- Admin enabled by default (was opt-in via env var)
- New /admin/status (public) and /admin/setup (first-run only) endpoints
- Setup endpoint locked after first use (returns 403)
- Admin password persisted to SQLite config table (survives restarts)
- Change password now persists to DB (was in-memory only)
- Frontend router guard forces /admin redirect until setup is complete
- AdminSetup.vue wizard: username + password + confirm
- Public config exposes admin_enabled/admin_setup_complete for frontend
- TLS warning only fires when password is actually configured
Three bugs causing 100% CPU and container crash-looping in production:
1. sse-starlette ping=0 causes await anyio.sleep(0) busy loop in _ping task.
Each SSE connection spins a ping task at 100% CPU. Changed to ping=15
(built-in keepalive). Removed our manual ping yield in favor of continue.
2. Dockerfile purged curl after installing deno, but Docker healthcheck
(and compose override) uses curl. Healthcheck always failed -> autoheal
restarted the container every ~2 minutes. Keep curl in the image.
3. Downloads that fail during server shutdown leave zombie jobs stuck in
queued/downloading status (event loop closes before error handler can
update DB). Added startup recovery that marks these as failed.
Verified: no external URLs in frontend (no CDN fonts, no analytics,
no Google Fonts, no external scripts). All fonts use system fallback
chains (JetBrains Mono → Cascadia Code → Fira Code → monospace).
No outbound HTTP calls in backend code.
Added SecurityHeadersMiddleware enforcing:
- Content-Security-Policy: default-src 'self', script/font/connect
restricted to 'self', style allows 'unsafe-inline' for Vue scoped
styles, img allows data: URIs, object-src 'none', frame-ancestors
'none'
- X-Content-Type-Options: nosniff
- X-Frame-Options: DENY
- Referrer-Policy: no-referrer
These headers prevent any accidental introduction of external
resources in future development — CSP violations will block them.
Table overflow fix:
- table-layout: fixed prevents columns expanding beyond max-width
- min-width: 0 on flex children ensures text-overflow works
- Long filenames now properly truncate with ellipsis
Clickable source URLs:
- Name column is now an <a> link to the original source URL
- Opens in new tab (target=_blank, rel=noopener)
- Styled to inherit text color, underline + accent on hover
- @click.stop prevents row selection interference
Duplicate preview box fix:
- When urlInfo.type === 'unknown', urlInfo is now set to null
- Previously both the preview box ('VIDEO' badge) and error message
showed simultaneously. Now only the error message appears.
Backend:
- New error_log table: url, domain, error, format_id, media_type,
session_id, created_at
- log_download_error() called when yt-dlp throws during download
- GET /admin/errors returns recent entries (limit 200)
- DELETE /admin/errors clears all entries
- Manual purge also clears error log
- Domain extracted from URL via urlparse for grouping
Frontend:
- New 'Errors' tab in admin panel (Sessions, Storage, Errors, Settings)
- Each error entry shows: domain, timestamp, full URL, error message,
format/media type metadata
- Red left border + error-colored message for visual scanning
- Clear Log button to wipe entries
- Empty state: 'No errors logged.'
Error entries contain enough context (full URL, error message, domain,
format, media type) to paste into an LLM for domain-specific debugging.
Settings flow:
- Each section has its own Save button — no ambiguous shared button
- Appearance & Defaults: Save covers welcome message + output formats
- Privacy & Data: Save covers privacy toggle + retention hours
- Security: Change Password button is self-contained
- Bottom note clarifies all settings reset on server restart
Purge improvements:
- Now clears orphaned sessions (sessions with no remaining jobs)
- 'Sure?' confirmation gate on manual purge (3s timeout revert)
- Purge result shows sessions_deleted count
- Cleaner result display: 'X jobs removed' instead of 'Rows deleted: X'
SSE broker:
- publish_all() broadcasts to all sessions (used for purge)
Settings tab reorganized into 3 sections:
- Appearance & Defaults: welcome message + output formats + Save
- Privacy & Data: privacy mode toggle + manual purge
- Security: change password
Manual purge fix:
- purge_all=True clears ALL completed/failed jobs regardless of age
- Previously only cleared jobs older than max_age_hours (7 days),
so recent downloads were never purged on manual trigger
SSE broadcast for purge:
- Added SSEBroker.publish_all() for cross-session broadcasts
- Purge endpoint sends job_removed events for each deleted job
- Frontend queue clears in real-time when admin purges
Privacy Mode feature:
- Toggle in Admin > Settings enables automatic purge of download
history, session logs, and files after configurable retention period
- Default retention: 24 hours when privacy mode is on
- Configurable 1-8760 hours via number input
- When enabled, starts purge scheduler (every 30 min) if not running
- When disabled, data persists indefinitely
Admin panel consolidation:
- Removed separate 'Purge' tab — manual purge moved to Settings
- Settings tab order: Privacy Mode > Manual Purge > Welcome Message >
Output Formats > Change Password
- Toggle switch UI with accent color and smooth animation
- Retention input with left accent border and unit label
Backend:
- PurgeConfig: added privacy_mode (bool) and privacy_retention_hours
- Purge service: uses privacy_retention_hours when privacy mode active
- PUT /admin/settings: accepts privacy_mode + privacy_retention_hours
- GET /config/public: exposes privacy settings to frontend
- Runtime overrides passed to purge service via config._runtime_overrides
- Invalid URL error shows in preview-styled box instead of alongside
format picker. Options panel hidden when URL is invalid.
- Password mismatch warning ('Passwords don't match') shown live
below confirm field when values differ.
Best quality format:
- Synthetic 'bestvideo+bestaudio/best' entry added at top of format
list when the best separate video stream exceeds the best pre-muxed
format. Shows as 'Best quality (1920x1080)' in Video+Audio group.
- YouTube typically only has 360p pre-muxed but 1080p+ as separate
streams — users can now select full quality with auto-merge.
- Only appears when there's actually a quality advantage vs pre-muxed.
Password change UX:
- Enter key on confirm password field submits the change
- Auto-logout 1.5s after successful password change
- User sees '✓ Password changed' before being redirected home
Mobile table:
- Status column hidden on mobile (<640px) alongside Progress
- Only Name + Actions columns shown — clean two-column layout
- Removed mobile-specific status badge font tweaks (column gone)
Admin:
- Username field autofocused on login page
- Change password section in Settings tab — current password
verification, new password + confirm, min 4 chars, updates
bcrypt hash at runtime via PUT /admin/password
- Password change updates stored credentials in admin store
Loading messages:
- Replaced 'Peeking at the URL' with: Scanning the airwaves,
Negotiating with the server, Cracking the codec, Reading
the fine print, Locking on target
Mobile responsive:
- Progress column hidden on mobile (<640px) — table fits viewport
- Action buttons compact (28px) on mobile with 2px gap
- Status badges smaller on mobile (0.625rem)
- Filter tabs scroll horizontally, Download All + Clear go
full-width below as equal-sized buttons
- min-width:0 on section containers prevents flex overflow
- download-table-wrap constrained with max-width:100%
Download button:
- Disabled until URL analysis confirms downloadable content
- Shows error message for invalid URLs or pages with no media
- analyzeError state resets when URL is cleared or changed
Admin format defaults fix:
- AdminPanel now reloads configStore after saving settings
- Previously the main page kept stale config until full page refresh
- Config store import added to AdminPanel
Re-download same URL:
- Added overwrites: true to yt-dlp opts so re-downloading the
same URL with different format options works correctly
- Previously yt-dlp would skip if intermediate file existed
UI polish:
- Clear button fixed-width (min-width: 70px) — no shift between
'Clear' and 'Sure?' states
- Action buttons uniform sizing (inline-flex, min-width/height,
box-sizing: border-box) — download/copy/clear all same size
- Footer no longer pushes below viewport — App.vue uses flex
column layout, AppLayout uses flex:1 instead of min-height:100vh
- Page only scrolls when content exceeds viewport
Wireframe background:
- Canvas-based constellation animation — 45 floating nodes connected
by proximity lines, subtle pulsing glow on select nodes
- Blue primary + orange accent line colors match cyberpunk palette
- Pauses on tab hidden, respects devicePixelRatio, ~0% CPU idle
- Only renders when cyberpunk theme is active (v-if on theme)
- Replaces CSS-only diagonal lines/pulse (removed from cyberpunk.css)
Unified URL analysis:
- Merged 'Checking URL...' and 'Extracting available formats...' into
a single loading state with rotating messages: 'Peeking at the URL',
'Interrogating the server', 'Decoding the matrix', etc.
- Both fetches run in parallel via Promise.all, single spinner shown
- Phase messages rotate every 1.5s during analysis
Admin format enforcement:
- Backend PUT /admin/settings now accepts default_video_format and
default_audio_format fields with validation
- Stored in settings_overrides alongside welcome_message
- UrlInput reads admin defaults from config store — Auto label shows
'Auto (.mp3)' etc. when admin has set a default
- effectiveOutputFormat computed resolves admin default when user
selects Auto, sends the resolved format to the backend
Queue toolbar:
- Filter tabs (All/Active/Completed/Failed) and action buttons (Download
All/Clear) share one row — filters left, actions right
- Download All moved from DownloadTable to DownloadQueue toolbar
- Clear button: muted style → red border on hover → 'Sure?' red confirm
state → executes on second click, auto-resets after 3s
- Clear removes all completed and failed jobs (leaves active untouched)
Admin format defaults:
- Settings tab has Video/Audio default format dropdowns
- Stored in settings_overrides (same as welcome_message)
- Public config returns default_video_format and default_audio_format
- UrlInput resolves Auto format against admin defaults — if admin sets
audio default to MP3, 'Auto' chip shows 'Auto (.mp3)' and downloads
convert accordingly
Cyberpunk animated background:
- Diagonal crossing lines (blue 45° + orange -45°) drift slowly (60s cycle)
- Subtle radial gradient pulse (8s breathing effect)
- Layered on top of the existing grid pattern
- All CSS-only, no JS — zero performance cost
- Only active on cyberpunk theme (scoped to [data-theme=cyberpunk])
Download All:
- 'Download All (N)' button appears above table when 2+ completed files
- Triggers individual browser downloads staggered by 300ms
- Toast notification shows count
Format picker filtering:
- FormatPicker accepts mediaType prop ('video' | 'audio')
- Video mode: shows Video+Audio and Video Only groups, hides Audio Only
- Audio mode: shows Audio Only group, hides video groups
- Switching media type live-updates the visible format list
Playlist entry selection:
- Checkboxes on each entry, all selected by default
- Select All / Deselect All toggle with partial state indicator
- Selected count displayed (e.g. '3 of 5 selected')
- Only selected entries are submitted for download
- Duration shown in parentheses after title
URL input clearing:
- Clearing or changing URL resets preview, formats, and selections
- Stale preview no longer persists when URL is edited
- URL watcher tracks the last fetched URL to avoid clearing on paste
Auto format display:
- 'Auto' chip now shows detected extension: 'Auto (.webm)', 'Auto (.mp3)'
- Backend guesses extension from URL domain (youtube→webm, bandcamp→mp3,
soundcloud→opus, etc.) and extract_info ext field for single videos
Preferences persistence:
- Media type (video/audio) and output format saved to localStorage
- Settings survive page refreshes and gear panel open/close
Toast notifications:
- Copy link shows animated toast 'Link copied to clipboard'
- Toast appears at bottom center, auto-dismisses after 2s
Full delete on cancel:
- DELETE /downloads/{id} now removes the job from DB and deletes the file
- Previously marked as 'cancelled by user' and persisted in history
- Jobs dismissed with X are completely purged from the system
Playlist handling:
- Playlists are split into individual jobs at enqueue time
- Each entry downloads independently with its own progress tracking
- Private/unavailable playlist entries detected and reported in preview
- Individual jobs use noplaylist=True to prevent re-expansion
Session persistence:
- App.vue now calls fetchJobs() on mount to reload history from backend
- Download history survives page refresh via session cookie
Audio detection:
- Domain-based detection for known audio sources (bandcamp, soundcloud)
- Bandcamp albums now correctly trigger audio-only mode
Bug fixes:
- ProgressEvent accepts float for downloaded_bytes/total_bytes (fixes
pydantic int_from_float validation errors from some extractors)
- SSE job_update events now include error_message for failed jobs
- Fixed test_health_queue_depth test to use direct DB insertion instead
of POST endpoint (avoids yt-dlp side effects in test env)
URL preview & playlist support:
- POST /url-info endpoint extracts metadata (title, type, entry count)
- Preview box shows playlist contents before downloading (up to 10 items)
- Auto-detect audio-only sources (SoundCloud, etc) and switch to Audio mode
- Video toggle grayed out for audio-only sources
- Enable playlist downloading (noplaylist=False)
Admin panel improvements:
- Expandable session rows show per-session job list with filename, size,
status, timestamp, and source URL link
- GET /admin/sessions/{id}/jobs endpoint for session job details
- Logout now redirects to home page instead of staying on login form
- Logo in header is clickable → navigates to home
UX polish:
- Tooltips on output format chips (explains Auto vs specific formats)
- Format tooltips change based on video/audio mode
- Move gear icon to left of Video/Audio toggle
- Add output format selector in options panel:
Audio: Auto, MP3, WAV, M4A, FLAC, OPUS
Video: Auto, MP4, WEBM
- Backend: postprocess audio to selected codec via FFmpegExtractAudio
- Backend: postprocessor_hooks capture final filename after conversion
(fixes .webm showing when file was converted to .mp3)
- Add media type icon (video camera / music note) in download table
next to filename, inferred from quality field and file extension
- Pass media_type and output_format through JobCreate model
- Use extract_info + prepare_filename to determine output filename
before downloading (yt-dlp skips progress hooks when file exists)
- Normalize filenames to relative paths (strip output dir prefix)
- Include filename in completion SSE event so frontend displays it
- Fixes file download 404s from subdirectory source templates
- Move Video/Audio toggle to same row as Download button
- Auto-condense toggle to icon-only below 540px
- Move gear icon to right of Download button
- Fix file download URLs: normalize filenames to relative paths in progress hook
- Display filename with visible extension (truncate middle, preserve ext)
- Remove border/box from dark mode toggle — glyph only
- Fix light/dark theme fonts: use monospace display font across all themes
