@muhammedaksam/easiarr 0.9.0 → 0.10.0

package/README.md

@@ -10,7 +10,7 @@
 
 > ⚠️ **Work In Progress** - This project is in early experimental development. Features may be incomplete, unstable, or change without notice.
 
-TUI tool for generating docker-compose files for the \*arr media ecosystem with 41 apps, TRaSH Guides best practices, VPN routing, and Traefik reverse proxy support.
+TUI tool for generating docker-compose files for the \*arr media ecosystem with 47 apps, TRaSH Guides best practices, VPN routing, and Traefik reverse proxy support.
 
 A terminal-based wizard that helps you set up Radarr, Sonarr, Prowlarr, and other \*arr applications with Docker Compose, following best practices from [TRaSH Guides](https://trash-guides.info/).
 
@@ -52,7 +52,7 @@ bun run start
 - [Bun](https://bun.sh/) >= 1.0
 - [Docker](https://www.docker.com/) with Docker Compose v2
 
-## Supported Applications (41 apps across 10 categories)
+## Supported Applications (47 apps across 10 categories)
 
 ### Media Management (Servarr)
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@muhammedaksam/easiarr",
-  "version": "0.9.0",
+  "version": "0.10.0",
   "description": "TUI tool for generating docker-compose files for the *arr media ecosystem with 41 apps, TRaSH Guides best practices, VPN routing, and Traefik reverse proxy support",
   "module": "src/index.ts",
   "type": "module",
@@ -52,6 +52,7 @@
   },
   "devDependencies": {
     "@eslint/js": "^9.39.1",
+    "@types/bcrypt": "^6.0.0",
     "@types/bun": "latest",
     "@types/jest": "^30.0.0",
     "@types/node": "^25.0.0",
@@ -67,6 +68,7 @@
   },
   "dependencies": {
     "@opentui/core": "^0.1.60",
+    "bcrypt": "^6.0.0",
     "yaml": "^2.8.2"
   },
   "engines": {

package/src/api/bazarr-api.ts

@@ -0,0 +1,220 @@
+/**
+ * Bazarr API Client
+ * Handles Bazarr-specific API calls for authentication and settings
+ */
+
+import { debugLog } from "../utils/debug"
+
+/**
+ * Bazarr System Settings (partial - auth related fields)
+ */
+export interface BazarrAuthSettings {
+  auth: {
+    type: "None" | "Basic" | "Form"
+    username: string
+    password: string
+    apikey: string
+  }
+}
+
+/**
+ * Bazarr API Client
+ * Note: Bazarr uses form data for POST, not JSON!
+ */
+export class BazarrApiClient {
+  private baseUrl: string
+  private apiKey: string | null = null
+
+  constructor(host: string, port: number) {
+    this.baseUrl = `http://${host}:${port}`
+  }
+
+  /**
+   * Set API key for authentication
+   */
+  setApiKey(key: string): void {
+    this.apiKey = key
+    debugLog("Bazarr", `API key set`)
+  }
+
+  /**
+   * Make a GET request to Bazarr API (JSON response)
+   */
+  private async get<T>(endpoint: string): Promise<T> {
+    let url = `${this.baseUrl}/api${endpoint}`
+    if (this.apiKey) {
+      url = `${url}${url.includes("?") ? "&" : "?"}apikey=${this.apiKey}`
+    }
+
+    debugLog("Bazarr", `GET ${url}`)
+
+    const response = await fetch(url, {
+      method: "GET",
+      headers: {
+        Accept: "application/json",
+      },
+    })
+
+    if (!response.ok) {
+      const errorText = await response.text()
+      debugLog("Bazarr", `Error ${response.status}: ${errorText}`)
+      throw new Error(`Bazarr API error: ${response.status} ${response.statusText}`)
+    }
+
+    const text = await response.text()
+    debugLog("Bazarr", `Response: ${text.substring(0, 200)}${text.length > 200 ? "..." : ""}`)
+    if (!text) return {} as T
+
+    return JSON.parse(text) as T
+  }
+
+  /**
+   * Make a POST request to Bazarr API using form data (NOT JSON)
+   * Bazarr uses request.form, not request.json
+   */
+  private async postForm(endpoint: string, data: Record<string, string>): Promise<void> {
+    let url = `${this.baseUrl}/api${endpoint}`
+    if (this.apiKey) {
+      url = `${url}${url.includes("?") ? "&" : "?"}apikey=${this.apiKey}`
+    }
+
+    // Convert object to form data
+    const formData = new URLSearchParams()
+    for (const [key, value] of Object.entries(data)) {
+      formData.append(key, value)
+    }
+
+    debugLog("Bazarr", `POST ${url}`)
+    debugLog("Bazarr", `Form data: ${formData.toString()}`)
+
+    const response = await fetch(url, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/x-www-form-urlencoded",
+      },
+      body: formData.toString(),
+    })
+
+    if (!response.ok) {
+      const errorText = await response.text()
+      debugLog("Bazarr", `Error ${response.status}: ${errorText}`)
+      throw new Error(`Bazarr API error: ${response.status} ${response.statusText}`)
+    }
+
+    debugLog("Bazarr", `Response status: ${response.status}`)
+  }
+
+  /**
+   * Check if Bazarr is healthy and reachable
+   */
+  async isHealthy(): Promise<boolean> {
+    try {
+      await this.get("/system/status")
+      return true
+    } catch {
+      return false
+    }
+  }
+
+  /**
+   * Get current system settings
+   */
+  async getSettings(): Promise<Record<string, unknown>> {
+    return this.get<Record<string, unknown>>("/system/settings")
+  }
+
+  /**
+   * Update authentication settings to enable form-based auth
+   * Bazarr settings use dot notation in form fields
+   */
+  async enableFormAuth(username: string, password: string, override = false): Promise<boolean> {
+    try {
+      // First get current settings to check if auth is already configured
+      const currentSettings = await this.getSettings()
+      const currentAuth = (currentSettings as { auth?: { type?: string } }).auth
+
+      // Skip if auth is already configured and override is false
+      if (currentAuth?.type && currentAuth.type !== "None" && currentAuth.type !== null && !override) {
+        debugLog("Bazarr", `Auth already configured (type: ${currentAuth.type}), skipping`)
+        return false
+      }
+
+      debugLog("Bazarr", `Current auth type: ${currentAuth?.type || "None"}`)
+      debugLog("Bazarr", `Setting form auth for user: ${username}`)
+
+      // Bazarr uses dot notation for nested settings in form data
+      await this.postForm("/system/settings", {
+        "settings-auth-type": "form",
+        "settings-auth-username": username,
+        "settings-auth-password": password,
+      })
+
+      debugLog("Bazarr", `Form auth enabled for user: ${username}`)
+      return true
+    } catch (e) {
+      debugLog("Bazarr", `Failed to enable form auth: ${e}`)
+      throw e
+    }
+  }
+
+  /**
+   * Get API key from settings
+   */
+  async getApiKey(): Promise<string | null> {
+    try {
+      const settings = await this.getSettings()
+      const auth = (settings as unknown as BazarrAuthSettings).auth
+      return auth?.apikey || null
+    } catch {
+      return null
+    }
+  }
+
+  /**
+   * Configure Radarr connection in Bazarr
+   */
+  async configureRadarr(host: string, port: number, apiKey: string): Promise<boolean> {
+    try {
+      debugLog("Bazarr", `Configuring Radarr connection: ${host}:${port}`)
+
+      await this.postForm("/system/settings", {
+        "settings-radarr-ip": host,
+        "settings-radarr-port": String(port),
+        "settings-radarr-apikey": apiKey,
+        "settings-radarr-base_url": "",
+        "settings-radarr-ssl": "false",
+        "settings-general-use_radarr": "true",
+      })
+
+      debugLog("Bazarr", "Radarr connection configured successfully")
+      return true
+    } catch (e) {
+      debugLog("Bazarr", `Failed to configure Radarr: ${e}`)
+      throw e
+    }
+  }
+
+  /**
+   * Configure Sonarr connection in Bazarr
+   */
+  async configureSonarr(host: string, port: number, apiKey: string): Promise<boolean> {
+    try {
+      debugLog("Bazarr", `Configuring Sonarr connection: ${host}:${port}`)
+
+      await this.postForm("/system/settings", {
+        "settings-sonarr-ip": host,
+        "settings-sonarr-port": String(port),
+        "settings-sonarr-apikey": apiKey,
+        "settings-sonarr-base_url": "",
+        "settings-sonarr-ssl": "false",
+        "settings-general-use_sonarr": "true",
+      })
+
+      debugLog("Bazarr", "Sonarr connection configured successfully")
+      return true
+    } catch (e) {
+      debugLog("Bazarr", `Failed to configure Sonarr: ${e}`)
+      throw e
+    }
+  }
+}

package/src/api/cloudflare-api.ts

@@ -2,6 +2,8 @@
  * Cloudflare API client for tunnel and DNS management
  */
 
+import { debugLog } from "../utils/debug"
+
 const CLOUDFLARE_API_BASE = "https://api.cloudflare.com/client/v4"
 
 interface CloudflareResponse<T> {
@@ -49,9 +51,15 @@ export class CloudflareApi {
 
   constructor(apiToken: string) {
     this.apiToken = apiToken
+    debugLog("CloudflareAPI", "Client initialized")
   }
 
   private async request<T>(method: string, endpoint: string, body?: unknown): Promise<CloudflareResponse<T>> {
+    debugLog("CloudflareAPI", `${method} ${endpoint}`)
+    if (body) {
+      debugLog("CloudflareAPI", `Request body: ${JSON.stringify(body)}`)
+    }
+
     const response = await fetch(`${CLOUDFLARE_API_BASE}${endpoint}`, {
       method,
       headers: {
@@ -65,9 +73,11 @@ export class CloudflareApi {
 
     if (!data.success) {
       const errors = data.errors.map((e) => e.message).join(", ")
+      debugLog("CloudflareAPI", `Error: ${errors}`)
       throw new Error(`Cloudflare API error: ${errors}`)
     }
 
+    debugLog("CloudflareAPI", `Response success: ${data.success}`)
     return data
   }
 

package/src/apps/registry.ts

@@ -595,7 +595,8 @@ export const APPS: Record<AppId, AppDefinition> = {
     pgid: 0,
     volumes: () => [
       "${HOME}/.easiarr/config.json:/web/config.json:ro",
-      "${HOME}/.easiarr/bookmarks.html:/web/bookmarks.html:ro",
+      "${HOME}/.easiarr/bookmarks-local.html:/web/bookmarks-local.html:ro",
+      "${HOME}/.easiarr/bookmarks-remote.html:/web/bookmarks-remote.html:ro",
     ],
     environment: {
       FOLDER: "/web",

package/src/compose/generator.ts

@@ -10,6 +10,7 @@ import { getApp } from "../apps/registry"
 import { generateServiceYaml } from "./templates"
 import { updateEnv, getLocalIp } from "../utils/env"
 import { saveTraefikConfig } from "./traefik-config"
+import { debugLog } from "../utils/debug"
 
 export interface ComposeService {
   image: string
@@ -31,6 +32,7 @@ export interface ComposeFile {
 }
 
 export function generateCompose(config: EasiarrConfig): string {
+  debugLog("ComposeGenerator", `Generating compose for ${config.apps.filter((a) => a.enabled).length} enabled apps`)
   const services: Record<string, ComposeService> = {}
 
   // Track ports to move to Gluetun
@@ -45,6 +47,7 @@ export function generateCompose(config: EasiarrConfig): string {
     const appDef = getApp(appConfig.id)
     if (!appDef) continue
 
+    debugLog("ComposeGenerator", `Building service: ${appConfig.id}`)
     const service = buildService(appDef, appConfig, config)
     services[appConfig.id] = service
   }

package/src/compose/traefik-config.ts

@@ -6,8 +6,9 @@
 import { writeFile, mkdir } from "node:fs/promises"
 import { existsSync } from "node:fs"
 import { join } from "node:path"
-import { createHash } from "node:crypto"
+import { hashSync } from "bcrypt"
 import type { EasiarrConfig } from "../config/schema"
+import { debugLog } from "../utils/debug"
 
 export interface TraefikStaticConfig {
   entrypoints: {
@@ -97,11 +98,15 @@ http:
 
 /**
  * Generate htpasswd-compatible hash for basic auth
- * Uses SHA1 hash in htpasswd format: {SHA}base64(sha1(password))
+ * Uses bcrypt for secure password hashing (Traefik supports bcrypt format)
+ * Format: $2b$... (bcrypt hash compatible with htpasswd)
  */
 function generateHtpasswdHash(password: string): string {
-  const sha1Hash = createHash("sha1").update(password).digest("base64")
-  return `{SHA}${sha1Hash}`
+  // Use bcrypt with cost factor 10 (standard security level)
+  const hash = hashSync(password, 10)
+  // Traefik expects bcrypt hashes with $2y$ prefix (PHP-compatible)
+  // Node's bcrypt uses $2b$, which Traefik also accepts
+  return hash
 }
 
 /**
@@ -110,18 +115,24 @@ function generateHtpasswdHash(password: string): string {
 export async function saveTraefikConfig(config: EasiarrConfig): Promise<void> {
   // Check if traefik is enabled
   const traefikApp = config.apps.find((a) => a.id === "traefik" && a.enabled)
-  if (!traefikApp) return
+  if (!traefikApp) {
+    debugLog("Traefik", "Traefik not enabled, skipping config generation")
+    return
+  }
 
   const traefikConfigDir = join(config.rootDir, "config", "traefik")
   const letsencryptDir = join(traefikConfigDir, "letsencrypt")
+  debugLog("Traefik", `Generating config in ${traefikConfigDir}`)
 
   try {
     // Create directories if they don't exist
     if (!existsSync(traefikConfigDir)) {
       await mkdir(traefikConfigDir, { recursive: true })
+      debugLog("Traefik", `Created directory: ${traefikConfigDir}`)
     }
     if (!existsSync(letsencryptDir)) {
       await mkdir(letsencryptDir, { recursive: true })
+      debugLog("Traefik", `Created directory: ${letsencryptDir}`)
     }
 
     // Generate and save static config (traefik.yml)

package/src/config/bookmarks-generator.ts

@@ -111,17 +111,39 @@ export function generateBookmarksHtml(config: EasiarrConfig, useLocalUrls = fals
 
 /**
  * Get the path to the bookmarks file
+ * @param type - 'local' for local URLs, 'remote' for Traefik URLs
  */
-export function getBookmarksPath(): string {
-  return join(homedir(), ".easiarr", "bookmarks.html")
+export function getBookmarksPath(type: "local" | "remote" = "local"): string {
+  const filename = type === "remote" ? "bookmarks-remote.html" : "bookmarks-local.html"
+  return join(homedir(), ".easiarr", filename)
 }
 
 /**
  * Save bookmarks HTML file
+ * @param type - 'local' for local URLs, 'remote' for Traefik URLs
  */
-export async function saveBookmarks(config: EasiarrConfig, useLocalUrls = false): Promise<string> {
+export async function saveBookmarks(config: EasiarrConfig, type: "local" | "remote" = "local"): Promise<string> {
+  const useLocalUrls = type === "local"
   const html = generateBookmarksHtml(config, useLocalUrls)
-  const path = getBookmarksPath()
+  const path = getBookmarksPath(type)
   await writeFile(path, html, "utf-8")
   return path
 }
+
+/**
+ * Save all bookmarks files
+ * Always saves local bookmarks, and remote bookmarks only if Traefik is enabled
+ */
+export async function saveAllBookmarks(config: EasiarrConfig): Promise<string[]> {
+  const paths: string[] = []
+
+  // Always save local bookmarks
+  paths.push(await saveBookmarks(config, "local"))
+
+  // Save remote bookmarks only if Traefik is enabled with a domain
+  if (config.traefik?.enabled && config.traefik.domain) {
+    paths.push(await saveBookmarks(config, "remote"))
+  }
+
+  return paths
+}

package/src/config/manager.ts

@@ -11,6 +11,7 @@ import type { EasiarrConfig } from "./schema"
 import { DEFAULT_CONFIG } from "./schema"
 import { detectTimezone, detectUid, detectGid } from "./defaults"
 import { VersionInfo } from "../VersionInfo"
+import { debugLog } from "../utils/debug"
 
 const CONFIG_DIR_NAME = ".easiarr"
 const CONFIG_FILE_NAME = "config.json"
@@ -71,17 +72,21 @@ function migrateConfig(oldConfig: Partial<EasiarrConfig>): EasiarrConfig {
 
 export async function loadConfig(): Promise<EasiarrConfig | null> {
   const configPath = getConfigPath()
+  debugLog("Config", `Loading config from ${configPath}`)
 
   if (!existsSync(configPath)) {
+    debugLog("Config", "Config file not found")
     return null
   }
 
   try {
     const content = await readFile(configPath, "utf-8")
     let config = JSON.parse(content) as EasiarrConfig
+    debugLog("Config", `Loaded config version ${config.version}`)
 
     // Auto-migrate if version differs from current package version
     if (config.version !== VersionInfo.version) {
+      debugLog("Config", `Migrating config from ${config.version} to ${VersionInfo.version}`)
       config = migrateConfig(config)
       // Save migrated config (creates backup first)
       await saveConfig(config)
@@ -89,6 +94,7 @@ export async function loadConfig(): Promise<EasiarrConfig | null> {
 
     return config
   } catch (error) {
+    debugLog("Config", `Failed to load config: ${error}`)
     console.error("Failed to load config:", error)
     return null
   }
@@ -98,6 +104,7 @@ export async function saveConfig(config: EasiarrConfig): Promise<void> {
   await ensureConfigDir()
 
   const configPath = getConfigPath()
+  debugLog("Config", `Saving config to ${configPath}`)
 
   // Create backup if config already exists
   if (existsSync(configPath)) {
@@ -108,6 +115,7 @@ export async function saveConfig(config: EasiarrConfig): Promise<void> {
   config.updatedAt = new Date().toISOString()
 
   await writeFile(configPath, JSON.stringify(config, null, 2), "utf-8")
+  debugLog("Config", `Config saved (${config.apps.length} apps)`)
 }
 
 export async function backupConfig(): Promise<void> {
@@ -122,6 +130,7 @@ export async function backupConfig(): Promise<void> {
   const backupPath = join(backupDir, `config-${timestamp}.json`)
 
   await copyFile(configPath, backupPath)
+  debugLog("Config", `Backup created: ${backupPath}`)
 }
 
 export function createDefaultConfig(rootDir: string): EasiarrConfig {

package/src/docker/client.ts

@@ -5,6 +5,7 @@
 
 import { $ } from "bun"
 import { getComposePath } from "../config/manager"
+import { debugLog } from "../utils/debug"
 
 export interface ContainerStatus {
   name: string
@@ -18,9 +19,12 @@ export async function composeUp(): Promise<{
 }> {
   try {
     const composePath = getComposePath()
+    debugLog("Docker", `compose up -d (path: ${composePath})`)
     const result = await $`docker compose -f ${composePath} up -d`.text()
+    debugLog("Docker", `compose up success`)
     return { success: true, output: result }
   } catch (error) {
+    debugLog("Docker", `compose up failed: ${error}`)
     return { success: false, output: String(error) }
   }
 }
@@ -31,9 +35,12 @@ export async function composeDown(): Promise<{
 }> {
   try {
     const composePath = getComposePath()
+    debugLog("Docker", `compose down (path: ${composePath})`)
     const result = await $`docker compose -f ${composePath} down`.text()
+    debugLog("Docker", `compose down success`)
     return { success: true, output: result }
   } catch (error) {
+    debugLog("Docker", `compose down failed: ${error}`)
     return { success: false, output: String(error) }
   }
 }
@@ -41,11 +48,14 @@ export async function composeDown(): Promise<{
 export async function composeRestart(service?: string): Promise<{ success: boolean; output: string }> {
   try {
     const composePath = getComposePath()
+    debugLog("Docker", `compose restart ${service || "all"}`)
     const result = service
       ? await $`docker compose -f ${composePath} restart ${service}`.text()
       : await $`docker compose -f ${composePath} restart`.text()
+    debugLog("Docker", `compose restart success`)
     return { success: true, output: result }
   } catch (error) {
+    debugLog("Docker", `compose restart failed: ${error}`)
     return { success: false, output: String(error) }
   }
 }
@@ -53,6 +63,7 @@ export async function composeRestart(service?: string): Promise<{ success: boole
 export async function composeStop(service?: string): Promise<{ success: boolean; output: string }> {
   try {
     const composePath = getComposePath()
+    debugLog("Docker", `compose stop ${service || "all"}`)
     const result = service
       ? await $`docker compose -f ${composePath} stop ${service}`.text()
       : await $`docker compose -f ${composePath} stop`.text()

package/src/ui/screens/FullAutoSetup.ts

@@ -7,6 +7,7 @@ import { BoxRenderable, CliRenderer, TextRenderable, KeyEvent } from "@opentui/c
 import { createPageLayout } from "../components/PageLayout"
 import type { EasiarrConfig } from "../../config/schema"
 import { ArrApiClient, type AddRootFolderOptions } from "../../api/arr-api"
+import { BazarrApiClient } from "../../api/bazarr-api"
 import { ProwlarrClient, type ArrAppType } from "../../api/prowlarr-api"
 import { QBittorrentClient, type QBittorrentCategory } from "../../api/qbittorrent-api"
 import { PortainerApiClient } from "../../api/portainer-api"
@@ -201,6 +202,7 @@ export class FullAutoSetup extends BoxRenderable {
     }
 
     try {
+      // Setup *arr apps (Radarr, Sonarr, Lidarr, etc.) with form auth
       const arrApps = this.config.apps.filter((a) => {
         const def = getApp(a.id)
         return a.enabled && (def?.rootFolder || a.id === "prowlarr")
@@ -224,6 +226,56 @@ export class FullAutoSetup extends BoxRenderable {
         }
       }
 
+      // Setup Bazarr form authentication and Radarr/Sonarr connections
+      const bazarrConfig = this.config.apps.find((a) => a.id === "bazarr" && a.enabled)
+      if (bazarrConfig) {
+        const bazarrApiKey = this.env["API_KEY_BAZARR"]
+        if (bazarrApiKey) {
+          const bazarrDef = getApp("bazarr")
+          const bazarrPort = bazarrConfig.port || bazarrDef?.defaultPort || 6767
+          const bazarrClient = new BazarrApiClient("localhost", bazarrPort)
+          bazarrClient.setApiKey(bazarrApiKey)
+
+          try {
+            // Enable form auth
+            await bazarrClient.enableFormAuth(this.globalUsername, this.globalPassword, false)
+          } catch {
+            // Skip Bazarr auth failure - non-critical
+            debugLog("FullAutoSetup", "Bazarr form auth failed, continuing...")
+          }
+
+          // Configure Radarr connection if Radarr is enabled
+          // Use container name 'radarr' since Bazarr runs in Docker
+          const radarrConfig = this.config.apps.find((a) => a.id === "radarr" && a.enabled)
+          const radarrApiKey = this.env["API_KEY_RADARR"]
+          if (radarrConfig && radarrApiKey) {
+            try {
+              const radarrDef = getApp("radarr")
+              const radarrPort = radarrConfig.port || radarrDef?.defaultPort || 7878
+              await bazarrClient.configureRadarr("radarr", radarrPort, radarrApiKey)
+              debugLog("FullAutoSetup", "Bazarr -> Radarr connection configured")
+            } catch {
+              debugLog("FullAutoSetup", "Failed to configure Bazarr -> Radarr connection")
+            }
+          }
+
+          // Configure Sonarr connection if Sonarr is enabled
+          // Use container name 'sonarr' since Bazarr runs in Docker
+          const sonarrConfig = this.config.apps.find((a) => a.id === "sonarr" && a.enabled)
+          const sonarrApiKey = this.env["API_KEY_SONARR"]
+          if (sonarrConfig && sonarrApiKey) {
+            try {
+              const sonarrDef = getApp("sonarr")
+              const sonarrPort = sonarrConfig.port || sonarrDef?.defaultPort || 8989
+              await bazarrClient.configureSonarr("sonarr", sonarrPort, sonarrApiKey)
+              debugLog("FullAutoSetup", "Bazarr -> Sonarr connection configured")
+            } catch {
+              debugLog("FullAutoSetup", "Failed to configure Bazarr -> Sonarr connection")
+            }
+          }
+        }
+      }
+
       this.updateStep("Authentication", "success")
     } catch (e) {
       this.updateStep("Authentication", "error", `${e}`)

package/src/ui/screens/MainMenu.ts

@@ -155,12 +155,13 @@ export class MainMenu {
       })
     }
     // Bookmark generation options
-    const generateAndOpenBookmarks = async (useLocalUrls: boolean) => {
-      await saveBookmarks(this.config, useLocalUrls)
+    const generateAndOpenBookmarks = async (type: "local" | "remote") => {
+      await saveBookmarks(this.config, type)
       // Open in browser if easiarr service is enabled
       if (this.isAppEnabled("easiarr")) {
         const port = this.config.apps.find((a) => a.id === "easiarr")?.port ?? 3010
-        await openUrl(`http://localhost:${port}/bookmarks.html`)
+        const filename = type === "remote" ? "bookmarks-remote.html" : "bookmarks-local.html"
+        await openUrl(`http://localhost:${port}/${filename}`)
       }
     }
 
@@ -168,18 +169,18 @@ export class MainMenu {
       items.push({
         name: "📑 Bookmarks (Local URLs)",
         description: "Generate bookmarks using localhost addresses",
-        action: async () => generateAndOpenBookmarks(true),
+        action: async () => generateAndOpenBookmarks("local"),
       })
       items.push({
         name: "📑 Bookmarks (Traefik URLs)",
         description: `Generate bookmarks using ${this.config.traefik.domain} addresses`,
-        action: async () => generateAndOpenBookmarks(false),
+        action: async () => generateAndOpenBookmarks("remote"),
       })
     } else {
       items.push({
         name: "📑 Generate Bookmarks",
         description: "Create browser-importable bookmarks file",
-        action: async () => generateAndOpenBookmarks(true),
+        action: async () => generateAndOpenBookmarks("local"),
       })
     }
 

package/src/utils/debug.ts

@@ -31,14 +31,29 @@ export function initDebug(): void {
   }
 }
 
+/**
+ * Sanitize sensitive fields from log messages
+ * Redacts passwords, tokens, API keys, secrets, and credentials
+ */
+export function sanitizeMessage(message: string): string {
+  // Match common sensitive field names in JSON format
+  // Covers: passwords, tokens, API keys, secrets, credentials, auth data
+  return message.replace(
+    /"(password|passwordConfirmation|Password|Pw|passwd|pass|apiKey|api_key|ApiKey|API_KEY|token|accessToken|access_token|refreshToken|refresh_token|bearerToken|jwtToken|jwt|secret|secretKey|secret_key|privateKey|private_key|credential|auth|authorization|authToken|client_secret|clientSecret|WIREGUARD_PRIVATE_KEY|TUNNEL_TOKEN|USERNAME_VPN|PASSWORD_VPN)":\s*"[^"]*"/gi,
+    '"$1":"[REDACTED]"'
+  )
+}
+
 /**
  * Log a debug message to debug.log file if debug mode is enabled
+ * Automatically sanitizes sensitive data (passwords, tokens, etc.)
  */
 export function debugLog(category: string, message: string): void {
   if (!DEBUG_ENABLED) return
 
   const timestamp = new Date().toISOString()
-  const line = `[${timestamp}] [${category}] ${message}\n`
+  const sanitizedMessage = sanitizeMessage(message)
+  const line = `[${timestamp}] [${category}] ${sanitizedMessage}\n`
   try {
     appendFileSync(logFile, line)
   } catch {