chore: bump version

- Add /api/setup/unresolved/done endpoint to mark phase complete
- NFO scan now runs after series sync during initialization
- Middleware redirects to /login after setup complete (was /loading)
- Done button allows skipping folder resolution with redirect to NFO scan phase

.dockerignore

@@ -0,0 +1,37 @@
+__pycache__/
+*.pyc
+*.pyo
+*.egg-info/
+.git/
+.github/
+.gitignore
+.vscode/
+.vs/
+.idea/
+.mypy_cache/
+.pytest_cache/
+.coverage
+.env
+*.log
+
+# Docker files (not needed inside the image)
+Docker/
+
+# Exception: VERSION is needed by Dockerfile.app
+!Docker/VERSION
+
+# Test and dev files
+tests/
+Temp/
+test_data/
+docs/
+diagrams/
+
+# Runtime data (mounted as volumes)
+data/aniworld.db
+data/config_backups/
+logs/
+
+# Frontend tooling
+node_modules/
+package.json

.editorconfig

@@ -0,0 +1,46 @@
+# EditorConfig is awesome: https://EditorConfig.org
+
+# top-most EditorConfig file
+root = true
+
+# Unix-style newlines with a newline ending every file
+[*]
+charset = utf-8
+end_of_line = lf
+insert_final_newline = true
+trim_trailing_whitespace = true
+indent_style = space
+indent_size = 4
+
+# Python files
+[*.py]
+max_line_length = 88
+indent_size = 4
+
+# Web files
+[*.{html,css,js,json,yaml,yml}]
+indent_size = 2
+
+# Markdown files
+[*.md]
+trim_trailing_whitespace = false
+
+# Configuration files
+[*.{ini,cfg,conf,toml}]
+indent_size = 4
+
+# Docker files
+[{Dockerfile*,*.dockerfile}]
+indent_size = 4
+
+# Shell scripts
+[*.{sh,bat}]
+indent_size = 4
+
+# SQL files
+[*.sql]
+indent_size = 2
+
+# Template files
+[*.{j2,jinja,jinja2}]
+indent_size = 2

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,44 @@
+# Pull Request Template
+
+## Description
+Brief description of the changes in this PR.
+
+## Type of Change
+- [ ] Bug fix (non-breaking change which fixes an issue)
+- [ ] New feature (non-breaking change which adds functionality)
+- [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
+- [ ] Documentation update
+- [ ] Code refactoring
+- [ ] Performance improvement
+- [ ] Test improvement
+
+## Changes Made
+- List the main changes
+- Include any new files added
+- Include any files removed or renamed
+
+## Testing
+- [ ] Unit tests pass
+- [ ] Integration tests pass
+- [ ] Manual testing completed
+- [ ] Performance testing (if applicable)
+
+## Screenshots (if applicable)
+Add screenshots of UI changes or new features.
+
+## Checklist
+- [ ] My code follows the project's coding standards
+- [ ] I have performed a self-review of my own code
+- [ ] I have commented my code, particularly in hard-to-understand areas
+- [ ] I have made corresponding changes to the documentation
+- [ ] My changes generate no new warnings
+- [ ] I have added tests that prove my fix is effective or that my feature works
+- [ ] New and existing unit tests pass locally with my changes
+- [ ] Any dependent changes have been merged and published
+
+## Related Issues
+Fixes #(issue number)
+Related to #(issue number)
+
+## Additional Notes
+Any additional information, deployment notes, or context for reviewers.

.github/copilot-instructions.md

@@ -0,0 +1,121 @@
+# GitHub Copilot Instructions
+
+These instructions define how GitHub Copilot should assist with this project. The goal is to ensure consistent, high-quality code generation aligned with our conventions, stack, and best practices.
+
+## 🧠 Context
+
+-   **Project Type**: Web API / Data Pipeline / CLI Tool / ML App
+-   **Language**: Python
+-   **Framework / Libraries**: FastAPI / Flask / Django / Pandas / Pydantic / Poetry
+-   **Architecture**: MVC / Clean Architecture / Event-Driven / Microservices
+
+## 🔧 General Guidelines
+
+-   Use Pythonic patterns (PEP8, PEP257).
+-   Prefer named functions and class-based structures over inline lambdas.
+-   Use type hints where applicable (`typing` module).
+-   Follow black or isort for formatting and import order.
+-   Use meaningful naming; avoid cryptic variables.
+-   Emphasize simplicity, readability, and DRY principles.
+
+## 🧶 Patterns
+
+### ✅ Patterns to Follow
+
+-   Use the Repository Pattern and Dependency Injection (e.g., via `Depends` in FastAPI).
+-   Validate data using Pydantic models.
+-   Use custom exceptions and centralized error handling.
+-   Use environment variables via `dotenv` or `os.environ`.
+-   Use logging via the `logging` module or structlog.
+-   Write modular, reusable code organized by concerns (e.g., controller, service, data layer).
+-   Favor async endpoints for I/O-bound services (FastAPI, aiohttp).
+-   Document functions and classes with docstrings.
+
+### 🚫 Patterns to Avoid
+
+-   Don’t use wildcard imports (`from module import *`).
+-   Avoid global state unless encapsulated in a singleton or config manager.
+-   Don’t hardcode secrets or config values—use `.env`.
+-   Don’t expose internal stack traces in production environments.
+-   Avoid business logic inside views/routes.
+
+## 🧪 Testing Guidelines
+
+-   Use `pytest` or `unittest` for unit and integration tests.
+-   Mock external services with `unittest.mock` or `pytest-mock`.
+-   Use fixtures to set up and tear down test data.
+-   Aim for high coverage on core logic and low-level utilities.
+-   Test both happy paths and edge cases.
+
+## 🧩 Example Prompts
+
+-   `Copilot, create a FastAPI endpoint that returns all users from the database.`
+-   `Copilot, write a Pydantic model for a product with id, name, and optional price.`
+-   `Copilot, implement a CLI command that uploads a CSV file and logs a summary.`
+-   `Copilot, write a pytest test for the transform_data function using a mock input.`
+
+## 🔁 Iteration & Review
+
+-   Review Copilot output before committing.
+-   Add comments to clarify intent if Copilot generates incorrect or unclear suggestions.
+-   Use linters (flake8, pylint) and formatters (black, isort) as part of the review pipeline.
+-   Refactor output to follow project conventions.
+
+## 📚 References
+
+-   [PEP 8 – Style Guide for Python Code](https://peps.python.org/pep-0008/)
+-   [PEP 484 – Type Hints](https://peps.python.org/pep-0484/)
+-   [FastAPI Documentation](https://fastapi.tiangolo.com/)
+-   [Django Documentation](https://docs.djangoproject.com/en/stable/)
+-   [Flask Documentation](https://flask.palletsprojects.com/)
+-   [Pytest Documentation](https://docs.pytest.org/en/stable/)
+-   [Pydantic Documentation](https://docs.pydantic.dev/)
+-   [Python Logging Best Practices](https://docs.python.org/3/howto/logging.html)
+-   [Black Code Formatter](https://black.readthedocs.io/)
+-   [Poetry](https://python-poetry.org/docs/)
+
+## 1. General Philosophy
+
+-   **Clarity is King:** Code should be easy to understand at a glance.
+-   **Consistency Matters:** Adhere to these standards across all projects.
+-   **Automation Encouraged:** Utilize tools like StyleCop, Roslyn Analyzers, and .editorconfig to enforce these standards automatically.
+-   **Evolve and Adapt:** These standards should be reviewed and updated as the C# language and best practices evolve.
+-   **Practicality Reigns:** While striving for perfection, prioritize pragmatic solutions that balance maintainability and development speed.
+
+-   CleanCode, Keep it simple, MVVM
+
+## 2. Security Considerations
+
+-   **Input Validation:** Always validate user input to prevent injection attacks (e.g., SQL injection, XSS).
+-   **Secure Configuration:** Store sensitive information (e.g., passwords, API keys) in secure configuration files, and encrypt them if possible. Avoid hardcoding sensitive data.
+-   **Authentication and Authorization:** Implement proper authentication and authorization mechanisms to protect resources. Favor using built-in identity frameworks.
+-   **Data Encryption:** Encrypt sensitive data at rest and in transit. Use strong encryption algorithms.
+-   **Regular Security Audits:** Perform regular security audits and penetration testing to identify and address vulnerabilities.
+-   **Dependency Vulnerabilities:** Keep dependencies up-to-date to patch known security vulnerabilities. Use tools to automatically check for vulnerabilities.
+
+## 3. Performance Optimization
+
+-   **Minimize Object Allocation:** Reduce unnecessary object allocations, especially in performance-critical code. Use techniques like object pooling and struct types for small value types.
+-   **Use Efficient Data Structures:** Choose the appropriate data structures for the task (e.g., "Dictionary" for fast lookups, "List" for ordered collections).
+-   **Avoid Boxing/Unboxing:** Avoid boxing and unboxing operations, as they can be expensive. Use generics to prevent boxing.
+-   **String Concatenation:** Use "StringBuilder" for building strings in loops instead of repeated string concatenation.
+-   **Asynchronous I/O:** Use asynchronous I/O operations to avoid blocking threads.
+-   **Profiling:** Use profiling tools to identify performance bottlenecks.
+
+## 4. GUI
+
+-   **Effortless:** faster and more intuitive. It's easy to do what I want, with focus and precision.
+-   **Calm:** faster and more intuitive. It's easy to do what I want, with focus and precision.
+-   **Iconography:** Iconography is a set of visual images and symbols that help users understand and navigate your app. Windows 11 iconography has evolved in concert with our design language. Every glyph in our system icon font has been redesigned to embrace a softer geometry and more modern metaphors.
+-   **Shapes and geometry:** Geometry describes the shape, size, and position of UI elements on screen. These fundamental design elements help experiences feel coherent across the entire design system. Windows 11 features updated geometry that creates a more approachable, engaging, and modern experience.
+-   **Typography:** As the visual representation of language, the main task of typography is to communicate information. The Windows 11 type system helps you create structure and hierarchy in your content in order to maximize legibility and readability in your UI.
+-   **Familiar:** faster and more intuitive. It's easy to do what I want, with focus and precision.
+-   **Familiar:** faster and more intuitive. It's easy to do what I want, with focus and precision.
+-   **Fluent UI design:** Use Fluent UI design
+-   **Themes:** Use the already defined Theme color. Make sure ther is always a dark and light mode.
+-   **Text:** Write in resource files so that a translation is easily possible. Use the already defined text in the resource files.
+
+This document serves as a starting point and is meant to be adapted to the specific needs of each project and team. Regularly review and update these standards to keep them relevant and effective.
+
+Run till you are realy finished.
+Do not gues, open and read files if you dont know something.

.gitignore

@@ -1,3 +1,86 @@
-/.idea/*
-/aniworld/bin/*
-/aniworld/lib/*
+/.idea/*
+/aniworld/bin/*
+/aniworld/lib/*
+/src/__pycache__/*
+/src/__pycache__/
+/.vs/*
+/.venv/*
+/src/Temp/*
+/src/Loaders/__pycache__/*
+/src/Loaders/provider/__pycache__/*
+/src/Loaders/__pycache__/*
+/src/Loaders/__pycache__/AniWorldLoader.cpython-310.pyc
+/src/Loaders/__pycache__/Loader.cpython-310.pyc
+/src/Loaders/__pycache__/Loaders.cpython-310.pyc
+/src/Loaders/__pycache__/Providers.cpython-310.pyc
+/src/Loaders/provider/__pycache__/voe.cpython-310.pyc
+/src/noGerFound.log
+/src/errors.log
+/src/server/__pycache__/*
+/src/NoKeyFound.log
+/download_errors.log
+
+# Environment and secrets
+.env
+.env.local
+.env.*.local
+*.pem
+*.key
+secrets/
+
+# Python cache
+__pycache__/
+*.py[cod]
+*$py.class
+*.so
+
+# Distribution / packaging
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+
+# Database files (including SQLite journal/WAL files)
+*.db
+*.db-shm
+*.db-wal
+*.db-journal
+*.sqlite
+*.sqlite3
+*.sqlite-shm
+*.sqlite-wal
+*.sqlite-journal
+data/*.db*
+data/aniworld.db*
+
+# Configuration files (exclude from git, keep backups local)
+data/config.json
+data/config_backups/
+config.json
+*.config
+
+# Logs
+*.log
+logs/
+src/cli/logs/
+*.log.*
+
+# Temp folders
+Temp/
+temp/
+tmp/
+*.tmp
+.coverage
+.venv/bin/dotenv

.vscode/extensions.json

@@ -0,0 +1,22 @@
+{
+    "recommendations": [
+        "ms-python.python",
+        "ms-python.debugpy",
+        "ms-python.flake8",
+        "ms-python.black-formatter",
+        "ms-python.isort",
+        "ms-vscode.vscode-json",
+        "bradlc.vscode-tailwindcss",
+        "ms-vscode.vscode-docker",
+        "ms-python.pylint",
+        "ms-python.mypy-type-checker",
+        "charliermarsh.ruff",
+        "ms-vscode.test-adapter-converter",
+        "littlefoxteam.vscode-python-test-adapter",
+        "formulahendry.auto-rename-tag",
+        "esbenp.prettier-vscode",
+        "PKief.material-icon-theme",
+        "GitHub.copilot",
+        "GitHub.copilot-chat"
+    ]
+}

.vscode/launch.json

@@ -0,0 +1,177 @@
+{
+    "version": "0.2.0",
+    "configurations": [
+        {
+            "name": "Debug FastAPI App",
+            "type": "debugpy",
+            "request": "launch",
+            "program": "${workspaceFolder}/src/server/fastapi_app.py",
+            "console": "integratedTerminal",
+            "justMyCode": true,
+            "python": "/home/lukas/miniconda3/envs/AniWorld/bin/python",
+            "env": {
+                "PYTHONPATH": "${workspaceFolder}/src:${workspaceFolder}",
+                "JWT_SECRET_KEY": "your-secret-key-here-debug",
+                "PASSWORD_SALT": "default-salt-debug",
+                "MASTER_PASSWORD": "admin123",
+                "LOG_LEVEL": "DEBUG",
+                "ANIME_DIRECTORY": "${workspaceFolder}/data/anime",
+                "DATABASE_URL": "sqlite:///${workspaceFolder}/data/aniworld.db"
+            },
+            "cwd": "${workspaceFolder}",
+            "args": [],
+            "stopOnEntry": false,
+            "autoReload": {
+                "enable": true
+            }
+        },
+        {
+            "name": "Debug FastAPI with Uvicorn",
+            "type": "debugpy",
+            "request": "launch",
+            "module": "uvicorn",
+            "python": "/home/lukas/miniconda3/envs/AniWorld/bin/python",
+            "args": [
+                "src.server.fastapi_app:app",
+                "--host",
+                "127.0.0.1",
+                "--port",
+                "8000",
+                "--reload",
+                "--log-level",
+                "debug"
+            ],
+            "console": "integratedTerminal",
+            "justMyCode": true,
+            "env": {
+                "PYTHONPATH": "${workspaceFolder}/src:${workspaceFolder}",
+                "JWT_SECRET_KEY": "your-secret-key-here-debug",
+                "PASSWORD_SALT": "default-salt-debug",
+                "MASTER_PASSWORD": "admin123",
+                "LOG_LEVEL": "DEBUG",
+                "ANIME_DIRECTORY": "${workspaceFolder}/data/anime",
+                "DATABASE_URL": "sqlite:///${workspaceFolder}/data/aniworld.db"
+            },
+            "cwd": "${workspaceFolder}"
+        },
+        {
+            "name": "Debug CLI App",
+            "type": "debugpy",
+            "request": "launch",
+            "program": "${workspaceFolder}/src/cli/Main.py",
+            "console": "integratedTerminal",
+            "justMyCode": true,
+            "python": "/home/lukas/miniconda3/envs/AniWorld/bin/python",
+            "env": {
+                "PYTHONPATH": "${workspaceFolder}/src:${workspaceFolder}",
+                "LOG_LEVEL": "DEBUG",
+                "ANIME_DIRECTORY": "${workspaceFolder}/data/anime"
+            },
+            "cwd": "${workspaceFolder}",
+            "args": [
+                // Add arguments as needed for CLI testing
+                // Example: "${workspaceFolder}/test_data"
+            ],
+            "stopOnEntry": false
+        },
+        {
+            "name": "Debug Tests",
+            "type": "debugpy",
+            "request": "launch",
+            "module": "pytest",
+            "python": "/home/lukas/miniconda3/envs/AniWorld/bin/python",
+            "args": [
+                "${workspaceFolder}/tests",
+                "-v",
+                "--tb=short",
+                "--no-header",
+                "--disable-warnings"
+            ],
+            "console": "integratedTerminal",
+            "justMyCode": true,
+            "env": {
+                "PYTHONPATH": "${workspaceFolder}/src:${workspaceFolder}",
+                "JWT_SECRET_KEY": "test-secret-key",
+                "PASSWORD_SALT": "test-salt",
+                "MASTER_PASSWORD": "admin123",
+                "LOG_LEVEL": "DEBUG",
+                "ANIME_DIRECTORY": "${workspaceFolder}/test_data/anime",
+                "DATABASE_URL": "sqlite:///${workspaceFolder}/test_data/test_aniworld.db"
+            },
+            "cwd": "${workspaceFolder}"
+        },
+        {
+            "name": "Debug Unit Tests Only",
+            "type": "debugpy",
+            "request": "launch",
+            "module": "pytest",
+            "python": "/home/lukas/miniconda3/envs/AniWorld/bin/python",
+            "args": [
+                "${workspaceFolder}/tests/unit",
+                "-v",
+                "--tb=short"
+            ],
+            "console": "integratedTerminal",
+            "justMyCode": true,
+            "env": {
+                "PYTHONPATH": "${workspaceFolder}/src:${workspaceFolder}",
+                "JWT_SECRET_KEY": "test-secret-key",
+                "PASSWORD_SALT": "test-salt",
+                "LOG_LEVEL": "DEBUG"
+            },
+            "cwd": "${workspaceFolder}"
+        },
+        {
+            "name": "Debug Integration Tests Only",
+            "type": "debugpy",
+            "request": "launch",
+            "module": "pytest",
+            "python": "/home/lukas/miniconda3/envs/AniWorld/bin/python",
+            "args": [
+                "${workspaceFolder}/tests/integration",
+                "-v",
+                "--tb=short"
+            ],
+            "console": "integratedTerminal",
+            "justMyCode": true,
+            "env": {
+                "PYTHONPATH": "${workspaceFolder}/src:${workspaceFolder}",
+                "JWT_SECRET_KEY": "test-secret-key",
+                "PASSWORD_SALT": "test-salt",
+                "MASTER_PASSWORD": "admin123",
+                "LOG_LEVEL": "DEBUG",
+                "ANIME_DIRECTORY": "${workspaceFolder}/test_data/anime",
+                "DATABASE_URL": "sqlite:///${workspaceFolder}/test_data/test_aniworld.db"
+            },
+            "cwd": "${workspaceFolder}"
+        },
+        {
+            "name": "Debug FastAPI Production Mode",
+            "type": "debugpy",
+            "request": "launch",
+            "module": "uvicorn",
+            "python": "/home/lukas/miniconda3/envs/AniWorld/bin/python",
+            "args": [
+                "src.server.fastapi_app:app",
+                "--host",
+                "0.0.0.0",
+                "--port",
+                "8000",
+                "--workers",
+                "1"
+            ],
+            "console": "integratedTerminal",
+            "justMyCode": true,
+            "env": {
+                "PYTHONPATH": "${workspaceFolder}/src:${workspaceFolder}",
+                "JWT_SECRET_KEY": "production-secret-key-change-me",
+                "PASSWORD_SALT": "production-salt-change-me",
+                "MASTER_PASSWORD": "admin123",
+                "LOG_LEVEL": "INFO",
+                "ANIME_DIRECTORY": "${workspaceFolder}/data/anime",
+                "DATABASE_URL": "sqlite:///${workspaceFolder}/data/aniworld.db"
+            },
+            "cwd": "${workspaceFolder}"
+        }
+    ]
+}

.vscode/settings.json

@@ -0,0 +1,40 @@
+{
+    "python.defaultInterpreterPath": "${workspaceFolder}/.venv/bin/python",
+    "python.terminal.activateEnvironment": true,
+    "python.terminal.activateEnvInCurrentTerminal": true,
+    "terminal.integrated.env.linux": {
+        "VIRTUAL_ENV": "${workspaceFolder}/.venv",
+        "PATH": "${workspaceFolder}/.venv/bin:${env:PATH}"
+    },
+    "python.linting.enabled": true,
+    "python.linting.flake8Enabled": true,
+    "python.linting.pylintEnabled": true,
+    "python.formatting.provider": "black",
+    "python.formatting.blackArgs": [
+        "--line-length",
+        "88"
+    ],
+    "python.sortImports.args": [
+        "--profile",
+        "black"
+    ],
+    "editor.formatOnSave": true,
+    "editor.codeActionsOnSave": {
+        "source.organizeImports": "explicit"
+    },
+    "files.exclude": {
+        "**/__pycache__": true,
+        "**/*.pyc": true,
+        "**/node_modules": true,
+        "**/.pytest_cache": true,
+        "**/data/temp/**": true,
+        "**/data/cache/**": true,
+        "**/data/logs/**": true
+    },
+    "python.testing.pytestEnabled": true,
+    "python.testing.pytestArgs": [
+        "tests"
+    ],
+    "python.testing.unittestEnabled": false,
+    "python.testing.autoTestDiscoverOnSaveEnabled": true
+}

.vscode/tasks.json

@@ -0,0 +1,166 @@
+{
+    "version": "2.0.0",
+    "tasks": [
+        {
+            "label": "Run FastAPI Server",
+            "type": "shell",
+            "command": "conda",
+            "args": [
+                "run",
+                "-n",
+                "AniWorld",
+                "python",
+                "-m",
+                "uvicorn",
+                "src.server.fastapi_app:app",
+                "--host",
+                "127.0.0.1",
+                "--port",
+                "8000",
+                "--reload"
+            ],
+            "group": {
+                "kind": "build",
+                "isDefault": true
+            },
+            "presentation": {
+                "echo": true,
+                "reveal": "always",
+                "focus": false,
+                "panel": "new"
+            },
+            "options": {
+                "cwd": "${workspaceFolder}"
+            },
+            "problemMatcher": [],
+            "isBackground": true
+        },
+        {
+            "label": "Run CLI Application",
+            "type": "shell",
+            "command": "conda",
+            "args": [
+                "run",
+                "-n",
+                "AniWorld",
+                "python",
+                "src/cli/Main.py"
+            ],
+            "group": "build",
+            "presentation": {
+                "echo": true,
+                "reveal": "always",
+                "focus": false,
+                "panel": "new"
+            },
+            "options": {
+                "cwd": "${workspaceFolder}"
+            },
+            "problemMatcher": []
+        },
+        {
+            "label": "Run All Tests",
+            "type": "shell",
+            "command": "conda",
+            "args": [
+                "run",
+                "-n",
+                "AniWorld",
+                "python",
+                "-m",
+                "pytest",
+                "tests/",
+                "-v",
+                "--tb=short"
+            ],
+            "group": "test",
+            "presentation": {
+                "echo": true,
+                "reveal": "always",
+                "focus": false,
+                "panel": "new"
+            },
+            "options": {
+                "cwd": "${workspaceFolder}"
+            },
+            "problemMatcher": []
+        },
+        {
+            "label": "Run Unit Tests",
+            "type": "shell",
+            "command": "conda",
+            "args": [
+                "run",
+                "-n",
+                "AniWorld",
+                "python",
+                "-m",
+                "pytest",
+                "tests/unit/",
+                "-v"
+            ],
+            "group": "test",
+            "presentation": {
+                "echo": true,
+                "reveal": "always",
+                "focus": false,
+                "panel": "new"
+            },
+            "options": {
+                "cwd": "${workspaceFolder}"
+            },
+            "problemMatcher": []
+        },
+        {
+            "label": "Run Integration Tests",
+            "type": "shell",
+            "command": "conda",
+            "args": [
+                "run",
+                "-n",
+                "AniWorld",
+                "python",
+                "-m",
+                "pytest",
+                "tests/integration/",
+                "-v"
+            ],
+            "group": "test",
+            "presentation": {
+                "echo": true,
+                "reveal": "always",
+                "focus": false,
+                "panel": "new"
+            },
+            "options": {
+                "cwd": "${workspaceFolder}"
+            },
+            "problemMatcher": []
+        },
+        {
+            "label": "Install Dependencies",
+            "type": "shell",
+            "command": "conda",
+            "args": [
+                "run",
+                "-n",
+                "AniWorld",
+                "pip",
+                "install",
+                "-r",
+                "requirements.txt"
+            ],
+            "group": "build",
+            "presentation": {
+                "echo": true,
+                "reveal": "always",
+                "focus": false,
+                "panel": "new"
+            },
+            "options": {
+                "cwd": "${workspaceFolder}"
+            },
+            "problemMatcher": []
+        }
+    ]
+}

Docker/Containerfile

@@ -0,0 +1,25 @@
+FROM alpine:3.19
+
+RUN apk add --no-cache \
+    wireguard-tools \
+    iptables \
+    ip6tables \
+    bash \
+    curl \
+    iputils-ping \
+    iproute2 \
+    openresolv
+
+# Create wireguard config directory (config is mounted at runtime)
+RUN mkdir -p /etc/wireguard
+
+# Copy version file and entrypoint
+COPY VERSION /etc/wireguard/VERSION
+COPY entrypoint.sh /entrypoint.sh
+RUN chmod +x /entrypoint.sh
+
+# Health check: can we reach the internet through the VPN?
+HEALTHCHECK --interval=30s --timeout=10s --retries=5 \
+    CMD curl -sf --max-time 5 http://1.1.1.1 || exit 1
+
+ENTRYPOINT ["/entrypoint.sh"]

Docker/Dockerfile.app

@@ -0,0 +1,35 @@
+FROM python:3.12-slim
+
+WORKDIR /app
+
+# Install system dependencies for compiled Python packages and ffmpeg for HLS support
+RUN apt-get update && \
+    apt-get install -y --no-install-recommends \
+        gcc \
+        g++ \
+        libffi-dev \
+        ffmpeg \
+    && rm -rf /var/lib/apt/lists/*
+
+# Install Python dependencies (cached layer)
+COPY requirements.txt .
+RUN pip install --no-cache-dir -r requirements.txt
+
+# Copy the full application
+COPY src/ ./src/
+COPY run_server.py .
+COPY pyproject.toml .
+COPY data/config.json ./data/config.json
+COPY Docker/VERSION ./Docker/VERSION
+
+# Create runtime directories
+RUN mkdir -p /app/data/config_backups /app/logs
+
+EXPOSE 8000
+
+ENV PYTHONUNBUFFERED=1
+ENV PYTHONPATH=/app
+
+# Bind to 0.0.0.0 so the app is reachable from the VPN container's network
+CMD ["python", "-m", "uvicorn", "src.server.fastapi_app:app", \
+     "--host", "0.0.0.0", "--port", "8000"]

Docker/VERSION

@@ -0,0 +1 @@
+v1.4.11

Docker/dispatcher.d-99-wg-routes.sh

@@ -0,0 +1,91 @@
+#!/bin/bash
+
+# === Configuration ===
+LOGFILE="/tmp/dispatcher.log"
+BACKUP="/tmp/dispatcher.log.1"
+MAXSIZE=$((1024 * 1024))  # 1 MB
+VPN_IFACE="nl"
+GATEWAY="192.168.178.1"
+LOCAL_IFACE="wlp4s0f0"
+ROUTE1="185.183.34.149"
+ROUTE2="192.168.178.0/24"
+
+# === Log Rotation ===
+if [ -f "$LOGFILE" ] && [ "$(stat -c%s "$LOGFILE")" -ge "$MAXSIZE" ]; then
+  echo "[$(date)] Log file exceeded 1MB, rotating..." >> "$LOGFILE"
+  mv "$LOGFILE" "$BACKUP"
+  touch "$LOGFILE"
+fi
+
+# === Logging Setup ===
+exec >> "$LOGFILE" 2>&1
+echo "[$(date)] Running dispatcher for $1 with status $2"
+
+IFACE="$1"
+STATUS="$2"
+
+log_and_run() {
+  echo "[$(date)] Executing: $*"
+  if ! output=$("$@" 2>&1); then
+    echo "[$(date)] ERROR: Command failed: $*"
+    echo "[$(date)] Output: $output"
+  else
+    echo "[$(date)] Success: $*"
+  fi
+}
+
+# === VPN Routing Logic ===
+if [ "$IFACE" = "$VPN_IFACE" ]; then
+  case "$STATUS" in
+    up)
+      echo "[$(date)] VPN interface is up. Preparing routes..."
+
+      # === Wait for local interface and gateway ===
+      echo "[$(date)] Waiting for $LOCAL_IFACE (state UP) and gateway $GATEWAY (reachable)..."
+      until ip link show "$LOCAL_IFACE" | grep -q "state UP" && ip route get "$GATEWAY" &>/dev/null; do
+        echo "[$(date)] Waiting for $LOCAL_IFACE and $GATEWAY..."
+        sleep 1
+      done
+      echo "[$(date)] Local interface and gateway are ready."
+      # === End Wait ===
+
+      # === APPLY ROUTES (Corrected Order) ===
+      
+      # 1. Add the route for the local network FIRST
+      log_and_run /sbin/ip route replace "$ROUTE2" dev "$LOCAL_IFACE"
+      
+      # 2. Add the route to the VPN endpoint via the gateway SECOND
+      log_and_run /sbin/ip route replace "$ROUTE1" via "$GATEWAY" dev "$LOCAL_IFACE"
+      
+      # === END APPLY ROUTES ===
+
+      # Log interface and WireGuard status
+      echo "[$(date)] --- ip addr show $VPN_IFACE ---"
+      ip addr show "$VPN_IFACE"
+      echo "[$(date)] --- wg show $VPN_IFACE ---"
+      wg show "$VPN_IFACE"
+
+      ;;
+
+    down)
+      echo "[$(date)] VPN interface is down. Verifying before removing routes..."
+
+      # Log interface and WireGuard status
+      echo "[$(date)] --- ip addr show $VPN_IFACE ---"
+      ip addr show "$VPN_IFACE"
+      echo "[$(date)] --- wg show $VPN_IFACE ---"
+      wg show "$VPN_IFACE"
+
+      # Delay and confirm interface is still down
+      sleep 5
+      if ip link show "$VPN_IFACE" | grep -q "state UP"; then
+        echo "[$(date)] VPN interface is still up. Skipping route removal."
+      else
+        echo "[$(date)] Confirmed VPN is down. Removing routes..."
+        # It's good practice to remove them in reverse order, too.
+        log_and_run /sbin/ip route del "$ROUTE1" via "$GATEWAY" dev "$LOCAL_IFACE"
+        log_and_run /sbin/ip route del "$ROUTE2" dev "$LOCAL_IFACE"
+      fi
+      ;;
+  esac
+fi

Docker/entrypoint.sh

@@ -0,0 +1,387 @@
+#!/bin/bash
+set -e
+
+VERSION_FILE="/etc/wireguard/VERSION"
+if [ -f "$VERSION_FILE" ]; then
+    VERSION=$(cat "$VERSION_FILE")
+else
+    VERSION="unknown"
+fi
+echo "[init] VPN Container Entrypoint ${VERSION}"
+
+INTERFACE="wg0"
+MOUNT_CONFIG="/etc/wireguard/${INTERFACE}.conf"
+CONFIG_DIR="/run/wireguard"
+CONFIG_FILE="${CONFIG_DIR}/${INTERFACE}.conf"
+CHECK_INTERVAL="${HEALTH_CHECK_INTERVAL:-10}"
+CHECK_HOST="${HEALTH_CHECK_HOST:-1.1.1.1}"
+
+# ──────────────────────────────────────────────
+# Validate config exists, copy to writable location
+# ──────────────────────────────────────────────
+if [ ! -f "$MOUNT_CONFIG" ]; then
+    echo "[error] WireGuard config not found at ${MOUNT_CONFIG}"
+    echo "[error] Mount your config file: -v /path/to/your.conf:/etc/wireguard/wg0.conf:ro"
+    exit 1
+fi
+
+mkdir -p "$CONFIG_DIR"
+cp "$MOUNT_CONFIG" "$CONFIG_FILE"
+chmod 600 "$CONFIG_FILE"
+
+# Extract endpoint IP and port from the config
+VPN_ENDPOINT=$(grep -i '^Endpoint' "$CONFIG_FILE" | head -1 | sed 's/.*= *//;s/:.*//;s/ //g')
+VPN_PORT=$(grep -i '^Endpoint' "$CONFIG_FILE" | head -1 | sed 's/.*://;s/ //g')
+# Extract address
+VPN_ADDRESS=$(grep -i '^Address' "$CONFIG_FILE" | head -1 | sed 's/.*= *//;s/ //g')
+
+if [ -z "$VPN_ENDPOINT" ] || [ -z "$VPN_PORT" ]; then
+    echo "[error] Could not parse Endpoint from ${CONFIG_FILE}"
+    exit 1
+fi
+
+echo "[init] Config: ${CONFIG_FILE}"
+echo "[init] Endpoint: ${VPN_ENDPOINT}:${VPN_PORT}"
+echo "[init] Address: ${VPN_ADDRESS}"
+
+# ──────────────────────────────────────────────
+# Kill switch: only allow traffic through wg0
+# ──────────────────────────────────────────────
+setup_killswitch() {
+    echo "[killswitch] Setting up iptables kill switch..."
+
+    # Flush existing rules
+    iptables -F
+    iptables -X
+    iptables -t nat -F
+
+    # Default policy: DROP everything
+    iptables -P INPUT DROP
+    iptables -P FORWARD DROP
+    iptables -P OUTPUT DROP
+
+    # Allow loopback
+    iptables -A INPUT  -i lo -j ACCEPT
+    iptables -A OUTPUT -o lo -j ACCEPT
+
+    # Allow traffic to/from VPN endpoint (needed to establish tunnel)
+    iptables -A OUTPUT -d "$VPN_ENDPOINT" -p udp --dport "$VPN_PORT" -j ACCEPT
+    iptables -A INPUT  -s "$VPN_ENDPOINT" -p udp --sport "$VPN_PORT" -j ACCEPT
+
+    # Allow all traffic through the WireGuard interface
+    iptables -A INPUT  -i "$INTERFACE" -j ACCEPT
+    iptables -A OUTPUT -o "$INTERFACE" -j ACCEPT
+
+    # Allow DNS (VPN DNS servers are routed through wg0; allow before routing decision)
+    iptables -A OUTPUT -p udp --dport 53 -j ACCEPT
+    iptables -A OUTPUT -p tcp --dport 53 -j ACCEPT
+    iptables -A INPUT  -p udp --sport 53 -j ACCEPT
+    iptables -A INPUT  -p tcp --sport 53 -j ACCEPT
+
+    # Allow DHCP (for container networking)
+    iptables -A OUTPUT -p udp --dport 67:68 -j ACCEPT
+    iptables -A INPUT  -p udp --sport 67:68 -j ACCEPT
+
+    # Allow established/related connections
+    iptables -A INPUT  -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
+    iptables -A OUTPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
+
+    # ── Allow incoming connections to exposed service ports (e.g. app on 8000) ──
+    # LOCAL_PORTS can be set as env var, e.g. "8000,8080,3000"
+    if [ -n "${LOCAL_PORTS:-}" ]; then
+        for port in $(echo "$LOCAL_PORTS" | tr ',' ' '); do
+            echo "[killswitch] Allowing incoming traffic on port ${port}"
+            iptables -A INPUT  -p tcp --dport "$port" -j ACCEPT
+            iptables -A OUTPUT -p tcp --sport "$port" -j ACCEPT
+        done
+    fi
+
+    # ── FORWARDING (so other containers can use this VPN) ──
+    iptables -A FORWARD -i eth0 -o "$INTERFACE" -j ACCEPT
+    iptables -A FORWARD -i "$INTERFACE" -o eth0 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
+
+    # NAT: masquerade traffic from other containers going out through wg0
+    iptables -t nat -A POSTROUTING -o "$INTERFACE" -j MASQUERADE
+
+    echo "[killswitch] Kill switch active. Traffic blocked if VPN drops."
+}
+
+# ──────────────────────────────────────────────
+# Enable IP forwarding so other containers can route through us
+# ──────────────────────────────────────────────
+enable_forwarding() {
+    echo "[init] Enabling IP forwarding..."
+    if cat /proc/sys/net/ipv4/ip_forward 2>/dev/null | grep -q 1; then
+        echo "[init] IP forwarding already enabled."
+    elif echo 1 > /proc/sys/net/ipv4/ip_forward 2>/dev/null; then
+        echo "[init] IP forwarding enabled via /proc."
+    else
+        echo "[init] /proc read-only — relying on --sysctl net.ipv4.ip_forward=1"
+    fi
+}
+
+# ──────────────────────────────────────────────
+# Start WireGuard manually (no wg-quick, avoids sysctl issues)
+# ──────────────────────────────────────────────
+start_vpn() {
+    echo "[vpn] Starting WireGuard interface ${INTERFACE}..."
+
+    # Create the interface
+    ip link add "$INTERFACE" type wireguard
+
+    # Apply the WireGuard config (keys, peer, endpoint)
+    # Filter out wg-quick directives that wg setconf doesn't understand
+    wg setconf "$INTERFACE" <(grep -v -i '^\(Address\|DNS\|MTU\|Table\|PreUp\|PostUp\|PreDown\|PostDown\|SaveConfig\)' "$CONFIG_FILE")
+
+    # Log public key so it can be verified against the server's peer list
+    local PUBKEY
+    PUBKEY=$(wg show "$INTERFACE" public-key 2>/dev/null || echo "unknown")
+    echo "[vpn] Public key: ${PUBKEY}"
+
+    # Assign the address
+    ip -4 address add "$VPN_ADDRESS" dev "$INTERFACE"
+
+    # Set MTU and bring up
+    ip link set mtu 1420 up dev "$INTERFACE"
+
+    # ── fwmark-based routing (mirrors wg-quick behavior) ──
+    # WireGuard marks its own encapsulated UDP packets with this fwmark.
+    # Policy rules then ensure:
+    #   - Normal packets (no mark) → VPN routing table → wg0
+    #   - WireGuard-encapsulated packets (marked) → main table → eth0
+    local FW_MARK=51820
+    local FW_TABLE=51820
+    wg set "$INTERFACE" fwmark "$FW_MARK"
+
+    # Remove any auto-created default route on wg0
+    ip route del default dev "$INTERFACE" 2>/dev/null || true
+
+    # VPN routing table: send everything through the tunnel
+    ip -4 route add default dev "$INTERFACE" table "$FW_TABLE"
+
+    # Policy rules:
+    # 1. Packets NOT marked by WireGuard use the VPN table (→ wg0)
+    # 2. suppress_prefixlength 0: ignore bare default routes in main table,
+    #    but keep more-specific routes (e.g. LAN, endpoint) working
+    ip -4 rule add not fwmark "$FW_MARK" table "$FW_TABLE"
+    ip -4 rule add table main suppress_prefixlength 0
+
+    # Find default gateway/interface
+    DEFAULT_GW=$(ip route | grep '^default' | head -1 | awk '{print $3}')
+    DEFAULT_IF=$(ip route | grep '^default' | head -1 | awk '{print $5}')
+
+    # ── Policy routing: ensure responses to incoming LAN traffic go back via eth0 ──
+    if [ -n "$DEFAULT_GW" ] && [ -n "$DEFAULT_IF" ]; then
+        # Get the container's eth0 IP address (BusyBox-compatible, no grep -P)
+        ETH0_IP=$(ip -4 addr show "$DEFAULT_IF" | awk '/inet / {split($2, a, "/"); print a[1]}' | head -1)
+        ETH0_SUBNET=$(ip -4 route show dev "$DEFAULT_IF" | grep -v default | head -1 | awk '{print $1}')
+        if [ -n "$ETH0_IP" ] && [ -n "$ETH0_SUBNET" ]; then
+            echo "[vpn] Setting up policy routing for incoming traffic (${ETH0_IP} on ${DEFAULT_IF})"
+            ip route add default via "$DEFAULT_GW" dev "$DEFAULT_IF" table 100 2>/dev/null || true
+            ip route add "$ETH0_SUBNET" dev "$DEFAULT_IF" table 100 2>/dev/null || true
+            ip rule add from "$ETH0_IP" table 100 priority 100 2>/dev/null || true
+            echo "[vpn] Policy routing active — incoming connections will be routed back via ${DEFAULT_IF}"
+        fi
+    fi
+
+    # Set up DNS (handle comma-separated DNS servers)
+    VPN_DNS=$(grep -i '^DNS' "$CONFIG_FILE" | head -1 | sed 's/.*= *//;s/ //g')
+    if [ -n "$VPN_DNS" ]; then
+        # Clear resolv.conf and add each DNS server on its own line
+        > /etc/resolv.conf
+        for dns in $(echo "$VPN_DNS" | tr ',' ' '); do
+            echo "nameserver $dns" >> /etc/resolv.conf
+            # Add explicit route to DNS server through wg0 so it's found in main table
+            # (suppress_prefixlength 0 ignores default routes but allows host routes)
+            ip -4 route add "$dns" dev "$INTERFACE" 2>/dev/null || true
+        done
+        echo "[vpn] DNS set to: ${VPN_DNS}"
+    fi
+
+    # Add explicit host route for the health-check target so it is picked up by
+    # the 'lookup main suppress_prefixlength 0' rule (same as DNS servers above).
+    # Without this, CHECK_HOST falls through to the VPN table default route whose
+    # source-address selection can be defeated by the priority-100 'from ETH0_IP'
+    # policy rule, causing pings to bypass wg0 and be dropped by the kill switch.
+    ip -4 route add "${CHECK_HOST}" dev "$INTERFACE" 2>/dev/null || true
+    echo "[vpn] Health-check route: ${CHECK_HOST} → ${INTERFACE}"
+
+    echo "[vpn] WireGuard interface ${INTERFACE} is up."
+    echo "[vpn] Main routes:"
+    ip route show | sed 's/^/[vpn]   /'
+    echo "[vpn] VPN table ($FW_TABLE):"
+    ip route show table "$FW_TABLE" 2>/dev/null | sed 's/^/[vpn]   /'
+    echo "[vpn] Policy rules:"
+    ip rule show | sed 's/^/[vpn]   /'
+    echo "[vpn] WireGuard status:"
+    wg show "$INTERFACE" 2>/dev/null | sed 's/^/[vpn]   /'
+}
+
+# ──────────────────────────────────────────────
+# Stop WireGuard manually
+# ──────────────────────────────────────────────
+stop_vpn() {
+    echo "[vpn] Stopping WireGuard interface ${INTERFACE}..."
+
+    local FW_MARK=51820
+    local FW_TABLE=51820
+
+    # Remove fwmark-based policy rules
+    ip -4 rule del not fwmark "$FW_MARK" table "$FW_TABLE" 2>/dev/null || true
+    ip -4 rule del table main suppress_prefixlength 0 2>/dev/null || true
+
+    # Flush VPN routing table
+    ip -4 route flush table "$FW_TABLE" 2>/dev/null || true
+
+    # Remove LAN policy routing
+    ip -4 rule del table 100 2>/dev/null || true
+    ip -4 route flush table 100 2>/dev/null || true
+
+    ip link del "$INTERFACE" 2>/dev/null || true
+}
+
+# ──────────────────────────────────────────────
+# Health check loop — restarts VPN if tunnel dies
+# ──────────────────────────────────────────────
+health_loop() {
+    local failures=0
+    local max_failures=3
+
+    echo "[health] Starting health check (every ${CHECK_INTERVAL}s, target ${CHECK_HOST})..."
+
+    while true; do
+        sleep "$CHECK_INTERVAL"
+
+        if ping -c 1 -W 5 "$CHECK_HOST" > /dev/null 2>&1; then
+            if [ "$failures" -gt 0 ]; then
+                echo "[health] VPN recovered."
+                failures=0
+            fi
+            # Secondary DNS check
+            if ping -c 1 -W 5 "google.com" > /dev/null 2>&1; then
+                : # DNS OK — silent
+            else
+                echo "[health] WARN google.com unreachable — possible DNS issue"
+            fi
+        else
+            failures=$((failures + 1))
+            echo "[health] Check failed ($failures/$max_failures) — ping ${CHECK_HOST} failed"
+            # Secondary check: distinguish IP failure from DNS failure
+            if ping -c 1 -W 5 "google.com" > /dev/null 2>&1; then
+                echo "[health] INFO google.com reachable — DNS works, ${CHECK_HOST} may be filtered"
+            else
+                echo "[health] INFO google.com also unreachable — DNS or general routing failure"
+            fi
+            # Dump WireGuard stats to show if handshake is stale and how much data flows
+            echo "[health] wg stats:"
+            wg show "$INTERFACE" 2>/dev/null | grep -E 'latest handshake|transfer|endpoint' | sed 's/^/[health]   /' || echo "[health]   wg0 not found"
+            echo "[health] routes:"
+            ip route show | grep -E 'wg0|default' | sed 's/^/[health]   /'
+
+            if [ "$failures" -ge "$max_failures" ]; then
+                echo "[health] VPN appears down. Restarting WireGuard..."
+                stop_vpn
+                sleep 2
+                start_vpn
+                failures=0
+                echo "[health] WireGuard restarted."
+            fi
+        fi
+    done
+}
+
+# ──────────────────────────────────────────────
+# Graceful shutdown
+# ──────────────────────────────────────────────
+cleanup() {
+    echo "[shutdown] Stopping WireGuard..."
+    stop_vpn
+    echo "[shutdown] Flushing iptables..."
+    iptables -F
+    iptables -t nat -F
+    echo "[shutdown] Done."
+    exit 0
+}
+
+trap cleanup SIGTERM SIGINT
+
+# ──────────────────────────────────────────────
+# Startup connectivity checks — diagnose issues early
+# ──────────────────────────────────────────────
+check_vpn_connectivity() {
+    echo "[check] ── Startup connectivity checks ──"
+
+    # 1. Wait for WireGuard handshake (up to 15s)
+    local elapsed=0
+    local handshake_ts=0
+    echo "[check] Waiting for WireGuard handshake (up to 15s)..."
+    while [ "$elapsed" -lt 15 ]; do
+        handshake_ts=$(wg show "$INTERFACE" latest-handshakes 2>/dev/null | awk '{print $2}' | head -1)
+        if [ -n "$handshake_ts" ] && [ "$handshake_ts" != "0" ]; then
+            local age=$(( $(date +%s) - handshake_ts ))
+            echo "[check] OK   Handshake established ${age}s ago"
+            break
+        fi
+        sleep 1
+        elapsed=$((elapsed + 1))
+    done
+    if [ "$elapsed" -ge 15 ]; then
+        echo "[check] FAIL No WireGuard handshake after 15s — tunnel is not up"
+        echo "[check]      This container's public key (must be on the server):"
+        echo "[check]        PublicKey  = $(wg show "$INTERFACE" public-key 2>/dev/null || echo 'unknown')"
+        echo "[check]        AllowedIPs = ${VPN_ADDRESS}"
+        echo "[check]      Verify on server: wg show"
+    fi
+
+    # 2. Check whether traffic actually flows through the tunnel
+    echo "[check] Testing traffic through tunnel (ping ${CHECK_HOST})..."
+    local rx_before
+    rx_before=$(wg show "$INTERFACE" transfer 2>/dev/null | awk '{print $2}' | head -1)
+
+    if ping -c 1 -W 8 "${CHECK_HOST}" > /dev/null 2>&1; then
+        echo "[check] OK   Traffic flows — tunnel is fully working"
+    else
+        local rx_after
+        rx_after=$(wg show "$INTERFACE" transfer 2>/dev/null | awk '{print $2}' | head -1)
+        echo "[check] FAIL ping ${CHECK_HOST} unreachable through tunnel"
+
+        if [ -n "$rx_before" ] && [ -n "$rx_after" ]; then
+            if [ "$rx_after" -le "$rx_before" ]; then
+                echo "[check]      RX bytes unchanged (${rx_before} → ${rx_after})"
+                echo "[check]      Server receives packets but does NOT route them back"
+                echo "[check]      Fix on VPN server (${VPN_ENDPOINT}):"
+                echo "[check]        sysctl net.ipv4.ip_forward              # must output 1"
+                echo "[check]        iptables -t nat -L POSTROUTING -v -n    # must have MASQUERADE"
+                echo "[check]        wg show                                  # check peer + AllowedIPs"
+            else
+                echo "[check]      RX increased (${rx_before} → ${rx_after}) — tunnel passes data"
+                echo "[check]      Issue may be specific to ${CHECK_HOST} or DNS"
+            fi
+        fi
+
+        local transfer
+        transfer=$(wg show "$INTERFACE" transfer 2>/dev/null | awk '{printf "rx=%s tx=%s", $2, $3}')
+        echo "[check]      wg transfer: ${transfer}"
+    fi
+
+    # 3. DNS check
+    echo "[check] Testing DNS resolution..."
+    if nslookup 1.1.1.1 > /dev/null 2>&1 || nslookup google.com > /dev/null 2>&1; then
+        echo "[check] OK   DNS resolves"
+    else
+        echo "[check] FAIL DNS resolution failed"
+        echo "[check]      resolv.conf: $(tr '\n' ' ' < /etc/resolv.conf)"
+        echo "[check]      Check that DNS servers are reachable through wg0"
+        echo "[check] ── End of checks ──"
+        exit 1
+    fi
+
+    echo "[check] ── End of checks ──"
+}
+
+# ── Main ──
+enable_forwarding
+setup_killswitch
+start_vpn
+check_vpn_connectivity
+health_loop

Docker/nl.conf

@@ -0,0 +1,16 @@
+[Interface]
+PrivateKey = EPRa2f/v72LvIXAY4yqIRJifsSb+nCcYHqC2rwA94UI=
+Address = 100.64.244.78/32
+DNS = 198.18.0.1,198.18.0.2
+
+# Route zum VPN-Server direkt über dein lokales Netz
+PostUp = ip route add 91.148.236.64 via 192.168.178.1 dev wlp4s0f0
+PostUp = ip route add 192.168.178.0/24 via 192.168.178.1 dev wlp4s0f0
+PostDown = ip route del 91.148.236.64 via 192.168.178.1 dev wlp4s0f0
+PostDown = ip route del 192.168.178.0/24 via 192.168.178.1 dev wlp4s0f0
+
+[Peer]
+PublicKey = KgTUh3KLijVluDvNpzDCJJfrJ7EyLzYLmdHCksG4sRg=
+AllowedIPs = 0.0.0.0/0
+Endpoint = 91.148.236.64:51820
+

Docker/podman-compose.prod.yml

@@ -0,0 +1,56 @@
+# Production compose — pulls pre-built images from Gitea registry.
+#
+# Usage:
+#   podman login git.lpl-mind.de
+#   podman-compose -f podman-compose.prod.yml pull
+#   podman-compose -f podman-compose.prod.yml up -d
+#
+# Required files:
+#   - wg0.conf  (WireGuard configuration in the same directory)
+
+services:
+  vpn:
+    image: git.lpl-mind.de/lukas.pupkalipinski/aniworld/vpn:latest
+    container_name: vpn-wireguard
+    cap_add:
+      - NET_ADMIN
+      - SYS_MODULE
+      - NET_RAW
+    sysctls:
+      - net.ipv4.ip_forward=1
+      - net.ipv4.conf.all.src_valid_mark=1
+    volumes:
+      - /server/server_aniworld/wg0.conf:/etc/wireguard/wg0.conf:ro
+      - /lib/modules:/lib/modules:ro
+    ports:
+      - "8000:8000"
+    environment:
+      - HEALTH_CHECK_INTERVAL=10
+      - HEALTH_CHECK_HOST=1.1.1.1
+      - LOCAL_PORTS=8000
+      - PUID=1013
+      - PGID=1001
+    restart: unless-stopped
+    healthcheck:
+      test: ["CMD", "curl", "-sf", "--max-time", "5", "http://1.1.1.1"]
+      interval: 30s
+      timeout: 10s
+      retries: 5
+      start_period: 60s
+
+  app:
+    image: git.lpl-mind.de/lukas.pupkalipinski/aniworld/app:latest
+    container_name: aniworld-app
+    network_mode: "service:vpn"
+    depends_on:
+      vpn:
+        condition: service_healthy
+    environment:
+      - PYTHONUNBUFFERED=1
+      - PUID=1013
+      - PGID=1001
+    volumes:
+      - /server/server_aniworld/data:/app/data
+      - /server/server_aniworld/logs:/app/logs
+      - /media/serien/Serien:/data
+    restart: unless-stopped

Docker/podman-compose.yml

@@ -0,0 +1,49 @@
+services:
+  vpn:
+    build:
+      context: .
+      dockerfile: Containerfile
+    container_name: vpn-wireguard
+    cap_add:
+      - NET_ADMIN
+      - SYS_MODULE
+      - NET_RAW
+    sysctls:
+      - net.ipv4.ip_forward=1
+      - net.ipv4.conf.all.src_valid_mark=1
+    volumes:
+      - ./wg0.conf:/etc/wireguard/wg0.conf:ro
+      - /lib/modules:/lib/modules:ro
+    ports:
+      - "8000:8000"
+    environment:
+      - HEALTH_CHECK_INTERVAL=10
+      - HEALTH_CHECK_HOST=1.1.1.1
+      - LOCAL_PORTS=8000
+    restart: unless-stopped
+    healthcheck:
+      test: ["CMD", "ping", "-c", "1", "-W", "5", "1.1.1.1"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+
+  app:
+    build:
+      context: ..
+      dockerfile: Docker/Dockerfile.app
+    container_name: aniworld-app
+    network_mode: "service:vpn"
+    depends_on:
+      vpn:
+        condition: service_healthy
+    environment:
+      - PYTHONUNBUFFERED=1
+      - LOG_LEVEL=DEBUG
+    volumes:
+      - app-data:/app/data
+      - app-logs:/app/logs
+    restart: unless-stopped
+
+volumes:
+  app-data:
+  app-logs:

Docker/push.sh

@@ -0,0 +1,140 @@
+#!/usr/bin/env bash
+#
+# Build and push AniWorld container images to the Gitea registry.
+#
+# Usage:
+#   ./push.sh              # builds & pushes app with tag "latest"
+#   ./push.sh app          # builds & pushes app image
+#   ./push.sh vpn          # builds & pushes vpn image
+#   ./push.sh all          # builds & pushes both images
+#   ./push.sh app v1.2.3   # builds & pushes app with tag "v1.2.3"
+#   ./push.sh vpn v1.2.3   # builds & pushes vpn with tag "v1.2.3"
+#   ./push.sh all v1.2.3   # builds & pushes both images
+#   ./push.sh app v1.2.3 --no-build   # pushes existing image only
+#
+# Prerequisites:
+#   podman login git.lpl-mind.de   (or: docker login git.lpl-mind.de)
+
+set -euo pipefail
+
+# ---------------------------------------------------------------------------
+# Configuration
+# ---------------------------------------------------------------------------
+REGISTRY="git.lpl-mind.de"
+NAMESPACE="lukas.pupkalipinski"
+PROJECT="aniworld"
+
+APP_IMAGE="${REGISTRY}/${NAMESPACE}/${PROJECT}/app"
+VPN_IMAGE="${REGISTRY}/${NAMESPACE}/${PROJECT}/vpn"
+
+# Parse arguments
+TARGET="${1:-app}"
+TAG="${2:-latest}"
+SKIP_BUILD=false
+if [[ "${3:-}" == "--no-build" ]]; then
+    SKIP_BUILD=true
+fi
+
+# Validate target
+if [[ "${TARGET}" != "app" && "${TARGET}" != "vpn" && "${TARGET}" != "all" ]]; then
+    echo "ERROR: Invalid target '${TARGET}'. Must be one of: app, vpn, all" >&2
+    exit 1
+fi
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+PROJECT_ROOT="$(cd "${SCRIPT_DIR}/.." && pwd)"
+
+# ---------------------------------------------------------------------------
+# Helpers
+# ---------------------------------------------------------------------------
+log() { echo -e "\n>>> $*"; }
+err() { echo -e "\nERROR: $*" >&2; exit 1; }
+
+# Detect container engine (podman preferred, docker fallback)
+if command -v podman &>/dev/null; then
+    ENGINE="podman"
+elif command -v docker &>/dev/null; then
+    ENGINE="docker"
+else
+    err "Neither podman nor docker is installed."
+fi
+
+# ---------------------------------------------------------------------------
+# Pre-flight checks
+# ---------------------------------------------------------------------------
+echo "============================================"
+echo " AniWorld — Build & Push"
+echo " Engine   : ${ENGINE}"
+echo " Registry : ${REGISTRY}"
+echo " Target   : ${TARGET}"
+echo " Tag      : ${TAG}"
+echo "============================================"
+
+log "Logging in to ${REGISTRY}"
+"${ENGINE}" login "${REGISTRY}"
+
+# ---------------------------------------------------------------------------
+# Build
+# ---------------------------------------------------------------------------
+build_app() {
+    log "Building app image  →  ${APP_IMAGE}:${TAG}"
+    "${ENGINE}" build \
+        -t "${APP_IMAGE}:${TAG}" \
+        -f "${SCRIPT_DIR}/Dockerfile.app" \
+        "${PROJECT_ROOT}"
+}
+
+build_vpn() {
+    log "Building vpn image  →  ${VPN_IMAGE}:${TAG}"
+    "${ENGINE}" build \
+        -t "${VPN_IMAGE}:${TAG}" \
+        -f "${SCRIPT_DIR}/Containerfile" \
+        "${SCRIPT_DIR}"
+}
+
+if [[ "${SKIP_BUILD}" == false ]]; then
+    case "${TARGET}" in
+        app)  build_app ;;
+        vpn)  build_vpn ;;
+        all)  build_app; build_vpn ;;
+    esac
+fi
+
+# ---------------------------------------------------------------------------
+# Push
+# ---------------------------------------------------------------------------
+push_app() {
+    log "Pushing ${APP_IMAGE}:${TAG}"
+    "${ENGINE}" push "${APP_IMAGE}:${TAG}"
+}
+
+push_vpn() {
+    log "Pushing ${VPN_IMAGE}:${TAG}"
+    "${ENGINE}" push "${VPN_IMAGE}:${TAG}"
+}
+
+case "${TARGET}" in
+    app)  push_app ;;
+    vpn)  push_vpn ;;
+    all)  push_app; push_vpn ;;
+esac
+
+# ---------------------------------------------------------------------------
+# Summary
+# ---------------------------------------------------------------------------
+echo ""
+echo "============================================"
+echo "  Push complete!"
+echo ""
+echo " Images:"
+case "${TARGET}" in
+    app)  echo "   ${APP_IMAGE}:${TAG}" ;;
+    vpn)  echo "   ${VPN_IMAGE}:${TAG}" ;;
+    all)  echo "   ${APP_IMAGE}:${TAG}"; echo "   ${VPN_IMAGE}:${TAG}" ;;
+esac
+echo ""
+echo " Deploy on server:"
+echo "   ${ENGINE} login ${REGISTRY}"
+echo "   ${ENGINE} compose -f Docker/podman-compose.prod.yml pull"
+echo "   ${ENGINE} compose -f Docker/podman-compose.prod.yml up -d"
+echo "============================================"

Docker/release.sh

@@ -0,0 +1,129 @@
+#!/usr/bin/env bash
+#
+# Bump the project version and push images to the registry.
+#
+# Usage:
+#   ./release.sh
+#
+# The current version is stored in VERSION (next to this script).
+# You will be asked whether to bump major, minor, or patch.
+
+set -euo pipefail
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+VERSION_FILE="${SCRIPT_DIR}/VERSION"
+
+# ---------------------------------------------------------------------------
+# Read current version
+# ---------------------------------------------------------------------------
+if [[ ! -f "${VERSION_FILE}" ]]; then
+    echo "0.0.0" > "${VERSION_FILE}"
+fi
+
+CURRENT="$(cat "${VERSION_FILE}")"
+# Strip leading 'v' for arithmetic
+VERSION="${CURRENT#v}"
+
+IFS='.' read -r MAJOR MINOR PATCH <<< "${VERSION}"
+
+echo "============================================"
+echo " AniWorld — Release"
+echo " Current version: v${MAJOR}.${MINOR}.${PATCH}"
+echo "============================================"
+echo ""
+echo "Which image(s) would you like to release?"
+echo "  1) app  (Dockerfile.app)"
+echo "  2) vpn  (Containerfile)"
+echo "  3) all  (both images)"
+echo ""
+read -rp "Enter choice [1/2/3]: " TARGET_CHOICE
+
+case "${TARGET_CHOICE}" in
+    1) TARGET="app" ;;
+    2) TARGET="vpn" ;;
+    3) TARGET="all" ;;
+    *)
+        echo "Invalid choice. Aborting." >&2
+        exit 1
+        ;;
+esac
+
+echo ""
+echo "How would you like to bump the version?"
+echo "  1) patch  (v${MAJOR}.${MINOR}.${PATCH} → v${MAJOR}.${MINOR}.$((PATCH + 1)))"
+echo "  2) minor  (v${MAJOR}.${MINOR}.${PATCH} → v${MAJOR}.$((MINOR + 1)).0)"
+echo "  3) major  (v${MAJOR}.${MINOR}.${PATCH} → v$((MAJOR + 1)).0.0)"
+echo ""
+read -rp "Enter choice [1/2/3]: " CHOICE
+
+case "${CHOICE}" in
+    1) NEW_TAG="v${MAJOR}.${MINOR}.$((PATCH + 1))" ;;
+    2) NEW_TAG="v${MAJOR}.$((MINOR + 1)).0" ;;
+    3) NEW_TAG="v$((MAJOR + 1)).0.0" ;;
+    *)
+        echo "Invalid choice. Aborting." >&2
+        exit 1
+        ;;
+esac
+
+echo ""
+echo "New version: ${NEW_TAG}"
+echo "Target: ${TARGET}"
+read -rp "Confirm? [y/N]: " CONFIRM
+if [[ ! "${CONFIRM}" =~ ^[yY]$ ]]; then
+    echo "Aborted."
+    exit 0
+fi
+
+# ---------------------------------------------------------------------------
+# Write new version
+# ---------------------------------------------------------------------------
+echo "${NEW_TAG}" > "${VERSION_FILE}"
+echo "Version file updated → ${VERSION_FILE}"
+
+# Keep root package.json in sync.
+FRONT_VERSION="${NEW_TAG#v}"
+FRONT_PKG="${SCRIPT_DIR}/../package.json"
+if [[ -f "${FRONT_PKG}" ]]; then
+    sed -i "s/\"version\": \"[^\"]*\"/\"version\": \"${FRONT_VERSION}\"/" "${FRONT_PKG}"
+    echo "package.json version updated → ${FRONT_VERSION}"
+else
+    echo "Warning: package.json not found, skipping package.json version sync" >&2
+fi
+
+# Keep root pyproject.toml in sync.
+BACKEND_PYPROJECT="${SCRIPT_DIR}/../pyproject.toml"
+if [[ -f "${BACKEND_PYPROJECT}" ]]; then
+    # Update version under [project] section if present
+    if grep -q '^\[project\]' "${BACKEND_PYPROJECT}"; then
+        sed -i "/^\[project\]/,/^\[/ s/^version = \".*\"/version = \"${FRONT_VERSION}\"/" "${BACKEND_PYPROJECT}"
+    else
+        sed -i "s/^version = \".*\"/version = \"${FRONT_VERSION}\"/" "${BACKEND_PYPROJECT}"
+    fi
+    echo "pyproject.toml version updated → ${FRONT_VERSION}"
+else
+    echo "Warning: pyproject.toml not found, skipping pyproject.toml version sync" >&2
+fi
+
+# ---------------------------------------------------------------------------
+# Push containers
+# ---------------------------------------------------------------------------
+bash "${SCRIPT_DIR}/push.sh" "${TARGET}" "${NEW_TAG}"
+bash "${SCRIPT_DIR}/push.sh" "${TARGET}"
+
+
+# ---------------------------------------------------------------------------
+# Git tag (local only; push after container build)
+# ---------------------------------------------------------------------------
+cd "${SCRIPT_DIR}/.."
+git add Docker/VERSION package.json pyproject.toml
+git commit -m "chore: bump version"
+git tag -a "${NEW_TAG}" -m "Release ${NEW_TAG}"
+echo "Local git commit + tag ${NEW_TAG} created."
+
+# ---------------------------------------------------------------------------
+# Push git commits & tag
+# ---------------------------------------------------------------------------
+git push origin HEAD
+git push origin "${NEW_TAG}"
+echo "Git commit and tag ${NEW_TAG} pushed."

Docker/test_vpn.py

@@ -0,0 +1,253 @@
+"""
+Integration test for the WireGuard VPN Podman image.
+
+Verifies:
+1. The image builds successfully.
+2. The container starts and becomes healthy.
+3. The public IP inside the VPN differs from the host IP.
+4. Kill switch blocks traffic when WireGuard is down.
+5. AllowedIPs routes are set dynamically from the config.
+
+Requirements:
+    - podman installed
+    - Root/sudo (NET_ADMIN capability) for container runtime tests
+    - A valid WireGuard config at ./wg0.conf (or ./nl.conf)
+
+Usage:
+    # Build-only test (no sudo needed):
+    python3 -m pytest test_vpn.py::TestVPNImage::test_00_build_image -v
+
+    # Full integration test (requires sudo):
+    sudo python3 -m pytest test_vpn.py -v
+    # or
+    sudo python3 test_vpn.py
+"""
+
+import logging
+import os
+import subprocess
+import sys
+import time
+import unittest
+
+logger = logging.getLogger(__name__)
+
+IMAGE_NAME = "vpn-wireguard-test"
+CONTAINER_NAME = "vpn-test-container"
+CONFIG_FILE = os.path.join(os.path.dirname(os.path.abspath(__file__)), "wg0.conf")
+BUILD_DIR = os.path.dirname(os.path.abspath(__file__))
+IP_CHECK_URL = "https://ifconfig.me"
+STARTUP_TIMEOUT = 30  # seconds to wait for VPN to come up
+HEALTH_POLL_INTERVAL = 2  # seconds between health checks
+
+
+def is_root() -> bool:
+    """Check if running as root."""
+    return os.geteuid() == 0
+
+
+def run(cmd: list[str], timeout: int = 30, check: bool = True) -> subprocess.CompletedProcess:
+    """Run a command and return the result."""
+    return subprocess.run(cmd, capture_output=True, text=True, timeout=timeout, check=check)
+
+
+def get_host_ip() -> str:
+    """Get the public IP of the host machine."""
+    result = run(["curl", "-s", "--max-time", "10", IP_CHECK_URL])
+    return result.stdout.strip()
+
+
+def podman_exec(container: str, cmd: list[str], timeout: int = 15) -> subprocess.CompletedProcess:
+    """Execute a command inside a running container."""
+    return run(["podman", "exec", container] + cmd, timeout=timeout, check=False)
+
+
+class TestVPNImage(unittest.TestCase):
+    """Test suite for the WireGuard VPN container."""
+
+    host_ip: str = ""
+    container_id: str = ""
+
+    @classmethod
+    def setUpClass(cls):
+        """Build image, get host IP, start container, wait for VPN."""
+        # Clean up any leftover container from a previous run
+        subprocess.run(
+            ["podman", "rm", "-f", CONTAINER_NAME],
+            capture_output=True, check=False,
+        )
+
+        # ── 1. Get host public IP before VPN ──
+        logger.info("Fetching host public IP...")
+        cls.host_ip = get_host_ip()
+        logger.info("Host public IP: %s", cls.host_ip)
+        assert cls.host_ip, "Could not determine host public IP"
+
+        # ── 2. Build the image ──
+        logger.info("Building image '%s'...", IMAGE_NAME)
+        result = run(
+            ["podman", "build", "-t", IMAGE_NAME, BUILD_DIR],
+            timeout=180,
+        )
+        logger.debug(
+            "Build output: %s",
+            result.stdout[-500:] if len(result.stdout) > 500 else result.stdout,
+        )
+        assert result.returncode == 0, f"Build failed:\n{result.stderr}"
+        logger.info("Image built successfully.")
+
+        # Skip container runtime tests if not root
+        if not is_root():
+            logger.warning("Not running as root — skipping container runtime tests.")
+            cls.container_id = ""
+            return
+
+        # ── 3. Start the container ──
+        logger.info("Starting container '%s'...", CONTAINER_NAME)
+        result = run(
+            [
+                "podman", "run", "-d",
+                "--name", CONTAINER_NAME,
+                "--cap-add=NET_ADMIN",
+                "--cap-add=SYS_MODULE",
+                "--sysctl", "net.ipv4.ip_forward=1",
+                "-v", f"{CONFIG_FILE}:/etc/wireguard/wg0.conf:ro",
+                "-v", "/lib/modules:/lib/modules:ro",
+                IMAGE_NAME,
+            ],
+            timeout=30,
+            check=False,
+        )
+        assert result.returncode == 0, f"Container failed to start:\n{result.stderr}"
+        cls.container_id = result.stdout.strip()
+        logger.info("Container started: %s", cls.container_id[:12])
+
+        # Verify it's running
+        inspect = run(
+            ["podman", "inspect", "-f", "{{.State.Running}}", CONTAINER_NAME],
+            check=False,
+        )
+        assert inspect.stdout.strip() == "true", "Container is not running"
+
+        # ── 4. Wait for VPN to come up ──
+        logger.info("Waiting up to %d seconds for VPN tunnel...", STARTUP_TIMEOUT)
+        vpn_up = cls._wait_for_vpn_cls(STARTUP_TIMEOUT)
+        assert vpn_up, f"VPN did not come up within {STARTUP_TIMEOUT}s"
+        logger.info("VPN tunnel is up. Running tests.")
+
+    @classmethod
+    def tearDownClass(cls):
+        """Stop and remove the container."""
+        if not is_root():
+            return
+        logger.info("Cleaning up test container...")
+        subprocess.run(["podman", "rm", "-f", CONTAINER_NAME], capture_output=True, check=False)
+        logger.info("Cleanup complete.")
+
+    @classmethod
+    def _wait_for_vpn_cls(cls, timeout: int = STARTUP_TIMEOUT) -> bool:
+        """Wait until the VPN tunnel is up (can reach the internet)."""
+        deadline = time.time() + timeout
+        while time.time() < deadline:
+            result = podman_exec(CONTAINER_NAME, ["ping", "-c", "1", "-W", "3", "1.1.1.1"])
+            if result.returncode == 0:
+                return True
+            time.sleep(HEALTH_POLL_INTERVAL)
+        return False
+
+    def _get_vpn_ip(self) -> str:
+        """Get the public IP as seen from inside the container."""
+        result = podman_exec(
+            CONTAINER_NAME,
+            ["curl", "-s", "--max-time", "10", IP_CHECK_URL],
+            timeout=20,
+        )
+        return result.stdout.strip()
+
+    def _skip_if_not_root(self):
+        """Skip test if not running as root."""
+        if not is_root():
+            self.skipTest("This test requires root/sudo privileges")
+
+    # ── Tests ────────────────────────────────────────────────
+
+    def test_00_build_image(self):
+        """The image builds successfully."""
+        # This is already verified in setUpClass, just confirm here
+        result = run(["podman", "images", "--format", "{{.Repository}}:{{.Tag}}"])
+        self.assertIn(IMAGE_NAME, result.stdout, "Image was not built")
+
+    def test_01_ip_differs_from_host(self):
+        """Public IP inside VPN is different from host IP."""
+        self._skip_if_not_root()
+        vpn_ip = self._get_vpn_ip()
+        logger.info("VPN public IP: %s", vpn_ip)
+        logger.info("Host public IP: %s", self.host_ip)
+
+        self.assertTrue(vpn_ip, "Could not fetch IP from inside the container")
+        self.assertNotEqual(
+            vpn_ip,
+            self.host_ip,
+            f"VPN IP ({vpn_ip}) is the same as host IP — VPN is not working!",
+        )
+
+    def test_02_wireguard_interface_exists(self):
+        """The wg0 interface is present in the container."""
+        self._skip_if_not_root()
+        result = podman_exec(CONTAINER_NAME, ["wg", "show", "wg0"])
+        self.assertEqual(result.returncode, 0, f"wg show failed:\n{result.stderr}")
+        self.assertIn("peer", result.stdout.lower(), "No peer information in wg show output")
+        # AllowedIPs should be present in wg show output
+        self.assertIn("allowed ips", result.stdout.lower(), "AllowedIPs not found in wg show output")
+
+    def test_03_allowedips_routes_set(self):
+        """Routes are set dynamically based on AllowedIPs from config."""
+        self._skip_if_not_root()
+        # Check that routes exist for the AllowedIPs
+        result = podman_exec(CONTAINER_NAME, ["ip", "route", "show", "dev", "wg0"])
+        self.assertEqual(result.returncode, 0, f"ip route show failed:\n{result.stderr}")
+        # The config has AllowedIPs = 0.0.0.0/0, which should result in:
+        # 0.0.0.0/1 dev wg0 and 128.0.0.0/1 dev wg0
+        self.assertIn("0.0.0.0/1", result.stdout, "Route 0.0.0.0/1 not found")
+        self.assertIn("128.0.0.0/1", result.stdout, "Route 128.0.0.0/1 not found")
+        # Make sure there is NO default route through wg0 (Table = off should prevent this)
+        self.assertNotIn("default dev wg0", result.stdout, "Default route through wg0 found — Table = off not working!")
+        logger.info("AllowedIPs routes verified: %s", result.stdout.strip())
+
+    def test_03b_dns_configured(self):
+        """DNS is configured correctly with multiple nameserver lines."""
+        self._skip_if_not_root()
+        result = podman_exec(CONTAINER_NAME, ["cat", "/etc/resolv.conf"])
+        self.assertEqual(result.returncode, 0, f"cat /etc/resolv.conf failed:\n{result.stderr}")
+        # Should have two separate nameserver lines, not one with commas
+        self.assertIn("nameserver 198.18.0.1", result.stdout, "DNS 198.18.0.1 not found")
+        self.assertIn("nameserver 198.18.0.2", result.stdout, "DNS 198.18.0.2 not found")
+        # Make sure there are no commas in nameserver lines
+        self.assertNotIn("nameserver 198.18.0.1,198.18.0.2", result.stdout, "DNS servers written on one line with comma!")
+        logger.info("DNS config verified: %s", result.stdout.strip())
+
+    def test_04_kill_switch_blocks_traffic(self):
+        """When WireGuard is down, traffic is blocked (kill switch)."""
+        self._skip_if_not_root()
+        # Bring down the WireGuard interface by deleting it
+        down_result = podman_exec(CONTAINER_NAME, ["ip", "link", "del", "wg0"], timeout=10)
+        self.assertEqual(down_result.returncode, 0, f"ip link del wg0 failed:\n{down_result.stderr}")
+
+        # Give iptables a moment
+        time.sleep(2)
+
+        # Try to reach the internet — should fail due to kill switch
+        result = podman_exec(
+            CONTAINER_NAME,
+            ["curl", "-s", "--max-time", "5", IP_CHECK_URL],
+            timeout=10,
+        )
+        self.assertNotEqual(
+            result.returncode, 0,
+            "Traffic went through even with WireGuard down — kill switch is NOT working!",
+        )
+        logger.info("Kill switch confirmed: traffic blocked with VPN down")
+
+
+if __name__ == "__main__":
+    unittest.main(verbosity=2)

Docker/wg0.conf

@@ -0,0 +1,18 @@
+[Interface]
+PrivateKey = EPRa2f/v72LvIXAY4yqIRJifsSb+nCcYHqC2rwA94UI=
+Address = 100.64.244.78/32
+#DNS = 198.18.0.1,198.18.0.2
+DNS = 8.8.8.8
+
+# Route zum VPN-Server direkt über dein lokales Netz
+PostUp = ip route add 91.148.236.64 via 192.168.178.1 dev wlp4s0f0
+PostUp = ip route add 192.168.178.0/24 via 192.168.178.1 dev wlp4s0f0
+PostDown = ip route del 91.148.236.64 via 192.168.178.1 dev wlp4s0f0
+PostDown = ip route del 192.168.178.0/24 via 192.168.178.1 dev wlp4s0f0
+
+[Peer]
+PublicKey = KgTUh3KLijVluDvNpzDCJJfrJ7EyLzYLmdHCksG4sRg=
+AllowedIPs = 0.0.0.0/0
+Endpoint = 91.148.236.64:51820
+PersistentKeepalive = 25
+

Dockerfile

@@ -1,21 +0,0 @@
-# Use an official Python runtime as a parent image
-FROM python:3.10
-
-# Set the working directory inside the container
-WORKDIR /app
-
-# Ensure the directory exists
-RUN mkdir -p /app
-
-# Copy the requirements file before copying the app files (for better caching)
-COPY requirements.txt .
-COPY main.py .
-COPY Loader.py .
-
-# Create and activate a virtual environment
-RUN python -m venv venv && \
-    . venv/bin/activate && \
-    pip install --no-cache-dir -r requirements.txt
-
-# Run the application using the virtual environment
-CMD ["/bin/bash", "-c", "source venv/bin/activate && python main.py"]

Docs/ARCHITECTURE.md

@@ -0,0 +1,817 @@
+# Architecture Documentation
+
+## Document Purpose
+
+This document describes the system architecture of the Aniworld anime download manager.
+
+---
+
+## 1. System Overview
+
+Aniworld is a web-based anime download manager built with Python, FastAPI, and SQLite. It provides a REST API and WebSocket interface for managing anime libraries, downloading episodes, and tracking progress.
+
+### High-Level Architecture
+
+```
++------------------+     +------------------+     +------------------+
+|   Web Browser    |     |   CLI Client     |     |   External       |
+|   (Frontend)     |     |   (Main.py)      |     |   Providers      |
++--------+---------+     +--------+---------+     +--------+---------+
+         |                        |                        |
+         | HTTP/WebSocket         | Direct                 | HTTP
+         |                        |                        |
++--------v---------+     +--------v---------+     +--------v---------+
+|                  |     |                  |     |                  |
+|   FastAPI        <----->   Core Layer    <----->   Provider       |
+|   Server Layer   |     |   (SeriesApp)    |     |   Adapters       |
+|                  |     |                  |     |                  |
++--------+---------+     +--------+---------+     +------------------+
+         |                        |
+         |                        |
++--------v---------+     +--------v---------+
+|                  |     |                  |
+|   SQLite DB      |     |   File System    |
+|   (aniworld.db)  |     |   (anime/*/)     |
+|  - Series data   |     |   - Video files  |
+|  - Episodes      |     |   - NFO files    |
+|  - Queue state   |     |   - Media files  |
++------------------+     +------------------+
+```
+
+Source: [src/server/fastapi_app.py](../src/server/fastapi_app.py#L1-L252)
+
+---
+
+## 2. Architectural Layers
+
+### 2.1 CLI Layer (`src/cli/`)
+
+Legacy command-line interface for direct interaction with the core layer.
+
+| Component | File                          | Purpose         |
+| --------- | ----------------------------- | --------------- |
+| Main      | [Main.py](../src/cli/Main.py) | CLI entry point |
+
+### 2.2 Server Layer (`src/server/`)
+
+FastAPI-based REST API and WebSocket server.
+
+```
+src/server/
++-- fastapi_app.py          # Application entry point, lifespan management
++-- api/                    # API route handlers
+|   +-- anime.py            # /api/anime/* endpoints
+|   +-- auth.py             # /api/auth/* endpoints
+|   +-- config.py           # /api/config/* endpoints
+|   +-- download.py         # /api/queue/* endpoints
+|   +-- scheduler.py        # /api/scheduler/* endpoints
+|   +-- nfo.py              # /api/nfo/* endpoints
+|   +-- websocket.py        # /ws/* WebSocket handlers
+|   +-- health.py           # /health/* endpoints
++-- controllers/            # Page controllers for HTML rendering
+|   +-- page_controller.py  # UI page routes
+|   +-- health_controller.py# Health check route
+|   +-- error_controller.py # Error pages (404, 500)
++-- services/               # Business logic
+|   +-- anime_service.py    # Anime operations
+|   +-- auth_service.py     # Authentication
+|   +-- config_service.py   # Configuration management
+|   +-- download_service.py # Download queue management
+|   +-- progress_service.py # Progress tracking
+|   +-- websocket_service.py# WebSocket broadcasting
+|   +-- queue_repository.py # Database persistence
+|   +-- nfo_service.py      # NFO metadata management
+|   +-- setup_service.py    # Series key resolution from folder names
+|   +-- folder_scan_service.py # Daily folder maintenance scan
++-- models/                 # Pydantic models
+|   +-- auth.py             # Auth request/response models
+|   +-- config.py           # Configuration models
+|   +-- download.py         # Download queue models
+|   +-- websocket.py        # WebSocket message models
++-- middleware/             # Request processing
+|   +-- auth.py             # JWT validation, rate limiting
+|   +-- error_handler.py    # Exception handlers
+|   +-- setup_redirect.py   # Setup flow redirect
++-- database/               # SQLAlchemy ORM
+|   +-- connection.py       # Database connection
+|   +-- models.py           # ORM models
+|   +-- service.py          # Database service
++-- utils/                  # Utility modules
+|   +-- filesystem.py       # Folder sanitization, path safety
+|   +-- validators.py       # Input validation utilities
+|   +-- dependencies.py     # FastAPI dependency injection
++-- web/                    # Static files and templates
+    +-- static/             # CSS, JS, images
+    +-- templates/          # Jinja2 templates
+```
+
+Source: [src/server/](../src/server/)
+
+### 2.2.1 Frontend Architecture (`src/server/web/static/`)
+
+The frontend uses a modular architecture with no build step required. CSS and JavaScript files are organized by responsibility.
+
+#### CSS Structure
+
+```
+src/server/web/static/css/
++-- styles.css              # Entry point with @import statements
++-- base/
+|   +-- variables.css       # CSS custom properties (colors, fonts, spacing)
+|   +-- reset.css           # CSS reset and normalize styles
+|   +-- typography.css      # Font styles, headings, text utilities
++-- components/
+|   +-- buttons.css         # All button styles
+|   +-- cards.css           # Card and panel components
+|   +-- forms.css           # Form inputs, labels, validation styles
+|   +-- modals.css          # Modal and overlay styles
+|   +-- navigation.css      # Header, nav, sidebar styles
+|   +-- progress.css        # Progress bars, loading indicators
+|   +-- notifications.css   # Toast, alerts, messages
+|   +-- tables.css          # Table and list styles
+|   +-- status.css          # Status badges and indicators
++-- pages/
+|   +-- login.css           # Login page specific styles
+|   +-- index.css           # Index/library page specific styles
+|   +-- queue.css           # Queue page specific styles
++-- utilities/
+    +-- animations.css      # Keyframes and animation classes
+    +-- responsive.css      # Media queries and breakpoints
+    +-- helpers.css         # Utility classes (hidden, flex, spacing)
+```
+
+#### JavaScript Structure
+
+JavaScript uses the IIFE pattern with a shared `AniWorld` namespace for browser compatibility without build tools.
+
+```
+src/server/web/static/js/
++-- shared/                 # Shared utilities used by all pages
+|   +-- constants.js        # API endpoints, localStorage keys, defaults
+|   +-- auth.js             # Token management (getToken, setToken, checkAuth)
+|   +-- api-client.js       # Fetch wrapper with auto-auth headers
+|   +-- theme.js            # Dark/light theme toggle
+|   +-- ui-utils.js         # Toast notifications, format helpers
+|   +-- websocket-client.js # Socket.IO wrapper
++-- index/                  # Index page modules
+|   +-- series-manager.js   # Series list rendering and filtering
+|   +-- selection-manager.js# Multi-select and bulk download
+|   +-- search.js           # Series search functionality
+|   +-- scan-manager.js     # Library rescan operations
+|   +-- scheduler-config.js # Scheduler configuration
+|   +-- logging-config.js   # Logging configuration
+|   +-- advanced-config.js  # Advanced settings
+|   +-- main-config.js      # Main configuration and backup
+|   +-- config-manager.js   # Config modal orchestrator
+|   +-- socket-handler.js   # WebSocket event handlers
+|   +-- app-init.js         # Application initialization
++-- queue/                  # Queue page modules
+    +-- queue-api.js        # Queue API interactions
+    +-- queue-renderer.js   # Queue list rendering
+    +-- progress-handler.js # Download progress updates
+    +-- queue-socket-handler.js # WebSocket events for queue
+    +-- queue-init.js       # Queue page initialization
+```
+
+#### Module Pattern
+
+All JavaScript modules follow the IIFE pattern with namespace:
+
+```javascript
+var AniWorld = window.AniWorld || {};
+
+AniWorld.ModuleName = (function () {
+    "use strict";
+
+    // Private variables and functions
+
+    // Public API
+    return {
+        init: init,
+        publicMethod: publicMethod,
+    };
+})();
+```
+
+Source: [src/server/web/static/](../src/server/web/static/)
+
+### 2.3 Core Layer (`src/core/`)
+
+Domain logic for anime series management.
+
+```
+src/core/
++-- SeriesApp.py            # Main application facade
++-- SerieScanner.py         # Directory scanning, targeted single-series scan
++-- entities/               # Domain entities
+|   +-- series.py           # Serie class with sanitized_folder property
+|   +-- SerieList.py        # SerieList collection with sanitized folder support
+|   +-- nfo_models.py       # Pydantic models for tvshow.nfo (TVShowNFO, ActorInfo…)
++-- services/               # Domain services
+|   +-- nfo_service.py      # NFO lifecycle: create / update tvshow.nfo
+|   +-- nfo_repair_service.py # Detect & repair incomplete tvshow.nfo files
+|   |                       #   (parse_nfo_tags, find_missing_tags, NfoRepairService)
+|   +-- tmdb_client.py      # Async TMDB API client
++-- utils/                  # Utility helpers (no side-effects)
+|   +-- nfo_generator.py    # TVShowNFO → XML serialiser
+|   +-- nfo_mapper.py       # TMDB API dict → TVShowNFO (tmdb_to_nfo_model,
+|   |                       #   _extract_rating_by_country, _extract_fsk_rating)
+|   +-- image_downloader.py # TMDB image downloader
++-- providers/              # External provider adapters
+|   +-- base_provider.py    # Loader interface
+|   +-- provider_factory.py # Provider registry
++-- interfaces/             # Abstract interfaces
+|   +-- callbacks.py        # Progress callback system
++-- exceptions/             # Domain exceptions
+    +-- Exceptions.py       # Custom exceptions
+```
+
+**Key Components:**
+
+| Component      | Purpose                                                                    |
+| -------------- | -------------------------------------------------------------------------- |
+| `SeriesApp`    | Main application facade for anime operations                               |
+| `SerieScanner` | Scans directories for anime; `scan_single_series()` for targeted scans     |
+| `Serie`        | Domain entity with `sanitized_folder` property for filesystem-safe names   |
+| `SerieList`    | Collection management with automatic folder creation using sanitized names |
+
+**Initialization:**
+
+`SeriesApp` is initialized with `skip_load=True` passed to `SerieList`, preventing automatic loading of series from data files on every instantiation. Series data is loaded once during application setup via `sync_series_from_data_files()` in the FastAPI lifespan, which reads data files and syncs them to the database. Subsequent operations load series from the database through the service layer.
+
+Source: [src/core/](../src/core/)
+
+### 2.4 Infrastructure Layer (`src/infrastructure/`)
+
+Cross-cutting concerns.
+
+```
+src/infrastructure/
++-- logging/                # Structured logging setup
++-- security/               # Security utilities
+```
+
+### 2.5 Configuration Layer (`src/config/`)
+
+Application settings management.
+
+| Component | File                                     | Purpose                         |
+| --------- | ---------------------------------------- | ------------------------------- |
+| Settings  | [settings.py](../src/config/settings.py) | Environment-based configuration |
+
+Source: [src/config/settings.py](../src/config/settings.py#L1-L96)
+
+---
+
+## 12. Startup Sequence
+
+The FastAPI lifespan function (`src/server/fastapi_app.py`) runs the following steps on every server start.
+
+### 12.1 Startup Order
+
+```
+1. Logging configured
+
+2. Temp folder purged  ← cleans leftover partial download files
+   +-- Iterate ./Temp/ and delete every file and sub-directory
+   +-- Create ./Temp/ if it does not exist
+   +-- Errors are logged as warnings; startup continues regardless
+
+3. Database initialised (required – abort on failure)
+   +-- SQLite file created / migrated via init_db()
+
+4. Configuration loaded from data/config.json
+   +-- Synced to settings (ENV vars take precedence)
+
+5. Progress & WebSocket services wired up
+
+6. Series loaded from database into memory
+
+7. Download service initialised (queue restored from DB)
+
+8. Background loader service started
+
+9. Scheduler service started
+   +-- Cron-based library rescans configured
+   +-- Optional: auto-download missing episodes after rescan
+   +-- Optional: folder maintenance (NFO repair, key resolution, renaming, poster checks) during scheduled runs
+```
+
+### 12.2 Temp Folder Guarantee
+
+Every server start begins with a clean `./Temp/` directory. This ensures that partial `.part` files or stale temp videos from a crashed or force-killed previous session are never left behind before new downloads start.
+
+Source: [src/server/fastapi_app.py](../src/server/fastapi_app.py)
+
+---
+
+## 11. Graceful Shutdown
+
+The application implements a comprehensive graceful shutdown mechanism that ensures data integrity and proper cleanup when the server is stopped via Ctrl+C (SIGINT) or SIGTERM.
+
+### 11.1 Shutdown Sequence
+
+```
+1. SIGINT/SIGTERM received
+   +-- Uvicorn catches signal
+   +-- Stops accepting new requests
+
+2. FastAPI lifespan shutdown triggered
+   +-- 30 second total timeout
+
+3. WebSocket shutdown (5s timeout)
+   +-- Broadcast {"type": "server_shutdown"} to all clients
+   +-- Close each connection with code 1001 (Going Away)
+   +-- Clear connection tracking data
+
+4. Download service stop (10s timeout)
+   +-- Set shutdown flag
+   +-- Persist active download as "pending" in database
+   +-- Cancel active download task
+   +-- Shutdown ThreadPoolExecutor with wait
+
+5. Progress service cleanup
+   +-- Clear event subscribers
+   +-- Clear active progress tracking
+
+6. Database cleanup (10s timeout)
+   +-- SQLite: Run PRAGMA wal_checkpoint(TRUNCATE)
+   +-- Dispose async engine
+   +-- Dispose sync engine
+
+7. Process exits cleanly
+```
+
+Source: [src/server/fastapi_app.py](../src/server/fastapi_app.py#L142-L210)
+
+### 11.2 Key Components
+
+| Component           | File                                                                | Shutdown Method                |
+| ------------------- | ------------------------------------------------------------------- | ------------------------------ |
+| WebSocket Service   | [websocket_service.py](../src/server/services/websocket_service.py) | `shutdown(timeout=5.0)`        |
+| Download Service    | [download_service.py](../src/server/services/download_service.py)   | `stop(timeout=10.0)`           |
+| Database Connection | [connection.py](../src/server/database/connection.py)               | `close_db()`                   |
+| Uvicorn Config      | [run_server.py](../run_server.py)                                   | `timeout_graceful_shutdown=30` |
+| Stop Script         | [stop_server.sh](../stop_server.sh)                                 | SIGTERM with fallback          |
+
+### 11.3 Data Integrity Guarantees
+
+1. **Active downloads preserved**: In-progress downloads are saved as "pending" and can resume on restart.
+
+2. **Database WAL flushed**: SQLite WAL checkpoint ensures all writes are in the main database file.
+
+3. **WebSocket clients notified**: Clients receive shutdown message before connection closes.
+
+4. **Thread pool cleanup**: Background threads complete or are gracefully cancelled.
+
+### 11.4 Manual Stop
+
+```bash
+# Graceful stop via script (sends SIGTERM, waits up to 30s)
+./stop_server.sh
+
+# Or press Ctrl+C in terminal running the server
+```
+
+Source: [stop_server.sh](../stop_server.sh#L1-L80)
+
+---
+
+## 3. Component Interactions
+
+### 3.1 Request Flow (REST API)
+
+```
+1. Client sends HTTP request
+2. AuthMiddleware validates JWT token (if required)
+3. Rate limiter checks request frequency
+4. FastAPI router dispatches to endpoint handler
+5. Endpoint calls service layer
+6. Service layer uses core layer or database
+7. Response returned as JSON
+```
+
+Source: [src/server/middleware/auth.py](../src/server/middleware/auth.py#L1-L209)
+
+### 3.2 Download Flow
+
+```
+1. POST /api/queue/add
+   +-- DownloadService.add_to_queue()
+       +-- QueueRepository.save_item() -> SQLite
+
+2. POST /api/queue/start
+   +-- DownloadService.start_queue_processing()
+       +-- Process pending items sequentially
+       +-- ProgressService emits events
+       +-- WebSocketService broadcasts to clients
+
+3. During download:
+   +-- Provider writes to ./Temp/<filename>  (+ ./Temp/<filename>.part fragments)
+   +-- ProgressService.emit("progress_updated")
+   +-- WebSocketService.broadcast_to_room()
+   +-- Client receives WebSocket message
+
+4. After download attempt (success OR failure):
+   +-- _cleanup_temp_file() removes ./Temp/<filename> and all .part fragments
+   +-- On success: file was already moved to final destination before cleanup
+   +-- On failure / exception: no partial files remain in ./Temp/
+```
+
+#### Temp Directory Contract
+
+| Situation                        | Outcome                                                             |
+| -------------------------------- | ------------------------------------------------------------------- |
+| Server start                     | Entire `./Temp/` directory is purged before any service initialises |
+| Successful download              | Temp file moved to destination, then removed from `./Temp/`         |
+| Failed download (provider error) | Temp + `.part` fragments removed by `_cleanup_temp_file()`          |
+| Exception / cancellation         | Temp + `.part` fragments removed in `except` block                  |
+
+Source: [src/server/services/download_service.py](../src/server/services/download_service.py#L1-L150),
+[src/core/providers/aniworld_provider.py](../src/core/providers/aniworld_provider.py),
+[src/core/providers/enhanced_provider.py](../src/core/providers/enhanced_provider.py)
+
+### 3.3 WebSocket Event Flow
+
+```
+1. Client connects to /ws/connect
+2. Server sends "connected" message
+3. Client joins room: {"action": "join", "data": {"room": "downloads"}}
+4. ProgressService emits events
+5. WebSocketService broadcasts to room subscribers
+6. Client receives real-time updates
+```
+
+Source: [src/server/api/websocket.py](../src/server/api/websocket.py#L1-L260)
+
+---
+
+## 4. Design Patterns
+
+### 4.1 Repository Pattern (Service Layer as Repository)
+
+**Architecture Decision**: The Service Layer serves as the Repository layer for database access.
+
+Database access is abstracted through service classes in `src/server/database/service.py` that provide CRUD operations and act as the repository layer. This eliminates the need for a separate repository layer while maintaining clean separation of concerns.
+
+**Service Layer Classes** (acting as repositories):
+
+- `AnimeSeriesService` - CRUD operations for anime series
+- `EpisodeService` - CRUD operations for episodes
+- `DownloadQueueService` - CRUD operations for download queue
+- `UserSessionService` - CRUD operations for user sessions
+- `SystemSettingsService` - CRUD operations for system settings
+
+**Key Principles**:
+
+1. **No Direct Database Queries**: Controllers and business logic services MUST use service layer methods
+2. **Service Layer Encapsulation**: All SQLAlchemy queries are encapsulated in service methods
+3. **Consistent Interface**: Services provide consistent async methods for all database operations
+4. **Single Responsibility**: Each service manages one entity type
+
+**Example Usage**:
+
+```python
+# CORRECT: Use service layer
+from src.server.database.service import AnimeSeriesService
+
+async with get_db_session() as db:
+    series = await AnimeSeriesService.get_by_key(db, "attack-on-titan")
+    await AnimeSeriesService.update(db, series.id, has_nfo=True)
+
+# INCORRECT: Direct database query
+result = await db.execute(select(AnimeSeries).filter(...))  # ❌ Never do this
+```
+
+**Special Case - Queue Repository Adapter**:
+
+The `QueueRepository` in `src/server/services/queue_repository.py` is an adapter that wraps `DownloadQueueService` to provide domain model conversion between Pydantic models and SQLAlchemy models:
+
+```python
+# QueueRepository provides CRUD with model conversion
+class QueueRepository:
+    async def save_item(self, item: DownloadItem) -> None: ...  # Converts Pydantic → SQLAlchemy
+    async def get_all_items(self) -> List[DownloadItem]: ...    # Converts SQLAlchemy → Pydantic
+    async def delete_item(self, item_id: str) -> bool: ...
+```
+
+Source: [src/server/database/service.py](../src/server/database/service.py), [src/server/services/queue_repository.py](../src/server/services/queue_repository.py)
+
+### 4.2 Dependency Injection
+
+FastAPI's `Depends()` provides constructor injection.
+
+```python
+@router.get("/status")
+async def get_status(
+    download_service: DownloadService = Depends(get_download_service),
+):
+    ...
+```
+
+Source: [src/server/utils/dependencies.py](../src/server/utils/dependencies.py)
+
+### 4.3 Event-Driven Architecture
+
+Progress updates use an event subscription model.
+
+```python
+# ProgressService publishes events
+progress_service.emit("progress_updated", event)
+
+# WebSocketService subscribes
+progress_service.subscribe("progress_updated", ws_handler)
+```
+
+Source: [src/server/fastapi_app.py](../src/server/fastapi_app.py#L98-L108)
+
+### 4.4 Singleton Pattern
+
+Services use module-level singletons for shared state.
+
+```python
+# In download_service.py
+_download_service_instance: Optional[DownloadService] = None
+
+def get_download_service() -> DownloadService:
+    global _download_service_instance
+    if _download_service_instance is None:
+        _download_service_instance = DownloadService(...)
+    return _download_service_instance
+```
+
+### 4.5 Error Handling Pattern
+
+**Architecture Decision**: Dual error handling approach based on exception source.
+
+The application uses two complementary error handling mechanisms:
+
+1. **FastAPI HTTPException** - For simple validation and HTTP-level errors
+2. **Custom Exception Hierarchy** - For business logic and service-level errors with rich context
+
+#### Exception Hierarchy
+
+```python
+# Base exception with HTTP status mapping
+AniWorldAPIException(message, status_code, error_code, details)
+├── AuthenticationError (401)
+├── AuthorizationError (403)
+├── ValidationError (422)
+├── NotFoundError (404)
+├── ConflictError (409)
+├── BadRequestError (400)
+├── RateLimitError (429)
+└── ServerError (500)
+    ├── DownloadError
+    ├── ConfigurationError
+    ├── ProviderError
+    └── DatabaseError
+```
+
+#### When to Use Each
+
+**Use HTTPException for:**
+
+- Simple parameter validation (missing fields, wrong type)
+- Direct HTTP-level errors (401, 403, 404 without business context)
+- Quick endpoint-specific failures
+
+**Use Custom Exceptions for:**
+
+- Service-layer business logic errors (AnimeServiceError, ConfigServiceError)
+- Errors needing rich context (details dict, error codes)
+- Errors that should be logged with specific categorization
+- Cross-cutting concerns (authentication, authorization, rate limiting)
+
+**Example:**
+
+```python
+# Simple validation - Use HTTPException
+if not series_key:
+    raise HTTPException(status_code=400, detail="series_key required")
+
+# Business logic error - Use custom exception
+try:
+    await anime_service.add_series(series_key)
+except AnimeServiceError as e:
+    raise ServerError(
+        message=f"Failed to add series: {e}",
+        error_code="ANIME_ADD_FAILED",
+        details={"series_key": series_key}
+    )
+```
+
+#### Global Exception Handlers
+
+All custom exceptions are automatically handled by global middleware that:
+
+- Converts exceptions to structured JSON responses
+- Logs errors with appropriate severity
+- Includes request ID for tracking
+- Provides consistent error format
+
+**Source**: [src/server/exceptions/\_\_init\_\_.py](../src/server/exceptions/__init__.py), [src/server/middleware/error_handler.py](../src/server/middleware/error_handler.py)
+
+Source: [src/server/services/download_service.py](../src/server/services/download_service.py)
+
+---
+
+## 5. Data Flow
+
+### 5.1 Series Identifier Convention
+
+The system uses two identifier fields:
+
+| Field    | Type     | Purpose                                | Example                    |
+| -------- | -------- | -------------------------------------- | -------------------------- |
+| `key`    | Primary  | Provider-assigned, URL-safe identifier | `"attack-on-titan"`        |
+| `folder` | Metadata | Filesystem folder name (display only)  | `"Attack on Titan (2013)"` |
+
+All API operations use `key`. The `folder` is for filesystem operations only.
+
+Source: [src/server/database/models.py](../src/server/database/models.py#L26-L50)
+
+### 5.2 Database Schema
+
+```
++----------------+       +----------------+       +--------------------+
+|  anime_series  |       |    episodes    |       | download_queue_item|
++----------------+       +----------------+       +--------------------+
+| id (PK)        |<--+   | id (PK)        |   +-->| id (PK)            |
+| key (unique)   |   |   | series_id (FK) |---+   | series_id (FK)     |
+| name           |   +---| season         |       | status             |
+| site           |       | episode_number |       | priority           |
+| folder         |       | title          |       | progress_percent   |
+| created_at     |       | is_downloaded  |       | added_at           |
+| updated_at     |       | file_path      |       | started_at         |
++----------------+       +----------------+       +--------------------+
+```
+
+Source: [src/server/database/models.py](../src/server/database/models.py#L1-L200)
+
+### 5.3 Configuration Storage
+
+Configuration is stored in `data/config.json`:
+
+```json
+{
+    "name": "Aniworld",
+    "data_dir": "data",
+    "scheduler": {
+        "enabled": true,
+        "schedule_time": "03:00",
+        "schedule_days": ["mon", "tue", "wed", "thu", "fri", "sat", "sun"],
+        "auto_download_after_rescan": false
+    },
+    "logging": { "level": "INFO" },
+    "backup": { "enabled": false, "path": "data/backups" },
+    "other": {
+        "master_password_hash": "$pbkdf2-sha256$...",
+        "anime_directory": "/path/to/anime"
+    }
+}
+```
+
+Source: [data/config.json](../data/config.json)
+
+---
+
+## 6. Technology Stack
+
+| Layer         | Technology          | Version | Purpose                |
+| ------------- | ------------------- | ------- | ---------------------- |
+| Web Framework | FastAPI             | 0.104.1 | REST API, WebSocket    |
+| ASGI Server   | Uvicorn             | 0.24.0  | HTTP server            |
+| Database      | SQLite + SQLAlchemy | 2.0.35  | Persistence            |
+| Auth          | python-jose         | 3.3.0   | JWT tokens             |
+| Password      | passlib             | 1.7.4   | bcrypt hashing         |
+| Validation    | Pydantic            | 2.5.0   | Data models            |
+| Templates     | Jinja2              | 3.1.2   | HTML rendering         |
+| Logging       | structlog           | 24.1.0  | Structured logging     |
+| Testing       | pytest              | 7.4.3   | Unit/integration tests |
+
+Source: [requirements.txt](../requirements.txt)
+
+---
+
+## 7. Scalability Considerations
+
+### Current Limitations
+
+1. **Single-process deployment**: In-memory rate limiting and session state are not shared across processes.
+
+2. **SQLite database**: Not suitable for high concurrency. Consider PostgreSQL for production.
+
+3. **Sequential downloads**: Only one download processes at a time by design.
+
+### Recommended Improvements for Scale
+
+| Concern        | Current         | Recommended       |
+| -------------- | --------------- | ----------------- |
+| Rate limiting  | In-memory dict  | Redis             |
+| Session store  | In-memory       | Redis or database |
+| Database       | SQLite          | PostgreSQL        |
+| Task queue     | In-memory deque | Celery + Redis    |
+| Load balancing | None            | Nginx/HAProxy     |
+
+---
+
+## 8. Integration Points
+
+### 8.1 External Providers
+
+The system integrates with anime streaming providers via the Loader interface.
+
+```python
+class Loader(ABC):
+    @abstractmethod
+    def search(self, query: str) -> List[Serie]: ...
+
+    @abstractmethod
+    def get_episodes(self, serie: Serie) -> Dict[int, List[int]]: ...
+```
+
+Source: [src/core/providers/base_provider.py](../src/core/providers/base_provider.py)
+
+### 8.2 Filesystem Integration
+
+The scanner reads anime directories to detect downloaded episodes.
+
+```python
+SerieScanner(
+    basePath="/path/to/anime",  # Anime library directory
+    loader=provider,             # Provider for metadata
+    db_session=session           # Optional database
+)
+```
+
+Source: [src/core/SerieScanner.py](../src/core/SerieScanner.py#L59-L96)
+
+---
+
+## 9. Security Architecture
+
+### 9.1 Authentication Flow
+
+```
+1. User sets master password via POST /api/auth/setup
+2. Password hashed with pbkdf2_sha256 (via passlib)
+3. Hash stored in config.json
+4. Login validates password, returns JWT token
+5. JWT contains: session_id, user, created_at, expires_at
+6. Subsequent requests include: Authorization: Bearer <token>
+```
+
+Source: [src/server/services/auth_service.py](../src/server/services/auth_service.py#L1-L150)
+
+### 9.2 Password Requirements
+
+- Minimum 8 characters
+- Mixed case (upper and lower)
+- At least one number
+- At least one special character
+
+Source: [src/server/services/auth_service.py](../src/server/services/auth_service.py#L97-L125)
+
+### 9.3 Rate Limiting
+
+| Endpoint          | Limit       | Window     |
+| ----------------- | ----------- | ---------- |
+| `/api/auth/login` | 5 requests  | 60 seconds |
+| `/api/auth/setup` | 5 requests  | 60 seconds |
+| All origins       | 60 requests | 60 seconds |
+
+Source: [src/server/middleware/auth.py](../src/server/middleware/auth.py#L54-L68)
+
+---
+
+## 10. Deployment Modes
+
+### 10.1 Development
+
+```bash
+# Run with hot reload
+python -m uvicorn src.server.fastapi_app:app --reload
+```
+
+### 10.2 Production
+
+```bash
+# Via conda environment
+conda run -n AniWorld python -m uvicorn src.server.fastapi_app:app \
+    --host 127.0.0.1 --port 8000
+```
+
+### 10.3 Configuration
+
+Environment variables (via `.env` or shell):
+
+| Variable          | Default                        | Description            |
+| ----------------- | ------------------------------ | ---------------------- |
+| `JWT_SECRET_KEY`  | Random                         | Secret for JWT signing |
+| `DATABASE_URL`    | `sqlite:///./data/aniworld.db` | Database connection    |
+| `ANIME_DIRECTORY` | (empty)                        | Path to anime library  |
+| `LOG_LEVEL`       | `INFO`                         | Logging level          |
+| `CORS_ORIGINS`    | `localhost:3000,8000`          | Allowed CORS origins   |
+
+Source: [src/config/settings.py](../src/config/settings.py#L1-L96)

Docs/CHANGELOG.md

@@ -0,0 +1,243 @@
+# Changelog
+
+## Document Purpose
+
+This document tracks all notable changes to the Aniworld project.
+
+### What This Document Contains
+
+- **Version History**: All released versions with dates
+- **Added Features**: New functionality in each release
+- **Changed Features**: Modifications to existing features
+- **Deprecated Features**: Features marked for removal
+- **Removed Features**: Features removed from the codebase
+- **Fixed Bugs**: Bug fixes with issue references
+- **Security Fixes**: Security-related changes
+- **Breaking Changes**: Changes requiring user action
+
+### What This Document Does NOT Contain
+
+- Internal refactoring details (unless user-facing)
+- Commit-level changes
+- Work-in-progress features
+- Roadmap or planned features
+
+### Target Audience
+
+- All users and stakeholders
+- Operators planning upgrades
+- Developers tracking changes
+- Support personnel
+
+---
+
+## Format
+
+This changelog follows [Keep a Changelog](https://keepachangelog.com/) principles and adheres to [Semantic Versioning](https://semver.org/).
+
+---
+
+## [Unreleased] - 2026-06-05
+
+### Fixed
+
+- **Folder scan series key resolution**: Fixed "Could not resolve series key for folder, skipping" warnings during library setup. `_resolve_key_via_search()` now uses fuzzy title matching instead of exact string comparison.
+    - Added `_normalize_title()` to strip anime suffixes: `(TV)`, `(Anime)`, `(OAD)`, `(OVA)`, `(Special)`, `(Movie)`, `(Spin-Off)`
+    - Added `_titles_match()` using `difflib.SequenceMatcher` with 0.85 similarity threshold for tolerance of minor title variations
+    - Added debug logging for title mismatches and multiple search results
+
+---
+
+## [1.3.1] - 2026-02-22
+
+### Added
+
+- **Encoding detection for HTML parsing** (`src/core/providers/aniworld_provider.py`):
+  Added `_decode_html_content()` function that uses `chardet` to detect the actual
+  encoding of HTML content before parsing. Falls back to UTF-8 with `errors='replace'`
+  to handle pages with mismatched encoding declarations. Applied to all BeautifulSoup
+  parsing calls to prevent "Some characters could not be decoded" warnings.
+- **chardet dependency**: Added `chardet>=5.2.0` to `requirements.txt` for encoding detection.
+
+### Added
+
+- **Temp file cleanup after every download** (`src/core/providers/aniworld_provider.py`,
+  `src/core/providers/enhanced_provider.py`): Module-level helper
+  `_cleanup_temp_file()` removes the working temp file and any yt-dlp `.part`
+  fragments after each download attempt — on success, on failure, and on
+  exceptions (including `BrokenPipeError` and cancellation). Ensures that no
+  partial files accumulate in `./Temp/` across multiple runs.
+- **Temp folder purge on server start** (`src/server/fastapi_app.py`): The
+  FastAPI lifespan startup now iterates `./Temp/` and deletes every file and
+  sub-directory before the rest of the initialisation sequence runs. If the
+  folder does not exist it is created. Errors are caught and logged as warnings
+  so that they never abort startup.
+
+---
+
+## [1.3.0] - 2026-02-22
+
+### Added
+
+- **NFO tag completeness (`nfo_mapper.py`)**: All 17 required NFO tags are now
+  explicitly populated during creation: `originaltitle`, `sorttitle`, `year`,
+  `plot`, `outline`, `tagline`, `runtime`, `premiered`, `status`, `imdbid`,
+  `genre`, `studio`, `country`, `actor`, `watched`, `dateadded`, `mpaa`.
+- **`src/core/utils/nfo_mapper.py`**: New module containing
+  `tmdb_to_nfo_model()`, `_extract_rating_by_country()`, and
+  `_extract_fsk_rating()`. Extracted from `NFOService` to keep files under
+  500 lines and isolate pure mapping logic.
+- **US MPAA rating**: `_extract_rating_by_country(ratings, "US")` now maps the
+  US TMDB content rating to the `<mpaa>` NFO tag.
+- **`NfoRepairService` (`src/core/services/nfo_repair_service.py`)**: New service
+  that detects incomplete `tvshow.nfo` files and triggers TMDB re-fetch.
+  Provides `parse_nfo_tags()`, `find_missing_tags()`, `nfo_needs_repair()`, and
+  `NfoRepairService.repair_series()`. 13 required tags are checked.
+- **`perform_nfo_repair_scan()`
+  (`src/server/services/folder_scan_service.py`)**: New async function
+  that iterates every series directory, checks whether `tvshow.nfo` is missing
+  required tags using `nfo_needs_repair()`, and queues the series for background
+  reload via `asyncio.create_task`. Skips gracefully when `tmdb_api_key` or
+  `anime_directory` is not configured.
+- **NFO repair wired into scheduled folder scan (`src/server/services/folder_scan_service.py`)**:
+  `perform_nfo_repair_scan(background_loader=None)` is called during the
+  scheduled daily folder scan, keeping startup fast while ensuring regular
+  maintenance.
+
+### Changed
+
+- `NFOService._tmdb_to_nfo_model()` and `NFOService._extract_fsk_rating()` moved
+  to `src/core/utils/nfo_mapper.py` as module-level functions
+  `tmdb_to_nfo_model()` and `_extract_fsk_rating()`.
+- `src/core/services/nfo_service.py` reduced from 640 → 471 lines.
+
+---
+
+## [Unreleased] - 2026-01-18
+
+### Added
+
+- **Cron-based Scheduler**: Replaced the asyncio sleep-loop with APScheduler's `AsyncIOScheduler + CronTrigger`
+    - Schedule rescans at a specific **time of day** (`HH:MM`) on selected **days of the week**
+    - New `SchedulerConfig` fields: `schedule_time` (default `"03:00"`), `schedule_days` (default all 7), `auto_download_after_rescan` (default `false`)
+    - Old `interval_minutes` field retained for backward compatibility
+- **Auto-download after rescan**: When `auto_download_after_rescan` is enabled, missing episodes are automatically queued for download after each scheduled rescan
+- **Day-of-week UI**: New day-of-week pill toggles (Mon–Sun) in the Settings → Scheduler section
+- **Live config reload**: POST `/api/scheduler/config` reschedules the APScheduler job without restarting the application
+- **Enriched API response**: GET/POST `/api/scheduler/config` now returns `{"success", "config", "status"}` envelope including `next_run`, `last_run`, and `scan_in_progress`
+
+### Changed
+
+- Scheduler API response format: previously returned flat config; now returns `{"success": true, "config": {...}, "status": {...}}`
+- `reload_config()` is now a synchronous method accepting a `SchedulerConfig` argument (previously async, no arguments)
+- Dependencies: added `APScheduler>=3.10.4` to `requirements.txt`
+
+### Fixed
+
+- **Series Visibility**: Fixed issue where series added to the database weren't appearing in the API/UI
+    - Series are now loaded from database into SeriesApp's in-memory cache on startup
+    - Added `_load_series_from_db()` call after initial database sync in FastAPI lifespan
+- **Episode Tracking**: Fixed missing episodes not being saved to database when adding new series
+    - Missing episodes are now persisted to the `episodes` table after the targeted scan
+    - Episodes are properly synced during rescan operations (added/removed based on filesystem state)
+- **Database Synchronization**: Improved data consistency between database and in-memory cache
+    - Rescan process properly updates episodes: adds new missing episodes, removes downloaded ones
+    - All series operations now maintain database and cache synchronization
+
+### Technical Details
+
+- Modified `src/server/fastapi_app.py` to load series from database after sync
+- Modified `src/server/api/anime.py` to save scanned episodes to database
+- Episodes table properly tracks missing episodes with automatic cleanup
+
+### Deprecated
+
+- **Legacy Series Files (key/data)**: File-based series storage is deprecated. `key` and `data` files in anime folders will be removed in v3.0.0. Database storage is now the primary method. See [docs/MIGRATION_GUIDE.md](docs/MIGRATION_GUIDE.md) for details.
+
+---
+
+## Sections for Each Release
+
+```markdown
+## [Version] - YYYY-MM-DD
+
+### Added
+
+- New features
+
+### Changed
+
+- Changes to existing functionality
+
+### Deprecated
+
+- Features that will be removed in future versions
+
+### Removed
+
+- Features removed in this release
+
+### Fixed
+
+- Bug fixes
+
+### Security
+
+- Security-related fixes
+```
+
+---
+
+## Unreleased
+
+_Changes that are in development but not yet released._
+
+### Added
+
+- **Comprehensive Test Suite**: Created 1,070+ tests across 4 priority tiers
+    - **TIER 1 (Critical)**: 159 tests - Scheduler, NFO batch operations, download queue, persistence
+    - **TIER 2 (High Priority)**: 390 tests - JavaScript framework, dark mode, setup page, settings modal, WebSocket, queue UI
+    - **TIER 3 (Medium Priority)**: 156 tests - WebSocket load, concurrent operations, retry logic, NFO performance, series parsing, TMDB integration
+    - **TIER 4 (Polish)**: 426 tests - Internationalization (89), user preferences (68), accessibility (250+), media server compatibility (19)
+- **Frontend Testing Infrastructure**: Vitest for unit tests, Playwright for E2E tests
+- **Security Test Coverage**: Complete testing for authentication, authorization, CSRF, XSS, SQL injection
+- **Performance Validation**: WebSocket load (200+ concurrent clients), batch operations, concurrent access
+- **Accessibility Tests**: WCAG 2.1 AA compliance testing (keyboard navigation, ARIA labels, screen readers)
+- **Media Server Compatibility**: NFO format validation for Kodi, Plex, Jellyfin, and Emby
+
+### Changed
+
+- Updated testing documentation (TESTING_COMPLETE.md, instructions.md) to reflect 100% completion of all test tiers
+
+### Fixed
+
+- **Enhanced Anime Add Flow**: Automatic database persistence, targeted episode scanning, and folder creation with sanitized names
+- Filesystem utility module (`src/server/utils/filesystem.py`) with `sanitize_folder_name()`, `is_safe_path()`, and `create_safe_folder()` functions
+- `Serie.sanitized_folder` property for generating filesystem-safe folder names from display names
+- `SerieScanner.scan_single_series()` method for targeted scanning of individual anime without full library rescan
+- Add series API response now includes `missing_episodes` list and `total_missing` count
+- Database transaction support with `@transactional` decorator and `atomic()` context manager
+- Transaction propagation modes (REQUIRED, REQUIRES_NEW, NESTED) for fine-grained control
+- Savepoint support for nested transactions with partial rollback capability
+- `TransactionManager` helper class for manual transaction control
+- Bulk operations: `bulk_mark_downloaded`, `bulk_delete`, `clear_all` for batch processing
+- `rotate_session` atomic operation for secure session rotation
+- Transaction utilities: `is_session_in_transaction`, `get_session_transaction_depth`
+- `get_transactional_session` for sessions without auto-commit
+
+### Changed
+
+- `QueueRepository.save_item()` now uses atomic transactions for data consistency
+- `QueueRepository.clear_all()` now uses atomic transactions for all-or-nothing behavior
+- Service layer documentation updated to reflect transaction-aware design
+
+### Fixed
+
+- Scan status indicator now correctly shows running state after page reload during active scan
+- Improved reliability of process status updates in the UI header
+
+---
+
+## Version History
+
+_To be documented as versions are released._

Docs/CONFIGURATION.md

@@ -0,0 +1,374 @@
+# Configuration Reference
+
+## Document Purpose
+
+This document provides a comprehensive reference for all configuration options in the Aniworld application.
+
+---
+
+## 1. Configuration Overview
+
+### Configuration Sources
+
+Aniworld uses a layered configuration system with **explicit precedence rules**:
+
+1. **Environment Variables** (highest priority) - Takes precedence over all other sources
+2. **`.env` file** in project root - Loaded as environment variables
+3. **`data/config.json`** file - Persistent file-based configuration
+4. **Default values** (lowest priority) - Built-in fallback values
+
+### Precedence Rules
+
+**Critical Principle**: `ENV VARS > config.json > defaults`
+
+- **Environment variables always win**: If a value is set via environment variable, it will NOT be overridden by config.json
+- **config.json as fallback**: If an ENV var is not set (or is empty/default), the value from config.json is used
+- **Defaults as last resort**: Built-in default values are used only if neither ENV var nor config.json provide a value
+
+### Loading Mechanism
+
+Configuration is loaded at application startup in `src/server/fastapi_app.py`:
+
+1. **Pydantic Settings** loads ENV vars and .env file with defaults
+2. **config.json** is loaded via `ConfigService`
+3. **Selective sync**: config.json values sync to settings **only if** ENV var not set
+4. **Runtime access**: Code uses `settings` object (which has final merged values)
+
+**Example**:
+
+```bash
+# If ENV var is set:
+ANIME_DIRECTORY=/env/path  # This takes precedence
+
+# config.json has:
+{"other": {"anime_directory": "/config/path"}}  # This is ignored
+
+# Result: settings.anime_directory = "/env/path"
+```
+
+**Source**: [src/config/settings.py](../src/config/settings.py#L1-L96), [src/server/fastapi_app.py](../src/server/fastapi_app.py#L139-L185)
+
+---
+
+## 2. Environment Variables
+
+### Authentication Settings
+
+| Variable                | Type   | Default          | Description                                                         |
+| ----------------------- | ------ | ---------------- | ------------------------------------------------------------------- |
+| `JWT_SECRET_KEY`        | string | (random)         | Secret key for JWT token signing. Auto-generated if not set.        |
+| `PASSWORD_SALT`         | string | `"default-salt"` | Salt for password hashing.                                          |
+| `MASTER_PASSWORD_HASH`  | string | (none)           | Pre-hashed master password. Loaded from config.json if not set.     |
+| `MASTER_PASSWORD`       | string | (none)           | **DEVELOPMENT ONLY** - Plaintext password. Never use in production. |
+| `SESSION_TIMEOUT_HOURS` | int    | `24`             | JWT token expiry time in hours.                                     |
+
+Source: [src/config/settings.py](../src/config/settings.py#L13-L42)
+
+### Server Settings
+
+| Variable          | Type   | Default                          | Description                                                           |
+| ----------------- | ------ | -------------------------------- | --------------------------------------------------------------------- |
+| `ANIME_DIRECTORY` | string | `""`                             | Path to anime library directory.                                      |
+| `LOG_LEVEL`       | string | `"INFO"`                         | Logging level: DEBUG, INFO, WARNING, ERROR, CRITICAL.                 |
+| `DATABASE_URL`    | string | `"sqlite:///./data/aniworld.db"` | Database connection string.                                           |
+| `CORS_ORIGINS`    | string | `"http://localhost:3000"`        | Comma-separated allowed CORS origins. Use `*` for localhost defaults. |
+| `API_RATE_LIMIT`  | int    | `100`                            | Maximum API requests per minute.                                      |
+
+Source: [src/config/settings.py](../src/config/settings.py#L43-L68)
+
+### Provider Settings
+
+| Variable           | Type   | Default         | Description                                   |
+| ------------------ | ------ | --------------- | --------------------------------------------- |
+| `DEFAULT_PROVIDER` | string | `"aniworld.to"` | Default anime provider.                       |
+| `PROVIDER_TIMEOUT` | int    | `30`            | HTTP timeout for provider requests (seconds). |
+| `RETRY_ATTEMPTS`   | int    | `3`             | Number of retry attempts for failed requests. |
+
+Source: [src/config/settings.py](../src/config/settings.py#L69-L79)
+
+### NFO Settings
+
+| Variable              | Type   | Default  | Description                                        |
+| --------------------- | ------ | -------- | -------------------------------------------------- |
+| `TMDB_API_KEY`        | string | `""`     | The Movie Database (TMDB) API key for metadata.    |
+| `NFO_AUTO_CREATE`     | bool   | `true`   | Automatically create NFO files during downloads.   |
+| `NFO_UPDATE_ON_SCAN`  | bool   | `false`  | Update existing NFO files when scanning library.   |
+| `NFO_DOWNLOAD_POSTER` | bool   | `true`   | Download poster images along with NFO files.       |
+| `NFO_DOWNLOAD_LOGO`   | bool   | `false`  | Download logo images along with NFO files.         |
+| `NFO_DOWNLOAD_FANART` | bool   | `false`  | Download fanart images along with NFO files.       |
+| `NFO_IMAGE_SIZE`      | string | `"w500"` | Image size for TMDB images (w500, w780, original). |
+
+Source: [src/server/models/config.py](../src/server/models/config.py#L109-L132)
+
+---
+
+## 3. Configuration File (config.json)
+
+Location: `data/config.json`
+
+### File Structure
+
+```json
+{
+    "name": "Aniworld",
+    "data_dir": "data",
+    "scheduler": {
+        "enabled": true,
+        "interval_minutes": 60,
+        "schedule_time": "03:00",
+        "schedule_days": ["mon", "tue", "wed", "thu", "fri", "sat", "sun"],
+        "auto_download_after_rescan": false,
+        "folder_scan_enabled": false
+    },
+    "logging": {
+        "level": "INFO",
+        "file": null,
+        "max_bytes": null,
+        "backup_count": 3
+    },
+    "backup": {
+        "enabled": false,
+        "path": "data/backups",
+        "keep_days": 30
+    },
+    "nfo": {
+        "tmdb_api_key": "",
+        "auto_create": true,
+        "update_on_scan": false,
+        "download_poster": true,
+        "download_logo": false,
+        "download_fanart": false,
+        "image_size": "w500"
+    },
+    "other": {
+        "master_password_hash": "$pbkdf2-sha256$...",
+        "anime_directory": "/path/to/anime"
+    },
+    "version": "1.0.1"
+}
+```
+
+Source: [data/config.json](../data/config.json)
+
+---
+
+## 4. Configuration Sections
+
+### 4.1 General Settings
+
+| Field      | Type   | Default      | Description                    |
+| ---------- | ------ | ------------ | ------------------------------ |
+| `name`     | string | `"Aniworld"` | Application name.              |
+| `data_dir` | string | `"data"`     | Base directory for data files. |
+
+Source: [src/server/models/config.py](../src/server/models/config.py#L62-L66)
+
+### 4.2 Scheduler Settings
+
+Controls automatic cron-based library rescanning (powered by APScheduler).
+
+| Field                                  | Type         | Default                                       | Description                                                          |
+| -------------------------------------- | ------------ | --------------------------------------------- | -------------------------------------------------------------------- |
+| `scheduler.enabled`                    | bool         | `true`                                        | Enable/disable automatic scans.                                      |
+| `scheduler.interval_minutes`           | int          | `60`                                          | Legacy field kept for backward compatibility. Minimum: 1.            |
+| `scheduler.schedule_time`              | string       | `"03:00"`                                     | Daily run time in 24-h `HH:MM` format.                               |
+| `scheduler.schedule_days`              | list[string] | `["mon","tue","wed","thu","fri","sat","sun"]` | Days of the week to run the scan. Empty list disables the cron job.  |
+| `scheduler.auto_download_after_rescan` | bool         | `false`                                       | Automatically queue missing episodes for download after each rescan. |
+| `scheduler.folder_scan_enabled`        | bool         | `false`                                       | Run folder maintenance (NFO repair, folder renaming, poster checks) during scheduled runs. **When enabled, series folders are automatically renamed to match the `<title> (<year>)` convention derived from their `tvshow.nfo` files.** |
+
+Valid day abbreviations: `mon`, `tue`, `wed`, `thu`, `fri`, `sat`, `sun`.
+
+Source: [src/server/models/config.py](../src/server/models/config.py#L5-L12)
+
+### 4.3 Logging Settings
+
+| Field                  | Type   | Default  | Description                                       |
+| ---------------------- | ------ | -------- | ------------------------------------------------- |
+| `logging.level`        | string | `"INFO"` | Log level: DEBUG, INFO, WARNING, ERROR, CRITICAL. |
+| `logging.file`         | string | `null`   | Optional log file path.                           |
+| `logging.max_bytes`    | int    | `null`   | Maximum log file size for rotation.               |
+| `logging.backup_count` | int    | `3`      | Number of rotated log files to keep.              |
+
+Source: [src/server/models/config.py](../src/server/models/config.py#L27-L46)
+
+### 4.4 Backup Settings
+
+| Field              | Type   | Default          | Description                      |
+| ------------------ | ------ | ---------------- | -------------------------------- |
+| `backup.enabled`   | bool   | `false`          | Enable automatic config backups. |
+| `backup.path`      | string | `"data/backups"` | Directory for backup files.      |
+| `backup.keep_days` | int    | `30`             | Days to retain backups.          |
+
+Source: [src/server/models/config.py](../src/server/models/config.py#L15-L24)
+
+### 4.5 NFO Settings
+
+| Field                 | Type   | Default  | Description                                                   |
+| --------------------- | ------ | -------- | ------------------------------------------------------------- |
+| `nfo.tmdb_api_key`    | string | `""`     | The Movie Database (TMDB) API key for fetching metadata.      |
+| `nfo.auto_create`     | bool   | `true`   | Automatically create NFO files when downloading episodes.     |
+| `nfo.update_on_scan`  | bool   | `false`  | Update existing NFO files during library scan operations.     |
+| `nfo.download_poster` | bool   | `true`   | Download poster images (poster.jpg) along with NFO files.     |
+| `nfo.download_logo`   | bool   | `false`  | Download logo images (logo.png) along with NFO files.         |
+| `nfo.download_fanart` | bool   | `false`  | Download fanart images (fanart.jpg) along with NFO files.     |
+| `nfo.image_size`      | string | `"w500"` | TMDB image size: `w500` (recommended), `w780`, or `original`. |
+
+**Notes:**
+
+- Obtain a TMDB API key from https://www.themoviedb.org/settings/api
+- `auto_create` creates NFO files during the download process
+- `update_on_scan` refreshes metadata when scanning existing anime
+- `download_poster` also controls whether the scheduled folder scan checks for and re-downloads missing or corrupted `poster.jpg` files (see [NFO_GUIDE.md](NFO_GUIDE.md#6-poster-check))
+- Image downloads require valid `tmdb_api_key`
+- `TMDB_API_KEY` environment variable is optional when `nfo.tmdb_api_key` is configured in `data/config.json`
+- Larger image sizes (`w780`, `original`) consume more storage space
+
+Source: [src/server/models/config.py](../src/server/models/config.py#L109-L132)
+
+### 4.6 Other Settings (Dynamic)
+
+The `other` field stores arbitrary settings.
+
+| Key                    | Type   | Description                             |
+| ---------------------- | ------ | --------------------------------------- |
+| `master_password_hash` | string | Hashed master password (pbkdf2-sha256). |
+| `anime_directory`      | string | Path to anime library.                  |
+| `advanced`             | object | Advanced configuration options.         |
+
+---
+
+## 5. Configuration Precedence
+
+Settings are resolved in this order (first match wins):
+
+1. Environment variable (e.g., `ANIME_DIRECTORY`)
+2. `.env` file in project root
+3. `data/config.json` (for dynamic settings)
+4. Code defaults in `Settings` class
+
+---
+
+## 6. Validation Rules
+
+### Password Requirements
+
+Master password must meet all criteria:
+
+- Minimum 8 characters
+- At least one uppercase letter
+- At least one lowercase letter
+- At least one digit
+- At least one special character
+
+Source: [src/server/services/auth_service.py](../src/server/services/auth_service.py#L97-L125)
+
+### Logging Level Validation
+
+Must be one of: `DEBUG`, `INFO`, `WARNING`, `ERROR`, `CRITICAL`
+
+Source: [src/server/models/config.py](../src/server/models/config.py#L43-L47)
+
+### Backup Path Validation
+
+If `backup.enabled` is `true`, `backup.path` must be set.
+
+Source: [src/server/models/config.py](../src/server/models/config.py#L87-L91)
+
+---
+
+## 7. Example Configurations
+
+### Minimal Development Setup
+
+**.env file:**
+
+```
+LOG_LEVEL=DEBUG
+ANIME_DIRECTORY=/home/user/anime
+```
+
+### Production Setup
+
+**.env file:**
+
+```
+JWT_SECRET_KEY=your-secure-random-key-here
+DATABASE_URL=postgresql+asyncpg://user:pass@localhost/aniworld
+LOG_LEVEL=WARNING
+CORS_ORIGINS=https://your-domain.com
+API_RATE_LIMIT=60
+```
+
+### Docker Setup
+
+```yaml
+# docker-compose.yml
+environment:
+    - JWT_SECRET_KEY=${JWT_SECRET_KEY}
+    - DATABASE_URL=sqlite:///./data/aniworld.db
+    - ANIME_DIRECTORY=/media/anime
+    - LOG_LEVEL=INFO
+volumes:
+    - ./data:/app/data
+    - /media/anime:/media/anime:ro
+```
+
+---
+
+## 8. Configuration Backup Management
+
+### Automatic Backups
+
+Backups are created automatically before config changes when `backup.enabled` is `true`.
+
+Location: `data/config_backups/`
+
+Naming: `config_backup_YYYYMMDD_HHMMSS.json`
+
+### Manual Backup via API
+
+```bash
+# Create backup
+curl -X POST http://localhost:8000/api/config/backups \
+  -H "Authorization: Bearer $TOKEN"
+
+# List backups
+curl http://localhost:8000/api/config/backups \
+  -H "Authorization: Bearer $TOKEN"
+
+# Restore backup
+curl -X POST http://localhost:8000/api/config/backups/config_backup_20251213.json/restore \
+  -H "Authorization: Bearer $TOKEN"
+```
+
+Source: [src/server/api/config.py](../src/server/api/config.py#L67-L142)
+
+---
+
+## 9. Troubleshooting
+
+### Configuration Not Loading
+
+1. Check file permissions on `data/config.json`
+2. Verify JSON syntax with a validator
+3. Check logs for Pydantic validation errors
+
+### Environment Variable Not Working
+
+1. Ensure variable name matches exactly (case-sensitive)
+2. Check `.env` file location (project root)
+3. Restart application after changes
+
+### Master Password Issues
+
+1. Password hash is stored in `config.json` under `other.master_password_hash`
+2. Delete this field to reset (requires re-setup)
+3. Check hash format starts with `$pbkdf2-sha256$`
+
+---
+
+## 10. Related Documentation
+
+- [API.md](API.md) - Configuration API endpoints
+- [DEVELOPMENT.md](DEVELOPMENT.md) - Development environment setup
+- [ARCHITECTURE.md](ARCHITECTURE.md) - Configuration service architecture

Docs/DATABASE.md

@@ -0,0 +1,642 @@
+# Database Documentation
+
+## Document Purpose
+
+This document describes the database schema, models, and data layer of the Aniworld application.
+
+---
+
+## 1. Database Overview
+
+### Technology
+
+- **Database Engine**: SQLite 3 (default), PostgreSQL supported
+- **ORM**: SQLAlchemy 2.0 with async support (aiosqlite)
+- **Location**: `data/aniworld.db` (configurable via `DATABASE_URL`)
+
+Source: [src/config/settings.py](../src/config/settings.py#L53-L55)
+
+### Connection Configuration
+
+```python
+# Default connection string
+DATABASE_URL = "sqlite+aiosqlite:///./data/aniworld.db"
+
+# PostgreSQL alternative
+DATABASE_URL = "postgresql+asyncpg://user:pass@localhost/aniworld"
+```
+
+Source: [src/server/database/connection.py](../src/server/database/connection.py)
+
+---
+
+## 2. Entity Relationship Diagram
+
+```
++---------------------+       +-------------------+       +-------------------+       +------------------------+
+| system_settings     |       |   anime_series    |       |     episodes      |       |  download_queue_item   |
++---------------------+       +-------------------+       +-------------------+       +------------------------+
+| id (PK)             |       | id (PK)           |<--+   | id (PK)           |   +-->| id (PK, VARCHAR)       |
+| initial_scan_...    |       | key (UNIQUE)      |   |   | series_id (FK)----+---+   | series_id (FK)---------+
+| initial_nfo_scan... |       | name              |   +---|                   |       | status                 |
+| initial_media_...   |       | site              |       | season            |       | priority               |
+| last_scan_timestamp |       | folder            |       | episode_number    |       | season                 |
+| created_at          |       | created_at        |       | title             |       | episode                |
+| updated_at          |       | updated_at        |       | file_path         |       | progress_percent       |
++---------------------+       +-------------------+       | is_downloaded     |       | error_message          |
+                                                          | created_at        |       | retry_count            |
+                                                          | updated_at        |       | added_at               |
+                                                          +-------------------+       | started_at             |
+                                                                                      | completed_at           |
+                                                                                      | created_at             |
+                                                                                      | updated_at             |
+                                                                                      +------------------------+
+```
+
+---
+
+## 3. Table Schemas
+
+### 3.1 system_settings
+
+Stores application-wide system settings and initialization state.
+
+| Column                         | Type     | Constraints                | Description                                   |
+| ------------------------------ | -------- | -------------------------- | --------------------------------------------- |
+| `id`                           | INTEGER  | PRIMARY KEY, AUTOINCREMENT | Internal database ID (only one row)           |
+| `initial_scan_completed`       | BOOLEAN  | NOT NULL, DEFAULT FALSE    | Whether initial anime folder scan is complete |
+| `initial_nfo_scan_completed`   | BOOLEAN  | NOT NULL, DEFAULT FALSE    | Whether initial NFO scan is complete          |
+| `initial_media_scan_completed` | BOOLEAN  | NOT NULL, DEFAULT FALSE    | Whether initial media scan is complete        |
+| `last_scan_timestamp`          | DATETIME | NULLABLE                   | Timestamp of last completed scan              |
+| `created_at`                   | DATETIME | NOT NULL, DEFAULT NOW      | Record creation timestamp                     |
+| `updated_at`                   | DATETIME | NOT NULL, ON UPDATE NOW    | Last update timestamp                         |
+
+**Purpose:**
+
+This table tracks the initialization status of the application to ensure that expensive one-time setup operations (like scanning the entire anime directory) only run on the first startup, not on every restart.
+
+- Only one row exists in this table
+- The `initial_scan_completed` flag prevents redundant full directory scans on each startup
+- The NFO and media scan flags similarly track completion of those setup tasks
+
+Source: [src/server/database/models.py](../src/server/database/models.py), [src/server/database/system_settings_service.py](../src/server/database/system_settings_service.py)
+
+### 3.2 anime_series
+
+Stores anime series metadata. Corresponds to the core `Serie` class.
+
+| Column           | Type          | Constraints                | Description                                             |
+| ---------------- | ------------- | -------------------------- | ------------------------------------------------------- |
+| `id`             | INTEGER       | PRIMARY KEY, AUTOINCREMENT | Internal database ID                                    |
+| `key`            | VARCHAR(255)  | UNIQUE, NOT NULL, INDEX    | **Primary identifier** - provider-assigned URL-safe key |
+| `name`           | VARCHAR(500)  | NOT NULL, INDEX            | Display name of the series                              |
+| `site`           | VARCHAR(500)  | NOT NULL                   | Provider site URL                                       |
+| `folder`         | VARCHAR(1000) | NOT NULL                   | Filesystem folder name (metadata only)                  |
+| `year`           | INTEGER       | NULLABLE                   | Release year of the series                               |
+| `nfo_path`       | VARCHAR(1000) | NULLABLE                   | Path to tvshow.nfo metadata file                        |
+| `tmdb_id`        | INTEGER       | NULLABLE, INDEX             | TMDB (The Movie Database) ID for metadata               |
+| `tvdb_id`        | INTEGER       | NULLABLE, INDEX             | TVDB (TheTVDB) ID for metadata                          |
+| `has_nfo`        | BOOLEAN       | NOT NULL, DEFAULT FALSE    | Whether tvshow.nfo exists                               |
+| `loading_status` | VARCHAR(50)   | NOT NULL, DEFAULT 'completed' | Status: pending, loading_episodes, loading_nfo, completed, failed |
+| `created_at`     | DATETIME      | NOT NULL, DEFAULT NOW       | Record creation timestamp                               |
+| `updated_at`     | DATETIME      | NOT NULL, ON UPDATE NOW     | Last update timestamp                                   |
+
+**Identifier Convention:**
+
+- `key` is the **primary identifier** for all operations (e.g., `"attack-on-titan"`)
+- `folder` is **metadata only** for filesystem operations (e.g., `"Attack on Titan (2013)"`)
+- `id` is used only for database relationships
+
+**EpisodeDict Mapping:**
+
+The `episodeDict` (season → episode numbers mapping) is stored as individual `Episode` records:
+- Each `Episode` has `season` and `episode_number` columns
+- Relationship: `AnimeSeries.episodes` returns all Episode records for that series
+
+Source: [src/server/database/models.py](../src/server/database/models.py#L23-L150)
+
+### 3.3 episodes
+
+Stores **missing episodes** that need to be downloaded. Episodes are automatically managed during scans:
+
+- New missing episodes are added to the database
+- Episodes that are no longer missing (files now exist) are removed from the database
+- When an episode is downloaded, it can be marked with `is_downloaded=True` or removed from tracking
+
+| Column           | Type          | Constraints                  | Description                   |
+| ---------------- | ------------- | ---------------------------- | ----------------------------- |
+| `id`             | INTEGER       | PRIMARY KEY, AUTOINCREMENT   | Internal database ID          |
+| `series_id`      | INTEGER       | FOREIGN KEY, NOT NULL, INDEX | Reference to anime_series.id  |
+| `season`         | INTEGER       | NOT NULL                     | Season number (1-based)       |
+| `episode_number` | INTEGER       | NOT NULL                     | Episode number within season  |
+| `title`          | VARCHAR(500)  | NULLABLE                     | Episode title if known        |
+| `file_path`      | VARCHAR(1000) | NULLABLE                     | Local file path if downloaded |
+| `is_downloaded`  | BOOLEAN       | NOT NULL, DEFAULT FALSE      | Download status flag          |
+| `created_at`     | DATETIME      | NOT NULL, DEFAULT NOW        | Record creation timestamp     |
+| `updated_at`     | DATETIME      | NOT NULL, ON UPDATE NOW      | Last update timestamp         |
+
+**Foreign Key:**
+
+- `series_id` -> `anime_series.id` (ON DELETE CASCADE)
+
+Source: [src/server/database/models.py](../src/server/database/models.py#L122-L181)
+
+### 3.4 download_queue_item
+
+Stores download queue items with status tracking.
+
+| Column             | Type          | Constraints                 | Description                    |
+| ------------------ | ------------- | --------------------------- | ------------------------------ |
+| `id`               | VARCHAR(36)   | PRIMARY KEY                 | UUID identifier                |
+| `series_id`        | INTEGER       | FOREIGN KEY, NOT NULL       | Reference to anime_series.id   |
+| `season`           | INTEGER       | NOT NULL                    | Season number                  |
+| `episode`          | INTEGER       | NOT NULL                    | Episode number                 |
+| `status`           | VARCHAR(20)   | NOT NULL, DEFAULT 'pending' | Download status                |
+| `priority`         | VARCHAR(10)   | NOT NULL, DEFAULT 'NORMAL'  | Queue priority                 |
+| `progress_percent` | FLOAT         | NULLABLE                    | Download progress (0-100)      |
+| `error_message`    | TEXT          | NULLABLE                    | Error description if failed    |
+| `retry_count`      | INTEGER       | NOT NULL, DEFAULT 0         | Number of retry attempts       |
+| `source_url`       | VARCHAR(2000) | NULLABLE                    | Download source URL            |
+| `added_at`         | DATETIME      | NOT NULL, DEFAULT NOW       | When added to queue            |
+| `started_at`       | DATETIME      | NULLABLE                    | When download started          |
+| `completed_at`     | DATETIME      | NULLABLE                    | When download completed/failed |
+| `created_at`       | DATETIME      | NOT NULL, DEFAULT NOW       | Record creation timestamp      |
+| `updated_at`       | DATETIME      | NOT NULL, ON UPDATE NOW     | Last update timestamp          |
+
+**Status Values:** `pending`, `downloading`, `paused`, `completed`, `failed`, `cancelled`
+
+**Priority Values:** `LOW`, `NORMAL`, `HIGH`
+
+**Foreign Key:**
+
+- `series_id` -> `anime_series.id` (ON DELETE CASCADE)
+
+Source: [src/server/database/models.py](../src/server/database/models.py#L200-L300)
+
+---
+
+## 4. Indexes
+
+| Table                 | Index Name              | Columns     | Purpose                           |
+| --------------------- | ----------------------- | ----------- | --------------------------------- |
+| `system_settings`     | N/A (single row)        | N/A         | Only one row, no indexes needed   |
+| `anime_series`        | `ix_anime_series_key`   | `key`       | Fast lookup by primary identifier |
+| `anime_series`        | `ix_anime_series_name`  | `name`      | Search by name                    |
+| `episodes`            | `ix_episodes_series_id` | `series_id` | Join with series                  |
+| `download_queue_item` | `ix_download_series_id` | `series_id` | Filter by series                  |
+| `download_queue_item` | `ix_download_status`    | `status`    | Filter by status                  |
+
+---
+
+## 5. Model Layer
+
+### 5.1 SQLAlchemy ORM Models
+
+```python
+# src/server/database/models.py
+
+class AnimeSeries(Base, TimestampMixin):
+    __tablename__ = "anime_series"
+
+    id: Mapped[int] = mapped_column(Integer, primary_key=True)
+    key: Mapped[str] = mapped_column(String(255), unique=True, index=True)
+    name: Mapped[str] = mapped_column(String(500), index=True)
+    site: Mapped[str] = mapped_column(String(500))
+    folder: Mapped[str] = mapped_column(String(1000))
+
+    episodes: Mapped[List["Episode"]] = relationship(
+        "Episode", back_populates="series", cascade="all, delete-orphan"
+    )
+```
+
+Source: [src/server/database/models.py](../src/server/database/models.py#L23-L87)
+
+### 5.2 Pydantic API Models
+
+```python
+# src/server/models/download.py
+
+class DownloadItem(BaseModel):
+    id: str
+    serie_id: str      # Maps to anime_series.key
+    serie_folder: str  # Metadata only
+    serie_name: str
+    episode: EpisodeIdentifier
+    status: DownloadStatus
+    priority: DownloadPriority
+```
+
+Source: [src/server/models/download.py](../src/server/models/download.py#L63-L118)
+
+### 5.3 Model Mapping
+
+| API Field      | Database Column       | Notes              |
+| -------------- | --------------------- | ------------------ |
+| `serie_id`     | `anime_series.key`    | Primary identifier |
+| `serie_folder` | `anime_series.folder` | Metadata only      |
+| `serie_name`   | `anime_series.name`   | Display name       |
+
+---
+
+## 6. Transaction Support
+
+### 6.1 Overview
+
+The database layer provides comprehensive transaction support to ensure data consistency across compound operations. All write operations can be wrapped in explicit transactions.
+
+Source: [src/server/database/transaction.py](../src/server/database/transaction.py)
+
+### 6.2 Transaction Utilities
+
+| Component                 | Type              | Description                              |
+| ------------------------- | ----------------- | ---------------------------------------- |
+| `@transactional`          | Decorator         | Wraps function in transaction boundary   |
+| `atomic()`                | Async context mgr | Provides atomic operation block          |
+| `atomic_sync()`           | Sync context mgr  | Sync version of atomic()                 |
+| `TransactionContext`      | Class             | Explicit sync transaction control        |
+| `AsyncTransactionContext` | Class             | Explicit async transaction control       |
+| `TransactionManager`      | Class             | Helper for manual transaction management |
+
+### 6.3 Transaction Propagation Modes
+
+| Mode           | Behavior                                         |
+| -------------- | ------------------------------------------------ |
+| `REQUIRED`     | Use existing transaction or create new (default) |
+| `REQUIRES_NEW` | Always create new transaction                    |
+| `NESTED`       | Create savepoint within existing transaction     |
+
+### 6.4 Usage Examples
+
+**Using @transactional decorator:**
+
+```python
+from src.server.database.transaction import transactional
+
+@transactional()
+async def compound_operation(db: AsyncSession, data: dict):
+    # All operations commit together or rollback on error
+    series = await AnimeSeriesService.create(db, ...)
+    episode = await EpisodeService.create(db, series_id=series.id, ...)
+    return series, episode
+```
+
+**Using atomic() context manager:**
+
+```python
+from src.server.database.transaction import atomic
+
+async def some_function(db: AsyncSession):
+    async with atomic(db) as tx:
+        await operation1(db)
+        await operation2(db)
+        # Auto-commits on success, rolls back on exception
+```
+
+**Using savepoints for partial rollback:**
+
+```python
+async with atomic(db) as tx:
+    await outer_operation(db)
+
+    async with tx.savepoint() as sp:
+        await risky_operation(db)
+        if error_condition:
+            await sp.rollback()  # Only rollback nested ops
+
+    await final_operation(db)  # Still executes
+```
+
+Source: [src/server/database/transaction.py](../src/server/database/transaction.py)
+
+### 6.5 Connection Module Additions
+
+| Function                        | Description                                  |
+| ------------------------------- | -------------------------------------------- |
+| `get_transactional_session`     | Session without auto-commit for transactions |
+| `TransactionManager`            | Helper class for manual transaction control  |
+| `is_session_in_transaction`     | Check if session is in active transaction    |
+| `get_session_transaction_depth` | Get nesting depth of transactions            |
+
+Source: [src/server/database/connection.py](../src/server/database/connection.py)
+
+---
+
+## 7. Repository Pattern
+
+The `QueueRepository` class provides data access abstraction.
+
+```python
+class QueueRepository:
+    async def save_item(self, item: DownloadItem) -> None:
+        """Save or update a download item (atomic operation)."""
+
+    async def get_all_items(self) -> List[DownloadItem]:
+        """Get all items from database."""
+
+    async def delete_item(self, item_id: str) -> bool:
+        """Delete item by ID."""
+
+    async def clear_all(self) -> int:
+        """Clear all items (atomic operation)."""
+```
+
+Note: Compound operations (`save_item`, `clear_all`) are wrapped in `atomic()` transactions.
+
+Source: [src/server/services/queue_repository.py](../src/server/services/queue_repository.py)
+
+---
+
+## 8. Database Service
+
+The `AnimeSeriesService` provides async CRUD operations.
+
+```python
+class AnimeSeriesService:
+    @staticmethod
+    async def create(
+        db: AsyncSession,
+        key: str,
+        name: str,
+        site: str,
+        folder: str
+    ) -> AnimeSeries:
+        """Create a new anime series."""
+
+    @staticmethod
+    async def get_by_key(
+        db: AsyncSession,
+        key: str
+    ) -> Optional[AnimeSeries]:
+        """Get series by primary key identifier."""
+```
+
+### Bulk Operations
+
+Services provide bulk operations for transaction-safe batch processing:
+
+| Service                | Method                 | Description                    |
+| ---------------------- | ---------------------- | ------------------------------ |
+| `EpisodeService`       | `bulk_mark_downloaded` | Mark multiple episodes at once |
+| `DownloadQueueService` | `bulk_delete`          | Delete multiple queue items    |
+| `DownloadQueueService` | `clear_all`            | Clear entire queue             |
+| `UserSessionService`   | `rotate_session`       | Revoke old + create new atomic |
+| `UserSessionService`   | `cleanup_expired`      | Bulk delete expired sessions   |
+
+Source: [src/server/database/service.py](../src/server/database/service.py)
+
+---
+
+## 9. Data Integrity Rules
+
+### Validation Constraints
+
+| Field                     | Rule                     | Error Message                         |
+| ------------------------- | ------------------------ | ------------------------------------- |
+| `anime_series.key`        | Non-empty, max 255 chars | "Series key cannot be empty"          |
+| `anime_series.name`       | Non-empty, max 500 chars | "Series name cannot be empty"         |
+| `episodes.season`         | 0-1000                   | "Season number must be non-negative"  |
+| `episodes.episode_number` | 0-10000                  | "Episode number must be non-negative" |
+
+Source: [src/server/database/models.py](../src/server/database/models.py#L89-L119)
+
+### Cascade Rules
+
+- Deleting `anime_series` deletes all related `episodes` and `download_queue_item`
+
+---
+
+## 10. Migration Strategy
+
+Currently, SQLAlchemy's `create_all()` is used for schema creation.
+
+```python
+# src/server/database/connection.py
+async def init_db():
+    async with engine.begin() as conn:
+        await conn.run_sync(Base.metadata.create_all)
+```
+
+For production migrations, Alembic is recommended but not yet implemented.
+
+Source: [src/server/database/connection.py](../src/server/database/connection.py)
+
+---
+
+## 11. Common Query Patterns
+
+### Get all series with missing episodes
+
+```python
+series = await db.execute(
+    select(AnimeSeries).options(selectinload(AnimeSeries.episodes))
+)
+for serie in series.scalars():
+    downloaded = [e for e in serie.episodes if e.is_downloaded]
+```
+
+### Get pending downloads ordered by priority
+
+```python
+items = await db.execute(
+    select(DownloadQueueItem)
+    .where(DownloadQueueItem.status == "pending")
+    .order_by(
+        case(
+            (DownloadQueueItem.priority == "HIGH", 1),
+            (DownloadQueueItem.priority == "NORMAL", 2),
+            (DownloadQueueItem.priority == "LOW", 3),
+        ),
+        DownloadQueueItem.added_at
+    )
+)
+```
+
+---
+
+## 12. Series Storage: Database vs Files (Deprecated)
+
+### File-Based Storage (Removed in v2.0)
+
+Prior to v2.0, series metadata was stored in two files per anime folder:
+
+| File     | Contents                                                |
+| -------- | ------------------------------------------------------- |
+| `key`    | Series provider key (e.g., `"attack-on-titan"`)        |
+| `data`   | JSON serialization of `Serie` object                    |
+
+File structure example:
+```
+/anime/Attack on Titan (2013)/
+├── key          # Contains: attack-on-titan
+├── data         # Contains: {"key": "...", "name": "...", "episodeDict": {...}}
+├── Season 1/
+│   └── ...
+```
+
+### Database Storage (Current)
+
+Since v2.0, all series metadata is stored in the `anime_series` table with `Episode` records for episode tracking. This provides:
+
+- **ACID transactions** for data consistency
+- **Foreign key constraints** (cascade delete)
+- **Indexed queries** for fast lookups
+- **No filesystem dependency** for metadata
+
+### Migration from Files to Database
+
+The `Serie.save_to_file()` and `Serie.load_from_file()` methods are deprecated but still functional for backward compatibility during migration:
+
+```python
+from src.core.entities.series import Serie
+
+# Old file-based loading (deprecated)
+serie = Serie.load_from_file("/anime/Attack on Titan (2013)/data")
+
+# New database-based loading
+from src.server.database.service import AnimeSeriesService
+serie = await AnimeSeriesService.get_by_key(db, "attack-on-titan")
+```
+
+### Removing File Dependencies
+
+After verifying database schema supports all fields, file-based storage can be removed:
+
+1. ✅ Schema verified: All `Serie` fields have corresponding DB columns
+2. ✅ Migration complete: All existing series migrated to database
+3. ❌ File cleanup: Remove `key` and `data` files (pending)
+
+**Note:** The `save_to_file()` and `load_from_file()` methods will be removed in v3.0.0.
+
+---
+
+## 12. Series Persistence Flow
+
+When a directory scan discovers or updates series, the scanner persists data to the database instead of writing to disk files.
+
+### Scan Flow
+
+```
+Scan Directory
+    │
+    ▼
+Find MP4 Files → Extract Serie Key
+    │
+    ▼
+Check DB for Existing Series (by key)
+    │
+    ├─── EXISTS ──────────────────────► Update Series Metadata
+    │                                        │
+    │                                        ▼
+    │                                 Sync Episodes to DB
+    │                                      │
+    │◄──────────────────────────────────────┘
+    │
+    └─── NEW ───────────────────────────► Create New Series Record
+                                             │
+                                             ▼
+                                      Create Episode Records
+                                             │
+                                             ▼
+                                      Return to Scan Loop
+```
+
+### Key Methods
+
+**SerieScanner._persist_serie_to_db()**
+- Called after `get_missing_episodes_and_season()` computes episodeDict
+- Uses `AnimeSeriesService.get_by_key()` to check if series exists
+- If exists: calls `AnimeSeriesService.update()` + `_sync_episodes_to_db()`
+- If new: calls `AnimeSeriesService.create()` + creates episodes
+
+**SerieScanner._sync_episodes_to_db()**
+- Gets existing episodes from DB via `EpisodeService.get_by_series()`
+- Compares with new episodeDict
+- Removes episodes no longer missing (unless `is_downloaded=True`)
+- Adds new missing episodes
+- Preserves `is_downloaded=True` episodes when removing missing ones
+
+**SerieList.add_to_db()**
+- Used when adding a new discovered series via API
+- Creates filesystem folder + database record + episode records
+
+### Episode Sync Logic
+
+```python
+# For each episode in DB but not in new episodeDict:
+if episode.is_downloaded:
+    # Keep - file exists, don't remove
+    pass
+else:
+    # Remove - no longer missing
+    EpisodeService.delete()
+
+# For each episode in new episodeDict but not in DB:
+# Add as new missing episode
+EpisodeService.create(is_downloaded=False)
+```
+
+### Transaction Handling
+
+- DB operations use their own session with commit/rollback
+- If DB write fails, error is logged and scan continues
+- File-based `save_to_file()` no longer called during scan
+
+### Migration Path
+
+1. v2.x: Scanner writes to both DB (primary) and files (fallback)
+2. v3.0: Scanner writes only to DB, file methods removed
+
+---
+
+## 13. Series Persistence
+
+### Schema
+
+**AnimeSeries Table**: Stores series metadata (key, name, site, folder, year)
+
+| Column    | Type         | Constraints               | Description           |
+|-----------|--------------|---------------------------|----------------------|
+| `id`      | INTEGER      | PRIMARY KEY               | Auto-increment       |
+| `key`     | VARCHAR(255) | UNIQUE, NOT NULL          | Series provider key   |
+| `name`    | VARCHAR(500) | NOT NULL                 | Display name         |
+| `site`    | VARCHAR(500) |                           | Provider site URL    |
+| `folder`  | VARCHAR(1000)|                           | Filesystem folder    |
+
+**Episode Table**: Stores per-episode metadata (season, episode_number, is_downloaded)
+
+| Column          | Type         | Constraints               | Description           |
+|-----------------|--------------|---------------------------|----------------------|
+| `id`            | INTEGER      | PRIMARY KEY               | Auto-increment       |
+| `series_id`     | INTEGER      | FOREIGN KEY → anime_series| Parent series        |
+| `season`        | INTEGER      | NOT NULL                  | Season number        |
+| `episode_number`| INTEGER      | NOT NULL                  | Episode number       |
+| `is_downloaded` | BOOLEAN      | DEFAULT FALSE            | Download status      |
+
+### Relationships
+
+- `AnimeSeries.episodes` → List of Episode objects (one-to-many)
+- `Episode.series` → Parent AnimeSeries (many-to-one)
+- Cascade delete: Deleting a series removes all its episodes
+
+### Queries
+
+```python
+# Get all series with episodes
+AnimeSeriesService.get_all(db, with_episodes=True)
+
+# Get by provider key
+AnimeSeriesService.get_by_key(db, key)
+
+# Get by folder path
+AnimeSeriesService.get_by_folder(db, folder)
+```
+
+---
+
+## 14. Database Location
+
+| Environment | Default Location                                  |
+| ----------- | ------------------------------------------------- |
+| Development | `./data/aniworld.db`                              |
+| Production  | Via `DATABASE_URL` environment variable           |
+| Testing     | In-memory SQLite (`sqlite+aiosqlite:///:memory:`) |

Docs/DEVELOPMENT.md

@@ -0,0 +1,436 @@
+# Development Guide
+
+## Document Purpose
+
+This document provides guidance for developers working on the Aniworld project.
+
+### What This Document Contains
+
+-   **Prerequisites**: Required software and tools
+-   **Environment Setup**: Step-by-step local development setup
+-   **Project Structure**: Source code organization explanation
+-   **Development Workflow**: Branch strategy, commit conventions
+-   **Coding Standards**: Style guide, linting, formatting
+-   **Running the Application**: Development server, CLI usage
+-   **Debugging Tips**: Common debugging approaches
+-   **IDE Configuration**: VS Code settings, recommended extensions
+-   **Contributing Guidelines**: How to submit changes
+-   **Code Review Process**: Review checklist and expectations
+
+### What This Document Does NOT Contain
+
+-   Production deployment (see [DEPLOYMENT.md](DEPLOYMENT.md))
+-   API reference (see [API.md](API.md))
+-   Architecture decisions (see [ARCHITECTURE.md](ARCHITECTURE.md))
+-   Test writing guides (see [TESTING.md](TESTING.md))
+-   Security guidelines (see [SECURITY.md](SECURITY.md))
+
+### Target Audience
+
+-   New Developers joining the project
+-   Contributors (internal and external)
+-   Anyone setting up a development environment
+
+---
+
+## Sections to Document
+
+1. Prerequisites
+    - Python version
+    - Conda environment
+    - Node.js (if applicable)
+    - Git
+2. Getting Started
+    - Clone repository
+    - Setup conda environment
+    - Install dependencies
+    - Configuration setup
+3. Project Structure Overview
+4. Development Server
+    - Starting FastAPI server
+    - Hot reload configuration
+    - Debug mode
+5. CLI Development
+6. Code Style
+    - PEP 8 compliance
+    - Type hints requirements
+    - Docstring format
+    - Import organization
+7. Git Workflow
+    - Branch naming
+    - Commit message format
+    - Pull request process
+8. Common Development Tasks
+
+### Adding Queue Deduplication
+
+The download queue prevents duplicate entries at two levels:
+
+**In-Memory Deduplication** (`src/server/services/download_service.py`):
+- `_pending_by_episode` dict tracks pending episodes: key = `(serie_id, season, episode)`
+- `_add_to_pending_queue()` updates the dict when adding items
+- `add_to_queue()` checks this dict before adding episodes (includes batch-local dedup)
+- `_remove_from_pending_queue()` cleans up the dict when items are removed
+
+**Database Constraint** (`src/server/models.py`):
+- `DownloadQueueItem` has a unique index on `episode_id` via `__table_args__`
+- Prevents duplicate queue entries at the database level
+- Unique constraint: `Index("ix_download_queue_episode_pending", "episode_id", unique=True)`
+
+**Scheduler Cooldown** (`src/server/services/scheduler_service.py`):
+- `_last_auto_download_time` tracks when auto-download last ran
+- 5-minute cooldown prevents rapid re-triggers
+- Checked at start of `_auto_download_missing()`
+
+### Episode Lifecycle
+
+Episodes transition through states stored in the `episodes` table:
+
+| State | `is_downloaded` | `file_path` | Description |
+|-------|----------------|-------------|-------------|
+| Missing | `False` | `NULL` | Episode not yet downloaded |
+| Downloaded | `True` | Set | Episode exists on disk |
+
+**State Transitions:**
+1. **Missing → Downloaded**: When download completes, `_remove_episode_from_missing_list()` calls `EpisodeService.mark_downloaded()` to set `is_downloaded=True` and populate `file_path`. The episode record is NOT deleted.
+
+**Query Implications:**
+- `get_series_with_missing_episodes()`: Filters for `is_downloaded=False` to find series with undownloaded episodes
+- `get_series_with_no_episodes()`: Finds series with `is_downloaded=False` episodes but NO `is_downloaded=True` episodes (completely unwatched series)
+
+### Mocking the Download Queue
+
+When testing components that use the download queue:
+
+```python
+# Mock repository for unit tests
+class MockQueueRepository:
+    def __init__(self):
+        self._items: Dict[str, DownloadItem] = {}
+
+    async def save_item(self, item: DownloadItem) -> DownloadItem:
+        self._items[item.id] = item
+        return item
+
+    async def get_all_items(self) -> List[DownloadItem]:
+        return list(self._items.values())
+
+# Use in fixture
+@pytest.fixture
+def mock_queue_repository():
+    return MockQueueRepository()
+
+@pytest.fixture
+def download_service(mock_anime_service, mock_queue_repository):
+    return DownloadService(
+        anime_service=mock_anime_service,
+        queue_repository=mock_queue_repository,
+        max_retries=3,
+    )
+```
+
+9. Troubleshooting Development Issues
+
+### Async Context Managers for aiohttp
+
+All `aiohttp.ClientSession` usages must be wrapped in `async with`:
+
+```python
+# Correct — session properly closed on exit
+async with TMDBClient(api_key="key") as client:
+    result = await client.search_tv_show("Show")
+
+# Wrong — session may leak if exception occurs
+client = TMDBClient(api_key="key")
+result = await client.search_tv_show("Show")
+await client.close()  # May not be called if exception raised earlier
+```
+
+**Why:**
+- `aiohttp.ClientSession` holds TCP connections that must be explicitly closed
+- If exception occurs before `close()`, session leaks
+- Context manager guarantees `__aexit__` runs even on exceptions
+
+**Services that use aiohttp:**
+- `TMDBClient` — has `__aenter__`/`__aexit__`, use `async with`
+- `ImageDownloader` — has `__aenter__`/`__aexit__`, use `async with`
+- `NFOService` — wraps both above, use `async with`
+
+**Verification:**
+- Missing context manager usage triggers `__del__` warning on garbage collection
+- Integration tests verify no "Unclosed client session" errors in logs
+
+### Scheduler Persistence and Recovery
+
+The scheduler uses APScheduler's in-memory job store. Jobs are reconstructed from `config.json` on every startup — no separate database is needed.
+
+```python
+# Jobs are built from config on startup — no persistence DB required
+scheduler = AsyncIOScheduler()  # default MemoryJobStore
+scheduler.add_job(..., replace_existing=True)
+```
+
+**Startup misfire recovery:** On `start()`, the scheduler checks `system_settings.last_scan_timestamp` in `aniworld.db`. If the last scan is overdue (>23h but <25h ago), an immediate rescan is triggered. This replaces APScheduler's built-in misfire handling which required a separate SQLite database.
+
+**Grace period:** If the server was down for more than 25 hours, no automatic recovery occurs to avoid surprise rescans after long downtime.
+
+**Health endpoint:** `GET /health` returns `scheduler_next_run` and `scheduler_last_run` for external monitors (Uptime Kuma, Prometheus, etc.).
+
+**If server is down too long:** Manual trigger via `POST /api/scheduler/trigger-rescan` or wait for next scheduled run.
+
+### Database Session Management
+
+`get_async_session_factory()` returns a **new AsyncSession instance** directly (not a factory). The function name is historical — callers receive the session immediately:
+
+```python
+# Correct usage:
+db = get_async_session_factory()  # db IS the session
+await db.execute(...)
+await db.commit()
+await db.close()
+```
+
+Do NOT call the result again with `()` — that tries to call an `AsyncSession` object, causing `'AsyncSession' object is not callable`.
+
+For context manager usage, prefer `get_db_session()` (auto-commits) or `get_transactional_session()` (manual commit).
+
+### Health Check Endpoints
+
+The application provides health check endpoints for monitoring and container orchestration:
+
+#### `GET /health`
+Basic health check returning service status and startup health check results.
+
+**Response fields:**
+- `status`: "healthy", "degraded", or "unhealthy" based on startup checks
+- `timestamp`: ISO timestamp of the check
+- `series_app_initialized`: Whether the series app is loaded
+- `anime_directory_configured`: Whether anime_directory is set
+- `scheduler_next_run` / `scheduler_last_run`: Scheduler times
+- `checks`: Detailed startup check results (ffmpeg, DNS, anime_directory)
+
+#### `GET /health/ready`
+Readiness check for container orchestrators (Kubernetes, Docker Swarm).
+
+**Response when ready:**
+```json
+{
+  "status": "ready",
+  "ready": true,
+  "timestamp": "2024-01-01T00:00:00",
+  "checks": {...}
+}
+```
+
+**Response when not ready (503):**
+```json
+{
+  "status": "not_ready",
+  "ready": false,
+  "timestamp": "2024-01-01T00:00:00",
+  "critical_failures": ["anime_directory: not configured"],
+  "checks": {...}
+}
+```
+
+#### `GET /health/detailed`
+Comprehensive health check including database, filesystem, and system metrics.
+
+#### Startup Health Checks
+
+On application startup, the following checks are performed:
+
+| Check | Failure Status | Impact |
+|-------|---------------|--------|
+| `ffmpeg` | warning | HLS downloads may fail |
+| `dns_aniworld` | warning | Provider requests may fail |
+| `dns_tmdb` | warning | TMDB API calls may fail |
+| `anime_directory` | error | Download service disabled |
+
+DNS checks are warnings because failures can be transient. anime_directory errors disable the download service to prevent failures.
+
+### Troubleshooting Development Issues
+
+#### Scheduler missed a run
+
+1. Server was down at scheduled time (03:00 UTC by default).
+2. On restart, the scheduler checks `last_scan_timestamp` — if overdue by 23-25h, it triggers immediately.
+3. If server was down >25 hours, missed job is skipped to avoid surprise rescans.
+4. Trigger manually: `POST /api/scheduler/trigger-rescan`
+5. Monitor next run: `GET /health` → `scheduler_next_run`
+
+#### Scheduler not firing (no events at scheduled time)
+
+If the scheduler appears configured but never triggers:
+
+1. **Check application logs for scheduler startup:**
+   ```
+   grep "Scheduler service started" fastapi_app.log
+   ```
+   - If missing, the scheduler failed to start — check for errors above this line
+   - If present, scheduler started successfully
+
+2. **Verify the job is registered:**
+   ```
+   grep "Scheduler started with cron trigger" fastapi_app.log
+   ```
+
+3. **Verify APScheduler events in logs:**
+   ```
+   grep "apscheduler.executors.default" fastapi_app.log
+   ```
+   - `Running job` = job triggered
+   - `executed successfully` = job completed
+   - No output = job never fired
+
+4. **Test manual trigger:**
+   ```bash
+   curl -X POST http://localhost:8000/api/scheduler/trigger-rescan -H "Authorization: Bearer <token>"
+   ```
+   - If manual trigger works but cron doesn't, the issue is APScheduler configuration
+
+5. **Check next_run_time via health endpoint:**
+   ```bash
+   curl http://localhost:8000/health | jq .scheduler_next_run
+   ```
+   - If `null`, the job is not scheduled
+   - If set, the scheduler knows when to run next
+
+6. **Check timezone handling:**
+   - APScheduler uses UTC internally
+   - The schedule_time config (e.g., "03:00") is interpreted as UTC
+   - If you expect local time, adjust the schedule_time accordingly
+
+#### Startup health check failures
+
+If `/health` returns `unhealthy` status:
+
+1. **anime_directory error**: Directory not configured or not writable
+   - Check `ANIME_DIRECTORY` environment variable
+   - Verify directory exists and permissions allow write access
+   - Download service will not initialize until resolved
+
+2. **ffmpeg warning**: ffmpeg not found in PATH
+   - HLS stream downloads will fail
+   - Install ffmpeg: `apt install ffmpeg` or `brew install ffmpeg`
+
+3. **DNS warnings**: Domain resolution failed
+   - Check network connectivity
+   - DNS failures are transient — warnings don't block startup
+   - Retry later to verify: `GET /health`
+
+### Provider Failure Handling
+
+Download providers (VOE, Doodstream, Vidmoly, Vidoza, SpeedFiles, Streamtape,
+Luluvdo) regularly break: URLs expire, sites change their player markup, geo
+blocks appear, and `yt-dlp` extractors lag behind upstream changes. The
+`AniworldLoader.download()` flow is designed to fail fast and rotate.
+
+**Rotation order**
+
+1. The episode page is scraped for the providers AniWorld actually advertises.
+2. Results are ordered by the preference in `DEFAULT_PROVIDERS`
+   (`provider_config.py`); providers not listed run last.
+3. For each candidate the loader:
+   1. Calls `_check_url_alive()` — HEAD probe with GET fallback. Any 4xx
+      response or connection error skips the provider immediately.
+   2. Resolves the redirect via `_resolve_direct_link()` to obtain a direct
+      stream URL plus headers. Provider-specific extractors (e.g. `VOE`) are
+      preferred; unknown providers fall back to the embed URL so `yt-dlp` can
+      attempt extraction.
+   3. Tries `_try_direct_stream()` — straight `requests.get(stream=True)` when
+      `Content-Type` is `video/*` or `application/octet-stream`. This avoids
+      `yt-dlp` entirely for direct MP4 links.
+   4. Falls back to `yt-dlp` with the ffmpeg downloader for HLS streams.
+4. On any failure, temp files are cleaned and the loop moves to the next
+   provider. When the chain is exhausted, the loader logs
+   `All download providers failed for S{season}E{episode} ...; tried=[...]`
+   to both the application log and `logs/download_errors.log`.
+
+**Do not hardcode provider URLs.** Provider domains shift constantly (e.g.
+Doodstream alternates between `dood.li`, `dood.so`, `dood.la`). Only the
+referer hints in `PROVIDER_HEADERS` are persisted — discovery still happens
+at runtime through AniWorld's redirect endpoint.
+
+### HLS Stream Handling
+
+HLS (HTTP Live Streaming) manifests (`.m3u8`) require yt-dlp to use the
+`ffmpeg` downloader with `--hls-use-mpegts`. Both providers configure this
+automatically:
+
+```python
+ydl_opts = {
+    "downloader": "ffmpeg",     # Use ffmpeg instead of native
+    "hls_use_mpegts": True,     # Write transport stream (.ts) segments
+}
+```
+
+**Why this matters**: Without ffmpeg, yt-dlp logs:
+`"Live HLS streams are not supported by the native downloader"`
+
+**Requirements**:
+- ffmpeg must be installed and in PATH (`which ffmpeg`)
+- Install: `apt install ffmpeg` (Debian/Ubuntu) or `brew install ffmpeg` (macOS)
+- Startup health check (see Health Check Endpoints) verifies ffmpeg presence
+
+**Trade-offs**:
+- HLS downloads are slower than direct MP4 (reassembly of .ts segments)
+- Requires more disk space during download
+- May need post-processing if .ts format is not desired
+
+**Detection**: VOE provider extracts HLS URLs via `HLS_PATTERN` regex. Other
+providers let yt-dlp auto-detect from URL/content-type.
+
+### Updating yt-dlp
+
+When extractors break (typical symptoms: every provider HEAD probe succeeds
+but `yt-dlp` raises `Unable to extract` or `HTTP Error 404`):
+
+1. Check the upstream tracker first: https://github.com/yt-dlp/yt-dlp/issues
+2. Upgrade in the conda environment:
+   ```bash
+   conda run -n AniWorld pip install --upgrade yt-dlp
+   ```
+3. Smoke-test against a known-good episode before pinning a new floor in
+   `requirements.txt` (`yt-dlp>=YYYY.MM.DD`).
+4. Re-run the provider test suite:
+   ```bash
+   conda run -n AniWorld python -m pytest tests/unit/test_aniworld_provider.py -v
+   ```
+5. If a specific extractor is removed upstream, drop the provider from
+   `DEFAULT_PROVIDERS` rather than patching `yt-dlp` in tree.
+
+### User Notification on Total Failure
+
+`SeriesApp.download_episode()` already emits a `download_status="failed"`
+WebSocket event when `loader.download()` returns `False`. Operators should
+forward this to `notification_service.notify_download_failed()` so users see
+a HIGH-priority alert. The loader keeps the failure detail in
+`logs/download_errors.log` for post-mortem.
+
+## Series Storage
+
+### Overview
+
+Series metadata now stored in the database (SQLAlchemy ORM).
+Legacy files (`key` and `data` per folder) are deprecated but preserved
+for backward compatibility.
+
+### Architecture
+
+- **Database**: Single source of truth for all series metadata
+- **In-Memory Cache**: SeriesApp maintains a cache for performance
+- **Filesystem**: Only used for episode files themselves, not metadata
+
+### Migration
+
+First startup after upgrade automatically imports any legacy
+series files into the database.
+
+### Legacy Files
+
+- `key` file: Contains series provider key (deprecated)
+- `data` file: Contains Serie JSON object (deprecated)
+
+Both are safe to delete after migration; not needed for normal operation.
+

Docs/InstructionsLogging.md

@@ -0,0 +1,94 @@
+# Logging Instructions
+
+This document describes how to write and refactor logging across the AniWorld codebase to make logs **human-readable**, **debug-friendly**, and **noise-free**.
+
+> ✅ Goal: Logs should help a developer understand what happened, why it happened, and what to inspect next — without overwhelming them with duplicates or irrelevant details.
+
+---
+
+## 1. Principles for Great Logs
+
+### 1.1 Use the Right Log Level
+
+- `DEBUG`: Detailed internal state useful when debugging a specific issue (e.g., decision points, returned values, request/response payloads). Not for normal operation.
+- `INFO`: High-level events that represent what the system is doing (e.g., "Import started", "New series added", "Config reloaded"). Use sparingly.
+- `WARNING`: Something unexpected happened, but the system can continue (e.g., missing optional file, fallback behavior).
+- `ERROR`: An operation failed and needs attention (e.g., exception caught, failed database write).
+- `CRITICAL`: The system is in an unusable state (e.g., config corruption, failed startup).
+
+### 1.2 Keep Logs Human-Readable
+
+- Write messages in a clear, descriptive sentence-style format.
+- Avoid cryptic codes or single-word log messages.
+- Prefer `logger.debug("... %s", value)`-style formatting over f-strings to avoid unnecessary work when the log level is disabled.
+
+### 1.3 Avoid Log Spam
+
+- Don’t log inside hot loops unless you explicitly aggregate and log a summary (e.g., "Processed 124 files, 3 failures").
+- Avoid repeated/logging the same event at the same level (e.g., do not log "Retrying" 10 times at INFO; log once at INFO and then use DEBUG for each retry).
+- Use rate limiting or debounce patterns for logs that can fire rapidly (e.g., external service health checks).
+- Prefer a single higher-level log with context rather than many low-level logs that clutter output.
+
+### 1.4 Log Objects Usefully
+
+- When logging objects, log the minimal useful representation (e.g., ID, name, status) rather than the full object or its memory address.
+- If an object has a `.dict()`, `.to_dict()`, or `.as_dict()` helper (common in Pydantic models), log that rather than relying on `repr()`.
+- Add a `__repr__` or `__str__` implementation to domain models that returns a helpful, concise string with key identifiers.
+- Use structured logging (e.g., `logger.info("Series added", extra={"series_id": series.id, "title": series.title})`) where supported.
+- For exceptions, prefer `logger.exception("Failed to ...")` to capture stack traces.
+
+---
+
+## 2. Refactoring Existing Logs
+
+When improving or refactoring existing log statements, aim to make them:
+
+- **Actionable**: A developer reading the log should know what happened and what to check next.
+- **Non-redundant**: Remove duplicates and ensure only one log records the same high-level event at a given level.
+- **Context-rich**: Include identifiers (e.g., `series_id`, `file_path`, `user_id`) and key state that explains why a decision was made.
+- **Level-appropriate**: Downgrade noisy INFO logs to DEBUG, and elevate critical failures to ERROR/CRITICAL.
+
+### 2.1 Refactor Checklist
+
+1. **Locate noisy logs**: Search for repeated messages (e.g., "Start", "Done") and determine whether they should be DEBUG or removed.
+2. **Replace ad-hoc prints**: Remove `print()` statements or `print(obj)` and replace with `logger.*` calls.
+3. **Use structured context**: If a function logs multiple related messages, include the same context in each (e.g., `extra={"series_id": series.id}`) or use a context manager that attaches it.
+4. **Validate object output**: Ensure any logged object produces a useful representation (add methods or translate to dict). If not, log the key fields explicitly.
+5. **Batch repetitive events**: If a loop logs per item, consider collecting stats and logging a summary at the end.
+
+## 3. Adding New Logs
+
+When adding logs to new code paths:
+
+- Log **important state transitions** (e.g., "Queue started", "Download completed", "Config reloaded").
+- For error paths, include what failed and why (e.g., "Could not load config from X: {exc}").
+- Prefer logging at the boundaries of operations, not deep inside utility functions unless it aids debugging.
+- Write logs in full sentences, with a clear subject, verb, and object.
+
+---
+
+## 4. Example Patterns
+
+```python
+logger.info("Import completed", extra={"series_id": series.id, "count": len(imported)})
+
+logger.debug(
+    "Fetched feed items",
+    extra={"feed_url": feed.url, "item_count": len(items)},
+)
+
+try:
+    result = download_episode(episode)
+except Exception:
+    logger.exception("Failed to download episode %s", episode.id)
+```
+
+> 💡 When in doubt, favor **fewer, richer logs** over many noisy logs.
+
+---
+
+## 5. Logging Audit Task List
+
+For a guided checklist of files and logging improvements, see **`docs/tasks.md`**. This is where we track which files have been reviewed and which logging items still need attention.
+
+> ✅ After applying the guidelines above, update `docs/tasks.md` to indicate which tasks are complete.

Docs/MIGRATION_GUIDE.md

@@ -0,0 +1,111 @@
+# Migration Guide: File-Based to Database Storage
+
+## Overview
+
+This guide covers the transition from file-based series metadata storage to the new database-backed system introduced in v2.0.
+
+## What Changed
+
+**Before v2.0**: Series metadata stored in `key` and `data` files alongside anime folders.
+
+**After v2.0**: All metadata stored in SQLite database (`aniworld.db`). Files are deprecated but still supported for backward compatibility during migration.
+
+## Automated Migration
+
+The application automatically migrates on first startup:
+
+1. Scans anime directory for `key` and `data` files
+2. Parses legacy files into `AnimeSeries` and `Episode` records
+3. Loads series into in-memory cache
+4. Logs migration results
+
+**No manual action required.**
+
+## Manual Verification
+
+After first startup with the new version:
+
+1. **Check logs** for: `"Migrated X series from files to DB"`
+2. **Verify series count**: UI shows same number of series as before
+3. **Confirm episodes**: Episode counts match expected totals
+
+```bash
+# Check migration log
+grep "Migrated" logs/app.log
+
+# Verify series via API
+curl http://localhost:8000/api/anime | jq '.total'
+```
+
+## After Migration
+
+### Safe to Delete
+
+Once verified, these files can be removed:
+
+```
+<anime_folder>/
+├── Attack on Titan (2013)/
+│   ├── key     # ❌ Can delete
+│   ├── data    # ❌ Can delete
+│   └── Season 1/
+│       └── ...
+```
+
+**Deleting these files does not affect the database.** The metadata now lives in `aniworld.db`.
+
+### Backup (Recommended)
+
+Before deleting, backup the files:
+
+```bash
+# Create backup directory
+mkdir -p backup/legacy_series_files
+
+# Copy all key and data files
+find /path/to/anime -name "key" -o -name "data" | while read f; do
+    cp "$f" "backup/legacy_series_files/"
+done
+```
+
+## Reverting (Not Recommended)
+
+If you must revert to file-based storage:
+
+1. **Restore from database backup** (if available)
+2. **Export manually** (no export script exists)
+
+**Warning**: File-based storage is deprecated and will be removed in v3.0.0.
+
+## Troubleshooting
+
+### Series Not Appearing After Migration
+
+1. Check logs for migration errors: `grep -i error logs/app.log`
+2. Verify `key` and `data` files exist and are readable
+3. Manually trigger rescan: `POST /api/scheduler/trigger-rescan`
+
+### Duplicate Series
+
+1. Check for duplicate `key` files (same series in multiple folders)
+2. Verify series key uniqueness in database:
+
+```bash
+sqlite3 aniworld.db "SELECT key, COUNT(*) FROM anime_series GROUP BY key HAVING COUNT(*) > 1;"
+```
+
+### Missing Episodes
+
+1. Trigger targeted scan for affected series
+2. Check episode sync logs
+3. Verify file permissions on anime directory
+
+## Deprecation Timeline
+
+| Version | Status |
+|---------|--------|
+| v2.0.x  | Legacy files supported, migration automated |
+| v2.1.x  | Legacy files still supported, warnings in logs |
+| v3.0.0  | **Legacy files removed** - database only |
+
+Upgrade to v3.0.0 before legacy file support ends.

Docs/NAVIGATION.md

@@ -0,0 +1,206 @@
+# Navigation & Redirect Logic
+
+This document describes the setup flow navigation, covering how users progress from initial setup through to the main application.
+
+## Overview
+
+The application uses a middleware-based redirect system to ensure users complete setup before accessing the main app. The flow involves multiple pages handling setup completion, unresolved folder detection, and initialization.
+
+## Setup Flow
+
+```
+┌─────────────────────────────────────────────────────────────────────┐
+│                         SETUP FLOW                                   │
+├─────────────────────────────────────────────────────────────────────┤
+│                                                                      │
+│   /setup ──► /loading ──► /setup/unresolved ──► /loading ──► /login │
+│        │         │              │                  │                │
+│        │         │              │                  │                │
+│        ▼         ▼              ▼                  ▼                │
+│   (first    (Series Scan +  (has folders)     (all resolved)        │
+│    time)     NFO Scan)         │                                     │
+│                      │        │                                     │
+│                      │        │                                     │
+│                      │        ▼                                     │
+│                      │    [Done button] ──► marks complete         │
+│                      │        │                                     │
+│                      │        ▼                                     │
+│                      │    /loading (NFO phase runs again)           │
+│                      │        │                                     │
+│                      └────────┴─────────────────────────────────────┘
+│                                                                      │
+└─────────────────────────────────────────────────────────────────────┘
+```
+
+**New Navigation Order:**
+1. `/setup` → Initial configuration
+2. `/loading` → Series scan + NFO scan
+3. `/setup/unresolved` → Resolve folders (if any)
+4. `/loading` → NFO scan runs again
+5. `/login` → Authentication
+
+**Key Changes:**
+- After `/setup/unresolved`, the "Done" button marks the phase as complete
+- Revisiting `/setup/unresolved` after completion → redirects to `/loading`
+- `/loading` always goes to `/setup/unresolved` if unresolved folders exist
+- NFO scan runs as a separate phase after series sync during initialization
+
+## Middleware: SetupRedirectMiddleware
+
+**File:** `src/server/middleware/setup_redirect.py`
+
+The middleware intercepts all requests and redirects to `/setup` if:
+- No master password is configured
+- Configuration file is missing or invalid
+
+### Exempt Paths (always accessible)
+
+| Path | Purpose |
+|------|---------|
+| `/setup` | Initial setup page |
+| `/setup/unresolved` | Unresolved folder resolution |
+| `/loading` | Initialization progress page |
+| `/login` | Authentication |
+| `/api/auth/*` | Auth endpoints |
+| `/api/config/*` | Config API |
+| `/api/health` | Health check |
+| `/static/*` | Static assets |
+
+### Middleware Logic
+
+1. **Setup incomplete** → Redirect to `/setup`
+2. **Setup complete, accessing `/setup`** → Redirect to `/login`
+3. **Setup complete, accessing `/loading`** → Allow access (page handles its own redirect)
+4. **Setup complete, accessing `/setup/unresolved`**:
+   - If `unresolved_completed` flag is set → Redirect to `/loading`
+   - Otherwise → Allow access
+5. **API requests during setup** → Return 503 with `setup_url`
+
+## Pages
+
+### 1. Setup Page (`/setup`)
+
+**File:** `src/server/web/templates/setup.html`
+
+Handles initial configuration:
+- Master password creation
+- Anime directory selection
+- Database initialization
+
+**Post-completion flow:**
+- Redirects to `/loading` to begin initialization
+
+### 2. Loading Page (`/loading`)
+
+**File:** `src/server/web/templates/loading.html`
+
+Shows initialization progress via WebSocket:
+- Series scanning
+- Database population
+- Logo/image loading
+
+**Post-initialization flow:**
+```javascript
+async function checkUnresolvedAndProceed() {
+    // Fetch unresolved folders via API
+    const res = await fetch('/api/setup/unresolved', {
+        headers: { 'Authorization': `Bearer ${token}` }
+    });
+    const folders = await res.json();
+    
+    if (folders.length > 0) {
+        // Has unresolved folders → go to resolution page
+        window.location.href = '/setup/unresolved';
+    } else {
+        // No unresolved folders → go to login
+        window.location.href = '/login';
+    }
+}
+```
+
+### 3. Unresolved Folders Page (`/setup/unresolved`)
+
+**File:** `src/server/web/templates/unresolved.html`
+
+Allows manual resolution of folders that couldn't be auto-matched:
+- Shows list of unresolved folders
+- Provides search suggestions
+- Input field for entering provider key
+- Resolve/delete actions
+- **Done button** at top to complete the phase without resolving all folders
+
+**Post-resolution flow:**
+```javascript
+// After clicking "Done" button
+async function handleDone() {
+    // Call API to mark phase as complete
+    await fetch('/api/setup/unresolved/done', { method: 'POST' });
+    // Redirect to loading for final NFO scan
+    window.location.href = '/loading';
+}
+```
+
+**Done button behavior:**
+- Marks all remaining folders as handled
+- Sets `unresolved_completed` flag in config
+- Redirects to `/loading` to run final NFO scan
+- After completion, `/setup/unresolved` becomes inaccessible (redirects to `/loading`)
+
+### 4. Login Page (`/login`)
+
+**File:** `src/server/web/templates/login.html`
+
+Authentication page. After successful login → redirect to `/` (main app).
+
+## API Endpoints
+
+### Unresolved Folders API
+
+| Method | Endpoint | Description |
+|--------|----------|-------------|
+| `GET` | `/api/setup/unresolved` | List all unresolved folders |
+| `GET` | `/api/setup/unresolved/{folder_name}` | Get specific folder details |
+| `POST` | `/api/setup/unresolved/{folder_name}/resolve` | Resolve with provider key |
+| `POST` | `/api/setup/unresolved/{folder_name}/search` | Re-search for matches |
+| `DELETE` | `/api/setup/unresolved/{folder_name}` | Remove folder from tracking |
+| `POST` | `/api/setup/unresolved/done` | Mark unresolved phase as complete |
+
+### Auth API
+
+| Method | Endpoint | Description |
+|--------|----------|-------------|
+| `POST` | `/api/auth/setup` | Create master password |
+| `POST` | `/api/auth/login` | Authenticate |
+| `POST` | `/api/auth/logout` | End session |
+
+## Key Files
+
+| File | Purpose |
+|------|---------|
+| `src/server/middleware/setup_redirect.py` | Redirect middleware |
+| `src/server/controllers/page_controller.py` | Page route handlers |
+| `src/server/web/templates/setup.html` | Setup template |
+| `src/server/web/templates/loading.html` | Loading template |
+| `src/server/web/templates/unresolved.html` | Unresolved folders template |
+| `src/server/api/setup_endpoints.py` | Unresolved folders API |
+| `src/server/database/service.py` | UnresolvedFolderService |
+
+## Common Issues
+
+### Redirect Loop
+
+**Symptom:** Browser keeps redirecting between pages.
+
+**Causes:**
+1. `loading.html` always redirected to `/setup/unresolved` without checking if any exist
+2. `unresolved.html` redirected to `/` which middleware redirected back to `/login`
+
+**Fix:** See the navigation logic updates in loading.html and unresolved.html.
+
+### Can't Access Unresolved Page After Setup
+
+**Symptom:** Middleware redirects to `/login` instead of allowing access to `/setup/unresolved`.
+
+**Cause:** `/setup/unresolved` is in the exempt paths but the request may not be reaching it due to completion check timing.
+
+**Fix:** The middleware allows access to `/loading` which handles the redirect to `/setup/unresolved` after initialization.

Docs/NFO_GUIDE.md

@@ -0,0 +1,905 @@
+# NFO Metadata Guide
+
+## Document Purpose
+
+This guide explains how to use the NFO metadata feature to enrich your anime library with TMDB metadata and artwork for Plex, Jellyfin, Emby, and Kodi.
+
+---
+
+## 1. Overview
+
+### What are NFO Files?
+
+NFO files are XML documents that contain metadata about TV shows and episodes. Media servers like Plex, Jellyfin, Emby, and Kodi use these files to display information about your library without needing to scrape external sources.
+
+### Features
+
+- **Automatic NFO Creation**: Generate NFO files during downloads
+- **TMDB Integration**: Fetch metadata from The Movie Database
+- **Image Downloads**: Poster, fanart, and logo images
+- **Batch Operations**: Create/update NFO files for multiple anime
+- **Web UI**: Manage NFO settings and operations
+- **API Access**: Programmatic NFO management
+
+---
+
+## 2. Getting Started
+
+### 2.1 Obtain TMDB API Key
+
+1. Create a free account at https://www.themoviedb.org
+2. Navigate to https://www.themoviedb.org/settings/api
+3. Request an API key (select "Developer" option)
+4. Copy your API key (v3 auth)
+
+### 2.2 Configure NFO Settings
+
+#### Via Web Interface
+
+1. Open http://127.0.0.1:8000
+2. Click **Configuration** button
+3. Scroll to **NFO Settings** section
+4. Enter your TMDB API key
+5. Click **Test Connection** to verify
+6. Configure options:
+    - **Auto-create during downloads**: Enable to create NFO files automatically
+    - **Update on library scan**: Enable to refresh existing NFO files
+    - **Download poster**: Episode and show poster images (poster.jpg)
+    - **Download logo**: Show logo images (logo.png)
+    - **Download fanart**: Background artwork (fanart.jpg)
+    - **Image size**: Select w500 (recommended), w780, or original
+7. Click **Save**
+
+#### Via Environment Variables
+
+Add to your `.env` file:
+
+```bash
+TMDB_API_KEY=your_api_key_here
+NFO_AUTO_CREATE=true
+NFO_UPDATE_ON_SCAN=false
+NFO_DOWNLOAD_POSTER=true
+NFO_DOWNLOAD_LOGO=false
+NFO_DOWNLOAD_FANART=false
+NFO_IMAGE_SIZE=w500
+```
+
+#### Via config.json
+
+Edit `data/config.json`:
+
+```json
+{
+    "nfo": {
+        "tmdb_api_key": "your_api_key_here",
+        "auto_create": true,
+        "update_on_scan": false,
+        "download_poster": true,
+        "download_logo": false,
+        "download_fanart": false,
+        "image_size": "w500"
+    }
+}
+```
+
+---
+
+## 3. Using NFO Features
+
+### 3.1 Automatic NFO Creation
+
+With `auto_create` enabled, NFO files are created automatically when downloading episodes:
+
+1. Add episodes to download queue
+2. Start queue processing
+3. NFO files are created after successful downloads
+4. Images are downloaded based on configuration
+
+### 3.2 Manual NFO Creation
+
+#### Via Web Interface
+
+1. Navigate to the main page
+2. Click **Create NFO** button next to an anime
+3. Wait for completion notification
+
+#### Via API
+
+```bash
+curl -X POST "http://127.0.0.1:8000/api/nfo/create" \
+  -H "Authorization: Bearer YOUR_JWT_TOKEN" \
+  -H "Content-Type: application/json" \
+  -d '{
+    "anime_id": 123,
+    "folder_path": "/path/to/anime/Attack on Titan"
+  }'
+```
+
+### 3.3 Batch NFO Creation
+
+Create NFO files for multiple anime at once:
+
+```bash
+curl -X POST "http://127.0.0.1:8000/api/nfo/batch/create" \
+  -H "Authorization: Bearer YOUR_JWT_TOKEN" \
+  -H "Content-Type: application/json" \
+  -d '{
+    "anime_ids": [123, 456, 789]
+  }'
+```
+
+### 3.4 Update Existing NFO Files
+
+Update NFO files with latest TMDB metadata:
+
+```bash
+curl -X POST "http://127.0.0.1:8000/api/nfo/update" \
+  -H "Authorization: Bearer YOUR_JWT_TOKEN" \
+  -H "Content-Type: application/json" \
+  -d '{
+    "anime_id": 123,
+    "folder_path": "/path/to/anime/Attack on Titan",
+    "force": true
+  }'
+```
+
+### 3.5 Check NFO Status
+
+Check which anime have NFO files:
+
+```bash
+curl -X GET "http://127.0.0.1:8000/api/nfo/check?folder_path=/path/to/anime" \
+  -H "Authorization: Bearer YOUR_JWT_TOKEN"
+```
+
+Response:
+
+```json
+{
+    "has_tvshow_nfo": true,
+    "episode_nfos": [
+        {
+            "season": 1,
+            "episode": 1,
+            "has_nfo": true,
+            "file_path": "/path/to/anime/Season 1/S01E01.nfo"
+        }
+    ],
+    "missing_episodes": [],
+    "total_episodes": 25,
+    "nfo_count": 25
+}
+```
+
+### 3.6 Fallback Behavior When TMDB is Unavailable
+
+When TMDB lookup fails (network issues, API errors, or no match found), the system creates a **minimal NFO** to ensure the series is still tracked. This behavior applies to:
+
+- Manual NFO creation via API
+- Batch NFO creation operations
+- Automatic NFO creation during downloads
+
+**What a minimal NFO contains:**
+
+```xml
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<tvshow>
+    <title>Series Name</title>
+    <year>2024</year>
+    <plot>No metadata available for Series Name. TMDB lookup failed.</plot>
+</tvshow>
+```
+
+**Limitations of minimal NFOs:**
+- No poster, logo, or fanart images
+- No rating, genre, or studio information
+- No TMDB or other provider IDs
+- May not display correctly in some media servers
+
+**To upgrade a minimal NFO:**
+1. Use the Update endpoint (`PUT /api/nfo/{serie_id}/update`) when TMDB is available
+2. Or delete the NFO and recreate it with full metadata
+
+---
+
+## 4. File Structure
+
+### 4.1 NFO File Locations
+
+NFO files are created in the anime directory:
+
+```
+/path/to/anime/Attack on Titan/
+├── tvshow.nfo              # Show metadata
+├── poster.jpg              # Show poster (optional)
+├── logo.png                # Show logo (optional)
+├── fanart.jpg              # Show fanart (optional)
+├── Season 1/
+│   ├── S01E01.mkv
+│   ├── S01E01.nfo          # Episode metadata
+│   ├── S01E01-thumb.jpg    # Episode thumbnail (optional)
+│   ├── S01E02.mkv
+│   └── S01E02.nfo
+└── Season 2/
+    ├── S02E01.mkv
+    └── S02E01.nfo
+```
+
+### 4.2 tvshow.nfo Format
+
+```xml
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<tvshow>
+    <title>Attack on Titan</title>
+    <originaltitle>進撃の巨人</originaltitle>
+    <showtitle>Attack on Titan</showtitle>
+    <sorttitle>Attack on Titan</sorttitle>
+    <rating>8.5</rating>
+    <year>2013</year>
+    <plot>Humans are nearly exterminated by giant creatures...</plot>
+    <runtime>24</runtime>
+    <mpaa>TV-MA</mpaa>
+    <premiered>2013-04-07</premiered>
+    <status>Ended</status>
+    <studio>Wit Studio</studio>
+    <genre>Animation</genre>
+    <genre>Action</genre>
+    <genre>Sci-Fi & Fantasy</genre>
+    <uniqueid type="tmdb">1429</uniqueid>
+    <tmdbid>1429</tmdbid>
+    <thumb aspect="poster">https://image.tmdb.org/t/p/w500/...</thumb>
+    <fanart>
+        <thumb>https://image.tmdb.org/t/p/original/...</thumb>
+    </fanart>
+</tvshow>
+```
+
+**Manual TMDB ID Override**: To skip TMDB search and use a specific ID directly, include `<tmdbid>YOUR_ID</tmdbid>` in the NFO. This is useful when:
+- TMDB search fails for your series (e.g., new or obscure anime)
+- You already know the correct TMDB ID
+- You want to avoid rate limiting from repeated searches
+
+Aniworld reads `<tmdbid>` element and `<uniqueid type="tmdb">` first. If found, it uses the ID directly instead of searching.
+
+### 4.3 Episode NFO Format
+
+```xml
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<episodedetails>
+    <title>To You, in 2000 Years: The Fall of Shiganshina, Part 1</title>
+    <showtitle>Attack on Titan</showtitle>
+    <season>1</season>
+    <episode>1</episode>
+    <displayseason>1</displayseason>
+    <displayepisode>1</displayepisode>
+    <plot>After a hundred years of peace...</plot>
+    <runtime>24</runtime>
+    <aired>2013-04-07</aired>
+    <rating>8.2</rating>
+    <uniqueid type="tmdb">63056</uniqueid>
+    <thumb>https://image.tmdb.org/t/p/w500/...</thumb>
+</episodedetails>
+```
+
+---
+
+## 5. Folder Naming Convention
+
+### 5.1 Expected Format
+
+After the daily folder scan (when **Update on library scan** is enabled), Aniworld validates every series folder against its `tvshow.nfo` metadata. If the folder name does not match the expected convention, it is automatically renamed.
+
+**Format:**
+
+```
+{title} ({year})
+```
+
+**Examples:**
+
+| NFO `<title>` | NFO `<year>` | Expected Folder Name |
+|---------------|--------------|----------------------|
+| `Attack on Titan` | `2013` | `Attack on Titan (2013)` |
+| `One Piece` | `1999` | `One Piece (1999)` |
+| `Demon Slayer: Kimetsu no Yaiba` | `2019` | `Demon Slayer Kimetsu no Yaiba (2019)` |
+
+### 5.2 Sanitization Rules
+
+Illegal filesystem characters are removed or replaced to ensure cross-platform compatibility:
+
+- Removed: `< > : " / \ | ? *` and null bytes
+- Control characters stripped
+- Multiple spaces collapsed to one
+- Leading/trailing dots and whitespace trimmed
+- Maximum length: 200 characters (truncated at word boundary if possible)
+
+### 5.3 Skip Conditions
+
+A folder is **not** renamed when any of the following apply:
+
+- `tvshow.nfo` is missing `<title>` or `<year>` (or they are empty)
+- The series has an **active or pending download**
+- The target folder name already exists (duplicate)
+- The resulting path would exceed the OS path-length limit
+- The app lacks write permission to the anime directory
+
+All skipped and renamed actions are logged.
+
+---
+
+## 6. Poster Check
+
+### 6.1 Overview
+
+During the daily folder scan, Aniworld checks every series folder for a valid `poster.jpg`. If the file is missing or smaller than 1 KB, the application attempts to re-download it from the URL stored in the series' `tvshow.nfo` file.
+
+### 6.2 How It Works
+
+1. **Scan** — After folder renaming, the scan iterates over all series folders that contain a `tvshow.nfo`.
+2. **Validate** — For each folder, it checks whether `poster.jpg` exists and is at least 1 KB.
+3. **Parse NFO** — If the poster is missing or too small, the scan reads `tvshow.nfo` and looks for a `<thumb aspect="poster">` (or any `<thumb>`) URL.
+4. **Download** — If a URL is found, the poster is downloaded using `ImageDownloader` with a concurrency limit of 3 simultaneous downloads.
+5. **Validate Download** — The downloaded image is validated with PIL to ensure it is not corrupted.
+
+### 6.3 Skip Conditions
+
+A folder is **not** processed for poster download when any of the following apply:
+
+- `tvshow.nfo` does not exist in the folder.
+- `poster.jpg` already exists and is ≥ 1 KB.
+- No `<thumb>` URL is found in the NFO (the NFO may have been created before thumb tags were added).
+- The `nfo.download_poster` setting is `false` (poster checks are still performed, but downloads are skipped if the setting is disabled; see [CONFIGURATION.md](CONFIGURATION.md)).
+
+### 6.4 Logging
+
+Every poster check action is logged:
+
+- **INFO** — When a poster is successfully downloaded.
+- **WARNING** — When a download fails or no URL is found.
+- **ERROR** — When an unexpected exception occurs during download.
+
+---
+
+## 7. API Reference
+
+### 5.1 Check NFO Status
+
+**Endpoint**: `GET /api/nfo/check`
+
+**Query Parameters**:
+
+- `folder_path` (required): Absolute path to anime directory
+
+**Response**:
+
+```json
+{
+    "has_tvshow_nfo": true,
+    "episode_nfos": [
+        {
+            "season": 1,
+            "episode": 1,
+            "has_nfo": true,
+            "file_path": "/path/to/S01E01.nfo"
+        }
+    ],
+    "missing_episodes": [],
+    "total_episodes": 25,
+    "nfo_count": 25
+}
+```
+
+### 5.2 Create NFO Files
+
+**Endpoint**: `POST /api/nfo/create`
+
+**Request Body**:
+
+```json
+{
+    "anime_id": 123,
+    "folder_path": "/path/to/anime/Attack on Titan"
+}
+```
+
+**Response**:
+
+```json
+{
+    "success": true,
+    "message": "NFO files created successfully",
+    "files_created": ["tvshow.nfo", "S01E01.nfo", "S01E02.nfo"],
+    "images_downloaded": ["poster.jpg", "S01E01-thumb.jpg"]
+}
+```
+
+### 5.3 Update NFO Files
+
+**Endpoint**: `POST /api/nfo/update`
+
+**Request Body**:
+
+```json
+{
+    "anime_id": 123,
+    "folder_path": "/path/to/anime",
+    "force": false
+}
+```
+
+**Response**:
+
+```json
+{
+    "success": true,
+    "message": "NFO files updated successfully",
+    "files_updated": ["tvshow.nfo", "S01E01.nfo"]
+}
+```
+
+### 5.4 View NFO Content
+
+**Endpoint**: `GET /api/nfo/view`
+
+**Query Parameters**:
+
+- `file_path` (required): Absolute path to NFO file
+
+**Response**:
+
+```json
+{
+    "content": "<?xml version=\"1.0\"...?>",
+    "file_path": "/path/to/tvshow.nfo",
+    "exists": true
+}
+```
+
+### 5.5 Get Media Status
+
+**Endpoint**: `GET /api/nfo/media/status`
+
+**Query Parameters**:
+
+- `folder_path` (required): Absolute path to anime directory
+
+**Response**:
+
+```json
+{
+    "poster_exists": true,
+    "poster_path": "/path/to/poster.jpg",
+    "logo_exists": false,
+    "logo_path": null,
+    "fanart_exists": true,
+    "fanart_path": "/path/to/fanart.jpg",
+    "episode_thumbs": [
+        {
+            "season": 1,
+            "episode": 1,
+            "exists": true,
+            "path": "/path/to/S01E01-thumb.jpg"
+        }
+    ]
+}
+```
+
+### 5.6 Download Media
+
+**Endpoint**: `POST /api/nfo/media/download`
+
+**Request Body**:
+
+```json
+{
+    "folder_path": "/path/to/anime",
+    "anime_id": 123,
+    "download_poster": true,
+    "download_logo": false,
+    "download_fanart": false,
+    "image_size": "w500"
+}
+```
+
+**Response**:
+
+```json
+{
+    "success": true,
+    "message": "Media downloaded successfully",
+    "downloaded": ["poster.jpg", "S01E01-thumb.jpg"]
+}
+```
+
+### 5.7 Batch Create NFO
+
+**Endpoint**: `POST /api/nfo/batch/create`
+
+**Request Body**:
+
+```json
+{
+    "anime_ids": [123, 456, 789]
+}
+```
+
+**Response**:
+
+```json
+{
+    "success": true,
+    "results": [
+        {
+            "anime_id": 123,
+            "success": true,
+            "message": "Created successfully"
+        },
+        {
+            "anime_id": 456,
+            "success": false,
+            "error": "Folder not found"
+        }
+    ]
+}
+```
+
+### 5.8 Find Missing NFOs
+
+**Endpoint**: `GET /api/nfo/missing`
+
+**Response**:
+
+```json
+{
+    "anime_list": [
+        {
+            "anime_id": 123,
+            "title": "Attack on Titan",
+            "folder_path": "/path/to/anime/Attack on Titan",
+            "missing_tvshow_nfo": false,
+            "missing_episode_count": 3,
+            "total_episodes": 25
+        }
+    ]
+}
+```
+
+---
+
+## 6. Troubleshooting
+
+### 6.1 NFO Files Not Created
+
+**Problem**: NFO files are not being created during downloads.
+
+**Solutions**:
+
+1. Verify TMDB API key is configured correctly
+2. Check `auto_create` is enabled in settings
+3. Ensure anime directory has write permissions
+4. Check logs for error messages
+5. Test TMDB connection using "Test Connection" button
+
+### 6.2 Invalid TMDB API Key
+
+**Problem**: TMDB validation fails with "Invalid API key".
+
+**Solutions**:
+
+1. Verify API key is copied correctly (no extra spaces)
+2. Ensure you're using the v3 API key (not v4)
+3. Check API key is active on TMDB website
+4. Try regenerating API key on TMDB
+
+### 6.3 Images Not Downloading
+
+**Problem**: NFO files are created but images are missing.
+
+**Solutions**:
+
+1. Enable image downloads in settings (poster/logo/fanart)
+2. Verify TMDB API key is valid
+3. Check network connectivity to TMDB servers
+4. Ensure sufficient disk space
+5. Check file permissions in anime directory
+
+### 6.4 Incorrect Metadata
+
+**Problem**: NFO contains wrong show information.
+
+**Solutions**:
+
+1. Verify anime title matches TMDB exactly
+2. Use TMDB ID if available for accurate matching
+3. Update NFO files with `force=true` to refresh metadata
+4. Check TMDB website for correct show information
+
+### 6.5 Permission Errors
+
+**Problem**: "Permission denied" when creating NFO files.
+
+**Solutions**:
+
+1. Check anime directory permissions: `chmod 755 /path/to/anime`
+2. Ensure application user has write access
+3. Verify directory ownership: `chown -R user:group /path/to/anime`
+4. Check parent directories are accessible
+
+### 6.6 Slow NFO Creation
+
+**Problem**: NFO creation takes a long time.
+
+**Solutions**:
+
+1. Reduce image size (use w500 instead of original)
+2. Disable unnecessary images (logo, fanart)
+3. Create NFOs in batches during off-peak hours
+4. Check network speed to TMDB servers
+5. Verify disk I/O performance
+
+### 6.7 TMDB Lookup Fails for My Series
+
+**Problem**: TMDB search fails with "No results found" for a valid series.
+
+**Solutions**:
+
+1. **Check if series exists on TMDB**: Visit https://www.themoviedb.org and search for your series
+2. **Use manual ID override**: Add TMDB ID directly to `tvshow.nfo`:
+   ```xml
+   <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+   <tvshow>
+       <title>Your Series Name</title>
+       <tmdbid>12345</tmdbid>
+       <uniqueid type="tmdb">12345</uniqueid>
+   </tvshow>
+   ```
+   Aniworld will use this ID directly instead of searching.
+
+3. **Try alternative titles**: Some anime have different titles (Japanese, romaji, English). If you have access to the folder, rename it to match the TMDB title.
+
+4. **Add to existing NFO**: If `tvshow.nfo` exists but has no TMDB ID, edit it to add:
+   ```xml
+   <tmdbid>YOUR_TMDB_ID</tmdbid>
+   ```
+   Then use the Update endpoint to refresh metadata.
+
+5. **Check for rate limiting**: If many lookups fail at once, you may be hitting TMDB rate limits. Wait and retry later.
+
+6. **Verify API key**: Ensure your TMDB API key is valid and has not exceeded usage limits.
+
+---
+
+## 7. Best Practices
+
+### 7.1 Configuration Recommendations
+
+- **Image Size**: Use `w500` for optimal balance of quality and storage
+- **Auto-create**: Enable for new downloads
+- **Update on scan**: Disable to avoid unnecessary TMDB API calls
+- **Poster**: Always enable for show and episode thumbnails
+- **Logo/Fanart**: Enable only if your media server supports them
+
+### 7.2 Maintenance
+
+- **Regular Updates**: Update NFO files quarterly to get latest metadata
+- **Backup**: Include NFO files in your backup strategy
+- **Validation**: Periodically check missing NFOs using `/api/nfo/missing`
+- **API Rate Limits**: Be mindful of TMDB API rate limits when batch processing
+
+### 7.3 Performance
+
+- **Batch Operations**: Use batch endpoints for multiple anime
+- **Off-Peak Processing**: Create NFOs during low-activity periods
+- **Image Optimization**: Use smaller image sizes for large libraries
+- **Selective Updates**: Only update NFOs when metadata changes
+
+### 7.4 Media Server Integration
+
+#### Plex
+
+- Use "Personal Media Shows" agent
+- Enable "Local Media Assets" scanner
+- Place NFO files in anime directories
+- Refresh metadata after creating NFOs
+
+#### Jellyfin
+
+- Use "NFO" metadata provider
+- Enable in Library settings
+- Order providers: NFO first, then online sources
+- Scan library after NFO creation
+
+#### Emby
+
+- Enable "NFO" metadata reader
+- Configure in Library advanced settings
+- Use "Prefer embedded metadata" option
+- Refresh metadata after updates
+
+#### Kodi
+
+- NFO files are automatically detected
+- No additional configuration needed
+- Update library to see changes
+
+---
+
+## 8. Advanced Usage
+
+### 8.1 Custom NFO Templates
+
+You can customize NFO generation by modifying the NFO service:
+
+```python
+# src/core/services/nfo_creator.py
+def generate_tvshow_nfo(self, metadata: dict) -> str:
+    # Add custom fields or modify structure
+    pass
+```
+
+### 8.2 Bulk Operations
+
+Create NFOs for entire library:
+
+```bash
+# Get all anime without NFOs
+curl -X GET "http://127.0.0.1:8000/api/nfo/missing" \
+  -H "Authorization: Bearer $TOKEN" \
+  | jq -r '.anime_list[].anime_id' \
+  | xargs -I{} curl -X POST "http://127.0.0.1:8000/api/nfo/batch/create" \
+  -H "Authorization: Bearer $TOKEN" \
+  -H "Content-Type: application/json" \
+  -d '{"anime_ids": [{}]}'
+```
+
+### 8.3 Scheduled Updates
+
+Use the scheduler API to refresh NFOs automatically:
+
+```bash
+# Schedule weekly NFO updates (rescan runs Sunday at 03:00)
+curl -X POST "http://127.0.0.1:8000/api/scheduler/config" \
+  -H "Authorization: Bearer $TOKEN" \
+  -H "Content-Type: application/json" \
+  -d '{
+    "enabled": true,
+    "schedule_time": "03:00",
+    "schedule_days": ["sun"],
+    "auto_download_after_rescan": false
+  }'
+```
+
+---
+
+## 9. Related Documentation
+
+- [API.md](API.md) - Complete API reference
+- [CONFIGURATION.md](CONFIGURATION.md) - All configuration options
+- [ARCHITECTURE.md](ARCHITECTURE.md) - System architecture
+- [DEVELOPMENT.md](DEVELOPMENT.md) - Development guide
+
+---
+
+## 10. Tag Reference
+
+The table below lists every XML tag written to `tvshow.nfo` and its source in
+the TMDB API response. All tags are written whenever the NFO is created or
+updated via `create_tvshow_nfo()` / `update_tvshow_nfo()`.
+
+| NFO tag         | TMDB source field                                     | Required |
+| --------------- | ----------------------------------------------------- | -------- |
+| `title`         | `name`                                                | ✅       |
+| `originaltitle` | `original_name`                                       | ✅       |
+| `showtitle`     | `name` (same as `title`)                              | ✅       |
+| `sorttitle`     | `name` (same as `title`)                              | ✅       |
+| `year`          | First 4 chars of `first_air_date`                     | ✅       |
+| `plot`          | `overview`                                            | ✅       |
+| `outline`       | `overview` (same as `plot`)                           | ✅       |
+| `tagline`       | `tagline`                                             | optional |
+| `runtime`       | `episode_run_time[0]`                                 | ✅       |
+| `premiered`     | `first_air_date`                                      | ✅       |
+| `status`        | `status`                                              | ✅       |
+| `mpaa`          | US content rating from `content_ratings.results`      | optional |
+| `fsk`           | DE content rating (written as `mpaa` when preferred)  | optional |
+| `imdbid`        | `external_ids.imdb_id`                                | ✅       |
+| `tmdbid`        | `id`                                                  | ✅       |
+| `tvdbid`        | `external_ids.tvdb_id`                                | optional |
+| `genre`         | `genres[].name` (one element per genre)               | ✅       |
+| `studio`        | `networks[].name` (one element per network)           | ✅       |
+| `country`       | `origin_country[]` or `production_countries[].name`   | ✅       |
+| `actor`         | `credits.cast[]` (top 10, with name/role/thumb)       | ✅       |
+| `watched`       | Always `false` on creation                            | ✅       |
+| `dateadded`     | System clock at creation time (`YYYY-MM-DD HH:MM:SS`) | ✅       |
+
+The mapping logic lives in `src/core/utils/nfo_mapper.py` (`tmdb_to_nfo_model`).
+The XML serialisation lives in `src/core/utils/nfo_generator.py`
+(`generate_tvshow_nfo`).
+
+---
+
+## 11. Automatic NFO Repair
+
+NFO repair now runs as part of the scheduled daily folder scan rather than on every
+startup.  When the scheduler triggers `FolderScanService.run_folder_scan()`, the first
+step is `perform_nfo_repair_scan(background_loader=None)`.  Each incomplete NFO is
+queued as a background `asyncio` task, so the scan returns quickly while repairs
+continue asynchronously.
+
+### How It Works
+
+1. **Scan** — `perform_nfo_repair_scan()` in
+   `src/server/services/initialization_service.py` is called from
+   `FolderScanService.run_folder_scan()` (`src/server/services/folder_scan_service.py`).
+2. **Detect** — `nfo_needs_repair(nfo_path)` from
+   `src/core/services/nfo_repair_service.py` parses each `tvshow.nfo` with
+   `lxml` and checks for the 13 required tags listed below.
+3. **Repair** — Series whose NFO is incomplete are queued for background reload
+   via `asyncio.create_task`. Each task creates its own isolated
+   :class:`NFOService` / :class:`TMDBClient` so concurrent tasks never share an
+   ``aiohttp`` session — this prevents "Connector is closed" errors when many repairs
+   run in parallel.  A semaphore caps TMDB concurrency at 3 to stay within rate limits.
+
+### Tags Checked (13 required)
+
+| XPath             | Tag name        |
+| ----------------- | --------------- |
+| `./title`         | `title`         |
+| `./originaltitle` | `originaltitle` |
+| `./year`          | `year`          |
+| `./plot`          | `plot`          |
+| `./runtime`       | `runtime`       |
+| `./premiered`     | `premiered`     |
+| `./status`        | `status`        |
+| `./imdbid`        | `imdbid`        |
+| `./genre`         | `genre`         |
+| `./studio`        | `studio`        |
+| `./country`       | `country`       |
+| `./actor/name`    | `actor/name`    |
+| `./watched`       | `watched`       |
+
+### Log Messages
+
+| Message                                                     | Meaning                                           |
+| ----------------------------------------------------------- | ------------------------------------------------- |
+| `NFO repair scan complete: 0 of N series queued for repair` | All NFOs are complete — no action needed          |
+| `NFO repair scan complete: X of N series queued for repair` | X series had incomplete NFOs and have been queued |
+| `NFO repair scan skipped: TMDB API key not configured`      | Set `tmdb_api_key` in `data/config.json`          |
+| `NFO repair scan skipped: anime directory not configured`   | Set `anime_directory` in `data/config.json`       |
+
+### Triggering a Manual Repair
+
+You can also repair a single series on demand via the API:
+
+```http
+POST /api/nfo/update/{series_key}
+```
+
+This calls `NFOService.update_tvshow_nfo()` directly and overwrites the existing
+`tvshow.nfo` with fresh data from TMDB.
+
+### Source Files
+
+| File                                            | Purpose                                                                                        |
+| ----------------------------------------------- | ---------------------------------------------------------------------------------------------- |
+| `src/core/services/nfo_repair_service.py`       | `REQUIRED_TAGS`, `parse_nfo_tags`, `find_missing_tags`, `nfo_needs_repair`, `NfoRepairService` |
+| `src/server/services/folder_scan_service.py`    | `perform_nfo_repair_scan` — invoked during the scheduled daily folder scan                     |
+
+---
+
+## 12. Support
+
+### Getting Help
+
+- Check logs in `logs/` directory for error details
+- Review [TESTING.md](TESTING.md) for test coverage
+- Consult [DATABASE.md](DATABASE.md) for NFO status schema
+
+### Common Issues
+
+See section 6 (Troubleshooting) for solutions to common problems.
+
+### TMDB Resources
+
+- TMDB API Documentation: https://developers.themoviedb.org/3
+- TMDB Support: https://www.themoviedb.org/talk
+- TMDB API Status: https://status.themoviedb.org/

Docs/README.md

@@ -0,0 +1,39 @@
+# Aniworld Documentation
+
+## Overview
+
+This directory contains all documentation for the Aniworld anime download manager project.
+
+## Documentation Structure
+
+| Document                                 | Purpose                                        | Target Audience                    |
+| ---------------------------------------- | ---------------------------------------------- | ---------------------------------- |
+| [ARCHITECTURE.md](ARCHITECTURE.md)       | System architecture and design decisions       | Architects, Senior Developers      |
+| [API.md](API.md)                         | REST API reference and WebSocket documentation | Frontend Developers, API Consumers |
+| [DEVELOPMENT.md](DEVELOPMENT.md)         | Developer setup and contribution guide         | All Developers                     |
+| [DEPLOYMENT.md](DEPLOYMENT.md)           | Deployment and operations guide                | DevOps, System Administrators      |
+| [DATABASE.md](DATABASE.md)               | Database schema and data models                | Backend Developers                 |
+| [TESTING.md](TESTING.md)                 | Testing strategy and guidelines                | QA Engineers, Developers           |
+| [SECURITY.md](SECURITY.md)               | Security considerations and guidelines         | Security Engineers, All Developers |
+| [CONFIGURATION.md](CONFIGURATION.md)     | Configuration options reference                | Operators, Developers              |
+| [CHANGELOG.md](CHANGELOG.md)             | Version history and changes                    | All Stakeholders                   |
+| [TROUBLESHOOTING.md](TROUBLESHOOTING.md) | Common issues and solutions                    | Support, Operators                 |
+| [features.md](features.md)               | Feature list and capabilities                  | Product Owners, Users              |
+| [instructions.md](instructions.md)       | AI agent development instructions              | AI Agents, Developers              |
+
+## Documentation Standards
+
+-   All documentation uses Markdown format
+-   Keep documentation up-to-date with code changes
+-   Include code examples where applicable
+-   Use clear, concise language
+-   Include diagrams for complex concepts (use Mermaid syntax)
+
+## Contributing to Documentation
+
+When adding or updating documentation:
+
+1. Follow the established format in each document
+2. Update the README.md if adding new documents
+3. Ensure cross-references are valid
+4. Review for spelling and grammar

Docs/TESTING.md

@@ -0,0 +1,146 @@
+# Testing Documentation
+
+## Document Purpose
+
+This document describes the testing strategy, guidelines, and practices for the Aniworld project.
+
+### What This Document Contains
+
+-   **Testing Strategy**: Overall approach to quality assurance
+-   **Test Categories**: Unit, integration, API, performance, security tests
+-   **Test Structure**: Organization of test files and directories
+-   **Writing Tests**: Guidelines for writing effective tests
+-   **Fixtures and Mocking**: Shared test utilities and mock patterns
+-   **Running Tests**: Commands and configurations
+-   **Coverage Requirements**: Minimum coverage thresholds
+-   **CI/CD Integration**: How tests run in automation
+-   **Test Data Management**: Managing test fixtures and data
+-   **Best Practices**: Do's and don'ts for testing
+
+### What This Document Does NOT Contain
+
+-   Production deployment (see [DEPLOYMENT.md](DEPLOYMENT.md))
+-   Security audit procedures (see [SECURITY.md](SECURITY.md))
+-   Bug tracking and issue management
+-   Performance benchmarking results
+
+### Target Audience
+
+-   Developers writing tests
+-   QA Engineers
+-   CI/CD Engineers
+-   Code reviewers
+
+---
+
+## Sections to Document
+
+1. Testing Philosophy
+    - Test pyramid approach
+    - Quality gates
+2. Test Categories
+    - Unit Tests (`tests/unit/`)
+    - Integration Tests (`tests/integration/`)
+    - API Tests (`tests/api/`)
+    - Frontend Tests (`tests/frontend/`)
+    - Performance Tests (`tests/performance/`)
+    - Security Tests (`tests/security/`)
+3. Test Structure and Naming
+    - File naming conventions
+    - Test function naming
+    - Test class organization
+4. Running Tests
+    - pytest commands
+    - Running specific tests
+    - Verbose output
+    - Coverage reports
+5. Fixtures and Conftest
+    - Shared fixtures
+    - Database fixtures
+    - Mock services
+6. Mocking Guidelines
+    - What to mock
+    - Mock patterns
+    - External service mocks
+
+### Mocking the Download Queue
+
+Use `MockQueueRepository` for testing download queue functionality:
+
+```python
+from src.server.models.download import DownloadItem, EpisodeIdentifier
+
+class MockQueueRepository:
+    def __init__(self):
+        self._items: Dict[str, DownloadItem] = {}
+```
+
+### Testing SetupService
+
+SetupService handles series key resolution from folder names during library setup. Test file: `tests/unit/test_setup_service.py`.
+
+Key methods tested:
+- `_extract_year_from_folder_name()` — parses `(YYYY)` suffix
+- `_extract_title_from_folder_name()` — strips year suffix
+- `_resolve_key_via_search()` — resolves provider key via fuzzy title matching
+
+```python
+@pytest.mark.asyncio
+async def test_returns_key_when_single_exact_match(self):
+    """Search returns 1 result with same name → returns key."""
+    mock_series_app = AsyncMock()
+    mock_series_app.search.return_value = [
+        {'title': 'Attack on Titan', 'link': '/anime/stream/attack-on-titan'}
+    ]
+
+    with patch('src.server.services.setup_service.get_series_app', return_value=mock_series_app):
+        result = await SetupService._resolve_key_via_search("Attack on Titan")
+
+    assert result == 'attack-on-titan'
+```
+
+### Mocking aiohttp Sessions
+
+When testing code that uses `aiohttp.ClientSession`:
+
+```python
+from unittest.mock import AsyncMock, MagicMock, patch
+from aiohttp import ClientSession
+
+# Mock aiohttp session for testing
+class MockAiohttpSession:
+    def __init__(self):
+        self.closed = False
+    
+    async def close(self):
+        self.closed = True
+    
+    def get(self, url, **kwargs):
+        mock_response = AsyncMock()
+        mock_response.status = 200
+        mock_response.json = AsyncMock(return_value={"data": "test"})
+        mock_response.__aenter__ = AsyncMock(return_value=mock_response)
+        mock_response.__aexit__ = AsyncMock(return_value=None)
+        return mock_response
+
+# Use in fixture
+@pytest.fixture
+async def mock_tmdb_session():
+    session = MockAiohttpSession()
+    yield session
+    # Cleanup verification
+    assert session.closed, "Session was not closed"
+```
+
+**Key points:**
+- Always verify `session.closed` is `True` after context manager exits
+- Mock `__aenter__` and `__aexit__` for response context managers
+- Set `closed = False` on mock session for unclosed warning tests
+
+7. Coverage Requirements
+8. CI/CD Integration
+9. Writing Good Tests
+    - Arrange-Act-Assert pattern
+    - Test isolation
+    - Edge cases
+10. Common Pitfalls to Avoid

Docs/diagrams/README.md

@@ -0,0 +1,23 @@
+# Architecture Diagrams
+
+This directory contains architecture diagram source files for the Aniworld documentation.
+
+## Diagrams
+
+### System Architecture (Mermaid)
+
+See [system-architecture.mmd](system-architecture.mmd) for the system overview diagram.
+
+### Rendering
+
+Diagrams can be rendered using:
+
+-   Mermaid Live Editor: https://mermaid.live/
+-   VS Code Mermaid extension
+-   GitHub/GitLab native Mermaid support
+
+## Formats
+
+-   `.mmd` - Mermaid diagram source files
+-   `.svg` - Exported vector graphics (add when needed)
+-   `.png` - Exported raster graphics (add when needed)

Docs/diagrams/download-flow.mmd

@@ -0,0 +1,44 @@
+%%{init: {'theme': 'base'}}%%
+sequenceDiagram
+    participant Client
+    participant FastAPI
+    participant AuthMiddleware
+    participant DownloadService
+    participant ProgressService
+    participant WebSocketService
+    participant SeriesApp
+    participant Database
+
+    Note over Client,Database: Download Flow
+
+    %% Add to queue
+    Client->>FastAPI: POST /api/queue/add
+    FastAPI->>AuthMiddleware: Validate JWT
+    AuthMiddleware-->>FastAPI: OK
+    FastAPI->>DownloadService: add_to_queue()
+    DownloadService->>Database: save_item()
+    Database-->>DownloadService: item_id
+    DownloadService-->>FastAPI: [item_ids]
+    FastAPI-->>Client: 201 Created
+
+    %% Start queue
+    Client->>FastAPI: POST /api/queue/start
+    FastAPI->>AuthMiddleware: Validate JWT
+    AuthMiddleware-->>FastAPI: OK
+    FastAPI->>DownloadService: start_queue_processing()
+    
+    loop For each pending item
+        DownloadService->>SeriesApp: download_episode()
+        
+        loop Progress updates
+            SeriesApp->>ProgressService: emit("progress_updated")
+            ProgressService->>WebSocketService: broadcast_to_room()
+            WebSocketService-->>Client: WebSocket message
+        end
+        
+        SeriesApp-->>DownloadService: completed
+        DownloadService->>Database: update_status()
+    end
+    
+    DownloadService-->>FastAPI: OK
+    FastAPI-->>Client: 200 OK

Docs/diagrams/system-architecture.mmd

@@ -0,0 +1,88 @@
+%%{init: {'theme': 'base', 'themeVariables': { 'primaryColor': '#4a90d9'}}}%%
+flowchart TB
+    subgraph Clients["Client Layer"]
+        Browser["Web Browser<br/>(HTML/CSS/JS)"]
+        CLI["CLI Client<br/>(Main.py)"]
+    end
+
+    subgraph Server["Server Layer (FastAPI)"]
+        direction TB
+        Middleware["Middleware<br/>Auth, Rate Limit, Error Handler"]
+        
+        subgraph API["API Routers"]
+            AuthAPI["/api/auth"]
+            AnimeAPI["/api/anime"]
+            QueueAPI["/api/queue"]
+            ConfigAPI["/api/config"]
+            SchedulerAPI["/api/scheduler"]
+            HealthAPI["/health"]
+            WebSocketAPI["/ws"]
+        end
+        
+        subgraph Services["Services"]
+            AuthService["AuthService"]
+            AnimeService["AnimeService"]
+            DownloadService["DownloadService"]
+            ConfigService["ConfigService"]
+            ProgressService["ProgressService"]
+            WebSocketService["WebSocketService"]
+        end
+    end
+
+    subgraph Core["Core Layer"]
+        SeriesApp["SeriesApp"]
+        SeriesCache["SeriesCache<br/>(In-Memory)"]
+        SerieScanner["SerieScanner"]
+        SerieList["SerieList"]
+    end
+
+    subgraph Data["Data Layer"]
+        SQLite[("SQLite<br/>aniworld.db")]
+        ConfigJSON[(config.json)]
+        FileSystem[(File System<br/>Anime Episodes)]
+        LegacyFiles[("Legacy Files<br/>key/data<br/>(Deprecated)")]
+    end
+
+    subgraph External["External"]
+        Provider["Anime Provider<br/>(aniworld.to)"]
+    end
+
+    %% Client connections
+    Browser -->|HTTP/WebSocket| Middleware
+    CLI -->|Direct| SeriesApp
+
+    %% Middleware to API
+    Middleware --> API
+
+    %% API to Services
+    AuthAPI --> AuthService
+    AnimeAPI --> AnimeService
+    QueueAPI --> DownloadService
+    ConfigAPI --> ConfigService
+    SchedulerAPI --> AnimeService
+    WebSocketAPI --> WebSocketService
+
+    %% Services to Core
+    AnimeService --> SeriesApp
+    DownloadService --> SeriesApp
+
+    %% Services to Data
+    AuthService --> ConfigJSON
+    ConfigService --> ConfigJSON
+    DownloadService --> SQLite
+    AnimeService --> SQLite
+
+    %% Core to Data
+    SeriesApp --> SeriesCache
+    SeriesCache -.->|Cached Series| SQLite
+    SeriesApp --> SerieScanner
+    SeriesApp --> SerieList
+    SerieScanner -->|Scan Episodes| FileSystem
+    SerieScanner -->|Detect Series| SQLite
+    SerieScanner -->|Migrate Legacy| LegacyFiles
+    SerieScanner --> Provider
+
+    %% Event flow
+    ProgressService -.->|Events| WebSocketService
+    DownloadService -.->|Progress| ProgressService
+    WebSocketService -.->|Broadcast| Browser

Docs/features.md

@@ -0,0 +1,118 @@
+# Aniworld Web Application Features
+
+## Recent Updates
+
+### Enhanced Setup and Settings Pages (Latest)
+
+The application now features a comprehensive configuration system that allows users to configure all settings during initial setup or modify them later through the settings modal:
+
+**Setup Page Enhancements:**
+
+- Single-page setup with all configuration options organized into clear sections
+- Real-time password strength indicator for security
+- Form validation with helpful error messages
+- Comprehensive settings including: general, security, scheduler, logging, backup, and NFO metadata
+
+**Settings Modal Enhancements:**
+
+- All configuration fields are now editable through the main application's config modal
+- Organized into logical sections with clear labels and help text
+- Real-time saving with immediate feedback
+- Configuration validation to prevent invalid settings
+- Full control over cron-based scheduler (time, days of week, auto-download), logging options, and backup settings
+
+---
+
+## Authentication & Security
+
+- **Master Password Login**: Secure access to the application with a master password system
+- **JWT Token Sessions**: Stateless authentication with JSON Web Tokens
+- **Rate Limiting**: Built-in protection against brute force attacks
+
+## Configuration Management
+
+- **Enhanced Setup Page**: Comprehensive initial configuration interface with all settings in one place:
+    - General Settings: Application name and data directory configuration
+    - Security Settings: Master password setup with strength indicator
+    - Anime Directory: Primary directory path for anime storage
+    - Scheduler Settings: Enable/disable scheduler, configure daily run time, select days of week, and optionally auto-download missing episodes after rescan
+    - Logging Settings: Configure log level, file path, file size limits, and backup count
+    - Backup Settings: Enable automatic backups with configurable path and retention period
+    - NFO Settings: TMDB API key, auto-creation options, and media file download preferences
+- **Enhanced Settings/Config Modal**: Comprehensive configuration interface accessible from main page:
+    - General Settings: Edit application name and data directory
+    - Anime Directory: Modify anime storage location with browse functionality
+    - Scheduler Configuration: Enable/disable, set cron run time (`HH:MM`), select active days of the week, and toggle auto-download after rescan
+    - Logging Configuration: Full control over logging level, file rotation, and backup count
+    - Backup Configuration: Configure automatic backup settings including path and retention
+    - NFO Settings: Complete control over TMDB integration and media file downloads
+    - Configuration Validation: Validate configuration for errors before saving
+    - Backup Management: Create, restore, and manage configuration backups
+    - Export/Import: Export configuration for backup or transfer to another instance
+
+## User Interface
+
+- **Dark Mode**: Toggle between light and dark themes for better user experience
+- **Responsive Design**: Mobile-friendly interface with touch support
+- **Real-time Updates**: WebSocket-based live notifications and progress tracking
+
+## Anime Management
+
+- **Anime Library Page**: Display list of anime series with missing episodes
+- **Library Filters**:
+    - "Missing Episodes Only" (shows only series with missing episodes, including series that currently have no downloaded episodes)
+    - "No Episodes" (shows series that are present in the library but have zero downloaded episodes)
+    - "Show All Series" (overrides other filters to show every series)
+- **Database-Backed Series Storage**: All series metadata and missing episodes stored in SQLite database
+- **Automatic Database Synchronization**: Series loaded from database on startup, stays in sync with filesystem
+- **Series Selection**: Select individual anime series and add episodes to download queue
+- **Anime Search**: Search for anime series using integrated providers
+- **Library Scanning**: Automated scanning for missing episodes with database persistence
+- **Episode Tracking**: Missing episodes tracked in database, automatically updated during scans
+- **NFO Status Indicators**: Visual badges showing NFO and media file status for each series
+
+## NFO Metadata Management
+
+- **TMDB Integration**: Automatic metadata fetching from The Movie Database (TMDB)
+- **Auto-Create NFO Files**: Automatically generate tvshow.nfo files during downloads
+- **Media File Downloads**: Automatic download of poster.jpg, logo.png, and fanart.jpg
+- **NFO Status Tracking**: Database tracking of NFO creation and update timestamps
+- **Manual NFO Creation**: Create NFO files and download media for existing anime
+- **NFO Updates**: Update existing NFO files with latest TMDB metadata
+- **Batch Operations**: Create NFO files for multiple anime at once
+- **NFO Content Viewing**: View generated NFO file content in the UI
+- **Media Server Compatibility**: Kodi, Plex, Jellyfin, and Emby compatible format
+- **Configuration Options**: Customize which media files to download and image quality
+
+## Download Management
+
+- **Download Queue Page**: View and manage the current download queue with organized sections
+- **Queue Organization**: Displays downloads organized by status (pending, active, completed, failed)
+- **NFO Integration**: Automatic NFO and media file creation before episode downloads
+- **Manual Start/Stop Control**: User manually starts downloads one at a time with Start/Stop buttons
+- **FIFO Queue Processing**: First-in, first-out queue order (no priority or reordering)
+- **Single Download Mode**: Only one download active at a time, new downloads must be manually started
+- **Download Status Display**: Real-time status updates and progress of current download
+- **Queue Operations**: Add and remove items from the pending queue
+- **Completed Downloads List**: Separate section for completed downloads with clear button
+- **Failed Downloads List**: Separate section for failed downloads with retry and clear options
+- **Retry Failed Downloads**: Automatically retry failed downloads with configurable limits
+- **Clear Completed**: Remove completed downloads from the queue
+- **Clear Failed**: Remove failed downloads from the queue
+- **Queue Statistics**: Real-time counters for pending, active, completed, and failed items
+
+## Real-time Communication
+
+- **WebSocket Support**: Real-time notifications for download progress and queue updates
+- **Progress Tracking**: Live progress updates for downloads and scans
+- **System Notifications**: Real-time system messages and alerts
+
+## Folder Management
+
+- **Fuzzy Series Key Resolution**: Automatic series key resolution from folder names using fuzzy title matching — tolerates title variations like `(TV)`, `(OVA)`, `(Movie)` suffixes and uses similarity matching to resolve provider keys during library setup
+
+## Core Functionality Overview
+
+The web application provides a complete interface for managing anime downloads with user-friendly pages for configuration, library management, search capabilities, and download monitoring. All operations are tracked in real-time with comprehensive progress reporting and error handling.
+
+**NFO Metadata Features**: The application now includes full support for generating Kodi/Plex/Jellyfin/Emby compatible metadata files (tvshow.nfo) with automatic TMDB integration. NFO files are created automatically during downloads or can be managed manually through the UI. The system tracks NFO status in the database and provides comprehensive API endpoints for programmatic access. Media files (poster, logo, fanart) are automatically downloaded based on configuration settings.

Docs/instructions.md

@@ -0,0 +1,119 @@
+# Aniworld Web Application Development Instructions
+
+This document provides detailed tasks for AI agents to implement a modern web application for the Aniworld anime download manager. All tasks should follow the coding guidelines specified in the project's copilot instructions.
+
+## Project Overview
+
+The goal is to create a FastAPI-based web application that provides a modern interface for the existing Aniworld anime download functionality. The core anime logic should remain in `SeriesApp.py` while the web layer provides REST API endpoints and a responsive UI.
+
+## Architecture Principles
+
+- **Single Responsibility**: Each file/class has one clear purpose
+- **Dependency Injection**: Use FastAPI's dependency system
+- **Clean Separation**: Web layer calls core logic, never the reverse
+- **File Size Limit**: Maximum 500 lines per file
+- **Type Hints**: Use comprehensive type annotations
+- **Error Handling**: Proper exception handling and logging
+
+## Additional Implementation Guidelines
+
+### Code Style and Standards
+
+- **Type Hints**: Use comprehensive type annotations throughout all modules
+- **Docstrings**: Follow PEP 257 for function and class documentation
+- **Error Handling**: Implement custom exception classes with meaningful messages
+- **Logging**: Use structured logging with appropriate log levels
+- **Security**: Validate all inputs and sanitize outputs
+- **Performance**: Use async/await patterns for I/O operations
+
+## 📞 Escalation
+
+If you encounter:
+
+- Architecture issues requiring design decisions
+- Tests that conflict with documented requirements
+- Breaking changes needed
+- Unclear requirements or expectations
+
+**Document the issue and escalate rather than guessing.**
+
+---
+
+## <20> Credentials
+
+**Admin Login:**
+
+- Username: `admin`
+- Password: `Hallo123!`
+
+---
+
+## <20>📚 Helpful Commands
+
+```bash
+# Run all tests
+conda run -n AniWorld python -m pytest tests/ -v --tb=short
+
+# Run specific test file
+conda run -n AniWorld python -m pytest tests/unit/test_websocket_service.py -v
+
+# Run specific test class
+conda run -n AniWorld python -m pytest tests/unit/test_websocket_service.py::TestWebSocketService -v
+
+# Run specific test
+conda run -n AniWorld python -m pytest tests/unit/test_websocket_service.py::TestWebSocketService::test_broadcast_download_progress -v
+
+# Run with extra verbosity
+conda run -n AniWorld python -m pytest tests/ -vv
+
+# Run with full traceback
+conda run -n AniWorld python -m pytest tests/ -v --tb=long
+
+# Run and stop at first failure
+conda run -n AniWorld python -m pytest tests/ -v -x
+
+# Run tests matching pattern
+conda run -n AniWorld python -m pytest tests/ -v -k "auth"
+
+# Show all print statements
+conda run -n AniWorld python -m pytest tests/ -v -s
+
+#Run app
+conda run -n AniWorld python -m uvicorn src.server.fastapi_app:app --host 127.0.0.1 --port 8000 --reload
+```
+
+---
+
+## Implementation Notes
+
+1. **Incremental Development**: Implement features incrementally, testing each component thoroughly before moving to the next
+2. **Code Review**: Review all generated code for adherence to project standards
+3. **Documentation**: Document all public APIs and complex logic
+4. **Testing**: Maintain test coverage above 80% for all new code
+5. **Performance**: Profile and optimize critical paths, especially download and streaming operations
+6. **Security**: Regular security audits and dependency updates
+7. **Monitoring**: Implement comprehensive monitoring and alerting
+8. **Maintenance**: Plan for regular maintenance and updates
+
+---
+
+## Task Completion Checklist
+
+For each task completed:
+
+- [ ] Implementation follows coding standards
+- [ ] Unit tests written and passing
+- [ ] Integration tests passing
+- [ ] Documentation updated
+- [ ] Error handling implemented
+- [ ] Logging added
+- [ ] Security considerations addressed
+- [ ] Performance validated
+- [ ] Code reviewed
+- [ ] Task marked as complete in instructions.md
+- [ ] Infrastructure.md updated and other docs
+- [ ] Changes committed to git; keep your messages in git short and clear
+- [ ] Take the next task
+
+---
+

Docs/key

@@ -0,0 +1,3 @@
+API key : 299ae8f630a31bda814263c551361448
+9bc3e547caff878615cbdba2cc421d37
+

Docs/runner.csx

@@ -0,0 +1,154 @@
+#!/usr/bin/env dotnet-script
+#nullable enable
+
+using System;
+using System.IO;
+using System.Diagnostics;
+using System.Threading;
+using System.Text;
+using System.Text.RegularExpressions;
+using System.Linq;
+using System.Collections.Generic;
+
+// ── Ctrl+C: kill active process and exit cleanly ──────────────────────────────
+var cts = new CancellationTokenSource();
+Process? activeProcess = null;
+
+Console.CancelKeyPress += (_, e) =>
+{
+    e.Cancel = true;
+    Console.WriteLine("\n[runner] Interrupted — shutting down...");
+    cts.Cancel();
+    try { activeProcess?.Kill(entireProcessTree: true); } catch { }
+};
+
+// ── Paths ─────────────────────────────────────────────────────────────────────
+var repoRoot = Directory.GetCurrentDirectory();
+var tasksFile = Path.Combine(repoRoot, "Docs", "Tasks.md");
+
+if (!File.Exists(tasksFile))
+{
+    Console.Error.WriteLine($"[runner] ERROR: Tasks.md not found at {tasksFile}");
+    Console.Error.WriteLine("[runner] Run this script from the repository root.");
+    Environment.Exit(1);
+}
+
+// ── Read & split by "---" separator lines ────────────────────────────────────
+var content = File.ReadAllText(tasksFile);
+var items = Regex
+    .Split(content, @"\r?\n---\r?\n")
+    .Select(s => s.Trim())
+    .Where(s => s.Length > 0)
+    .ToList();
+
+Console.WriteLine($"[runner] Found {items.Count} section(s) in Tasks.md");
+
+// ── Helper: run copilot and stream output, return full output ─────────────────
+async Task<string> RunCopilot(IEnumerable<string> extraArgs, string prompt)
+{
+    var output = new StringBuilder();
+
+    var argList = new List<string> { "launch", "copilot", "--model", "minimax-m2.7:cloud", "--yes", "--", "--allow-all-tools" };
+    argList.AddRange(extraArgs);
+    argList.Add("-p");
+    argList.Add(prompt);
+
+    var psi = new ProcessStartInfo("ollama")
+    {
+        WorkingDirectory = repoRoot,
+        RedirectStandardOutput = true,
+        RedirectStandardError = true,
+        UseShellExecute = false,
+    };
+    foreach (var a in argList)
+        psi.ArgumentList.Add(a);
+
+    activeProcess = new Process { StartInfo = psi };
+
+    activeProcess.OutputDataReceived += (_, e) =>
+    {
+        if (e.Data is null) return;
+        Console.WriteLine(e.Data);
+        output.AppendLine(e.Data);
+    };
+    activeProcess.ErrorDataReceived += (_, e) =>
+    {
+        if (e.Data is null) return;
+        Console.Error.WriteLine(e.Data);
+        output.AppendLine(e.Data);
+    };
+
+    activeProcess.Start();
+    activeProcess.BeginOutputReadLine();
+    activeProcess.BeginErrorReadLine();
+
+    await activeProcess.WaitForExitAsync(cts.Token);
+    activeProcess = null;
+
+    return output.ToString();
+}
+
+// ── Main loop ─────────────────────────────────────────────────────────────────
+for (int i = 0; i < items.Count; i++)
+{
+    var item = items[i];
+    if (cts.IsCancellationRequested) break;
+
+    Console.WriteLine();
+    Console.WriteLine("[runner] ══════════════════════════════════════════════");
+    Console.WriteLine($"[runner] Task:\n{item}");
+    Console.WriteLine("[runner] ══════════════════════════════════════════════");
+    Console.WriteLine();
+
+    // Step 1 — run the task prompt
+    await RunCopilot(Enumerable.Empty<string>(), $"/caveman full");
+    await RunCopilot(new[] { "--continue" }, $"read ./Docs/instructions.md. {item}");
+    if (cts.IsCancellationRequested) break;
+
+    // Step 2 — confirm completion in the same chat session
+    Console.WriteLine("\n[runner] Asking for task confirmation...\n");
+    var confirmation = await RunCopilot(
+        new[] { "--continue" },
+        "are you sure tasks is done. reply with yes"
+    );
+    if (cts.IsCancellationRequested) break;
+
+    // Step 3 — check for "yes" in the reply, with retry logic for issue resolution
+    int maxRetries = 3;
+    int retryCount = 0;
+    bool taskConfirmed = confirmation.Contains("yes", StringComparison.OrdinalIgnoreCase);
+
+    while (!taskConfirmed && retryCount < maxRetries)
+    {
+        retryCount++;
+        Console.WriteLine($"\n[runner] Attempt {retryCount}/{maxRetries}: Resolving remaining issues and running tests...\n");
+
+        confirmation = await RunCopilot(
+            new[] { "--continue" },
+            "resolve any remaining issues, make sure all tests are running and pass. then confirm with yes if done"
+        );
+        if (cts.IsCancellationRequested) break;
+
+        taskConfirmed = confirmation.Contains("yes", StringComparison.OrdinalIgnoreCase);
+    }
+
+    if (!taskConfirmed)
+    {
+        Console.WriteLine($"\n[runner] Task not confirmed as done after {maxRetries} attempts. Stopping.");
+        break;
+    }
+
+    // Step 4 — commit the work
+    Console.WriteLine("\n[runner] Task confirmed. Making git commit...\n");
+
+    await RunCopilot(Enumerable.Empty<string>(), $"/caveman full");
+    await RunCopilot(new[] { "--continue" }, "make git commit");
+    if (cts.IsCancellationRequested) break;
+
+    // Step 5 — remove completed task from Tasks.md
+    var remaining = items.Skip(i + 1).ToList();
+    File.WriteAllText(tasksFile, string.Join("\n\n---\n\n", remaining));
+    Console.WriteLine("[runner] Removed completed task from Tasks.md");
+}
+
+Console.WriteLine("\n[runner] Finished.");

Docs/tasks.md

@@ -0,0 +1,178 @@
+# Tasks
+
+## 1. Scheduled Folder Scan
+
+### Task 1.1: Add folder scan scheduler configuration
+
+**Where is that found**
+- `src/server/models/config.py` (`SchedulerConfig`)
+- `data/config.json` (example/default config)
+- `src/server/web/templates/setup.html` (setup UI)
+- `src/server/api/auth.py` (config save endpoint, if it validates scheduler fields)
+
+**Goal. How it should be**
+Add a new boolean field `folder_scan_enabled` (default `false`) to `SchedulerConfig`. When `true`, the scheduler will execute the folder maintenance routine during its scheduled run. Add the field to the setup page as a checkbox. Ensure existing configs without this field load successfully (Pydantic default handles this).
+
+**Possible traps and issues**
+- Backward compatibility: old `data/config.json` files must load without errors. Pydantic defaults solve this, but verify by loading an old config.
+- The setup page JavaScript must include the new field in the payload sent to `/api/config`.
+- Do not confuse this with `auto_download_after_rescan` — this is a separate toggle.
+
+**Docs changes needed**
+- `docs/CONFIGURATION.md`: Document the new `scheduler.folder_scan_enabled` option.
+- `docs/ARCHITECTURE.md`: Mention folder scan in the scheduler section.
+
+**Why this is needed**
+Users need an opt-in toggle to enable automatic daily folder maintenance (NFO repair, folder renaming, poster checks) without forcing it on everyone.
+
+---
+
+### Task 1.2: Create FolderScanService skeleton
+
+**Where is that found**
+- New file: `src/server/services/folder_scan_service.py`
+- `src/server/services/scheduler_service.py` (to call it)
+
+**Goal. How it should be**
+Create a new `FolderScanService` class with a single async entry point `async def run_folder_scan(self) -> None`. The method should:
+1. Log start/completion with structlog.
+2. Check prerequisites (`settings.anime_directory` exists, `settings.tmdb_api_key` is set).
+3. Skip gracefully with a warning log if prerequisites are missing.
+4. Use a module-level semaphore (similar to `_NFO_REPAIR_SEMAPHORE`) to limit concurrent TMDB operations to 3.
+
+Keep the implementation empty for the sub-tasks (1.3–1.5) to fill in. Just add the skeleton and the semaphore.
+
+**Possible traps and issues**
+- Circular imports: `folder_scan_service.py` will import from `initialization_service`, `config.settings`, etc. Keep imports inside methods or at the bottom if circular issues arise.
+- The service should follow the singleton pattern like `SchedulerService` and `DownloadService` if it holds state, or be stateless. For simplicity, make it a plain class instantiated per call or a module-level function set.
+- Exception handling: any unhandled exception in the scheduled task should be caught and logged so it doesn't crash the scheduler.
+
+**Docs changes needed**
+- `docs/ARCHITECTURE.md`: Add `folder_scan_service.py` to the services list.
+
+**Why this is needed**
+Encapsulates the new daily maintenance logic in its own module, keeping `scheduler_service.py` clean and allowing the folder scan to be tested independently.
+
+---
+
+### Task 1.3: Integrate NFO repair into folder scan
+
+**Where is that found**
+- `src/server/services/folder_scan_service.py`
+- `src/server/services/initialization_service.py` (`perform_nfo_repair_scan`)
+
+**Goal. How it should be**
+Inside `FolderScanService.run_folder_scan()`, call `perform_nfo_repair_scan(background_loader=None)` as the first step. Reuse the existing function exactly — do not copy its logic. Log a message before and after the call.
+
+**Possible traps and issues**
+- `perform_nfo_repair_scan` spawns `asyncio.create_task` for each repair. When called from the scheduler, these background tasks will still run after `run_folder_scan` returns. This is fine, but log that repairs are queued.
+- The function already handles missing `tmdb_api_key` and `anime_directory`, so the caller doesn't need to double-check, but the skeleton from Task 1.2 already checks prerequisites.
+- `perform_nfo_repair_scan` imports `nfo_needs_repair` and `NfoRepairService` inside the function, so no heavy import-time dependencies.
+
+**Docs changes needed**
+- `docs/NFO_GUIDE.md`: Update the "Automatic NFO Repair" section to state that repair now runs as part of the scheduled folder scan instead of every startup.
+
+**Why this is needed**
+Reuses the existing, tested NFO repair logic. Moves NFO repair from startup blocking to scheduled background maintenance.
+
+---
+
+### Task 1.4: Validate and rename series folders
+
+**Where is that found**
+- `src/server/services/folder_scan_service.py`
+- `src/core/services/nfo_repair_service.py` (for `parse_nfo_tags` or similar NFO parsing)
+- `src/server/database/models.py` / `src/server/database/system_settings_service.py` (if folder paths are stored in DB)
+
+**Goal. How it should be**
+After NFO repair, iterate over every subfolder in `settings.anime_directory` that contains a `tvshow.nfo`. For each folder:
+1. Parse the NFO to extract `<title>` and `<year>` text values.
+2. Compute the expected folder name: `f"{title} ({year})"`.
+3. Sanitize the expected name for filesystem safety (remove/replace illegal characters like `/`, `\`, `:`, etc.).
+4. Compare with the current folder name (`series_dir.name`).
+5. If different, rename the folder using `series_dir.rename(expected_path)`.
+6. If the series path is stored in the database (check `anime_service` or DB models), update the database record to point to the new path.
+
+Skip folders where title or year is missing/empty. Log every rename action.
+
+**Possible traps and issues**
+- **Database path consistency**: If `Series` or `Episode` models store absolute or relative paths, renaming the folder on disk without updating the DB will break downloads, NFO updates, and the web UI. Must verify whether paths are stored in the DB and update them.
+- **Active downloads**: A series currently being downloaded should not be renamed. Check the download queue or lock status before renaming. If no lock mechanism exists, this is a major trap — document it.
+- **Filesystem permissions**: The app may not have write permission to the anime directory. Catch `PermissionError` and `OSError` and log gracefully.
+- **Special characters**: Titles like `"A / B"` or `"Show: Subtitle"` contain characters illegal in folder names. Define a sanitization function (e.g., replace `/` with `-`, remove trailing dots on Windows, etc.).
+- **Duplicate names**: Two different series could sanitize to the same name. Check if target path already exists before renaming.
+- **Path length limits**: Very long titles might exceed OS path limits.
+
+**Docs changes needed**
+- `docs/NFO_GUIDE.md`: Add a section "Folder Naming Convention" explaining the `<title> (<year>)` format.
+- `docs/CONFIGURATION.md`: Mention that enabling folder scan will rename folders.
+
+**Why this is needed**
+Enforces a consistent, predictable folder naming scheme across the library, making it easier for media center apps (Kodi, Jellyfin, Plex) to match metadata.
+
+---
+
+### Task 1.5: Check and download missing poster.jpg
+
+**Where is that found**
+- `src/server/services/folder_scan_service.py`
+- `src/core/utils/image_downloader.py` (`ImageDownloader`)
+- `src/core/services/nfo_service.py` or `src/core/services/nfo_repair_service.py` (to get poster URL from NFO or TMDB)
+
+**Goal. How it should be**
+After folder renaming, iterate over series folders again (or combine with Task 1.4 loop). For each folder:
+1. Check if `poster.jpg` exists and has a size ≥ `ImageDownloader.min_file_size` (1 KB by default).
+2. If missing or too small:
+   a. Parse `tvshow.nfo` for `<thumb aspect="poster">` or `<thumb>` URL.
+   b. If no URL in NFO, skip (do not query TMDB again to keep tasks small; the NFO should already have it after repair).
+   c. Use `ImageDownloader` (with context manager) to download the image to `series_dir / "poster.jpg"`.
+   d. Validate the downloaded image with `ImageDownloader._validate_image` (or similar existing validation).
+3. Use the existing `_NFO_REPAIR_SEMAPHORE` or a new `POSTER_DOWNLOAD_SEMAPHORE` to limit concurrent downloads to 3.
+
+**Possible traps and issues**
+- **TMDB rate limiting**: Even downloading images hits TMDB CDN. The semaphore limits concurrency.
+- **Invalid images**: A download might produce a 0-byte or corrupted file. `ImageDownloader` already validates with PIL; reuse that.
+- **NFO without thumb URL**: If the NFO was created before thumb tags were added, there may be no URL. In that case, skip and log. A future task could query TMDB directly.
+- **Write permissions**: Same as Task 1.4.
+- **Async session sharing**: `ImageDownloader` manages its own `aiohttp` session. Use `async with ImageDownloader() as downloader:` to ensure cleanup.
+
+**Docs changes needed**
+- `docs/NFO_GUIDE.md`: Add "Poster Check" subsection under folder scan.
+- `docs/CONFIGURATION.md`: Mention that `nfo.download_poster` setting also affects scheduled poster checks.
+
+**Why this is needed**
+Ensures every series has artwork, which is required by most media center front-ends for a polished library view.
+
+---
+
+## 2. Remove startup NFO repair
+
+### Task 2.1: Remove perform_nfo_repair_scan from startup lifespan
+
+**Where is that found**
+- `src/server/fastapi_app.py` (lifespan startup block, lines ~245 and ~319)
+- `src/server/services/initialization_service.py` (keep the function, just remove the call site)
+- `tests/integration/test_nfo_repair_startup.py`
+- `tests/unit/test_initialization_service.py` (tests that call `perform_nfo_repair_scan` directly can stay, but integration tests verifying startup wiring must change)
+
+**Goal. How it should be**
+1. In `src/server/fastapi_app.py`, remove the import of `perform_nfo_repair_scan` from the `initialization_service` import block.
+2. Remove the line `await perform_nfo_repair_scan(background_loader)` from the lifespan startup sequence.
+3. Update `tests/integration/test_nfo_repair_startup.py`:
+   - Remove or modify `test_perform_nfo_repair_scan_imported_in_lifespan` and `test_perform_nfo_repair_scan_called_after_media_scan` since the startup wiring is gone.
+   - Replace with a test that verifies `perform_nfo_repair_scan` is NOT called during startup (or simply delete the file if it has no other purpose).
+4. `tests/unit/test_initialization_service.py` tests for `perform_nfo_repair_scan` can remain because they test the function itself, not the startup wiring.
+
+**Possible traps and issues**
+- **Test failures**: `test_nfo_repair_startup.py` will fail immediately after the code change. It must be updated in the same PR.
+- **Documentation drift**: `docs/NFO_GUIDE.md`, `docs/CHANGELOG.md`, and `docs/ARCHITECTURE.md` all describe the startup NFO repair behavior. If docs are not updated, users will expect repair on every start.
+- **Background loader parameter**: The `background_loader` variable was created partly for `perform_nfo_repair_scan`. After removal, check if `background_loader` is still needed for other startup steps (yes — `perform_media_scan_if_needed` uses it). Do not remove `background_loader` entirely.
+- **Import cleanup**: Ensure no unused imports remain in `fastapi_app.py` after removal.
+
+**Docs changes needed**
+- `docs/NFO_GUIDE.md`: Update section 11 "Automatic NFO Repair" to remove startup references and state it runs via scheduler.
+- `docs/CHANGELOG.md`: Add an entry under "Changed" or "Removed" noting that startup NFO repair is replaced by scheduled folder scan.
+- `docs/ARCHITECTURE.md`: Update the startup sequence description.
+
+**Why this is needed**
+Running `perform_nfo_repair_scan` on every startup slows down server restarts, especially for large libraries. Moving it to a scheduled task keeps startup fast while still ensuring regular maintenance.

Loader.py

@@ -1,80 +0,0 @@
-import os
-import re
-import subprocess
-import logging
-
-from aniworld.models import Anime
-from aniworld.config import PROVIDER_HEADERS, INVALID_PATH_CHARS
-from aniworld.parser import arguments
-
-# Read timeout from environment variable, default to 600 seconds (10 minutes)
-timeout = int(os.getenv("DOWNLOAD_TIMEOUT", 600))
-
-download_error_logger = logging.getLogger("DownloadErrors")
-download_error_handler = logging.FileHandler("download_errors.log")
-download_error_handler.setLevel(logging.ERROR)
-download_error_logger.addHandler(download_error_handler)
-
-def download(anime: Anime):  # pylint: disable=too-many-branches
-    for episode in anime:
-        sanitized_anime_title = ''.join(
-            char for char in anime.title if char not in INVALID_PATH_CHARS
-        )
-
-        if episode.season == 0:
-            output_file = (
-                f"{sanitized_anime_title} - "
-                f"Movie {episode.episode:02} - "
-                f"({anime.language}).mp4"
-            )
-        else:
-            output_file = (
-                f"{sanitized_anime_title} - "
-                f"S{episode.season:02}E{episode.episode:03} - "
-                f"({anime.language}).mp4"
-            )
-
-        output_path = os.path.join(anime.output_directory, output_file)
-        os.makedirs(os.path.dirname(output_path), exist_ok=True)
-        command = [
-            "yt-dlp",
-            episode.get_direct_link(anime.provider, anime.language),
-            "--fragment-retries", "infinite",
-            "--concurrent-fragments", "4",
-            "-o", output_path,
-            "--quiet",
-            "--no-warnings"
-        ]
-
-        if anime.provider in PROVIDER_HEADERS:
-            for header in PROVIDER_HEADERS[anime.provider]:
-                command.extend(["--add-header", header])
-
-        if arguments.only_command:
-            logging.info(
-                f"{anime.title} - S{episode.season}E{episode.episode} - ({anime.language}): "
-                f"{' '.join(str(item) if item is not None else '' for item in command)}"
-            )
-            continue
-
-        try:
-            subprocess.run(command, check=True, timeout=timeout)
-        except subprocess.TimeoutExpired:
-            logging.error(f"Download timed out after {timeout} seconds: {' '.join(str(item) for item in command)}")
-        except subprocess.CalledProcessError:
-            logging.error(f"Error running command: {' '.join(str(item) for item in command)}")
-        except KeyboardInterrupt:
-            logging.warning("Download interrupted by user.")
-            output_dir = os.path.dirname(output_path)
-            is_empty = True
-
-            for file_name in os.listdir(output_dir):
-                if re.search(r'\.(part|ytdl|part-Frag\d+)$', file_name):
-                    os.remove(os.path.join(output_dir, file_name))
-                else:
-                    is_empty = False
-
-            if is_empty or not os.listdir(output_dir):
-                os.rmdir(output_dir)
-                logging.info(f"Removed empty download directory: {output_dir}")
-

README.md

@@ -0,0 +1,202 @@
+# Aniworld Download Manager
+
+A web-based anime download manager with REST API, WebSocket real-time updates, and a modern web interface.
+
+## Features
+
+- Web interface for managing anime library
+- REST API for programmatic access
+- WebSocket real-time progress updates
+- Download queue with priority management
+- Automatic library scanning for missing episodes
+- **NFO metadata management with TMDB integration**
+- **Automatic poster/fanart/logo downloads**
+- JWT-based authentication
+- SQLite database for persistence
+- **Comprehensive test coverage** (1,070+ tests, 91.3% coverage)
+
+## Quick Start
+
+### Prerequisites
+
+- Python 3.10+
+- Conda (recommended) or virtualenv
+
+### Installation
+
+1. Clone the repository:
+
+```bash
+git clone https://github.com/your-repo/aniworld.git
+cd aniworld
+```
+
+2. Create and activate conda environment:
+
+```bash
+conda create -n AniWorld python=3.10
+conda activate AniWorld
+```
+
+3. Install dependencies:
+
+```bash
+pip install -r requirements.txt
+```
+
+4. Start the server:
+
+```bash
+python -m uvicorn src.server.fastapi_app:app --host 127.0.0.1 --port 8000
+```
+
+5. Open http://127.0.0.1:8000 in your browser
+
+### First-Time Setup
+
+1. Navigate to http://127.0.0.1:8000/setup
+2. Set a master password (minimum 8 characters, mixed case, number, special character)
+3. Configure your anime directory path
+4. **(Optional)** Configure NFO settings with your TMDB API key
+5. Login with your master password
+
+### NFO Metadata Setup (Optional)
+
+For automatic NFO file generation with metadata and images:
+
+1. Get a free TMDB API key from https://www.themoviedb.org/settings/api
+2. Go to Configuration → NFO Settings in the web interface
+3. Enter your TMDB API key and click "Test Connection"
+4. Enable auto-creation and select which images to download
+5. NFO files will be created automatically during downloads
+
+## Documentation
+
+| Document                                       | Description                      |
+| ---------------------------------------------- | -------------------------------- |
+| [docs/API.md](docs/API.md)                     | REST API and WebSocket reference |
+| [docs/ARCHITECTURE.md](docs/ARCHITECTURE.md)   | System architecture and design   |
+| [docs/CONFIGURATION.md](docs/CONFIGURATION.md) | Configuration options            |
+| [docs/DATABASE.md](docs/DATABASE.md)           | Database schema                  |
+| [docs/DEVELOPMENT.md](docs/DEVELOPMENT.md)     | Developer setup guide            |
+| [docs/TESTING.md](docs/TESTING.md)             | Testing guidelines               |
+
+## Project Structure
+
+```
+src/
++-- cli/                # CLI interface (legacy)
++-- config/             # Application settings
++-- core/               # Domain logic
+|   +-- SeriesApp.py    # Main application facade
+|   +-- SerieScanner.py # Directory scanning
+|   +-- entities/       # Domain entities
+|   +-- providers/      # External provider adapters
++-- server/             # FastAPI web server
+    +-- api/            # REST API endpoints
+    +-- services/       # Business logic
+    +-- models/         # Pydantic models
+    +-- database/       # SQLAlchemy ORM
+    +-- middleware/     # Auth, rate limiting
+```
+
+## API Endpoints
+
+| Endpoint                       | Description                      |
+| ------------------------------ | -------------------------------- |
+| `POST /api/auth/login`         | Authenticate and get JWT token   |
+| `GET /api/anime`               | List anime with missing episodes |
+| `GET /api/anime/search?query=` | Search for anime                 |
+| `POST /api/queue/add`          | Add episodes to download queue   |
+| `POST /api/queue/start`        | Start queue processing           |
+| `GET /api/queue/status`        | Get queue status                 |
+| `GET /api/nfo/check`           | Check NFO status for anime       |
+| `POST /api/nfo/create`         | Create NFO files                 |
+| `WS /ws/connect`               | WebSocket for real-time updates  |
+
+See [docs/API.md](docs/API.md) for complete API reference.
+
+## Configuration
+
+Environment variables (via `.env` file):
+
+| Variable          | Default                        | Description               |
+| ----------------- | ------------------------------ | ------------------------- |
+| `JWT_SECRET_KEY`  | (random)                       | Secret for JWT signing    |
+| `DATABASE_URL`    | `sqlite:///./data/aniworld.db` | Database connection       |
+| `ANIME_DIRECTORY` | (empty)                        | Path to anime library     |
+| `TMDB_API_KEY`    | (empty)                        | TMDB API key for metadata |
+| `LOG_LEVEL`       | `INFO`                         | Logging level             |
+
+See [docs/CONFIGURATION.md](docs/CONFIGURATION.md) for all options.
+
+## Running Tests
+
+The project includes a comprehensive test suite with **1,070+ tests** and **91.3% coverage** across all critical systems:
+
+```bash
+# Run all Python tests
+conda run -n AniWorld python -m pytest tests/ -v
+
+# Run unit tests only
+conda run -n AniWorld python -m pytest tests/unit/ -v
+
+# Run integration tests
+conda run -n AniWorld python -m pytest tests/integration/ -v
+
+# Run with coverage report
+conda run -n AniWorld python -m pytest tests/ --cov --cov-report=html
+
+# Run JavaScript/E2E tests (requires Node.js)
+npm test                    # Unit tests (Vitest)
+npm run test:e2e           # E2E tests (Playwright)
+```
+
+**Test Coverage:**
+
+- ✅ 1,070+ tests across 4 priority tiers (644 Python tests passing, 426 JavaScript/E2E tests)
+- ✅ 91.3% code coverage
+- ✅ **TIER 1 Critical**: 159/159 tests - Scheduler, NFO batch, download queue, persistence
+- ✅ **TIER 2 High Priority**: 390/390 tests - Frontend UI, WebSocket, dark mode, settings
+- ✅ **TIER 3 Medium Priority**: 95/156 tests - Performance, edge cases (core scenarios complete)
+- ✅ **TIER 4 Polish**: 426 tests - Internationalization, accessibility, media server compatibility
+- ✅ Security: Complete coverage (authentication, authorization, CSRF, XSS, SQL injection)
+- ✅ Performance: Validated (200+ concurrent WebSocket clients, batch operations)
+
+See [docs/TESTING_COMPLETE.md](docs/TESTING_COMPLETE.md) for comprehensive testing documentation.
+
+## Technology Stack
+
+- **Web Framework**: FastAPI 0.104.1
+- **Database**: SQLite + SQLAlchemy 2.0
+- **Auth**: JWT (python-jose) + passlib
+- **Validation**: Pydantic 2.5
+- **Logging**: structlog
+- **Testing**: pytest + pytest-asyncio
+
+## Application Lifecycle
+
+### Initialization
+
+On first startup, the application performs a one-time sync of series from data files to the database:
+
+1. FastAPI lifespan starts
+2. Database is initialized
+3. `sync_series_from_data_files()` reads all data files from the anime directory (creates temporary SeriesApp)
+4. Series metadata is synced to the database
+5. DownloadService initializes (triggers main `SeriesApp` creation)
+6. `SeriesApp` loads series from database via service layer (not from files)
+
+On subsequent startups, the same flow applies but the sync finds no new series. `SeriesApp` always initializes with an empty series list (`skip_load=True`) and loads data from the database on demand, avoiding redundant file system scans.
+
+### Adding New Series
+
+When adding a new series:
+
+1. Series is added to the database via `AnimeService`
+2. Data file is created in the anime directory
+3. In-memory `SerieList` is updated via `load_series_from_list()`
+
+## License
+
+MIT License

aniworld/pyvenv.cfg

@@ -1,5 +0,0 @@
-home = /usr/bin
-include-system-site-packages = false
-version = 3.12.3
-executable = /usr/bin/python3.12
-command = /usr/bin/python3 -m venv /mnt/d/repo/AniWorld/aniworld

docker-compose.yml

@@ -1,25 +0,0 @@
-version: "3.7"
-services:
-  wireguard:
-    container_name: wireguard
-    image: jordanpotter/wireguard
-    user: "1013:1001"
-    cap_add:
-      - NET_ADMIN
-      - SYS_MODULE
-    sysctls:
-      net.ipv4.conf.all.src_valid_mark: 1
-    volumes:
-      - /server_aniworld/wg0.conf:/etc/wireguard/wg0.conf
-    restart: unless-stopped
-
-  curl:
-    image: curlimages/curl
-    command: ifconfig.io
-    user: "1013:1001"
-    network_mode: service:wireguard
-    depends_on:
-      - wireguard
-
-
-      

main.py

@@ -1,173 +0,0 @@
-import sys
-import os
-import traceback
-import re
-import logging
-from concurrent.futures import ThreadPoolExecutor
-from collections import defaultdict
-from aniworld.models import Anime, Episode
-from aniworld.common import get_season_episode_count, get_movie_episode_count
-from aniworld.search import search_anime
-from Loader import download
-
-# Configure logging
-logging.basicConfig(level=logging.INFO, format='%(asctime)s - %(levelname)s - %(message)s')
-
-error_logger = logging.getLogger("ErrorLog")
-error_handler = logging.FileHandler("errors.log")
-error_handler.setLevel(logging.ERROR)
-error_logger.addHandler(error_handler)
-
-noKeyFound_logger = logging.getLogger("NoKeyFound")
-noKeyFound_handler = logging.FileHandler("NoKeyFound.log")
-noKeyFound_handler.setLevel(logging.ERROR)
-noKeyFound_logger.addHandler(noKeyFound_handler)
-
-class NoKeyFoundException(Exception):
-    """Exception raised when an anime key cannot be found."""
-    pass
-class MatchNotFoundError(Exception):
-    """Exception raised when an anime key cannot be found."""
-    pass
-
-class Loader:
-    def __init__(self, basePath: str):
-        self.directory = basePath
-        logging.info(f"Initialized Loader with base path: {self.directory}")
-
-    def __find_mp4_files(self):
-        logging.info("Scanning for .mp4 files")
-
-        for root_folder_name in os.listdir(self.directory):
-
-            folder_data = defaultdict(list)  # Dictionary to store MP4 files per folder
-            folder = os.path.join(self.directory, root_folder_name)
-
-            logging.info(f"Processing folder: {root_folder_name}")
-
-            # First pass: Scan all folders and collect MP4 file data
-            for root, dirs, files in os.walk(folder):
-                mp4_files = [file for file in files if file.endswith('.mp4')]
-                if mp4_files:
-                    folder_data[root_folder_name].extend(mp4_files)
-            yield root_folder_name, folder_data[root_folder_name]
-
-        for dir in self.__find_empty_folders():
-            logging.info(f"Found no .mp4 files in {dir}")
-            yield dir, []
-
-    def __find_empty_folders(self):
-        """Yield folder names that do not contain any mp4 files in a given directory."""
-        for folder in os.listdir(self.directory):
-            folder_path = os.path.join(self.directory, folder)
-
-            if os.path.isdir(folder_path):  # Ensure it's a directory
-                has_mp4 = any(file.endswith(".mp4") for file in os.listdir(folder_path))
-
-                if not has_mp4:
-                    yield folder  # Yield the folder name if no mp4 files found
-
-    def __remove_year(self, input_string: str):
-        cleaned_string = re.sub(r'\(\d{4}\)', '', input_string).strip()
-        logging.debug(f"Removed year from '{input_string}' -> '{cleaned_string}'")
-        return cleaned_string
-
-    def __check_and_generate_key(self, folder_name: str):
-        folder_path = os.path.join(self.directory, folder_name)
-        key_file = os.path.join(folder_path, 'key')
-
-        if os.path.exists(key_file):
-            with open(key_file, 'r') as file:
-                key = file.read().strip()
-                logging.info(f"Key found for folder '{folder_name}': {key}")
-                return key
-        else:
-            try:
-                key = search_anime(folder_name, True)
-                if key:
-                    key = key[0]['link']
-                    with open(key_file, 'w') as file:
-                        file.write(key)
-                    logging.info(f"Generated new key for folder '{folder_name}': {key}")
-                    return key
-                else:
-                    raise NoKeyFoundException(f"No key found for folder '{folder_name}'")
-            except Exception as e:
-                raise NoKeyFoundException(f"Failed to retrieve key for folder '{folder_name}'") from e
-
-    def __GetEpisodeAndSeason(self, filename: str):
-        pattern = r'S(\d+)E(\d+)'
-        match = re.search(pattern, filename)
-        if match:
-            season = match.group(1)
-            episode = match.group(2)
-            logging.debug(f"Extracted season {season}, episode {episode} from '{filename}'")
-            return int(season), int(episode)
-        else:
-            logging.error(f"Failed to find season/episode pattern in '{filename}'")
-            raise MatchNotFoundError("Season and episode pattern not found in the filename.")
-
-    def __GetEpisodesAndSeasons(self, mp4_files: []):
-        episodes_dict = {}
-
-        for file in mp4_files:
-            season, episode = self.__GetEpisodeAndSeason(file)
-
-            if season in episodes_dict:
-                episodes_dict[season].append(episode)
-            else:
-                episodes_dict[season] = [episode]
-
-        return episodes_dict
-
-    def __GetMissingEpisodesAndSeason(self, key: str, mp4_files: []):
-        expected_dict = get_season_episode_count(key) # key season , value count of episodes
-        filedict = self.__GetEpisodesAndSeasons(mp4_files)
-
-        for season, expected_count in expected_dict.items():
-            existing_episodes = filedict.get(season, [])
-            missing_episodes = [ep for ep in range(1, expected_count + 1) if ep not in existing_episodes]
-
-            if missing_episodes:
-                yield season, missing_episodes
-
-    def LoadMissing(self):
-        logging.warning("Starting process to load missing episodes")
-        result = self.__find_mp4_files()
-
-        def download_episode(folder, season, episode, key):
-            """Helper function to download an individual episode."""
-            try:
-                folder_path = os.path.join(self.directory, folder, f"Season {season}")
-                anime = Anime(
-                    episode_list=[Episode(slug=key, season=season, episode=episode)],
-                    language="German Dub",
-                    output_directory=folder_path
-                )
-                logging.warning(f"Downloading episode {episode} of season {season} for anime {key}")
-                download(anime)
-            except Exception as e:
-                logging.error(f"Error downloading episode {episode} of season {season} for anime {key}: {e}")
-
-        # Using ThreadPoolExecutor to run downloads in parallel
-        with ThreadPoolExecutor(max_workers=5) as executor:  # Adjust number of workers as needed
-            for folder, mp4_files in result:
-                try:
-                    key = self.__check_and_generate_key(folder)
-                    missings = self.__GetMissingEpisodesAndSeason(key, mp4_files)
-                    logging.info("Missing episodes for {key} \n" + "\n".join(f"Season {str(k)}: {', '.join(str(v))}" for k, v in missings))
-                    for season, missing_episodes in missings:
-                        for episode in missing_episodes:
-                            executor.submit(download_episode, folder, season, episode, key)
-                except NoKeyFoundException as nkfe:
-                    noKeyFound_logger.error(f"Error processing folder '{folder}': {nkfe}")
-                except Exception as e:
-                    error_logger.error(f"Unexpected error processing folder '{folder}': {e} \n {traceback.format_exc()}")
-                    continue
-
-# Read the base directory from an environment variable
-directory_to_search = os.getenv("ANIME_DIRECTORY", "\\\\sshfs.r\\ubuntu@192.168.178.43\\media\\serien\\Serien")
-#directory_to_search = os.getenv("ANIME_DIRECTORY", "D:\sss")
-
-loader = Loader(directory_to_search)
-loader.LoadMissing()

package.json

@@ -0,0 +1,27 @@
+{
+  "name": "aniworld-web",
+  "version": "1.4.11",
+  "description": "Aniworld Anime Download Manager - Web Frontend",
+  "type": "module",
+  "scripts": {
+    "test": "vitest run",
+    "test:watch": "vitest",
+    "test:ui": "vitest --ui",
+    "test:coverage": "vitest run --coverage",
+    "test:e2e": "playwright test",
+    "test:e2e:ui": "playwright test --ui",
+    "test:e2e:headed": "playwright test --headed",
+    "test:e2e:debug": "playwright test --debug",
+    "playwright:install": "playwright install --with-deps chromium"
+  },
+  "devDependencies": {
+    "@playwright/test": "^1.41.0",
+    "@vitest/coverage-v8": "^1.2.0",
+    "@vitest/ui": "^1.2.0",
+    "happy-dom": "^13.3.5",
+    "vitest": "^1.2.0"
+  },
+  "engines": {
+    "node": ">=18.0.0"
+  }
+}

pyproject.toml

@@ -0,0 +1,5 @@
+[tool.pytest.ini_options]
+asyncio_mode = "auto"
+markers = [
+    "asyncio: mark test as asynchronous"
+]

requirements.txt

@@ -1,5 +1,28 @@
-aniworld
-requests
-beautifulsoup4
-lxml
-python-dotenv
+fastapi==0.104.1
+uvicorn[standard]==0.24.0
+jinja2==3.1.2
+python-multipart==0.0.6
+pydantic==2.5.0
+pydantic-settings==2.1.0
+python-jose[cryptography]==3.3.0
+passlib[bcrypt]==1.7.4
+aiofiles==23.2.1
+websockets==12.0
+structlog==24.1.0
+psutil==5.9.6
+pytest==7.4.3
+pytest-asyncio==0.21.1
+httpx==0.25.2
+sqlalchemy>=2.0.35
+aiosqlite>=0.19.0
+aiohttp>=3.9.0
+lxml>=5.0.0
+pillow>=10.0.0
+APScheduler>=3.10.4
+Events>=0.5
+requests>=2.31.0
+beautifulsoup4>=4.12.0
+chardet>=5.2.0
+fake-useragent>=1.4.0
+yt-dlp>=2024.1.0
+urllib3>=2.0.0

run_server.py

@@ -0,0 +1,34 @@
+#!/usr/bin/env python3
+"""
+Startup script for the Aniworld FastAPI application.
+
+This script starts the application with proper logging configuration
+and graceful shutdown support via Ctrl+C (SIGINT) or SIGTERM.
+"""
+import uvicorn
+
+from src.infrastructure.logging.uvicorn_config import get_uvicorn_log_config
+
+if __name__ == "__main__":
+    # Get logging configuration
+    log_config = get_uvicorn_log_config()
+    
+    # Run the application with logging.
+    # Only watch .py files in src/, explicitly exclude __pycache__.
+    # This prevents reload loops from .pyc compilation.
+    #
+    # Graceful shutdown:
+    # - Ctrl+C (SIGINT) or SIGTERM triggers graceful shutdown
+    # - timeout_graceful_shutdown ensures shutdown completes within 30s
+    # - The FastAPI lifespan handler orchestrates cleanup in proper order
+    uvicorn.run(
+        "src.server.fastapi_app:app",
+        host="127.0.0.1",
+        port=8000,
+        reload=True,
+        reload_dirs=["src"],
+        reload_includes=["*.py"],
+        reload_excludes=["*/__pycache__/*", "*.pyc"],
+        log_config=log_config,
+        timeout_graceful_shutdown=30,  # Allow 30s for graceful shutdown
+    )

src/cli/nfo_cli.py

@@ -0,0 +1,205 @@
+"""CLI command for NFO management.
+
+Note: NFO service has been removed. This CLI is no longer functional.
+"""
+
+import logging
+import sys
+from pathlib import Path
+
+# Add src to path
+sys.path.insert(0, str(Path(__file__).parent.parent.parent))
+
+logger = logging.getLogger(__name__)
+
+
+async def scan_and_create_nfo():
+    """Scan all series and create missing NFO files."""
+    logger.info("%s", "=" * 70)
+    logger.info("NFO Auto-Creation Tool")
+    logger.info("%s", "=" * 70)
+
+    if not settings.tmdb_api_key:
+        logger.error("TMDB_API_KEY not configured")
+        logger.error("Set TMDB_API_KEY in .env file or environment")
+        logger.error("Get API key from: https://www.themoviedb.org/settings/api")
+        return 1
+    
+    if not settings.anime_directory:
+        logger.error("ANIME_DIRECTORY not configured")
+        return 1
+
+    logger.info("Anime Directory: %s", settings.anime_directory)
+    logger.info("Auto-create NFO: %s", settings.nfo_auto_create)
+    logger.info("Update on scan: %s", settings.nfo_update_on_scan)
+    logger.info("Download poster: %s", settings.nfo_download_poster)
+    logger.info("Download logo: %s", settings.nfo_download_logo)
+    logger.info("Download fanart: %s", settings.nfo_download_fanart)
+
+    if not settings.nfo_auto_create:
+        logger.warning("NFO_AUTO_CREATE is set to False")
+        logger.warning("Enable it in .env to auto-create NFO files")
+        logger.info("Continuing anyway to demonstrate functionality...")
+        # Override for demonstration
+        settings.nfo_auto_create = True
+    
+    logger.info("Initializing series manager...")
+    manager = SeriesManagerService.from_settings()
+
+    # Get series list first
+    serie_list = manager.get_serie_list()
+    all_series = serie_list.get_all()
+
+    logger.info("Found %d series in directory", len(all_series))
+
+    if not all_series:
+        logger.warning("No series found. Add some anime series first.")
+        return 0
+    
+    # Show series without NFO
+    series_without_nfo = []
+    for serie in all_series:
+        if not serie.has_nfo():
+            series_without_nfo.append(serie)
+    
+    if series_without_nfo:
+        logger.info("Series without NFO: %d", len(series_without_nfo))
+        for serie in series_without_nfo[:5]:  # Show first 5
+            logger.debug("Missing NFO: %s (%s)", serie.name, serie.folder)
+        if len(series_without_nfo) > 5:
+            logger.info("... and %d more", len(series_without_nfo) - 5)
+    else:
+        logger.info("All series already have NFO files")
+
+        if not settings.nfo_update_on_scan:
+            logger.info("Nothing to do. Enable NFO_UPDATE_ON_SCAN to update existing NFOs.")
+            return 0
+    
+    logger.info("Processing NFO files...")
+    logger.info("This may take a while depending on the number of series")
+
+    try:
+        await manager.scan_and_process_nfo()
+        logger.info("NFO processing complete")
+
+        # Show updated stats
+        serie_list.load_series()  # Reload to get updated stats
+        all_series = serie_list.get_all()
+        series_with_nfo = [s for s in all_series if s.has_nfo()]
+        series_with_poster = [s for s in all_series if s.has_poster()]
+        series_with_logo = [s for s in all_series if s.has_logo()]
+        series_with_fanart = [s for s in all_series if s.has_fanart()]
+
+        logger.info("Final statistics", extra={
+            "total_series": len(all_series),
+            "with_nfo": len(series_with_nfo),
+            "with_poster": len(series_with_poster),
+            "with_logo": len(series_with_logo),
+            "with_fanart": len(series_with_fanart),
+        })
+
+    except Exception:
+        logger.exception("Failed to process NFO files")
+        return 1
+    finally:
+        await manager.close()
+    
+    return 0
+
+
+async def check_nfo_status():
+    """Check NFO status for all series."""
+    logger.info("%s", "=" * 70)
+    logger.info("NFO Status Check")
+    logger.info("%s", "=" * 70)
+
+    if not settings.anime_directory:
+        logger.error("ANIME_DIRECTORY not configured")
+        return 1
+
+    logger.info("Anime Directory: %s", settings.anime_directory)
+
+    # Create series list (no NFO service needed for status check)
+    from src.server.database.SerieList import SerieList
+    serie_list = SerieList(settings.anime_directory)
+    all_series = serie_list.get_all()
+
+    if not all_series:
+        logger.warning("No series found")
+        return 0
+
+    logger.info("Total series: %d", len(all_series))
+
+    # Categorize series
+    with_nfo = []
+    without_nfo = []
+
+    for serie in all_series:
+        if serie.has_nfo():
+            with_nfo.append(serie)
+        else:
+            without_nfo.append(serie)
+
+    logger.info(
+        "Series NFO coverage",
+        extra={
+            "with_nfo": len(with_nfo),
+            "without_nfo": len(without_nfo),
+            "total": len(all_series),
+        },
+    )
+
+    if without_nfo:
+        logger.info("Series missing NFO: %d", len(without_nfo))
+        for serie in without_nfo[:10]:
+            logger.debug("Missing NFO: %s (%s)", serie.name, serie.folder)
+        if len(without_nfo) > 10:
+            logger.info("... and %d more", len(without_nfo) - 10)
+
+    # Media file statistics
+    with_poster = sum(1 for s in all_series if s.has_poster())
+    with_logo = sum(1 for s in all_series if s.has_logo())
+    with_fanart = sum(1 for s in all_series if s.has_fanart())
+
+    logger.info(
+        "Media file coverage",
+        extra={
+            "posters": with_poster,
+            "logos": with_logo,
+            "fanart": with_fanart,
+            "total": len(all_series),
+        },
+    )
+
+    return 0
+
+
+def main():
+    """Main CLI entry point."""
+    logging.basicConfig(level=logging.INFO, format="%(message)s")
+
+    if len(sys.argv) < 2:
+        logger.info("NFO Management Tool")
+        logger.info("\nUsage:")
+        logger.info("  python -m src.cli.nfo_cli scan     # Scan and create missing NFO files")
+        logger.info("  python -m src.cli.nfo_cli status   # Check NFO status for all series")
+        logger.info("\nConfiguration:")
+        logger.info("  Set TMDB_API_KEY in .env file")
+        logger.info("  Set NFO_AUTO_CREATE=true to enable auto-creation")
+        logger.info("  Set NFO_UPDATE_ON_SCAN=true to update existing NFOs during scan")
+        return 1
+
+    command = sys.argv[1].lower()
+
+    if command == "scan":
+        return asyncio.run(scan_and_create_nfo())
+    elif command == "status":
+        return asyncio.run(check_nfo_status())
+    else:
+        logger.error("Unknown command: %s", command)
+        logger.info("Use 'scan' or 'status'")
+        return 1
+
+
+if __name__ == "__main__":
+    sys.exit(main())

src/config/settings.py

@@ -0,0 +1,191 @@
+import re
+import secrets
+from typing import Optional
+
+from pydantic import Field
+from pydantic_settings import BaseSettings, SettingsConfigDict
+
+
+class Settings(BaseSettings):
+    """Application settings from environment variables."""
+    
+    model_config = SettingsConfigDict(env_file=".env", extra="ignore")
+    
+    jwt_secret_key: str = Field(
+        default_factory=lambda: secrets.token_urlsafe(32),
+        validation_alias="JWT_SECRET_KEY",
+    )
+    password_salt: str = Field(
+        default="default-salt",
+        validation_alias="PASSWORD_SALT"
+    )
+    master_password_hash: Optional[str] = Field(
+        default=None,
+        validation_alias="MASTER_PASSWORD_HASH"
+    )
+    # ⚠️ WARNING: DEVELOPMENT ONLY - NEVER USE IN PRODUCTION ⚠️
+    # This field allows setting a plaintext master password via environment
+    # variable for development/testing purposes only. In production
+    # deployments, use MASTER_PASSWORD_HASH instead and NEVER set this field.
+    master_password: Optional[str] = Field(
+        default=None,
+        validation_alias="MASTER_PASSWORD",
+        description=(
+            "**DEVELOPMENT ONLY** - Plaintext master password. "
+            "NEVER enable in production. Use MASTER_PASSWORD_HASH instead."
+        ),
+    )
+    token_expiry_hours: int = Field(
+        default=24,
+        validation_alias="SESSION_TIMEOUT_HOURS"
+    )
+    anime_directory: str = Field(
+        default="",
+        validation_alias="ANIME_DIRECTORY"
+    )
+    log_level: str = Field(
+        default="INFO",
+        validation_alias="LOG_LEVEL"
+    )
+
+    # Additional settings from .env
+    database_url: str = Field(
+        default="sqlite:///./data/aniworld.db",
+        validation_alias="DATABASE_URL"
+    )
+    cors_origins: str = Field(
+        default="http://localhost:3000",
+        validation_alias="CORS_ORIGINS",
+    )
+    api_rate_limit: int = Field(
+        default=100,
+        validation_alias="API_RATE_LIMIT"
+    )
+    default_provider: str = Field(
+        default="aniworld.to",
+        validation_alias="DEFAULT_PROVIDER"
+    )
+    provider_timeout: int = Field(
+        default=30,
+        validation_alias="PROVIDER_TIMEOUT"
+    )
+    retry_attempts: int = Field(
+        default=3,
+        validation_alias="RETRY_ATTEMPTS"
+    )
+    
+    # NFO / TMDB Settings
+    tmdb_api_key: Optional[str] = Field(
+        default=None,
+        validation_alias="TMDB_API_KEY",
+        description="TMDB API key for scraping TV show metadata"
+    )
+    nfo_auto_create: bool = Field(
+        default=False,
+        validation_alias="NFO_AUTO_CREATE",
+        description="Automatically create NFO files when scanning series"
+    )
+    nfo_update_on_scan: bool = Field(
+        default=False,
+        validation_alias="NFO_UPDATE_ON_SCAN",
+        description="Update existing NFO files when scanning series"
+    )
+    nfo_download_poster: bool = Field(
+        default=True,
+        validation_alias="NFO_DOWNLOAD_POSTER",
+        description="Download poster.jpg when creating NFO"
+    )
+    nfo_download_logo: bool = Field(
+        default=True,
+        validation_alias="NFO_DOWNLOAD_LOGO",
+        description="Download logo.png when creating NFO"
+    )
+    nfo_download_fanart: bool = Field(
+        default=True,
+        validation_alias="NFO_DOWNLOAD_FANART",
+        description="Download fanart.jpg when creating NFO"
+    )
+    nfo_image_size: str = Field(
+        default="original",
+        validation_alias="NFO_IMAGE_SIZE",
+        description="Image size to download (original, w500, etc.)"
+    )
+    nfo_prefer_fsk_rating: bool = Field(
+        default=True,
+        validation_alias="NFO_PREFER_FSK_RATING",
+        description="Prefer German FSK rating over MPAA rating in NFO files"
+    )
+    nfo_folder_ignore_patterns: str = Field(
+        default="The Last of Us|Loki|Chernobyl|Star Trek Discovery|Marvel|Matrix|Fast & Furious|Jurassic|James Bond|Mission: Impossible|Bourne|Hunger Games|Die Hard|John Wick|Pacific Rim|Guardians of the Galaxy|Avengers|Batman|Superman|Wonder Woman|Spider-Man|X-Men|Fantastic Four|Terminator|Predator|Rambo|Rocky|Expendables|Tomb Raider|Jumanji|Jurassic Park|Pirates of the Caribbean|Harry Potter|Lord of the Rings|Hobbit|Game of Thrones|Westworld|Stranger Things|Breaking Bad|Better Call Saul|Sherlock|Downton Abbey|The Crown|Bridgerton|Sex Education|Normal People|Emily in Paris|The Witcher|Servant|Lucifer|Dark|Shadow and Bone|Grimm|Fairytale",
+        validation_alias="NFO_FOLDER_IGNORE_PATTERNS",
+        description="Regex patterns for folder names to skip during scan (pipe-separated)"
+    )
+
+    @property
+    def folder_ignore_patterns(self) -> list[str]:
+        """Parse ignore patterns from comma-separated string into list.
+
+        Returns:
+            List of regex patterns to skip during folder scanning.
+        """
+        if not self.nfo_folder_ignore_patterns:
+            return []
+        return [
+            pattern.strip()
+            for pattern in self.nfo_folder_ignore_patterns.split("|")
+            if pattern.strip()
+        ]
+
+    def should_ignore_folder(self, folder_name: str) -> bool:
+        """Check if folder should be ignored based on ignore patterns.
+
+        Args:
+            folder_name: Name of folder to check.
+
+        Returns:
+            True if folder matches any ignore pattern, False otherwise.
+        """
+        for pattern in self.folder_ignore_patterns:
+            if re.search(pattern, folder_name, re.IGNORECASE):
+                return True
+        return False
+
+    @property
+    def allowed_origins(self) -> list[str]:
+        """Return the list of allowed CORS origins.
+
+        The environment variable should contain a comma-separated list.
+        When ``*`` is provided we fall back to a safe local development
+        default instead of allowing every origin in production.
+        """
+
+        raw = (self.cors_origins or "").strip()
+        if not raw:
+            return []
+        if raw == "*":
+            return [
+                "http://localhost:3000",
+                "http://localhost:8000",
+            ]
+        return [origin.strip() for origin in raw.split(",") if origin.strip()]
+
+    @property
+    def scan_key_overrides(self) -> dict[str, str]:
+        """Return scan key overrides from config.json.
+        
+        Maps folder names to provider keys for cases where auto-generated
+        keys from folder names are incorrect.
+        
+        Returns:
+            Dict mapping folder names to provider keys.
+        """
+        from src.server.services.config_service import ConfigService
+        try:
+            config_service = ConfigService()
+            config = config_service.load_config()
+            return config.scan_key_overrides or {}
+        except Exception:
+            return {}
+
+
+settings = Settings()

src/infrastructure/logging/__init__.py

@@ -0,0 +1,7 @@
+"""
+Logging infrastructure for the Aniworld application.
+"""
+from src.infrastructure.logging.logger import get_logger, setup_logging
+from src.infrastructure.logging.uvicorn_config import get_uvicorn_log_config
+
+__all__ = ["setup_logging", "get_logger", "get_uvicorn_log_config"]

src/infrastructure/logging/logger.py

@@ -0,0 +1,100 @@
+"""
+Logging configuration for the Aniworld application.
+
+This module provides a centralized logging setup with both console and file
+logging, following Python logging best practices.
+"""
+import logging
+import sys
+from pathlib import Path
+from typing import Optional
+
+from src.config.settings import settings
+
+
+def setup_logging(
+    log_file: Optional[str] = None,
+    log_level: Optional[str] = None,
+    log_dir: Optional[Path] = None
+) -> logging.Logger:
+    """
+    Configure application logging with console and file handlers.
+    
+    Args:
+        log_file: Name of the log file (default: "fastapi_app.log")
+        log_level: Logging level (default: from settings or "INFO")
+        log_dir: Directory for log files (default: "logs" in project root)
+    
+    Returns:
+        Configured logger instance
+    """
+    # Determine log level
+    level_name = log_level or settings.log_level or "INFO"
+    level = getattr(logging, level_name.upper(), logging.INFO)
+    
+    # Determine log directory and file
+    if log_dir is None:
+        # Default to logs directory in project root
+        log_dir = Path(__file__).parent.parent.parent.parent / "logs"
+    
+    log_dir.mkdir(parents=True, exist_ok=True)
+    
+    if log_file is None:
+        log_file = "fastapi_app.log"
+    
+    log_path = log_dir / log_file
+    
+    # Create formatters
+    detailed_formatter = logging.Formatter(
+        fmt="%(asctime)s - %(name)s - %(levelname)s - %(message)s",
+        datefmt="%Y-%m-%d %H:%M:%S"
+    )
+    
+    console_formatter = logging.Formatter(
+        fmt="%(levelname)s:     %(message)s"
+    )
+    
+    # Configure root logger
+    root_logger = logging.getLogger()
+    root_logger.setLevel(level)
+    
+    # Remove existing handlers to avoid duplicates
+    root_logger.handlers.clear()
+    
+    # Console handler (stdout)
+    console_handler = logging.StreamHandler(sys.stdout)
+    console_handler.setLevel(level)
+    console_handler.setFormatter(console_formatter)
+    root_logger.addHandler(console_handler)
+    
+    # File handler
+    file_handler = logging.FileHandler(log_path, mode='a', encoding='utf-8')
+    file_handler.setLevel(level)
+    file_handler.setFormatter(detailed_formatter)
+    root_logger.addHandler(file_handler)
+    
+    # Create application logger
+    logger = logging.getLogger("aniworld")
+    logger.setLevel(level)
+    
+    # Log startup information
+    logger.info("=" * 60)
+    logger.info("Logging configured successfully")
+    logger.info("Log level: %s", level_name.upper())
+    logger.info("Log file: %s", log_path)
+    logger.info("=" * 60)
+    
+    return logger
+
+
+def get_logger(name: str) -> logging.Logger:
+    """
+    Get a logger instance for a specific module.
+    
+    Args:
+        name: Name of the logger (typically __name__)
+    
+    Returns:
+        Logger instance
+    """
+    return logging.getLogger(name)

src/infrastructure/logging/uvicorn_config.py

@@ -0,0 +1,92 @@
+"""
+Uvicorn logging configuration for the Aniworld application.
+
+This configuration ensures that uvicorn logs are properly formatted and
+written to both console and file.
+"""
+from pathlib import Path
+
+# Get the logs directory
+LOGS_DIR = Path(__file__).parent.parent.parent.parent / "logs"
+LOGS_DIR.mkdir(parents=True, exist_ok=True)
+LOG_FILE = LOGS_DIR / "fastapi_app.log"
+
+LOGGING_CONFIG = {
+    "version": 1,
+    "disable_existing_loggers": False,
+    "formatters": {
+        "default": {
+            "()": "uvicorn.logging.DefaultFormatter",
+            "fmt": "%(levelprefix)s %(message)s",
+            "use_colors": None,
+        },
+        "access": {
+            "()": "uvicorn.logging.AccessFormatter",
+            "fmt": (
+                '%(levelprefix)s %(client_addr)s - '
+                '"%(request_line)s" %(status_code)s'
+            ),
+        },
+        "detailed": {
+            "format": "%(asctime)s - %(name)s - %(levelname)s - %(message)s",
+            "datefmt": "%Y-%m-%d %H:%M:%S",
+        },
+    },
+    "handlers": {
+        "console": {
+            "class": "logging.StreamHandler",
+            "level": "INFO",
+            "formatter": "default",
+            "stream": "ext://sys.stdout",
+        },
+        "file": {
+            "class": "logging.FileHandler",
+            "level": "INFO",
+            "formatter": "detailed",
+            "filename": str(LOG_FILE),
+            "mode": "a",
+            "encoding": "utf-8",
+        },
+    },
+    "loggers": {
+        "uvicorn": {
+            "handlers": ["console", "file"],
+            "level": "INFO",
+            "propagate": False,
+        },
+        "uvicorn.error": {
+            "handlers": ["console", "file"],
+            "level": "INFO",
+            "propagate": False,
+        },
+        "uvicorn.access": {
+            "handlers": ["console", "file"],
+            "level": "INFO",
+            "propagate": False,
+        },
+        "watchfiles.main": {
+            "handlers": ["console"],
+            "level": "WARNING",
+            "propagate": False,
+        },
+        "aniworld": {
+            "handlers": ["console", "file"],
+            "level": "INFO",
+            "propagate": False,
+        },
+    },
+    "root": {
+        "handlers": ["console", "file"],
+        "level": "INFO",
+    },
+}
+
+
+def get_uvicorn_log_config() -> dict:
+    """
+    Get the uvicorn logging configuration dictionary.
+    
+    Returns:
+        Dictionary containing logging configuration
+    """
+    return LOGGING_CONFIG

src/infrastructure/security/__init__.py

@@ -0,0 +1,20 @@
+"""Security utilities for the Aniworld application.
+
+This module provides security-related utilities including:
+- File integrity verification with checksums
+- Database integrity checks
+- Configuration encryption
+"""
+
+from .config_encryption import ConfigEncryption, get_config_encryption
+from .database_integrity import DatabaseIntegrityChecker, check_database_integrity
+from .file_integrity import FileIntegrityManager, get_integrity_manager
+
+__all__ = [
+    "FileIntegrityManager",
+    "get_integrity_manager",
+    "DatabaseIntegrityChecker",
+    "check_database_integrity",
+    "ConfigEncryption",
+    "get_config_encryption",
+]

src/infrastructure/security/config_encryption.py

@@ -0,0 +1,274 @@
+"""Configuration encryption utilities.
+
+This module provides encryption/decryption for sensitive configuration
+values such as passwords, API keys, and tokens.
+"""
+
+import base64
+import logging
+import os
+from pathlib import Path
+from typing import Any, Dict, Optional
+
+from cryptography.fernet import Fernet
+
+logger = logging.getLogger(__name__)
+
+
+class ConfigEncryption:
+    """Handles encryption/decryption of sensitive configuration values."""
+
+    def __init__(self, key_file: Optional[Path] = None):
+        """Initialize the configuration encryption.
+
+        Args:
+            key_file: Path to store encryption key.
+                Defaults to data/encryption.key
+        """
+        if key_file is None:
+            project_root = Path(__file__).parent.parent.parent.parent
+            key_file = project_root / "data" / "encryption.key"
+
+        self.key_file = Path(key_file)
+        self._cipher: Optional[Fernet] = None
+        self._ensure_key_exists()
+
+    def _ensure_key_exists(self) -> None:
+        """Ensure encryption key exists or create one."""
+        if not self.key_file.exists():
+            logger.info("Creating new encryption key at %s", self.key_file)
+            self._generate_new_key()
+        else:
+            logger.info("Using existing encryption key from %s", self.key_file)
+
+    def _generate_new_key(self) -> None:
+        """Generate and store a new encryption key."""
+        try:
+            self.key_file.parent.mkdir(parents=True, exist_ok=True)
+
+            # Generate a secure random key
+            key = Fernet.generate_key()
+
+            # Write key with restrictive permissions (owner read/write only)
+            self.key_file.write_bytes(key)
+            os.chmod(self.key_file, 0o600)
+
+            logger.info("Generated new encryption key")
+
+        except IOError as e:
+            logger.error("Failed to generate encryption key: %s", e)
+            raise
+
+    def _load_key(self) -> bytes:
+        """Load encryption key from file.
+
+        Returns:
+            Encryption key bytes
+
+        Raises:
+            FileNotFoundError: If key file doesn't exist
+        """
+        if not self.key_file.exists():
+            raise FileNotFoundError(
+                f"Encryption key not found: {self.key_file}"
+            )
+
+        try:
+            key = self.key_file.read_bytes()
+            return key
+        except IOError as e:
+            logger.error("Failed to load encryption key: %s", e)
+            raise
+
+    def _get_cipher(self) -> Fernet:
+        """Get or create Fernet cipher instance.
+
+        Returns:
+            Fernet cipher instance
+        """
+        if self._cipher is None:
+            key = self._load_key()
+            self._cipher = Fernet(key)
+        return self._cipher
+
+    def encrypt_value(self, value: str) -> str:
+        """Encrypt a configuration value.
+
+        Args:
+            value: Plain text value to encrypt
+
+        Returns:
+            Base64-encoded encrypted value
+
+        Raises:
+            ValueError: If value is empty
+        """
+        if not value:
+            raise ValueError("Cannot encrypt empty value")
+
+        try:
+            cipher = self._get_cipher()
+            encrypted_bytes = cipher.encrypt(value.encode('utf-8'))
+
+            # Return as base64 string for easy storage
+            encrypted_str = base64.b64encode(encrypted_bytes).decode('utf-8')
+
+            logger.debug("Encrypted configuration value")
+            return encrypted_str
+
+        except Exception as e:
+            logger.error("Failed to encrypt value: %s", e)
+            raise
+
+    def decrypt_value(self, encrypted_value: str) -> str:
+        """Decrypt a configuration value.
+
+        Args:
+            encrypted_value: Base64-encoded encrypted value
+
+        Returns:
+            Decrypted plain text value
+
+        Raises:
+            ValueError: If encrypted value is invalid
+        """
+        if not encrypted_value:
+            raise ValueError("Cannot decrypt empty value")
+
+        try:
+            cipher = self._get_cipher()
+
+            # Decode from base64
+            encrypted_bytes = base64.b64decode(encrypted_value.encode('utf-8'))
+
+            # Decrypt
+            decrypted_bytes = cipher.decrypt(encrypted_bytes)
+            decrypted_str = decrypted_bytes.decode('utf-8')
+
+            logger.debug("Decrypted configuration value")
+            return decrypted_str
+
+        except Exception as e:
+            logger.error("Failed to decrypt value: %s", e)
+            raise
+
+    def encrypt_config(self, config: Dict[str, Any]) -> Dict[str, Any]:
+        """Encrypt sensitive fields in configuration dictionary.
+
+        Args:
+            config: Configuration dictionary
+
+        Returns:
+            Dictionary with encrypted sensitive fields
+        """
+        # List of sensitive field names to encrypt
+        sensitive_fields = {
+            'password',
+            'passwd',
+            'secret',
+            'key',
+            'token',
+            'api_key',
+            'apikey',
+            'auth_token',
+            'jwt_secret',
+            'master_password',
+        }
+
+        encrypted_config = {}
+
+        for key, value in config.items():
+            key_lower = key.lower()
+
+            # Check if field name suggests sensitive data
+            is_sensitive = any(
+                field in key_lower for field in sensitive_fields
+            )
+
+            if is_sensitive and isinstance(value, str) and value:
+                try:
+                    encrypted_config[key] = {
+                        'encrypted': True,
+                        'value': self.encrypt_value(value)
+                    }
+                    logger.debug("Encrypted config field: %s", key)
+                except Exception as e:
+                    logger.warning("Failed to encrypt %s: %s", key, e)
+                    encrypted_config[key] = value
+            else:
+                encrypted_config[key] = value
+
+        return encrypted_config
+
+    def decrypt_config(self, config: Dict[str, Any]) -> Dict[str, Any]:
+        """Decrypt sensitive fields in configuration dictionary.
+
+        Args:
+            config: Configuration dictionary with encrypted fields
+
+        Returns:
+            Dictionary with decrypted values
+        """
+        decrypted_config = {}
+
+        for key, value in config.items():
+            # Check if this is an encrypted field
+            if (
+                isinstance(value, dict) and
+                value.get('encrypted') is True and
+                'value' in value
+            ):
+                try:
+                    decrypted_config[key] = self.decrypt_value(
+                        value['value']
+                    )
+                    logger.debug("Decrypted config field: %s", key)
+                except Exception as e:
+                    logger.error("Failed to decrypt %s: %s", key, e)
+                    decrypted_config[key] = None
+            else:
+                decrypted_config[key] = value
+
+        return decrypted_config
+
+    def rotate_key(self, new_key_file: Optional[Path] = None) -> None:
+        """Rotate encryption key.
+
+        **Warning**: This will invalidate all previously encrypted data.
+
+        Args:
+            new_key_file: Path for new key file (optional)
+        """
+        logger.warning(
+            "Rotating encryption key - all encrypted data will "
+            "need re-encryption"
+        )
+
+        # Backup old key if it exists
+        if self.key_file.exists():
+            backup_path = self.key_file.with_suffix('.key.bak')
+            self.key_file.rename(backup_path)
+            logger.info("Backed up old key to %s", backup_path)
+
+        # Generate new key
+        if new_key_file:
+            self.key_file = new_key_file
+
+        self._generate_new_key()
+        self._cipher = None  # Reset cipher to use new key
+
+
+# Global instance
+_config_encryption: Optional[ConfigEncryption] = None
+
+
+def get_config_encryption() -> ConfigEncryption:
+    """Get the global configuration encryption instance.
+
+    Returns:
+        ConfigEncryption instance
+    """
+    global _config_encryption
+    if _config_encryption is None:
+        _config_encryption = ConfigEncryption()
+    return _config_encryption

src/infrastructure/security/database_integrity.py

@@ -0,0 +1,299 @@
+"""Database integrity verification utilities.
+
+This module provides database integrity checks including:
+- Foreign key constraint validation
+- Orphaned record detection
+- Data consistency checks
+"""
+
+import logging
+from typing import Any, Dict, List, Optional
+
+from sqlalchemy import select, text
+from sqlalchemy.orm import Session
+
+from src.server.database.models import AnimeSeries, DownloadQueueItem, Episode
+
+logger = logging.getLogger(__name__)
+
+
+class DatabaseIntegrityChecker:
+    """Checks database integrity and consistency."""
+
+    def __init__(self, session: Optional[Session] = None):
+        """Initialize the database integrity checker.
+
+        Args:
+            session: SQLAlchemy session for database access
+        """
+        self.session = session
+        self.issues: List[str] = []
+
+    def check_all(self) -> Dict[str, Any]:
+        """Run all integrity checks.
+
+        Returns:
+            Dictionary with check results and issues found
+        """
+        if self.session is None:
+            raise ValueError("Session required for integrity checks")
+
+        self.issues = []
+        results = {
+            "orphaned_episodes": self._check_orphaned_episodes(),
+            "orphaned_queue_items": self._check_orphaned_queue_items(),
+            "invalid_references": self._check_invalid_references(),
+            "duplicate_keys": self._check_duplicate_keys(),
+            "data_consistency": self._check_data_consistency(),
+            "total_issues": len(self.issues),
+            "issues": self.issues,
+        }
+
+        return results
+
+    def _check_orphaned_episodes(self) -> int:
+        """Check for episodes without parent series.
+
+        Returns:
+            Number of orphaned episodes found
+        """
+        try:
+            # Find episodes with non-existent series_id
+            stmt = select(Episode).outerjoin(
+                AnimeSeries, Episode.series_id == AnimeSeries.id
+            ).where(AnimeSeries.id.is_(None))
+
+            orphaned = self.session.execute(stmt).scalars().all()
+
+            if orphaned:
+                count = len(orphaned)
+                msg = f"Found {count} orphaned episodes without parent series"
+                self.issues.append(msg)
+                logger.warning(msg)
+                return count
+
+            logger.info("No orphaned episodes found")
+            return 0
+
+        except Exception as e:
+            msg = f"Error checking orphaned episodes: {e}"
+            self.issues.append(msg)
+            logger.error(msg)
+            return -1
+
+    def _check_orphaned_queue_items(self) -> int:
+        """Check for queue items without parent series.
+
+        Returns:
+            Number of orphaned queue items found
+        """
+        try:
+            # Find queue items with non-existent series_id
+            stmt = select(DownloadQueueItem).outerjoin(
+                AnimeSeries,
+                DownloadQueueItem.series_id == AnimeSeries.id
+            ).where(AnimeSeries.id.is_(None))
+
+            orphaned = self.session.execute(stmt).scalars().all()
+
+            if orphaned:
+                count = len(orphaned)
+                msg = (
+                    f"Found {count} orphaned queue items "
+                    f"without parent series"
+                )
+                self.issues.append(msg)
+                logger.warning(msg)
+                return count
+
+            logger.info("No orphaned queue items found")
+            return 0
+
+        except Exception as e:
+            msg = f"Error checking orphaned queue items: {e}"
+            self.issues.append(msg)
+            logger.error(msg)
+            return -1
+
+    def _check_invalid_references(self) -> int:
+        """Check for invalid foreign key references.
+
+        Returns:
+            Number of invalid references found
+        """
+        issues_found = 0
+
+        try:
+            # Check Episode.series_id references
+            stmt = text("""
+                SELECT COUNT(*) as count
+                FROM episode e
+                LEFT JOIN anime_series s ON e.series_id = s.id
+                WHERE e.series_id IS NOT NULL AND s.id IS NULL
+            """)
+            result = self.session.execute(stmt).fetchone()
+            if result and result[0] > 0:
+                msg = f"Found {result[0]} episodes with invalid series_id"
+                self.issues.append(msg)
+                logger.warning(msg)
+                issues_found += result[0]
+
+            # Check DownloadQueueItem.series_id references
+            stmt = text("""
+                SELECT COUNT(*) as count
+                FROM download_queue_item d
+                LEFT JOIN anime_series s ON d.series_id = s.id
+                WHERE d.series_id IS NOT NULL AND s.id IS NULL
+            """)
+            result = self.session.execute(stmt).fetchone()
+            if result and result[0] > 0:
+                msg = (
+                    f"Found {result[0]} queue items with invalid series_id"
+                )
+                self.issues.append(msg)
+                logger.warning(msg)
+                issues_found += result[0]
+
+            if issues_found == 0:
+                logger.info("No invalid foreign key references found")
+
+            return issues_found
+
+        except Exception as e:
+            msg = f"Error checking invalid references: {e}"
+            self.issues.append(msg)
+            logger.error(msg)
+            return -1
+
+    def _check_duplicate_keys(self) -> int:
+        """Check for duplicate primary keys.
+
+        Returns:
+            Number of duplicate key issues found
+        """
+        issues_found = 0
+
+        try:
+            # Check for duplicate anime series keys
+            stmt = text("""
+                SELECT anime_key, COUNT(*) as count
+                FROM anime_series
+                GROUP BY anime_key
+                HAVING COUNT(*) > 1
+            """)
+            duplicates = self.session.execute(stmt).fetchall()
+
+            if duplicates:
+                for row in duplicates:
+                    msg = (
+                        f"Duplicate anime_key found: {row[0]} "
+                        f"({row[1]} times)"
+                    )
+                    self.issues.append(msg)
+                    logger.warning(msg)
+                    issues_found += 1
+
+            if issues_found == 0:
+                logger.info("No duplicate keys found")
+
+            return issues_found
+
+        except Exception as e:
+            msg = f"Error checking duplicate keys: {e}"
+            self.issues.append(msg)
+            logger.error(msg)
+            return -1
+
+    def _check_data_consistency(self) -> int:
+        """Check for data consistency issues.
+
+        Returns:
+            Number of consistency issues found
+        """
+        issues_found = 0
+
+        try:
+            # Check for invalid season/episode numbers
+            stmt = select(Episode).where(
+                (Episode.season < 0) | (Episode.episode_number < 0)
+            )
+            invalid_episodes = self.session.execute(stmt).scalars().all()
+
+            if invalid_episodes:
+                count = len(invalid_episodes)
+                msg = (
+                    f"Found {count} episodes with invalid "
+                    f"season/episode numbers"
+                )
+                self.issues.append(msg)
+                logger.warning(msg)
+                issues_found += count
+
+            if issues_found == 0:
+                logger.info("No data consistency issues found")
+
+            return issues_found
+
+        except Exception as e:
+            msg = f"Error checking data consistency: {e}"
+            self.issues.append(msg)
+            logger.error(msg)
+            return -1
+
+    def repair_orphaned_records(self) -> int:
+        """Remove orphaned records from database.
+
+        Returns:
+            Number of records removed
+        """
+        if self.session is None:
+            raise ValueError("Session required for repair operations")
+
+        removed = 0
+
+        try:
+            # Remove orphaned episodes
+            stmt = select(Episode).outerjoin(
+                AnimeSeries, Episode.series_id == AnimeSeries.id
+            ).where(AnimeSeries.id.is_(None))
+
+            orphaned_episodes = self.session.execute(stmt).scalars().all()
+
+            for episode in orphaned_episodes:
+                self.session.delete(episode)
+                removed += 1
+
+            # Remove orphaned queue items
+            stmt = select(DownloadQueueItem).outerjoin(
+                AnimeSeries,
+                DownloadQueueItem.series_id == AnimeSeries.id
+            ).where(AnimeSeries.id.is_(None))
+
+            orphaned_queue = self.session.execute(stmt).scalars().all()
+
+            for item in orphaned_queue:
+                self.session.delete(item)
+                removed += 1
+
+            self.session.commit()
+            logger.info("Removed %s orphaned records", removed)
+
+            return removed
+
+        except Exception as e:
+            self.session.rollback()
+            logger.error("Error removing orphaned records: %s", e)
+            raise
+
+
+def check_database_integrity(session: Session) -> Dict[str, Any]:
+    """Convenience function to check database integrity.
+
+    Args:
+        session: SQLAlchemy session
+
+    Returns:
+        Dictionary with check results
+    """
+    checker = DatabaseIntegrityChecker(session)
+    return checker.check_all()

src/infrastructure/security/file_integrity.py

@@ -0,0 +1,239 @@
+"""File integrity verification utilities.
+
+This module provides checksum calculation and verification for
+downloaded files. Supports SHA256 hashing for file integrity validation.
+"""
+
+import hashlib
+import json
+import logging
+from pathlib import Path
+from typing import Dict, Optional
+
+logger = logging.getLogger(__name__)
+
+
+class FileIntegrityManager:
+    """Manages file integrity checksums and verification."""
+
+    def __init__(self, checksum_file: Optional[Path] = None):
+        """Initialize the file integrity manager.
+
+        Args:
+            checksum_file: Path to store checksums.
+                Defaults to data/checksums.json
+        """
+        if checksum_file is None:
+            project_root = Path(__file__).parent.parent.parent.parent
+            checksum_file = project_root / "data" / "checksums.json"
+        
+        self.checksum_file = Path(checksum_file)
+        self.checksums: Dict[str, str] = {}
+        self._load_checksums()
+
+    def _load_checksums(self) -> None:
+        """Load checksums from file."""
+        if self.checksum_file.exists():
+            try:
+                with open(self.checksum_file, 'r', encoding='utf-8') as f:
+                    self.checksums = json.load(f)
+                count = len(self.checksums)
+                logger.info(
+                    "Loaded %d checksums from %s",
+                    count,
+                    self.checksum_file,
+                )
+            except (json.JSONDecodeError, IOError) as e:
+                logger.error("Failed to load checksums: %s", e)
+                self.checksums = {}
+        else:
+            logger.info("Checksum file does not exist: %s", self.checksum_file)
+            self.checksums = {}
+
+    def _save_checksums(self) -> None:
+        """Save checksums to file."""
+        try:
+            self.checksum_file.parent.mkdir(parents=True, exist_ok=True)
+            with open(self.checksum_file, 'w', encoding='utf-8') as f:
+                json.dump(self.checksums, f, indent=2)
+            count = len(self.checksums)
+            logger.debug(
+                "Saved %d checksums to %s",
+                count,
+                self.checksum_file,
+            )
+        except IOError as e:
+            logger.error("Failed to save checksums: %s", e)
+
+    def calculate_checksum(
+        self, file_path: Path, algorithm: str = "sha256"
+    ) -> str:
+        """Calculate checksum for a file.
+
+        Args:
+            file_path: Path to the file
+            algorithm: Hash algorithm to use (default: sha256)
+
+        Returns:
+            Hexadecimal checksum string
+
+        Raises:
+            FileNotFoundError: If file doesn't exist
+            ValueError: If algorithm is not supported
+        """
+        if not file_path.exists():
+            raise FileNotFoundError(f"File not found: {file_path}")
+
+        if algorithm not in hashlib.algorithms_available:
+            raise ValueError(f"Unsupported hash algorithm: {algorithm}")
+
+        hash_obj = hashlib.new(algorithm)
+        
+        try:
+            with open(file_path, 'rb') as f:
+                # Read file in chunks to handle large files
+                for chunk in iter(lambda: f.read(8192), b''):
+                    hash_obj.update(chunk)
+            
+            checksum = hash_obj.hexdigest()
+            filename = file_path.name
+            logger.debug(
+                "Calculated %s checksum for %s: %s",
+                algorithm,
+                filename,
+                checksum,
+            )
+            return checksum
+        
+        except IOError as e:
+            logger.error("Failed to read file %s: %s", file_path, e)
+            raise
+
+    def store_checksum(
+        self, file_path: Path, checksum: Optional[str] = None
+    ) -> str:
+        """Calculate and store checksum for a file.
+
+        Args:
+            file_path: Path to the file
+            checksum: Pre-calculated checksum (optional, will calculate
+                if not provided)
+
+        Returns:
+            The stored checksum
+
+        Raises:
+            FileNotFoundError: If file doesn't exist
+        """
+        if checksum is None:
+            checksum = self.calculate_checksum(file_path)
+        
+        # Use relative path as key for portability
+        key = str(file_path.resolve())
+        self.checksums[key] = checksum
+        self._save_checksums()
+        
+        logger.info("Stored checksum for %s", file_path.name)
+        return checksum
+
+    def verify_checksum(
+        self, file_path: Path, expected_checksum: Optional[str] = None
+    ) -> bool:
+        """Verify file integrity by comparing checksums.
+
+        Args:
+            file_path: Path to the file
+            expected_checksum: Expected checksum (optional, will look up
+                stored checksum)
+
+        Returns:
+            True if checksum matches, False otherwise
+
+        Raises:
+            FileNotFoundError: If file doesn't exist
+        """
+        if not file_path.exists():
+            raise FileNotFoundError(f"File not found: {file_path}")
+
+        # Get expected checksum from storage if not provided
+        if expected_checksum is None:
+            key = str(file_path.resolve())
+            expected_checksum = self.checksums.get(key)
+            
+            if expected_checksum is None:
+                filename = file_path.name
+                logger.warning(
+                    "No stored checksum found for %s", filename
+                )
+                return False
+
+        # Calculate current checksum
+        try:
+            current_checksum = self.calculate_checksum(file_path)
+            
+            if current_checksum == expected_checksum:
+                filename = file_path.name
+                logger.info("Checksum verification passed for %s", filename)
+                return True
+            else:
+                filename = file_path.name
+                logger.warning(
+                    "Checksum mismatch for %s: "
+                    "expected %s, got %s",
+                    filename,
+                    expected_checksum,
+                    current_checksum
+                )
+                return False
+        
+        except (IOError, OSError) as e:
+            logger.error("Failed to verify checksum for %s: %s", file_path, e)
+            return False
+
+    def remove_checksum(self, file_path: Path) -> bool:
+        """Remove checksum for a file.
+
+        Args:
+            file_path: Path to the file
+
+        Returns:
+            True if checksum was removed, False if not found
+        """
+        key = str(file_path.resolve())
+        
+        if key in self.checksums:
+            del self.checksums[key]
+            self._save_checksums()
+            logger.info("Removed checksum for %s", file_path.name)
+            return True
+        else:
+            logger.debug("No checksum found to remove for %s", file_path.name)
+            return False
+
+    def has_checksum(self, file_path: Path) -> bool:
+        """Check if a checksum exists for a file.
+
+        Args:
+            file_path: Path to the file
+
+        Returns:
+            True if checksum exists, False otherwise
+        """
+        key = str(file_path.resolve())
+        return key in self.checksums
+
+
+# Global instance
+_integrity_manager: Optional[FileIntegrityManager] = None
+
+
+def get_integrity_manager() -> FileIntegrityManager:
+    """Get the global file integrity manager instance.
+
+    Returns:
+        FileIntegrityManager instance
+    """
+    global _integrity_manager
+    if _integrity_manager is None:
+        _integrity_manager = FileIntegrityManager()
+    return _integrity_manager

src/server/SerieScanner.py

@@ -0,0 +1,870 @@
+"""
+SerieScanner - Scans directories for anime series and missing episodes.
+
+This module provides functionality to scan anime directories, identify
+missing episodes, and report progress through callback interfaces.
+
+Note:
+    This module is pure domain logic. Database operations are handled
+    by the service layer (AnimeService).
+"""
+from __future__ import annotations
+
+import asyncio
+import logging
+import os
+import re
+import traceback
+import uuid
+from typing import Callable, Iterable, Iterator, Optional
+
+from events import Events
+
+from src.config.settings import settings
+from src.server.database.models import AnimeSeries
+from src.server.exceptions.exceptions.Exceptions import MatchNotFoundError
+from src.server.providers.base_provider import Loader
+from src.server.database.connection import get_sync_session
+from src.server.database.service import AnimeSeriesService, EpisodeService
+
+logger = logging.getLogger(__name__)
+error_logger = logging.getLogger("error")
+no_key_found_logger = logging.getLogger("series.nokey")
+
+
+class SerieScanner:
+    """
+    Scans directories for anime series and identifies missing episodes.
+
+    Supports progress callbacks for real-time scanning updates.
+    
+    Note:
+        This class is pure domain logic. Database operations are handled
+        by the service layer (AnimeService). Scan results are stored
+        in keyDict and can be retrieved after scanning.
+    
+    Example:
+        # Synchronous context (CLI):
+        scanner = SerieScanner("/path/to/anime", loader)
+        scanner.scan()  # asyncio.run() used internally when no event loop
+
+        # Asynchronous context (server/scheduler):
+        # scan() detects running event loop and uses create_task()
+        # internally, so no special handling needed by caller.
+        # Results are in scanner.keyDict
+    """
+
+    def __init__(
+        self,
+        basePath: str,
+        loader: Loader,
+    ) -> None:
+        """
+        Initialize the SerieScanner.
+
+        Args:
+            basePath: Base directory containing anime series
+            loader: Loader instance for fetching series information
+
+        Raises:
+            ValueError: If basePath is invalid or doesn't exist
+        """
+        # Validate basePath to prevent directory traversal attacks
+        if not basePath or not basePath.strip():
+            raise ValueError("Base path cannot be empty")
+        
+        # Resolve to absolute path and validate it exists
+        abs_path = os.path.abspath(basePath)
+        if not os.path.exists(abs_path):
+            raise ValueError(f"Base path does not exist: {abs_path}")
+        if not os.path.isdir(abs_path):
+            raise ValueError(f"Base path is not a directory: {abs_path}")
+        
+        self.directory: str = abs_path
+        self.keyDict: dict[str, AnimeSeries] = {}
+        self.loader: Loader = loader
+        self._current_operation_id: Optional[str] = None
+        self.events = Events()
+        
+        self.events.on_progress = []
+        self.events.on_error = []
+        self.events.on_warning = []
+        self.events.on_completion = []
+
+        logger.info("Initialized SerieScanner with base path: %s", abs_path)
+    
+    def _safe_call_event(self, event_handler, data: dict) -> None:
+        """Safely call an event handler if it exists.
+        
+        Args:
+            event_handler: Event handler attribute (e.g., self.events.on_progress)
+            data: Data dictionary to pass to the event handler
+        """
+        if event_handler:
+            try:
+                # Event handlers are stored as lists, iterate over them
+                for handler in event_handler:
+                    handler(data)
+            except Exception as e:
+                logger.error("Error calling event handler: %s", e, exc_info=True)
+
+    def subscribe_on_progress(self, handler):
+        """
+        Subscribe a handler to an event.
+        Args:
+            handler: Callable to handle the event
+        """
+        if handler not in self.events.on_progress:
+            self.events.on_progress.append(handler)
+
+    def unsubscribe_on_progress(self, handler):
+        """
+        Unsubscribe a handler from an event.
+        Args:
+            handler: Callable to remove
+        """
+        if handler in self.events.on_progress:
+            self.events.on_progress.remove(handler)
+        
+    def _extract_year_from_folder_name(self, folder_name: str) -> int | None:
+        """Extract year from folder name if present.
+        
+        Looks for year in format "(YYYY)" at the end of folder name.
+        
+        Args:
+            folder_name: The folder name to check
+            
+        Returns:
+            int or None: Year if found, None otherwise
+            
+        Example:
+            >>> _extract_year_from_folder_name("Dororo (2025)")
+            2025
+            >>> _extract_year_from_folder_name("Dororo")
+            None
+        """
+        if not folder_name:
+            return None
+        
+        # Look for year in format (YYYY) - typically at end of name
+        match = re.search(r'\((\d{4})\)', folder_name)
+        if match:
+            try:
+                year = int(match.group(1))
+                # Validate year is reasonable (between 1900 and 2100)
+                if 1900 <= year <= 2100:
+                    logger.debug(
+                        "Extracted year from folder name: %s -> %d",
+                        folder_name,
+                        year
+                    )
+                    return year
+            except ValueError:
+                pass
+        
+        return None
+    
+    def subscribe_on_error(self, handler):
+        """
+        Subscribe a handler to an event.
+        Args:
+            handler: Callable to handle the event
+        """
+        if handler not in self.events.on_error:
+            self.events.on_error.append(handler)
+
+    def unsubscribe_on_error(self, handler):
+        """
+        Unsubscribe a handler from an event.
+        Args:
+            handler: Callable to remove
+        """
+        if handler in self.events.on_error:
+            self.events.on_error.remove(handler)
+
+    def subscribe_on_warning(self, handler):
+        """
+        Subscribe a handler to an event.
+        Args:
+            handler: Callable to handle the event
+        """
+        if handler not in self.events.on_warning:
+            self.events.on_warning.append(handler)
+
+    def unsubscribe_on_warning(self, handler):
+        """
+        Unsubscribe a handler from an event.
+        Args:
+            handler: Callable to remove
+        """
+        if handler in self.events.on_warning:
+            self.events.on_warning.remove(handler)
+
+    def subscribe_on_completion(self, handler):
+        """
+        Subscribe a handler to an event.
+        Args:
+            handler: Callable to handle the event
+        """
+        if handler not in self.events.on_completion:
+            self.events.on_completion.append(handler)
+
+    def unsubscribe_on_completion(self, handler):
+        """
+        Unsubscribe a handler from an event.
+        Args:
+            handler: Callable to remove
+        """
+        if handler in self.events.on_completion:
+            self.events.on_completion.remove(handler)
+        
+    def reinit(self) -> None:
+        """Reinitialize the series dictionary (keyed by anime.key)."""
+        self.keyDict: dict[str, AnimeSeries] = {}
+
+    async def _persist_serie_to_db(self, anime: AnimeSeries) -> None:
+        """Persist anime to database (create or update).
+
+        Args:
+            anime: AnimeSeries model to persist
+        """
+        try:
+            from src.server.database.connection import get_async_session_factory
+
+            db = get_async_session_factory()
+            try:
+                existing = await AnimeSeriesService.get_by_key(db, anime.key)
+                if existing:
+                    await AnimeSeriesService.update(
+                        db, existing.id,
+                        name=anime.name,
+                        folder=anime.folder,
+                        year=anime.year
+                    )
+                    await self._sync_episodes_to_db(db, existing.id, anime.episodeDict)
+                else:
+                    db_anime = await AnimeSeriesService.create(
+                        db=db,
+                        key=anime.key,
+                        name=anime.name,
+                        site=anime.site,
+                        folder=anime.folder,
+                        year=anime.year
+                    )
+                    for ep in anime.episodes:
+                        await EpisodeService.create(
+                            db=db,
+                            series_id=db_anime.id,
+                            season=ep.season,
+                            episode_number=ep.episode_number
+                        )
+                await db.commit()
+                logger.debug(
+                    "Persisted anime '%s' (key=%s) to database",
+                    anime.name, anime.key
+                )
+            except Exception as e:
+                await db.rollback()
+                logger.error(
+                    "Failed to persist anime '%s' to DB: %s",
+                    anime.key, e, exc_info=True
+                )
+                raise
+            finally:
+                await db.close()
+        except Exception as e:
+            logger.error(
+                "Could not persist anime '%s' to DB (DB unavailable?): %s",
+                anime.key, e
+            )
+
+    async def _sync_episodes_to_db(
+        self, db, series_id: int, episode_dict: dict[int, list[int]]
+    ) -> None:
+        """Sync episodes to database, preserving downloaded flags.
+
+        Adds missing episodes, removes episodes no longer missing,
+        and preserves is_downloaded=True episodes.
+
+        Args:
+            db: Async database session
+            series_id: Database ID of the series
+            episode_dict: Dict mapping season -> list of episode numbers
+        """
+        existing_episodes = await EpisodeService.get_by_series(db, series_id)
+        existing_map = {
+            (ep.season, ep.episode_number): ep for ep in existing_episodes
+        }
+        new_keys = set()
+        for season, eps in episode_dict.items():
+            for ep_num in eps:
+                new_keys.add((season, ep_num))
+        for (season, ep_num), ep in existing_map.items():
+            if (season, ep_num) not in new_keys:
+                if ep.is_downloaded:
+                    logger.debug(
+                        "Preserving downloaded episode S%02dE%02d for series_id=%d",
+                        season, ep_num, series_id
+                    )
+                else:
+                    await EpisodeService.delete_by_series(
+                        db, series_id, season, ep_num
+                    )
+        for season, eps in episode_dict.items():
+            for ep_num in eps:
+                if (season, ep_num) not in existing_map:
+                    await EpisodeService.create(
+                        db=db,
+                        series_id=series_id,
+                        season=season,
+                        episode_number=ep_num
+                    )
+
+    def get_total_to_scan(self) -> int:
+        """Get the total number of folders to scan.
+        
+        Returns:
+            Total count of folders with MP4 files
+        """
+        result = self.__find_mp4_files()
+        return sum(1 for _ in result)
+
+    def scan(self) -> None:
+        """
+        Scan directories for anime series and missing episodes.
+
+        Results are stored in self.keyDict and can be retrieved after
+        scanning. Data files are also saved to disk for persistence.
+
+        Raises:
+            Exception: If scan fails critically
+        """
+        # Generate unique operation ID
+        self._current_operation_id = str(uuid.uuid4())
+
+        logger.info("Starting scan for missing episodes")
+
+        # Notify scan starting
+        self._safe_call_event(
+            self.events.on_progress,
+            {
+                "operation_id": self._current_operation_id,
+                "phase": "STARTING",
+                "current": 0,
+                "total": 0,
+                "percentage": 0.0,
+                "message": "Initializing scan"
+            }
+        )
+
+        try:
+            # Get total items to process
+            total_to_scan = self.get_total_to_scan()
+            logger.info("Total folders to scan: %d", total_to_scan)
+
+            # The scanner enumerates folders with mp4 files, loads existing
+            # metadata, calculates the missing episodes via the provider, and
+            # persists the refreshed metadata while emitting progress events.
+            result = self.__find_mp4_files()
+            counter = 0
+
+            for folder, mp4_files in result:
+                try:
+                    counter += 1
+
+                    # Calculate progress
+                    if total_to_scan > 0:
+                        percentage = (counter / total_to_scan) * 100
+                    else:
+                        percentage = 0.0
+
+                    # Notify progress
+                    self._safe_call_event(
+                        self.events.on_progress,
+                        {
+                            "operation_id": self._current_operation_id,
+                            "phase": "IN_PROGRESS",
+                            "current": counter,
+                            "total": total_to_scan,
+                            "percentage": percentage,
+                            "message": f"Scanning: {folder}",
+                            "details": f"Found {len(mp4_files)} episodes"
+                        }
+                    )
+
+                    serie = self.__read_data_from_file(folder)
+                    if serie is None or not serie.key or not serie.key.strip():
+                        logger.warning(
+                            "No series found in DB for folder '%s', skipping",
+                            folder,
+                        )
+                        continue
+                    if (
+                        serie is not None
+                        and serie.key
+                        and serie.key.strip()
+                    ):
+                        # Delegate the provider to compare local files with
+                        # remote metadata, yielding missing episodes per
+                        # season. Results are saved back to disk so that both
+                        # CLI and API consumers see consistent state.
+                        missing_episodes, _site = (
+                            self.__get_missing_episodes_and_season(
+                                serie.key, mp4_files
+                            )
+                        )
+                        serie.episodeDict = missing_episodes
+                        serie.folder = folder
+
+                        # Persist to database (async)
+                        try:
+                            try:
+                                loop = asyncio.get_running_loop()
+                            except RuntimeError:
+                                # No running loop — safe to use asyncio.run()
+                                asyncio.run(self._persist_serie_to_db(serie))
+                            else:
+                                # Already in async context — schedule as task
+                                asyncio.create_task(self._persist_serie_to_db(serie))
+                        except Exception as e:
+                            logger.warning(
+                                "DB persistence failed for '%s', "
+                                "continuing without DB: %s",
+                                serie.key, e
+                            )
+
+                        # Store by key (primary identifier), not folder
+                        if serie.key in self.keyDict:
+                            existing = self.keyDict[serie.key]
+                            logger.warning(
+                                "Duplicate series found with key '%s': "
+                                "folder '%s' maps to same key as existing folder '%s'. "
+                                "Skipping duplicate folder.",
+                                serie.key,
+                                folder,
+                                existing.folder
+                            )
+                            self._safe_call_event(
+                                self.events.on_warning,
+                                {
+                                    "operation_id": self._current_operation_id,
+                                    "warning": "duplicate_key",
+                                    "message": f"Duplicate series skipped: '{folder}' maps to key '{serie.key}' already used by '{existing.folder}'",
+                                    "metadata": {
+                                        "key": serie.key,
+                                        "duplicate_folder": folder,
+                                        "existing_folder": existing.folder,
+                                    }
+                                }
+                            )
+                        else:
+                            self.keyDict[serie.key] = serie
+                            logger.debug(
+                                "Stored series with key '%s' (folder: '%s')",
+                                serie.key,
+                                folder
+                            )
+                            no_key_found_logger.info(
+                                "Saved Serie: '%s'", str(serie)
+                            )
+
+                except Exception as e:
+                    # Log error and notify via callback
+                    error_msg = (
+                        f"Folder: '{folder}' - "
+                        f"Unexpected error: {e}"
+                    )
+                    error_logger.error(
+                        "%s\n%s",
+                        error_msg,
+                        traceback.format_exc()
+                    )
+
+                    self._safe_call_event(
+                        self.events.on_error,
+                        {
+                            "operation_id": self._current_operation_id,
+                            "error": e,
+                            "message": error_msg,
+                            "recoverable": True,
+                            "metadata": {"folder": folder, "key": None}
+                        }
+                    )
+                    continue
+
+            # Notify scan completion
+            self._safe_call_event(
+                self.events.on_completion,
+                {
+                    "operation_id": self._current_operation_id,
+                    "success": True,
+                    "message": f"Scan completed. Processed {counter} folders.",
+                    "statistics": {
+                        "total_folders": counter,
+                        "series_found": len(self.keyDict)
+                    }
+                }
+            )
+
+            logger.info(
+                "Scan completed. Processed %d folders, found %d series",
+                counter,
+                len(self.keyDict)
+            )
+
+        except Exception as e:
+            # Critical error - notify and re-raise
+            error_msg = f"Critical scan error: {e}"
+            logger.error("%s\n%s", error_msg, traceback.format_exc())
+
+            self._safe_call_event(
+                self.events.on_error,
+                {
+                    "operation_id": self._current_operation_id,
+                    "error": e,
+                    "message": error_msg,
+                    "recoverable": False
+                }
+            )
+
+            self._safe_call_event(
+                self.events.on_completion,
+                {
+                    "operation_id": self._current_operation_id,
+                    "success": False,
+                    "message": error_msg
+                }
+            )
+
+            raise
+
+    def __find_mp4_files(self) -> Iterator[tuple[str, list[str]]]:
+        """Find all .mp4 files in the directory structure."""
+        logger.info("Scanning for .mp4 files")
+        for anime_name in os.listdir(self.directory):
+            anime_path = os.path.join(self.directory, anime_name)
+            if os.path.isdir(anime_path):
+                if settings.should_ignore_folder(anime_name):
+                    logger.debug("Skipping ignored folder: %s", anime_name)
+                    continue
+                mp4_files: list[str] = []
+                has_files = False
+                for root, _, files in os.walk(anime_path):
+                    for file in files:
+                        if file.endswith(".mp4"):
+                            mp4_files.append(os.path.join(root, file))
+                            has_files = True
+                yield anime_name, mp4_files if has_files else []
+
+    def __read_data_from_file(self, folder_name: str) -> Optional[AnimeSeries]:
+        """Load or discover an AnimeSeries for the given folder.
+
+        Strategy:
+        1. Query DB by folder name
+        2. If not found in DB, return None (no file fallback)
+
+        Args:
+            folder_name: Filesystem folder name
+
+        Returns:
+            AnimeSeries object if found in DB, None otherwise
+        """
+        # Step 1: Try DB lookup by folder name
+        try:
+            session = get_sync_session()
+            try:
+                anime_series = AnimeSeriesService.get_by_folder_sync(session, folder_name)
+                return anime_series
+            finally:
+                session.close()
+        except Exception as exc:
+            logger.warning(
+                "DB lookup failed for folder '%s': %s",
+                folder_name,
+                exc
+            )
+
+        return None
+
+    def __get_episode_and_season(self, filename: str) -> tuple[int, int]:
+        """Extract season and episode numbers from filename.
+        
+        Args:
+            filename: Filename to parse
+            
+        Returns:
+            Tuple of (season, episode) as integers
+            
+        Raises:
+            MatchNotFoundError: If pattern not found
+        """
+        pattern = r'S(\d+)E(\d+)'
+        match = re.search(pattern, filename)
+        if match:
+            season = match.group(1)
+            episode = match.group(2)
+            logger.debug(
+                "Extracted season %s, episode %s from '%s'",
+                season,
+                episode,
+                filename
+            )
+            return int(season), int(episode)
+        else:
+            logger.error(
+                "Failed to find season/episode pattern in '%s'",
+                filename
+            )
+            raise MatchNotFoundError(
+                "Season and episode pattern not found in the filename."
+            )
+
+    def __get_episodes_and_seasons(
+        self,
+        mp4_files: Iterable[str]
+    ) -> dict[int, list[int]]:
+        """Get episodes grouped by season from mp4 files.
+        
+        Args:
+            mp4_files: List of MP4 filenames
+            
+        Returns:
+            Dictionary mapping season to list of episode numbers
+        """
+        episodes_dict: dict[int, list[int]] = {}
+
+        for file in mp4_files:
+            season, episode = self.__get_episode_and_season(file)
+
+            if season in episodes_dict:
+                episodes_dict[season].append(episode)
+            else:
+                episodes_dict[season] = [episode]
+        return episodes_dict
+
+    def __get_missing_episodes_and_season(
+        self,
+        key: str,
+        mp4_files: Iterable[str]
+    ) -> tuple[dict[int, list[int]], str]:
+        """Get missing episodes for a serie.
+        
+        Args:
+            key: Series key
+            mp4_files: List of MP4 filenames
+            
+        Returns:
+            Tuple of (episodes_dict, site_name)
+        """
+        # key season , value count of episodes
+        expected_dict = self.loader.get_season_episode_count(key)
+        filedict = self.__get_episodes_and_seasons(mp4_files)
+        episodes_dict: dict[int, list[int]] = {}
+        for season, expected_count in expected_dict.items():
+            existing_episodes = filedict.get(season, [])
+            missing_episodes = [
+                ep for ep in range(1, expected_count + 1)
+                if ep not in existing_episodes
+                and self.loader.is_language(season, ep, key)
+            ]
+
+            if missing_episodes:
+                episodes_dict[season] = missing_episodes
+
+        return episodes_dict, "aniworld.to"
+
+    def scan_single_series(
+        self,
+        key: str,
+        folder: str,
+    ) -> dict[int, list[int]]:
+        """
+        Scan a single series for missing episodes.
+        
+        This method performs a targeted scan for only the specified series,
+        without triggering a full library rescan. It fetches available
+        episodes from the provider and compares with local files.
+        
+        Args:
+            key: The unique provider key for the series
+            folder: The filesystem folder name where the series is stored
+            
+        Returns:
+            dict[int, list[int]]: Dictionary mapping season numbers to lists
+                of missing episode numbers. Empty dict if no missing episodes.
+                
+        Raises:
+            ValueError: If key or folder is empty
+            
+        Example:
+            >>> scanner = SerieScanner("/path/to/anime", loader)
+            >>> missing = scanner.scan_single_series(
+            ...     "attack-on-titan",
+            ...     "Attack on Titan"
+            ... )
+            >>> print(missing)
+            {1: [5, 6, 7], 2: [1, 2]}
+        """
+        if not key or not key.strip():
+            raise ValueError("Series key cannot be empty")
+        if not folder or not folder.strip():
+            raise ValueError("Series folder cannot be empty")
+        
+        logger.info(
+            "Starting targeted scan for series: %s (folder: %s)",
+            key,
+            folder
+        )
+        
+        # Generate unique operation ID for this targeted scan
+        operation_id = str(uuid.uuid4())
+        # Notify scan starting
+        self._safe_call_event(
+            self.events.on_progress,
+            {
+                "operation_id": operation_id,
+                "phase": "STARTING",
+                "current": 0,
+                "total": 1,
+                "percentage": 0.0,
+                "message": f"Scanning series: {folder}",
+                "details": f"Key: {key}"
+            }
+        )
+        
+        try:
+            # Get the folder path
+            folder_path = os.path.join(self.directory, folder)
+            
+            # Check if folder exists
+            if not os.path.isdir(folder_path):
+                logger.info(
+                    "Series folder does not exist yet: %s - "
+                    "will scan for available episodes from provider",
+                    folder_path
+                )
+                mp4_files: list[str] = []
+            else:
+                # Find existing MP4 files in the folder
+                mp4_files = []
+                for root, _, files in os.walk(folder_path):
+                    for file in files:
+                        if file.endswith(".mp4"):
+                            mp4_files.append(os.path.join(root, file))
+                
+                logger.debug(
+                    "Found %d existing MP4 files in folder %s",
+                    len(mp4_files),
+                    folder
+                )
+            
+            # Get missing episodes from provider
+            missing_episodes, site = self.__get_missing_episodes_and_season(
+                key, mp4_files
+            )
+            
+            # Update progress
+            self._safe_call_event(
+                self.events.on_progress,
+                {
+                    "operation_id": operation_id,
+                    "phase": "IN_PROGRESS",
+                    "current": 1,
+                    "total": 1,
+                    "percentage": 100.0,
+                    "message": f"Scanned: {folder}",
+                    "details": f"Found {sum(len(eps) for eps in missing_episodes.values())} missing episodes"
+                }
+            )
+            
+            # Create or update AnimeSeries in keyDict
+            if key in self.keyDict:
+                # Update existing anime - rebuild episodeDict from episodes
+                existing = self.keyDict[key]
+                existing_ep_dict = existing.episodeDict
+                # Merge missing episodes
+                for season, eps in missing_episodes.items():
+                    if season not in existing_ep_dict:
+                        existing_ep_dict[season] = []
+                    existing_ep_dict[season].extend(eps)
+                logger.debug(
+                    "Updated existing series %s with %d missing episodes",
+                    key,
+                    sum(len(eps) for eps in missing_episodes.values())
+                )
+            else:
+                # Extract year from folder name if present, otherwise leave as None
+                year = self._extract_year_from_folder_name(folder)
+
+                # Create new AnimeSeries entry (minimal, fields populated later)
+                from src.server.database.models import AnimeSeries
+                anime_series = AnimeSeries(
+                    key=key,
+                    name=folder,  # Use folder as fallback name since we don't have actual name
+                    site=site,
+                    folder=folder,
+                    year=year
+                )
+                # Set episodeDict cache directly since AnimeSeries doesn't persist missing episodes
+                # (they get synced to DB via _persist_serie_to_db later)
+                anime_series._episode_dict_cache = missing_episodes.copy()
+                self.keyDict[key] = anime_series
+                logger.debug(
+                    "Created new series entry for %s with %d missing episodes (year=%s)",
+                    key,
+                    sum(len(eps) for eps in missing_episodes.values()),
+                    year
+                )
+            
+            # Notify completion
+            self._safe_call_event(
+                self.events.on_completion,
+                {
+                    "operation_id": operation_id,
+                    "success": True,
+                    "message": f"Scan completed for {folder}",
+                    "statistics": {
+                        "missing_episodes": sum(
+                            len(eps) for eps in missing_episodes.values()
+                        ),
+                        "seasons_with_missing": len(missing_episodes)
+                    }
+                }
+            )
+            
+            logger.info(
+                "Targeted scan completed for %s: %d missing episodes across %d seasons",
+                key,
+                sum(len(eps) for eps in missing_episodes.values()),
+                len(missing_episodes)
+            )
+            
+            return missing_episodes
+            
+        except Exception as e:
+            error_msg = f"Failed to scan series {key}: {e}"
+            logger.error(error_msg, exc_info=True)
+            
+            # Notify error
+            self._safe_call_event(
+                self.events.on_error,
+                {
+                    "operation_id": operation_id,
+                    "error": e,
+                    "message": error_msg,
+                    "recoverable": True,
+                    "metadata": {"key": key, "folder": folder}
+                }
+            )
+            # Notify completion with failure
+            self._safe_call_event(
+                self.events.on_completion,
+                {
+                    "operation_id": operation_id,
+                    "success": False,
+                    "message": error_msg
+                }
+            )
+            # Return empty dict on error (scan failed but not critical)
+            return {}
+

src/server/SeriesApp.py

@@ -0,0 +1,817 @@
+"""
+SeriesApp - Core application logic for anime series management.
+
+This module provides the main application interface for searching,
+downloading, and managing anime series with support for async callbacks,
+progress reporting, and error handling.
+
+Note:
+    This module is pure domain logic with no database dependencies.
+    Database operations are handled by the service layer (AnimeService).
+"""
+
+import asyncio
+import logging
+import os
+from concurrent.futures import ThreadPoolExecutor
+from typing import Any, Callable, Dict, List, Optional
+
+from events import Events
+
+from src.config.settings import settings
+from src.server.database.SerieList import SerieList
+from src.server.database.models import AnimeSeries
+from src.server.providers.provider_factory import Loaders
+from src.server.SerieScanner import SerieScanner
+
+logger = logging.getLogger(__name__)
+
+
+class DownloadStatusEventArgs:
+    """Event arguments for download status events."""
+
+    def __init__(
+        self,
+        serie_folder: str,
+        season: int,
+        episode: int,
+        status: str,
+        key: Optional[str] = None,
+        progress: float = 0.0,
+        message: Optional[str] = None,
+        error: Optional[Exception] = None,
+        eta: Optional[int] = None,
+        mbper_sec: Optional[float] = None,
+        item_id: Optional[str] = None,
+    ):
+        """
+        Initialize download status event arguments.
+
+        Args:
+            serie_folder: Serie folder name (metadata only, used for
+                file paths)
+            season: Season number
+            episode: Episode number
+            status: Status message (e.g., "started", "progress",
+                "completed", "failed")
+            key: Serie unique identifier (provider key, primary
+                identifier)
+            progress: Download progress (0.0 to 1.0)
+            message: Optional status message
+            error: Optional error if status is "failed"
+            eta: Estimated time remaining in seconds
+            mbper_sec: Download speed in MB/s
+            item_id: Optional download queue item ID for tracking
+        """
+        self.serie_folder = serie_folder
+        self.key = key
+        self.season = season
+        self.episode = episode
+        self.status = status
+        self.progress = progress
+        self.message = message
+        self.error = error
+        self.eta = eta
+        self.mbper_sec = mbper_sec
+        self.item_id = item_id
+
+
+class ScanStatusEventArgs:
+    """Event arguments for scan status events."""
+
+    def __init__(
+        self,
+        current: int,
+        total: int,
+        folder: str,
+        status: str,
+        key: Optional[str] = None,
+        progress: float = 0.0,
+        message: Optional[str] = None,
+        error: Optional[Exception] = None,
+    ):
+        """
+        Initialize scan status event arguments.
+
+        Args:
+            current: Current item being scanned
+            total: Total items to scan
+            folder: Current folder being scanned (metadata only)
+            status: Status message (e.g., "started", "progress",
+                "completed", "failed", "cancelled")
+            key: Serie unique identifier if applicable (provider key,
+                primary identifier)
+            progress: Scan progress (0.0 to 1.0)
+            message: Optional status message
+            error: Optional error if status is "failed"
+        """
+        self.current = current
+        self.total = total
+        self.folder = folder
+        self.key = key
+        self.status = status
+        self.progress = progress
+        self.message = message
+        self.error = error
+
+
+class SeriesApp:
+    """
+    Main application class for anime series management.
+
+    Provides functionality for:
+    - Searching anime series
+    - Downloading episodes
+    - Scanning directories for missing episodes
+    - Managing series lists
+
+    Supports async callbacks for progress reporting.
+    
+    Note:
+        This class is now pure domain logic with no database dependencies.
+        Database operations are handled by the service layer (AnimeService).
+
+    Events:
+        download_status: Raised when download status changes.
+            Handler signature: def handler(args: DownloadStatusEventArgs)
+        scan_status: Raised when scan status changes.
+            Handler signature: def handler(args: ScanStatusEventArgs)
+    """
+
+    def __init__(
+        self,
+        directory_to_search: str,
+    ):
+        """
+        Initialize SeriesApp.
+
+        Args:
+            directory_to_search: Base directory for anime series
+        """
+
+        self.directory_to_search = directory_to_search
+
+        # Initialize thread pool executor
+        self.executor = ThreadPoolExecutor(max_workers=3)
+
+        # Initialize events
+        self._events = Events()
+
+        self.loaders = Loaders()
+        self.loader = self.loaders.GetLoader(key="aniworld.to")
+        self.serie_scanner = SerieScanner(
+            directory_to_search,
+            self.loader,
+        )
+        # Series will be loaded from database by the service layer during application setup
+        self.list = SerieList(self.directory_to_search)
+        self.series_list: List[Any] = []
+        # Initialize empty list - series loaded later via load_series_from_list()
+        # No need to call _init_list_sync() anymore
+        
+        # NFO service removed - metadata handling moved to server layer
+        self.nfo_service = None
+        
+        logger.info(
+            "SeriesApp initialized for directory: %s",
+            directory_to_search,
+        )
+
+    @property
+    def download_status(self):
+        """
+        Event raised when download status changes.
+
+        Subscribe using:
+            app.download_status += handler
+        """
+        return self._events.download_status
+
+    @download_status.setter
+    def download_status(self, value):
+        """Set download_status event handler."""
+        self._events.download_status = value
+
+    @property
+    def scan_status(self):
+        """
+        Event raised when scan status changes.
+
+        Subscribe using:
+            app.scan_status += handler
+        """
+        return self._events.scan_status
+
+    @scan_status.setter
+    def scan_status(self, value):
+        """Set scan_status event handler."""
+        self._events.scan_status = value
+    
+    def load_series_from_list(self, series: list) -> None:
+        """
+        Load series into the in-memory list.
+        
+        This method is called by the service layer after loading
+        series from the database.
+        
+        Args:
+            series: List of Serie objects to load
+        """
+        self.list.keyDict.clear()
+        for serie in series:
+            self.list.keyDict[serie.key] = serie
+        self.series_list = self.list.GetMissingEpisode()
+        logger.debug(
+            "Loaded %d series with %d having missing episodes",
+            len(series),
+            len(self.series_list)
+        )
+
+    async def search(self, words: str) -> List[Dict[str, Any]]:
+        """
+        Search for anime series (async).
+
+        Args:
+            words: Search query
+
+        Returns:
+            List of search results
+
+        Raises:
+            RuntimeError: If search fails
+        """
+        logger.info("Searching for: %s", words)
+        loop = asyncio.get_running_loop()
+        results = await loop.run_in_executor(
+            self.executor,
+            self.loader.search,
+            words
+        )
+        logger.info("Found %d results", len(results))
+        return results
+      
+    async def download(
+        self,
+        serie_folder: str,
+        season: int,
+        episode: int,
+        key: str,
+        language: str = "German Dub",
+        item_id: Optional[str] = None,
+    ) -> bool:
+        """
+        Download an episode (async).
+
+        Args:
+            serie_folder: Serie folder name (metadata only, used for
+                file path construction)
+            season: Season number
+            episode: Episode number
+            key: Serie unique identifier (provider key, primary
+                identifier for lookups)
+            language: Language preference
+            item_id: Optional download queue item ID for progress
+                tracking
+
+        Returns:
+            True if download succeeded, False otherwise
+            
+        Note:
+            The 'key' parameter is the primary identifier for series
+            lookups. The 'serie_folder' parameter is only used for
+            filesystem operations.
+        """
+        
+        logger.info(
+            "Starting download: %s (key: %s) S%02dE%02d",
+            serie_folder,
+            key,
+            season,
+            episode
+        )
+
+        # Fire download started event
+        self._events.download_status(
+            DownloadStatusEventArgs(
+                serie_folder=serie_folder,
+                key=key,
+                season=season,
+                episode=episode,
+                status="started",
+                message="Download started",
+                item_id=item_id,
+            )
+        )
+
+        # Create series folder if it doesn't exist
+        folder_path = os.path.join(self.directory_to_search, serie_folder)
+        if not os.path.exists(folder_path):
+            try:
+                os.makedirs(folder_path, exist_ok=True)
+                logger.info(
+                    "Created series folder: %s (key: %s)",
+                    folder_path,
+                    key
+                )
+            except OSError as e:
+                logger.error(
+                    "Failed to create series folder %s: %s",
+                    folder_path,
+                    str(e)
+                )
+                # Fire download failed event
+                self._events.download_status(
+                    DownloadStatusEventArgs(
+                        serie_folder=serie_folder,
+                        key=key,
+                        season=season,
+                        episode=episode,
+                        status="failed",
+                        message=f"Failed to create folder: {str(e)}",
+                        item_id=item_id,
+                    )
+                )
+                return False
+
+        try:
+            def download_progress_handler(progress_info):
+                """Handle download progress events from loader."""
+                # Throttle progress logging to avoid spam
+                status = progress_info.get("status", "")
+                if status in ("downloading", "finished"):
+                    logger.debug(
+                        "download_progress_handler called with: %s", progress_info
+                    )
+
+                downloaded = progress_info.get('downloaded_bytes', 0)
+                total_bytes = (
+                    progress_info.get('total_bytes')
+                    or progress_info.get('total_bytes_estimate', 0)
+                )
+
+                speed = progress_info.get('speed', 0)  # bytes/sec
+                eta = progress_info.get('eta')  # seconds
+                mbper_sec = speed / (1024 * 1024) if speed else None
+
+                self._events.download_status(
+                    DownloadStatusEventArgs(
+                        serie_folder=serie_folder,
+                        key=key,
+                        season=season,
+                        episode=episode,
+                        status="progress",
+                        message="Download progress",
+                        progress=(
+                            (downloaded / total_bytes) * 100
+                            if total_bytes else 0
+                        ),
+                        eta=eta,
+                        mbper_sec=mbper_sec,
+                        item_id=item_id,
+                    )
+                )
+            
+            # Subscribe to loader's download progress events
+            self.loader.subscribe_download_progress(download_progress_handler)
+            
+            try:
+                # Perform download in thread to avoid blocking event loop
+                loop = asyncio.get_running_loop()
+                download_success = await loop.run_in_executor(
+                    self.executor,
+                    self.loader.download,
+                    self.directory_to_search,
+                    serie_folder,
+                    season,
+                    episode,
+                    key,
+                    language
+                )
+            finally:
+                # Always unsubscribe after download completes or fails
+                self.loader.unsubscribe_download_progress(
+                    download_progress_handler
+                )
+
+            if download_success:
+                logger.info(
+                    "Download completed: %s (key: %s) S%02dE%02d",
+                    serie_folder,
+                    key,
+                    season,
+                    episode
+                )
+
+                # Fire download completed event
+                self._events.download_status(
+                    DownloadStatusEventArgs(
+                        serie_folder=serie_folder,
+                        key=key,
+                        season=season,
+                        episode=episode,
+                        status="completed",
+                        progress=1.0,
+                        message="Download completed successfully",
+                        item_id=item_id,
+                    )
+                )
+            else:
+                logger.warning(
+                    "Download failed: %s (key: %s) S%02dE%02d",
+                    serie_folder,
+                    key,
+                    season,
+                    episode
+                )
+
+                # Fire download failed event
+                self._events.download_status(
+                    DownloadStatusEventArgs(
+                        serie_folder=serie_folder,
+                        key=key,
+                        season=season,
+                        episode=episode,
+                        status="failed",
+                        message="Download failed",
+                        item_id=item_id,
+                    )
+                )
+
+            return download_success
+
+        except InterruptedError:
+            # Download was cancelled - propagate the cancellation
+            logger.info(
+                "Download cancelled: %s (key: %s) S%02dE%02d",
+                serie_folder,
+                key,
+                season,
+                episode,
+            )
+            # Fire download cancelled event
+            self._events.download_status(
+                DownloadStatusEventArgs(
+                    serie_folder=serie_folder,
+                    key=key,
+                    season=season,
+                    episode=episode,
+                    status="cancelled",
+                    message="Download cancelled by user",
+                    item_id=item_id,
+                )
+            )
+            raise  # Re-raise to propagate cancellation
+
+        except Exception as e:  # pylint: disable=broad-except
+            logger.error(
+                "Download error: %s (key: %s) S%02dE%02d - %s",
+                serie_folder,
+                key,
+                season,
+                episode,
+                str(e),
+                exc_info=True,
+            )
+
+            # Fire download error event
+            self._events.download_status(
+                DownloadStatusEventArgs(
+                    serie_folder=serie_folder,
+                    key=key,
+                    season=season,
+                    episode=episode,
+                    status="failed",
+                    error=e,
+                    message=f"Download error: {str(e)}",
+                    item_id=item_id,
+                )
+            )
+
+            return False
+
+    async def rescan(self) -> list:
+        """
+        Rescan directory for missing episodes (async).
+        
+        This method performs a file-based scan and returns the results.
+        Database persistence is handled by the service layer (AnimeService).
+
+        Returns:
+            List of Serie objects found during scan with their
+            missing episodes.
+            
+        Note:
+            This method no longer saves to database directly. The returned
+            list should be persisted by the caller (AnimeService).
+        """
+        logger.info("Starting directory rescan")
+
+        total_to_scan = 0
+
+        try:
+            # Get total items to scan
+            logger.info("Getting total items to scan...")
+            loop = asyncio.get_running_loop()
+            total_to_scan = await loop.run_in_executor(
+                self.executor,
+                self.serie_scanner.get_total_to_scan
+            )
+            logger.info("Total folders to scan: %d", total_to_scan)
+
+            # Fire scan started event
+            logger.info(
+                "Firing scan_status 'started' event, handler=%s",
+                self._events.scan_status
+            )
+            self._events.scan_status(
+                ScanStatusEventArgs(
+                    current=0,
+                    total=total_to_scan,
+                    folder="",
+                    status="started",
+                    progress=0.0,
+                    message="Scan started",
+                )
+            )
+
+            # Reinitialize scanner
+            await loop.run_in_executor(
+                self.executor,
+                self.serie_scanner.reinit
+            )
+
+            def scan_progress_handler(progress_data):
+                """Handle scan progress events from scanner."""
+                # Fire scan progress event
+                message = progress_data.get('message', '')
+                folder = message.replace('Scanning: ', '')
+                self._events.scan_status(
+                    ScanStatusEventArgs(
+                        current=progress_data.get('current', 0),
+                        total=progress_data.get('total', total_to_scan),
+                        folder=folder,
+                        status="progress",
+                        progress=(
+                            progress_data.get('percentage', 0.0) / 100.0
+                        ),
+                        message=message,
+                    )
+                )
+
+            # Subscribe to scanner's progress events
+            self.serie_scanner.subscribe_on_progress(scan_progress_handler)
+            
+            try:
+                # Perform scan (file-based, returns results in scanner.keyDict)
+                await loop.run_in_executor(
+                    self.executor,
+                    self.serie_scanner.scan
+                )
+            finally:
+                # Always unsubscribe after scan completes or fails
+                self.serie_scanner.unsubscribe_on_progress(
+                    scan_progress_handler
+                )
+            
+            # Get scanned series from scanner
+            scanned_series = list(self.serie_scanner.keyDict.values())
+
+            # Update in-memory list with scan results
+            self.list.keyDict.clear()
+            for serie in scanned_series:
+                self.list.keyDict[serie.key] = serie
+            self.series_list = self.list.GetMissingEpisode()
+
+            logger.info("Directory rescan completed successfully")
+
+            # Fire scan completed event
+            logger.info(
+                "Firing scan_status 'completed' event, handler=%s",
+                self._events.scan_status
+            )
+            self._events.scan_status(
+                ScanStatusEventArgs(
+                    current=total_to_scan,
+                    total=total_to_scan,
+                    folder="",
+                    status="completed",
+                    progress=1.0,
+                    message=(
+                        f"Scan completed. Found {len(self.series_list)} "
+                        "series with missing episodes."
+                    ),
+                )
+            )
+
+            return scanned_series
+
+        except InterruptedError:
+            logger.warning("Scan cancelled by user")
+
+            # Fire scan cancelled event
+            self._events.scan_status(
+                ScanStatusEventArgs(
+                    current=0,
+                    total=total_to_scan,
+                    folder="",
+                    status="cancelled",
+                    message="Scan cancelled by user",
+                )
+            )
+            raise
+
+        except Exception as e:
+            logger.error("Scan error: %s", str(e), exc_info=True)
+
+            # Fire scan failed event
+            self._events.scan_status(
+                ScanStatusEventArgs(
+                    current=0,
+                    total=total_to_scan,
+                    folder="",
+                    status="failed",
+                    error=e,
+                    message=f"Scan error: {str(e)}",
+                )
+            )
+            raise
+
+    async def get_series_list(self) -> List[Any]:
+        """
+        Get the current series list (async).
+
+        Returns:
+            List of series with missing episodes
+        """
+        return self.series_list
+
+    async def refresh_series_list(self) -> None:
+        """
+        Reload the cached series list from the underlying data store.
+        
+        This is an async operation.
+        """
+        await self._init_list()
+    
+    def _get_serie_by_key(self, key: str) -> Optional[AnimeSeries]:
+        """
+        Get a series by its unique provider key.
+        
+        This is the primary method for series lookups within SeriesApp.
+        
+        Args:
+            key: The unique provider identifier (e.g.,
+                "attack-on-titan")
+            
+        Returns:
+            The AnimeSeries instance if found, None otherwise
+            
+        Note:
+            This method uses the SerieList.get_by_key() method which
+            looks up series by their unique key, not by folder name.
+        """
+        return self.list.get_by_key(key)
+
+    def get_all_series_from_data_files(self) -> List[AnimeSeries]:
+        """
+        Get all series from data files in the anime directory.
+
+        Scans the directory_to_search for all 'data' files and loads
+        the AnimeSeries metadata from each file. This method is synchronous
+        and can be wrapped with asyncio.to_thread if needed for async
+        contexts.
+
+        Returns:
+            List of AnimeSeries objects found in data files. Returns an empty
+            list if no data files are found or if the directory doesn't
+            exist.
+
+        Example:
+            series_app = SeriesApp("/path/to/anime")
+            all_series = series_app.get_all_series_from_data_files()
+            for anime in all_series:
+                print(f"Found: {anime.name} (key={anime.key})")
+        """
+        logger.info(
+            "Scanning for data files in directory: %s",
+            self.directory_to_search
+        )
+
+        all_series: List[AnimeSeries] = []
+
+        try:
+            if not os.path.isdir(self.directory_to_search):
+                logger.warning(
+                    "Directory does not exist: %s",
+                    self.directory_to_search
+                )
+                return []
+        except (OSError, ValueError) as e:
+            logger.error(
+                "Failed to scan directory for data files: %s",
+                str(e),
+                exc_info=True
+            )
+            return []
+
+        try:
+            for folder_name in os.listdir(self.directory_to_search):
+                folder_path = os.path.join(
+                    self.directory_to_search, folder_name
+                )
+                if not os.path.isdir(folder_path):
+                    continue
+
+                data_file = os.path.join(folder_path, "data")
+                if not os.path.isfile(data_file):
+                    continue
+
+                series_data = _load_data_file(data_file)
+                if series_data is None:
+                    continue
+
+                key = series_data.get("key")
+                if not key:
+                    logger.warning(
+                        "Data file missing key, skipping: %s",
+                        data_file
+                    )
+                    continue
+
+                anime = AnimeSeries(
+                    key=key,
+                    name=series_data.get("name") or folder_name,
+                    site=series_data.get("site", "https://aniworld.to"),
+                    folder=series_data.get("folder", folder_name),
+                    year=series_data.get("year"),
+                )
+
+                episode_dict = series_data.get("episodeDict", {})
+                if episode_dict:
+                    anime._episode_dict_cache = {
+                        int(season): episodes
+                        for season, episodes in episode_dict.items()
+                    }
+
+                all_series.append(anime)
+        except (OSError, ValueError) as e:
+            logger.error(
+                "Failed to scan directory for data files: %s",
+                str(e),
+                exc_info=True
+            )
+            return []
+
+        logger.info(
+            "Found %d series from data files in %s",
+            len(all_series),
+            self.directory_to_search
+        )
+
+        return all_series
+
+    def shutdown(self) -> None:
+        """
+        Shutdown the thread pool executor.
+        
+        Should be called when the SeriesApp instance is no longer needed
+        to properly clean up resources.
+        """
+        if hasattr(self, 'executor'):
+            self.executor.shutdown(wait=True)
+            logger.info("ThreadPoolExecutor shut down successfully")
+
+
+def _load_data_file(data_file_path: str) -> Optional[dict]:
+    """Load and parse a legacy 'data' file (JSON).
+
+    Args:
+        data_file_path: Path to the data file
+
+    Returns:
+        Parsed data dict or None if parsing fails
+    """
+    import json
+
+    try:
+        with open(data_file_path, "r", encoding="utf-8") as f:
+            data = json.load(f)
+
+        if not isinstance(data, dict):
+            logger.warning("Data file is not a dictionary: %s", data_file_path)
+            return None
+
+        return data
+
+    except json.JSONDecodeError as e:
+        logger.warning(
+            "Failed to parse legacy data file (JSON error): %s - %s",
+            data_file_path, str(e)
+        )
+        return None
+    except Exception as e:
+        logger.warning(
+            "Failed to read legacy data file: %s - %s",
+            data_file_path, str(e)
+        )
+        return None

src/server/api/__init__.py

@@ -0,0 +1 @@
+"""API router modules for the FastAPI server."""

src/server/api/auth.py

@@ -0,0 +1,314 @@
+"""Authentication API endpoints for Aniworld."""
+from typing import Optional
+
+import structlog
+from fastapi import APIRouter, Depends, HTTPException
+from fastapi import status as http_status
+from fastapi.security import HTTPAuthorizationCredentials, HTTPBearer
+
+from src.server.models.auth import (
+    AuthStatus,
+    LoginRequest,
+    LoginResponse,
+    RegisterRequest,
+    SetupRequest,
+)
+from src.server.models.config import AppConfig
+from src.server.services.auth_service import AuthError, LockedOutError, auth_service
+from src.server.services.config_service import get_config_service
+
+logger = structlog.get_logger(__name__)
+
+# NOTE: import dependencies (optional_auth, security) lazily inside handlers
+# to avoid importing heavyweight modules (e.g. sqlalchemy) at import time.
+
+router = APIRouter(prefix="/api/auth", tags=["auth"])
+
+# HTTPBearer for optional authentication
+optional_bearer = HTTPBearer(auto_error=False)
+
+
+@router.post("/setup", status_code=http_status.HTTP_201_CREATED)
+async def setup_auth(req: SetupRequest):
+    """Initial setup endpoint to configure the master password.
+    
+    This endpoint also initializes the configuration with all provided values
+    and saves them to config.json. It triggers background initialization
+    and redirects to a loading page that shows real-time progress.
+    """
+    if auth_service.is_configured():
+        raise HTTPException(
+            status_code=http_status.HTTP_400_BAD_REQUEST,
+            detail="Master password already configured",
+        )
+
+    try:
+        # Set up master password (this validates and hashes it)
+        password_hash = auth_service.setup_master_password(
+            req.master_password
+        )
+        
+        # Initialize or update config with all provided values
+        config_service = get_config_service()
+        try:
+            config = config_service.load_config()
+        except Exception:
+            # If config doesn't exist, create default
+            from src.server.models.config import (
+                BackupConfig,
+                LoggingConfig,
+                NFOConfig,
+                SchedulerConfig,
+            )
+            config = AppConfig()
+        
+        # Update basic settings
+        if req.name:
+            config.name = req.name
+        if req.data_dir:
+            config.data_dir = req.data_dir
+        
+        # Update scheduler configuration
+        if req.scheduler_enabled is not None:
+            config.scheduler.enabled = req.scheduler_enabled
+        if req.scheduler_interval_minutes is not None:
+            config.scheduler.interval_minutes = req.scheduler_interval_minutes
+        if req.scheduler_schedule_time is not None:
+            config.scheduler.schedule_time = req.scheduler_schedule_time
+        if req.scheduler_schedule_days is not None:
+            config.scheduler.schedule_days = req.scheduler_schedule_days
+        if req.scheduler_auto_download_after_rescan is not None:
+            config.scheduler.auto_download_after_rescan = req.scheduler_auto_download_after_rescan
+        
+        # Update logging configuration
+        if req.logging_level:
+            config.logging.level = req.logging_level.upper()
+        if req.logging_file is not None:
+            config.logging.file = req.logging_file
+        if req.logging_max_bytes is not None:
+            config.logging.max_bytes = req.logging_max_bytes
+        if req.logging_backup_count is not None:
+            config.logging.backup_count = req.logging_backup_count
+        
+        # Update backup configuration
+        if req.backup_enabled is not None:
+            config.backup.enabled = req.backup_enabled
+        if req.backup_path:
+            config.backup.path = req.backup_path
+        if req.backup_keep_days is not None:
+            config.backup.keep_days = req.backup_keep_days
+        
+        # Update NFO configuration
+        if req.nfo_tmdb_api_key is not None:
+            config.nfo.tmdb_api_key = req.nfo_tmdb_api_key
+        if req.nfo_auto_create is not None:
+            config.nfo.auto_create = req.nfo_auto_create
+        if req.nfo_update_on_scan is not None:
+            config.nfo.update_on_scan = req.nfo_update_on_scan
+        if req.nfo_download_poster is not None:
+            config.nfo.download_poster = req.nfo_download_poster
+        if req.nfo_download_logo is not None:
+            config.nfo.download_logo = req.nfo_download_logo
+        if req.nfo_download_fanart is not None:
+            config.nfo.download_fanart = req.nfo_download_fanart
+        if req.nfo_image_size:
+            config.nfo.image_size = req.nfo_image_size.lower()
+        
+        # Store master password hash in config's other field
+        config.other['master_password_hash'] = password_hash
+        
+        # Store anime directory in config's other field if provided
+        anime_directory = None
+        if req.anime_directory:
+            anime_directory = req.anime_directory.strip()
+            if anime_directory:
+                config.other['anime_directory'] = anime_directory
+        
+        # Save the config with all updates
+        config_service.save_config(config, create_backup=False)
+        
+        # Sync config.json values to settings object
+        # (mirroring the logic in fastapi_app.py lifespan)
+        from src.config.settings import settings
+        other_settings = dict(config.other) if config.other else {}
+        if other_settings.get("anime_directory"):
+            settings.anime_directory = str(other_settings["anime_directory"])
+        
+        if config.nfo:
+            if config.nfo.tmdb_api_key:
+                settings.tmdb_api_key = config.nfo.tmdb_api_key
+            settings.nfo_auto_create = config.nfo.auto_create
+            settings.nfo_update_on_scan = config.nfo.update_on_scan
+            settings.nfo_download_poster = config.nfo.download_poster
+            settings.nfo_download_logo = config.nfo.download_logo
+            settings.nfo_download_fanart = config.nfo.download_fanart
+            settings.nfo_image_size = config.nfo.image_size
+        
+        # Trigger initialization in background task
+        import asyncio
+
+        from src.server.services.initialization_service import perform_initial_setup
+        from src.server.services.progress_service import get_progress_service
+        
+        progress_service = get_progress_service()
+        
+        async def run_initialization():
+            """Run initialization steps with progress updates."""
+            try:
+                # Perform the initial series sync and mark as completed
+                await perform_initial_setup(progress_service)
+                
+                # Start scheduler if anime_directory is now set
+                try:
+                    from src.server.services.scheduler.scheduler_service import (
+                        get_scheduler_service,
+                    )
+
+                    scheduler_svc = get_scheduler_service()
+                    logger.info("Starting scheduler after initialization")
+                    await scheduler_svc.ensure_started()
+                    logger.info("Scheduler started successfully during setup")
+                except Exception as sched_exc:
+                    logger.warning(
+                        "Failed to start scheduler during setup: %s", sched_exc
+                    )
+                    # Continue — scheduler failure should not break initialization
+                
+                # Send completion event
+                await progress_service.start_progress(
+                    progress_id="initialization_complete",
+                    progress_type=ProgressType.SYSTEM,
+                    title="Initialization Complete",
+                    total=100,
+                    message="All initialization tasks completed successfully",
+                    metadata={"initialization_complete": True}
+                )
+                await progress_service.complete_progress(
+                    progress_id="initialization_complete",
+                    message="All initialization tasks completed successfully",
+                    metadata={"initialization_complete": True}
+                )
+            except Exception as e:
+                # Send error event
+                from src.server.services.progress_service import ProgressType
+                await progress_service.start_progress(
+                    progress_id="initialization_error",
+                    progress_type=ProgressType.ERROR,
+                    title="Initialization Failed",
+                    total=100,
+                    message=str(e),
+                    metadata={"initialization_complete": True, "error": str(e)}
+                )
+                await progress_service.fail_progress(
+                    progress_id="initialization_error",
+                    error_message=str(e),
+                    metadata={"initialization_complete": True, "error": str(e)}
+                )
+        
+        # Start initialization in background
+        asyncio.create_task(run_initialization())
+        
+        # Return redirect to loading page
+        return {"status": "ok", "redirect": "/loading"}
+        # Note: Media scan is skipped during setup as it requires
+        # background_loader service which is only available during
+        # application lifespan. It will run on first application startup.
+        
+        return {"status": "ok"}
+        
+    except ValueError as e:
+        raise HTTPException(status_code=400, detail=str(e)) from e
+
+
+@router.post("/login", response_model=LoginResponse)
+def login(req: LoginRequest):
+    """Validate master password and return JWT token."""
+    # Use a simple identifier for failed attempts; prefer IP in real app
+    identifier = "global"
+
+    try:
+        valid = auth_service.validate_master_password(
+            req.password, identifier=identifier
+        )
+    except LockedOutError as e:
+        raise HTTPException(
+            status_code=http_status.HTTP_429_TOO_MANY_REQUESTS,
+            detail=str(e),
+        ) from e
+    except AuthError as e:
+        # Return 401 for authentication errors (including not configured)
+        # This prevents information leakage about system configuration
+        raise HTTPException(
+            status_code=http_status.HTTP_401_UNAUTHORIZED,
+            detail="Invalid credentials"
+        ) from e
+
+    if not valid:
+        raise HTTPException(
+            status_code=http_status.HTTP_401_UNAUTHORIZED,
+            detail="Invalid credentials"
+        )
+
+    token = auth_service.create_access_token(
+        subject="master", remember=bool(req.remember)
+    )
+    return token
+
+
+@router.post("/logout")
+def logout_endpoint(
+    credentials: Optional[HTTPAuthorizationCredentials] = Depends(
+        optional_bearer
+    ),
+):
+    """Logout by revoking token (no-op for stateless JWT)."""
+    # If a plain credentials object was provided, extract token
+    token = getattr(credentials, "credentials", None)
+    # Placeholder; auth_service.revoke_token can be expanded to persist
+    # revocations
+    if token:
+        auth_service.revoke_token(token)
+    return {"status": "ok", "message": "Logged out successfully"}
+
+
+async def get_optional_auth(
+    credentials: Optional[HTTPAuthorizationCredentials] = Depends(
+        optional_bearer
+    ),
+) -> Optional[dict]:
+    """Get optional authentication from bearer token."""
+    if credentials is None:
+        return None
+
+    token = credentials.credentials
+    try:
+        # Validate and decode token using the auth service
+        session = auth_service.create_session_model(token)
+        return session.model_dump()
+    except AuthError:
+        return None
+
+
+@router.get("/status", response_model=AuthStatus)
+async def auth_status(auth: Optional[dict] = Depends(get_optional_auth)):
+    """Return whether master password is configured and authenticated."""
+    return AuthStatus(
+        configured=auth_service.is_configured(), authenticated=bool(auth)
+    )
+
+
+@router.post("/register", status_code=http_status.HTTP_201_CREATED)
+def register(req: RegisterRequest):
+    """Register a new user (for testing/validation purposes).
+    
+    Note: This is primarily for input validation testing.
+    The actual Aniworld app uses a single master password.
+    """
+    # This endpoint is primarily for input validation testing
+    # In a real multi-user system, you'd create the user here
+    return {
+        "status": "ok",
+        "message": "User registration successful",
+        "username": req.username,
+    }
+

src/server/api/config.py

@@ -0,0 +1,469 @@
+import logging
+from typing import Any, Dict, List, Optional
+
+from fastapi import APIRouter, Depends, HTTPException, status
+
+logger = logging.getLogger(__name__)
+
+from src.server.models.config import AppConfig, ConfigUpdate, ValidationResult
+from src.server.services.config_service import (
+    ConfigBackupError,
+    ConfigServiceError,
+    ConfigValidationError,
+    get_config_service,
+)
+from src.server.utils.dependencies import require_auth
+
+router = APIRouter(prefix="/api/config", tags=["config"])
+
+
+@router.get("", response_model=AppConfig)
+def get_config(auth: Optional[dict] = Depends(require_auth)) -> AppConfig:
+    """Return current application configuration."""
+    try:
+        config_service = get_config_service()
+        return config_service.load_config()
+    except ConfigServiceError as e:
+        raise HTTPException(
+            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
+            detail=f"Failed to load config: {e}"
+        ) from e
+
+
+@router.put("", response_model=AppConfig)
+async def update_config(
+    update: ConfigUpdate, auth: dict = Depends(require_auth)
+) -> AppConfig:
+    """Apply an update to the configuration and persist it.
+
+    Creates automatic backup before applying changes. If anime_directory
+    is configured, starts the scheduler service.
+    """
+    try:
+        config_service = get_config_service()
+        updated_config = config_service.update_config(update)
+
+        # Sync anime_directory to settings if it was updated
+        from src.config.settings import settings as app_settings
+
+        anime_dir_changed = False
+        if update.other and update.other.get("anime_directory"):
+            anime_dir = update.other.get("anime_directory")
+            if anime_dir and not app_settings.anime_directory:
+                app_settings.anime_directory = str(anime_dir)
+                anime_dir_changed = True
+                logger.info("Synced anime_directory from config: %s", anime_dir)
+
+        # Start scheduler if anime_directory was just configured
+        if anime_dir_changed:
+            try:
+                from src.server.services.scheduler.scheduler_service import (
+                    get_scheduler_service,
+                )
+
+                scheduler_svc = get_scheduler_service()
+                logger.info(
+                    "Starting scheduler after anime_directory configuration"
+                )
+                await scheduler_svc.ensure_started()
+                logger.info(
+                    "Scheduler started successfully after config update"
+                )
+            except Exception as sched_exc:
+                logger.warning(
+                    "Failed to start scheduler after config update: %s",
+                    sched_exc,
+                )
+                # Config was already saved, don't fail the request
+
+        return updated_config
+
+    except ConfigValidationError as e:
+        raise HTTPException(
+            status_code=status.HTTP_400_BAD_REQUEST,
+            detail=f"Invalid configuration: {e}"
+        ) from e
+    except ConfigServiceError as e:
+        raise HTTPException(
+            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
+            detail=f"Failed to update config: {e}"
+        ) from e
+
+
+@router.post("/validate", response_model=ValidationResult)
+def validate_config(
+    cfg: AppConfig, auth: dict = Depends(require_auth)  # noqa: ARG001
+) -> ValidationResult:
+    """Validate a provided AppConfig without applying it.
+
+    Returns ValidationResult with any validation errors.
+    """
+    try:
+        config_service = get_config_service()
+        return config_service.validate_config(cfg)
+    except Exception as e:
+        raise HTTPException(
+            status_code=status.HTTP_400_BAD_REQUEST,
+            detail=str(e)
+        ) from e
+
+
+@router.get("/backups", response_model=List[Dict[str, object]])
+def list_backups(
+    auth: dict = Depends(require_auth)
+) -> List[Dict[str, object]]:
+    """List all available configuration backups.
+
+    Returns list of backup metadata including name, size, and created time.
+    """
+    try:
+        config_service = get_config_service()
+        return config_service.list_backups()
+    except ConfigServiceError as e:
+        raise HTTPException(
+            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
+            detail=f"Failed to list backups: {e}"
+        ) from e
+
+
+@router.post("/backups", response_model=Dict[str, str])
+def create_backup(
+    name: Optional[str] = None, auth: dict = Depends(require_auth)
+) -> Dict[str, str]:
+    """Create a backup of the current configuration.
+
+    Args:
+        name: Optional custom backup name (timestamp used if not provided)
+
+    Returns:
+        Dictionary with backup name and message
+    """
+    try:
+        config_service = get_config_service()
+        backup_path = config_service.create_backup(name)
+        return {
+            "name": backup_path.name,
+            "message": "Backup created successfully"
+        }
+    except ConfigBackupError as e:
+        raise HTTPException(
+            status_code=status.HTTP_400_BAD_REQUEST,
+            detail=f"Failed to create backup: {e}"
+        ) from e
+
+
+@router.post("/backups/{backup_name}/restore", response_model=AppConfig)
+def restore_backup(
+    backup_name: str, auth: dict = Depends(require_auth)
+) -> AppConfig:
+    """Restore configuration from a backup.
+
+    Creates backup of current config before restoring.
+
+    Args:
+        backup_name: Name of backup file to restore
+
+    Returns:
+        Restored configuration
+    """
+    try:
+        config_service = get_config_service()
+        return config_service.restore_backup(backup_name)
+    except ConfigBackupError as e:
+        raise HTTPException(
+            status_code=status.HTTP_404_NOT_FOUND,
+            detail=f"Failed to restore backup: {e}"
+        ) from e
+
+
+@router.delete("/backups/{backup_name}")
+def delete_backup(
+    backup_name: str, auth: dict = Depends(require_auth)
+) -> Dict[str, str]:
+    """Delete a configuration backup.
+
+    Args:
+        backup_name: Name of backup file to delete
+
+    Returns:
+        Success message
+    """
+    try:
+        config_service = get_config_service()
+        config_service.delete_backup(backup_name)
+        return {"message": f"Backup '{backup_name}' deleted successfully"}
+    except ConfigBackupError as e:
+        raise HTTPException(
+            status_code=status.HTTP_404_NOT_FOUND,
+            detail=f"Failed to delete backup: {e}"
+        ) from e
+
+
+@router.get("/section/advanced", response_model=Dict[str, object])
+def get_advanced_config(
+    auth: Optional[dict] = Depends(require_auth)
+) -> Dict[str, object]:
+    """Get advanced configuration section.
+
+    Returns:
+        Dictionary with advanced configuration settings
+    """
+    try:
+        config_service = get_config_service()
+        app_config = config_service.load_config()
+        return app_config.other.get("advanced", {})
+    except ConfigServiceError as e:
+        raise HTTPException(
+            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
+            detail=f"Failed to load advanced config: {e}"
+        ) from e
+
+
+@router.post("/section/advanced", response_model=Dict[str, str])
+def update_advanced_config(
+    config: Dict[str, object], auth: dict = Depends(require_auth)
+) -> Dict[str, str]:
+    """Update advanced configuration section.
+
+    Args:
+        config: Advanced configuration settings
+        auth: Authentication token (required)
+
+    Returns:
+        Success message
+    """
+    try:
+        config_service = get_config_service()
+        app_config = config_service.load_config()
+
+        # Update advanced section in other
+        if "advanced" not in app_config.other:
+            app_config.other["advanced"] = {}
+        app_config.other["advanced"].update(config)
+
+        config_service.save_config(app_config)
+        return {"message": "Advanced configuration updated successfully"}
+    except ConfigServiceError as e:
+        raise HTTPException(
+            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
+            detail=f"Failed to update advanced config: {e}"
+        ) from e
+
+
+@router.post("/directory", response_model=Dict[str, Any])
+async def update_directory(
+    directory_config: Dict[str, str], auth: dict = Depends(require_auth)
+) -> Dict[str, Any]:
+    """Update anime directory configuration.
+
+    Args:
+        directory_config: Dictionary with 'directory' key
+        auth: Authentication token (required)
+
+    Returns:
+        Success message
+    """
+    try:
+        directory = directory_config.get("directory")
+        if not directory:
+            raise HTTPException(
+                status_code=status.HTTP_400_BAD_REQUEST,
+                detail="Directory path is required"
+            )
+
+        config_service = get_config_service()
+        app_config = config_service.load_config()
+
+        # Store directory in other section
+        app_config.other["anime_directory"] = directory
+
+        config_service.save_config(app_config)
+        
+        # Sync series from data files to database
+        sync_count = 0
+        try:
+            import structlog
+
+            from src.server.services.anime_service import sync_legacy_series_to_db
+            logger = structlog.get_logger(__name__)
+            sync_count = await sync_legacy_series_to_db(directory, logger)
+            logger.info(
+                "Directory updated: synced series from data files",
+                directory=directory,
+                count=sync_count
+            )
+        except Exception as e:
+            # Log but don't fail the directory update if sync fails
+            import structlog
+            structlog.get_logger(__name__).warning(
+                "Failed to sync series after directory update",
+                error=str(e)
+            )
+        
+        response: Dict[str, Any] = {
+            "message": "Anime directory updated successfully",
+            "synced_series": sync_count
+        }
+        
+        return response
+    except ConfigServiceError as e:
+        raise HTTPException(
+            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
+            detail=f"Failed to update directory: {e}"
+        ) from e
+
+
+@router.post("/export")
+async def export_config(
+    export_options: Dict[str, bool], auth: dict = Depends(require_auth)
+):
+    """Export configuration to JSON file.
+
+    Args:
+        export_options: Options for export (include_sensitive, etc.)
+        auth: Authentication token (required)
+
+    Returns:
+        JSON file download response
+    """
+    try:
+        import json
+
+        from fastapi.responses import Response
+
+        config_service = get_config_service()
+        app_config = config_service.load_config()
+
+        # Convert to dict
+        config_dict = app_config.model_dump()
+
+        # Optionally remove sensitive data
+        if not export_options.get("include_sensitive", False):
+            # Remove sensitive fields if present
+            config_dict.pop("password_salt", None)
+            config_dict.pop("password_hash", None)
+
+        # Create filename with timestamp
+        from datetime import datetime
+        timestamp = datetime.now().strftime("%Y%m%d_%H%M%S")
+        filename = f"aniworld_config_{timestamp}.json"
+
+        # Return as downloadable JSON
+        content = json.dumps(config_dict, indent=2)
+        return Response(
+            content=content,
+            media_type="application/json",
+            headers={
+                "Content-Disposition": f'attachment; filename="{filename}"'
+            }
+        )
+    except Exception as e:
+        raise HTTPException(
+            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
+            detail=f"Failed to export config: {e}"
+        ) from e
+
+
+@router.post("/reset", response_model=Dict[str, str])
+def reset_config(
+    reset_options: Dict[str, bool], auth: dict = Depends(require_auth)
+) -> Dict[str, str]:
+    """Reset configuration to defaults.
+
+    Args:
+        reset_options: Options for reset (preserve_security, etc.)
+        auth: Authentication token (required)
+
+    Returns:
+        Success message
+    """
+    try:
+        config_service = get_config_service()
+
+        # Create backup before resetting
+        config_service.create_backup("pre_reset")
+
+        # Load default config
+        default_config = AppConfig()
+
+        # If preserve_security is True, keep authentication settings
+        if reset_options.get("preserve_security", True):
+            current_config = config_service.load_config()
+            # Preserve security-related fields from other
+            if "password_salt" in current_config.other:
+                default_config.other["password_salt"] = (
+                    current_config.other["password_salt"]
+                )
+            if "password_hash" in current_config.other:
+                default_config.other["password_hash"] = (
+                    current_config.other["password_hash"]
+                )
+
+        # Save default config
+        config_service.save_config(default_config)
+
+        return {
+            "message": "Configuration reset to defaults successfully"
+        }
+    except Exception as e:
+        raise HTTPException(
+            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
+            detail=f"Failed to reset config: {e}"
+        ) from e
+
+
+@router.post("/tmdb/validate", response_model=Dict[str, Any])
+async def validate_tmdb_key(
+    api_key_data: Dict[str, str], auth: dict = Depends(require_auth)
+) -> Dict[str, Any]:
+    """Validate TMDB API key by making a test request.
+
+    Args:
+        api_key_data: Dictionary with 'api_key' field
+        auth: Authentication token (required)
+
+    Returns:
+        Validation result with success status and message
+    """
+    import aiohttp
+    
+    api_key = api_key_data.get("api_key", "").strip()
+    
+    if not api_key:
+        return {
+            "valid": False,
+            "message": "API key is required"
+        }
+    
+    try:
+        # Test the API key with a simple configuration request
+        url = f"https://api.themoviedb.org/3/configuration?api_key={api_key}"
+        
+        timeout = aiohttp.ClientTimeout(total=10)
+        async with aiohttp.ClientSession() as session:
+            async with session.get(url, timeout=timeout) as response:
+                if response.status == 200:
+                    return {
+                        "valid": True,
+                        "message": "TMDB API key is valid"
+                    }
+                elif response.status == 401:
+                    return {
+                        "valid": False,
+                        "message": "Invalid API key"
+                    }
+                else:
+                    return {
+                        "valid": False,
+                        "message": f"TMDB API error: {response.status}"
+                    }
+    except aiohttp.ClientError as e:
+        return {
+            "valid": False,
+            "message": f"Connection error: {str(e)}"
+        }
+    except Exception as e:
+        return {
+            "valid": False,
+            "message": f"Validation error: {str(e)}"
+        }

src/server/api/download.py

@@ -0,0 +1,504 @@
+"""Download queue API endpoints for Aniworld web application.
+
+This module provides REST API endpoints for managing the anime download queue,
+including adding episodes, removing items, controlling queue processing, and
+retrieving queue status and statistics.
+"""
+from fastapi import APIRouter, Depends, Path, status
+from fastapi.responses import JSONResponse
+
+from src.server.exceptions import BadRequestError, NotFoundError, ServerError
+from src.server.models.download import (
+    DownloadRequest,
+    QueueOperationRequest,
+    QueueStatusResponse,
+)
+from src.server.services.download_service import DownloadService, DownloadServiceError
+from src.server.utils.dependencies import get_download_service, require_auth
+
+router = APIRouter(prefix="/api/queue", tags=["download"])
+
+
+@router.get("/status", response_model=QueueStatusResponse)
+async def get_queue_status(
+    _: dict = Depends(require_auth),
+    download_service: DownloadService = Depends(get_download_service),
+):
+    """Get current download queue status and statistics.
+
+    Returns comprehensive information about all queue items including:
+    - Active downloads with progress
+    - Pending items waiting to be processed
+    - Recently completed downloads
+    - Failed downloads
+
+    Requires authentication.
+
+    Returns:
+        QueueStatusResponse: Complete queue status and statistics
+
+    Raises:
+        HTTPException: 401 if not authenticated, 500 on service error
+    """
+    try:
+        queue_status = await download_service.get_queue_status()
+        queue_stats = await download_service.get_queue_stats()
+
+        # Build response matching QueueStatusResponse model
+        response = QueueStatusResponse(
+            status=queue_status,
+            statistics=queue_stats,
+        )
+        
+        return response
+
+    except Exception as e:
+        raise ServerError(
+            message=f"Failed to retrieve queue status: {str(e)}"
+        )
+
+
+@router.post("/add", status_code=status.HTTP_201_CREATED)
+async def add_to_queue(
+    request: DownloadRequest,
+    _: dict = Depends(require_auth),
+    download_service: DownloadService = Depends(get_download_service),
+):
+    """Add episodes to the download queue.
+
+    Adds one or more episodes to the download queue with specified priority.
+    Episodes are validated and queued for processing based on priority level:
+    - HIGH priority items are processed first
+    - NORMAL and LOW priority items follow FIFO order
+
+    Requires authentication.
+
+    Args:
+        request: Download request containing:
+            - serie_id: Series key (primary identifier, 'attack-on-titan')
+            - serie_folder: Filesystem folder name for storing downloads
+            - serie_name: Display name for the series
+            - episodes: List of episodes to download
+            - priority: Queue priority level
+
+    Returns:
+        DownloadResponse: Status and list of created download item IDs
+
+    Raises:
+        HTTPException: 401 if not authenticated, 400 for invalid request,
+                      500 on service error
+    """
+    try:
+        # Validate request
+        if not request.episodes:
+            raise BadRequestError(
+                message="At least one episode must be specified"
+            )
+
+        # Add to queue
+        added_ids = await download_service.add_to_queue(
+            serie_id=request.serie_id,
+            serie_folder=request.serie_folder,
+            serie_name=request.serie_name,
+            episodes=request.episodes,
+            priority=request.priority,
+        )
+
+        # Keep a backwards-compatible response shape and return it as a
+        # raw JSONResponse so FastAPI won't coerce it based on any
+        # response_model defined elsewhere.
+        payload = {
+            "status": "success",
+            "message": f"Added {len(added_ids)} episode(s) to download queue",
+            "added_items": added_ids,
+            "item_ids": added_ids,
+            "failed_items": [],
+        }
+
+        return JSONResponse(
+            content=payload,
+            status_code=status.HTTP_201_CREATED,
+        )
+
+    except DownloadServiceError as e:
+        raise BadRequestError(message=str(e))
+    except (BadRequestError, NotFoundError, ServerError):
+        raise
+    except Exception as e:
+        raise ServerError(
+            message=f"Failed to add episodes to queue: {str(e)}"
+        )
+
+
+@router.delete("/completed", status_code=status.HTTP_200_OK)
+async def clear_completed(
+    _: dict = Depends(require_auth),
+    download_service: DownloadService = Depends(get_download_service),
+):
+    """Clear completed downloads from history.
+
+    Removes all completed download items from the queue history. This helps
+    keep the queue display clean and manageable.
+
+    Requires authentication.
+
+    Returns:
+        dict: Status message with count of cleared items
+
+    Raises:
+        HTTPException: 401 if not authenticated, 500 on service error
+    """
+    try:
+        cleared_count = await download_service.clear_completed()
+
+        return {
+            "status": "success",
+            "message": f"Cleared {cleared_count} completed item(s)",
+            "count": cleared_count,
+        }
+
+    except Exception as e:
+        raise ServerError(
+            message=f"Failed to clear completed items: {str(e)}"
+        )
+
+
+@router.delete("/failed", status_code=status.HTTP_200_OK)
+async def clear_failed(
+    _: dict = Depends(require_auth),
+    download_service: DownloadService = Depends(get_download_service),
+):
+    """Clear failed downloads from history.
+
+    Removes all failed download items from the queue history. This helps
+    keep the queue display clean and manageable.
+
+    Requires authentication.
+
+    Returns:
+        dict: Status message with count of cleared items
+
+    Raises:
+        HTTPException: 401 if not authenticated, 500 on service error
+    """
+    try:
+        cleared_count = await download_service.clear_failed()
+
+        return {
+            "status": "success",
+            "message": f"Cleared {cleared_count} failed item(s)",
+            "count": cleared_count,
+        }
+
+    except Exception as e:
+        raise ServerError(
+            message=f"Failed to clear failed items: {str(e)}"
+        )
+
+
+@router.delete("/pending", status_code=status.HTTP_200_OK)
+async def clear_pending(
+    _: dict = Depends(require_auth),
+    download_service: DownloadService = Depends(get_download_service),
+):
+    """Clear all pending downloads from the queue.
+
+    Removes all pending download items from the queue. This is useful for
+    clearing the entire queue at once instead of removing items one by one.
+
+    Requires authentication.
+
+    Returns:
+        dict: Status message with count of cleared items
+
+    Raises:
+        HTTPException: 401 if not authenticated, 500 on service error
+    """
+    try:
+        cleared_count = await download_service.clear_pending()
+
+        return {
+            "status": "success",
+            "message": f"Removed {cleared_count} pending item(s)",
+            "count": cleared_count,
+        }
+
+    except Exception as e:
+        raise ServerError(
+            message=f"Failed to clear pending items: {str(e)}"
+        )
+
+
+@router.delete("/{item_id}", status_code=status.HTTP_204_NO_CONTENT)
+async def remove_from_queue(
+    item_id: str = Path(..., description="Download item ID to remove"),
+    _: dict = Depends(require_auth),
+    download_service: DownloadService = Depends(get_download_service),
+):
+    """Remove a specific item from the download queue.
+
+    Removes a download item from the queue. If the item is currently
+    downloading, it will be cancelled and marked as cancelled. If it's
+    pending, it will simply be removed from the queue.
+
+    Requires authentication.
+
+    Args:
+        item_id: Unique identifier of the download item to remove
+
+    Raises:
+        HTTPException: 401 if not authenticated, 404 if item not found,
+                      500 on service error
+    """
+    try:
+        removed_ids = await download_service.remove_from_queue([item_id])
+
+        if not removed_ids:
+            raise NotFoundError(
+                message=f"Download item {item_id} not found in queue",
+                resource_type="download_item",
+                resource_id=item_id
+            )
+
+    except DownloadServiceError as e:
+        raise BadRequestError(message=str(e))
+    except (BadRequestError, NotFoundError, ServerError):
+        raise
+    except Exception as e:
+        raise ServerError(
+            message=f"Failed to remove item from queue: {str(e)}"
+        )
+
+
+@router.delete("/", status_code=status.HTTP_204_NO_CONTENT)
+async def remove_multiple_from_queue(
+    request: QueueOperationRequest,
+    _: dict = Depends(require_auth),
+    download_service: DownloadService = Depends(get_download_service),
+):
+    """Remove multiple items from the download queue.
+
+    Removes multiple download items from the queue based on provided IDs.
+    Items that are currently downloading will be cancelled.
+
+    Requires authentication.
+
+    Args:
+        request: Request containing list of item IDs to remove
+
+    Raises:
+        HTTPException: 401 if not authenticated, 404 if no items found,
+                      500 on service error
+    """
+    try:
+        removed_ids = await download_service.remove_from_queue(
+            request.item_ids
+        )
+
+        if not removed_ids:
+            raise NotFoundError(
+                message="No matching items found in queue",
+                resource_type="download_items"
+            )
+
+    except DownloadServiceError as e:
+        raise BadRequestError(message=str(e))
+    except (BadRequestError, NotFoundError, ServerError):
+        raise
+    except Exception as e:
+        raise ServerError(
+            message=f"Failed to remove items from queue: {str(e)}"
+        )
+
+
+@router.post("/start", status_code=status.HTTP_200_OK)
+async def start_queue(
+    _: dict = Depends(require_auth),
+    download_service: DownloadService = Depends(get_download_service),
+):
+    """Start automatic queue processing.
+
+    Starts processing all pending downloads sequentially, one at a time.
+    The queue will continue processing until all items are complete or
+    the queue is manually stopped. Processing continues even if the browser
+    is closed.
+
+    Only one download can be active at a time. If a download is already
+    active or queue processing is running, an error is returned.
+
+    Requires authentication.
+
+    Returns:
+        dict: Status message confirming queue processing started
+
+    Raises:
+        HTTPException: 401 if not authenticated, 400 if queue is empty or
+                      processing already active, 500 on service error
+    """
+    try:
+        result = await download_service.start_queue_processing()
+        
+        if result is None:
+            raise BadRequestError(
+                message="No pending downloads in queue"
+            )
+
+        return {
+            "status": "success",
+            "message": "Queue processing started",
+        }
+    
+    except DownloadServiceError as e:
+        raise BadRequestError(message=str(e))
+    except (BadRequestError, NotFoundError, ServerError):
+        raise
+    except Exception as e:
+        raise ServerError(
+            message=f"Failed to start queue processing: {str(e)}"
+        )
+
+
+@router.post("/stop", status_code=status.HTTP_200_OK)
+async def stop_queue(
+    _: dict = Depends(require_auth),
+    download_service: DownloadService = Depends(get_download_service),
+):
+    """Stop processing new downloads from queue.
+
+    Prevents new downloads from starting. The current active download will
+    continue to completion, but no new downloads will be started from the
+    pending queue.
+
+    Requires authentication.
+
+    Returns:
+        dict: Status message indicating queue processing has been stopped
+
+    Raises:
+        HTTPException: 401 if not authenticated, 500 on service error
+    """
+    try:
+        await download_service.stop_downloads()
+
+        return {
+            "status": "success",
+            "message": (
+                "Queue processing stopped (current download will continue)"
+            ),
+        }
+
+    except Exception as e:
+        raise ServerError(
+            message=f"Failed to stop queue processing: {str(e)}"
+        )
+
+
+@router.post("/pause", status_code=status.HTTP_200_OK)
+async def pause_queue(
+    _: dict = Depends(require_auth),
+    download_service: DownloadService = Depends(get_download_service),
+):
+    """Pause queue processing (alias for stop).
+
+    Prevents new downloads from starting. The current active download will
+    continue to completion, but no new downloads will be started from the
+    pending queue.
+
+    Requires authentication.
+
+    Returns:
+        dict: Status message indicating queue processing has been paused
+
+    Raises:
+        HTTPException: 401 if not authenticated, 500 on service error
+    """
+    try:
+        await download_service.stop_downloads()
+
+        return {
+            "status": "success",
+            "message": "Queue processing paused",
+        }
+
+    except Exception as e:
+        raise ServerError(
+            message=f"Failed to pause queue processing: {str(e)}"
+        )
+
+
+@router.post("/reorder", status_code=status.HTTP_200_OK)
+async def reorder_queue(
+    request: QueueOperationRequest,
+    _: dict = Depends(require_auth),
+    download_service: DownloadService = Depends(get_download_service),
+):
+    """Reorder items in the pending queue.
+
+    Reorders the pending queue based on the provided list of item IDs.
+    Items will be placed in the order specified by the item_ids list.
+    Items not included in the list will remain at the end of the queue.
+
+    Requires authentication.
+
+    Args:
+        request: List of download item IDs in desired order
+
+    Returns:
+        dict: Status message
+
+    Raises:
+        HTTPException: 401 if not authenticated, 404 if no items match,
+                      500 on service error
+    """
+    try:
+        await download_service.reorder_queue(request.item_ids)
+        return {
+            "status": "success",
+            "message": f"Queue reordered with {len(request.item_ids)} items",
+        }
+
+    except Exception as e:
+        raise ServerError(
+            message=f"Failed to reorder queue: {str(e)}"
+        )
+
+
+@router.post("/retry", status_code=status.HTTP_200_OK)
+async def retry_failed(
+    request: QueueOperationRequest,
+    _: dict = Depends(require_auth),
+    download_service: DownloadService = Depends(get_download_service),
+):
+    """Retry failed downloads.
+
+    Moves failed download items back to the pending queue for retry. Only items
+    that haven't exceeded the maximum retry count will be retried.
+
+    Requires authentication.
+
+    Args:
+        request: List of download item IDs to retry (empty list retries all)
+
+    Returns:
+        dict: Status message with count of retried items
+
+    Raises:
+        HTTPException: 401 if not authenticated, 500 on service error
+    """
+    try:
+        # If no specific IDs provided, retry all failed items
+        item_ids = request.item_ids if request.item_ids else None
+
+        retried_ids = await download_service.retry_failed(item_ids)
+
+        return {
+            "status": "success",
+            "message": f"Retrying {len(retried_ids)} failed item(s)",
+            "retried_count": len(retried_ids),
+            "retried_ids": retried_ids,
+        }
+
+    except Exception as e:
+        raise ServerError(
+            message=f"Failed to retry downloads: {str(e)}"
+        )

src/server/api/health.py

@@ -0,0 +1,348 @@
+"""Health check endpoints for system monitoring and status verification."""
+
+import logging
+from datetime import datetime
+from typing import Any, Dict, Optional
+
+import psutil
+from fastapi import APIRouter, Depends, HTTPException, Request
+from pydantic import BaseModel
+from sqlalchemy import text
+from sqlalchemy.ext.asyncio import AsyncSession
+
+from src.server.utils.dependencies import get_database_session
+
+logger = logging.getLogger(__name__)
+
+router = APIRouter(prefix="/health", tags=["health"])
+
+
+from src.server.utils.version import APP_VERSION
+
+
+class HealthStatus(BaseModel):
+    """Basic health status response."""
+
+    status: str
+    timestamp: str
+    version: str = APP_VERSION
+    service: str = "aniworld-api"
+    series_app_initialized: bool = False
+    anime_directory_configured: bool = False
+    scheduler_next_run: Optional[str] = None
+    scheduler_last_run: Optional[str] = None
+    checks: Optional[Dict[str, Any]] = None
+
+
+class DatabaseHealth(BaseModel):
+    """Database health status."""
+
+    status: str
+    connection_time_ms: float
+    message: Optional[str] = None
+
+
+class SystemMetrics(BaseModel):
+    """System resource metrics."""
+
+    cpu_percent: float
+    memory_percent: float
+    memory_available_mb: float
+    disk_percent: float
+    disk_free_mb: float
+    uptime_seconds: float
+
+
+class DependencyHealth(BaseModel):
+    """Health status of external dependencies."""
+
+    database: DatabaseHealth
+    filesystem: Dict[str, Any]
+    system: SystemMetrics
+
+
+class DetailedHealthStatus(BaseModel):
+    """Comprehensive health check response."""
+
+    status: str
+    timestamp: str
+    version: str = APP_VERSION
+    dependencies: DependencyHealth
+    startup_time: datetime
+
+
+# Global startup time
+startup_time = datetime.now()
+
+
+async def check_database_health(db: AsyncSession) -> DatabaseHealth:
+    """Check database connection and performance.
+
+    Args:
+        db: Database session dependency.
+
+    Returns:
+        DatabaseHealth: Database status and connection time.
+    """
+    try:
+        import time
+
+        start_time = time.time()
+        await db.execute(text("SELECT 1"))
+        connection_time = (time.time() - start_time) * 1000  # Convert to milliseconds
+
+        return DatabaseHealth(
+            status="healthy",
+            connection_time_ms=connection_time,
+            message="Database connection successful",
+        )
+    except Exception as e:
+        logger.error("Database health check failed: %s", e)
+        return DatabaseHealth(
+            status="unhealthy",
+            connection_time_ms=0,
+            message=f"Database connection failed: {str(e)}",
+        )
+
+
+async def check_filesystem_health() -> Dict[str, Any]:
+    """Check filesystem availability and permissions.
+
+    Returns:
+        dict: Filesystem status and available space.
+    """
+    try:
+        import os
+
+        data_dir = "data"
+        logs_dir = "logs"
+
+        data_accessible = os.path.exists(data_dir) and os.access(data_dir, os.W_OK)
+        logs_accessible = os.path.exists(logs_dir) and os.access(logs_dir, os.W_OK)
+
+        return {
+            "status": "healthy" if (data_accessible and logs_accessible) else "degraded",
+            "data_dir_writable": data_accessible,
+            "logs_dir_writable": logs_accessible,
+            "message": "Filesystem check completed",
+        }
+    except Exception as e:
+        logger.error("Filesystem health check failed: %s", e)
+        return {
+            "status": "unhealthy",
+            "message": f"Filesystem check failed: {str(e)}",
+        }
+
+
+def get_system_metrics() -> SystemMetrics:
+    """Get system resource metrics.
+
+    Returns:
+        SystemMetrics: CPU, memory, disk, and uptime information.
+    """
+    try:
+        import os
+        import time
+
+        # CPU usage
+        cpu_percent = psutil.cpu_percent(interval=1)
+
+        # Memory usage
+        memory_info = psutil.virtual_memory()
+        memory_percent = memory_info.percent
+        memory_available_mb = memory_info.available / (1024 * 1024)
+
+        # Disk usage
+        disk_info = psutil.disk_usage("/")
+        disk_percent = disk_info.percent
+        disk_free_mb = disk_info.free / (1024 * 1024)
+
+        # Uptime
+        boot_time = psutil.boot_time()
+        uptime_seconds = time.time() - boot_time
+
+        return SystemMetrics(
+            cpu_percent=cpu_percent,
+            memory_percent=memory_percent,
+            memory_available_mb=memory_available_mb,
+            disk_percent=disk_percent,
+            disk_free_mb=disk_free_mb,
+            uptime_seconds=uptime_seconds,
+        )
+    except Exception as e:
+        logger.error("System metrics collection failed: %s", e)
+        raise HTTPException(
+            status_code=500, detail=f"Failed to collect system metrics: {str(e)}"
+        )
+
+
+@router.get("", response_model=HealthStatus)
+async def basic_health_check(request: Request) -> HealthStatus:
+    """Basic health check endpoint.
+    
+    This endpoint does not depend on anime_directory configuration
+    and should always return 200 OK for basic health monitoring.
+    Includes service information for identification.
+    Includes scheduler next/last run times for monitoring tools.
+    Includes startup health check results.
+
+    Returns:
+        HealthStatus: Simple health status with timestamp and service info.
+    """
+    from src.config.settings import settings
+    from src.server.utils.dependencies import _series_app
+
+    # Get scheduler status for health monitoring
+    scheduler_status: dict = {}
+    try:
+        from src.server.services.scheduler.scheduler_service import (
+            get_scheduler_service,
+        )
+        scheduler_status = get_scheduler_service().get_status()
+    except Exception:
+        pass
+
+    # Get startup checks from app state
+    checks = getattr(request.app.state, "startup_checks", None)
+    
+    # Determine overall status based on checks
+    overall_status = "healthy"
+    if checks:
+        for check_name, check_data in checks.items():
+            if check_data.get("status") == "error":
+                overall_status = "unhealthy"
+                break
+            elif check_data.get("status") == "warning":
+                overall_status = "degraded"
+    
+    logger.debug("Basic health check requested")
+    return HealthStatus(
+        status=overall_status,
+        timestamp=datetime.now().isoformat(),
+        service="aniworld-api",
+        series_app_initialized=_series_app is not None,
+        anime_directory_configured=bool(settings.anime_directory),
+        scheduler_next_run=scheduler_status.get("next_run"),
+        scheduler_last_run=scheduler_status.get("last_run"),
+        checks=checks,
+    )
+
+
+@router.get("/ready")
+async def ready_check(request: Request) -> Dict[str, Any]:
+    """Readiness check endpoint for container orchestrators.
+    
+    Returns 503 if critical dependencies are not available.
+    This endpoint is used by Kubernetes, Docker Swarm, etc. to determine
+    if the container should receive traffic.
+    
+    Returns:
+        dict: Readiness status with checks details.
+    """
+    checks = getattr(request.app.state, "startup_checks", {})
+    
+    critical_failures = []
+    for check_name, check_data in checks.items():
+        if check_data.get("status") == "error":
+            critical_failures.append(f"{check_name}: {check_data.get('message')}")
+    
+    if critical_failures:
+        return {
+            "status": "not_ready",
+            "ready": False,
+            "timestamp": datetime.now().isoformat(),
+            "critical_failures": critical_failures,
+            "checks": checks,
+        }
+    
+    return {
+        "status": "ready",
+        "ready": True,
+        "timestamp": datetime.now().isoformat(),
+        "checks": checks,
+    }
+
+
+@router.get("/detailed", response_model=DetailedHealthStatus)
+async def detailed_health_check(
+    db: AsyncSession = Depends(get_database_session),
+) -> DetailedHealthStatus:
+    """Comprehensive health check endpoint.
+
+    Checks database, filesystem, and system metrics.
+
+    Args:
+        db: Database session dependency.
+
+    Returns:
+        DetailedHealthStatus: Comprehensive health information.
+    """
+    logger.debug("Detailed health check requested")
+
+    try:
+        # Check dependencies
+        database_health = await check_database_health(db)
+        filesystem_health = await check_filesystem_health()
+        system_metrics = get_system_metrics()
+
+        # Determine overall status
+        overall_status = "healthy"
+        if database_health.status != "healthy":
+            overall_status = "degraded"
+        if filesystem_health.get("status") != "healthy":
+            overall_status = "degraded"
+
+        dependencies = DependencyHealth(
+            database=database_health,
+            filesystem=filesystem_health,
+            system=system_metrics,
+        )
+
+        return DetailedHealthStatus(
+            status=overall_status,
+            timestamp=datetime.now().isoformat(),
+            dependencies=dependencies,
+            startup_time=startup_time,
+        )
+    except Exception as e:
+        logger.error("Detailed health check failed: %s", e)
+        raise HTTPException(status_code=500, detail="Health check failed")
+
+
+@router.get("/metrics", response_model=SystemMetrics)
+async def get_metrics() -> SystemMetrics:
+    """Get system resource metrics.
+
+    Returns:
+        SystemMetrics: Current CPU, memory, disk, and uptime metrics.
+    """
+    logger.debug("System metrics requested")
+    return get_system_metrics()
+
+
+@router.get("/metrics/prometheus")
+async def get_prometheus_metrics() -> str:
+    """Get metrics in Prometheus format.
+
+    Returns:
+        str: Prometheus formatted metrics.
+    """
+    from src.server.utils.metrics import get_metrics_collector
+
+    logger.debug("Prometheus metrics requested")
+    collector = get_metrics_collector()
+    return collector.export_prometheus_format()
+
+
+@router.get("/metrics/json")
+async def get_metrics_json() -> Dict[str, Any]:
+    """Get metrics as JSON.
+
+    Returns:
+        dict: Metrics in JSON format.
+    """
+    from src.server.utils.metrics import get_metrics_collector
+
+    logger.debug("JSON metrics requested")
+    collector = get_metrics_collector()
+    return collector.export_json()

src/server/api/logging.py

@@ -0,0 +1,230 @@
+"""Logging API endpoints for AniWorld.
+
+Provides endpoints for reading log configuration, listing log files,
+tailing/downloading individual log files, testing logging, and cleanup.
+"""
+from __future__ import annotations
+
+import logging
+import os
+from pathlib import Path
+from typing import Any, Dict, List, Optional
+
+from fastapi import APIRouter, Depends, HTTPException, status
+from fastapi.responses import FileResponse
+
+from src.server.services.config_service import get_config_service
+from src.server.utils.dependencies import require_auth
+
+logger = logging.getLogger(__name__)
+
+router = APIRouter(prefix="/api/logging", tags=["logging"])
+
+_LOG_DIR = Path("logs")
+
+
+# ---------------------------------------------------------------------------
+# Helpers
+# ---------------------------------------------------------------------------
+
+def _log_dir() -> Path:
+    """Return the log directory, creating it if necessary."""
+    _LOG_DIR.mkdir(exist_ok=True)
+    return _LOG_DIR
+
+
+def _list_log_files() -> List[Dict[str, Any]]:
+    """Return metadata for all .log files in the log directory."""
+    result: List[Dict[str, Any]] = []
+    log_dir = _log_dir()
+    for entry in sorted(log_dir.iterdir()):
+        if entry.is_file() and entry.suffix in {".log", ".txt"}:
+            stat = entry.stat()
+            result.append(
+                {
+                    "name": entry.name,
+                    "size_mb": round(stat.st_size / (1024 * 1024), 2),
+                    "modified": stat.st_mtime,
+                }
+            )
+    return result
+
+
+# ---------------------------------------------------------------------------
+# Endpoints
+# ---------------------------------------------------------------------------
+
+@router.get("/config")
+def get_logging_config(
+    auth: Optional[dict] = Depends(require_auth),
+) -> Dict[str, Any]:
+    """Return current logging configuration as used by the frontend.
+
+    Maps the internal ``LoggingConfig`` model fields to the shape expected
+    by ``logging-config.js``.
+    """
+    try:
+        config_service = get_config_service()
+        app_config = config_service.load_config()
+        lc = app_config.logging
+
+        return {
+            "success": True,
+            "config": {
+                # Primary fields (match the model)
+                "log_level": lc.level,
+                "log_file": lc.file,
+                "max_bytes": lc.max_bytes,
+                "backup_count": lc.backup_count,
+                # UI-only flags – defaults; not yet persisted in the model
+                "enable_console_logging": True,
+                "enable_console_progress": False,
+                "enable_fail2ban_logging": False,
+            },
+        }
+    except Exception as exc:
+        logger.exception("Failed to read logging config")
+        raise HTTPException(
+            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
+            detail=f"Failed to read logging config: {exc}",
+        ) from exc
+
+
+@router.get("/files")
+def list_files(
+    auth: Optional[dict] = Depends(require_auth),
+) -> Dict[str, Any]:
+    """List all available log files with metadata."""
+    try:
+        return {"success": True, "files": _list_log_files()}
+    except Exception as exc:
+        logger.exception("Failed to list log files")
+        raise HTTPException(
+            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
+            detail=f"Failed to list log files: {exc}",
+        ) from exc
+
+
+@router.get("/files/{filename}/tail")
+def tail_file(
+    filename: str,
+    lines: int = 100,
+    auth: Optional[dict] = Depends(require_auth),
+) -> Dict[str, Any]:
+    """Return the last *lines* lines of a log file.
+
+    Args:
+        filename: Name of the log file (no path traversal).
+        lines: Number of lines to return (default 100).
+
+    Returns:
+        Dict with ``success``, ``lines``, ``showing_lines``, ``total_lines``.
+    """
+    # Prevent path traversal
+    safe_name = Path(filename).name
+    file_path = _log_dir() / safe_name
+    if not file_path.exists():
+        raise HTTPException(
+            status_code=status.HTTP_404_NOT_FOUND,
+            detail=f"Log file not found: {safe_name}",
+        )
+
+    try:
+        all_lines = file_path.read_text(encoding="utf-8", errors="replace").splitlines()
+        tail = all_lines[-lines:] if len(all_lines) > lines else all_lines
+        return {
+            "success": True,
+            "lines": tail,
+            "showing_lines": len(tail),
+            "total_lines": len(all_lines),
+        }
+    except Exception as exc:
+        logger.exception("Failed to tail log file %s", safe_name)
+        raise HTTPException(
+            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
+            detail=f"Failed to read log file: {exc}",
+        ) from exc
+
+
+@router.get("/files/{filename}/download")
+def download_file(
+    filename: str,
+    auth: Optional[dict] = Depends(require_auth),
+) -> FileResponse:
+    """Download a log file as an attachment."""
+    safe_name = Path(filename).name
+    file_path = _log_dir() / safe_name
+    if not file_path.exists():
+        raise HTTPException(
+            status_code=status.HTTP_404_NOT_FOUND,
+            detail=f"Log file not found: {safe_name}",
+        )
+    return FileResponse(
+        path=str(file_path),
+        filename=safe_name,
+        media_type="text/plain",
+    )
+
+
+@router.post("/test")
+def test_logging(
+    auth: dict = Depends(require_auth),
+) -> Dict[str, Any]:
+    """Write test log messages at all levels."""
+    logging.getLogger("aniworld.test").debug("Test DEBUG message")
+    logging.getLogger("aniworld.test").info("Test INFO message")
+    logging.getLogger("aniworld.test").warning("Test WARNING message")
+    logging.getLogger("aniworld.test").error("Test ERROR message")
+    return {"success": True, "message": "Test messages written to log"}
+
+
+@router.post("/cleanup")
+def cleanup_logs(
+    payload: Dict[str, Any],
+    auth: dict = Depends(require_auth),
+) -> Dict[str, Any]:
+    """Delete log files older than *days* days.
+
+    Args:
+        payload: JSON body with ``days`` (int) field.
+
+    Returns:
+        Dict with ``success`` and ``message`` describing what was deleted.
+    """
+    import time
+
+    days = payload.get("days", 30)
+    try:
+        days = int(days)
+        if days < 1:
+            raise ValueError("days must be >= 1")
+    except (TypeError, ValueError) as exc:
+        raise HTTPException(
+            status_code=status.HTTP_400_BAD_REQUEST,
+            detail=f"Invalid days value: {exc}",
+        ) from exc
+
+    cutoff = time.time() - days * 86400
+    removed: List[str] = []
+    errors: List[str] = []
+
+    for entry in _log_dir().iterdir():
+        if entry.is_file() and entry.suffix in {".log", ".txt"}:
+            if entry.stat().st_mtime < cutoff:
+                try:
+                    entry.unlink()
+                    removed.append(entry.name)
+                except OSError as exc:
+                    errors.append(f"{entry.name}: {exc}")
+
+    message = f"Removed {len(removed)} file(s) older than {days} days."
+    if errors:
+        message += f" Errors: {'; '.join(errors)}"
+
+    logger.info(
+        "Log cleanup by %s: removed=%s days=%s",
+        auth.get("username", "unknown"),
+        removed,
+        days,
+    )
+    return {"success": True, "message": message, "removed": removed}

src/server/api/nfo.py

@@ -0,0 +1,70 @@
+"""NFO Management API endpoints.
+
+Note: NFO service has been removed. All NFO endpoints return 503.
+"""
+from fastapi import APIRouter, HTTPException, status
+
+router = APIRouter(prefix="/api/nfo", tags=["nfo"])
+
+
+@router.get("/disabled")
+async def nfo_disabled():
+    """NFO endpoints disabled - NFO service removed."""
+    raise HTTPException(
+        status_code=status.HTTP_503_SERVICE_UNAVAILABLE,
+        detail="NFO service has been removed. Use series management endpoints instead."
+    )
+
+
+@router.post("/batch/create")
+async def batch_create_nfo():
+    """NFO endpoints disabled - NFO service removed."""
+    raise HTTPException(
+        status_code=status.HTTP_503_SERVICE_UNAVAILABLE,
+        detail="NFO service has been removed. Use series management endpoints instead."
+    )
+
+
+@router.post("/{serie_id}/create")
+async def create_nfo(serie_id: str):
+    """NFO endpoints disabled - NFO service removed."""
+    raise HTTPException(
+        status_code=status.HTTP_503_SERVICE_UNAVAILABLE,
+        detail="NFO service has been removed. Use series management endpoints instead."
+    )
+
+
+@router.get("/{serie_id}/status")
+async def get_nfo_status(serie_id: str):
+    """NFO endpoints disabled - NFO service removed."""
+    raise HTTPException(
+        status_code=status.HTTP_503_SERVICE_UNAVAILABLE,
+        detail="NFO service has been removed. Use series management endpoints instead."
+    )
+
+
+@router.delete("/{serie_id}/delete")
+async def delete_nfo(serie_id: str):
+    """NFO endpoints disabled - NFO service removed."""
+    raise HTTPException(
+        status_code=status.HTTP_503_SERVICE_UNAVAILABLE,
+        detail="NFO service has been removed. Use series management endpoints instead."
+    )
+
+
+@router.get("/poster/{serie_id}")
+async def get_nfo_poster(serie_id: str):
+    """NFO endpoints disabled - NFO service removed."""
+    raise HTTPException(
+        status_code=status.HTTP_503_SERVICE_UNAVAILABLE,
+        detail="NFO service has been removed. Use series management endpoints instead."
+    )
+
+
+@router.get("/fanart/{serie_id}")
+async def get_nfo_fanart(serie_id: str):
+    """NFO endpoints disabled - NFO service removed."""
+    raise HTTPException(
+        status_code=status.HTTP_503_SERVICE_UNAVAILABLE,
+        detail="NFO service has been removed. Use series management endpoints instead."
+    )

src/server/api/scheduler.py

@@ -0,0 +1,155 @@
+"""Scheduler API endpoints for Aniworld.
+
+This module provides endpoints for managing scheduled tasks such as
+automatic anime library rescans.
+"""
+import logging
+from typing import Any, Dict, Optional
+
+from fastapi import APIRouter, Depends, HTTPException, status
+
+from src.server.models.config import SchedulerConfig
+from src.server.services.config_service import ConfigServiceError, get_config_service
+from src.server.services.scheduler.scheduler_service import get_scheduler_service
+from src.server.utils.dependencies import require_auth
+
+logger = logging.getLogger(__name__)
+
+router = APIRouter(prefix="/api/scheduler", tags=["scheduler"])
+
+
+def _build_response(config: SchedulerConfig) -> Dict[str, Any]:
+    """Build a standardised GET/POST response combining config + runtime status."""
+    scheduler_service = get_scheduler_service()
+    runtime = scheduler_service.get_status()
+
+    return {
+        "success": True,
+        "config": {
+            "enabled": config.enabled,
+            "interval_minutes": config.interval_minutes,
+            "schedule_time": config.schedule_time,
+            "schedule_days": config.schedule_days,
+            "auto_download_after_rescan": config.auto_download_after_rescan,
+        },
+        "status": {
+            "is_running": runtime.get("is_running", False),
+            "next_run": runtime.get("next_run"),
+            "last_run": runtime.get("last_run"),
+            "scan_in_progress": runtime.get("scan_in_progress", False),
+        },
+    }
+
+
+@router.get("/config")
+def get_scheduler_config(
+    auth: Optional[dict] = Depends(require_auth),
+) -> Dict[str, Any]:
+    """Get current scheduler configuration along with runtime status.
+
+    Returns:
+        Combined config and status response.
+
+    Raises:
+        HTTPException: 500 if configuration cannot be loaded.
+    """
+    try:
+        config_service = get_config_service()
+        app_config = config_service.load_config()
+        return _build_response(app_config.scheduler)
+    except ConfigServiceError as exc:
+        logger.error("Failed to load scheduler config: %s", exc)
+        raise HTTPException(
+            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
+            detail=f"Failed to load scheduler configuration: {exc}",
+        ) from exc
+
+
+@router.post("/config")
+def update_scheduler_config(
+    scheduler_config: SchedulerConfig,
+    auth: dict = Depends(require_auth),
+) -> Dict[str, Any]:
+    """Update scheduler configuration and apply changes immediately.
+
+    Accepts the full SchedulerConfig body; any fields not supplied default
+    to their model defaults (backward compatible).
+
+    Returns:
+        Combined config and status response reflecting the saved config.
+
+    Raises:
+        HTTPException: 422 on validation errors (handled by FastAPI/Pydantic),
+            500 on save or scheduler failure.
+    """
+    try:
+        config_service = get_config_service()
+        app_config = config_service.load_config()
+        app_config.scheduler = scheduler_config
+        config_service.save_config(app_config)
+
+        logger.info(
+            "Scheduler config updated by %s: time=%s days=%s auto_dl=%s",
+            auth.get("username", "unknown"),
+            scheduler_config.schedule_time,
+            scheduler_config.schedule_days,
+            scheduler_config.auto_download_after_rescan,
+        )
+
+        # Apply changes to the running scheduler without restart
+        try:
+            sched_svc = get_scheduler_service()
+            sched_svc.reload_config(scheduler_config)
+        except Exception as sched_exc:  # pylint: disable=broad-exception-caught
+            logger.error("Scheduler reload after config update failed: %s", sched_exc)
+            # Config was saved — don't fail the request, just warn
+
+        return _build_response(scheduler_config)
+
+    except ConfigServiceError as exc:
+        logger.error("Failed to update scheduler config: %s", exc)
+        raise HTTPException(
+            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
+            detail=f"Failed to update scheduler configuration: {exc}",
+        ) from exc
+
+
+@router.post("/trigger-rescan", response_model=Dict[str, str])
+async def trigger_rescan(auth: dict = Depends(require_auth)) -> Dict[str, str]:
+    """Manually trigger a library rescan (and auto-download if configured).
+
+    Args:
+        auth: Authentication token (required)
+
+    Returns:
+        Dict with success message
+
+    Raises:
+        HTTPException: If rescan cannot be triggered
+    """
+    try:
+        from src.server.utils.dependencies import get_series_app  # noqa: PLC0415
+
+        series_app = get_series_app()
+        if not series_app:
+            raise HTTPException(
+                status_code=status.HTTP_503_SERVICE_UNAVAILABLE,
+                detail="SeriesApp not initialized",
+            )
+
+        logger.info(
+            "Manual rescan triggered by %s", auth.get("username", "unknown")
+        )
+
+        from src.server.api.anime import trigger_rescan as do_rescan  # noqa: PLC0415
+
+        return await do_rescan()
+
+    except HTTPException:
+        raise
+    except Exception as exc:
+        logger.exception("Failed to trigger manual rescan")
+        raise HTTPException(
+            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
+            detail=f"Failed to trigger rescan: {exc}",
+        ) from exc

src/server/api/setup_endpoints.py

@@ -0,0 +1,376 @@
+"""API endpoints for setup and unresolved folder management.
+
+Provides endpoints to:
+- List unresolved folders that couldn't be auto-resolved during setup
+- Get suggestions/search results for an unresolved folder
+- Resolve an unresolved folder by providing a provider key
+"""
+import json
+import logging
+from typing import Any, Optional
+
+from fastapi import APIRouter, Depends, HTTPException, status
+from pydantic import BaseModel, Field
+
+from src.server.database.connection import get_db_session
+from src.server.database.service import AnimeSeriesService, UnresolvedFolderService
+from src.server.utils.dependencies import (
+    get_database_session,
+    get_series_app,
+    require_auth,
+)
+
+logger = logging.getLogger(__name__)
+
+router = APIRouter(prefix="/api/setup", tags=["setup"])
+
+
+class UnresolvedFolderResponse(BaseModel):
+    """Response model for an unresolved folder."""
+    
+    folder_name: str = Field(..., description="Original filesystem folder name")
+    title: str = Field(..., description="Extracted title from folder name")
+    year: Optional[int] = Field(None, description="Extracted release year")
+    search_attempts: int = Field(..., description="Number of search attempts made")
+    search_suggestions: list[dict[str, Any]] = Field(
+        default_factory=list,
+        description="Cached search results for potential matches"
+    )
+    
+    class Config:
+        from_attributes = True
+
+
+class ResolveFolderRequest(BaseModel):
+    """Request model for resolving an unresolved folder."""
+    
+    provider_key: str = Field(
+        ...,
+        min_length=1,
+        max_length=255,
+        description="Provider key to associate with this folder"
+    )
+
+
+class ResolveFolderResponse(BaseModel):
+    """Response model for resolving an unresolved folder."""
+    
+    status: str = Field(..., description="Operation status")
+    message: str = Field(..., description="Human-readable message")
+    folder_name: str = Field(..., description="Folder name that was resolved")
+    key: str = Field(..., description="Provider key that was used")
+    series_id: int = Field(..., description="Database ID of the created series")
+
+
+@router.get("/unresolved", response_model=list[UnresolvedFolderResponse])
+async def list_unresolved_folders(
+    db=Depends(get_database_session),
+) -> list[UnresolvedFolderResponse]:
+    """List all unresolved folders that need manual key resolution.
+    
+    Returns folders that couldn't be auto-resolved during setup,
+    including cached search suggestions when available.
+    
+    Returns:
+        List of UnresolvedFolderResponse objects
+    """
+    folders = await UnresolvedFolderService.get_all_unresolved(db)
+    
+    result = []
+    for folder in folders:
+        suggestions = []
+        if folder.last_search_result:
+            try:
+                suggestions = json.loads(folder.last_search_result)
+            except json.JSONDecodeError:
+                logger.warning(
+                    "Failed to parse search result for folder: %s",
+                    folder.folder_name
+                )
+        
+        result.append(UnresolvedFolderResponse(
+            folder_name=folder.folder_name,
+            title=folder.title,
+            year=folder.year,
+            search_attempts=folder.search_attempts,
+            search_suggestions=suggestions,
+        ))
+    
+    return result
+
+
+@router.get("/unresolved/{folder_name}", response_model=UnresolvedFolderResponse)
+async def get_unresolved_folder(
+    folder_name: str,
+    db=Depends(get_database_session),
+) -> UnresolvedFolderResponse:
+    """Get details for a specific unresolved folder.
+    
+    Args:
+        folder_name: URL-encoded folder name to look up
+        
+    Returns:
+        UnresolvedFolderResponse for the specified folder
+        
+    Raises:
+        HTTPException: 404 if folder not found or already resolved
+    """
+    folder = await UnresolvedFolderService.get_by_folder_name(db, folder_name)
+    
+    if not folder:
+        raise HTTPException(
+            status_code=status.HTTP_404_NOT_FOUND,
+            detail=f"Unresolved folder not found: {folder_name}"
+        )
+    
+    if folder.is_resolved:
+        raise HTTPException(
+            status_code=status.HTTP_404_NOT_FOUND,
+            detail=f"Folder already resolved: {folder_name}"
+        )
+    
+    suggestions = []
+    if folder.last_search_result:
+        try:
+            suggestions = json.loads(folder.last_search_result)
+        except json.JSONDecodeError:
+            pass
+    
+    return UnresolvedFolderResponse(
+        folder_name=folder.folder_name,
+        title=folder.title,
+        year=folder.year,
+        search_attempts=folder.search_attempts,
+        search_suggestions=suggestions,
+    )
+
+
+@router.post("/unresolved/{folder_name}/resolve", response_model=ResolveFolderResponse)
+async def resolve_unresolved_folder(
+    folder_name: str,
+    request: ResolveFolderRequest,
+    db=Depends(get_database_session),
+) -> ResolveFolderResponse:
+    """Resolve an unresolved folder by providing the correct provider key.
+    
+    This endpoint:
+    1. Validates the provider key format
+    2. Updates the UnresolvedFolder record as resolved
+    3. Creates the AnimeSeries record in the database
+    4. Returns the created series information
+    
+    Args:
+        folder_name: URL-encoded folder name to resolve
+        request: ResolveFolderRequest with the provider_key
+        
+    Returns:
+        ResolveFolderResponse with created series details
+        
+    Raises:
+        HTTPException: 404 if folder not found
+        HTTPException: 400 if key is invalid or series already exists
+    """
+    # Check if folder exists and is unresolved
+    unresolved = await UnresolvedFolderService.get_by_folder_name(db, folder_name)
+    
+    if not unresolved:
+        raise HTTPException(
+            status_code=status.HTTP_404_NOT_FOUND,
+            detail=f"Unresolved folder not found: {folder_name}"
+        )
+    
+    if unresolved.is_resolved:
+        raise HTTPException(
+            status_code=status.HTTP_400_BAD_REQUEST,
+            detail=f"Folder already resolved: {folder_name}"
+        )
+    
+    # Check if a series with this key already exists
+    existing_series = await AnimeSeriesService.get_by_key(db, request.provider_key)
+    if existing_series:
+        raise HTTPException(
+            status_code=status.HTTP_400_BAD_REQUEST,
+            detail=f"Series with key '{request.provider_key}' already exists"
+        )
+    
+    # Mark as resolved
+    await UnresolvedFolderService.resolve(db, folder_name, request.provider_key)
+    
+    # Create the AnimeSeries record
+    series = await AnimeSeriesService.create(
+        db=db,
+        key=request.provider_key,
+        name=unresolved.title,
+        site="https://aniworld.to",
+        folder=folder_name,
+        year=unresolved.year,
+        loading_status="pending",
+        episodes_loaded=False,
+        logo_loaded=False,
+        images_loaded=False,
+    )
+    
+    logger.info(
+        "Resolved unresolved folder via API: %s -> key=%s (series_id=%d)",
+        folder_name, request.provider_key, series.id
+    )
+    
+    return ResolveFolderResponse(
+        status="success",
+        message=f"Successfully resolved and added series: {unresolved.title}",
+        folder_name=folder_name,
+        key=request.provider_key,
+        series_id=series.id,
+    )
+
+
+class SearchFolderRequest(BaseModel):
+    """Request model for searching an unresolved folder with custom query."""
+    query: Optional[str] = Field(None, description="Custom search query override")
+
+
+@router.post("/unresolved/{folder_name}/search", response_model=UnresolvedFolderResponse)
+async def search_unresolved_folder(
+    folder_name: str,
+    request: Optional[SearchFolderRequest] = None,
+    db=Depends(get_database_session),
+) -> UnresolvedFolderResponse:
+    """Re-search for a specific unresolved folder to get fresh suggestions.
+    
+    Performs a new search using the folder's title or a custom query.
+    Caches the results for subsequent display.
+    
+    Args:
+        folder_name: URL-encoded folder name to search for
+        request: Optional SearchFolderRequest with custom query override
+        
+    Returns:
+        UnresolvedFolderResponse with updated search suggestions
+        
+    Raises:
+        HTTPException: 404 if folder not found or already resolved
+    """
+    from pathlib import Path
+    
+    folder = await UnresolvedFolderService.get_by_folder_name(db, folder_name)
+    
+    if not folder:
+        raise HTTPException(
+            status_code=status.HTTP_404_NOT_FOUND,
+            detail=f"Unresolved folder not found: {folder_name}"
+        )
+    
+    if folder.is_resolved:
+        raise HTTPException(
+            status_code=status.HTTP_404_NOT_FOUND,
+            detail=f"Folder already resolved: {folder_name}"
+        )
+    
+    # Use custom query if provided, otherwise fall back to folder title
+    search_query = request.query if request and request.query else folder.title
+    
+    # Perform search
+    series_app = get_series_app()
+    try:
+        results = await series_app.search(search_query)
+        search_result_json = json.dumps(results) if results else "[]"
+    except Exception as e:
+        logger.warning(
+            "Search failed for unresolved folder: %s, error: %s",
+            folder_name, str(e)
+        )
+        search_result_json = "[]"
+        results = []
+    
+    # Update the folder with new search results
+    await UnresolvedFolderService.update_search_result(db, folder_name, search_result_json)
+    
+    return UnresolvedFolderResponse(
+        folder_name=folder.folder_name,
+        title=folder.title,
+        year=folder.year,
+        search_attempts=folder.search_attempts + 1,
+        search_suggestions=results,
+    )
+
+
+@router.delete("/unresolved/{folder_name}")
+async def delete_unresolved_folder(
+    folder_name: str,
+    db=Depends(get_database_session),
+) -> dict[str, str]:
+    """Delete an unresolved folder tracking record.
+    
+    Use this when you've manually added the series outside of this flow
+    (e.g., via POST /api/anime/add) to clean up the unresolved tracker.
+    
+    Args:
+        folder_name: URL-encoded folder name to delete
+        
+    Returns:
+        Dict with status message
+        
+    Raises:
+        HTTPException: 404 if folder not found
+    """
+    deleted = await UnresolvedFolderService.delete(db, folder_name)
+    
+    if not deleted:
+        raise HTTPException(
+            status_code=status.HTTP_404_NOT_FOUND,
+            detail=f"Unresolved folder not found: {folder_name}"
+        )
+    
+    return {"status": "success", "message": f"Deleted unresolved folder: {folder_name}"}
+
+
+class DoneResponse(BaseModel):
+    """Response model for completing unresolved folders."""
+    status: str = Field(..., description="Operation status")
+    message: str = Field(..., description="Human-readable message")
+    count: int = Field(..., description="Number of folders marked as done")
+
+
+@router.post("/unresolved/done", response_model=DoneResponse)
+async def complete_unresolved_folders(
+    db=Depends(get_database_session),
+) -> DoneResponse:
+    """Mark all unresolved folders as handled and complete the unresolved phase.
+    
+    This endpoint:
+    1. Marks the unresolved phase as completed in config
+    2. Returns the count of folders that were handled
+    
+    After this, /setup/unresolved will redirect to /loading.
+    
+    Returns:
+        DoneResponse with status and count of handled folders
+    """
+    from src.server.services.config_service import get_config_service
+
+    # Get all unresolved folders
+    folders = await UnresolvedFolderService.get_all_unresolved(db)
+    count = len(folders)
+    
+    # Mark unresolved as completed in config
+    config_service = get_config_service()
+    try:
+        config = config_service.load_config()
+        if config.other is None:
+            config.other = {}
+        config.other['unresolved_completed'] = True
+        config_service.save_config(config, create_backup=False)
+        logger.info("Marked unresolved phase as completed")
+    except Exception as e:
+        logger.warning("Failed to save unresolved_completed flag: %s", e)
+    
+    logger.info(
+        "Completed unresolved phase: %d folders handled",
+        count
+    )
+    
+    return DoneResponse(
+        status="success",
+        message=f"Marked {count} folders as handled. Unresolved phase completed.",
+        count=count,
+    )

src/server/api/websocket.py

@@ -0,0 +1,367 @@
+"""WebSocket API endpoints for real-time communication.
+
+This module provides WebSocket endpoints for clients to connect and receive
+real-time updates about downloads, queue status, and system events.
+
+Series Identifier Convention:
+    - `key`: Primary identifier for series (provider-assigned, URL-safe)
+             e.g., "attack-on-titan"
+    - `folder`: Display metadata only (e.g., "Attack on Titan (2013)")
+    
+All series-related WebSocket events include `key` as the primary identifier
+in their data payload. The `folder` field is optional for display purposes.
+"""
+from __future__ import annotations
+
+import time
+import uuid
+from typing import Dict, Optional, Set
+
+import structlog
+from fastapi import APIRouter, Depends, WebSocket, WebSocketDisconnect, status
+from fastapi.responses import JSONResponse
+
+from src.server.models.websocket import (
+    ClientMessage,
+    RoomSubscriptionRequest,
+    WebSocketMessageType,
+)
+from src.server.services.websocket_service import (
+    WebSocketService,
+    get_websocket_service,
+)
+
+logger = structlog.get_logger(__name__)
+
+router = APIRouter(prefix="/ws", tags=["websocket"])
+
+# Valid room names - explicit allow-list for security
+VALID_ROOMS: Set[str] = {
+    "downloads",       # Download progress updates
+    "queue",           # Queue status changes
+    "scan",            # Scan progress updates
+    "system",          # System notifications
+    "errors",          # Error notifications
+}
+
+# Rate limiting configuration for WebSocket messages
+WS_RATE_LIMIT_MESSAGES_PER_MINUTE = 60
+WS_RATE_LIMIT_WINDOW_SECONDS = 60
+
+# In-memory rate limiting for WebSocket connections
+# WARNING: This resets on process restart. For production, consider Redis.
+_ws_rate_limits: Dict[str, Dict[str, float]] = {}
+
+
+def _check_ws_rate_limit(connection_id: str) -> bool:
+    """Check if a WebSocket connection has exceeded its rate limit.
+    
+    Args:
+        connection_id: Unique identifier for the WebSocket connection
+        
+    Returns:
+        bool: True if within rate limit, False if exceeded
+    """
+    now = time.time()
+    
+    if connection_id not in _ws_rate_limits:
+        _ws_rate_limits[connection_id] = {
+            "count": 0,
+            "window_start": now,
+        }
+    
+    record = _ws_rate_limits[connection_id]
+    
+    # Reset window if expired
+    if now - record["window_start"] > WS_RATE_LIMIT_WINDOW_SECONDS:
+        record["window_start"] = now
+        record["count"] = 0
+    
+    record["count"] += 1
+    
+    return record["count"] <= WS_RATE_LIMIT_MESSAGES_PER_MINUTE
+
+
+def _cleanup_ws_rate_limits(connection_id: str) -> None:
+    """Remove rate limit record for a disconnected connection.
+    
+    Args:
+        connection_id: Unique identifier for the WebSocket connection
+    """
+    _ws_rate_limits.pop(connection_id, None)
+
+
+def _validate_room_name(room: str) -> bool:
+    """Validate that a room name is in the allowed set.
+    
+    Args:
+        room: Room name to validate
+        
+    Returns:
+        bool: True if room is valid, False otherwise
+    """
+    return room in VALID_ROOMS
+
+
+@router.websocket("/connect")
+async def websocket_endpoint(
+    websocket: WebSocket,
+    token: Optional[str] = None,
+    ws_service: WebSocketService = Depends(get_websocket_service),
+):
+    """WebSocket endpoint for client connections.
+    
+    Clients connect to this endpoint to receive real-time updates.
+    The connection is maintained until the client disconnects or
+    an error occurs.
+    
+    Authentication:
+    - Optional token can be passed as query parameter: /ws/connect?token=<jwt>
+    - Unauthenticated connections are allowed but may have limited access
+    
+    Message flow:
+    1. Client connects
+    2. Server sends "connected" message
+    3. Client can send subscription requests (join/leave rooms)
+    4. Server broadcasts updates to subscribed rooms
+    5. Client disconnects
+    
+    Example client subscription:
+    ```json
+    {
+        "action": "join",
+        "room": "downloads"
+    }
+    ```
+    
+    Server message format (series-related events include 'key' identifier):
+    ```json
+    {
+        "type": "download_progress",
+        "timestamp": "2025-10-17T10:30:00.000Z",
+        "data": {
+            "download_id": "abc123",
+            "key": "attack-on-titan",
+            "folder": "Attack on Titan (2013)",
+            "percent": 45.2,
+            "speed_mbps": 2.5,
+            "eta_seconds": 180
+        }
+    }
+    ```
+    
+    Note:
+        - `key` is the primary series identifier (provider-assigned, URL-safe)
+        - `folder` is optional display metadata
+    """
+    connection_id = str(uuid.uuid4())
+    user_id: Optional[str] = None
+    
+    # Optional: Validate token if provided
+    if token:
+        try:
+            from src.server.services.auth_service import auth_service
+            session = auth_service.create_session_model(token)
+            user_id = session.user_id
+        except Exception as e:
+            logger.warning(
+                "Invalid WebSocket authentication token",
+                connection_id=connection_id,
+                error=str(e),
+            )
+    
+    try:
+        # Accept connection and register with service
+        await ws_service.connect(websocket, connection_id, user_id=user_id)
+        
+        # Send connection confirmation
+        await ws_service.manager.send_personal_message(
+            {
+                "type": WebSocketMessageType.CONNECTED,
+                "data": {
+                    "connection_id": connection_id,
+                    "message": "Connected to Aniworld WebSocket",
+                },
+            },
+            connection_id,
+        )
+        
+        logger.info(
+            "WebSocket client connected",
+            connection_id=connection_id,
+            user_id=user_id,
+        )
+        
+        # Handle incoming messages
+        while True:
+            try:
+                # Receive message from client
+                data = await websocket.receive_json()
+                
+                # Check rate limit
+                if not _check_ws_rate_limit(connection_id):
+                    logger.warning(
+                        "WebSocket rate limit exceeded",
+                        connection_id=connection_id,
+                    )
+                    await ws_service.send_error(
+                        connection_id,
+                        "Rate limit exceeded. Please slow down.",
+                        "RATE_LIMIT_EXCEEDED",
+                    )
+                    continue
+                
+                # Parse client message
+                try:
+                    client_msg = ClientMessage(**data)
+                except Exception as e:
+                    logger.warning(
+                        "Invalid client message format",
+                        connection_id=connection_id,
+                        error=str(e),
+                    )
+                    await ws_service.send_error(
+                        connection_id,
+                        "Invalid message format",
+                        "INVALID_MESSAGE",
+                    )
+                    continue
+                
+                # Handle room subscription requests
+                if client_msg.action in ["join", "leave"]:
+                    try:
+                        room_name = client_msg.data.get("room", "")
+                        
+                        # Validate room name against allow-list
+                        if not _validate_room_name(room_name):
+                            logger.warning(
+                                "Invalid room name requested",
+                                connection_id=connection_id,
+                                room=room_name,
+                            )
+                            await ws_service.send_error(
+                                connection_id,
+                                f"Invalid room name: {room_name}. "
+                                f"Valid rooms: {', '.join(sorted(VALID_ROOMS))}",
+                                "INVALID_ROOM",
+                            )
+                            continue
+                        
+                        room_req = RoomSubscriptionRequest(
+                            action=client_msg.action,
+                            room=room_name,
+                        )
+                        
+                        if room_req.action == "join":
+                            await ws_service.manager.join_room(
+                                connection_id, room_req.room
+                            )
+                            await ws_service.manager.send_personal_message(
+                                {
+                                    "type": WebSocketMessageType.SYSTEM_INFO,
+                                    "data": {
+                                        "message": (
+                                            f"Joined room: {room_req.room}"
+                                        )
+                                    },
+                                },
+                                connection_id,
+                            )
+                        elif room_req.action == "leave":
+                            await ws_service.manager.leave_room(
+                                connection_id, room_req.room
+                            )
+                            await ws_service.manager.send_personal_message(
+                                {
+                                    "type": WebSocketMessageType.SYSTEM_INFO,
+                                    "data": {
+                                        "message": (
+                                            f"Left room: {room_req.room}"
+                                        )
+                                    },
+                                },
+                                connection_id,
+                            )
+                            
+                    except Exception as e:
+                        logger.warning(
+                            "Invalid room subscription request",
+                            connection_id=connection_id,
+                            error=str(e),
+                        )
+                        await ws_service.send_error(
+                            connection_id,
+                            "Invalid room subscription",
+                            "INVALID_SUBSCRIPTION",
+                        )
+                
+                # Handle ping/pong for keepalive
+                elif client_msg.action == "ping":
+                    await ws_service.manager.send_personal_message(
+                        {"type": WebSocketMessageType.PONG, "data": {}},
+                        connection_id,
+                    )
+                
+                else:
+                    logger.debug(
+                        "Unknown action from client",
+                        connection_id=connection_id,
+                        action=client_msg.action,
+                    )
+                    await ws_service.send_error(
+                        connection_id,
+                        f"Unknown action: {client_msg.action}",
+                        "UNKNOWN_ACTION",
+                    )
+                    
+            except WebSocketDisconnect:
+                logger.info(
+                    "WebSocket client disconnected",
+                    connection_id=connection_id,
+                )
+                break
+            except Exception as e:
+                logger.error(
+                    "Error handling WebSocket message",
+                    connection_id=connection_id,
+                    error=str(e),
+                )
+                await ws_service.send_error(
+                    connection_id,
+                    "Internal server error",
+                    "SERVER_ERROR",
+                )
+                
+    except Exception as e:
+        logger.error(
+            "WebSocket connection error",
+            connection_id=connection_id,
+            error=str(e),
+        )
+    finally:
+        # Cleanup connection and rate limit record
+        _cleanup_ws_rate_limits(connection_id)
+        await ws_service.disconnect(connection_id)
+        logger.info("WebSocket connection closed", connection_id=connection_id)
+
+
+@router.get("/status")
+async def websocket_status(
+    ws_service: WebSocketService = Depends(get_websocket_service),
+):
+    """Get WebSocket service status and statistics.
+    
+    Returns information about active connections and rooms.
+    Useful for monitoring and debugging.
+    """
+    connection_count = await ws_service.manager.get_connection_count()
+    
+    return JSONResponse(
+        status_code=status.HTTP_200_OK,
+        content={
+            "status": "operational",
+            "active_connections": connection_count,
+            "supported_message_types": [t.value for t in WebSocketMessageType],
+            "valid_rooms": sorted(VALID_ROOMS),
+        },
+    )

src/server/config/__init__.py

@@ -0,0 +1,69 @@
+"""
+Environment configuration loader for Aniworld application.
+
+This module provides unified configuration loading based on the environment
+(development, production, or testing). It automatically selects the appropriate
+settings configuration based on the ENVIRONMENT variable.
+"""
+
+import os
+from typing import Union
+
+from .development import DevelopmentSettings, get_development_settings
+from .production import ProductionSettings, get_production_settings
+
+# Environment options
+ENVIRONMENT = os.getenv("ENVIRONMENT", "development").lower()
+
+# Valid environment values
+VALID_ENVIRONMENTS = {"development", "production", "testing"}
+
+if ENVIRONMENT not in VALID_ENVIRONMENTS:
+    raise ValueError(
+        f"Invalid ENVIRONMENT '{ENVIRONMENT}'. "
+        f"Must be one of: {VALID_ENVIRONMENTS}"
+    )
+
+
+def get_settings() -> Union[DevelopmentSettings, ProductionSettings]:
+    """
+    Get environment-specific settings.
+
+    Returns:
+        DevelopmentSettings: If ENVIRONMENT is 'development' or 'testing'
+        ProductionSettings: If ENVIRONMENT is 'production'
+
+    Raises:
+        ValueError: If ENVIRONMENT is not valid
+
+    Example:
+        >>> settings = get_settings()
+        >>> print(settings.log_level)
+        INFO
+    """
+    if ENVIRONMENT in {"development", "testing"}:
+        return get_development_settings()
+    return get_production_settings()
+
+
+# Singleton instance - loaded on first call
+_settings_instance = None
+
+
+def _get_settings_cached() -> Union[DevelopmentSettings, ProductionSettings]:
+    """Get cached settings instance."""
+    global _settings_instance
+    if _settings_instance is None:
+        _settings_instance = get_settings()
+    return _settings_instance
+
+
+# Re-export for convenience
+__all__ = [
+    "get_settings",
+    "ENVIRONMENT",
+    "DevelopmentSettings",
+    "ProductionSettings",
+    "get_development_settings",
+    "get_production_settings",
+]

src/server/config/development.py

@@ -0,0 +1,239 @@
+"""
+Development environment configuration for Aniworld application.
+
+This module provides development-specific settings including debugging,
+hot-reloading, and relaxed security for local development.
+
+Environment Variables:
+    JWT_SECRET_KEY: Secret key for JWT token signing (default: dev-secret)
+    PASSWORD_SALT: Salt for password hashing (default: dev-salt)
+    DATABASE_URL: Development database connection string (default: SQLite)
+    LOG_LEVEL: Logging level (default: INFO)
+    CORS_ORIGINS: Comma-separated list of allowed CORS origins
+    API_RATE_LIMIT: API rate limit per minute (default: 1000)
+"""
+
+from typing import List
+
+from pydantic import Field, validator
+from pydantic_settings import BaseSettings
+
+
+class DevelopmentSettings(BaseSettings):
+    """Development environment configuration settings."""
+
+    # ============================================================================
+    # Security Settings (Relaxed for Development)
+    # ============================================================================
+
+    jwt_secret_key: str = Field(
+        default="dev-secret-key-change-in-production",
+        env="JWT_SECRET_KEY"
+    )
+    """JWT secret key (non-production value for development)."""
+
+    password_salt: str = Field(
+        default="dev-salt-change-in-production",
+        env="PASSWORD_SALT"
+    )
+    """Password salt (non-production value for development)."""
+
+    master_password_hash: str = Field(
+        default="$2b$12$wP0KBVbJKVAb8CdSSXw0NeGTKCk"
+        "bw4fSAFXIqR2/wDqPSEBn9w7lS",
+        env="MASTER_PASSWORD_HASH"
+    )
+    """Hash of the master password (dev: 'password')."""
+
+    master_password: str = Field(default="password", env="MASTER_PASSWORD")
+    """Master password for development (NEVER use in production)."""
+
+    allowed_hosts: List[str] = Field(
+        default=["localhost", "127.0.0.1", "*"], env="ALLOWED_HOSTS"
+    )
+    """Allowed hosts (permissive for development)."""
+
+    cors_origins: str = Field(default="*", env="CORS_ORIGINS")
+    """CORS origins (allow all for development)."""
+
+    # ============================================================================
+    # Database Settings
+    # ============================================================================
+
+    database_url: str = Field(
+        default="sqlite:///./data/aniworld_dev.db",
+        env="DATABASE_URL"
+    )
+    """Development database URL (SQLite by default)."""
+
+    database_pool_size: int = Field(default=5, env="DATABASE_POOL_SIZE")
+    """Database connection pool size."""
+
+    database_max_overflow: int = Field(default=10, env="DATABASE_MAX_OVERFLOW")
+    """Maximum overflow connections for database pool."""
+
+    database_pool_recycle: int = Field(
+        default=3600, env="DATABASE_POOL_RECYCLE"
+    )
+    """Recycle database connections every N seconds."""
+
+    # ============================================================================
+    # API Settings
+    # ============================================================================
+
+    api_rate_limit: int = Field(default=1000, env="API_RATE_LIMIT")
+    """API rate limit per minute (relaxed for development)."""
+
+    api_timeout: int = Field(default=60, env="API_TIMEOUT")
+    """API request timeout in seconds (longer for debugging)."""
+
+    # ============================================================================
+    # Logging Settings
+    # ============================================================================
+
+    log_level: str = Field(default="INFO", env="LOG_LEVEL")
+    """Logging level (INFO for standard output)."""
+
+    log_file: str = Field(default="logs/development.log", env="LOG_FILE")
+    """Path to development log file."""
+
+    log_rotation_size: int = Field(default=5_242_880, env="LOG_ROTATION_SIZE")
+    """Log file rotation size in bytes (default: 5MB)."""
+
+    log_retention_days: int = Field(default=7, env="LOG_RETENTION_DAYS")
+    """Number of days to retain log files."""
+
+    # ============================================================================
+    # Performance Settings
+    # ============================================================================
+
+    workers: int = Field(default=1, env="WORKERS")
+    """Number of Uvicorn worker processes (single for development)."""
+
+    worker_timeout: int = Field(default=120, env="WORKER_TIMEOUT")
+    """Worker timeout in seconds."""
+
+    max_request_size: int = Field(default=104_857_600, env="MAX_REQUEST_SIZE")
+    """Maximum request body size in bytes (default: 100MB)."""
+
+    session_timeout_hours: int = Field(
+        default=168, env="SESSION_TIMEOUT_HOURS"
+    )
+    """Session timeout in hours (longer for development)."""
+
+    # ============================================================================
+    # Provider Settings
+    # ============================================================================
+
+    default_provider: str = Field(
+        default="aniworld.to", env="DEFAULT_PROVIDER"
+    )
+    """Default content provider."""
+
+    provider_timeout: int = Field(default=60, env="PROVIDER_TIMEOUT")
+    """Provider request timeout in seconds (longer for debugging)."""
+
+    provider_retries: int = Field(default=1, env="PROVIDER_RETRIES")
+    """Number of retry attempts for provider requests."""
+
+    # ============================================================================
+    # Download Settings
+    # ============================================================================
+
+    max_concurrent_downloads: int = Field(
+        default=1, env="MAX_CONCURRENT_DOWNLOADS"
+    )
+    """Maximum concurrent downloads (limited for development)."""
+
+    download_timeout: int = Field(default=7200, env="DOWNLOAD_TIMEOUT")
+    """Download timeout in seconds (default: 2 hours)."""
+
+    # ============================================================================
+    # Application Paths
+    # ============================================================================
+
+    anime_directory: str = Field(
+        default="/tmp/aniworld_dev", env="ANIME_DIRECTORY"
+    )
+    """Directory where anime is stored (development default)."""
+
+    temp_directory: str = Field(
+        default="/tmp/aniworld_dev/temp", env="TEMP_DIRECTORY"
+    )
+    """Temporary directory for downloads and cache."""
+
+    # ============================================================================
+    # Validators
+    # ============================================================================
+
+    @validator("log_level")
+    @classmethod
+    def validate_log_level(cls, v: str) -> str:
+        """Validate log level is valid."""
+        valid_levels = {"DEBUG", "INFO", "WARNING", "ERROR", "CRITICAL"}
+        if v.upper() not in valid_levels:
+            raise ValueError(
+                f"Invalid log level '{v}'. Must be one of: {valid_levels}"
+            )
+        return v.upper()
+
+    @validator("cors_origins")
+    @classmethod
+    def parse_cors_origins(cls, v: str) -> str:
+        """Parse comma-separated CORS origins."""
+        if not v:
+            return "http://localhost,http://127.0.0.1"
+        return v
+
+    # ============================================================================
+    # Configuration
+    # ============================================================================
+
+    class Config:
+        """Pydantic config."""
+
+        env_file = ".env.development"
+        extra = "ignore"
+        case_sensitive = False
+
+    # ============================================================================
+    # Properties
+    # ============================================================================
+
+    @property
+    def parsed_cors_origins(self) -> List[str]:
+        """Get parsed CORS origins as list."""
+        if not self.cors_origins or self.cors_origins == "*":
+            return ["*"]
+        return [origin.strip() for origin in self.cors_origins.split(",")]
+
+    @property
+    def is_production(self) -> bool:
+        """Check if running in production mode."""
+        return False
+
+    @property
+    def debug_enabled(self) -> bool:
+        """Check if debug mode is enabled."""
+        return False
+
+    @property
+    def reload_enabled(self) -> bool:
+        """Check if auto-reload is enabled."""
+        return True
+
+
+def get_development_settings() -> DevelopmentSettings:
+    """
+    Get development settings instance.
+
+    This is a factory function that should be called when settings are needed.
+
+    Returns:
+        DevelopmentSettings instance configured from environment variables
+    """
+    return DevelopmentSettings()
+
+
+# Export factory for backward compatibility
+development_settings = DevelopmentSettings()

src/server/config/logging_config.py

@@ -0,0 +1,122 @@
+"""
+Logging configuration for the FastAPI server.
+
+This module provides comprehensive logging setup with both console and file
+handlers, ensuring all server activity is properly logged.
+"""
+import logging
+import sys
+from pathlib import Path
+from typing import Dict
+
+from src.config.settings import settings
+
+
+def setup_logging() -> Dict[str, logging.Logger]:
+    """
+    Configure logging for the FastAPI application.
+    
+    Creates:
+    - Console handler for real-time output
+    - File handler for server.log (general logs)
+    - File handler for error.log (errors only)
+    - File handler for access.log (request logs)
+    
+    Returns:
+        Dict containing configured loggers
+    """
+    # Create logs directory if it doesn't exist
+    log_dir = Path("logs")
+    log_dir.mkdir(exist_ok=True)
+    
+    # Define log file paths
+    server_log_file = log_dir / "server.log"
+    error_log_file = log_dir / "error.log"
+    access_log_file = log_dir / "access.log"
+    
+    # Define log format
+    detailed_format = logging.Formatter(
+        fmt="%(asctime)s - %(name)s - %(levelname)s - %(funcName)s:%(lineno)d - %(message)s",
+        datefmt="%Y-%m-%d %H:%M:%S"
+    )
+    
+    simple_format = logging.Formatter(
+        fmt="%(asctime)s - %(levelname)s - %(message)s",
+        datefmt="%Y-%m-%d %H:%M:%S"
+    )
+    
+    # Configure root logger
+    root_logger = logging.getLogger()
+    root_logger.setLevel(getattr(logging, settings.log_level.upper(), logging.INFO))
+    
+    # Remove existing handlers to avoid duplicates
+    root_logger.handlers.clear()
+    
+    # Console handler - visible in terminal
+    console_handler = logging.StreamHandler(sys.stdout)
+    console_handler.setLevel(logging.INFO)
+    console_handler.setFormatter(simple_format)
+    root_logger.addHandler(console_handler)
+    
+    # File handler for general server logs
+    server_file_handler = logging.FileHandler(server_log_file, mode='a', encoding='utf-8')
+    server_file_handler.setLevel(logging.INFO)
+    server_file_handler.setFormatter(detailed_format)
+    root_logger.addHandler(server_file_handler)
+    
+    # File handler for errors only
+    error_file_handler = logging.FileHandler(error_log_file, mode='a', encoding='utf-8')
+    error_file_handler.setLevel(logging.ERROR)
+    error_file_handler.setFormatter(detailed_format)
+    root_logger.addHandler(error_file_handler)
+    
+    # Configure uvicorn loggers
+    uvicorn_logger = logging.getLogger("uvicorn")
+    uvicorn_logger.setLevel(logging.INFO)
+    
+    uvicorn_access_logger = logging.getLogger("uvicorn.access")
+    uvicorn_access_logger.setLevel(logging.INFO)
+    
+    # Access log file handler
+    access_file_handler = logging.FileHandler(access_log_file, mode='a', encoding='utf-8')
+    access_file_handler.setLevel(logging.INFO)
+    access_file_handler.setFormatter(simple_format)
+    uvicorn_access_logger.addHandler(access_file_handler)
+    
+    # Configure FastAPI logger
+    fastapi_logger = logging.getLogger("fastapi")
+    fastapi_logger.setLevel(logging.INFO)
+    
+    # Reduce noise from third-party libraries
+    logging.getLogger("urllib3").setLevel(logging.WARNING)
+    logging.getLogger("charset_normalizer").setLevel(logging.WARNING)
+    logging.getLogger("multipart").setLevel(logging.WARNING)
+    
+    # Log initial setup
+    root_logger.info("=" * 80)
+    root_logger.info("FastAPI Server Logging Initialized")
+    root_logger.info("Log Level: %s", settings.log_level.upper())
+    root_logger.info("Server Log: %s", server_log_file.absolute())
+    root_logger.info("Error Log: %s", error_log_file.absolute())
+    root_logger.info("Access Log: %s", access_log_file.absolute())
+    root_logger.info("=" * 80)
+    
+    return {
+        "root": root_logger,
+        "uvicorn": uvicorn_logger,
+        "uvicorn.access": uvicorn_access_logger,
+        "fastapi": fastapi_logger,
+    }
+
+
+def get_logger(name: str) -> logging.Logger:
+    """
+    Get a logger instance for a specific module.
+    
+    Args:
+        name: Name of the module/logger
+        
+    Returns:
+        Configured logger instance
+    """
+    return logging.getLogger(name)

src/server/config/production.py

@@ -0,0 +1,234 @@
+"""
+Production environment configuration for Aniworld application.
+
+This module provides production-specific settings including security hardening,
+performance optimizations, and operational configurations.
+
+Environment Variables:
+    JWT_SECRET_KEY: Secret key for JWT token signing (REQUIRED)
+    PASSWORD_SALT: Salt for password hashing (REQUIRED)
+    DATABASE_URL: Production database connection string
+    LOG_LEVEL: Logging level (default: WARNING)
+    CORS_ORIGINS: Comma-separated list of allowed CORS origins
+    API_RATE_LIMIT: API rate limit per minute (default: 60)
+    WORKERS: Number of Uvicorn worker processes (default: 4)
+    WORKER_TIMEOUT: Worker timeout in seconds (default: 120)
+"""
+
+from typing import List
+
+from pydantic import Field, validator
+from pydantic_settings import BaseSettings
+
+
+class ProductionSettings(BaseSettings):
+    """Production environment configuration settings."""
+
+    # ============================================================================
+    # Security Settings
+    # ============================================================================
+
+    jwt_secret_key: str = Field(..., env="JWT_SECRET_KEY")
+    """Secret key for JWT token signing. MUST be set in production."""
+
+    password_salt: str = Field(..., env="PASSWORD_SALT")
+    """Salt for password hashing. MUST be set in production."""
+
+    master_password_hash: str = Field(..., env="MASTER_PASSWORD_HASH")
+    """Hash of the master password for authentication."""
+
+    allowed_hosts: List[str] = Field(
+        default=["*"], env="ALLOWED_HOSTS"
+    )
+    """List of allowed hostnames for CORS and security checks."""
+
+    cors_origins: str = Field(default="", env="CORS_ORIGINS")
+    """Comma-separated list of allowed CORS origins."""
+
+    # ============================================================================
+    # Database Settings
+    # ============================================================================
+
+    database_url: str = Field(
+        default="postgresql://user:password@localhost/aniworld",
+        env="DATABASE_URL"
+    )
+    """Database connection URL. Defaults to PostgreSQL for production."""
+
+    database_pool_size: int = Field(default=20, env="DATABASE_POOL_SIZE")
+    """Database connection pool size."""
+
+    database_max_overflow: int = Field(default=10, env="DATABASE_MAX_OVERFLOW")
+    """Maximum overflow connections for database pool."""
+
+    database_pool_recycle: int = Field(
+        default=3600, env="DATABASE_POOL_RECYCLE"
+    )
+    """Recycle database connections every N seconds."""
+
+    # ============================================================================
+    # API Settings
+    # ============================================================================
+
+    api_rate_limit: int = Field(default=60, env="API_RATE_LIMIT")
+    """API rate limit per minute per IP address."""
+
+    api_timeout: int = Field(default=30, env="API_TIMEOUT")
+    """API request timeout in seconds."""
+
+    # ============================================================================
+    # Logging Settings
+    # ============================================================================
+
+    log_level: str = Field(default="WARNING", env="LOG_LEVEL")
+    """Logging level (DEBUG, INFO, WARNING, ERROR, CRITICAL)."""
+
+    log_file: str = Field(default="logs/production.log", env="LOG_FILE")
+    """Path to production log file."""
+
+    log_rotation_size: int = Field(default=10_485_760, env="LOG_ROTATION_SIZE")
+    """Log file rotation size in bytes (default: 10MB)."""
+
+    log_retention_days: int = Field(default=30, env="LOG_RETENTION_DAYS")
+    """Number of days to retain log files."""
+
+    # ============================================================================
+    # Performance Settings
+    # ============================================================================
+
+    workers: int = Field(default=4, env="WORKERS")
+    """Number of Uvicorn worker processes."""
+
+    worker_timeout: int = Field(default=120, env="WORKER_TIMEOUT")
+    """Worker timeout in seconds."""
+
+    max_request_size: int = Field(default=104_857_600, env="MAX_REQUEST_SIZE")
+    """Maximum request body size in bytes (default: 100MB)."""
+
+    session_timeout_hours: int = Field(default=24, env="SESSION_TIMEOUT_HOURS")
+    """Session timeout in hours."""
+
+    # ============================================================================
+    # Provider Settings
+    # ============================================================================
+
+    default_provider: str = Field(
+        default="aniworld.to", env="DEFAULT_PROVIDER"
+    )
+    """Default content provider."""
+
+    provider_timeout: int = Field(default=30, env="PROVIDER_TIMEOUT")
+    """Provider request timeout in seconds."""
+
+    provider_retries: int = Field(default=3, env="PROVIDER_RETRIES")
+    """Number of retry attempts for provider requests."""
+
+    # ============================================================================
+    # Download Settings
+    # ============================================================================
+
+    max_concurrent_downloads: int = Field(
+        default=3, env="MAX_CONCURRENT_DOWNLOADS"
+    )
+    """Maximum concurrent downloads."""
+
+    download_timeout: int = Field(default=3600, env="DOWNLOAD_TIMEOUT")
+    """Download timeout in seconds (default: 1 hour)."""
+
+    # ============================================================================
+    # Application Paths
+    # ============================================================================
+
+    anime_directory: str = Field(..., env="ANIME_DIRECTORY")
+    """Directory where anime is stored."""
+
+    temp_directory: str = Field(default="/tmp/aniworld", env="TEMP_DIRECTORY")
+    """Temporary directory for downloads and cache."""
+
+    # ============================================================================
+    # Validators
+    # ============================================================================
+
+    @validator("log_level")
+    @classmethod
+    def validate_log_level(cls, v: str) -> str:
+        """Validate log level is valid."""
+        valid_levels = {"DEBUG", "INFO", "WARNING", "ERROR", "CRITICAL"}
+        if v.upper() not in valid_levels:
+            raise ValueError(
+                f"Invalid log level '{v}'. Must be one of: {valid_levels}"
+            )
+        return v.upper()
+
+    @validator("database_url")
+    @classmethod
+    def validate_database_url(cls, v: str) -> str:
+        """Validate database URL is set and not SQLite."""
+        if not v or v.startswith("sqlite"):
+            raise ValueError(
+                "Production database must not use SQLite. "
+                "Use PostgreSQL or MySQL instead."
+            )
+        return v
+
+    @validator("cors_origins")
+    @classmethod
+    def parse_cors_origins(cls, v: str) -> str:
+        """Parse comma-separated CORS origins."""
+        if not v:
+            return ""
+        return v
+
+    # ============================================================================
+    # Configuration
+    # ============================================================================
+
+    class Config:
+        """Pydantic config."""
+
+        env_file = ".env.production"
+        extra = "ignore"
+        case_sensitive = False
+
+    # ============================================================================
+    # Properties
+    # ============================================================================
+
+    @property
+    def parsed_cors_origins(self) -> List[str]:
+        """Get parsed CORS origins as list."""
+        if not self.cors_origins:
+            return ["http://localhost", "http://127.0.0.1"]
+        return [origin.strip() for origin in self.cors_origins.split(",")]
+
+    @property
+    def is_production(self) -> bool:
+        """Check if running in production mode."""
+        return True
+
+    @property
+    def debug_enabled(self) -> bool:
+        """Check if debug mode is enabled."""
+        return False
+
+    @property
+    def reload_enabled(self) -> bool:
+        """Check if auto-reload is enabled."""
+        return False
+
+
+def get_production_settings() -> ProductionSettings:
+    """
+    Get production settings instance.
+
+    This is a factory function that should be called when settings are needed,
+    rather than instantiating at module level to avoid requiring all
+    environment variables at import time.
+
+    Returns:
+        ProductionSettings instance configured from environment variables
+
+    Raises:
+        ValidationError: If required environment variables are missing
+    """
+    return ProductionSettings()

src/server/controllers/__init__.py

@@ -0,0 +1,5 @@
+"""
+Controllers package for FastAPI application.
+
+This package contains route controllers organized by functionality.
+"""

src/server/controllers/error_controller.py

@@ -0,0 +1,39 @@
+"""
+Error handler controller for managing application exceptions.
+
+This module provides custom error handlers for different HTTP status codes.
+"""
+from fastapi import HTTPException, Request
+from fastapi.responses import JSONResponse
+
+from src.server.utils.template_helpers import render_template
+
+
+async def not_found_handler(request: Request, exc: HTTPException):
+    """Custom 404 handler."""
+    if request.url.path.startswith("/api/"):
+        return JSONResponse(
+            status_code=404,
+            content={"detail": "API endpoint not found"}
+        )
+    return render_template(
+        "error.html",
+        request,
+        context={"error": "Page not found", "status_code": 404},
+        title="404 - Not Found"
+    )
+
+
+async def server_error_handler(request: Request, exc: Exception):
+    """Custom 500 handler."""
+    if request.url.path.startswith("/api/"):
+        return JSONResponse(
+            status_code=500,
+            content={"detail": "Internal server error"}
+        )
+    return render_template(
+        "error.html",
+        request,
+        context={"error": "Internal server error", "status_code": 500},
+        title="500 - Server Error"
+    )

src/server/controllers/page_controller.py

@@ -0,0 +1,71 @@
+"""
+Page controller for serving HTML templates.
+
+This module provides endpoints for serving HTML pages using Jinja2 templates.
+"""
+from fastapi import APIRouter, Request
+from fastapi.responses import HTMLResponse
+
+from src.server.utils.template_helpers import render_template
+
+router = APIRouter(tags=["pages"])
+
+
+@router.get("/", response_class=HTMLResponse)
+async def root(request: Request):
+    """Serve the main application page."""
+    return render_template(
+        "index.html",
+        request,
+        title="Aniworld Download Manager"
+    )
+
+
+@router.get("/setup", response_class=HTMLResponse)
+async def setup_page(request: Request):
+    """Serve the setup page."""
+    return render_template(
+        "setup.html",
+        request,
+        title="Setup - Aniworld"
+    )
+
+
+@router.get("/login", response_class=HTMLResponse)
+async def login_page(request: Request):
+    """Serve the login page."""
+    return render_template(
+        "login.html",
+        request,
+        title="Login - Aniworld"
+    )
+
+
+@router.get("/queue", response_class=HTMLResponse)
+async def queue_page(request: Request):
+    """Serve the download queue page."""
+    return render_template(
+        "queue.html",
+        request,
+        title="Download Queue - Aniworld"
+    )
+
+
+@router.get("/loading", response_class=HTMLResponse)
+async def loading_page(request: Request):
+    """Serve the initialization loading page."""
+    return render_template(
+        "loading.html",
+        request,
+        title="Initializing - Aniworld"
+    )
+
+
+@router.get("/setup/unresolved", response_class=HTMLResponse)
+async def unresolved_page(request: Request):
+    """Serve the unresolved folders resolution page."""
+    return render_template(
+        "unresolved.html",
+        request,
+        title="Resolve Series - Aniworld"
+    )

src/server/core_init_merge.py

@@ -0,0 +1,8 @@
+"""
+Core module for AniWorld application.
+Contains domain entities, interfaces, application services, and exceptions.
+"""
+
+from . import entities, exceptions, interfaces, providers
+
+__all__ = ['entities', 'exceptions', 'interfaces', 'providers']

src/server/database/README.md

@@ -0,0 +1,416 @@
+# Database Layer
+
+SQLAlchemy-based database layer for the Aniworld web application.
+
+## Overview
+
+This package provides persistent storage for anime series, episodes, download queue, and user sessions using SQLAlchemy ORM with comprehensive service layer for CRUD operations.
+
+## Quick Start
+
+### Installation
+
+Install required dependencies:
+
+```bash
+pip install sqlalchemy aiosqlite
+```
+
+Or use the project requirements:
+
+```bash
+pip install -r requirements.txt
+```
+
+### Initialization
+
+Initialize the database on application startup:
+
+```python
+from src.server.database import init_db, close_db
+
+# Startup
+await init_db()
+
+# Shutdown
+await close_db()
+```
+
+### Usage in FastAPI
+
+Use the database session dependency in your endpoints:
+
+```python
+from fastapi import Depends
+from sqlalchemy.ext.asyncio import AsyncSession
+from src.server.database import get_db_session, AnimeSeries
+from sqlalchemy import select
+
+@app.get("/anime")
+async def get_anime(db: AsyncSession = Depends(get_db_session)):
+    result = await db.execute(select(AnimeSeries))
+    return result.scalars().all()
+```
+
+## Models
+
+### AnimeSeries
+
+Represents an anime series with metadata and relationships.
+
+```python
+series = AnimeSeries(
+    key="attack-on-titan",
+    name="Attack on Titan",
+    site="https://aniworld.to",
+    folder="/anime/attack-on-titan",
+    description="Epic anime about titans",
+    status="completed",
+    total_episodes=75
+)
+```
+
+### Episode
+
+Individual episodes linked to series.
+
+```python
+episode = Episode(
+    series_id=series.id,
+    season=1,
+    episode_number=5,
+    title="The Fifth Episode",
+    is_downloaded=True
+)
+```
+
+### DownloadQueueItem
+
+Download queue with progress tracking.
+
+```python
+from src.server.database.models import DownloadStatus, DownloadPriority
+
+item = DownloadQueueItem(
+    series_id=series.id,
+    season=1,
+    episode_number=3,
+    status=DownloadStatus.DOWNLOADING,
+    priority=DownloadPriority.HIGH,
+    progress_percent=45.5
+)
+```
+
+### UserSession
+
+User authentication sessions.
+
+```python
+from datetime import datetime, timedelta
+
+session = UserSession(
+    session_id="unique-session-id",
+    token_hash="hashed-jwt-token",
+    expires_at=datetime.utcnow() + timedelta(hours=24),
+    is_active=True
+)
+```
+
+## Mixins
+
+### TimestampMixin
+
+Adds automatic timestamp tracking:
+
+```python
+from src.server.database.base import Base, TimestampMixin
+
+class MyModel(Base, TimestampMixin):
+    __tablename__ = "my_table"
+    # created_at and updated_at automatically added
+```
+
+### SoftDeleteMixin
+
+Provides soft delete functionality:
+
+```python
+from src.server.database.base import Base, SoftDeleteMixin
+
+class MyModel(Base, SoftDeleteMixin):
+    __tablename__ = "my_table"
+
+    # Usage
+    instance.soft_delete()  # Mark as deleted
+    instance.is_deleted     # Check if deleted
+    instance.restore()      # Restore deleted record
+```
+
+## Configuration
+
+Configure database via environment variables:
+
+```bash
+DATABASE_URL=sqlite:///./data/aniworld.db
+LOG_LEVEL=DEBUG  # Enables SQL query logging
+```
+
+Or in code:
+
+```python
+from src.config.settings import settings
+
+settings.database_url = "sqlite:///./data/aniworld.db"
+```
+
+## Testing
+
+Run database tests:
+
+```bash
+pytest tests/unit/test_database_models.py -v
+```
+
+The test suite uses an in-memory SQLite database for isolation and speed.
+
+## Architecture
+
+-   **base.py**: Base declarative class and mixins
+-   **models.py**: SQLAlchemy ORM models (4 models)
+-   **connection.py**: Engine, session factory, dependency injection
+-   \***\*init**.py\*\*: Package exports
+-   **service.py**: Service layer with CRUD operations
+
+## Service Layer
+
+The service layer provides high-level CRUD operations for all models:
+
+### AnimeSeriesService
+
+```python
+from src.server.database import AnimeSeriesService
+
+# Create series
+series = await AnimeSeriesService.create(
+    db,
+    key="my-anime",
+    name="My Anime",
+    site="https://example.com",
+    folder="/path/to/anime"
+)
+
+# Get by ID or key
+series = await AnimeSeriesService.get_by_id(db, series_id)
+series = await AnimeSeriesService.get_by_key(db, "my-anime")
+
+# Get all with pagination
+all_series = await AnimeSeriesService.get_all(db, limit=50, offset=0)
+
+# Update
+updated = await AnimeSeriesService.update(db, series_id, name="Updated Name")
+
+# Delete (cascades to episodes and downloads)
+deleted = await AnimeSeriesService.delete(db, series_id)
+
+# Search
+results = await AnimeSeriesService.search(db, "naruto", limit=10)
+```
+
+### EpisodeService
+
+```python
+from src.server.database import EpisodeService
+
+# Create episode
+episode = await EpisodeService.create(
+    db,
+    series_id=1,
+    season=1,
+    episode_number=5,
+    title="Episode 5"
+)
+
+# Get episodes for series
+episodes = await EpisodeService.get_by_series(db, series_id, season=1)
+
+# Get specific episode
+episode = await EpisodeService.get_by_episode(db, series_id, season=1, episode_number=5)
+
+# Mark as downloaded
+updated = await EpisodeService.mark_downloaded(
+    db,
+    episode_id,
+    file_path="/path/to/file.mp4",
+    file_size=1024000
+)
+```
+
+### DownloadQueueService
+
+```python
+from src.server.database import DownloadQueueService
+from src.server.database.models import DownloadPriority, DownloadStatus
+
+# Add to queue
+item = await DownloadQueueService.create(
+    db,
+    series_id=1,
+    season=1,
+    episode_number=5,
+    priority=DownloadPriority.HIGH
+)
+
+# Get pending downloads (ordered by priority)
+pending = await DownloadQueueService.get_pending(db, limit=10)
+
+# Get active downloads
+active = await DownloadQueueService.get_active(db)
+
+# Update status
+updated = await DownloadQueueService.update_status(
+    db,
+    item_id,
+    DownloadStatus.DOWNLOADING
+)
+
+# Update progress
+updated = await DownloadQueueService.update_progress(
+    db,
+    item_id,
+    progress_percent=50.0,
+    downloaded_bytes=500000,
+    total_bytes=1000000,
+    download_speed=50000.0
+)
+
+# Clear completed
+count = await DownloadQueueService.clear_completed(db)
+
+# Retry failed downloads
+retried = await DownloadQueueService.retry_failed(db, max_retries=3)
+```
+
+### UserSessionService
+
+```python
+from src.server.database import UserSessionService
+from datetime import datetime, timedelta
+
+# Create session
+expires_at = datetime.utcnow() + timedelta(hours=24)
+session = await UserSessionService.create(
+    db,
+    session_id="unique-session-id",
+    token_hash="hashed-jwt-token",
+    expires_at=expires_at,
+    user_id="user123",
+    ip_address="127.0.0.1"
+)
+
+# Get session
+session = await UserSessionService.get_by_session_id(db, "session-id")
+
+# Get active sessions
+active = await UserSessionService.get_active_sessions(db, user_id="user123")
+
+# Update activity
+updated = await UserSessionService.update_activity(db, "session-id")
+
+# Revoke session
+revoked = await UserSessionService.revoke(db, "session-id")
+
+# Cleanup expired sessions
+count = await UserSessionService.cleanup_expired(db)
+```
+
+## Database Schema
+
+```
+anime_series (id, key, name, site, folder, ...)
+├── episodes (id, series_id, season, episode_number, ...)
+└── download_queue (id, series_id, season, episode_number, status, ...)
+
+user_sessions (id, session_id, token_hash, expires_at, ...)
+```
+
+## Production Considerations
+
+### SQLite (Current)
+
+-   Single file: `data/aniworld.db`
+-   WAL mode for concurrency
+-   Foreign keys enabled
+-   Static connection pool
+
+### PostgreSQL/MySQL (Future)
+
+For multi-process deployments:
+
+```python
+DATABASE_URL=postgresql+asyncpg://user:pass@host/db
+# or
+DATABASE_URL=mysql+aiomysql://user:pass@host/db
+```
+
+Configure connection pooling:
+
+```python
+engine = create_async_engine(
+    url,
+    pool_size=10,
+    max_overflow=20,
+    pool_pre_ping=True
+)
+```
+
+## Performance Tips
+
+1. **Indexes**: Models have indexes on frequently queried columns
+2. **Relationships**: Use `selectinload()` or `joinedload()` for eager loading
+3. **Batching**: Use bulk operations for multiple inserts/updates
+4. **Query Optimization**: Profile slow queries in DEBUG mode
+
+Example with eager loading:
+
+```python
+from sqlalchemy.orm import selectinload
+
+result = await db.execute(
+    select(AnimeSeries)
+    .options(selectinload(AnimeSeries.episodes))
+    .where(AnimeSeries.key == "attack-on-titan")
+)
+series = result.scalar_one()
+# episodes already loaded, no additional queries
+```
+
+## Troubleshooting
+
+### Database not initialized
+
+```
+RuntimeError: Database not initialized. Call init_db() first.
+```
+
+Solution: Call `await init_db()` during application startup.
+
+### Table does not exist
+
+```
+sqlalchemy.exc.OperationalError: no such table: anime_series
+```
+
+Solution: `Base.metadata.create_all()` is called automatically by `init_db()`.
+
+### Foreign key constraint failed
+
+```
+sqlalchemy.exc.IntegrityError: FOREIGN KEY constraint failed
+```
+
+Solution: Ensure referenced records exist before creating relationships.
+
+## Further Reading
+
+-   [SQLAlchemy 2.0 Documentation](https://docs.sqlalchemy.org/en/20/)
+-   [FastAPI with Databases](https://fastapi.tiangolo.com/tutorial/sql-databases/)

src/server/database/SerieList.py

@@ -0,0 +1,288 @@
+"""Utilities for loading and managing stored anime series metadata.
+
+This module provides the SerieList class for managing collections of anime
+series metadata loaded from the database.
+
+Note:
+    This module is part of the server database layer. All persistence
+    is handled by the service layer.
+"""
+
+from __future__ import annotations
+
+import logging
+from typing import Dict, List, Optional
+
+from src.server.database.models import AnimeSeries
+
+logger = logging.getLogger(__name__)
+
+
+class SerieList:
+    """
+    Represents the collection of cached series loaded from database.
+    
+    Series are identified by their unique 'key' (provider identifier).
+    The 'folder' is metadata only and not used for lookups.
+    
+    This class manages in-memory series data loaded from database.
+    
+    Example:
+        # Load from database
+        serie_list = SerieList("/path/to/anime")
+        await serie_list.load_all_from_db()
+        series = serie_list.get_all()
+    
+    Attributes:
+        directory: Path to the anime directory
+        keyDict: Internal dictionary mapping serie.key to AnimeSeries objects
+    """
+
+    def __init__(self, base_path: str) -> None:
+        """Initialize the SerieList.
+        
+        Args:
+            base_path: Path to the anime directory
+        """
+        self.directory: str = base_path
+        # Internal storage using serie.key as the dictionary key
+        self.keyDict: Dict[str, AnimeSeries] = {}
+
+    async def add_to_db(self, anime: AnimeSeries) -> bool:
+        """Persist a new series to the database.
+
+        Creates the filesystem folder using anime.folder, then persists
+        the series metadata to the database.
+
+        Args:
+            anime: The AnimeSeries instance to add
+
+        Returns:
+            True if successful, False otherwise
+        """
+        try:
+            from src.server.database.connection import get_async_session_factory
+            from src.server.database.service import AnimeSeriesService, EpisodeService
+
+            folder_name = anime.folder
+            anime_path = self.directory + "/" + folder_name
+            import os
+            os.makedirs(anime_path, exist_ok=True)
+
+            session_factory = get_async_session_factory()
+            db = session_factory()
+            try:
+                existing = await AnimeSeriesService.get_by_key(db, anime.key)
+                if existing:
+                    logger.debug(
+                        "Series '%s' (key=%s) already exists in DB, skipping",
+                        anime.name, anime.key
+                    )
+                    return True
+
+                db_anime_series = await AnimeSeriesService.create(
+                    db=db,
+                    key=anime.key,
+                    name=anime.name,
+                    site=anime.site,
+                    folder=folder_name,
+                    year=anime.year
+                )
+                for ep in anime.episodes:
+                    await EpisodeService.create(
+                        db=db,
+                        series_id=db_anime_series.id,
+                        season=ep.season,
+                        episode_number=ep.episode_number
+                    )
+                await db.commit()
+                self.keyDict[anime.key] = anime
+                logger.info(
+                    "Persisted series '%s' to database",
+                    anime.name
+                )
+                return True
+            except Exception as e:
+                await db.rollback()
+                logger.error(
+                    "Failed to persist series '%s' to DB: %s",
+                    anime.key, e, exc_info=True
+                )
+                return False
+            finally:
+                await db.close()
+        except Exception as e:
+            logger.error(
+                "Could not add series '%s' to DB (DB unavailable?): %s",
+                anime.key, e
+            )
+            return False
+
+    def contains(self, key: str) -> bool:
+        """
+        Return True when a series identified by ``key`` already exists.
+        
+        Args:
+            key: The unique provider identifier for the series
+            
+        Returns:
+            True if the series exists in the collection
+        """
+        return key in self.keyDict
+
+    def GetMissingEpisode(self) -> List[AnimeSeries]:
+        """Return all series that still contain missing episodes."""
+        return [
+            anime for anime in self.keyDict.values()
+            if anime.episodeDict
+        ]
+
+    def get_missing_episodes(self) -> List[AnimeSeries]:
+        """PEP8-friendly alias for :meth:`GetMissingEpisode`."""
+        return self.GetMissingEpisode()
+
+    def GetList(self) -> List[AnimeSeries]:
+        """Return all series instances stored in the list."""
+        return list(self.keyDict.values())
+
+    def get_all(self) -> List[AnimeSeries]:
+        """PEP8-friendly alias for :meth:`GetList`."""
+        return self.GetList()
+    
+    def get_by_key(self, key: str) -> Optional[AnimeSeries]:
+        """
+        Get a series by its unique provider key.
+        
+        This is the primary method for series lookup.
+        
+        Args:
+            key: The unique provider identifier (e.g., "attack-on-titan")
+            
+        Returns:
+            The AnimeSeries instance if found, None otherwise
+        """
+        return self.keyDict.get(key)
+    
+    def get_by_folder(self, folder: str) -> Optional[AnimeSeries]:
+        """
+        Get a series by its folder name.
+        
+        .. deprecated:: 2.0.0
+            Use :meth:`get_by_key` instead. Folder-based lookups will be
+            removed in version 3.0.0. The `folder` field is metadata only
+            and should not be used for identification.
+        
+        This method is provided for backward compatibility only.
+        Prefer using get_by_key() for new code.
+        
+        Args:
+            folder: The filesystem folder name (e.g., "Attack on Titan (2013)")
+            
+        Returns:
+            The AnimeSeries instance if found, None otherwise
+        """
+        import warnings
+        warnings.warn(
+            "get_by_folder() is deprecated and will be removed in v3.0.0. "
+            "Use get_by_key() instead. The 'folder' field is metadata only.",
+            DeprecationWarning,
+            stacklevel=2
+        )
+        for anime in self.keyDict.values():
+            if anime.folder == folder:
+                return anime
+        return None
+
+    async def load_all_from_db(self) -> int:
+        """Load all series from database into in-memory cache.
+        
+        Retrieves all anime series from the database with their episodes
+        and populates the in-memory keyDict for fast access.
+        
+        Returns:
+            int: Number of series loaded into cache
+        """
+        from src.server.database.connection import get_async_session_factory
+        from src.server.database.service import AnimeSeriesService
+        
+        try:
+            session_factory = get_async_session_factory()
+            db = session_factory()
+            try:
+                anime_series_list = await AnimeSeriesService.get_all(
+                    db, with_episodes=True
+                )
+                
+                count = 0
+                for anime_series in anime_series_list:
+                    self.keyDict[anime_series.key] = anime_series
+                    count += 1
+                
+                logger.info(
+                    "Loaded %d series from database into in-memory cache",
+                    count
+                )
+                return count
+            finally:
+                await db.close()
+        except RuntimeError:
+            logger.warning(
+                "Database not available, skipping DB load"
+            )
+            return 0
+
+    async def _load_single_series_from_db(
+        self,
+        anime_folder: str
+    ) -> Optional[AnimeSeries]:
+        """Load a single series from database by folder name.
+        
+        Looks up a series in the database by its folder name and adds
+        it to the in-memory cache.
+        
+        Args:
+            anime_folder: The filesystem folder name to look up
+            
+        Returns:
+            AnimeSeries if found and loaded, None otherwise
+        """
+        from src.server.database.connection import get_async_session_factory
+        from src.server.database.service import AnimeSeriesService
+        
+        try:
+            session_factory = get_async_session_factory()
+            db = session_factory()
+            try:
+                anime_series = await AnimeSeriesService.get_by_folder(
+                    db, anime_folder
+                )
+                if not anime_series:
+                    logger.debug(
+                        "Series with folder '%s' not found in DB",
+                        anime_folder
+                    )
+                    return None
+                
+                self.keyDict[anime_series.key] = anime_series
+                logger.debug(
+                    "Loaded series '%s' (key=%s) from DB",
+                    anime_series.name, anime_series.key
+                )
+                return anime_series
+            finally:
+                await db.close()
+        except RuntimeError:
+            logger.warning(
+                "Database not available, cannot load series '%s'",
+                anime_folder
+            )
+            return None
+
+    def invalidate_cache(self) -> None:
+        """Clear the in-memory cache.
+        
+        Use after database modifications to force reload from DB
+        on next access.
+        """
+        self.keyDict.clear()
+        logger.debug("SerieList in-memory cache invalidated")

src/server/database/__init__.py

@@ -0,0 +1,85 @@
+"""Database package for the Aniworld web application.
+
+This package provides SQLAlchemy models, database connection management,
+and session handling for persistent storage.
+
+Modules:
+    - models: SQLAlchemy ORM models for anime series, episodes, download queue, and sessions
+    - connection: Database engine and session factory configuration
+    - base: Base class for all SQLAlchemy models
+
+Usage:
+    from src.server.database import get_db_session, init_db
+    
+    # Initialize database on application startup
+    init_db()
+    
+    # Use in FastAPI endpoints
+    @app.get("/anime")
+    async def get_anime(db: AsyncSession = Depends(get_db_session)):
+        result = await db.execute(select(AnimeSeries))
+        return result.scalars().all()
+"""
+
+from src.server.database.base import Base
+from src.server.database.connection import close_db, get_db_session, init_db
+from src.server.database.init import (
+    CURRENT_SCHEMA_VERSION,
+    EXPECTED_TABLES,
+    check_database_health,
+    create_database_backup,
+    create_database_schema,
+    get_database_info,
+    get_schema_version,
+    initialize_database,
+    seed_initial_data,
+    validate_database_schema,
+)
+from src.server.database.models import (
+    AnimeSeries,
+    DownloadQueueItem,
+    Episode,
+    SystemSettings,
+    UserSession,
+)
+from src.server.database.service import (
+    AnimeSeriesService,
+    DownloadQueueService,
+    EpisodeService,
+    UserSessionService,
+)
+from src.server.database.SerieList import SerieList
+from src.server.database.system_settings_service import SystemSettingsService
+
+__all__ = [
+    # Base and connection
+    "Base",
+    "get_db_session",
+    "init_db",
+    "close_db",
+    # Initialization functions
+    "initialize_database",
+    "create_database_schema",
+    "validate_database_schema",
+    "get_schema_version",
+    "seed_initial_data",
+    "check_database_health",
+    "create_database_backup",
+    "get_database_info",
+    "CURRENT_SCHEMA_VERSION",
+    "EXPECTED_TABLES",
+    # Models
+    "AnimeSeries",
+    "Episode",
+    "DownloadQueueItem",
+    "SystemSettings",
+    "UserSession",
+    # Services
+    "AnimeSeriesService",
+    "EpisodeService",
+    "DownloadQueueService",
+    "SystemSettingsService",
+    "UserSessionService",
+    # SerieList
+    "SerieList",
+]

src/server/database/base.py

@@ -0,0 +1,74 @@
+"""Base SQLAlchemy declarative base for all database models.
+
+This module provides the base class that all ORM models inherit from,
+along with common functionality and mixins.
+"""
+from datetime import datetime, timezone
+from typing import Any
+
+from sqlalchemy import DateTime, func
+from sqlalchemy.orm import DeclarativeBase, Mapped, mapped_column
+
+
+class Base(DeclarativeBase):
+    """Base class for all SQLAlchemy ORM models.
+    
+    Provides common functionality and type annotations for all models.
+    All models should inherit from this class.
+    """
+    pass
+
+
+class TimestampMixin:
+    """Mixin to add created_at and updated_at timestamp columns.
+    
+    Automatically tracks when records are created and updated.
+    Use this mixin for models that need audit timestamps.
+    
+    Attributes:
+        created_at: Timestamp when record was created
+        updated_at: Timestamp when record was last updated
+    """
+    created_at: Mapped[datetime] = mapped_column(
+        DateTime(timezone=True),
+        server_default=func.now(),
+        nullable=False,
+        doc="Timestamp when record was created"
+    )
+    updated_at: Mapped[datetime] = mapped_column(
+        DateTime(timezone=True),
+        server_default=func.now(),
+        onupdate=func.now(),
+        nullable=False,
+        doc="Timestamp when record was last updated"
+    )
+
+
+class SoftDeleteMixin:
+    """Mixin to add soft delete functionality.
+    
+    Instead of deleting records, marks them as deleted with a timestamp.
+    Useful for maintaining audit trails and allowing recovery.
+    
+    Attributes:
+        deleted_at: Timestamp when record was soft deleted, None if active
+    """
+    deleted_at: Mapped[datetime | None] = mapped_column(
+        DateTime(timezone=True),
+        nullable=True,
+        default=None,
+        doc="Timestamp when record was soft deleted"
+    )
+    
+    @property
+    def is_deleted(self) -> bool:
+        """Check if record is soft deleted."""
+        return self.deleted_at is not None
+    
+    def soft_delete(self) -> None:
+        """Mark record as deleted without removing from database."""
+        self.deleted_at = datetime.now(timezone.utc)
+    
+    def restore(self) -> None:
+        """Restore a soft deleted record."""
+        self.deleted_at = None

src/server/database/connection.py

@@ -0,0 +1,592 @@
+"""Database connection and session management for SQLAlchemy.
+
+This module provides database engine creation, session factory configuration,
+and dependency injection helpers for FastAPI endpoints.
+
+Functions:
+    - init_db: Initialize database engine and create tables
+    - close_db: Close database connections and cleanup
+    - get_db_session: FastAPI dependency for database sessions
+    - get_transactional_session: Session without auto-commit for transactions
+    - get_engine: Get database engine instance
+
+Classes:
+    - TransactionManager: Helper class for manual transaction control
+"""
+from __future__ import annotations
+
+import logging
+from contextlib import asynccontextmanager
+from typing import AsyncGenerator, Optional
+
+from sqlalchemy import create_engine, event, pool
+from sqlalchemy.ext.asyncio import (
+    AsyncEngine,
+    AsyncSession,
+    async_sessionmaker,
+    create_async_engine,
+)
+from sqlalchemy.orm import Session, sessionmaker
+
+from src.config.settings import settings
+from src.server.database.base import Base
+
+logger = logging.getLogger(__name__)
+
+# Global engine and session factory instances
+_engine: Optional[AsyncEngine] = None
+_sync_engine: Optional[create_engine] = None
+_session_factory: Optional[async_sessionmaker[AsyncSession]] = None
+_sync_session_factory: Optional[sessionmaker[Session]] = None
+
+
+def _get_database_url() -> str:
+    """Get database URL from settings.
+    
+    Converts SQLite URLs to async format if needed.
+    
+    Returns:
+        Database URL string suitable for async engine
+    """
+    url = settings.database_url
+    
+    # Convert sqlite:/// to sqlite+aiosqlite:/// for async support
+    if url.startswith("sqlite:///"):
+        url = url.replace("sqlite:///", "sqlite+aiosqlite:///")
+    
+    return url
+
+
+def _configure_sqlite_engine(engine: AsyncEngine) -> None:
+    """Configure SQLite-specific engine settings.
+    
+    Enables foreign key support and optimizes connection pooling.
+    
+    Args:
+        engine: SQLAlchemy async engine instance
+    """
+    @event.listens_for(engine.sync_engine, "connect")
+    def set_sqlite_pragma(dbapi_conn, connection_record):
+        """Enable foreign keys and set pragmas for SQLite."""
+        cursor = dbapi_conn.cursor()
+        cursor.execute("PRAGMA foreign_keys=ON")
+        cursor.execute("PRAGMA journal_mode=WAL")
+        cursor.close()
+
+
+async def init_db() -> None:
+    """Initialize database engine and create tables.
+    
+    Creates async and sync engines, session factories, and database tables.
+    Should be called during application startup.
+    
+    Raises:
+        Exception: If database initialization fails
+    """
+    global _engine, _sync_engine, _session_factory, _sync_session_factory
+    
+    try:
+        # Get database URL
+        db_url = _get_database_url()
+        logger.info("Initializing database: %s", db_url)
+        
+        # Build engine kwargs based on database type
+        is_sqlite = "sqlite" in db_url
+        engine_kwargs = {
+            "echo": settings.log_level == "DEBUG",
+            "poolclass": pool.StaticPool if is_sqlite else pool.QueuePool,
+            "pool_pre_ping": True,
+        }
+        
+        # Only add pool_size and max_overflow for non-SQLite databases
+        if not is_sqlite:
+            engine_kwargs["pool_size"] = 5
+            engine_kwargs["max_overflow"] = 10
+        
+        # Create async engine
+        _engine = create_async_engine(db_url, **engine_kwargs)
+        
+        # Configure SQLite if needed
+        if is_sqlite:
+            _configure_sqlite_engine(_engine)
+        
+        # Create async session factory
+        _session_factory = async_sessionmaker(
+            bind=_engine,
+            class_=AsyncSession,
+            expire_on_commit=False,
+            autoflush=False,
+            autocommit=False,
+        )
+        
+        # Create sync engine for initial setup
+        sync_url = settings.database_url
+        is_sqlite_sync = "sqlite" in sync_url
+        sync_engine_kwargs = {
+            "echo": settings.log_level == "DEBUG",
+            "poolclass": pool.StaticPool if is_sqlite_sync else pool.QueuePool,
+            "pool_pre_ping": True,
+        }
+        _sync_engine = create_engine(sync_url, **sync_engine_kwargs)
+        
+        # Create sync session factory
+        _sync_session_factory = sessionmaker(
+            bind=_sync_engine,
+            expire_on_commit=False,
+            autoflush=False,
+            autocommit=False,
+        )
+        
+        # Create all tables
+        logger.info("Creating database tables...")
+        Base.metadata.create_all(bind=_sync_engine)
+        logger.info("Database initialization complete")
+        
+    except Exception as e:
+        logger.error("Failed to initialize database: %s", e)
+        raise
+
+
+async def close_db() -> None:
+    """Close database connections and cleanup resources.
+    
+    Performs a WAL checkpoint for SQLite databases to ensure all
+    pending writes are flushed to the main database file before
+    closing connections. This prevents database corruption during
+    shutdown.
+    
+    Should be called during application shutdown.
+    """
+    global _engine, _sync_engine, _session_factory, _sync_session_factory
+    
+    try:
+        # For SQLite: checkpoint WAL to ensure all writes are flushed
+        if _sync_engine and "sqlite" in str(_sync_engine.url):
+            logger.info("Running SQLite WAL checkpoint before shutdown...")
+            try:
+                from sqlalchemy import text
+                with _sync_engine.connect() as conn:
+                    # TRUNCATE mode: checkpoint and truncate WAL file
+                    conn.execute(text("PRAGMA wal_checkpoint(TRUNCATE)"))
+                    conn.commit()
+                logger.info("SQLite WAL checkpoint completed")
+            except Exception as e:
+                logger.warning("WAL checkpoint failed (non-critical): %s", e)
+        
+        if _engine:
+            logger.info("Closing async database engine...")
+            await _engine.dispose()
+            _engine = None
+            _session_factory = None
+        
+        if _sync_engine:
+            logger.info("Closing sync database engine...")
+            _sync_engine.dispose()
+            _sync_engine = None
+            _sync_session_factory = None
+        
+        logger.info("Database connections closed")
+        
+    except Exception as e:
+        logger.error("Error closing database: %s", e)
+
+
+def get_engine() -> AsyncEngine:
+    """Get the database engine instance.
+    
+    Returns:
+        AsyncEngine instance
+    
+    Raises:
+        RuntimeError: If database is not initialized
+    """
+    if _engine is None:
+        raise RuntimeError(
+            "Database not initialized. Call init_db() first."
+        )
+    return _engine
+
+
+def get_sync_engine():
+    """Get the sync database engine instance.
+    
+    Returns:
+        Engine instance
+    
+    Raises:
+        RuntimeError: If database is not initialized
+    """
+    if _sync_engine is None:
+        raise RuntimeError(
+            "Database not initialized. Call init_db() first."
+        )
+    return _sync_engine
+
+
+@asynccontextmanager
+async def get_db_session() -> AsyncGenerator[AsyncSession, None]:
+    """FastAPI dependency to get database session.
+    
+    Provides an async database session with automatic commit/rollback.
+    Use this as a dependency in FastAPI endpoints.
+    
+    Yields:
+        AsyncSession: Database session for async operations
+    
+    Raises:
+        RuntimeError: If database is not initialized
+    
+    Example:
+        @app.get("/anime")
+        async def get_anime(
+            db: AsyncSession = Depends(get_db_session)
+        ):
+            result = await db.execute(select(AnimeSeries))
+            return result.scalars().all()
+    """
+    if _session_factory is None:
+        raise RuntimeError(
+            "Database not initialized. Call init_db() first."
+        )
+    
+    session = _session_factory()
+    try:
+        yield session
+        await session.commit()
+    except Exception:
+        await session.rollback()
+        raise
+    finally:
+        await session.close()
+
+
+def get_sync_session() -> Session:
+    """Get a sync database session.
+    
+    Use this for synchronous operations outside FastAPI endpoints.
+    Remember to close the session when done.
+    
+    Returns:
+        Session: Database session for sync operations
+    
+    Raises:
+        RuntimeError: If database is not initialized
+    
+    Example:
+        session = get_sync_session()
+        try:
+            result = session.execute(select(AnimeSeries))
+            return result.scalars().all()
+        finally:
+            session.close()
+    """
+    if _sync_session_factory is None:
+        raise RuntimeError(
+            "Database not initialized. Call init_db() first."
+        )
+    
+    return _sync_session_factory()
+
+
+def get_async_session_factory() -> AsyncSession:
+    """Get a new async database session (factory function).
+    
+    Creates a new session instance for use in repository patterns.
+    The caller is responsible for committing/rolling back and closing.
+    
+    Returns:
+        AsyncSession: New database session for async operations
+    
+    Raises:
+        RuntimeError: If database is not initialized
+    
+    Example:
+        session = get_async_session_factory()
+        try:
+            result = await session.execute(select(AnimeSeries))
+            await session.commit()
+            return result.scalars().all()
+        except Exception:
+            await session.rollback()
+            raise
+        finally:
+            await session.close()
+    """
+    if _session_factory is None:
+        raise RuntimeError(
+            "Database not initialized. Call init_db() first."
+        )
+    
+    return _session_factory()
+
+
+@asynccontextmanager
+async def get_transactional_session() -> AsyncGenerator[AsyncSession, None]:
+    """Get a database session without auto-commit for explicit transaction control.
+    
+    Unlike get_db_session(), this does NOT auto-commit on success.
+    Use this when you need explicit transaction control with the
+    @transactional decorator or atomic() context manager.
+    
+    Yields:
+        AsyncSession: Database session for async operations
+    
+    Raises:
+        RuntimeError: If database is not initialized
+    
+    Example:
+        async with get_transactional_session() as session:
+            async with atomic(session) as tx:
+                # Multiple operations in transaction
+                await operation1(session)
+                await operation2(session)
+                # Committed when exiting atomic() context
+    """
+    if _session_factory is None:
+        raise RuntimeError(
+            "Database not initialized. Call init_db() first."
+        )
+    
+    session = _session_factory()
+    try:
+        yield session
+    except Exception:
+        await session.rollback()
+        raise
+    finally:
+        await session.close()
+
+
+class TransactionManager:
+    """Helper class for manual transaction control.
+    
+    Provides a cleaner interface for managing transactions across
+    multiple service calls within a single request.
+    
+    Attributes:
+        _session_factory: Factory for creating new sessions
+        _session: Current active session
+        _in_transaction: Whether currently in a transaction
+        
+    Example:
+        async with TransactionManager() as tm:
+            session = await tm.get_session()
+            await tm.begin()
+            try:
+                await service1.operation(session)
+                await service2.operation(session)
+                await tm.commit()
+            except Exception:
+                await tm.rollback()
+                raise
+    """
+    
+    def __init__(
+        self,
+        session_factory: Optional[async_sessionmaker] = None
+    ) -> None:
+        """Initialize transaction manager.
+        
+        Args:
+            session_factory: Optional custom session factory.
+                Uses global factory if not provided.
+        """
+        self._session_factory = session_factory or _session_factory
+        self._session: Optional[AsyncSession] = None
+        self._in_transaction = False
+        
+        if self._session_factory is None:
+            raise RuntimeError(
+                "Database not initialized. Call init_db() first."
+            )
+    
+    async def __aenter__(self) -> "TransactionManager":
+        """Enter context manager and create session."""
+        self._session = self._session_factory()
+        logger.debug("TransactionManager: Created new session")
+        return self
+    
+    async def __aexit__(
+        self,
+        exc_type: Optional[type],
+        exc_val: Optional[BaseException],
+        exc_tb: Optional[object],
+    ) -> bool:
+        """Exit context manager and cleanup session.
+        
+        Automatically rolls back if an exception occurred and
+        transaction wasn't explicitly committed.
+        """
+        if self._session:
+            if exc_type is not None and self._in_transaction:
+                logger.warning(
+                    "TransactionManager: Rolling back due to exception: %s",
+                    exc_val,
+                )
+                await self._session.rollback()
+            
+            await self._session.close()
+            self._session = None
+            self._in_transaction = False
+            logger.debug("TransactionManager: Session closed")
+        
+        return False
+    
+    async def get_session(self) -> AsyncSession:
+        """Get the current session.
+        
+        Returns:
+            Current AsyncSession instance
+            
+        Raises:
+            RuntimeError: If not within context manager
+        """
+        if self._session is None:
+            raise RuntimeError(
+                "TransactionManager must be used as async context manager"
+            )
+        return self._session
+    
+    async def begin(self) -> None:
+        """Begin a new transaction.
+        
+        Raises:
+            RuntimeError: If already in a transaction or no session
+        """
+        if self._session is None:
+            raise RuntimeError("No active session")
+        
+        if self._in_transaction:
+            raise RuntimeError("Already in a transaction")
+        
+        await self._session.begin()
+        self._in_transaction = True
+        logger.debug("TransactionManager: Transaction started")
+    
+    async def commit(self) -> None:
+        """Commit the current transaction.
+        
+        Raises:
+            RuntimeError: If not in a transaction
+        """
+        if not self._in_transaction or self._session is None:
+            raise RuntimeError("Not in a transaction")
+        
+        await self._session.commit()
+        self._in_transaction = False
+        logger.debug("TransactionManager: Transaction committed")
+    
+    async def rollback(self) -> None:
+        """Rollback the current transaction.
+        
+        Raises:
+            RuntimeError: If not in a transaction
+        """
+        if self._session is None:
+            raise RuntimeError("No active session")
+        
+        await self._session.rollback()
+        self._in_transaction = False
+        logger.debug("TransactionManager: Transaction rolled back")
+    
+    async def savepoint(self, name: Optional[str] = None) -> "SavepointHandle":
+        """Create a savepoint within the current transaction.
+        
+        Args:
+            name: Optional savepoint name
+            
+        Returns:
+            SavepointHandle for controlling the savepoint
+            
+        Raises:
+            RuntimeError: If not in a transaction
+        """
+        if not self._in_transaction or self._session is None:
+            raise RuntimeError("Must be in a transaction to create savepoint")
+        
+        nested = await self._session.begin_nested()
+        return SavepointHandle(nested, name or "unnamed")
+    
+    def is_in_transaction(self) -> bool:
+        """Check if currently in a transaction.
+        
+        Returns:
+            True if in an active transaction
+        """
+        return self._in_transaction
+    
+    def get_transaction_depth(self) -> int:
+        """Get current transaction nesting depth.
+        
+        Returns:
+            0 if not in transaction, 1+ for nested transactions
+        """
+        if not self._in_transaction:
+            return 0
+        return 1  # Basic implementation - could be extended
+
+
+class SavepointHandle:
+    """Handle for controlling a database savepoint.
+    
+    Attributes:
+        _nested: SQLAlchemy nested transaction
+        _name: Savepoint name for logging
+        _released: Whether savepoint has been released
+    """
+    
+    def __init__(self, nested: object, name: str) -> None:
+        """Initialize savepoint handle.
+        
+        Args:
+            nested: SQLAlchemy nested transaction object
+            name: Savepoint name
+        """
+        self._nested = nested
+        self._name = name
+        self._released = False
+        logger.debug("Created savepoint: %s", name)
+    
+    async def rollback(self) -> None:
+        """Rollback to this savepoint."""
+        if not self._released:
+            await self._nested.rollback()
+            self._released = True
+            logger.debug("Rolled back savepoint: %s", self._name)
+    
+    async def release(self) -> None:
+        """Release (commit) this savepoint."""
+        if not self._released:
+            # Nested transactions commit automatically in SQLAlchemy
+            self._released = True
+            logger.debug("Released savepoint: %s", self._name)
+
+
+def is_session_in_transaction(session: AsyncSession | Session) -> bool:
+    """Check if a session is currently in a transaction.
+    
+    Args:
+        session: SQLAlchemy session (sync or async)
+        
+    Returns:
+        True if session is in an active transaction
+    """
+    return session.in_transaction()
+
+
+def get_session_transaction_depth(session: AsyncSession | Session) -> int:
+    """Get the transaction nesting depth of a session.
+    
+    Args:
+        session: SQLAlchemy session (sync or async)
+        
+    Returns:
+        Number of nested transactions (0 if not in transaction)
+    """
+    if not session.in_transaction():
+        return 0
+    
+    # Check for nested transaction state
+    # Note: SQLAlchemy doesn't directly expose nesting depth
+    return 1
+

src/server/database/init.py

@@ -0,0 +1,667 @@
+"""Database initialization and setup module.
+
+This module provides comprehensive database initialization functionality:
+- Schema creation and validation
+- Database health checks
+- Schema versioning support
+
+"""
+from __future__ import annotations
+
+import logging
+from datetime import datetime
+from pathlib import Path
+from typing import Any, Dict, List, Optional
+
+from sqlalchemy import inspect, text
+from sqlalchemy.ext.asyncio import AsyncEngine
+
+from src.config.settings import settings
+from src.server.database.base import Base
+from src.server.database.connection import get_engine
+
+logger = logging.getLogger(__name__)
+
+
+# =============================================================================
+# Schema Version Constants
+# =============================================================================
+
+CURRENT_SCHEMA_VERSION = "1.0.1"
+SCHEMA_VERSION_TABLE = "schema_version"
+
+# Expected tables in the current schema
+EXPECTED_TABLES = {
+    "anime_series",
+    "episodes",
+    "download_queue",
+    "user_sessions",
+    "system_settings",
+}
+
+# Expected indexes for performance
+EXPECTED_INDEXES = {
+    "anime_series": ["ix_anime_series_key", "ix_anime_series_name"],
+    "episodes": ["ix_episodes_series_id"],
+    "download_queue": [
+        "ix_download_queue_series_id",
+        "ix_download_queue_episode_id",
+    ],
+    "user_sessions": [
+        "ix_user_sessions_session_id",
+        "ix_user_sessions_user_id",
+        "ix_user_sessions_is_active",
+    ],
+}
+
+
+# =============================================================================
+# Database Initialization
+# =============================================================================
+
+
+async def initialize_database(
+    engine: Optional[AsyncEngine] = None,
+    create_schema: bool = True,
+    validate_schema: bool = True,
+    seed_data: bool = False,
+) -> Dict[str, Any]:
+    """Initialize database with schema creation and validation.
+    
+    This is the main entry point for database initialization. It performs:
+    1. Schema creation (if requested)
+    2. Schema validation (if requested)
+    3. Initial data seeding (if requested)
+    4. Health check
+    
+    Args:
+        engine: Optional database engine (uses default if not provided)
+        create_schema: Whether to create database schema
+        validate_schema: Whether to validate schema after creation
+        seed_data: Whether to seed initial data
+    
+    Returns:
+        Dictionary with initialization results containing:
+            - success: Whether initialization succeeded
+            - schema_version: Current schema version
+            - tables_created: List of tables created
+            - validation_result: Schema validation result
+            - health_check: Database health status
+    
+    Raises:
+        RuntimeError: If database initialization fails
+        
+    Example:
+        result = await initialize_database(
+            create_schema=True,
+            validate_schema=True,
+            seed_data=True
+        )
+        if result["success"]:
+            logger.info("Database initialized: %s", result['schema_version'])
+    """
+    if engine is None:
+        engine = get_engine()
+    
+    logger.info("Starting database initialization...")
+    result = {
+        "success": False,
+        "schema_version": None,
+        "tables_created": [],
+        "validation_result": None,
+        "health_check": None,
+    }
+    
+    try:
+        # Create schema if requested
+        if create_schema:
+            tables = await create_database_schema(engine)
+            result["tables_created"] = tables
+            logger.info("Created %s tables", len(tables))
+        
+        # Migrate schema if needed (add missing columns to existing tables)
+        migrations = await migrate_schema_if_needed(engine)
+        if migrations:
+            logger.info("Applied %s schema migrations", len(migrations))
+        
+        # Validate schema if requested
+        if validate_schema:
+            validation = await validate_database_schema(engine)
+            result["validation_result"] = validation
+            
+            if not validation["valid"]:
+                logger.warning(
+                    f"Schema validation issues: {validation['issues']}"
+                )
+        
+        # Seed initial data if requested
+        if seed_data:
+            await seed_initial_data(engine)
+            logger.info("Initial data seeding complete")
+        
+        # Get schema version
+        version = await get_schema_version(engine)
+        result["schema_version"] = version
+        
+        # Health check
+        health = await check_database_health(engine)
+        result["health_check"] = health
+        
+        result["success"] = True
+        logger.info("Database initialization complete")
+        
+        return result
+        
+    except Exception as e:
+        logger.exception("Database initialization failed: %s", e)
+        raise RuntimeError(f"Failed to initialize database: {e}") from e
+
+
+async def create_database_schema(
+    engine: Optional[AsyncEngine] = None
+) -> List[str]:
+    """Create database schema with all tables and indexes.
+    
+    Creates all tables defined in Base.metadata if they don't exist.
+    This is idempotent - safe to call multiple times.
+    
+    Args:
+        engine: Optional database engine (uses default if not provided)
+    
+    Returns:
+        List of table names created
+        
+    Raises:
+        RuntimeError: If schema creation fails
+    """
+    if engine is None:
+        engine = get_engine()
+    
+    logger.info("Creating database schema...")
+    
+    try:
+        # Create all tables
+        async with engine.begin() as conn:
+            # Get existing tables before creation
+            existing_tables = await conn.run_sync(
+                lambda sync_conn: inspect(sync_conn).get_table_names()
+            )
+            
+            # Create all tables defined in Base
+            await conn.run_sync(Base.metadata.create_all)
+            
+            # Get tables after creation
+            new_tables = await conn.run_sync(
+                lambda sync_conn: inspect(sync_conn).get_table_names()
+            )
+        
+        # Determine which tables were created
+        created_tables = [t for t in new_tables if t not in existing_tables]
+        
+        if created_tables:
+            logger.info("Created tables: %s", ', '.join(created_tables))
+        else:
+            logger.info("All tables already exist")
+        
+        return new_tables
+        
+    except Exception as e:
+        logger.exception("Failed to create schema: %s", e)
+        raise RuntimeError(f"Schema creation failed: {e}") from e
+
+
+async def validate_database_schema(
+    engine: Optional[AsyncEngine] = None
+) -> Dict[str, Any]:
+    """Validate database schema integrity.
+    
+    Checks that all expected tables, columns, and indexes exist.
+    Reports any missing or unexpected schema elements.
+    
+    Args:
+        engine: Optional database engine (uses default if not provided)
+    
+    Returns:
+        Dictionary with validation results containing:
+            - valid: Whether schema is valid
+            - missing_tables: List of missing tables
+            - extra_tables: List of unexpected tables
+            - missing_indexes: Dict of missing indexes by table
+            - issues: List of validation issues
+    """
+    if engine is None:
+        engine = get_engine()
+    
+    logger.info("Validating database schema...")
+    
+    result = {
+        "valid": True,
+        "missing_tables": [],
+        "extra_tables": [],
+        "missing_indexes": {},
+        "issues": [],
+    }
+    
+    try:
+        async with engine.connect() as conn:
+            # Get existing tables
+            existing_tables = await conn.run_sync(
+                lambda sync_conn: set(inspect(sync_conn).get_table_names())
+            )
+            
+            # Check for missing tables
+            missing = EXPECTED_TABLES - existing_tables
+            if missing:
+                result["missing_tables"] = list(missing)
+                result["valid"] = False
+                result["issues"].append(
+                    f"Missing tables: {', '.join(missing)}"
+                )
+            
+            # Check for extra tables (excluding SQLite internal tables)
+            extra = existing_tables - EXPECTED_TABLES
+            extra = {t for t in extra if not t.startswith("sqlite_")}
+            if extra:
+                result["extra_tables"] = list(extra)
+                result["issues"].append(
+                    f"Unexpected tables: {', '.join(extra)}"
+                )
+            
+            # Check indexes for each table
+            for table_name in EXPECTED_TABLES & existing_tables:
+                existing_indexes = await conn.run_sync(
+                    lambda sync_conn: [
+                        idx["name"]
+                        for idx in inspect(sync_conn).get_indexes(table_name)
+                    ]
+                )
+                
+                expected_indexes = EXPECTED_INDEXES.get(table_name, [])
+                missing_indexes = [
+                    idx for idx in expected_indexes
+                    if idx not in existing_indexes
+                ]
+                
+                if missing_indexes:
+                    result["missing_indexes"][table_name] = missing_indexes
+                    result["valid"] = False
+                    result["issues"].append(
+                        f"Missing indexes on {table_name}: "
+                        f"{', '.join(missing_indexes)}"
+                    )
+        
+        if result["valid"]:
+            logger.info("Schema validation passed")
+        else:
+            logger.warning(
+                f"Schema validation issues found: {len(result['issues'])}"
+            )
+        
+        return result
+        
+    except Exception as e:
+        logger.exception("Schema validation failed: %s", e)
+        return {
+            "valid": False,
+            "missing_tables": [],
+            "extra_tables": [],
+            "missing_indexes": {},
+            "issues": [f"Validation error: {str(e)}"],
+        }
+
+
+# =============================================================================
+# Schema Migration
+# =============================================================================
+
+
+async def migrate_schema_if_needed(
+    engine: Optional[AsyncEngine] = None
+) -> List[str]:
+    """Migrate database schema to current version if needed.
+    
+    Handles adding missing columns to existing tables for backward
+    compatibility with older database schemas.
+    
+    Args:
+        engine: Optional database engine (uses default if not provided)
+    
+    Returns:
+        List of migration operations performed
+    """
+    if engine is None:
+        engine = get_engine()
+    
+    migrations_applied = []
+    
+    try:
+        async with engine.connect() as conn:
+            # Get existing columns in system_settings table
+            existing_columns = await conn.run_sync(
+                lambda sync_conn: [
+                    col["name"]
+                    for col in inspect(sync_conn).get_columns("system_settings")
+                ]
+            )
+            
+            # Migration: Add legacy_key_cleanup_completed column if missing
+            if "legacy_key_cleanup_completed" not in existing_columns:
+                logger.info(
+                    "Migrating system_settings table: "
+                    "adding legacy_key_cleanup_completed column"
+                )
+                await conn.execute(
+                    text("""
+                        ALTER TABLE system_settings
+                        ADD COLUMN legacy_key_cleanup_completed BOOLEAN
+                        NOT NULL DEFAULT 0
+                    """)
+                )
+                migrations_applied.append("added legacy_key_cleanup_completed")
+                logger.info(
+                    "Migration complete: added legacy_key_cleanup_completed column"
+                )
+    
+    except Exception as e:
+        logger.error("Schema migration failed: %s", e)
+        # Don't raise - migration failures shouldn't block startup
+        # The missing column will be handled gracefully by the application
+    
+    return migrations_applied
+
+
+# =============================================================================
+# Schema Version Management
+# =============================================================================
+
+
+async def get_schema_version(engine: Optional[AsyncEngine] = None) -> str:
+    """Get current database schema version.
+    
+    Returns version string based on existing tables and structure.
+    
+    Args:
+        engine: Optional database engine (uses default if not provided)
+    
+    Returns:
+        Schema version string (e.g., "1.0.1", "empty", "unknown")
+    """
+    if engine is None:
+        engine = get_engine()
+    
+    try:
+        async with engine.connect() as conn:
+            # Get existing tables
+            tables = await conn.run_sync(
+                lambda sync_conn: set(inspect(sync_conn).get_table_names())
+            )
+            
+            # Filter out SQLite internal tables
+            tables = {t for t in tables if not t.startswith("sqlite_")}
+            
+            if not tables:
+                return "empty"
+            elif tables == EXPECTED_TABLES:
+                return CURRENT_SCHEMA_VERSION
+            else:
+                return "unknown"
+                
+    except Exception as e:
+        logger.error("Failed to get schema version: %s", e)
+        return "error"
+
+
+async def create_schema_version_table(
+    engine: Optional[AsyncEngine] = None
+) -> None:
+    """Create schema version tracking table.
+    
+    Args:
+        engine: Optional database engine (uses default if not provided)
+    """
+    if engine is None:
+        engine = get_engine()
+    
+    async with engine.begin() as conn:
+        await conn.execute(
+            text(
+                f"""
+                CREATE TABLE IF NOT EXISTS {SCHEMA_VERSION_TABLE} (
+                    version VARCHAR(20) PRIMARY KEY,
+                    applied_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
+                    description TEXT
+                )
+                """
+            )
+        )
+
+
+# =============================================================================
+# Initial Data Seeding
+# =============================================================================
+
+
+async def seed_initial_data(engine: Optional[AsyncEngine] = None) -> None:
+    """Seed database with initial data.
+    
+    Creates default configuration and sample data if database is empty.
+    Safe to call multiple times - only seeds if tables are empty.
+    
+    Args:
+        engine: Optional database engine (uses default if not provided)
+    """
+    if engine is None:
+        engine = get_engine()
+    
+    logger.info("Seeding initial data...")
+    
+    try:
+        # Use engine directly for seeding to avoid dependency on session factory
+        async with engine.connect() as conn:
+            # Check if data already exists
+            result = await conn.execute(
+                text("SELECT COUNT(*) FROM anime_series")
+            )
+            count = result.scalar()
+            
+            if count > 0:
+                logger.info("Database already contains data, skipping seed")
+                return
+            
+            # Seed sample data if needed
+            # Note: In production, you may want to skip this
+            logger.info("Database is empty, but no sample data to seed")
+            logger.info("Data will be populated via normal application usage")
+            
+    except Exception as e:
+        logger.exception("Failed to seed initial data: %s", e)
+        raise
+
+
+# =============================================================================
+# Database Health Check
+# =============================================================================
+
+
+async def check_database_health(
+    engine: Optional[AsyncEngine] = None
+) -> Dict[str, Any]:
+    """Check database health and connectivity.
+    
+    Performs basic health checks including:
+    - Database connectivity
+    - Table accessibility
+    - Basic query execution
+    
+    Args:
+        engine: Optional database engine (uses default if not provided)
+    
+    Returns:
+        Dictionary with health check results containing:
+            - healthy: Overall health status
+            - accessible: Whether database is accessible
+            - tables: Number of tables
+            - connectivity_ms: Connection time in milliseconds
+            - issues: List of any health issues
+    """
+    if engine is None:
+        engine = get_engine()
+    
+    result = {
+        "healthy": True,
+        "accessible": False,
+        "tables": 0,
+        "connectivity_ms": 0,
+        "issues": [],
+    }
+    
+    try:
+        # Measure connectivity time
+        import time
+        start_time = time.time()
+        
+        async with engine.connect() as conn:
+            # Test basic query
+            await conn.execute(text("SELECT 1"))
+            
+            # Get table count
+            tables = await conn.run_sync(
+                lambda sync_conn: inspect(sync_conn).get_table_names()
+            )
+            result["tables"] = len(tables)
+        
+        end_time = time.time()
+        # Ensure at least 1ms for timing (avoid 0 for very fast operations)
+        result["connectivity_ms"] = max(1, int((end_time - start_time) * 1000))
+        result["accessible"] = True
+        
+        # Check for expected tables
+        if result["tables"] < len(EXPECTED_TABLES):
+            result["healthy"] = False
+            result["issues"].append(
+                f"Expected {len(EXPECTED_TABLES)} tables, "
+                f"found {result['tables']}"
+            )
+        
+        if result["healthy"]:
+            logger.info(
+                f"Database health check passed "
+                f"(connectivity: {result['connectivity_ms']}ms)"
+            )
+        else:
+            logger.warning("Database health issues: %s", result['issues'])
+        
+        return result
+        
+    except Exception as e:
+        logger.error("Database health check failed: %s", e)
+        return {
+            "healthy": False,
+            "accessible": False,
+            "tables": 0,
+            "connectivity_ms": 0,
+            "issues": [str(e)],
+        }
+
+
+# =============================================================================
+# Database Backup and Restore
+# =============================================================================
+
+
+async def create_database_backup(
+    backup_path: Optional[Path] = None
+) -> Path:
+    """Create database backup.
+    
+    For SQLite databases, creates a copy of the database file.
+    For other databases, this should be extended to use appropriate tools.
+    
+    Args:
+        backup_path: Optional path for backup file
+            (defaults to data/backups/aniworld_YYYYMMDD_HHMMSS.db)
+    
+    Returns:
+        Path to created backup file
+        
+    Raises:
+        RuntimeError: If backup creation fails
+    """
+    import shutil
+
+    # Get database path from settings
+    db_url = settings.database_url
+    
+    if not db_url.startswith("sqlite"):
+        raise NotImplementedError(
+            "Backup currently only supported for SQLite databases"
+        )
+    
+    # Extract database file path
+    db_path = Path(db_url.replace("sqlite:///", ""))
+    
+    if not db_path.exists():
+        raise RuntimeError(f"Database file not found: {db_path}")
+    
+    # Create backup path
+    if backup_path is None:
+        backup_dir = Path("data/backups")
+        backup_dir.mkdir(parents=True, exist_ok=True)
+        
+        timestamp = datetime.now().strftime("%Y%m%d_%H%M%S")
+        backup_path = backup_dir / f"aniworld_{timestamp}.db"
+    
+    try:
+        logger.info("Creating database backup: %s", backup_path)
+        shutil.copy2(db_path, backup_path)
+        logger.info("Backup created successfully: %s", backup_path)
+        return backup_path
+        
+    except Exception as e:
+        logger.exception("Failed to create backup: %s", e)
+        raise RuntimeError(f"Backup creation failed: {e}") from e
+
+
+# =============================================================================
+# Utility Functions
+# =============================================================================
+
+
+def get_database_info() -> Dict[str, Any]:
+    """Get database configuration information.
+    
+    Returns:
+        Dictionary with database configuration details
+    """
+    return {
+        "database_url": settings.database_url,
+        "database_type": (
+            "sqlite" if "sqlite" in settings.database_url
+            else "postgresql" if "postgresql" in settings.database_url
+            else "mysql" if "mysql" in settings.database_url
+            else "unknown"
+        ),
+        "schema_version": CURRENT_SCHEMA_VERSION,
+        "expected_tables": list(EXPECTED_TABLES),
+        "log_level": settings.log_level,
+    }
+
+
+# =============================================================================
+# Public API
+# =============================================================================
+
+
+__all__ = [
+    "initialize_database",
+    "create_database_schema",
+    "validate_database_schema",
+    "get_schema_version",
+    "create_schema_version_table",
+    "seed_initial_data",
+    "check_database_health",
+    "create_database_backup",
+    "get_database_info",
+    "CURRENT_SCHEMA_VERSION",
+    "EXPECTED_TABLES",
+]

src/server/database/models.py

@@ -0,0 +1,773 @@
+"""SQLAlchemy ORM models for the Aniworld web application.
+
+This module defines database models for anime series, episodes, download queue,
+and user sessions. Models use SQLAlchemy 2.0 style with type annotations.
+
+Models:
+    - AnimeSeries: Represents an anime series with metadata
+    - Episode: Individual episodes linked to series
+    - DownloadQueueItem: Download queue with status and progress tracking
+    - UserSession: User authentication sessions with JWT tokens
+"""
+from __future__ import annotations
+
+from datetime import datetime, timezone
+from enum import Enum
+from typing import List, Optional
+
+from sqlalchemy import Boolean, DateTime, ForeignKey, Index, Integer, String, Text, func
+from sqlalchemy.orm import Mapped, mapped_column, relationship, validates
+
+from src.server.database.base import Base, TimestampMixin
+
+
+class AnimeSeries(Base, TimestampMixin):
+    """SQLAlchemy model for anime series.
+    
+    Represents an anime series with metadata, provider information,
+    and links to episodes. Corresponds to the core Serie class.
+    
+    Series Identifier Convention:
+        - `key`: PRIMARY IDENTIFIER - Unique, provider-assigned, URL-safe
+          (e.g., "attack-on-titan"). Used for all lookups and operations.
+        - `folder`: METADATA ONLY - Filesystem folder name for display
+          (e.g., "Attack on Titan (2013)"). Never used for identification.
+        - `id`: Internal database primary key for relationships.
+    
+    Attributes:
+        id: Database primary key (internal use for relationships)
+        key: Unique provider key - PRIMARY IDENTIFIER for all lookups
+        name: Display name of the series
+        site: Provider site URL
+        folder: Filesystem folder name (metadata only, not for lookups)
+        episodes: Relationship to Episode models (via id foreign key)
+        download_items: Relationship to DownloadQueueItem models (via id foreign key)
+        created_at: Creation timestamp (from TimestampMixin)
+        updated_at: Last update timestamp (from TimestampMixin)
+    
+    Note:
+        All database relationships use `id` (primary key), not `key` or `folder`.
+        Use `get_by_key()` in AnimeSeriesService for lookups.
+    """
+    __tablename__ = "anime_series"
+    
+    # Primary key
+    id: Mapped[int] = mapped_column(
+        Integer, primary_key=True, autoincrement=True
+    )
+    
+    # Core identification
+    key: Mapped[str] = mapped_column(
+        String(255), unique=True, nullable=False, index=True,
+        doc="Unique provider key - PRIMARY IDENTIFIER for all lookups"
+    )
+    name: Mapped[str] = mapped_column(
+        String(500), nullable=False, index=True,
+        doc="Series name"
+    )
+    site: Mapped[str] = mapped_column(
+        String(500), nullable=False,
+        doc="Provider site URL"
+    )
+    folder: Mapped[str] = mapped_column(
+        String(1000), nullable=False,
+        doc="Filesystem folder name - METADATA ONLY, not for lookups"
+    )
+    year: Mapped[Optional[int]] = mapped_column(
+        Integer, nullable=True,
+        doc="Release year of the series"
+    )
+    
+    # NFO metadata tracking
+    has_nfo: Mapped[bool] = mapped_column(
+        Boolean, nullable=False, default=False, server_default="0",
+        doc="Whether tvshow.nfo file exists for this series"
+    )
+    nfo_path: Mapped[Optional[str]] = mapped_column(
+        String(1000), nullable=True,
+        doc="Path to the tvshow.nfo metadata file"
+    )
+    nfo_created_at: Mapped[Optional[datetime]] = mapped_column(
+        DateTime(timezone=True), nullable=True,
+        doc="Timestamp when NFO was first created"
+    )
+    nfo_updated_at: Mapped[Optional[datetime]] = mapped_column(
+        DateTime(timezone=True), nullable=True,
+        doc="Timestamp when NFO was last updated"
+    )
+    # TMDB (The Movie Database) ID for series metadata
+    tmdb_id: Mapped[Optional[int]] = mapped_column(
+        Integer, nullable=True, index=True,
+        doc="TMDB (The Movie Database) ID for series metadata"
+    )
+    tvdb_id: Mapped[Optional[int]] = mapped_column(
+        Integer, nullable=True, index=True,
+        doc="TVDB (TheTVDB) ID for series metadata"
+    )
+    
+    # Loading status fields for asynchronous data loading
+    loading_status: Mapped[str] = mapped_column(
+        String(50), nullable=False, default="completed", server_default="completed",
+        doc="Loading status: pending, loading_episodes, loading_nfo, loading_logo, "
+            "loading_images, completed, failed"
+    )
+    episodes_loaded: Mapped[bool] = mapped_column(
+        Boolean, nullable=False, default=True, server_default="1",
+        doc="Whether episodes have been scanned and loaded"
+    )
+    logo_loaded: Mapped[bool] = mapped_column(
+        Boolean, nullable=False, default=False, server_default="0",
+        doc="Whether logo.png has been downloaded"
+    )
+    images_loaded: Mapped[bool] = mapped_column(
+        Boolean, nullable=False, default=False, server_default="0",
+        doc="Whether poster/fanart images have been downloaded"
+    )
+    loading_started_at: Mapped[Optional[datetime]] = mapped_column(
+        DateTime(timezone=True), nullable=True,
+        doc="Timestamp when background loading started"
+    )
+    loading_completed_at: Mapped[Optional[datetime]] = mapped_column(
+        DateTime(timezone=True), nullable=True,
+        doc="Timestamp when background loading completed"
+    )
+    loading_error: Mapped[Optional[str]] = mapped_column(
+        String(1000), nullable=True,
+        doc="Error message if loading failed"
+    )
+    
+    # Relationships
+    episodes: Mapped[List["Episode"]] = relationship(
+        "Episode",
+        back_populates="series",
+        cascade="all, delete-orphan"
+    )
+    download_items: Mapped[List["DownloadQueueItem"]] = relationship(
+        "DownloadQueueItem",
+        back_populates="series",
+        cascade="all, delete-orphan"
+    )
+    
+    @validates('key')
+    def validate_key(self, key: str, value: str) -> str:
+        """Validate key field length and format."""
+        if not value or not value.strip():
+            raise ValueError("Series key cannot be empty")
+        if len(value) > 255:
+            raise ValueError("Series key must be 255 characters or less")
+        return value.strip()
+    
+    @validates('name')
+    def validate_name(self, key: str, value: str) -> str:
+        """Validate name field length."""
+        if not value or not value.strip():
+            raise ValueError("Series name cannot be empty")
+        if len(value) > 500:
+            raise ValueError("Series name must be 500 characters or less")
+        return value.strip()
+    
+    @validates('site')
+    def validate_site(self, key: str, value: str) -> str:
+        """Validate site URL length."""
+        if not value or not value.strip():
+            raise ValueError("Series site URL cannot be empty")
+        if len(value) > 500:
+            raise ValueError("Site URL must be 500 characters or less")
+        return value.strip()
+    
+    @validates('folder')
+    def validate_folder(self, key: str, value: str) -> str:
+        """Validate folder path length."""
+        if not value or not value.strip():
+            raise ValueError("Series folder path cannot be empty")
+        if len(value) > 1000:
+            raise ValueError("Folder path must be 1000 characters or less")
+        return value.strip()
+    
+    def __repr__(self) -> str:
+        return (
+            f"<AnimeSeries(id={self.id}, key='{self.key}', "
+            f"name='{self.name}')>"
+        )
+
+    @property
+    def episodeDict(self) -> dict[int, list[int]]:
+        """Build episode dictionary from episodes relationship or private cache.
+
+        Returns:
+            Dictionary mapping season numbers to lists of episode numbers
+        """
+        # Check for private cache first (set when loading from JSON without DB)
+        if hasattr(self, '_episode_dict_cache') and self._episode_dict_cache is not None:
+            return self._episode_dict_cache
+        
+        episode_dict: dict[int, list[int]] = {}
+        if self.episodes:
+            for ep in self.episodes:
+                season = ep.season or 1
+                if season not in episode_dict:
+                    episode_dict[season] = []
+                episode_dict[season].append(ep.episode_number or 0)
+        return episode_dict
+
+    @property
+    def name_with_year(self) -> str:
+        """Get series name with year appended if available.
+
+        Returns:
+            Name in format "Name (Year)" if year is available, else just name
+        """
+        if self.year:
+            import re
+            year_suffix = f" ({self.year})"
+            clean_name = re.sub(r'(\s*\(\d{4}\))+\s*$', '', self.name or '').strip()
+            return f"{clean_name}{year_suffix}"
+        return self.name or ''
+
+    @property
+    def sanitized_folder(self) -> str:
+        """Get filesystem-safe folder name from display name with year.
+
+        Returns:
+            Sanitized folder name based on display name with year
+        """
+        from src.server.utils.filesystem import sanitize_folder_name
+        name_to_sanitize = self.name_with_year or self.folder or self.key
+        try:
+            return sanitize_folder_name(name_to_sanitize)
+        except ValueError:
+            return sanitize_folder_name(self.key)
+
+
+class Episode(Base, TimestampMixin):
+    """SQLAlchemy model for anime episodes.
+    
+    Represents individual episodes linked to an anime series.
+    Tracks download status and file location.
+    
+    Attributes:
+        id: Primary key
+        series_id: Foreign key to AnimeSeries
+        season: Season number
+        episode_number: Episode number within season
+        title: Episode title
+        file_path: Local file path if downloaded
+        is_downloaded: Whether episode is downloaded
+        series: Relationship to AnimeSeries
+        created_at: Creation timestamp (from TimestampMixin)
+        updated_at: Last update timestamp (from TimestampMixin)
+    """
+    __tablename__ = "episodes"
+    
+    # Primary key
+    id: Mapped[int] = mapped_column(
+        Integer, primary_key=True, autoincrement=True
+    )
+    
+    # Foreign key to series
+    series_id: Mapped[int] = mapped_column(
+        ForeignKey("anime_series.id", ondelete="CASCADE"),
+        nullable=False,
+        index=True
+    )
+    
+    # Episode identification
+    season: Mapped[int] = mapped_column(
+        Integer, nullable=False,
+        doc="Season number"
+    )
+    episode_number: Mapped[int] = mapped_column(
+        Integer, nullable=False,
+        doc="Episode number within season"
+    )
+    title: Mapped[Optional[str]] = mapped_column(
+        String(500), nullable=True,
+        doc="Episode title"
+    )
+    
+    # Download information
+    file_path: Mapped[Optional[str]] = mapped_column(
+        String(1000), nullable=True,
+        doc="Local file path"
+    )
+    is_downloaded: Mapped[bool] = mapped_column(
+        Boolean, default=False, nullable=False,
+        doc="Whether episode is downloaded"
+    )
+    
+    # Relationship
+    series: Mapped["AnimeSeries"] = relationship(
+        "AnimeSeries",
+        back_populates="episodes"
+    )
+    
+    @validates('season')
+    def validate_season(self, key: str, value: int) -> int:
+        """Validate season number is positive."""
+        if value < 0:
+            raise ValueError("Season number must be non-negative")
+        if value > 1000:
+            raise ValueError("Season number must be 1000 or less")
+        return value
+    
+    @validates('episode_number')
+    def validate_episode_number(self, key: str, value: int) -> int:
+        """Validate episode number is positive."""
+        if value < 0:
+            raise ValueError("Episode number must be non-negative")
+        if value > 10000:
+            raise ValueError("Episode number must be 10000 or less")
+        return value
+    
+    @validates('title')
+    def validate_title(self, key: str, value: Optional[str]) -> Optional[str]:
+        """Validate title length."""
+        if value is not None and len(value) > 500:
+            raise ValueError("Episode title must be 500 characters or less")
+        return value
+    
+    @validates('file_path')
+    def validate_file_path(
+        self, key: str, value: Optional[str]
+    ) -> Optional[str]:
+        """Validate file path length."""
+        if value is not None and len(value) > 1000:
+            raise ValueError("File path must be 1000 characters or less")
+        return value
+    
+    def __repr__(self) -> str:
+        return (
+            f"<Episode(id={self.id}, series_id={self.series_id}, "
+            f"S{self.season:02d}E{self.episode_number:02d})>"
+        )
+
+
+class DownloadStatus(str, Enum):
+    """Status enum for download queue items."""
+    PENDING = "pending"
+    DOWNLOADING = "downloading"
+    PAUSED = "paused"
+    COMPLETED = "completed"
+    FAILED = "failed"
+    CANCELLED = "cancelled"
+
+
+class DownloadPriority(str, Enum):
+    """Priority enum for download queue items."""
+    LOW = "low"
+    NORMAL = "normal"
+    HIGH = "high"
+
+
+class DownloadQueueItem(Base, TimestampMixin):
+    """SQLAlchemy model for download queue items.
+    
+    Tracks download queue with error information.
+    Provides persistence for the DownloadService queue state.
+    
+    Attributes:
+        id: Primary key
+        series_id: Foreign key to AnimeSeries
+        episode_id: Foreign key to Episode
+        status: Queue status (pending/downloading/completed/failed/permanently_failed)
+        error_message: Error description if failed
+        download_url: Provider download URL
+        file_destination: Target file path
+        started_at: When download started
+        completed_at: When download completed
+        series: Relationship to AnimeSeries
+        episode: Relationship to Episode
+        created_at: Creation timestamp (from TimestampMixin)
+        updated_at: Last update timestamp (from TimestampMixin)
+    """
+    __tablename__ = "download_queue"
+    
+    # Primary key
+    id: Mapped[int] = mapped_column(
+        Integer, primary_key=True, autoincrement=True
+    )
+    
+    # Foreign key to series
+    series_id: Mapped[int] = mapped_column(
+        ForeignKey("anime_series.id", ondelete="CASCADE"),
+        nullable=False,
+        index=True
+    )
+    
+    # Foreign key to episode
+    episode_id: Mapped[int] = mapped_column(
+        ForeignKey("episodes.id", ondelete="CASCADE"),
+        nullable=False,
+        index=True
+    )
+    
+    # Status column to track queue item state
+    # Allows distinguishing pending items from permanently failed ones
+    status: Mapped[str] = mapped_column(
+        String(50), nullable=False, default="pending",
+        doc="Queue item status: pending, downloading, completed, failed, permanently_failed"
+    )
+    
+    # Retry count to track failed download attempts
+    # Used to determine when to move item to permanently_failed
+    retry_count: Mapped[int] = mapped_column(
+        Integer, nullable=False, default=0,
+        doc="Number of retry attempts for this download"
+    )
+    
+    # Unique constraint to prevent duplicate pending queue items per episode
+    # An episode can only have one PENDING entry at a time
+    # The status column allows failed items to remain in DB while new
+    # pending items can be added (application-level dedup still required)
+    __table_args__ = (
+        Index(
+            "ix_download_queue_episode_status",
+            "episode_id",
+            "status",
+            unique=True,
+        ),
+    )
+    
+    # Error handling
+    error_message: Mapped[Optional[str]] = mapped_column(
+        Text, nullable=True,
+        doc="Error description"
+    )
+    
+    # Download details
+    download_url: Mapped[Optional[str]] = mapped_column(
+        String(1000), nullable=True,
+        doc="Provider download URL"
+    )
+    file_destination: Mapped[Optional[str]] = mapped_column(
+        String(1000), nullable=True,
+        doc="Target file path"
+    )
+    
+    # Timestamps
+    started_at: Mapped[Optional[datetime]] = mapped_column(
+        DateTime(timezone=True), nullable=True,
+        doc="When download started"
+    )
+    completed_at: Mapped[Optional[datetime]] = mapped_column(
+        DateTime(timezone=True), nullable=True,
+        doc="When download completed"
+    )
+    
+    # Relationship
+    series: Mapped["AnimeSeries"] = relationship(
+        "AnimeSeries",
+        back_populates="download_items"
+    )
+    episode: Mapped["Episode"] = relationship(
+        "Episode"
+    )
+    
+    @validates('download_url')
+    def validate_download_url(
+        self, key: str, value: Optional[str]
+    ) -> Optional[str]:
+        """Validate download URL length."""
+        if value is not None and len(value) > 1000:
+            raise ValueError("Download URL must be 1000 characters or less")
+        return value
+    
+    @validates('file_destination')
+    def validate_file_destination(
+        self, key: str, value: Optional[str]
+    ) -> Optional[str]:
+        """Validate file destination path length."""
+        if value is not None and len(value) > 1000:
+            raise ValueError(
+                "File destination path must be 1000 characters or less"
+            )
+        return value
+    
+    def __repr__(self) -> str:
+        return (
+            f"<DownloadQueueItem(id={self.id}, "
+            f"series_id={self.series_id}, "
+            f"episode_id={self.episode_id})>"
+        )
+
+
+class UserSession(Base, TimestampMixin):
+    """SQLAlchemy model for user sessions.
+    
+    Tracks authenticated user sessions with JWT tokens.
+    Supports session management, revocation, and expiry.
+    
+    Attributes:
+        id: Primary key
+        session_id: Unique session identifier
+        token_hash: Hashed JWT token for validation
+        user_id: User identifier (for multi-user support)
+        ip_address: Client IP address
+        user_agent: Client user agent string
+        expires_at: Session expiration timestamp
+        is_active: Whether session is active
+        last_activity: Last activity timestamp
+        created_at: Creation timestamp (from TimestampMixin)
+        updated_at: Last update timestamp (from TimestampMixin)
+    """
+    __tablename__ = "user_sessions"
+    
+    # Primary key
+    id: Mapped[int] = mapped_column(
+        Integer, primary_key=True, autoincrement=True
+    )
+    
+    # Session identification
+    session_id: Mapped[str] = mapped_column(
+        String(255), unique=True, nullable=False, index=True,
+        doc="Unique session identifier"
+    )
+    token_hash: Mapped[str] = mapped_column(
+        String(255), nullable=False,
+        doc="Hashed JWT token"
+    )
+    
+    # User information
+    user_id: Mapped[Optional[str]] = mapped_column(
+        String(255), nullable=True, index=True,
+        doc="User identifier (for multi-user)"
+    )
+    
+    # Client information
+    ip_address: Mapped[Optional[str]] = mapped_column(
+        String(45), nullable=True,
+        doc="Client IP address"
+    )
+    user_agent: Mapped[Optional[str]] = mapped_column(
+        String(500), nullable=True,
+        doc="Client user agent"
+    )
+    
+    # Session management
+    expires_at: Mapped[datetime] = mapped_column(
+        DateTime(timezone=True), nullable=False,
+        doc="Session expiration"
+    )
+    is_active: Mapped[bool] = mapped_column(
+        Boolean, default=True, nullable=False, index=True,
+        doc="Whether session is active"
+    )
+    last_activity: Mapped[datetime] = mapped_column(
+        DateTime(timezone=True),
+        server_default=func.now(),
+        onupdate=func.now(),
+        nullable=False,
+        doc="Last activity timestamp"
+    )
+    
+    @validates('session_id')
+    def validate_session_id(self, key: str, value: str) -> str:
+        """Validate session ID length and format."""
+        if not value or not value.strip():
+            raise ValueError("Session ID cannot be empty")
+        if len(value) > 255:
+            raise ValueError("Session ID must be 255 characters or less")
+        return value.strip()
+    
+    @validates('token_hash')
+    def validate_token_hash(self, key: str, value: str) -> str:
+        """Validate token hash length."""
+        if not value or not value.strip():
+            raise ValueError("Token hash cannot be empty")
+        if len(value) > 255:
+            raise ValueError("Token hash must be 255 characters or less")
+        return value.strip()
+    
+    @validates('user_id')
+    def validate_user_id(
+        self, key: str, value: Optional[str]
+    ) -> Optional[str]:
+        """Validate user ID length."""
+        if value is not None and len(value) > 255:
+            raise ValueError("User ID must be 255 characters or less")
+        return value
+    
+    @validates('ip_address')
+    def validate_ip_address(
+        self, key: str, value: Optional[str]
+    ) -> Optional[str]:
+        """Validate IP address length (IPv4 or IPv6)."""
+        if value is not None and len(value) > 45:
+            raise ValueError("IP address must be 45 characters or less")
+        return value
+    
+    @validates('user_agent')
+    def validate_user_agent(
+        self, key: str, value: Optional[str]
+    ) -> Optional[str]:
+        """Validate user agent length."""
+        if value is not None and len(value) > 500:
+            raise ValueError("User agent must be 500 characters or less")
+        return value
+    
+    def __repr__(self) -> str:
+        return (
+            f"<UserSession(id={self.id}, "
+            f"session_id='{self.session_id}', "
+            f"is_active={self.is_active})>"
+        )
+    
+    @property
+    def is_expired(self) -> bool:
+        """Check if session has expired."""
+        # Ensure expires_at is timezone-aware for comparison
+        expires_at = self.expires_at
+        if expires_at.tzinfo is None:
+            expires_at = expires_at.replace(tzinfo=timezone.utc)
+        return datetime.now(timezone.utc) > expires_at
+    
+    def revoke(self) -> None:
+        """Revoke this session."""
+        self.is_active = False
+
+
+class UnresolvedFolder(Base, TimestampMixin):
+    """SQLAlchemy model for folders that couldn't be resolved during setup.
+    
+    Tracks anime folders whose provider key couldn't be auto-resolved
+    during the initial setup scan. Users can provide the correct key
+    via the API to complete the series registration.
+    
+    Attributes:
+        id: Primary key
+        folder_name: Original filesystem folder name
+        title: Extracted title from folder name
+        year: Extracted release year (optional)
+        provider_key: User-provided provider key to resolve this folder
+        search_attempts: Number of auto-search attempts made
+        last_search_result: Cached search results (JSON string) for UI suggestions
+        resolved_at: Timestamp when provider_key was provided
+        created_at: Creation timestamp (from TimestampMixin)
+        updated_at: Last update timestamp (from TimestampMixin)
+    """
+    __tablename__ = "unresolved_folders"
+    
+    # Primary key
+    id: Mapped[int] = mapped_column(
+        Integer, primary_key=True, autoincrement=True
+    )
+    
+    # Folder metadata
+    folder_name: Mapped[str] = mapped_column(
+        String(1000), unique=True, nullable=False, index=True,
+        doc="Original filesystem folder name"
+    )
+    title: Mapped[str] = mapped_column(
+        String(500), nullable=False,
+        doc="Extracted title from folder name"
+    )
+    year: Mapped[Optional[int]] = mapped_column(
+        Integer, nullable=True,
+        doc="Extracted release year"
+    )
+    
+    # Resolution data
+    provider_key: Mapped[Optional[str]] = mapped_column(
+        String(255), nullable=True,
+        doc="User-provided provider key to resolve this folder"
+    )
+    search_attempts: Mapped[int] = mapped_column(
+        Integer, nullable=False, default=0, server_default="0",
+        doc="Number of auto-search attempts made"
+    )
+    last_search_result: Mapped[Optional[str]] = mapped_column(
+        Text, nullable=True,
+        doc="Cached search results (JSON) for UI display"
+    )
+    resolved_at: Mapped[Optional[datetime]] = mapped_column(
+        DateTime(timezone=True), nullable=True,
+        doc="Timestamp when this folder was resolved"
+    )
+    
+    @validates('folder_name')
+    def validate_folder_name(self, key: str, value: str) -> str:
+        """Validate folder name is not empty."""
+        if not value or not value.strip():
+            raise ValueError("Folder name cannot be empty")
+        if len(value) > 1000:
+            raise ValueError("Folder name must be 1000 characters or less")
+        return value.strip()
+    
+    @validates('title')
+    def validate_title(self, key: str, value: str) -> str:
+        """Validate title is not empty."""
+        if not value or not value.strip():
+            raise ValueError("Title cannot be empty")
+        if len(value) > 500:
+            raise ValueError("Title must be 500 characters or less")
+        return value.strip()
+    
+    @property
+    def is_resolved(self) -> bool:
+        """Check if this folder has been resolved with a provider key."""
+        return self.provider_key is not None and self.resolved_at is not None
+    
+    def __repr__(self) -> str:
+        return (
+            f"<UnresolvedFolder(id={self.id}, "
+            f"folder_name='{self.folder_name}', "
+            f"title='{self.title}', "
+            f"resolved={self.is_resolved})>"
+        )
+
+
+class SystemSettings(Base, TimestampMixin):
+    """SQLAlchemy model for system-wide settings and state.
+    
+    Stores application-level configuration and state flags that persist
+    across restarts. Used to track initialization status and setup completion.
+    
+    Attributes:
+        id: Primary key (single row expected)
+        initial_scan_completed: Whether the initial anime folder scan has been completed
+        initial_nfo_scan_completed: Whether the initial NFO scan has been completed
+        initial_media_scan_completed: Whether the initial media scan has been completed
+        last_scan_timestamp: Timestamp of the last completed scan
+        created_at: Creation timestamp (from TimestampMixin)
+        updated_at: Last update timestamp (from TimestampMixin)
+    """
+    __tablename__ = "system_settings"
+    
+    # Primary key (only one row should exist)
+    id: Mapped[int] = mapped_column(
+        Integer, primary_key=True, autoincrement=True
+    )
+    
+    # Setup/initialization tracking
+    initial_scan_completed: Mapped[bool] = mapped_column(
+        Boolean, nullable=False, default=False, server_default="0",
+        doc="Whether the initial anime folder scan has been completed"
+    )
+    initial_nfo_scan_completed: Mapped[bool] = mapped_column(
+        Boolean, nullable=False, default=False, server_default="0",
+        doc="Whether the initial NFO scan has been completed"
+    )
+    initial_media_scan_completed: Mapped[bool] = mapped_column(
+        Boolean, nullable=False, default=False, server_default="0",
+        doc="Whether the initial media scan has been completed"
+    )
+    migration_legacy_files_completed: Mapped[bool] = mapped_column(
+        Boolean, nullable=False, default=False, server_default="0",
+        doc="Whether legacy key/data file migration has been completed"
+    )
+    legacy_key_cleanup_completed: Mapped[bool] = mapped_column(
+        Boolean, nullable=False, default=False, server_default="0",
+        doc="Whether legacy key file cleanup has been completed"
+    )
+    last_scan_timestamp: Mapped[Optional[datetime]] = mapped_column(
+        DateTime(timezone=True), nullable=True,
+        doc="Timestamp of the last completed scan"
+    )
+    
+    def __repr__(self) -> str:
+        return (
+            f"<SystemSettings(id={self.id}, "
+            f"initial_scan_completed={self.initial_scan_completed}, "
+            f"initial_nfo_scan_completed={self.initial_nfo_scan_completed}, "
+            f"initial_media_scan_completed={self.initial_media_scan_completed})>"
+        )

src/server/database/system_settings_service.py

@@ -0,0 +1,221 @@
+"""System settings service for managing application-level configuration.
+
+This module provides services for managing system-wide settings and state,
+including tracking initial setup completion status.
+"""
+from __future__ import annotations
+
+from datetime import datetime, timezone
+from typing import Optional
+
+import structlog
+from sqlalchemy import select
+from sqlalchemy.ext.asyncio import AsyncSession
+
+from src.server.database.models import SystemSettings
+
+logger = structlog.get_logger(__name__)
+
+
+class SystemSettingsService:
+    """Service for managing system settings."""
+
+    @staticmethod
+    async def get_or_create(db: AsyncSession) -> SystemSettings:
+        """Get the system settings record, creating it if it doesn't exist.
+        
+        Only one system settings record should exist in the database.
+        
+        Args:
+            db: Database session
+            
+        Returns:
+            SystemSettings instance
+        """
+        # Try to get existing settings
+        stmt = select(SystemSettings).limit(1)
+        result = await db.execute(stmt)
+        settings = result.scalar_one_or_none()
+        
+        if settings is None:
+            # Create new settings with defaults
+            settings = SystemSettings(
+                initial_scan_completed=False,
+                initial_nfo_scan_completed=False,
+                initial_media_scan_completed=False,
+            )
+            db.add(settings)
+            await db.commit()
+            await db.refresh(settings)
+            logger.info("Created new system settings record")
+        
+        return settings
+
+    @staticmethod
+    async def is_initial_scan_completed(db: AsyncSession) -> bool:
+        """Check if the initial anime folder scan has been completed.
+        
+        Args:
+            db: Database session
+            
+        Returns:
+            True if initial scan is completed, False otherwise
+        """
+        settings = await SystemSettingsService.get_or_create(db)
+        return settings.initial_scan_completed
+
+    @staticmethod
+    async def mark_initial_scan_completed(
+        db: AsyncSession,
+        timestamp: Optional[datetime] = None
+    ) -> None:
+        """Mark the initial anime folder scan as completed.
+        
+        Args:
+            db: Database session
+            timestamp: Optional timestamp to set, defaults to current time
+        """
+        settings = await SystemSettingsService.get_or_create(db)
+        settings.initial_scan_completed = True
+        settings.last_scan_timestamp = timestamp or datetime.now(timezone.utc)
+        await db.commit()
+        logger.info("Marked initial scan as completed")
+
+    @staticmethod
+    async def is_initial_nfo_scan_completed(db: AsyncSession) -> bool:
+        """Check if the initial NFO scan has been completed.
+        
+        Args:
+            db: Database session
+            
+        Returns:
+            True if initial NFO scan is completed, False otherwise
+        """
+        settings = await SystemSettingsService.get_or_create(db)
+        return settings.initial_nfo_scan_completed
+
+    @staticmethod
+    async def mark_initial_nfo_scan_completed(
+        db: AsyncSession,
+        timestamp: Optional[datetime] = None
+    ) -> None:
+        """Mark the initial NFO scan as completed.
+        
+        Args:
+            db: Database session
+            timestamp: Optional timestamp to set, defaults to current time
+        """
+        settings = await SystemSettingsService.get_or_create(db)
+        settings.initial_nfo_scan_completed = True
+        if timestamp:
+            settings.last_scan_timestamp = timestamp
+        await db.commit()
+        logger.info("Marked initial NFO scan as completed")
+
+    @staticmethod
+    async def is_initial_media_scan_completed(db: AsyncSession) -> bool:
+        """Check if the initial media scan has been completed.
+        
+        Args:
+            db: Database session
+            
+        Returns:
+            True if initial media scan is completed, False otherwise
+        """
+        settings = await SystemSettingsService.get_or_create(db)
+        return settings.initial_media_scan_completed
+
+    @staticmethod
+    async def is_migration_legacy_files_completed(db: AsyncSession) -> bool:
+        """Check if legacy key/data file migration has been completed.
+        
+        Args:
+            db: Database session
+            
+        Returns:
+            True if legacy migration is completed, False otherwise
+        """
+        settings = await SystemSettingsService.get_or_create(db)
+        return settings.migration_legacy_files_completed
+
+    @staticmethod
+    async def mark_migration_legacy_files_completed(
+        db: AsyncSession,
+        timestamp: Optional[datetime] = None
+    ) -> None:
+        """Mark the legacy key/data file migration as completed.
+        
+        Args:
+            db: Database session
+            timestamp: Optional timestamp to set, defaults to current time
+        """
+        settings = await SystemSettingsService.get_or_create(db)
+        settings.migration_legacy_files_completed = True
+        settings.last_scan_timestamp = timestamp or datetime.now(timezone.utc)
+        await db.commit()
+        logger.info("Marked legacy files migration as completed")
+
+    @staticmethod
+    async def is_legacy_key_cleanup_completed(db: AsyncSession) -> bool:
+        """Check if legacy key file cleanup has been completed.
+
+        Args:
+            db: Database session
+
+        Returns:
+            True if cleanup is completed, False otherwise
+        """
+        settings = await SystemSettingsService.get_or_create(db)
+        return settings.legacy_key_cleanup_completed
+
+    @staticmethod
+    async def mark_legacy_key_cleanup_completed(
+        db: AsyncSession,
+        timestamp: Optional[datetime] = None
+    ) -> None:
+        """Mark the legacy key file cleanup as completed.
+
+        Args:
+            db: Database session
+            timestamp: Optional timestamp to set, defaults to current time
+        """
+        settings = await SystemSettingsService.get_or_create(db)
+        settings.legacy_key_cleanup_completed = True
+        settings.last_scan_timestamp = timestamp or datetime.now(timezone.utc)
+        await db.commit()
+        logger.info("Marked legacy key file cleanup as completed")
+
+    @staticmethod
+    async def mark_initial_media_scan_completed(
+        db: AsyncSession,
+        timestamp: Optional[datetime] = None
+    ) -> None:
+        """Mark the initial media scan as completed.
+        
+        Args:
+            db: Database session
+            timestamp: Optional timestamp to set, defaults to current time
+        """
+        settings = await SystemSettingsService.get_or_create(db)
+        settings.initial_media_scan_completed = True
+        if timestamp:
+            settings.last_scan_timestamp = timestamp
+        await db.commit()
+        logger.info("Marked initial media scan as completed")
+
+    @staticmethod
+    async def reset_all_scans(db: AsyncSession) -> None:
+        """Reset all scan completion flags (for testing or re-setup).
+        
+        Args:
+            db: Database session
+        """
+        settings = await SystemSettingsService.get_or_create(db)
+        settings.initial_scan_completed = False
+        settings.initial_nfo_scan_completed = False
+        settings.initial_media_scan_completed = False
+        settings.migration_legacy_files_completed = False
+        settings.legacy_key_cleanup_completed = False
+        settings.last_scan_timestamp = None
+        await db.commit()
+        logger.info("Reset all scan completion flags")

src/server/database/transaction.py

@@ -0,0 +1,715 @@
+"""Transaction management utilities for SQLAlchemy.
+
+This module provides transaction management utilities including decorators,
+context managers, and helper functions for ensuring data consistency
+across database operations.
+
+Components:
+    - @transactional decorator: Wraps functions in transaction boundaries
+    - TransactionContext: Sync context manager for explicit transaction control
+    - atomic(): Async context manager for async operations
+    - TransactionPropagation: Enum for transaction propagation modes
+
+Usage:
+    @transactional
+    async def compound_operation(session: AsyncSession, data: Model) -> Result:
+        # Multiple write operations here
+        # All succeed or all fail
+        pass
+
+    async with atomic(session) as tx:
+        # Operations here
+        async with tx.savepoint() as sp:
+            # Nested operations with partial rollback capability
+            pass
+"""
+from __future__ import annotations
+
+import functools
+import logging
+from contextlib import asynccontextmanager, contextmanager
+from enum import Enum
+from typing import (
+    Any,
+    AsyncGenerator,
+    Callable,
+    Generator,
+    Optional,
+    ParamSpec,
+    TypeVar,
+)
+
+from sqlalchemy.ext.asyncio import AsyncSession
+from sqlalchemy.orm import Session
+
+logger = logging.getLogger(__name__)
+
+# Type variables for generic typing
+T = TypeVar("T")
+P = ParamSpec("P")
+
+
+class TransactionPropagation(Enum):
+    """Transaction propagation behavior options.
+    
+    Defines how transactions should behave when called within
+    an existing transaction context.
+    
+    Values:
+        REQUIRED: Use existing transaction or create new one (default)
+        REQUIRES_NEW: Always create a new transaction (suspend existing)
+        NESTED: Create a savepoint within existing transaction
+    """
+    
+    REQUIRED = "required"
+    REQUIRES_NEW = "requires_new"
+    NESTED = "nested"
+
+
+class TransactionError(Exception):
+    """Exception raised for transaction-related errors."""
+
+
+class TransactionContext:
+    """Synchronous context manager for explicit transaction control.
+    
+    Provides a clean interface for managing database transactions with
+    automatic commit/rollback semantics and savepoint support.
+    
+    Attributes:
+        session: SQLAlchemy Session instance
+        _savepoint_count: Counter for nested savepoints
+        
+    Example:
+        with TransactionContext(session) as tx:
+            # Database operations here
+            with tx.savepoint() as sp:
+                # Nested operations with partial rollback
+                pass
+    """
+    
+    def __init__(self, session: Session) -> None:
+        """Initialize transaction context.
+        
+        Args:
+            session: SQLAlchemy sync session
+        """
+        self.session = session
+        self._savepoint_count = 0
+        self._committed = False
+        
+    def __enter__(self) -> "TransactionContext":
+        """Enter transaction context.
+        
+        Begins a new transaction if not already in one.
+        
+        Returns:
+            Self for context manager protocol
+        """
+        logger.debug("Entering transaction context")
+        
+        # Check if session is already in a transaction
+        if not self.session.in_transaction():
+            self.session.begin()
+            logger.debug("Started new transaction")
+        
+        return self
+    
+    def __exit__(
+        self,
+        exc_type: Optional[type],
+        exc_val: Optional[BaseException],
+        exc_tb: Optional[Any],
+    ) -> bool:
+        """Exit transaction context.
+        
+        Commits on success, rolls back on exception.
+        
+        Args:
+            exc_type: Exception type if raised
+            exc_val: Exception value if raised
+            exc_tb: Exception traceback if raised
+            
+        Returns:
+            False to propagate exceptions
+        """
+        if exc_type is not None:
+            logger.warning(
+                "Transaction rollback due to exception: %s: %s",
+                exc_type.__name__,
+                exc_val,
+            )
+            self.session.rollback()
+            return False
+        
+        if not self._committed:
+            self.session.commit()
+            logger.debug("Transaction committed")
+            self._committed = True
+        
+        return False
+    
+    @contextmanager
+    def savepoint(self, name: Optional[str] = None) -> Generator["SavepointContext", None, None]:
+        """Create a savepoint for partial rollback capability.
+        
+        Savepoints allow nested transactions where inner operations
+        can be rolled back without affecting outer operations.
+        
+        Args:
+            name: Optional savepoint name (auto-generated if not provided)
+            
+        Yields:
+            SavepointContext for nested transaction control
+            
+        Example:
+            with tx.savepoint() as sp:
+                # Operations here can be rolled back independently
+                if error_condition:
+                    sp.rollback()
+        """
+        self._savepoint_count += 1
+        savepoint_name = name or f"sp_{self._savepoint_count}"
+        
+        logger.debug("Creating savepoint: %s", savepoint_name)
+        nested = self.session.begin_nested()
+        
+        sp_context = SavepointContext(nested, savepoint_name)
+        
+        try:
+            yield sp_context
+            
+            if not sp_context._rolled_back:
+                # Commit the savepoint (release it)
+                logger.debug("Releasing savepoint: %s", savepoint_name)
+                
+        except Exception as e:
+            if not sp_context._rolled_back:
+                logger.warning(
+                    "Rolling back savepoint %s due to exception: %s",
+                    savepoint_name,
+                    e,
+                )
+                nested.rollback()
+            raise
+    
+    def commit(self) -> None:
+        """Explicitly commit the transaction.
+        
+        Use this for early commit within the context.
+        """
+        if not self._committed:
+            self.session.commit()
+            self._committed = True
+            logger.debug("Transaction explicitly committed")
+    
+    def rollback(self) -> None:
+        """Explicitly rollback the transaction.
+        
+        Use this for early rollback within the context.
+        """
+        self.session.rollback()
+        self._committed = True  # Prevent double commit
+        logger.debug("Transaction explicitly rolled back")
+
+
+class SavepointContext:
+    """Context for managing a database savepoint.
+    
+    Provides explicit control over savepoint commit/rollback.
+    
+    Attributes:
+        _nested: SQLAlchemy nested transaction object
+        _name: Savepoint name for logging
+        _rolled_back: Whether rollback has been called
+    """
+    
+    def __init__(self, nested: Any, name: str) -> None:
+        """Initialize savepoint context.
+        
+        Args:
+            nested: SQLAlchemy nested transaction
+            name: Savepoint name for logging
+        """
+        self._nested = nested
+        self._name = name
+        self._rolled_back = False
+    
+    def rollback(self) -> None:
+        """Rollback to this savepoint.
+        
+        Undoes all changes since the savepoint was created.
+        """
+        if not self._rolled_back:
+            self._nested.rollback()
+            self._rolled_back = True
+            logger.debug("Savepoint %s rolled back", self._name)
+    
+    def commit(self) -> None:
+        """Commit (release) this savepoint.
+        
+        Makes changes since the savepoint permanent within
+        the parent transaction.
+        """
+        if not self._rolled_back:
+            # SQLAlchemy commits nested transactions automatically
+            # when exiting the context without rollback
+            logger.debug("Savepoint %s committed", self._name)
+
+
+class AsyncTransactionContext:
+    """Asynchronous context manager for explicit transaction control.
+    
+    Provides async interface for managing database transactions with
+    automatic commit/rollback semantics and savepoint support.
+    
+    Attributes:
+        session: SQLAlchemy AsyncSession instance
+        _savepoint_count: Counter for nested savepoints
+        
+    Example:
+        async with AsyncTransactionContext(session) as tx:
+            # Database operations here
+            async with tx.savepoint() as sp:
+                # Nested operations with partial rollback
+                pass
+    """
+    
+    def __init__(self, session: AsyncSession) -> None:
+        """Initialize async transaction context.
+        
+        Args:
+            session: SQLAlchemy async session
+        """
+        self.session = session
+        self._savepoint_count = 0
+        self._committed = False
+    
+    async def __aenter__(self) -> "AsyncTransactionContext":
+        """Enter async transaction context.
+        
+        Begins a new transaction if not already in one.
+        
+        Returns:
+            Self for context manager protocol
+        """
+        logger.debug("Entering async transaction context")
+        
+        # Check if session is already in a transaction
+        if not self.session.in_transaction():
+            await self.session.begin()
+            logger.debug("Started new async transaction")
+        
+        return self
+    
+    async def __aexit__(
+        self,
+        exc_type: Optional[type],
+        exc_val: Optional[BaseException],
+        exc_tb: Optional[Any],
+    ) -> bool:
+        """Exit async transaction context.
+        
+        Commits on success, rolls back on exception.
+        
+        Args:
+            exc_type: Exception type if raised
+            exc_val: Exception value if raised
+            exc_tb: Exception traceback if raised
+            
+        Returns:
+            False to propagate exceptions
+        """
+        if exc_type is not None:
+            logger.warning(
+                "Async transaction rollback due to exception: %s: %s",
+                exc_type.__name__,
+                exc_val,
+            )
+            await self.session.rollback()
+            return False
+        
+        if not self._committed:
+            await self.session.commit()
+            logger.debug("Async transaction committed")
+            self._committed = True
+        
+        return False
+    
+    @asynccontextmanager
+    async def savepoint(
+        self, name: Optional[str] = None
+    ) -> AsyncGenerator["AsyncSavepointContext", None]:
+        """Create an async savepoint for partial rollback capability.
+        
+        Args:
+            name: Optional savepoint name (auto-generated if not provided)
+            
+        Yields:
+            AsyncSavepointContext for nested transaction control
+        """
+        self._savepoint_count += 1
+        savepoint_name = name or f"sp_{self._savepoint_count}"
+        
+        logger.debug("Creating async savepoint: %s", savepoint_name)
+        nested = await self.session.begin_nested()
+        
+        sp_context = AsyncSavepointContext(nested, savepoint_name, self.session)
+        
+        try:
+            yield sp_context
+            
+            if not sp_context._rolled_back:
+                logger.debug("Releasing async savepoint: %s", savepoint_name)
+                
+        except Exception as e:
+            if not sp_context._rolled_back:
+                logger.warning(
+                    "Rolling back async savepoint %s due to exception: %s",
+                    savepoint_name,
+                    e,
+                )
+                await nested.rollback()
+            raise
+    
+    async def commit(self) -> None:
+        """Explicitly commit the async transaction."""
+        if not self._committed:
+            await self.session.commit()
+            self._committed = True
+            logger.debug("Async transaction explicitly committed")
+    
+    async def rollback(self) -> None:
+        """Explicitly rollback the async transaction."""
+        await self.session.rollback()
+        self._committed = True  # Prevent double commit
+        logger.debug("Async transaction explicitly rolled back")
+
+
+class AsyncSavepointContext:
+    """Async context for managing a database savepoint.
+    
+    Attributes:
+        _nested: SQLAlchemy nested transaction object
+        _name: Savepoint name for logging
+        _session: Parent session for async operations
+        _rolled_back: Whether rollback has been called
+    """
+    
+    def __init__(
+        self, nested: Any, name: str, session: AsyncSession
+    ) -> None:
+        """Initialize async savepoint context.
+        
+        Args:
+            nested: SQLAlchemy nested transaction
+            name: Savepoint name for logging
+            session: Parent async session
+        """
+        self._nested = nested
+        self._name = name
+        self._session = session
+        self._rolled_back = False
+    
+    async def rollback(self) -> None:
+        """Rollback to this savepoint asynchronously."""
+        if not self._rolled_back:
+            await self._nested.rollback()
+            self._rolled_back = True
+            logger.debug("Async savepoint %s rolled back", self._name)
+    
+    async def commit(self) -> None:
+        """Commit (release) this savepoint asynchronously."""
+        if not self._rolled_back:
+            logger.debug("Async savepoint %s committed", self._name)
+
+
+@asynccontextmanager
+async def atomic(
+    session: AsyncSession,
+    propagation: TransactionPropagation = TransactionPropagation.REQUIRED,
+) -> AsyncGenerator[AsyncTransactionContext, None]:
+    """Async context manager for atomic database operations.
+    
+    Provides a clean interface for wrapping database operations in
+    a transaction boundary with automatic commit/rollback.
+    
+    Args:
+        session: SQLAlchemy async session
+        propagation: Transaction propagation behavior
+        
+    Yields:
+        AsyncTransactionContext for transaction control
+        
+    Example:
+        async with atomic(session) as tx:
+            await some_operation(session)
+            await another_operation(session)
+            # All operations committed together or rolled back
+            
+        async with atomic(session) as tx:
+            await outer_operation(session)
+            async with tx.savepoint() as sp:
+                await risky_operation(session)
+                if error:
+                    await sp.rollback()  # Only rollback nested ops
+    """
+    logger.debug(
+        "Starting atomic block with propagation: %s",
+        propagation.value,
+    )
+    
+    if propagation == TransactionPropagation.NESTED:
+        # Use savepoint for nested propagation
+        if session.in_transaction():
+            nested = await session.begin_nested()
+            sp_context = AsyncSavepointContext(nested, "atomic_nested", session)
+            
+            try:
+                # Create a wrapper context for consistency
+                wrapper = AsyncTransactionContext(session)
+                wrapper._committed = True  # Parent manages commit
+                yield wrapper
+                
+                if not sp_context._rolled_back:
+                    logger.debug("Releasing nested atomic savepoint")
+                    
+            except Exception as e:
+                if not sp_context._rolled_back:
+                    logger.warning(
+                        "Rolling back nested atomic savepoint due to: %s", e
+                    )
+                    await nested.rollback()
+                raise
+        else:
+            # No existing transaction, start new one
+            async with AsyncTransactionContext(session) as tx:
+                yield tx
+    else:
+        # REQUIRED or REQUIRES_NEW
+        async with AsyncTransactionContext(session) as tx:
+            yield tx
+
+
+@contextmanager
+def atomic_sync(
+    session: Session,
+    propagation: TransactionPropagation = TransactionPropagation.REQUIRED,
+) -> Generator[TransactionContext, None, None]:
+    """Sync context manager for atomic database operations.
+    
+    Args:
+        session: SQLAlchemy sync session
+        propagation: Transaction propagation behavior
+        
+    Yields:
+        TransactionContext for transaction control
+    """
+    logger.debug(
+        "Starting sync atomic block with propagation: %s",
+        propagation.value,
+    )
+    
+    if propagation == TransactionPropagation.NESTED:
+        if session.in_transaction():
+            nested = session.begin_nested()
+            sp_context = SavepointContext(nested, "atomic_nested")
+            
+            try:
+                wrapper = TransactionContext(session)
+                wrapper._committed = True
+                yield wrapper
+                
+                if not sp_context._rolled_back:
+                    logger.debug("Releasing nested sync atomic savepoint")
+                    
+            except Exception as e:
+                if not sp_context._rolled_back:
+                    logger.warning(
+                        "Rolling back nested sync savepoint due to: %s", e
+                    )
+                    nested.rollback()
+                raise
+        else:
+            with TransactionContext(session) as tx:
+                yield tx
+    else:
+        with TransactionContext(session) as tx:
+            yield tx
+
+
+def transactional(
+    propagation: TransactionPropagation = TransactionPropagation.REQUIRED,
+    session_param: str = "db",
+) -> Callable[[Callable[P, T]], Callable[P, T]]:
+    """Decorator to wrap a function in a transaction boundary.
+    
+    Automatically handles commit on success and rollback on exception.
+    Works with both sync and async functions.
+    
+    Args:
+        propagation: Transaction propagation behavior
+        session_param: Name of the session parameter in the function signature
+        
+    Returns:
+        Decorated function wrapped in transaction
+        
+    Example:
+        @transactional()
+        async def create_user_with_profile(db: AsyncSession, data: dict):
+            user = await create_user(db, data['user'])
+            profile = await create_profile(db, user.id, data['profile'])
+            return user, profile
+            
+        @transactional(propagation=TransactionPropagation.NESTED)
+        async def risky_sub_operation(db: AsyncSession, data: dict):
+            # This can be rolled back without affecting parent transaction
+            pass
+    """
+    def decorator(func: Callable[P, T]) -> Callable[P, T]:
+        import asyncio
+        
+        if asyncio.iscoroutinefunction(func):
+            @functools.wraps(func)
+            async def async_wrapper(*args: P.args, **kwargs: P.kwargs) -> T:
+                # Get session from kwargs or args
+                session = _extract_session(func, args, kwargs, session_param)
+                
+                if session is None:
+                    raise TransactionError(
+                        f"Could not find session parameter '{session_param}' "
+                        f"in function {func.__name__}"
+                    )
+                
+                logger.debug(
+                    "Starting transaction for %s with propagation %s",
+                    func.__name__,
+                    propagation.value,
+                )
+                
+                async with atomic(session, propagation):
+                    result = await func(*args, **kwargs)
+                    
+                logger.debug(
+                    "Transaction completed for %s",
+                    func.__name__,
+                )
+                
+                return result
+            
+            return async_wrapper  # type: ignore
+        else:
+            @functools.wraps(func)
+            def sync_wrapper(*args: P.args, **kwargs: P.kwargs) -> T:
+                # Get session from kwargs or args
+                session = _extract_session(func, args, kwargs, session_param)
+                
+                if session is None:
+                    raise TransactionError(
+                        f"Could not find session parameter '{session_param}' "
+                        f"in function {func.__name__}"
+                    )
+                
+                logger.debug(
+                    "Starting sync transaction for %s with propagation %s",
+                    func.__name__,
+                    propagation.value,
+                )
+                
+                with atomic_sync(session, propagation):
+                    result = func(*args, **kwargs)
+                    
+                logger.debug(
+                    "Sync transaction completed for %s",
+                    func.__name__,
+                )
+                
+                return result
+            
+            return sync_wrapper  # type: ignore
+    
+    return decorator
+
+
+def _extract_session(
+    func: Callable,
+    args: tuple,
+    kwargs: dict,
+    session_param: str,
+) -> Optional[AsyncSession | Session]:
+    """Extract session from function arguments.
+    
+    Args:
+        func: The function being called
+        args: Positional arguments
+        kwargs: Keyword arguments
+        session_param: Name of the session parameter
+        
+    Returns:
+        Session instance or None if not found
+    """
+    import inspect
+
+    # Check kwargs first
+    if session_param in kwargs:
+        return kwargs[session_param]
+    
+    # Get function signature to find positional index
+    sig = inspect.signature(func)
+    params = list(sig.parameters.keys())
+    
+    if session_param in params:
+        idx = params.index(session_param)
+        # Account for 'self' parameter in methods
+        if len(args) > idx:
+            return args[idx]
+    
+    return None
+
+
+def is_in_transaction(session: AsyncSession | Session) -> bool:
+    """Check if session is currently in a transaction.
+    
+    Args:
+        session: SQLAlchemy session (sync or async)
+        
+    Returns:
+        True if session is in an active transaction
+    """
+    return session.in_transaction()
+
+
+def get_transaction_depth(session: AsyncSession | Session) -> int:
+    """Get the current transaction nesting depth.
+    
+    Args:
+        session: SQLAlchemy session (sync or async)
+        
+    Returns:
+        Number of nested transactions (0 if not in transaction)
+    """
+    # SQLAlchemy doesn't expose nesting depth directly,
+    # but we can check transaction state
+    if not session.in_transaction():
+        return 0
+    
+    # Check for nested transaction
+    if hasattr(session, '_nested_transaction') and session._nested_transaction:
+        return 2  # At least one savepoint
+    
+    return 1
+
+
+__all__ = [
+    "TransactionPropagation",
+    "TransactionError",
+    "TransactionContext",
+    "AsyncTransactionContext",
+    "SavepointContext",
+    "AsyncSavepointContext",
+    "atomic",
+    "atomic_sync",
+    "transactional",
+    "is_in_transaction",
+    "get_transaction_depth",
+]

src/server/entities/nfo_models.py

@@ -0,0 +1,335 @@
+"""Pydantic models for NFO metadata based on Kodi/XBMC standard.
+
+This module provides data models for tvshow.nfo files that are compatible
+with media center applications like Kodi, Plex, and Jellyfin.
+
+Example:
+    >>> nfo = TVShowNFO(
+    ...     title="Attack on Titan",
+    ...     year=2013,
+    ...     tmdbid=1429
+    ... )
+    >>> nfo.premiered = "2013-04-07"
+"""
+
+from datetime import datetime
+from typing import List, Optional
+
+from pydantic import BaseModel, Field, HttpUrl, field_validator
+
+
+class RatingInfo(BaseModel):
+    """Rating information from various sources.
+    
+    Attributes:
+        name: Source of the rating (e.g., 'themoviedb', 'imdb')
+        value: Rating value (typically 0-10)
+        votes: Number of votes
+        max_rating: Maximum possible rating (default: 10)
+        default: Whether this is the default rating to display
+    """
+    
+    name: str = Field(..., description="Rating source name")
+    value: float = Field(..., ge=0, description="Rating value")
+    votes: Optional[int] = Field(None, ge=0, description="Number of votes")
+    max_rating: int = Field(10, ge=1, description="Maximum rating value")
+    default: bool = Field(False, description="Is this the default rating")
+    
+    @field_validator('value')
+    @classmethod
+    def validate_value(cls, v: float, info) -> float:
+        """Ensure rating value doesn't exceed max_rating."""
+        # Note: max_rating is not available yet during validation,
+        # so we use a reasonable default check
+        if v > 10:
+            raise ValueError("Rating value cannot exceed 10")
+        return v
+
+
+class ActorInfo(BaseModel):
+    """Actor/cast member information.
+    
+    Attributes:
+        name: Actor's name
+        role: Character name/role
+        thumb: URL to actor's photo
+        profile: URL to actor's profile page
+        tmdbid: TMDB ID for the actor
+    """
+    
+    name: str = Field(..., description="Actor's name")
+    role: Optional[str] = Field(None, description="Character role")
+    thumb: Optional[HttpUrl] = Field(None, description="Actor photo URL")
+    profile: Optional[HttpUrl] = Field(None, description="Actor profile URL")
+    tmdbid: Optional[int] = Field(None, description="TMDB actor ID")
+
+
+class ImageInfo(BaseModel):
+    """Image information for posters, fanart, and logos.
+    
+    Attributes:
+        url: URL to the image
+        aspect: Image aspect/type (e.g., 'poster', 'clearlogo', 'logo')
+        season: Season number for season-specific images
+        type: Image type (e.g., 'season')
+    """
+    
+    url: HttpUrl = Field(..., description="Image URL")
+    aspect: Optional[str] = Field(
+        None,
+        description="Image aspect (poster, clearlogo, logo)"
+    )
+    season: Optional[int] = Field(None, ge=-1, description="Season number")
+    type: Optional[str] = Field(None, description="Image type")
+
+
+class NamedSeason(BaseModel):
+    """Named season information.
+    
+    Attributes:
+        number: Season number
+        name: Season name/title
+    """
+    
+    number: int = Field(..., ge=0, description="Season number")
+    name: str = Field(..., description="Season name")
+
+
+class UniqueID(BaseModel):
+    """Unique identifier from various sources.
+    
+    Attributes:
+        type: ID source type (tmdb, imdb, tvdb)
+        value: The ID value
+        default: Whether this is the default ID
+    """
+    
+    type: str = Field(..., description="ID type (tmdb, imdb, tvdb)")
+    value: str = Field(..., description="ID value")
+    default: bool = Field(False, description="Is default ID")
+
+
+class TVShowNFO(BaseModel):
+    """Main tvshow.nfo structure following Kodi/XBMC standard.
+    
+    This model represents the complete metadata for a TV show that can be
+    serialized to XML for use with media center applications.
+    
+    Attributes:
+        title: Main title of the show
+        originaltitle: Original title (e.g., in original language)
+        showtitle: Show title (often same as title)
+        sorttitle: Title used for sorting
+        year: Release year
+        plot: Full plot description
+        outline: Short plot summary
+        tagline: Show tagline/slogan
+        runtime: Episode runtime in minutes
+        mpaa: Content rating (e.g., TV-14, TV-MA)
+        certification: Additional certification info
+        premiered: Premiere date (YYYY-MM-DD format)
+        status: Show status (e.g., 'Continuing', 'Ended')
+        studio: List of production studios
+        genre: List of genres
+        country: List of countries
+        tag: List of tags/keywords
+        ratings: List of ratings from various sources
+        userrating: User's personal rating
+        watched: Whether the show has been watched
+        playcount: Number of times watched
+        tmdbid: TMDB ID
+        imdbid: IMDB ID
+        tvdbid: TVDB ID
+        uniqueid: List of unique IDs
+        thumb: List of thumbnail/poster images
+        fanart: List of fanart/backdrop images
+        actors: List of cast members
+        namedseason: List of named seasons
+        trailer: Trailer URL
+        dateadded: Date when added to library
+    """
+    
+    # Required fields
+    title: str = Field(..., description="Show title", min_length=1)
+    
+    # Basic information (optional)
+    originaltitle: Optional[str] = Field(None, description="Original title")
+    showtitle: Optional[str] = Field(None, description="Show title")
+    sorttitle: Optional[str] = Field(None, description="Sort title")
+    year: Optional[int] = Field(
+        None,
+        ge=1900,
+        le=2100,
+        description="Release year"
+    )
+    
+    # Plot and description
+    plot: Optional[str] = Field(None, description="Full plot description")
+    outline: Optional[str] = Field(None, description="Short plot summary")
+    tagline: Optional[str] = Field(None, description="Show tagline")
+    
+    # Technical details
+    runtime: Optional[int] = Field(
+        None,
+        ge=0,
+        description="Episode runtime in minutes"
+    )
+    mpaa: Optional[str] = Field(None, description="Content rating")
+    fsk: Optional[str] = Field(
+        None,
+        description="German FSK rating (e.g., 'FSK 12', 'FSK 16')"
+    )
+    certification: Optional[str] = Field(
+        None,
+        description="Certification info"
+    )
+    
+    # Status and dates
+    premiered: Optional[str] = Field(
+        None,
+        description="Premiere date (YYYY-MM-DD)"
+    )
+    status: Optional[str] = Field(None, description="Show status")
+    dateadded: Optional[str] = Field(
+        None,
+        description="Date added to library"
+    )
+    
+    # Multi-value fields
+    studio: List[str] = Field(
+        default_factory=list,
+        description="Production studios"
+    )
+    genre: List[str] = Field(
+        default_factory=list,
+        description="Genres"
+    )
+    country: List[str] = Field(
+        default_factory=list,
+        description="Countries"
+    )
+    tag: List[str] = Field(
+        default_factory=list,
+        description="Tags/keywords"
+    )
+    
+    # IDs
+    tmdbid: Optional[int] = Field(None, description="TMDB ID")
+    imdbid: Optional[str] = Field(None, description="IMDB ID")
+    tvdbid: Optional[int] = Field(None, description="TVDB ID")
+    uniqueid: List[UniqueID] = Field(
+        default_factory=list,
+        description="Unique IDs"
+    )
+    
+    # Ratings and viewing info
+    ratings: List[RatingInfo] = Field(
+        default_factory=list,
+        description="Ratings"
+    )
+    userrating: Optional[float] = Field(
+        None,
+        ge=0,
+        le=10,
+        description="User rating"
+    )
+    watched: bool = Field(False, description="Watched status")
+    playcount: Optional[int] = Field(
+        None,
+        ge=0,
+        description="Play count"
+    )
+    
+    # Media
+    thumb: List[ImageInfo] = Field(
+        default_factory=list,
+        description="Thumbnail images"
+    )
+    fanart: List[ImageInfo] = Field(
+        default_factory=list,
+        description="Fanart images"
+    )
+    
+    # Cast and crew
+    actors: List[ActorInfo] = Field(
+        default_factory=list,
+        description="Cast members"
+    )
+    
+    # Seasons
+    namedseason: List[NamedSeason] = Field(
+        default_factory=list,
+        description="Named seasons"
+    )
+    
+    # Additional
+    trailer: Optional[HttpUrl] = Field(None, description="Trailer URL")
+    
+    @field_validator('premiered')
+    @classmethod
+    def validate_premiered_date(cls, v: Optional[str]) -> Optional[str]:
+        """Validate premiered date format (YYYY-MM-DD)."""
+        if v is None:
+            return v
+        
+        # Check format strictly: YYYY-MM-DD
+        if len(v) != 10 or v[4] != '-' or v[7] != '-':
+            raise ValueError(
+                "Premiered date must be in YYYY-MM-DD format"
+            )
+        
+        try:
+            datetime.strptime(v, '%Y-%m-%d')
+        except ValueError as exc:
+            raise ValueError(
+                "Premiered date must be in YYYY-MM-DD format"
+            ) from exc
+        
+        return v
+    
+    @field_validator('dateadded')
+    @classmethod
+    def validate_dateadded(cls, v: Optional[str]) -> Optional[str]:
+        """Validate dateadded format (YYYY-MM-DD HH:MM:SS)."""
+        if v is None:
+            return v
+        
+        # Check format strictly: YYYY-MM-DD HH:MM:SS
+        if len(v) != 19 or v[4] != '-' or v[7] != '-' or v[10] != ' ' or v[13] != ':' or v[16] != ':':
+            raise ValueError(
+                "Dateadded must be in YYYY-MM-DD HH:MM:SS format"
+            )
+        
+        try:
+            datetime.strptime(v, '%Y-%m-%d %H:%M:%S')
+        except ValueError as exc:
+            raise ValueError(
+                "Dateadded must be in YYYY-MM-DD HH:MM:SS format"
+            ) from exc
+        
+        return v
+    
+    @field_validator('imdbid')
+    @classmethod
+    def validate_imdbid(cls, v: Optional[str]) -> Optional[str]:
+        """Validate IMDB ID format (should start with 'tt')."""
+        if v is None:
+            return v
+        
+        if not v.startswith('tt'):
+            raise ValueError("IMDB ID must start with 'tt'")
+        
+        if not v[2:].isdigit():
+            raise ValueError("IMDB ID must be 'tt' followed by digits")
+        
+        return v
+    
+    def model_post_init(self, __context) -> None:
+        """Set default values after initialization."""
+        # Set showtitle to title if not provided
+        if self.showtitle is None:
+            self.showtitle = self.title
+        
+        # Set originaltitle to title if not provided
+        if self.originaltitle is None:
+            self.originaltitle = self.title

src/server/error_handler.py

@@ -0,0 +1,212 @@
+"""
+Error handling and recovery strategies for core providers.
+
+This module provides custom exceptions and decorators for handling
+errors in provider operations with automatic retry mechanisms.
+"""
+
+import functools
+import logging
+from typing import Any, Callable, Optional, TypeVar
+
+logger = logging.getLogger(__name__)
+
+# Type variable for decorator
+F = TypeVar("F", bound=Callable[..., Any])
+
+
+class RetryableError(Exception):
+    """Exception that indicates an operation can be safely retried."""
+
+    pass
+
+
+class NonRetryableError(Exception):
+    """Exception that indicates an operation should not be retried."""
+
+    pass
+
+
+class NetworkError(Exception):
+    """Exception for network-related errors."""
+
+    pass
+
+
+class DownloadError(Exception):
+    """Exception for download-related errors."""
+
+    pass
+
+
+class RecoveryStrategies:
+    """Strategies for handling errors and recovering from failures."""
+
+    def __init__(
+        self,
+        max_retries: int = 3,
+        base_delay: float = 1.0,
+        max_delay: float = 60.0,
+        exponential_base: float = 2.0,
+    ) -> None:
+        """Initialize recovery strategies.
+
+        Args:
+            max_retries: Maximum number of retry attempts.
+            base_delay: Initial delay between retries in seconds.
+            max_delay: Maximum delay between retries in seconds.
+            exponential_base: Base for exponential backoff multiplier.
+        """
+        self.max_retries = max_retries
+        self.base_delay = base_delay
+        self.max_delay = max_delay
+        self.exponential_base = exponential_base
+
+    def _calculate_delay(self, attempt: int) -> float:
+        """Calculate delay for given retry attempt using exponential backoff.
+
+        Args:
+            attempt: Zero-based retry attempt number.
+
+        Returns:
+            Delay in seconds before next retry.
+        """
+        delay = self.base_delay * (self.exponential_base ** attempt)
+        return min(delay, self.max_delay)
+
+    @staticmethod
+    def handle_network_failure(
+        func: Callable, *args: Any, **kwargs: Any
+    ) -> Any:
+        """Handle network failures with exponential backoff retry logic."""
+        last_error: Optional[Exception] = None
+        max_retries = 3
+        base_delay = 1.0
+        max_delay = 60.0
+        exponential_base = 2.0
+        
+        for attempt in range(max_retries):
+            try:
+                return func(*args, **kwargs)
+            except (NetworkError, ConnectionError, TimeoutError) as exc:
+                last_error = exc
+                if attempt < max_retries - 1:
+                    delay = base_delay * (exponential_base ** attempt)
+                    delay = min(delay, max_delay)
+                    logger.warning(
+                        "Network error on attempt %d/%d, retrying in %.1fs: %s",
+                        attempt + 1, max_retries, delay, exc
+                    )
+                    import time
+                    time.sleep(delay)
+                    continue
+        if last_error:
+            raise last_error
+        raise NetworkError("Network failure after retries")
+
+    @staticmethod
+    def handle_download_failure(
+        func: Callable, *args: Any, **kwargs: Any
+    ) -> Any:
+        """Handle download failures with exponential backoff retry logic."""
+        last_error: Optional[Exception] = None
+        max_retries = 2
+        base_delay = 1.0
+        max_delay = 60.0
+        exponential_base = 2.0
+        
+        for attempt in range(max_retries):
+            try:
+                return func(*args, **kwargs)
+            except DownloadError as exc:
+                last_error = exc
+                if attempt < max_retries - 1:
+                    delay = base_delay * (exponential_base ** attempt)
+                    delay = min(delay, max_delay)
+                    logger.warning(
+                        "Download error on attempt %d/%d, retrying in %.1fs: %s",
+                        attempt + 1, max_retries, delay, exc
+                    )
+                    import time
+                    time.sleep(delay)
+                    continue
+        if last_error:
+            raise last_error
+        raise DownloadError("Download failed after retries")
+
+
+class FileCorruptionDetector:
+    """Detector for corrupted files."""
+
+    @staticmethod
+    def is_valid_video_file(filepath: str) -> bool:
+        """Check if a video file is valid and not corrupted."""
+        try:
+            import os
+            if not os.path.exists(filepath):
+                return False
+            
+            file_size = os.path.getsize(filepath)
+            # Video files should be at least 1MB
+            return file_size > 1024 * 1024
+        except Exception as e:
+            logger.error("Error checking file validity: %s", e)
+            return False
+
+
+def with_error_recovery(
+    max_retries: int = 3, context: str = ""
+) -> Callable[[F], F]:
+    """
+    Decorator for adding error recovery to functions.
+    
+    Args:
+        max_retries: Maximum number of retry attempts
+        context: Context string for logging
+        
+    Returns:
+        Decorated function with retry logic
+    """
+
+    def decorator(func: F) -> F:
+        @functools.wraps(func)
+        def wrapper(*args: Any, **kwargs: Any) -> Any:
+            last_error = None
+            for attempt in range(max_retries):
+                try:
+                    return func(*args, **kwargs)
+                except NonRetryableError:
+                    raise
+                except Exception as e:
+                    last_error = e
+                    if attempt < max_retries - 1:
+                        logger.warning(
+                            "Error in %s (attempt %d/%d): %s, retrying...",
+                            context,
+                            attempt + 1,
+                            max_retries,
+                            e,
+                        )
+                    else:
+                        logger.error(
+                            "Error in %s failed after %d attempts: %s",
+                            context,
+                            max_retries,
+                            e,
+                        )
+
+            if last_error:
+                raise last_error
+            
+            raise RuntimeError(
+                f"Unexpected error in {context} after {max_retries} attempts"
+            )
+
+        return wrapper  # type: ignore
+
+    return decorator
+
+
+# Create module-level instances for use in provider code
+recovery_strategies = RecoveryStrategies()
+file_corruption_detector = FileCorruptionDetector()

src/server/exceptions/__init__.py

@@ -0,0 +1,272 @@
+"""
+Custom exception classes for Aniworld API layer.
+
+This module defines exception hierarchy for the web API with proper
+HTTP status code mappings and error handling.
+"""
+from typing import Any, Dict, Optional
+
+
+class AniWorldAPIException(Exception):
+    """
+    Base exception for Aniworld API.
+
+    All API-specific exceptions inherit from this class.
+    """
+
+    def __init__(
+        self,
+        message: str,
+        status_code: int = 500,
+        error_code: Optional[str] = None,
+        details: Optional[Dict[str, Any]] = None,
+    ):
+        """
+        Initialize API exception.
+
+        Args:
+            message: Human-readable error message
+            status_code: HTTP status code for response
+            error_code: Machine-readable error identifier
+            details: Additional error details and context
+        """
+        self.message = message
+        self.status_code = status_code
+        self.error_code = error_code or self.__class__.__name__
+        self.details = details or {}
+        super().__init__(self.message)
+
+    def to_dict(self) -> Dict[str, Any]:
+        """
+        Convert exception to dictionary for JSON response.
+
+        Returns:
+            Dictionary containing error information
+        """
+        return {
+            "error": self.error_code,
+            "message": self.message,
+            "details": self.details,
+        }
+
+
+class AuthenticationError(AniWorldAPIException):
+    """Exception raised when authentication fails."""
+
+    def __init__(
+        self,
+        message: str = "Authentication failed",
+        details: Optional[Dict[str, Any]] = None,
+    ):
+        """Initialize authentication error."""
+        super().__init__(
+            message=message,
+            status_code=401,
+            error_code="AUTHENTICATION_ERROR",
+            details=details,
+        )
+
+
+class AuthorizationError(AniWorldAPIException):
+    """Exception raised when user lacks required permissions."""
+
+    def __init__(
+        self,
+        message: str = "Insufficient permissions",
+        details: Optional[Dict[str, Any]] = None,
+    ):
+        """Initialize authorization error."""
+        super().__init__(
+            message=message,
+            status_code=403,
+            error_code="AUTHORIZATION_ERROR",
+            details=details,
+        )
+
+
+class ValidationError(AniWorldAPIException):
+    """Exception raised when request validation fails."""
+
+    def __init__(
+        self,
+        message: str = "Request validation failed",
+        details: Optional[Dict[str, Any]] = None,
+    ):
+        """Initialize validation error."""
+        super().__init__(
+            message=message,
+            status_code=422,
+            error_code="VALIDATION_ERROR",
+            details=details,
+        )
+
+
+class NotFoundError(AniWorldAPIException):
+    """Exception raised when resource is not found."""
+
+    def __init__(
+        self,
+        message: str = "Resource not found",
+        resource_type: Optional[str] = None,
+        resource_id: Optional[Any] = None,
+        details: Optional[Dict[str, Any]] = None,
+    ):
+        """Initialize not found error."""
+        if details is None:
+            details = {}
+        if resource_type:
+            details["resource_type"] = resource_type
+        if resource_id:
+            details["resource_id"] = resource_id
+
+        super().__init__(
+            message=message,
+            status_code=404,
+            error_code="NOT_FOUND",
+            details=details,
+        )
+
+
+class ConflictError(AniWorldAPIException):
+    """Exception raised when resource conflict occurs."""
+
+    def __init__(
+        self,
+        message: str = "Resource conflict",
+        details: Optional[Dict[str, Any]] = None,
+    ):
+        """Initialize conflict error."""
+        super().__init__(
+            message=message,
+            status_code=409,
+            error_code="CONFLICT",
+            details=details,
+        )
+
+
+class BadRequestError(AniWorldAPIException):
+    """Exception raised for bad request (400) errors."""
+
+    def __init__(
+        self,
+        message: str = "Bad request",
+        details: Optional[Dict[str, Any]] = None,
+    ):
+        """Initialize bad request error."""
+        super().__init__(
+            message=message,
+            status_code=400,
+            error_code="BAD_REQUEST",
+            details=details,
+        )
+
+
+class RateLimitError(AniWorldAPIException):
+    """Exception raised when rate limit is exceeded."""
+
+    def __init__(
+        self,
+        message: str = "Rate limit exceeded",
+        retry_after: Optional[int] = None,
+        details: Optional[Dict[str, Any]] = None,
+    ):
+        """Initialize rate limit error."""
+        if details is None:
+            details = {}
+        if retry_after:
+            details["retry_after"] = retry_after
+
+        super().__init__(
+            message=message,
+            status_code=429,
+            error_code="RATE_LIMIT_EXCEEDED",
+            details=details,
+        )
+
+
+class ServerError(AniWorldAPIException):
+    """Exception raised for internal server errors."""
+
+    def __init__(
+        self,
+        message: str = "Internal server error",
+        error_code: str = "INTERNAL_SERVER_ERROR",
+        details: Optional[Dict[str, Any]] = None,
+    ):
+        """Initialize server error."""
+        super().__init__(
+            message=message,
+            status_code=500,
+            error_code=error_code,
+            details=details,
+        )
+
+
+class DownloadError(ServerError):
+    """Exception raised when download operation fails."""
+
+    def __init__(
+        self,
+        message: str = "Download failed",
+        details: Optional[Dict[str, Any]] = None,
+    ):
+        """Initialize download error."""
+        super().__init__(
+            message=message,
+            error_code="DOWNLOAD_ERROR",
+            details=details,
+        )
+
+
+class ConfigurationError(ServerError):
+    """Exception raised when configuration is invalid."""
+
+    def __init__(
+        self,
+        message: str = "Configuration error",
+        details: Optional[Dict[str, Any]] = None,
+    ):
+        """Initialize configuration error."""
+        super().__init__(
+            message=message,
+            error_code="CONFIGURATION_ERROR",
+            details=details,
+        )
+
+
+class ProviderError(ServerError):
+    """Exception raised when provider operation fails."""
+
+    def __init__(
+        self,
+        message: str = "Provider error",
+        provider_name: Optional[str] = None,
+        details: Optional[Dict[str, Any]] = None,
+    ):
+        """Initialize provider error."""
+        if details is None:
+            details = {}
+        if provider_name:
+            details["provider"] = provider_name
+
+        super().__init__(
+            message=message,
+            error_code="PROVIDER_ERROR",
+            details=details,
+        )
+
+
+class DatabaseError(ServerError):
+    """Exception raised when database operation fails."""
+
+    def __init__(
+        self,
+        message: str = "Database error",
+        details: Optional[Dict[str, Any]] = None,
+    ):
+        """Initialize database error."""
+        super().__init__(
+            message=message,
+            error_code="DATABASE_ERROR",
+            details=details,
+        )

src/server/exceptions/exceptions.py

@@ -0,0 +1,35 @@
+"""
+Exceptions module for Aniworld server API.
+
+This module provides custom exception classes for the web API layer
+with proper HTTP status code mappings.
+"""
+from src.server.exceptions import (
+    AniWorldAPIException,
+    AuthenticationError,
+    AuthorizationError,
+    ConfigurationError,
+    ConflictError,
+    DatabaseError,
+    DownloadError,
+    NotFoundError,
+    ProviderError,
+    RateLimitError,
+    ServerError,
+    ValidationError,
+)
+
+__all__ = [
+    "AniWorldAPIException",
+    "AuthenticationError",
+    "AuthorizationError",
+    "ValidationError",
+    "NotFoundError",
+    "ConflictError",
+    "RateLimitError",
+    "ServerError",
+    "DownloadError",
+    "ConfigurationError",
+    "ProviderError",
+    "DatabaseError",
+]

src/server/exceptions/exceptions/Exceptions.py

@@ -0,0 +1,7 @@
+
+class NoKeyFoundException(Exception):
+    """Exception raised when an anime key cannot be found."""
+    pass
+class MatchNotFoundError(Exception):
+    """Exception raised when an anime key cannot be found."""
+    pass

src/server/exceptions/exceptions/__init__.py

@@ -0,0 +1,3 @@
+from src.server.exceptions.exceptions.Exceptions import MatchNotFoundError, NoKeyFoundException
+
+__all__ = ["MatchNotFoundError", "NoKeyFoundException"]