVerbose,
+        PID: process.pid,
+        CreatedAt: new Date().toISOString()
+      },
+      sanitizedConfig: sanitizeConfig(cfg),
+      files: [
+        { label: 'debug.log (last 5 MB)', path: paths.debug, maxBytes: 5 * 1024 * 1024 },
+        { label: 'account-rotation.log (last 2 MB)', path: paths.accountRotation, maxBytes: 2 * 1024 * 1024 },
+        { label: 'doodstream-debug.log (last 2 MB)', path: paths.doodstreamDebug, maxBytes: 2 * 1024 * 1024 },
+        { label: 'fileuploader.log (last 1 MB)', path: paths.fileuploader, maxBytes: 1 * 1024 * 1024 }
+      ]
+    });
+    fs.writeFileSync(res.filePath, text, 'utf-8');
+    logMarker('SUPPORT BUNDLE', { path: res.filePath, bytes: text.length });
+    return { ok: true, path: res.filePath, bytes: text.length };
+  } catch (err) {
+    debugLog(`create-support-bundle failed: ${err.message}`);
+    return { ok: false, error: err.message };
+  }
+});
+
 ipcMain.handle('open-log-folder', async () => {
  // Reveal the active log file (or its directory) in the OS file manager.
  // Prefers the configured log path, then the rotation log, then just the
@ -1462,12 +1750,19 @@ ipcMain.handle('export-backup', async () => {
  const { canceled, filePath } = await dialog.showSaveDialog(mainWindow, {
    title: 'Backup exportieren',
    defaultPath: `multi-hoster-backup-${new Date().toISOString().slice(0, 10)}.mhu`,
-    filters: [{ name: 'Multi-Hoster Backup', extensions: ['mhu'] }]
+    filters: [
+      { name: 'Multi-Hoster Backup (verschlüsselt)', extensions: ['mhu'] },
+      { name: 'Multi-Hoster Backup (Klartext JSON)', extensions: ['json'] }
+    ]
  });
  if (canceled || !filePath) return { ok: false, canceled: true };
  const config = configStore.load();
-  const encrypted = backupCrypto.encrypt(config);
-  fs.writeFileSync(filePath, encrypted);
+  if (filePath.toLowerCase().endsWith('.json')) {
+    fs.writeFileSync(filePath, JSON.stringify(config, null, 2), 'utf-8');
+  } else {
+    const encrypted = backupCrypto.encrypt(config);
+    fs.writeFileSync(filePath, encrypted);
+  }
  return { ok: true, path: filePath };
 });

@ -1479,7 +1774,11 @@ ipcMain.handle('import-backup', async (_event, legacyPassword) => {
  } else {
    const { canceled, filePaths } = await dialog.showOpenDialog(mainWindow, {
      title: 'Backup importieren',
-      filters: [{ name: 'Multi-Hoster Backup', extensions: ['mhu'] }],
+      filters: [
+        { name: 'Multi-Hoster Backup', extensions: ['mhu', 'json'] },
+        { name: 'Verschlüsselt (.mhu)', extensions: ['mhu'] },
+        { name: 'Klartext (.json)', extensions: ['json'] }
+      ],
      properties: ['openFile']
    });
    if (canceled || !filePaths.length) return { ok: false, canceled: true };
@ -1488,14 +1787,25 @@ ipcMain.handle('import-backup', async (_event, legacyPassword) => {
    _lastImportPath = sourcePath;
  }
  let imported;
-  try {
-    imported = backupCrypto.decrypt(buffer, legacyPassword);
-  } catch (err) {
-    if (err && err.needsPassword) {
-      return { ok: false, needsPassword: true };
+  const looksLikeJson = buffer.length >= 1 && (buffer[0] === 0x7B || buffer[0] === 0x20 || buffer[0] === 0x0A || buffer[0] === 0x0D || buffer[0] === 0x09 || buffer[0] === 0xEF);
+  if (looksLikeJson) {
+    try {
+      const text = buffer.toString('utf-8').replace(/^\uFEFF/, '');
+      imported = JSON.parse(text);
+    } catch (err) {
+      _lastImportPath = null;
+      return { ok: false, error: 'Klartext-Backup ist kein gültiges JSON: ' + (err.message || err) };
+    }
+  } else {
+    try {
+      imported = backupCrypto.decrypt(buffer, legacyPassword);
+    } catch (err) {
+      if (err && err.needsPassword) {
+        return { ok: false, needsPassword: true, hint: 'Falls dieses Backup mit der aktuellen Version erzeugt wurde, ist die Datei vermutlich beim Transfer beschädigt worden (z. B. FTP-Text-Modus). Versuch es mit einem Klartext-JSON-Export.' };
+      }
+      _lastImportPath = null;
+      throw err;
    }
-    _lastImportPath = null;
-    throw err;
  }
  _lastImportPath = null;
  // Validate imported data has required structure
--- a/package.json
+++ b/package.json
@ -1,6 +1,6 @@
 {
  "name": "multi-hoster-uploader",
-  "version": "3.3.34",
+  "version": "3.3.51",
  "description": "Upload files to doodstream, voe, vidmoly, byse simultaneously",
  "main": "main.js",
  "scripts": {
--- a/preload.js
+++ b/preload.js
@ -39,6 +39,7 @@ contextBridge.exposeInMainWorld('api', {
  addJobsToBatch: (payload) => ipcRenderer.invoke('add-jobs-to-batch', payload),
  finishAfterActive: () => ipcRenderer.invoke('finish-after-active'),
  runHealthCheck: (payload) => ipcRenderer.invoke('run-health-check', payload),
+  validateCredentials: (payload) => ipcRenderer.invoke('validate-credentials', payload),

  // Log import
  readOwnUploadLog: () => ipcRenderer.invoke('read-own-upload-log'),
@ -92,6 +93,9 @@ contextBridge.exposeInMainWorld('api', {
  onUploadProgress: (callback) => {
    ipcRenderer.on('upload-progress', (_event, data) => callback(data));
  },
+  onUploadProgressBatch: (callback) => {
+    ipcRenderer.on('upload-progress-batch', (_event, batch) => callback(batch));
+  },
  onUploadBatchDone: (callback) => {
    ipcRenderer.on('upload-batch-done', (_event, data) => callback(data));
  },
@ -109,6 +113,14 @@ contextBridge.exposeInMainWorld('api', {
  },
  openLogFolder: () => ipcRenderer.invoke('open-log-folder'),
  getJobLog: (jobId) => ipcRenderer.invoke('get-job-log', jobId),
+  getSessionFailedAccounts: () => ipcRenderer.invoke('get-session-failed-accounts'),
+  resetSessionFailedAccount: (payload) => ipcRenderer.invoke('reset-session-failed-account', payload),
+  resetAllSessionFailedAccounts: () => ipcRenderer.invoke('reset-all-session-failed-accounts'),
+  getLogPaths: () => ipcRenderer.invoke('get-log-paths'),
+  revealLogFile: (target) => ipcRenderer.invoke('reveal-log-file', target),
+  setLogVerbose: (enabled) => ipcRenderer.invoke('set-log-verbose', enabled),
+  createSupportBundle: () => ipcRenderer.invoke('create-support-bundle'),
+  getAppInfo: () => ipcRenderer.invoke('get-app-info'),
  onLogPathAutoUpdated: (callback) => {
    ipcRenderer.on('log-path-auto-updated', (_event, data) => callback(data));
  },
--- a/renderer/app.js
+++ b/renderer/app.js
--- a/renderer/index.html
+++ b/renderer/index.html
@ -93,6 +93,14 @@

        <div class="queue-actions" id="queueActions" style="display:none">
          <button class="btn btn-xs btn-primary" id="copyAllLinksBtn">Alle Links kopieren</button>
+          <select class="hs-input" id="linkExportFormat" title="Ausgabe-Format der kopierten Links" style="max-width:none;width:auto;min-width:130px">
+            <option value="plain">Plaintext</option>
+            <option value="bbcode">BBCode</option>
+            <option value="markdown">Markdown</option>
+            <option value="html">HTML</option>
+            <option value="csv">CSV</option>
+            <option value="json">JSON</option>
+          </select>
          <button class="btn btn-xs btn-secondary" id="retryFailedBtn" style="display:none">Fehlgeschlagene erneut</button>
          <button class="btn btn-xs btn-secondary" id="importLogBtn" title="Log importieren — bereits hochgeladene aus Queue entfernen">Log importieren</button>
        </div>
@ -187,6 +195,10 @@
          <label>Hoster</label>
          <select class="key-input" id="accountHosterSelect" style="max-width:300px"></select>
        </div>
+        <div class="settings-row">
+          <label>Label (optional)</label>
+          <input type="text" class="key-input" id="accField_label" placeholder="z.B. Hauptaccount, Premium, Kunde XY" maxlength="60">
+        </div>
        <div id="accountCredsFields"></div>
        <div class="account-modal-status" id="accountModalStatus"></div>
      </div>
@ -330,8 +342,26 @@
    </div>
  </div>

+  <div class="modal" id="batchSummaryModal" style="display:none">
+    <div class="modal-content" style="max-width:680px">
+      <div class="modal-header">
+        <h2>Batch-Zusammenfassung</h2>
+        <button class="icon-btn" id="batchSummaryClose" aria-label="Schließen">&times;</button>
+      </div>
+      <div class="modal-body">
+        <div id="batchSummaryList"></div>
+      </div>
+      <div class="modal-footer">
+        <button class="btn btn-secondary" id="batchSummaryRetryTransient">Transiente erneut hochladen</button>
+        <button class="btn btn-primary" id="batchSummaryRetryAll">Alle Fehler erneut versuchen</button>
+      </div>
+    </div>
+  </div>
+
  <script src="../lib/queue-prune.js"></script>
  <script src="../lib/queue-dedup.js"></script>
+  <script src="../lib/log-mode.js"></script>
+  <script src="../lib/stats.js"></script>
  <script src="../lib/throttled-cache.js"></script>
  <script src="../lib/coalesced-set.js"></script>
  <script src="app.js"></script>
--- a/renderer/styles.css
+++ b/renderer/styles.css
@ -727,6 +727,7 @@ body.col-resizing, body.col-resizing * { cursor: col-resize !important; user-sel
 }
 .key-input:focus, .hs-input:focus { border-color: var(--accent); outline: none; }
 .hs-input { max-width: 100px; }
+select.hs-input { max-width: none; width: auto; min-width: 140px; }
 .hint { font-size: 10px; color: var(--text-dim); }
 .settings-section-label {
  font-size: 10px;
@ -875,17 +876,96 @@ body.col-resizing, body.col-resizing * { cursor: col-resize !important; user-sel

 .account-hoster-group {
  margin-bottom: 12px;
+  border: 1px solid var(--border);
+  border-radius: 6px;
+  background: var(--bg-card);
+  overflow: hidden;
 }
+.account-hoster-group-header {
+  display: flex;
+  align-items: center;
+  gap: 8px;
+  padding: 8px 12px;
+  cursor: pointer;
+  user-select: none;
+  background: var(--bg-card);
+  transition: background 0.1s;
+}
+.account-hoster-group-header:hover { background: var(--bg-card-hover); }
 .account-hoster-group-title {
  font-size: 12px;
  font-weight: 600;
-  color: var(--text-muted);
+  color: var(--text);
  text-transform: uppercase;
  letter-spacing: 0.5px;
-  margin-bottom: 6px;
-  padding-left: 4px;
+  flex: 1;
+}
+.account-hoster-group-count {
+  font-size: 12px;
+  color: var(--text-muted);
+  font-variant-numeric: tabular-nums;
+}
+.account-hoster-group-meta {
+  font-size: 11px;
+  color: var(--text-muted);
+  padding: 1px 6px;
+  border-radius: 4px;
+  background: rgba(255,255,255,0.04);
+}
+.account-hoster-group-meta.error {
+  color: var(--danger, #e57373);
+  background: rgba(229, 115, 115, 0.12);
+}
+.account-session-paused {
+  display: inline-flex;
+  align-items: center;
+  gap: 4px;
+  font-size: 10px;
+  color: #f0c36c;
+  background: rgba(240, 195, 108, 0.12);
+  padding: 1px 6px;
+  border-radius: 4px;
+  margin-left: 6px;
+}
+.account-session-reactivate {
+  background: none;
+  border: none;
+  color: inherit;
+  cursor: pointer;
+  font-size: 12px;
+  line-height: 1;
+  padding: 0 2px;
+}
+.account-session-reactivate:hover { color: #fff; }
+.account-session-paused-card { opacity: 0.85; }
+.batch-cat {
+  margin-bottom: 10px;
+  padding: 6px 8px;
+  border-radius: 6px;
+  background: rgba(255,255,255,0.03);
+}
+.batch-cat-head { display: flex; align-items: center; gap: 8px; margin-bottom: 4px; font-size: 13px; }
+.batch-cat-count { color: var(--text-muted); font-variant-numeric: tabular-nums; }
+.batch-cat-tag { font-size: 10px; padding: 1px 6px; border-radius: 4px; background: rgba(255,255,255,0.06); color: var(--text-muted); }
+.batch-cat-tag.retryable { background: rgba(76, 175, 80, 0.18); color: #a5d6a7; }
+.batch-cat-list { margin: 0; padding-left: 18px; font-size: 11px; color: var(--text-muted); }
+.batch-cat-list em { color: var(--text-muted); font-style: italic; }
+.account-hoster-group-body {
+  padding: 8px;
+  border-top: 1px solid var(--border);
 }
 .account-hoster-group .account-card { margin-bottom: 4px; }
+.account-hoster-group .account-card:last-child { margin-bottom: 0; }
+.account-status-dot.status-ok { background: #4caf50; }
+.account-status-dot.status-error { background: #e57373; }
+.account-status-dot.status-checking { background: #f0c36c; }
+.account-status-dot.status-unchecked { background: #6c757d; }
+.account-hoster-group-header .account-status-dot {
+  width: 8px;
+  height: 8px;
+  border-radius: 50%;
+  display: inline-block;
+}

 .accounts-empty {
  text-align: center;
--- a/tasks/lessons.md
+++ b/tasks/lessons.md
@ -54,3 +54,11 @@
 **Fix:** Die offizielle doodapi.co JSON-API nutzen, wenn ein API-Key da ist — sie liefert result[0].filecode DIREKT in JSON (kein HTML-Formular) und nutzt einen persistenten api_key (kein alternder sess_id). Git-Historie: die API war der ORIGINAL-Pfad (initial commit); Web-Login kam später nur "als Alternative zum API-Key" — Key-Bevorzugung stellt also den gedachten Primärpfad wieder her, kämpft nicht gegen eine bewusste Entscheidung.
 **Regel:** Bei Hoster-Integrationen die offizielle API der Web-Scraping-Ebene vorziehen wo möglich. Empty-form/codeless-2xx = Hoster-Backend-Flake (hosterTransient), Account NICHT als tot markieren — auf BEIDEN Pfaden (Web + API) gleich klassifizieren.
 **Voraussetzung:** Engagiert nur wenn der Doodstream-Account einen gültigen API-Key hat (doodstream.com/settings). Keyless-Accounts bleiben beim Web-Pfad.
+
+## 2026-05-28 — Doodstream empty-form: live diagnosis confirmed API path is the fix
+**Verifiziert mit echtem Account-Key (read-only API-Calls):**
+- account/info → status 200, Key gültig, Storage unlimited. Premium ABGELAUFEN (2025-10-03) — Uploads gehen TROTZDEM.
+- upload/server → liefert gültigen Node (cv1130ed.cloudatacdn.com) auch ohne Premium → API-Upload-Pfad nutzbar.
+- file/list → 90.548 Dateien; Uploads landen server-seitig INTERMITTIEREND (viele Burn-Notice-Folgen genau im "Fehler"-Zeitfenster vorhanden). Das leere Formular ist also nicht "immer kaputt", sondern manchmal — der Web-Form-Registrierungs-Callback (fs-public.intconnect.net) timeoutet sporadisch.
+**Konsequenz:** API-Weg (result[0].filecode inline) umgeht den failenden Callback → richtiger Fix. file/list-Recovery ist NICHT tote Last (Dateien erscheinen ja) — aber bei 90k-Accounts MUSS man sort=created&order=desc erzwingen, sonst ist die frische Datei nicht auf Seite 1.
+**Regel:** Bei "geht manchmal/manchmal nicht" + Hoster mit offizieller API: erst per read-only API-Call (account/info, file/list) gegen den ECHTEN Account verifizieren statt am Client weiterzuraten. Das beendet Spekulations-Schleifen.
--- a/tests/config-store.test.js
+++ b/tests/config-store.test.js
@ -56,6 +56,28 @@ describe('ConfigStore', () => {
    assert.equal(config.hosters['doodstream.com'][0].apiKey, 'test-key-123');
  });

+  it('default logMode is "single"', () => {
+    const config = store.load();
+    assert.equal(config.globalSettings.logMode, 'single');
+  });
+
+  it('regression: legacy sessionLog:true on disk normalizes to logMode "daily" (NOT "session")', async () => {
+    // Write a config with the legacy boolean only (what an existing user has).
+    await store.save({ globalSettings: { sessionLog: true } });
+    const config = store.load();
+    // The misnamed legacy field MUST map to daily — mapping to "session" would
+    // silently change every per-day user's behaviour on upgrade.
+    assert.equal(config.globalSettings.logMode, 'daily');
+  });
+
+  it('logMode round-trips for all three values', async () => {
+    for (const mode of ['single', 'daily', 'session']) {
+      await store.save({ globalSettings: { logMode: mode } });
+      const config = store.load();
+      assert.equal(config.globalSettings.logMode, mode, `mode ${mode}`);
+    }
+  });
+
  it('load merges with defaults for missing hosters', () => {
    // Write partial config in old single-object format (triggers migration)
    fs.writeFileSync(store.filePath, JSON.stringify({
--- a/tests/file-probe.test.js
+++ b/tests/file-probe.test.js
@ -0,0 +1,100 @@
+const test = require('node:test');
+const assert = require('node:assert');
+const fs = require('fs');
+const os = require('os');
+const path = require('path');
+const { detectKind, isVideoLikeKind, probeFileHead, summarizeFileStat } = require('../lib/file-probe');
+
+function tmpWrite(name, buf) {
+  const p = path.join(os.tmpdir(), `mhu-probe-${Date.now()}-${name}`);
+  fs.writeFileSync(p, buf);
+  return p;
+}
+
+test('detectKind recognizes ISO-MP4 (ftyp box at offset 4)', () => {
+  const buf = Buffer.concat([Buffer.from([0x00, 0x00, 0x00, 0x20]), Buffer.from('ftypisom', 'ascii'), Buffer.alloc(8, 0)]);
+  assert.strictEqual(detectKind(buf), 'mp4-iso');
+  assert.strictEqual(isVideoLikeKind('mp4-iso'), true);
+});
+
+test('detectKind recognizes Matroska / WebM EBML header', () => {
+  const buf = Buffer.from([0x1A, 0x45, 0xDF, 0xA3, 0x01, 0x00]);
+  assert.strictEqual(detectKind(buf), 'matroska');
+  assert.strictEqual(isVideoLikeKind('matroska'), true);
+});
+
+test('detectKind recognizes AVI (RIFF...AVI )', () => {
+  const buf = Buffer.concat([Buffer.from('RIFF', 'ascii'), Buffer.from([0x00, 0x00, 0x00, 0x00]), Buffer.from('AVI ', 'ascii')]);
+  assert.strictEqual(detectKind(buf), 'avi');
+});
+
+test('detectKind recognizes FLV', () => {
+  const buf = Buffer.concat([Buffer.from('FLV', 'ascii'), Buffer.from([0x01])]);
+  assert.strictEqual(detectKind(buf), 'flv');
+});
+
+test('detectKind recognizes ASF (WMV)', () => {
+  const buf = Buffer.from([0x30, 0x26, 0xB2, 0x75, 0x00, 0x00]);
+  assert.strictEqual(detectKind(buf), 'asf-wmv');
+});
+
+test('detectKind recognizes MPEG-PS (00 00 01 BA)', () => {
+  const buf = Buffer.from([0x00, 0x00, 0x01, 0xBA, 0x00]);
+  assert.strictEqual(detectKind(buf), 'mpeg-ps');
+});
+
+test('detectKind recognizes JPEG (non-video)', () => {
+  const buf = Buffer.from([0xFF, 0xD8, 0xFF, 0xE0]);
+  assert.strictEqual(detectKind(buf), 'jpeg');
+  assert.strictEqual(isVideoLikeKind('jpeg'), false);
+});
+
+test('detectKind recognizes HTML response (non-video)', () => {
+  const buf = Buffer.from('<!DOCTYPE html><html><head>', 'ascii');
+  assert.strictEqual(detectKind(buf), 'html');
+  assert.strictEqual(isVideoLikeKind('html'), false);
+});
+
+test('detectKind returns empty for zero-length and unknown for noise', () => {
+  assert.strictEqual(detectKind(Buffer.alloc(0)), 'empty');
+  assert.strictEqual(detectKind(Buffer.from([0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF])), 'unknown');
+});
+
+test('probeFileHead reads first bytes and returns hex + kind for an MP4-like file', async () => {
+  const mp4Head = Buffer.concat([Buffer.from([0x00, 0x00, 0x00, 0x20]), Buffer.from('ftypisom', 'ascii'), Buffer.alloc(16, 0xAA)]);
+  const p = tmpWrite('fake.mp4', mp4Head);
+  try {
+    const res = await probeFileHead(p, 64);
+    assert.strictEqual(res.ok, true);
+    assert.strictEqual(res.kind, 'mp4-iso');
+    assert.strictEqual(res.isVideoLike, true);
+    assert.ok(res.headHex.startsWith('0000002066747970'));
+    assert.strictEqual(res.bytesRead, mp4Head.length);
+  } finally {
+    fs.unlinkSync(p);
+  }
+});
+
+test('probeFileHead returns ok:false with kind=unreadable for missing file', async () => {
+  const res = await probeFileHead(path.join(os.tmpdir(), `does-not-exist-${Date.now()}.mp4`), 32);
+  assert.strictEqual(res.ok, false);
+  assert.strictEqual(res.kind, 'unreadable');
+  assert.ok(res.error);
+});
+
+test('summarizeFileStat returns size + mtime for a real file', () => {
+  const p = tmpWrite('stat.bin', Buffer.alloc(123, 0xCC));
+  try {
+    const stat = summarizeFileStat(p);
+    assert.strictEqual(stat.size, 123);
+    assert.strictEqual(stat.isFile, true);
+    assert.ok(stat.mtime);
+  } finally {
+    fs.unlinkSync(p);
+  }
+});
+
+test('summarizeFileStat returns error for missing file', () => {
+  const stat = summarizeFileStat(path.join(os.tmpdir(), `does-not-exist-${Date.now()}.bin`));
+  assert.ok(stat.error);
+});
--- a/tests/log-mode.test.js
+++ b/tests/log-mode.test.js
@ -0,0 +1,140 @@
+const { test } = require('node:test');
+const assert = require('node:assert');
+const { normalizeLogMode, resolveLogFileName, formatDateStamp, formatSessionStamp } = require('../lib/log-mode');
+
+// --- normalizeLogMode ---
+
+test('normalizeLogMode: default for empty/null/undefined is "single"', () => {
+  assert.equal(normalizeLogMode(), 'single');
+  assert.equal(normalizeLogMode(null), 'single');
+  assert.equal(normalizeLogMode({}), 'single');
+});
+
+test('normalizeLogMode: explicit logMode wins for all three valid values', () => {
+  assert.equal(normalizeLogMode({ logMode: 'single' }), 'single');
+  assert.equal(normalizeLogMode({ logMode: 'daily' }), 'daily');
+  assert.equal(normalizeLogMode({ logMode: 'session' }), 'session');
+});
+
+test('regression: legacy sessionLog:true maps to "daily", NOT "session"', () => {
+  // The legacy boolean field was named after a misnomer — it actually toggled
+  // per-day logging. Mapping it to "session" would silently flip every existing
+  // per-day user onto per-session, which is exactly the bug the migration trap
+  // exists to prevent.
+  assert.equal(normalizeLogMode({ sessionLog: true }), 'daily');
+});
+
+test('normalizeLogMode: sessionLog:false / missing maps to "single"', () => {
+  assert.equal(normalizeLogMode({ sessionLog: false }), 'single');
+});
+
+test('normalizeLogMode: explicit logMode beats the legacy sessionLog field', () => {
+  // Once a user picks a mode in 3.3.35+, the legacy boolean must NOT override.
+  assert.equal(normalizeLogMode({ logMode: 'session', sessionLog: true }), 'session');
+  assert.equal(normalizeLogMode({ logMode: 'single', sessionLog: true }), 'single');
+});
+
+test('normalizeLogMode: invalid logMode strings fall through to single (or legacy if present)', () => {
+  assert.equal(normalizeLogMode({ logMode: 'lolnope' }), 'single');
+  assert.equal(normalizeLogMode({ logMode: '' }), 'single');
+  assert.equal(normalizeLogMode({ logMode: 'lolnope', sessionLog: true }), 'daily');
+});
+
+// --- resolveLogFileName ---
+
+test('resolveLogFileName: single mode → bare basename + ext', () => {
+  assert.equal(
+    resolveLogFileName({ baseName: 'fileuploader', ext: '.log', mode: 'single' }),
+    'fileuploader.log'
+  );
+});
+
+test('resolveLogFileName: daily mode → fileuploader-YYYY-MM-DD.log', () => {
+  const d = new Date(2026, 4, 28); // May 28, 2026 — month is 0-indexed
+  assert.equal(
+    resolveLogFileName({ baseName: 'fileuploader', ext: '.log', mode: 'daily', date: d }),
+    'fileuploader-2026-05-28.log'
+  );
+});
+
+test('resolveLogFileName: session mode → fileuploader-session-<id>.log', () => {
+  assert.equal(
+    resolveLogFileName({ baseName: 'fileuploader', ext: '.log', mode: 'session', sessionId: '2026-05-28_22-44-52-12345' }),
+    'fileuploader-session-2026-05-28_22-44-52-12345.log'
+  );
+});
+
+test('resolveLogFileName: session mode with missing sessionId falls back to single (never emits malformed name)', () => {
+  assert.equal(
+    resolveLogFileName({ baseName: 'fileuploader', ext: '.log', mode: 'session' }),
+    'fileuploader.log'
+  );
+});
+
+test('resolveLogFileName: unknown mode is treated as single', () => {
+  assert.equal(
+    resolveLogFileName({ baseName: 'fileuploader', ext: '.log', mode: 'lolnope' }),
+    'fileuploader.log'
+  );
+});
+
+// --- stripModeStampFromFileName ---
+
+const { stripModeStampFromFileName } = require('../lib/log-mode');
+
+test('stripModeStampFromFileName: leaves bare names alone', () => {
+  assert.equal(stripModeStampFromFileName('fileuploader.log'), 'fileuploader.log');
+  assert.equal(stripModeStampFromFileName('fileuploader'), 'fileuploader');
+});
+
+test('stripModeStampFromFileName: strips a daily YYYY-MM-DD suffix', () => {
+  assert.equal(stripModeStampFromFileName('fileuploader-2026-06-03.log'), 'fileuploader.log');
+});
+
+test('stripModeStampFromFileName: strips a session-stamp suffix (with and without pid)', () => {
+  assert.equal(
+    stripModeStampFromFileName('fileuploader-session-2026-06-03_18-16-20-8132.log'),
+    'fileuploader.log'
+  );
+  assert.equal(
+    stripModeStampFromFileName('fileuploader-session-2026-06-03_18-16-20.log'),
+    'fileuploader.log'
+  );
+});
+
+test('regression: resolveLogFileName(stripModeStampFromFileName(...)) is idempotent — persisting then re-resolving never compounds stamps', () => {
+  // This is the exact bug shape: persist the resolved path, then on next call
+  // re-resolve from the saved base — must produce the same file, not a doubled
+  // session-stamped one. The fix is the strip; this test guards against
+  // regressing _persistFallbackLogPath into the 3.3.35 bug.
+  const sessionId = '2026-06-03_18-16-20-8132';
+  const dailyDate = new Date(2026, 5, 3);
+  for (const mode of ['daily', 'session']) {
+    const date = mode === 'daily' ? dailyDate : new Date();
+    const initial = resolveLogFileName({ baseName: 'fileuploader', ext: '.log', mode, date, sessionId });
+    const stripped = stripModeStampFromFileName(initial);
+    // After strip, the base should be back to the bare name.
+    assert.equal(stripped, 'fileuploader.log', `${mode}: strip should produce bare base`);
+    // Re-resolving from the bare base gives the same final filename — no doubling.
+    const reBase = stripped.replace(/\.log$/, '');
+    const second = resolveLogFileName({ baseName: reBase, ext: '.log', mode, date, sessionId });
+    assert.equal(second, initial, `${mode}: round-trip must be idempotent`);
+  }
+});
+
+// --- format helpers ---
+
+test('formatDateStamp: zero-pads month and day', () => {
+  assert.equal(formatDateStamp(new Date(2026, 0, 3)), '2026-01-03');
+  assert.equal(formatDateStamp(new Date(2026, 11, 31)), '2026-12-31');
+});
+
+test('formatSessionStamp: produces YYYY-MM-DD_HH-MM-SS-pid', () => {
+  const d = new Date(2026, 4, 28, 7, 9, 5);
+  assert.equal(formatSessionStamp(d, 12345), '2026-05-28_07-09-05-12345');
+});
+
+test('formatSessionStamp: omits the pid suffix when none provided', () => {
+  const d = new Date(2026, 4, 28, 22, 44, 52);
+  assert.equal(formatSessionStamp(d), '2026-05-28_22-44-52');
+});
--- a/tests/stats.test.js
+++ b/tests/stats.test.js
@ -0,0 +1,132 @@
+const test = require('node:test');
+const assert = require('node:assert');
+const {
+  summarizePerHoster,
+  classifyErrorCategory,
+  summarizeBatchErrors,
+  isRetryableCategory
+} = require('../lib/stats');
+
+function makeBatch(timestamp, results) {
+  return {
+    id: 'b-' + timestamp,
+    timestamp: new Date(timestamp).toISOString(),
+    files: [{ name: 'foo.mp4', size: 1, results }]
+  };
+}
+
+test('summarizePerHoster counts ok and fail per hoster across all batches', () => {
+  const history = [
+    makeBatch(1, [
+      { hoster: 'voe.sx', status: 'done' },
+      { hoster: 'byse.sx', status: 'error', error: 'Not video file format' }
+    ]),
+    makeBatch(2, [
+      { hoster: 'voe.sx', status: 'done' },
+      { hoster: 'voe.sx', status: 'error', error: 'CSRF' },
+      { hoster: 'byse.sx', status: 'done' }
+    ])
+  ];
+  const s = summarizePerHoster(history);
+  assert.strictEqual(s['voe.sx'].ok, 2);
+  assert.strictEqual(s['voe.sx'].fail, 1);
+  assert.strictEqual(s['voe.sx'].total, 3);
+  assert.strictEqual(Math.round(s['voe.sx'].rate * 100), 67);
+  assert.strictEqual(s['byse.sx'].ok, 1);
+  assert.strictEqual(s['byse.sx'].fail, 1);
+  assert.strictEqual(s['byse.sx'].rate, 0.5);
+});
+
+test('summarizePerHoster honors sinceMs cutoff', () => {
+  const history = [
+    makeBatch(1000, [{ hoster: 'voe.sx', status: 'done' }]),
+    makeBatch(5000, [{ hoster: 'voe.sx', status: 'error', error: 'x' }])
+  ];
+  const s = summarizePerHoster(history, { sinceMs: 3000 });
+  assert.strictEqual(s['voe.sx'].ok, 0);
+  assert.strictEqual(s['voe.sx'].fail, 1);
+});
+
+test('summarizePerHoster honors lastNBatches (newest first)', () => {
+  const history = [
+    makeBatch(1000, [{ hoster: 'voe.sx', status: 'done' }]),
+    makeBatch(2000, [{ hoster: 'voe.sx', status: 'done' }]),
+    makeBatch(3000, [{ hoster: 'voe.sx', status: 'error', error: 'x' }])
+  ];
+  const s = summarizePerHoster(history, { lastNBatches: 1 });
+  assert.strictEqual(s['voe.sx'].ok, 0);
+  assert.strictEqual(s['voe.sx'].fail, 1);
+});
+
+test('summarizePerHoster handles empty / malformed input', () => {
+  assert.deepStrictEqual(summarizePerHoster(null), {});
+  assert.deepStrictEqual(summarizePerHoster([]), {});
+  assert.deepStrictEqual(summarizePerHoster([{ id: 'x', files: null }]), {});
+});
+
+test('classifyErrorCategory: file-rejected phrases', () => {
+  assert.strictEqual(classifyErrorCategory('Byse lehnte Datei ab: Not video file format'), 'file-rejected');
+  assert.strictEqual(classifyErrorCategory('Duplicate file already exists'), 'file-rejected');
+  assert.strictEqual(classifyErrorCategory('Datei zu groß (Max: 5 GB)'), 'file-rejected');
+});
+
+test('classifyErrorCategory: account-error phrases', () => {
+  assert.strictEqual(classifyErrorCategory('Quota exceeded'), 'account-error');
+  assert.strictEqual(classifyErrorCategory('account banned'), 'account-error');
+  assert.strictEqual(classifyErrorCategory('not enough disk space'), 'account-error');
+});
+
+test('classifyErrorCategory: hoster-transient phrases', () => {
+  assert.strictEqual(classifyErrorCategory('CSRF-Token nicht gefunden'), 'hoster-transient');
+  assert.strictEqual(classifyErrorCategory('Kein Upload-Server erhalten: server busy'), 'hoster-transient');
+  assert.strictEqual(classifyErrorCategory('Kein Filecode'), 'hoster-transient');
+});
+
+test('classifyErrorCategory: network phrases', () => {
+  assert.strictEqual(classifyErrorCategory('socket hang up'), 'network');
+  assert.strictEqual(classifyErrorCategory('fetch failed'), 'network');
+  assert.strictEqual(classifyErrorCategory('Timeout while reading'), 'network');
+});
+
+test('classifyErrorCategory: aborted is its own bucket (not retryable)', () => {
+  assert.strictEqual(classifyErrorCategory('Abgebrochen'), 'aborted');
+  assert.strictEqual(isRetryableCategory('aborted'), false);
+});
+
+test('classifyErrorCategory: unknown for everything else', () => {
+  assert.strictEqual(classifyErrorCategory(''), 'unknown');
+  assert.strictEqual(classifyErrorCategory(null), 'unknown');
+  assert.strictEqual(classifyErrorCategory('Some weird thing'), 'unknown');
+});
+
+test('summarizeBatchErrors buckets results by category', () => {
+  const summary = {
+    files: [
+      { name: 'a.mp4', results: [
+        { hoster: 'voe.sx', status: 'done' },
+        { hoster: 'byse.sx', status: 'error', error: 'Not video file format' }
+      ] },
+      { name: 'b.mp4', results: [
+        { hoster: 'voe.sx', status: 'error', error: 'CSRF' },
+        { hoster: 'doodstream.com', status: 'error', error: 'socket hang up' }
+      ] }
+    ]
+  };
+  const buckets = summarizeBatchErrors(summary);
+  assert.strictEqual(buckets['file-rejected'].length, 1);
+  assert.strictEqual(buckets['file-rejected'][0].hoster, 'byse.sx');
+  assert.strictEqual(buckets['hoster-transient'].length, 1);
+  assert.strictEqual(buckets['hoster-transient'][0].hoster, 'voe.sx');
+  assert.strictEqual(buckets['network'].length, 1);
+  assert.strictEqual(buckets['network'][0].hoster, 'doodstream.com');
+  assert.strictEqual(buckets['account-error'].length, 0);
+});
+
+test('isRetryableCategory: only transient + network + unknown retry-worthy', () => {
+  assert.strictEqual(isRetryableCategory('hoster-transient'), true);
+  assert.strictEqual(isRetryableCategory('network'), true);
+  assert.strictEqual(isRetryableCategory('unknown'), true);
+  assert.strictEqual(isRetryableCategory('file-rejected'), false);
+  assert.strictEqual(isRetryableCategory('account-error'), false);
+  assert.strictEqual(isRetryableCategory('aborted'), false);
+});
--- a/tests/support-bundle.test.js
+++ b/tests/support-bundle.test.js
@ -0,0 +1,94 @@
+const test = require('node:test');
+const assert = require('node:assert');
+const fs = require('fs');
+const os = require('os');
+const path = require('path');
+const { sanitizeConfig, collectFile, buildSupportBundleText, REDACTED } = require('../lib/support-bundle');
+
+test('sanitizeConfig redacts known credential keys at any nesting depth', () => {
+  const input = {
+    hosters: {
+      'voe.sx': [{ username: 'u', password: 'p1', apiKey: 'k1', enabled: true }],
+      'byse.sx': [{ apiKey: 'k2' }, { apiKey: 'k3', token: 't1', label: 'main' }]
+    },
+    globalSettings: { remote: { token: 'remT' }, scramble: { active: false } }
+  };
+  const out = sanitizeConfig(input);
+  assert.strictEqual(out.hosters['voe.sx'][0].password, REDACTED);
+  assert.strictEqual(out.hosters['voe.sx'][0].apiKey, REDACTED);
+  assert.strictEqual(out.hosters['voe.sx'][0].username, 'u');
+  assert.strictEqual(out.hosters['voe.sx'][0].enabled, true);
+  assert.strictEqual(out.hosters['byse.sx'][1].apiKey, REDACTED);
+  assert.strictEqual(out.hosters['byse.sx'][1].token, REDACTED);
+  assert.strictEqual(out.hosters['byse.sx'][1].label, 'main');
+  assert.strictEqual(out.globalSettings.remote.token, REDACTED);
+});
+
+test('sanitizeConfig does not mutate input', () => {
+  const input = { hosters: { 'voe.sx': [{ password: 'secret' }] } };
+  const clone = JSON.parse(JSON.stringify(input));
+  sanitizeConfig(input);
+  assert.deepStrictEqual(input, clone);
+});
+
+test('sanitizeConfig leaves empty/missing credentials alone', () => {
+  const input = { hosters: { 'voe.sx': [{ password: '', apiKey: null }] } };
+  const out = sanitizeConfig(input);
+  assert.strictEqual(out.hosters['voe.sx'][0].password, '');
+  assert.strictEqual(out.hosters['voe.sx'][0].apiKey, null);
+});
+
+test('sanitizeConfig handles null/undefined input', () => {
+  assert.strictEqual(sanitizeConfig(null), null);
+  assert.strictEqual(sanitizeConfig(undefined), undefined);
+});
+
+test('collectFile tails when file exceeds maxBytes', () => {
+  const tmp = path.join(os.tmpdir(), `mhu-bundle-${Date.now()}.log`);
+  const bigLine = 'x'.repeat(1000) + '\n';
+  fs.writeFileSync(tmp, bigLine.repeat(100));
+  try {
+    const section = collectFile(tmp, 'big.log', 5000);
+    assert.match(section, /truncated: skipped first \d+ bytes/);
+    assert.ok(section.length < bigLine.length * 100, 'section should be truncated');
+  } finally {
+    fs.unlinkSync(tmp);
+  }
+});
+
+test('collectFile returns placeholder for missing file', () => {
+  const section = collectFile(path.join(os.tmpdir(), `does-not-exist-${Date.now()}.log`), 'missing');
+  assert.match(section, /<file does not exist yet>/);
+});
+
+test('collectFile returns placeholder for null path', () => {
+  const section = collectFile(null, 'no-path');
+  assert.match(section, /<no path configured>/);
+});
+
+test('buildSupportBundleText produces structured output with header + config + file sections', () => {
+  const tmp = path.join(os.tmpdir(), `mhu-bundle-text-${Date.now()}.log`);
+  fs.writeFileSync(tmp, 'line one\nline two\n');
+  try {
+    const text = buildSupportBundleText({
+      header: { Version: '3.3.41', Platform: 'win32' },
+      sanitizedConfig: { hosters: { 'voe.sx': [{ apiKey: '<redacted>' }] } },
+      files: [{ label: 'debug.log', path: tmp }]
+    });
+    assert.match(text, /^=== Multi-Hoster-Upload Support Bundle ===/);
+    assert.match(text, /Version: 3\.3\.41/);
+    assert.match(text, /Platform: win32/);
+    assert.match(text, /=== Config \(sanitized/);
+    assert.match(text, /"apiKey": "<redacted>"/);
+    assert.match(text, /=== debug\.log/);
+    assert.match(text, /line one\nline two/);
+  } finally {
+    fs.unlinkSync(tmp);
+  }
+});
+
+test('buildSupportBundleText handles empty file list and missing header', () => {
+  const text = buildSupportBundleText({ sanitizedConfig: {}, files: [] });
+  assert.match(text, /=== Multi-Hoster-Upload Support Bundle ===/);
+  assert.match(text, /=== Config/);
+});
--- a/tests/upload-manager.test.js
+++ b/tests/upload-manager.test.js
@ -31,6 +31,7 @@ describe('UploadManager', () => {
    const origRequire = module.constructor.prototype.require;
    const hosters = require('../lib/hosters');
    hosters.uploadFile = mockUploadFile;
+    hosters.prefetchBaseline = async () => null;

    // Mock fs.statSync for test file paths
    const fs = require('fs');
@ -55,8 +56,8 @@ describe('UploadManager', () => {
    ]);

    const statuses = events.map(e => e.status);
-    assert.ok(statuses.includes('queued'), 'should have queued status');
    assert.ok(statuses.includes('done'), 'should have done status');
+    assert.ok(events.length > 0, 'should emit at least one progress event');
  });

  it('emits batch-done with correct summary', async () => {
--- a/tests/validate-credentials.test.js
+++ b/tests/validate-credentials.test.js
@ -0,0 +1,195 @@
+// Pure unit tests for the validate-credentials shape contract — does NOT spin
+// up Electron or the real per-hoster checkers. Those need network. We verify
+// the SHAPE the ephemeral hosterConfig is built into (which the per-hoster
+// checkers consume) plus the snapshot-key/invalidation invariants that the
+// renderer relies on to enforce "validated creds only".
+//
+// The three assertions the advisor called out as the regression guard for the
+// user's "mehrfach angelegt" complaint:
+//   (a) failed validation persists nothing to config.hosters
+//   (b) a second "Anlegen" click with the guard set persists exactly one entry
+//   (c) OTP-required path persists nothing
+// are exercised at the state-machine level by simulating the renderer's logic
+// (re-implemented here as pure functions for testability — the real ones live
+// in renderer/app.js which can't run under node:test).
+
+const { test } = require('node:test');
+const assert = require('node:assert');
+
+// ---- Re-implementations of the renderer's pure helpers ----
+// These mirror the production code exactly so the tests serve as both a guard
+// and executable spec for what saveAccount() must do.
+
+function credsSnapshotKey(authType, creds) {
+  if (authType === 'login') return `login:${creds.username || ''}:${creds.password || ''}`;
+  return `api:${creds.apiKey || ''}`;
+}
+
+function buildEphemeralHosterConfig(payload) {
+  return {
+    username: payload.username || '',
+    password: payload.password || '',
+    apiKey: payload.apiKey || '',
+    enabled: true
+  };
+}
+
+// State-machine simulator that mirrors saveAccount() WITHOUT DOM/IPC.
+function makeStateMachine({ validateImpl, persistImpl }) {
+  let busy = false;
+  let validated = null; // { hosterName, authType, snapshot, status }
+  const log = []; // log of every persist call, for assertions
+
+  async function click(ctx, creds, otp = '') {
+    if (busy) { log.push({ type: 'click-ignored-busy' }); return; }
+    const snapshot = credsSnapshotKey(ctx.authType, creds);
+
+    // STEP 2: commit if validated matches.
+    if (validated &&
+        validated.hosterName === ctx.hosterName &&
+        validated.authType === ctx.authType &&
+        validated.snapshot === snapshot) {
+      busy = true;
+      try {
+        await persistImpl(ctx, creds);
+        log.push({ type: 'persisted', accountId: ctx.accountId || `${ctx.hosterName}-NEW` });
+      } finally { busy = false; }
+      return;
+    }
+
+    // STEP 1: ephemeral validate.
+    busy = true;
+    let row;
+    try {
+      row = await validateImpl({ hoster: ctx.hosterName, authType: ctx.authType, ...creds, otp });
+    } finally { busy = false; }
+    if (row && (row.status === 'ok' || row.status === 'warn')) {
+      validated = { hosterName: ctx.hosterName, authType: ctx.authType, snapshot, status: row.status };
+      log.push({ type: 'validated', status: row.status });
+      return;
+    }
+    if (row && row.status === 'otp_required') {
+      log.push({ type: 'otp-required' });
+      return;
+    }
+    log.push({ type: 'validation-failed', message: row && row.message });
+  }
+
+  function editField() { validated = null; log.push({ type: 'invalidated-by-edit' }); }
+  return { click, editField, log: () => log.slice(), getValidated: () => validated };
+}
+
+// ---- Tests ----
+
+test('regression (a): failed validation persists NOTHING to config.hosters', async () => {
+  const persistCalls = [];
+  const sm = makeStateMachine({
+    validateImpl: async () => ({ status: 'error', message: 'Falsches Passwort' }),
+    persistImpl: async (ctx, creds) => persistCalls.push({ ctx, creds })
+  });
+  await sm.click({ hosterName: 'doodstream.com', authType: 'login', isEdit: false }, { username: 'u', password: 'wrong' });
+  assert.equal(persistCalls.length, 0, 'no persist should happen on failed validation');
+  assert.equal(sm.getValidated(), null);
+  assert.deepEqual(sm.log().map(e => e.type), ['validation-failed']);
+});
+
+test('regression (b): second click with guard set persists exactly ONE entry — no duplication', async () => {
+  const persistCalls = [];
+  let validateCount = 0;
+  const sm = makeStateMachine({
+    validateImpl: async () => { validateCount++; return { status: 'ok' }; },
+    persistImpl: async (ctx, creds) => persistCalls.push({ ctx, creds })
+  });
+  const ctx = { hosterName: 'doodstream.com', authType: 'login', isEdit: false };
+  const creds = { username: 'u', password: 'p' };
+  // Click 1 = validate → green.
+  await sm.click(ctx, creds);
+  // Click 2 = commit (same creds, validated snapshot matches).
+  await sm.click(ctx, creds);
+  // Click 3 = guard prevents a second commit because after persistImpl the
+  // state-machine in real code closes the modal. In this simulator the
+  // validated snapshot is still set — but a real double-click WHILE persistImpl
+  // is in flight would be caught by busy. Simulate that:
+  const sm2 = makeStateMachine({
+    validateImpl: async () => ({ status: 'ok' }),
+    persistImpl: () => new Promise(r => setTimeout(() => { persistCalls.push('slow'); r(); }, 30))
+  });
+  await sm2.click(ctx, creds); // validate
+  const p1 = sm2.click(ctx, creds); // start commit
+  const p2 = sm2.click(ctx, creds); // racing click — must be ignored
+  await Promise.all([p1, p2]);
+
+  assert.equal(persistCalls.length, 2, 'one persist from the deliberate two-step flow + one from sm2; racing click ignored');
+  assert.equal(validateCount, 1, 'second click reused the validated snapshot — no re-validate');
+  // The racing click MUST have been ignored by the busy guard.
+  assert.ok(sm2.log().some(e => e.type === 'click-ignored-busy'), 'busy guard fired on racing click');
+});
+
+test('regression (c): OTP-required persists NOTHING — and a follow-up click with OTP re-validates ephemerally', async () => {
+  const persistCalls = [];
+  let calls = 0;
+  const sm = makeStateMachine({
+    validateImpl: async (payload) => {
+      calls++;
+      if (!payload.otp) return { status: 'otp_required', message: 'OTP sent' };
+      if (payload.otp === '123456') return { status: 'ok' };
+      return { status: 'error', message: 'Bad OTP' };
+    },
+    persistImpl: async (ctx, creds) => persistCalls.push({ ctx, creds })
+  });
+  const ctx = { hosterName: 'doodstream.com', authType: 'login', isEdit: false };
+  const creds = { username: 'u', password: 'p' };
+  await sm.click(ctx, creds, '');         // first click → otp_required
+  await sm.click(ctx, creds, '123456');   // retry with otp → ok
+  await sm.click(ctx, creds);             // final click → commit
+  assert.equal(persistCalls.length, 1, 'exactly one persist after OTP confirmed');
+  assert.equal(calls, 2, 'validate ran twice (initial + OTP) before commit');
+  assert.deepEqual(
+    sm.log().map(e => e.type),
+    ['otp-required', 'validated', 'persisted']
+  );
+});
+
+test('field edit after green check invalidates the snapshot — next click is a re-Prüfen, not a commit', async () => {
+  const persistCalls = [];
+  let validateCount = 0;
+  const sm = makeStateMachine({
+    validateImpl: async () => { validateCount++; return { status: 'ok' }; },
+    persistImpl: async (ctx, creds) => persistCalls.push({ ctx, creds })
+  });
+  const ctx = { hosterName: 'doodstream.com', authType: 'login', isEdit: false };
+  await sm.click(ctx, { username: 'u', password: 'p' });   // validate → green
+  sm.editField();                                           // user edits cred field → snapshot dropped
+  await sm.click(ctx, { username: 'u', password: 'newpw' }); // creds differ → re-validate
+  await sm.click(ctx, { username: 'u', password: 'newpw' }); // now commit the NEW creds
+  assert.equal(persistCalls.length, 1, 'one persist of the new (re-validated) creds');
+  assert.equal(persistCalls[0].creds.password, 'newpw', 'persisted creds match the re-validated set');
+  assert.equal(validateCount, 2, 'second validate was forced by the edit-induced invalidation');
+});
+
+test('snapshot key is identical for same creds and DIFFERENT for any cred change (excluding label)', () => {
+  // Label changes must NOT invalidate validation — label is metadata, not a credential.
+  assert.equal(credsSnapshotKey('login', { username: 'u', password: 'p' }),
+               credsSnapshotKey('login', { username: 'u', password: 'p', label: 'XYZ' }));
+  assert.notEqual(credsSnapshotKey('login', { username: 'u', password: 'p' }),
+                  credsSnapshotKey('login', { username: 'u', password: 'P' })); // password char-case
+  assert.notEqual(credsSnapshotKey('login', { username: 'u', password: 'p' }),
+                  credsSnapshotKey('login', { username: 'U', password: 'p' })); // username diff
+  assert.equal(credsSnapshotKey('api', { apiKey: 'KEY' }),
+               credsSnapshotKey('api', { apiKey: 'KEY', label: 'mein key' }));
+  assert.notEqual(credsSnapshotKey('api', { apiKey: 'KEY' }),
+                  credsSnapshotKey('api', { apiKey: 'KEY2' }));
+});
+
+test('ephemeral hosterConfig shape matches what per-hoster checkers expect', () => {
+  // The per-hoster checkers in main.js read .username/.password/.apiKey directly.
+  // This guards the validate-credentials IPC contract from drifting.
+  const cfg = buildEphemeralHosterConfig({ hoster: 'doodstream.com', username: 'u', password: 'p' });
+  assert.equal(cfg.username, 'u');
+  assert.equal(cfg.password, 'p');
+  assert.equal(cfg.apiKey, '');
+  assert.equal(cfg.enabled, true);
+  const cfg2 = buildEphemeralHosterConfig({ hoster: 'byse.sx', apiKey: 'K' });
+  assert.equal(cfg2.apiKey, 'K');
+  assert.equal(cfg2.username, '');
+});
Author	SHA1	Message	Date
Administrator	d159ac484a	release: v3.3.51	2026-06-08 19:22:54 +02:00
Administrator	f4b5fadc5f	fix(ui): first click on sort header sets default direction instead of toggling	2026-06-08 19:22:29 +02:00
Administrator	169817f707	release: v3.3.50	2026-06-08 14:20:16 +02:00
Administrator	1418c2bc17	feat(backup): plain JSON export/import + clearer error when decrypt fails	2026-06-08 14:19:47 +02:00
Administrator	8d33141294	release: v3.3.49	2026-06-08 03:04:25 +02:00
Administrator	35341b522a	fix(accounts): allow health check during active uploads + toast when already running	2026-06-08 03:04:00 +02:00
Administrator	f9aa7f4168	release: v3.3.48	2026-06-08 01:30:19 +02:00
Administrator	d9199f8aaf	fix(perf): chunked startBatch + async rotLog — kill remaining 30s freeze on 5k+ jobs	2026-06-08 01:29:31 +02:00
Administrator	ba4642e09a	release: v3.3.47	2026-06-07 21:11:53 +02:00
Administrator	d59c5c1df8	perf: per-batch baseline cache, async folder walk, history-table fast path, progress IPC batching	2026-06-07 21:11:04 +02:00
Administrator	4bb18f7abc	release: v3.3.46	2026-06-07 20:59:34 +02:00
Administrator	125e5f55ea	fix(perf): kill per-progress renderer-to-main IPC + drop redundant queued emit + cache fileSize	2026-06-07 20:59:07 +02:00
Administrator	79fe3037eb	release: v3.3.45	2026-06-07 20:41:25 +02:00
Administrator	d280765feb	fix(perf): freeze on Start with 2000+ jobs — gate probe + rot-log behind semaphore	2026-06-07 20:40:55 +02:00
Administrator	b0b86e5016	release: v3.3.44	2026-06-07 20:33:07 +02:00
Administrator	cf35f4401d	feat(ui): per-hoster success rate, session-paused badge, post-batch retry, link export formats	2026-06-07 20:32:35 +02:00
Administrator	98eba0447d	release: v3.3.43	2026-06-07 18:50:24 +02:00
Administrator	5fb313273d	feat(diagnostics): file-format probe + structured upload-start/failure rot-log	2026-06-07 18:49:54 +02:00
Administrator	c44dde5396	release: v3.3.42	2026-06-07 16:35:19 +02:00
Administrator	f42c55c521	feat(diagnostics): log levels, support bundle export, verbose toggle, log paths panel	2026-06-07 16:34:51 +02:00
Administrator	9af65ce2a9	release: v3.3.41	2026-06-07 04:49:43 +02:00
Administrator	4f41218a92	fix(ui): log mode select no longer truncates 'Pro Session'	2026-06-07 04:49:16 +02:00
Administrator	32d35fe336	release: v3.3.40	2026-06-07 04:41:18 +02:00
Administrator	ce0bbb8b7e	fix(ui): no group auto-expand while checking; only on actual error	2026-06-07 04:40:52 +02:00
Administrator	89d29c7a2a	chore(gitignore): exclude electron-config + logs from tracking	2026-06-07 04:27:43 +02:00
Administrator	a97fe69cff	release: v3.3.39	2026-06-07 03:28:42 +02:00
Administrator	2e8e8a3819	fix(accounts): VOE CSRF burst-throttle + collapsible per-hoster groups User reported two coupled issues in the accounts panel: - "VOE Upload: CSRF-Token nicht gefunden. Bist du eingeloggt?" fires intermittently across multiple VOE accounts when "Accounts prüfen" runs. Each retry "fixes" one and breaks another — classic anti-bot burst response. - The flat badge strip becomes unreadable with many accounts; user wants collapsible per-hoster groups with "N/M" headers and green/red indicators, click to expand to per-account detail. DISCRIMINATOR CHECK (cheap before serializing): grep'd lib/voe-upload.js for module-level state — none. Each new VoeUploader() carries its own cookie Map. Burst-throttle on VOE's side is the only plausible root cause. CONCURRENCY FIX in main.js runHosterHealthCheck: - Group checks by hoster, run each hoster's group SEQUENTIALLY, groups in parallel (Promise.all of sequential runners). Cross-hoster parallelism preserved; intra-hoster bursts eliminated. - Result array preserves input order via a result-index map. - Hardening per review: dedup duplicate {hoster, accountId} entries before grouping (no wasted API calls if a caller ever sends duplicates), and entries missing accountId now return a clean "Account-ID fehlt" error instead of silently calling per-hoster checker with null config. - Validate-credentials and checkSingleAccount paths unchanged (single-check payloads run the same way regardless). - Latency trade-off acknowledged: 5 VOE accounts ~5x faster path → up to 25s for that hoster's column. That's the cost for reliability; the user's alternative was 0/5 working on burst-failed runs. UI FIX in renderer: - New _buildAccountHosterGroupHtml emits a collapsible per-hoster group reusing the existing .hoster-panel-header / .panel-arrow CSS pattern. - Header shows "VOE 4/5" (ok-count / total-accounts), a green/red/amber/gray status dot, plus pills for "N deaktiviert" and "N Fehler". - Default: auto-expand any hoster with errors, checking, or unchecked accounts; collapse all-green. - Open-state memory tracks user clicks. Per review: also tracks errorsAtClose snapshot so a NEW failure since the user's close forces re-expand once. Prevents the "I closed it once and now silent failures hide forever" risk. - Single-card updates also refresh the parent group's header counter via _refreshHosterGroupHeader. - Flat badge strip in renderHealthCheckResults is now a no-op stub — the per-hoster headers carry the same info, less duplication. Three-lens review (workflow wch4p9ee9): concurrency PASS_WITH_NOTES, ui-state PASS_WITH_NOTES, comment-policy PASS (zero new // or /* */ comments). Latent concerns from review applied as hardenings. 210/210 tests green, lint clean. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-07 03:27:57 +02:00
Administrator	d9e858febd	release: v3.3.38	2026-06-07 03:11:58 +02:00
Administrator	e26b7ea8ed	fix(accounts): never persist unverified creds + dedupe-proof modal + label + perf User reported three coupled bugs in account add/edit: (1) Invalid logins still create the account (2) Doodstream gets created multiple times when "Prüfen & Anlegen" is double-clicked or repeatedly OTP-retried (3) Add/Delete in the accounts panel feel laggy Plus a UX/feature request: account label + two-step "Prüfen → Anlegen" flow. Map (workflow wf44zpud4, 3 parallel subagents + adversarial verify) confirmed: - saveAccount() persisted to disk BEFORE the health check (lines 3407-3409) - saveBtn.disabled was set AFTER two awaited IPC roundtrips → 5-100ms race window - OTP-retry path generated a new accountId on every click (editingAccountId stayed null in ADD mode) → DETERMINISTIC duplication on every OTP attempt - runHealthCheck IPC required the account to be already persisted → that's why the old code wrote-first-check-second Fix architecture (advisor: Option A — make the invariant real, not cleanup-based): - main.js + preload.js: NEW `validate-credentials` IPC. Accepts ephemeral {hoster, authType, username, password, apiKey, otp} payload, builds an ephemeral hosterConfig, runs the same per-hoster checker via a shared _dispatchHealthCheck helper. Nothing touches config.hosters. - renderer: two-step modal state machine. - "Prüfen" click → validateCredentials (ephemeral) → green flips button to "Anlegen"/"Speichern" AND caches a snapshot of the validated creds. - "Anlegen"/"Speichern" click → only fires if cached snapshot matches the currently-typed credential-identity (username+password or apiKey; label and OTP are not part of the snapshot key). - Input listeners on the identity fields drop the snapshot the moment any cred is edited post-green → user can't sneak unverified creds through. - _accountModalBusy is set SYNCHRONOUSLY at the top of the click handler, before any await, so a double-click is a no-op. - _accountModalSession token bumps on every modal reset → a stale late response from a closed-and-reopened modal can't stomp the new session's busy flag or UI (lens-2 review fix). - Edit mode flows through the same path → bad edits never reach disk before being validated (fixes the silent good-creds clobber). - closeAccountModal cancels the auto-close timer + clears modal state so a stale 600 ms timer can't close a freshly-reopened modal. - Label field (new): persisted on the account, shown in the card subtitle as "Label: XYZ • API: ABC… — API Key gültig" so identical-looking API accounts are disambiguable. Excluded from snapshot key on purpose — label is metadata. - Perf: drop the redundant `await getConfig()` round-trip in commit+delete (in-memory state was already the source of truth and the old reload was the main lag source). deleteAccount fires-and-forgets the saveConfig and closes the modal synchronously. Commit path uses updateAccountCard for the single-card edit case instead of a 4-panel cascade. Multi-lens review (workflow wyoc3iq4k, 3 reviewers): OTP-correctness SHIP, race-guard SHIP-WITH-FIXES (session-id token + busy-inside-try applied), edit-mode+label SHIP. No blockers. Tests: 6 new regression tests (tests/validate-credentials.test.js) covering the three reported bugs as executable spec: (a) failed validation persists nothing to config.hosters (b) second click with guard set persists exactly one entry (c) OTP-required persists nothing; OTP retry re-validates ephemerally plus snapshot-key identity, post-validation edit invalidation, and the ephemeral hosterConfig shape contract. 210/210 green, lint clean. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-07 03:11:13 +02:00
Administrator	a7ac8c85f3	release: v3.3.37	2026-06-04 22:08:55 +02:00
Administrator	ca35c2a6a4	fix(log): persist BARE log path (no compounded daily/session stamps) User report: in session mode the upload-log lines split across two files — the first few before the auto-persist fallback fired, the rest after into a path with the session-stamp DOUBLED. Root cause in main.js _persistFallbackLogPath: 1. The strip was gated on the legacy `sessionLog` boolean, which 3.3.35 retired in favour of `logMode`. So in session/daily mode the gate was false and the resolved path got persisted with its stamp intact. 2. Even when the gate triggered, its regex matched only the daily YYYY-MM-DD suffix, not the session "session-YYYY-MM-DD_HH-MM-SS-pid" suffix. The next getLogFilePath() call read that saved path as the "base", treated the already-stamped filename as the base name, and re-applied another stamp on top. First flush hit the original session file; everything after hit a doubly- stamped one — exactly the symptom (top file: 2 lines, bottom file: the rest). - lib/log-mode.js: new pure stripModeStampFromFileName helper that removes both the daily and the session suffix patterns. Anchored to $, no nested quantifiers (linear). - main.js: gate on logMode (not sessionLog) and call the helper for daily AND session, so logFilePath always persists as a bare base. - Tests: 4 new — strip behaviour + an idempotence regression that locks in "resolve → strip → resolve = same path" so this can't silently come back. 204/200. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-04 22:08:15 +02:00
Administrator	c1585ed09a	release: v3.3.36	2026-06-02 05:40:01 +02:00
Administrator	b5ff9b1a0b	fix(ui): queue columns fit the window on resize (fullscreen → windowed) Saved column widths were applied as fixed pixels, so switching from fullscreen to windowed mode left the column sum wider than the viewport and the user had to manually drag the window wider just to see the rightmost columns. Now: a separate _idealColumnWidths map holds the user's preferred widths (persisted), and _applyFittedColumnWidths reshapes the displayed widths to fit the current container width. When sum(ideals) > container.clientWidth, every column is scaled by the same factor so the row exactly fits (and a hidden column becomes visible again). - Two-tier widths: ideals are only updated by an explicit drag, not by a resize-driven refit. So dragging while the window is narrow no longer permanently shrinks every other column. - saveDraggedColumnWidth(col, w) saves a single column's new ideal. - Window-resize listener refits with a 60ms debounce. Lint clean, full suite 200/200. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-02 05:39:28 +02:00
Administrator	72d3fe1e4e	release: v3.3.35	2026-05-30 14:42:03 +02:00
Administrator	d720ba295a	feat(log): add per-session log mode (one file per app launch) Adds a third choice next to the existing single-file and per-day modes: a new log file is created at every app start (process boot) and used until the app is closed. A close → reopen of the app starts a new session, hence a new file. File pattern: fileuploader-session-YYYY-MM-DD_HH-MM-SS-<pid>.log. The boolean sessionLog field — misnamed: it actually toggled daily mode — is replaced by a logMode enum: "single" \| "daily" \| "session". The misnomer made the migration the trap to watch: existing users with sessionLog:true must land on "daily", NOT "session". normalizeLogMode handles this and is unit-tested. - lib/log-mode.js (new, pure, dual CJS/window export): normalizeLogMode + resolveLogFileName + format helpers. No fs, no Date.now() at call time. - config-store.js: normalize at the single load() boundary so downstream readers consume logMode only. logMode is deliberately NOT seeded in DEFAULTS (would beat the legacy migration after merge). - main.js: stamp SESSION_ID once at process start (with pid hedge against same-second restart collisions); getLogFilePath and buildFallbackLogName switch on mode via the lib. _resolveUploadLogTarget cache key is now just the primary path, which already encodes mode/date/session — self-invalidates. - renderer: <select> with three German labels replaces the old checkbox; saveSettings writes logMode; index.html loads the lib so window.LogMode is available in renderSettings. - Tests: 14 log-mode tests (incl. legacy-migration regression), 3 config-store tests (defaults, legacy migration, round-trip all three values). 200/200. End-to-end simulated locally: two launches → two distinct session files; PID hedge produces distinct names even within the same second. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-30 14:41:06 +02:00
Administrator	1c8514e127	docs(lessons): doodstream live-diagnosis findings (API path verified viable) Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-28 22:41:49 +02:00