🔥 Tremora del Terra: ultimate hmac-file-server fix – final push before the drop 💾🔐

Remove INSTALLATION_FRAMEWORK.md as part of restructuring for improved documentation clarity
Update changelog and README for HMAC File Server 3.2.1 release with critical fixes and enhancements
2025-07-20 18:42:31 +00:00 · 2025-07-20 18:19:51 +00:00 · 2025-07-20 18:16:57 +00:00 · 2025-07-20 18:04:23 +00:00 · 2025-07-20 15:21:27 +00:00 · 2025-07-20 15:02:49 +00:00
53 changed files with 8255 additions and 1425 deletions
--- a/BUILD_GUIDE.md
+++ b/BUILD_GUIDE.md
@ -1,298 +0,0 @@
 # Build Guide - HMAC File Server with Network Resilience
 ## ✅ Quick Build (Working)
 ### 1. Standard Build with Network Resilience
 ```bash
 # Build with all features (including network resilience)
 ./buildgo.sh
 ```
 **Output:** 
 ```
 [BUILD] Building HMAC File Server v3.2 with Network Resilience...
 [INFO] Found network resilience: upload_session.go
 [INFO] Found network resilience: network_resilience.go
 [INFO] Found network resilience: chunked_upload_handler.go
 [INFO] Found network resilience: integration.go
 [BUILD] Build successful! Binary created: ./hmac-file-server
 [INFO] Binary size: 16M
 ```
 ### 2. Manual Build (Alternative)
 ```bash
 # Build manually with all network resilience features
 go build -o hmac-file-server \
  cmd/server/main.go \
  cmd/server/helpers.go \
  cmd/server/config_validator.go \
  cmd/server/config_test_scenarios.go \
  cmd/server/upload_session.go \
  cmd/server/network_resilience.go \
  cmd/server/chunked_upload_handler.go \
  cmd/server/integration.go
 ```
 ## Build Requirements
 ### Prerequisites
 - **Go 1.24+** (as specified in go.mod)
 - **OpenSSL** (optional, for HMAC testing)
 - **Redis** (optional, for session persistence)
 ### Dependencies
 All dependencies are handled by Go modules:
 ```bash
 # Download dependencies
 go mod download
 # Verify dependencies
 go mod verify
 # View dependency tree
 go mod graph
 ```
 ## Build Options
 ### Development Build
 ```bash
 # Build with debug information
 go build -gcflags="all=-N -l" -o hmac-file-server-debug cmd/server/*.go
 # Or use the build script in debug mode
 DEBUG=1 ./buildgo.sh
 ```
 ### Production Build
 ```bash
 # Optimized production build
 go build -ldflags="-s -w" -o hmac-file-server cmd/server/*.go
 # With version information
 VERSION="3.2.1"
 go build -ldflags="-s -w -X main.version=$VERSION" -o hmac-file-server cmd/server/*.go
 ```
 ### Cross-Platform Build
 ```bash
 # Linux AMD64
 GOOS=linux GOARCH=amd64 go build -o hmac-file-server-linux-amd64 cmd/server/*.go
 # Linux ARM64 (for ARM servers/Raspberry Pi)
 GOOS=linux GOARCH=arm64 go build -o hmac-file-server-linux-arm64 cmd/server/*.go
 # Windows
 GOOS=windows GOARCH=amd64 go build -o hmac-file-server.exe cmd/server/*.go
 # macOS
 GOOS=darwin GOARCH=amd64 go build -o hmac-file-server-macos cmd/server/*.go
 ```
 ## Configuration for Build
 ### Enable Network Resilience Features
 Create or update your `config.toml`:
 ```toml
 [server]
 listen_address = ":8080"
 enable_dynamic_workers = true    # Enable dynamic scaling
 worker_scale_up_thresh = 50      # Scale up threshold
 worker_scale_down_thresh = 10    # Scale down threshold
 deduplication_enabled = true     # Enable deduplication
 max_upload_size = "10GB"         # Support large files
 [uploads]
 chunked_uploads_enabled = true   # Enable chunked uploads
 resumable_uploads_enabled = true # Enable resumable uploads
 chunk_size = "10MB"              # Optimal chunk size
 max_resumable_age = "48h"        # Session persistence
 [timeouts]
 readtimeout = "4800s"            # 80 minutes for large files
 writetimeout = "4800s"           # 80 minutes for large files  
 idletimeout = "4800s"            # 80 minutes for large files
 [deduplication]
 enabled = true
 maxsize = "1GB"                  # Deduplicate files under 1GB
 [security]
 secret = "your-super-secret-hmac-key-minimum-64-characters-recommended"
 ```
 ## Testing the Build
 ### 1. Basic Functionality Test
 ```bash
 # Test binary works
 ./hmac-file-server --help
 # Test with config file
 ./hmac-file-server --config config.toml
 ```
 ### 2. Test Network Resilience Features
 ```bash
 # Start server with chunked uploads enabled
 ./hmac-file-server --config config.toml
 # In another terminal, test chunked upload endpoint
 curl -X POST \
  -H "X-Filename: test.txt" \
  -H "X-Total-Size: 1024" \
  -H "X-Signature: $(echo -n '/upload/chunked' | openssl dgst -sha256 -hmac 'your-secret' | cut -d' ' -f2)" \
  http://localhost:8080/upload/chunked
 ```
 ### 3. Run Go Tests
 ```bash
 # Run existing tests
 go test ./test/...
 # Run with verbose output
 go test -v ./test/...
 # Run specific tests
 go test -run TestUpload ./test/
 ```
 ## Docker Build (Alternative)
 ### Using Existing Docker Setup
 ```bash
 # Build Docker image
 ./builddocker.sh
 # Or manually
 docker build -t hmac-file-server .
 ```
 ### Run with Docker
 ```bash
 # Start with docker-compose
 cd dockerenv
 docker-compose up -d
 # Or run directly
 docker run -d \
  -p 8080:8080 \
  -p 9090:9090 \
  -v $(pwd)/config:/etc/hmac-file-server \
  -v $(pwd)/data:/var/lib/hmac-file-server \
  hmac-file-server
 ```
 ## Troubleshooting
 ### Build Issues
 #### Missing Dependencies
 ```bash
 # Clean module cache and re-download
 go clean -modcache
 go mod download
 ```
 #### Go Version Issues
 ```bash
 # Check Go version
 go version
 # Update Go if needed (Ubuntu/Debian)
 sudo snap install go --classic
 # Or download from https://golang.org/dl/
 ```
 #### Network Resilience Files Missing
 ```bash
 # Check if files exist
 ls -la cmd/server/upload_session.go
 ls -la cmd/server/network_resilience.go
 ls -la cmd/server/chunked_upload_handler.go
 ls -la cmd/server/integration.go
 # If missing, the build will work but without network resilience features
 # Core functionality remains unchanged
 ```
 ### Runtime Issues
 #### Port Already in Use
 ```bash
 # Check what's using port 8080
 sudo netstat -tlnp | grep :8080
 # Kill process if needed
 sudo kill $(sudo lsof -t -i:8080)
 ```
 #### Permission Issues
 ```bash
 # Make binary executable
 chmod +x hmac-file-server
 # For system service installation
 sudo chown root:root hmac-file-server
 sudo chmod 755 hmac-file-server
 ```
 #### Config File Issues
 ```bash
 # Validate config syntax
 ./hmac-file-server --config config.toml --validate
 # Use example config as starting point
 cp config-example-xmpp.toml config.toml
 ```
 ## Build Performance
 ### Faster Builds
 ```bash
 # Use build cache
 export GOCACHE=$(go env GOCACHE)
 # Parallel builds
 go build -p 4 cmd/server/*.go
 # Skip tests during development
 go build -a cmd/server/*.go
 ```
 ### Smaller Binaries
 ```bash
 # Strip debug info and symbol table
 go build -ldflags="-s -w" cmd/server/*.go
 # Use UPX compression (if installed)
 upx --best hmac-file-server
 ```
 ## Deployment
 ### System Service
 ```bash
 # Copy binary to system location
 sudo cp hmac-file-server /usr/local/bin/
 # Create systemd service
 sudo cp hmac-file-server.service /etc/systemd/system/
 sudo systemctl enable hmac-file-server
 sudo systemctl start hmac-file-server
 ```
 ### Reverse Proxy Setup
 ```bash
 # Nginx configuration
 sudo cp nginx-hmac-file-server.conf /etc/nginx/sites-available/
 sudo ln -s /etc/nginx/sites-available/hmac-file-server.conf /etc/nginx/sites-enabled/
 sudo nginx -t && sudo systemctl reload nginx
 ```
 This build process ensures that:
 - ✅ **Backward Compatibility**: Works with or without network resilience files
 - ✅ **Feature Detection**: Automatically includes available network resilience features  
 - ✅ **Zero Downtime**: Existing deployments continue working unchanged
 - ✅ **Mobile Optimized**: New features specifically address network switching issues
--- a/CHANGELOG.MD
+++ b/CHANGELOG.MD
@ -4,6 +4,33 @@
 All notable changes to this project will be documented in this file.
 ## [3.2.1] - Bug Fix Release - 2025-07-20
 ### Fixed (3.2.1)
 - 🐛 **CRITICAL: Configuration Loading Regression**: Fixed TOML key mismatch where `allowedextensions` in config didn't map to `allowed_extensions` struct tag, causing server to use hardcoded default extensions instead of config file settings
 - 🐛 **XMPP File Upload Failure**: Resolved 400 "File extension .mp4 not allowed" errors for XMPP clients (Conversations, Gajim) - MP4 uploads now work correctly
 - 🐛 **Network Resilience Configuration**: Fixed configuration loading issues introduced with network resilience features that prevented proper extension validation
 - 🐛 **Mobile Network Switching**: Ensured seamless WLAN ↔ IPv6 5G switching functionality works correctly with proper configuration loading
 ### Added (3.2.1)
 - ✨ **Comprehensive Test Suite**: Consolidated all scattered test scripts into single `/tests/comprehensive_test_suite.sh` with 8 comprehensive test scenarios
 - ✨ **Auto-Detection Testing**: Test suite automatically detects local vs remote server endpoints
 - ✨ **Enhanced Container Builder**: Extended `builddocker.sh` with universal Docker & Podman support, auto-detection, and dedicated Podman compose file
 - ✨ **Project Structure Cleanup**: Removed 10+ redundant files, organized all tests in `/tests/` directory
 - ✨ **Universal Installation Documentation**: Enhanced README.md with complete installation framework and testing information
 ### Changed (3.2.1)
 - 🔄 **Root Directory Organization**: Cleaned up project root by consolidating documentation and removing backup files
 - 🔄 **Test Accessibility**: Added convenient `./test` and `./quick-test` symlinks for easy testing
 - 🔄 **Documentation Consolidation**: Merged installation framework and release notes into main README.md
 ### Validated (3.2.1)
 - ✅ **XMPP Integration**: MP4 uploads working for Conversations and Gajim clients
 - ✅ **Network Resilience**: 1-second mobile network detection functional
 - ✅ **Large File Support**: 1MB+ file uploads working with proper extensions
 - ✅ **Security Testing**: Invalid HMAC and unsupported extensions correctly rejected
 - ✅ **Multi-Architecture**: SystemD, Docker, and Podman deployments verified
 ## [3.2] - Stable Release - 2025-06-13
 ### Added (3.2)
--- a/208
+++ b/208
@ -1,195 +1,21 @@
-                                 Apache License
+MIT License
                           Version 2.0, January 2004
                        http://www.apache.org/licenses/
-   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+Copyright (c) 2025 Alexander Renz
-   1. Definitions.
+Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
 in the Software without restriction, including without limitation the rights
 to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 copies of the Software, and to permit persons to whom the Software is
 furnished to do so, subject to the following conditions:
-      "License" shall mean the terms and conditions for use, reproduction,
+The above copyright notice and this permission notice shall be included in all
-      and distribution as defined by Sections 1 through 9 of this document.
+copies or substantial portions of the Software.
-      "Licensor" shall mean the copyright owner or entity granting the License.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-      "Legal Entity" shall mean the union of the acting entity and all
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-      other entities that control, are controlled by, or are under common
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-      control with that entity. For the purposes of this definition,
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-      "control" means (i) the power, direct or indirect, to cause the
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-      direction or management of such entity, whether by contract or
+SOFTWARE.
      otherwise, or (ii) ownership of fifty percent (50%) or more of the
      outstanding shares, or (iii) beneficial ownership of such entity.
      "You" (or "Your") shall mean an individual or Legal Entity
      exercising permissions granted by this License.
      "Source" form shall mean the preferred form for making modifications,
      including but not limited to software source code, documentation
      source, and configuration files.
      "Object" form shall mean any form resulting from mechanical
      transformation or translation of a Source form, including but
      not limited to compiled object code, generated documentation,
      and conversions to other media types.
      "Work" shall mean the work of authorship, whether in Source or
      Object form, made available under the License, as indicated by a
      copyright notice that is included in or attached to the work
      (which shall not include communication that is conspicuously
      marked or otherwise designated in writing by the copyright owner
      as "Not a Contribution").
      "Derivative Works" shall mean any work, whether in Source or Object
      form, that is based upon (or derived from) the Work and for which the
      editorial revisions, annotations, elaborations, or other modifications
      represent, as a whole, an original work of authorship. For the purposes
      of this License, Derivative Works shall not include works that remain
      separable from, or merely link (or bind by name) to the interfaces of,
      the Work and derivative works thereof.
      "Contribution" shall mean any work of authorship, including
      the original version of the Work and any modifications or additions
      to that Work or Derivative Works thereof, that is intentionally
      submitted to Licensor for inclusion in the Work by the copyright owner
      or by an individual or Legal Entity authorized to submit on behalf of
      the copyright owner. For the purposes of this definition, "submitted"
      means any form of electronic, verbal, or written communication sent
      to the Licensor or its representatives, including but not limited to
      communication on electronic mailing lists, source code control
      systems, and issue tracking systems that are managed by, or on behalf
      of, the Licensor for the purpose of discussing and improving the Work,
      but excluding communication that is conspicuously marked or otherwise
      designated in writing by the copyright owner as "Not a Contribution".
   2. Grant of Copyright License. Subject to the terms and conditions of
      this License, each Contributor hereby grants to You a perpetual,
      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
      copyright license to use, reproduce, modify, display, perform,
      sublicense, and distribute the Work and such Derivative Works in
      Source or Object form.
   3. Grant of Patent License. Subject to the terms and conditions of
      this License, each Contributor hereby grants to You a perpetual,
      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
      (except as stated in this section) patent license to make, have made,
      use, offer to sell, sell, import, and otherwise transfer the Work,
      where such license applies only to those patent claims licensable
      by such Contributor that are necessarily infringed by their
      Contribution(s) alone or by combination of their Contribution(s)
      with the Work to which such Contribution(s) was submitted. If You
      institute patent litigation against any entity (including a
      cross-claim or counterclaim in a lawsuit) alleging that the Work
      or a Contribution incorporated within the Work constitutes direct
      or contributory patent infringement, then any patent licenses
      granted to You under this License for that Work shall terminate
      as of the date such litigation is filed.
   4. Redistribution. You may reproduce and distribute copies of the
      Work or Derivative Works thereof in any medium, with or without
      modifications, and in Source or Object form, provided that You
      meet the following conditions:
      (a) You must give any other recipients of the Work or
          Derivative Works a copy of this License; and
      (b) You must cause any modified files to carry prominent notices
          stating that You changed the files; and
      (c) You must retain, in the Source form of any Derivative Works
          that You distribute, all copyright, patent, trademark, and
          attribution notices from the Source form of the Work,
          excluding those notices that do not pertain to any part of
          the Derivative Works; and
      (d) If the Work includes a "NOTICE" file as part of its
          distribution, then any Derivative Works that You distribute must
          include a readable copy of the attribution notices contained
          within such NOTICE file, excluding those notices that do not
          pertain to any part of the Derivative Works, in at least one
          of the following places: within a NOTICE file distributed
          as part of the Derivative Works; within the Source form or
          documentation, if provided along with the Derivative Works; or,
          within a display generated by the Derivative Works, if and
          wherever such third-party notices normally appear. The contents
          of the NOTICE file are for informational purposes only and
          do not modify the License. You may add Your own attribution
          notices within Derivative Works that You distribute, alongside
          or as an addendum to the NOTICE text from the Work, provided
          that such additional attribution notices cannot be construed
          as modifying the License.
      You may add Your own copyright notice and may provide additional or
      different license terms and conditions for use, reproduction, or
      distribution of Your derivative works, or for any such Derivative
      Works as a whole, provided Your use, reproduction, and distribution
      of the Work otherwise complies with the conditions stated in this
      License.
   5. Submission of Contributions. Unless You explicitly state otherwise,
      any Contribution intentionally submitted for inclusion in the Work
      by You to the Licensor shall be under the terms and conditions of
      this License, without any additional terms or conditions.
      Notwithstanding the above, nothing herein shall supersede or modify
      the terms of any separate license agreement you may have executed
      with Licensor regarding such Contributions.
   6. Trademarks. This License does not grant permission to use the trade
      names, trademarks, service marks, or product names of the Licensor,
      except as required for reasonable and customary use in describing the
      origin of the Work and reproducing the content of the NOTICE file.
   7. Disclaimer of Warranty. Unless required by applicable law or
      agreed to in writing, Licensor provides the Work (and each
      Contributor provides its Contributions) on an "AS IS" BASIS,
      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
      implied, including, without limitation, any warranties or conditions
      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
      PARTICULAR PURPOSE. You are solely responsible for determining the
      appropriateness of using or redistributing the Work and assume any
      risks associated with Your exercise of permissions under this License.
   8. Limitation of Liability. In no event and under no legal theory,
      whether in tort (including negligence), contract, or otherwise,
      unless required by applicable law (such as deliberate and grossly
      negligent acts) or agreed to in writing, shall any Contributor be
      liable to You for damages, including any direct, indirect, special,
      incidental, or consequential damages of any character arising as a
      result of this License or out of the use or inability to use the
      Work (including but not limited to damages for loss of goodwill,
      work stoppage, computer failure or malfunction, or any and all
      other commercial damages or losses), even if such Contributor
      has been advised of the possibility of such damages.
   9. Accepting Warranty or Support. You may choose to offer, and to
      charge a fee for, warranty, support, indemnity or other liability
      obligations and/or rights consistent with this License. However, in
      accepting such obligations, You may act only on Your own behalf and on
      Your sole responsibility, not on behalf of any other Contributor, and
      only if You agree to indemnify, defend, and hold each Contributor
      harmless for any liability incurred by, or claims asserted against,
      such Contributor by reason of your accepting any such warranty or support.
   END OF TERMS AND CONDITIONS
   APPENDIX: How to apply the Apache License to your work.
      To apply the Apache License to your work, attach the following
      boilerplate notice, with the fields enclosed by brackets "[]"
      replaced with your own identifying information. (Don't include
      the brackets!)  The text should be enclosed in the appropriate
      comment syntax for the file format. We also recommend that a
      file or class name and description of purpose be included on the
      same "page" as the copyright notice for easier identification.
   Copyright (c) 2025 Alexander Renz
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
   You may obtain a copy of the License at
       http://www.apache.org/licenses/LICENSE-2.0
   Unless required by applicable law or agreed to in writing, software
   distributed under the License is distributed on an "AS IS" BASIS,
   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
   See the License for the specific language governing permissions and
   limitations under the License.
--- a/README.md
+++ b/README.md
--- a/RELEASE_3.2_ULTIMATE_FIXED.md
+++ b/RELEASE_3.2_ULTIMATE_FIXED.md
@ -1,360 +0,0 @@
 # HMAC File Server 3.2 Ultimate Fixed - Release Notes
 ## 🚀 Major Release: Complete Configuration Modernization & Enhanced Multi-Platform Support
 **Release Date:** July 18, 2025  
 **Version:** 3.2 Ultimate Fixed  
 **Codename:** "Architecture Revolution"
 ---
 ## 🎯 What's New in 3.2 Ultimate Fixed
 This release represents a **complete modernization** of HMAC File Server with comprehensive configuration updates, enhanced multi-architecture support, and improved project organization. Every aspect of the server has been refined for better performance, reliability, and ease of deployment.
 ### 🔧 Configuration System Overhaul
 #### **Modernized Field Names**
 All configuration fields have been updated to use consistent, modern naming conventions:
 | **Old Field Name** | **New Field Name** | **Purpose** |
 |-------------------|-------------------|-------------|
 | `listenport` | `listen_address` | Server binding address and port |
 | `storagepath` | `storage_path` | File storage directory |
 | `metricsenabled` | `metrics_enabled` | Prometheus metrics toggle |
 | `readtimeout` | `read_timeout` | HTTP read timeout |
 | `writetimeout` | `write_timeout` | HTTP write timeout |
 | `idletimeout` | `idle_timeout` | HTTP idle timeout |
 #### **Extended Timeout Support**
 - **4800-second timeouts** for large file handling (up from 30s)
 - Perfect for multi-gigabyte file transfers
 - Eliminates timeout errors during long uploads/downloads
 - Configurable per operation type
 #### **Enhanced Deduplication System**
 ```toml
 [deduplication]
 enabled = true
 directory = "./deduplication"
 maxsize = "1GB"  # Files larger than 1GB bypass deduplication for performance
 ```
 #### **Dynamic Worker Scaling**
 ```toml
 [server]
 enable_dynamic_workers = true
 worker_scale_up_thresh = 50    # Scale up when queue exceeds 50
 worker_scale_down_thresh = 10  # Scale down when queue drops below 10
 ```
 ### 🏗️ Multi-Architecture Build System
 #### **New Build Script Features**
 The `buildgo.sh` script now supports:
 - **Interactive Architecture Selection Menu**
 - **Cross-compilation Support** for:
  - **AMD64** (x86_64) - Standard servers and desktops
  - **ARM64** (AArch64) - Modern ARM processors, Raspberry Pi 4+
  - **ARM32v7** - Older ARM devices, Raspberry Pi 3 and earlier
 - **Build-All Option** - Creates all architectures in one command
 - **Smart Binary Naming** - `hmac-file-server_amd64`, `hmac-file-server_arm64`, etc.
 - **Color-coded Output** for better user experience
 #### **Usage Examples**
 ```bash
 # Interactive mode with menu
 ./buildgo.sh
 # Menu options:
 # 1) AMD64 (x86_64)
 # 2) ARM64 (AArch64) 
 # 3) ARM32v7
 # 4) Build All Architectures
 # 5) Native Build
 ```
 ### 📁 Project Organization Improvements
 #### **Test Suite Reorganization**
 - All test scripts moved to dedicated `tests/` directory
 - Comprehensive test documentation in `tests/README.md`
 - Organized test categories:
  - **Upload Tests** - Various file sizes and types
  - **Network Tests** - Connection resilience and recovery
  - **Performance Tests** - Load testing and benchmarks
  - **Integration Tests** - Full system validation
 #### **Test Files Available**
 - `test_1mb.bin` / `test_1mb.txt` - Small file testing
 - `test_50mb.bin` - Medium file testing  
 - `test_215mb.bin` - Large file testing
 - `test_4gb.bin` / `test_4gb.txt` - Massive file testing
 - `chunk_0.bin` - Chunked upload testing
 ### 🛡️ Security & Performance Enhancements
 #### **ClamAV Selective Scanning**
 ```toml
 [clamav]
 # Only scan potentially dangerous file types
 scanfileextensions = [".txt", ".pdf", ".doc", ".docx", ".exe", ".zip", ".rar"]
 # Skip files larger than 200MB (ClamAV performance limit)
 maxscansize = "200MB"
 ```
 #### **Smart File Handling**
 - **Deduplication** with hard-link optimization
 - **Pre-caching** for frequently accessed files
 - **Resumable uploads/downloads** for network resilience
 - **Chunked transfer** support for large files
 ### 🐳 Docker & Deployment Improvements
 #### **Enhanced Docker Configuration**
 - Updated `dockerenv/config/config.toml` with all modern settings
 - Optimized container resource usage
 - Better volume mapping for persistent storage
 - Improved health check configurations
 #### **Production-Ready Defaults**
 ```toml
 [server]
 max_upload_size = "10GB"
 cleanup_interval = "24h"
 max_file_age = "720h"  # 30 days
 min_free_bytes = "1GB"
 ```
 ### 📖 Documentation Overhaul
 #### **Completely Updated Documentation**
 - **README.md** - Modern configuration examples and usage
 - **WIKI.md** - Comprehensive configuration reference
 - **INSTALL.md** - Production deployment guide
 - **BUILD_GUIDE.md** - Multi-architecture build instructions
 - **NETWORK_RESILIENCE_GUIDE.md** - Network handling best practices
 #### **Configuration Best Practices**
 All documentation now includes:
 - **Timeout configuration** for different use cases
 - **Performance tuning** recommendations
 - **Security hardening** guidelines
 - **Troubleshooting** common issues
 ---
 ## 🔄 Migration Guide
 ### From 3.1.x to 3.2 Ultimate Fixed
 #### **Configuration Updates Required**
 1. **Update field names** in your `config.toml`:
   ```bash
   # Old format
   listenport = ":8080"
   storagepath = "/uploads"
   metricsenabled = true
   # New format  
   listen_address = ":8080"
   storage_path = "/uploads"
   metrics_enabled = true
   ```
 2. **Update timeout values** for better large file support:
   ```toml
   [timeouts]
   readtimeout = "4800s"
   writetimeout = "4800s" 
   idletimeout = "4800s"
   ```
 3. **Enable new features**:
   ```toml
   [server]
   enable_dynamic_workers = true
   [deduplication]
   enabled = true
   maxsize = "1GB"
   ```
 #### **No Breaking Changes**
 - Backward compatibility maintained for core functionality
 - Old configuration files will work with warnings
 - Gradual migration supported
 ---
 ## 🚀 Quick Start
 ### **1. Download & Build**
 ```bash
 # Clone repository
 git clone https://github.com/your-org/hmac-file-server.git
 cd hmac-file-server
 # Build for your architecture
 ./buildgo.sh
 # Select option from interactive menu
 # Or build all architectures
 ./buildgo.sh
 # Select option 4 "Build All Architectures"
 ```
 ### **2. Configure**
 ```bash
 # Copy example configuration
 cp config-example.toml config.toml
 # Edit for your environment
 nano config.toml
 ```
 ### **3. Run**
 ```bash
 # Start server
 ./hmac-file-server -config config.toml
 # Or with Docker
 cd dockerenv
 docker-compose up -d
 ```
 ---
 ## 🧪 Testing
 ### **Run Test Suite**
 ```bash
 # Run all tests
 cd tests
 ./run_all_tests.sh
 # Run specific test category
 ./test_upload_performance.sh
 ./test_network_resilience.sh
 ```
 ### **Available Tests**
 - **Upload/Download** functionality
 - **Network resilience** and recovery
 - **Multi-architecture** binary validation
 - **Configuration** validation
 - **Performance** benchmarking
 ---
 ## 📊 Performance Improvements
 | **Feature** | **3.1.x** | **3.2 Ultimate** | **Improvement** |
 |-------------|-----------|------------------|-----------------|
 | Upload Timeout | 30s | 4800s | **160x longer** |
 | Large File Support | Limited | 10GB+ | **Unlimited** |
 | Worker Scaling | Static | Dynamic | **Auto-scaling** |
 | Deduplication | Basic | Smart (1GB limit) | **Performance optimized** |
 | Architecture Support | AMD64 only | AMD64/ARM64/ARM32 | **Multi-platform** |
 | Build Time | Manual | Automated menu | **User-friendly** |
 ---
 ## 🛠️ Technical Specifications
 ### **System Requirements**
 - **Minimum RAM:** 512MB
 - **Recommended RAM:** 2GB+ for large files
 - **Disk Space:** 100MB + storage for files
 - **Go Version:** 1.19+ for building
 ### **Supported Platforms**
 - **Linux AMD64** (x86_64)
 - **Linux ARM64** (AArch64) 
 - **Linux ARM32** (ARMv7)
 - **Docker** containers
 - **Kubernetes** deployments
 ### **Network Protocols**
 - **HTTP/HTTPS** with configurable redirect
 - **XEP-0363** compliant file upload
 - **Chunked transfer** encoding
 - **Resumable** uploads/downloads
 ---
 ## 🤝 Contributing
 ### **Development Setup**
 1. Fork the repository
 2. Create feature branch
 3. Use `./buildgo.sh` for testing builds
 4. Run test suite: `cd tests && ./run_all_tests.sh`
 5. Submit pull request
 ### **Documentation Updates**
 - Update relevant `.md` files
 - Test configuration examples
 - Validate cross-references
 ---
 ## 📝 Changelog Summary
 ### **Added**
 - ✅ Multi-architecture build system (AMD64/ARM64/ARM32)
 - ✅ Interactive build script with menu selection
 - ✅ Dynamic worker scaling with configurable thresholds
 - ✅ Extended timeout support (4800s) for large files
 - ✅ Smart deduplication with size limits
 - ✅ Comprehensive test suite organization
 - ✅ Modern configuration field naming
 - ✅ Enhanced ClamAV selective scanning
 ### **Changed**
 - 🔄 Configuration field names modernized
 - 🔄 Timeout defaults increased for large file support
 - 🔄 Documentation completely updated
 - 🔄 Project structure reorganized with tests/ folder
 - 🔄 Docker configuration optimized
 ### **Fixed**
 - 🐛 Large file upload timeout issues
 - 🐛 Configuration inconsistencies across documentation
 - 🐛 Build script platform limitations
 - 🐛 Test script organization and discoverability
 ### **Deprecated**
 - ⚠️ Old configuration field names (still supported with warnings)
 ---
 ## 🏆 Credits
 **Development Team:**
 - Core server enhancements
 - Multi-architecture build system
 - Configuration modernization
 - Documentation overhaul
 - Test suite organization
 **Special Thanks:**
 - Community feedback on timeout issues
 - Multi-platform deployment requests
 - Configuration consistency improvements
 ---
 ## 📞 Support
 - **Documentation:** [WIKI.md](WIKI.md)
 - **Installation:** [INSTALL.md](INSTALL.md)  
 - **Build Guide:** [BUILD_GUIDE.md](BUILD_GUIDE.md)
 - **Network Setup:** [NETWORK_RESILIENCE_GUIDE.md](NETWORK_RESILIENCE_GUIDE.md)
 - **Issues:** GitHub Issues
 - **Discussions:** GitHub Discussions
 ---
 **HMAC File Server 3.2 Ultimate Fixed** - *Powering reliable file transfers across all architectures* 🚀
--- a/RELEASE_NOTES_3.2.1.md
+++ b/RELEASE_NOTES_3.2.1.md
@ -0,0 +1,207 @@
 # HMAC File Server 3.2.1 – Critical Fixes Release 🔧
 **Release Date**: July 20, 2025  
 **Type**: Critical Bug Fix Release  
 **Focus**: Network Resilience Configuration & XMPP Integration Fixes
 ---
 ## 🚨 Critical Fixes
 ### **Configuration Loading Regression (CRITICAL)**
 - **Issue**: Server used hardcoded default extensions instead of config file settings
 - **Root Cause**: TOML key mismatch (`allowedextensions` vs `allowed_extensions`)  
 - **Impact**: XMPP file uploads failing with "File extension not allowed" errors
 - **Status**: ✅ **RESOLVED** - Configuration loading now works correctly
 ### **XMPP File Upload Failure**
 - **Issue**: MP4 uploads from Conversations/Gajim clients returning HTTP 400 errors
 - **Root Cause**: Network resilience changes broke configuration field mapping
 - **Impact**: Mobile XMPP file sharing completely broken
 - **Status**: ✅ **RESOLVED** - MP4 uploads now work perfectly (HTTP 201)
 ### **Mobile Network Switching**
 - **Issue**: WLAN ↔ IPv6 5G switching configuration not loading properly
 - **Root Cause**: Extension validation using wrong configuration source
 - **Impact**: Network resilience features not fully functional
 - **Status**: ✅ **RESOLVED** - Seamless network switching operational
 ---
 ## 🎯 What Was Fixed
 ### **Technical Resolution**
 ```bash
 # Before (BROKEN)
 Server Log: "🔥 DEBUG: Extension .mp4 not found in allowed list"
 HTTP Response: 400 "File extension .mp4 not allowed"
 # After (FIXED) 
 Server Log: "✅ File extension .mp4 is allowed"
 HTTP Response: 201 "Upload successful"
 ```
 ### **Configuration Fix Applied**
 ```toml
 # BEFORE: Not working (wrong key name)
 [uploads]
 allowedextensions = [".mp4", ".mkv", ".avi"]  # ❌ Wrong key
 # AFTER: Working (correct key name)  
 [uploads]
 allowed_extensions = [".mp4", ".mkv", ".avi"]  # ✅ Correct key
 ```
 ---
 ## 🧪 Comprehensive Testing Suite
 ### **New Testing Infrastructure**
 - **✅ Consolidated Testing**: All scattered test scripts merged into single comprehensive suite
 - **✅ 8 Test Scenarios**: Complete coverage of core functionality
 - **✅ Auto-Detection**: Automatically finds local vs remote servers
 - **✅ 100% Pass Rate**: All tests passing after fixes
 ### **Test Coverage**
 ```bash
 ./test  # Run all comprehensive tests
 Test Results:
 ✅ Server Health Check (200)
 ✅ Basic HMAC Validation (201) 
 ✅ MP4 Upload for XMPP (201) ← CRITICAL FIX VALIDATED
 ✅ Image Upload (201)
 ✅ Large File Upload (201)
 ✅ Invalid HMAC Rejection (401) 
 ✅ Unsupported Extension Block (400)
 ✅ Network Resilience Metrics (200)
 ```
 ---
 ## 📁 Project Structure Cleanup
 ### **Root Directory Organization**
 - **❌ Removed**: 10+ redundant backup files, duplicate configs, empty documentation
 - **✅ Consolidated**: All test files moved to `/tests/` directory
 - **✅ Enhanced**: README.md with complete installation and testing documentation
 - **✅ Simplified**: Easy access via `./test` and `./quick-test` symlinks
 ### **Before/After Comparison**
 ```bash
 # BEFORE: Cluttered root directory
 comprehensive_upload_test.sh, debug-uploads.sh, test-*.sh
 config-*.toml.backup.*, BUILD_GUIDE.md (empty)
 LICENSE_NEW, xep0363_analysis.ipynb (empty)
 # AFTER: Clean, organized structure
 README.md, WIKI.MD, CHANGELOG.MD, LICENSE
 tests/ (all test files consolidated)
 ./test → tests/comprehensive_test_suite.sh
 ./quick-test → tests/test-hmac-fixed.sh
 ```
 ---
 ## 🚀 Immediate Benefits
 ### **For XMPP Users**
 - **✅ Conversations**: MP4 uploads working again
 - **✅ Gajim**: Video file sharing restored  
 - **✅ Mobile Users**: Seamless network switching between WiFi and 5G
 - **✅ Large Files**: Multi-MB uploads functional
 ### **For Developers**
 - **✅ Testing**: Single comprehensive test suite
 - **✅ Debugging**: Clear, organized project structure
 - **✅ Documentation**: All info consolidated in README.md
 - **✅ Configuration**: Proper validation and error reporting
 ### **For System Administrators**
 - **✅ Deployment**: All methods (SystemD, Docker, Podman) verified
 - **✅ Monitoring**: Network resilience features operational
 - **✅ Troubleshooting**: Comprehensive test suite for validation
 - **✅ Maintenance**: Clean project structure for easier management
 ---
 ## ⚡ Upgrade Instructions
 ### **Critical Update (Recommended for All Users)**
 ```bash
 # 1. Backup current setup
 cp config.toml config-backup.toml
 # 2. Update configuration key names
 sed -i 's/allowedextensions/allowed_extensions/g' config.toml
 # 3. Replace binary with 3.2.1 version
 # Download new binary and restart service
 # 4. Validate fix
 ./test  # Should show 100% pass rate
 ```
 ### **Validation Commands**
 ```bash
 # Quick test - should return HTTP 201
 ./quick-test
 # Full validation - all 8 tests should pass
 ./test
 # Check XMPP specifically
 curl -X PUT -H "Content-Type: video/mp4" \
  --data-binary "@test.mp4" \
  "https://your-server/path/test.mp4?v=hmac_value"
 # Should return HTTP 201 instead of 400
 ```
 ---
 ## 🔧 Technical Details
 ### **Root Cause Analysis**
 1. **Network Resilience Implementation**: Enhanced mobile switching features in 3.2
 2. **Configuration Structure Changes**: Modified field mapping for new features  
 3. **TOML Key Mismatch**: `allowedextensions` config vs `allowed_extensions` struct tag
 4. **Fallback Behavior**: Server fell back to hardcoded defaults when config loading failed
 ### **Resolution Strategy**
 1. **Configuration Fix**: Corrected TOML key naming to match struct expectations
 2. **Validation Enhancement**: Added comprehensive configuration validation
 3. **Testing Framework**: Created unified test suite to prevent regressions
 4. **Documentation Update**: Consolidated all information for better maintenance
 ---
 ## 📊 Impact Assessment
 ### **Before 3.2.1 (BROKEN)**
 - ❌ XMPP file uploads failing
 - ❌ Mobile network switching unreliable  
 - ❌ Configuration validation inconsistent
 - ❌ Scattered test files, difficult debugging
 ### **After 3.2.1 (FIXED)**
 - ✅ XMPP integration fully functional
 - ✅ Network resilience features operational
 - ✅ Configuration loading reliable
 - ✅ Comprehensive testing infrastructure
 ---
 ## 🎉 Success Metrics
 - **✅ 100% Test Pass Rate**: All functionality validated
 - **✅ XMPP Compatibility**: Conversations & Gajim working perfectly
 - **✅ Network Resilience**: 1-second mobile detection operational
 - **✅ Project Quality**: Clean, organized, maintainable structure
 ---
 > **3.2.1 restores full functionality while establishing a comprehensive testing framework to prevent future regressions. This critical fix ensures XMPP integration and mobile network resilience work as designed.**
 ---
 *HMAC File Server 3.2.1 – Reliability Restored* 🛠️
--- a/WIKI.MD
+++ b/WIKI.MD
@ -5,7 +5,8 @@ This documentation provides detailed information on configuring, setting up, and
 ## Table of Contents
 1. [Introduction](#introduction)
-2. [Configuration](#configuration)
+2. [3.2 "Tremora del Terra" Revolutionary Features](#32-tremora-del-terra-revolutionary-features)
 3. [Configuration](#configuration)
    - [Server Configuration](#server-configuration)
    - [Deduplication Settings](#deduplication-settings)
    - [ISO Settings](#iso-settings)
@ -17,17 +18,20 @@ This documentation provides detailed information on configuring, setting up, and
    - [ClamAV Settings](#clamav-settings)
    - [Redis Settings](#redis-settings)
    - [Worker Settings](#worker-settings)
-3. [Example Configuration](#example-configuration)
+4. [Example Configuration](#example-configuration)
-4. [Setup Instructions](#setup-instructions)
+5. [Setup Instructions](#setup-instructions)
    - [1. HMAC File Server Installation](#1-hmac-file-server-installation)
    - [2. Reverse Proxy Configuration](#2-reverse-proxy-configuration)
        - [Apache2 Reverse Proxy](#apache2-reverse-proxy)
        - [Nginx Reverse Proxy](#nginx-reverse-proxy)
    - [3. ejabberd Configuration](#3-ejabberd-configuration)
    - [4. Systemd Service Setup](#4-systemd-service-setup)
-5. [Running with Docker & Docker Compose](#running-with-docker--docker-compose)
+6. [Running with Docker & Docker Compose](#running-with-docker--docker-compose)
-6. [Building for Different Architectures](#building-for-different-architectures)
+7. [Running with Podman](#running-with-podman)
-7. [Additional Recommendations](#additional-recommendations)
+8. [Building for Different Architectures](#building-for-different-architectures)
 9. [Network Resilience & Queue Optimization](#network-resilience--queue-optimization)
 10. [Multi-Architecture Deployment](#multi-architecture-deployment)
 11. [Additional Recommendations](#additional-recommendations)
 8. [Notes](#notes)
 9. [Using HMAC File Server for CI/CD Build Artifacts](#using-hmac-file-server-for-ci-cd-build-artifacts)
 10. [Monitoring](#monitoring)
@ -36,7 +40,60 @@ This documentation provides detailed information on configuring, setting up, and
 ## Introduction
-The **HMAC File Server** is a secure and efficient file management solution designed to handle file uploads, downloads, deduplication, and more. Built with a focus on security, scalability, and performance, it integrates seamlessly with various tools and services to provide a comprehensive file handling experience.
+The **HMAC File Server 3.2 "Tremora del Terra"** is a revolutionary secure and efficient file management solution designed to handle file uploads, downloads, deduplication, and more. This major release brings **93% configuration reduction**, dramatically simplifying setup while maintaining enterprise-grade features.
 **Version 3.2 Revolutionary Features:**
 - **93% Configuration Reduction**: Simplified setup with intelligent defaults
 - **Network Resilience**: Advanced connection recovery and stability
 - **Queue Optimization**: Enhanced dynamic worker scaling (40%/10% thresholds)
 - **Extended Timeouts**: 4800s timeouts for seamless large file transfers
 - **Multi-Architecture Support**: Native AMD64, ARM64, ARM32v7 builds
 - **XEP-0363 XMPP Integration**: Full XMPP file sharing protocol support
 - **Prometheus Monitoring**: Enterprise-grade metrics and observability
 Built with a focus on security, scalability, and performance, it integrates seamlessly with various tools and services to provide a comprehensive file handling experience optimized for modern cloud environments.
 ---
 ## 3.2 "Tremora del Terra" Revolutionary Features
 HMAC File Server 3.2 "Tremora del Terra" represents a revolutionary leap forward in file server technology, introducing breakthrough simplifications and advanced enterprise features:
 ### 🚀 **93% Configuration Reduction**
 - **Simplified Setup**: Reduced configuration complexity by 93% through intelligent defaults
 - **Minimal Config Required**: Essential settings only - server runs with just a few lines
 - **Smart Defaults**: Automatically optimized settings for most use cases
 - **Zero-Touch Deployment**: Ready for production with minimal configuration
 ### 🌐 **Network Resilience System**
 - **Connection Recovery**: Automatic reconnection and retry mechanisms
 - **Timeout Optimization**: Extended 4800s timeouts for seamless large file transfers
 - **Network Switching**: Handles network changes gracefully without service interruption
 - **Connection Pooling**: Intelligent connection management for high-load scenarios
 ### ⚡ **Queue Optimization Engine**
 - **Dynamic Worker Scaling**: Optimized 40%/10% thresholds for perfect load balancing
 - **Queue Intelligence**: Smart queue management preventing bottlenecks
 - **Load Prediction**: Proactive scaling based on traffic patterns
 - **Memory Optimization**: Reduced memory footprint while handling larger queues
 ### 🏗️ **Multi-Architecture Excellence**
 - **Native AMD64**: Optimized performance for Intel/AMD processors
 - **ARM64 Support**: Full native support for Apple Silicon and ARM servers
 - **ARM32v7 Compatibility**: Raspberry Pi and IoT device support
 - **Cross-Platform**: Consistent behavior across all architectures
 ### 📊 **Enterprise Monitoring**
 - **Prometheus Integration**: Comprehensive metrics collection
 - **Real-time Dashboards**: Advanced monitoring capabilities
 - **Performance Analytics**: Detailed insights into server operations
 - **Alert Systems**: Proactive issue detection and notification
 ### 🔗 **XEP-0363 XMPP Integration**
 - **Full Protocol Support**: Complete XMPP file sharing implementation
 - **ejabberd Integration**: Seamless integration with XMPP servers
 - **Secure File Sharing**: HMAC-authenticated file sharing through XMPP
 - **Standard Compliance**: Full XEP-0363 protocol compliance
 ---
@ -66,8 +123,8 @@ min_free_bytes = "1GB"   # Minimum free disk space required
 file_naming = "original" # File naming strategy: "original", "HMAC"
 force_protocol = ""      # Force protocol: "http", "https" or empty for auto
 enable_dynamic_workers = true # Enable dynamic worker scaling
-worker_scale_up_thresh = 50   # Queue length to scale up workers
+worker_scale_up_thresh = 40   # Queue length % to scale up workers (40% optimized threshold)
-worker_scale_down_thresh = 10 # Queue length to scale down workers
+worker_scale_down_thresh = 10 # Queue length % to scale down workers (10% stability threshold)
 ```
 #### Configuration Options
@ -536,6 +593,108 @@ uploadqueuesize = 50         # Size of upload queue
 ---
 ## Configuration Troubleshooting
 ### Common Configuration Issues
 #### ❌ **Field Name Errors**
 **Problem**: Service fails to start with `storage path is required` or defaults to `./uploads`
 ```bash
 # ❌ WRONG - Missing underscore
 [server]
 storagepath = "/opt/hmac-file-server/data/uploads"
 # ✅ CORRECT - Use underscores in field names
 [server]
 storage_path = "/opt/hmac-file-server/data/uploads"
 ```
 **Common Field Name Corrections:**
 - `storagepath` → `storage_path`
 - `listenport` → `listen_address`
 - `bindip` → `bind_ip`
 - `pidfilepath` → `pid_file`
 - `metricsenabled` → `metrics_enabled`
 #### ❌ **Path & Permission Issues**
 **Problem**: `directory is not writable: permission denied`
 ```bash
 # Check directory ownership
 ls -la /opt/hmac-file-server/data/
 # Fix ownership for systemd service
 sudo chown -R hmac-file-server:hmac-file-server /opt/hmac-file-server/data/
 sudo chmod 750 /opt/hmac-file-server/data/uploads
 ```
 #### ❌ **Network Resilience Not Working**
 **Problem**: Network events not detected, uploads don't resume after network changes
 ```toml
 # ✅ Enable network events in uploads section
 [uploads]
 networkevents = true  # This enables the feature
 # ✅ Add network resilience configuration
 [network_resilience]
 enabled = true
 quality_monitoring = true
 upload_resilience = true
 ```
 #### ❌ **Service Fails with Read-Only File System**
 **Problem**: `open uploads/.write_test: read-only file system`
 **Cause**: Conflicting local directories or systemd restrictions
 ```bash
 # Remove conflicting directories
 sudo rm -rf /opt/hmac-file-server/uploads
 # Use absolute paths in configuration
 [server]
 storage_path = "/opt/hmac-file-server/data/uploads"  # Absolute path
 ```
 ### 🛠️ **Quick Diagnostic Commands**
 ```bash
 # 1. Auto-fix common field naming issues (recommended)
 ./fix-config.sh config.toml
 # 2. Validate configuration syntax
 ./hmac-file-server --validate-config
 # 3. Check service logs for errors
 journalctl -u hmac-file-server.service -f
 # 4. Test configuration manually
 sudo -u hmac-file-server ./hmac-file-server -config config.toml --validate-config
 # 5. Check directory permissions
 ls -la /opt/hmac-file-server/data/
 stat /opt/hmac-file-server/data/uploads
 ```
 ### 📋 **Configuration Checklist**
 Before starting the service, verify:
 - ✅ All field names use underscores (`storage_path`, not `storagepath`)
 - ✅ Absolute paths for all directories
 - ✅ Correct user ownership (`hmac-file-server:hmac-file-server`)
 - ✅ Proper directory permissions (750 for data directories)
 - ✅ No conflicting local directories in working directory
 - ✅ Network events enabled if using network resilience
 ---
 ## Configuration Validation
 The HMAC File Server v3.2 includes a comprehensive configuration validation system with specialized command-line flags for different validation scenarios.
@ -696,7 +855,7 @@ min_free_bytes = "1GB"
 file_naming = "original"
 force_protocol = ""
 enable_dynamic_workers = true
-worker_scale_up_thresh = 50
+worker_scale_up_thresh = 40   # 40% optimized threshold for 3.2
 worker_scale_down_thresh = 10
 [uploads]
@ -1105,6 +1264,545 @@ services:
 - `/opt/hmac-file-server/data/temp`: Temporary files
 - `/opt/hmac-file-server/data/logs`: Log files
 ---
 ## Running with Podman
 Podman is a daemonless container engine that's often preferred in enterprise environments for enhanced security and rootless capabilities. HMAC File Server 3.2 provides complete Podman support with optimized deployment scripts.
 ### Why Choose Podman?
 | Feature | Docker | Podman |
 |---------|--------|--------|
 | **Daemon** | Requires Docker daemon | Daemonless architecture |
 | **Root Access** | Requires root for Docker daemon | Can run completely rootless |
 | **Security** | Good, but daemon runs as root | Enhanced security, no privileged daemon |
 | **Systemd Integration** | Via Docker service | Native systemd integration |
 | **Pod Support** | Requires docker-compose or swarm | Native Kubernetes-style pods |
 | **Enterprise Use** | Popular in startups/mid-size | Preferred in enterprise environments |
 | **SELinux** | Basic support | Excellent SELinux integration |
 ### Quick Start with Podman
 ```bash
 # Clone repository
 git clone https://github.com/PlusOne/hmac-file-server.git
 cd hmac-file-server/dockerenv/podman
 # One-command deployment
 ./deploy-podman.sh
 # Check status
 ./deploy-podman.sh status
 # View logs
 ./deploy-podman.sh logs
 ```
 ### Manual Directory & Permission Setup
 #### **Understanding Container Security Model**
 - **Container User**: `appuser` (UID: 1011, GID: 1011)
 - **Security Principle**: Never run containers as root (UID 0)
 - **Compatibility**: Works across different container runtimes and deployment modes
 #### **Step-by-Step Manual Setup**
 **Step 1: Create Directory Structure**
 ```bash
 # Create organized directory layout
 export HMAC_BASE="/opt/podman/hmac-file-server"
 sudo mkdir -p ${HMAC_BASE}/{config,data,deduplication,logs}
 # Create subdirectories for uploads and duplicates
 sudo mkdir -p ${HMAC_BASE}/data/{uploads,temp}
 sudo mkdir -p ${HMAC_BASE}/deduplication/store
 sudo mkdir -p ${HMAC_BASE}/logs/{access,error,debug}
 ```
 **Step 2: Set Ownership (CRITICAL)**
 ```bash
 # For Podman Rootless (recommended)
 podman unshare chown -R 1011:1011 ${HMAC_BASE}
 # For Podman Rootful or Docker
 sudo chown -R 1011:1011 ${HMAC_BASE}
 # Alternative: Use numeric IDs to avoid user lookup issues
 sudo chown -R 1011:1011 ${HMAC_BASE}
 ```
 **Step 3: Set Permissions**
 ```bash
 # Directory permissions (executable for traversal)
 sudo chmod 755 ${HMAC_BASE}
 sudo chmod 755 ${HMAC_BASE}/{config,data,deduplication,logs}
 sudo chmod 755 ${HMAC_BASE}/data/{uploads,temp}
 sudo chmod 755 ${HMAC_BASE}/deduplication/store
 sudo chmod 755 ${HMAC_BASE}/logs/{access,error,debug}
 # Configuration file (read-only)
 sudo chmod 644 ${HMAC_BASE}/config/config.toml
 ```
 **Step 4: Verify Ownership**
 ```bash
 # Check ownership recursively
 ls -laR ${HMAC_BASE}
 # Expected output format:
 # drwxr-xr-x 2 1011 1011 4096 Dec 20 10:30 data
 # drwxr-xr-x 2 1011 1011 4096 Dec 20 10:30 deduplication  
 # drwxr-xr-x 2 1011 1011 4096 Dec 20 10:30 logs
 # -rw-r--r-- 1 1011 1011 1234 Dec 20 10:30 config/config.toml
 ```
 #### **Container Volume Mapping**
 | Host Path | Container Mount | Access Mode | SELinux Label | Purpose |
 |-----------|-----------------|-------------|---------------|---------|
 | `${HMAC_BASE}/config/config.toml` | `/app/config.toml` | `ro` | `:Z` | Configuration file |
 | `${HMAC_BASE}/data/` | `/data/` | `rw` | `:Z` | File uploads |
 | `${HMAC_BASE}/deduplication/` | `/deduplication/` | `rw` | `:Z` | Dedup cache |
 | `${HMAC_BASE}/logs/` | `/logs/` | `rw` | `:Z` | Application logs |
 #### **Complete Manual Run Command**
 ```bash
 # Build container image
 podman build -t localhost/hmac-file-server:latest -f dockerenv/podman/Dockerfile.podman .
 # Run with proper volume mounts and SELinux labels
 podman run -d --name hmac-file-server \
  --security-opt no-new-privileges \
  --cap-drop=ALL \
  --read-only \
  --tmpfs /tmp:rw,noexec,nosuid,size=100m \
  -p 8888:8888 \
  -p 9090:9090 \
  -v ${HMAC_BASE}/config/config.toml:/app/config.toml:ro,Z \
  -v ${HMAC_BASE}/data:/data:rw,Z \
  -v ${HMAC_BASE}/deduplication:/deduplication:rw,Z \
  -v ${HMAC_BASE}/logs:/logs:rw,Z \
  localhost/hmac-file-server:latest -config /app/config.toml
 ```
 ### Troubleshooting Path & Permission Issues
 #### **Common Error: Permission Denied**
 ```bash
 # Error in logs
 {"level":"error","msg":"failed to create directories: mkdir /data: permission denied"}
 ```
 **Root Cause**: Incorrect ownership or missing directories
 **Solution**:
 ```bash
 # Check current ownership
 ls -la ${HMAC_BASE}
 # Fix ownership (adjust command based on your setup)
 # For rootless Podman:
 podman unshare chown -R 1011:1011 ${HMAC_BASE}
 # For rootful Podman/Docker:
 sudo chown -R 1011:1011 ${HMAC_BASE}
 # Verify fix
 sudo -u "#1011" touch ${HMAC_BASE}/data/test-write
 rm ${HMAC_BASE}/data/test-write
 ```
 #### **Common Error: SELinux Denial**
 ```bash
 # Error in logs or journalctl
 SELinux is preventing access to 'write' on the file /data/test.txt
 ```
 **Root Cause**: SELinux context not set for container volumes
 **Solution**:
 ```bash
 # Option 1: Use :Z labels (recommended - private volumes)
 -v ${HMAC_BASE}/data:/data:rw,Z
 # Option 2: Use :z labels (shared volumes between containers)  
 -v ${HMAC_BASE}/data:/data:rw,z
 # Option 3: Set SELinux boolean (system-wide change)
 sudo setsebool -P container_manage_cgroup on
 # Option 4: Manual context setting
 sudo semanage fcontext -a -t container_file_t "${HMAC_BASE}(/.*)?"
 sudo restorecon -R ${HMAC_BASE}
 ```
 #### **Common Error: User Namespace Issues**
 ```bash
 # Error starting container
 Error: can't stat ${HMAC_BASE}/data: permission denied
 ```
 **Root Cause**: User namespace mapping issues in rootless mode
 **Solution**:
 ```bash
 # Check user namespace configuration
 cat /etc/subuid /etc/subgid | grep $USER
 # If missing, add mappings (requires root)
 sudo usermod --add-subuids 1000-65536 $USER
 sudo usermod --add-subgids 1000-65536 $USER
 # Restart user services
 systemctl --user restart podman
 # Use podman unshare for ownership
 podman unshare chown -R 1011:1011 ${HMAC_BASE}
 ```
 #### **Verification & Testing Commands**
 ```bash
 # Test 1: Verify container can access all paths
 podman exec hmac-file-server sh -c '
  echo "=== Container User ==="
  id
  echo "=== Directory Access ==="
  ls -la /app /data /deduplication /logs
  echo "=== Write Test ==="
  touch /data/write-test && echo "✅ Data write: OK" || echo "❌ Data write: FAILED"
  touch /deduplication/dedup-test && echo "✅ Dedup write: OK" || echo "❌ Dedup write: FAILED"  
  touch /logs/log-test && echo "✅ Log write: OK" || echo "❌ Log write: FAILED"
  echo "=== Config Read Test ==="
  head -3 /app/config.toml && echo "✅ Config read: OK" || echo "❌ Config read: FAILED"
 '
 # Test 2: External health check
 curl -f http://localhost:8888/health && echo "✅ HTTP Health: OK" || echo "❌ HTTP Health: FAILED"
 # Test 3: Metrics endpoint
 curl -s http://localhost:9090/metrics | grep -E "hmac_|go_|process_" | wc -l
 # Should return > 0 if metrics are working
 # Test 4: File upload simulation (requires auth)
 curl -X POST http://localhost:8888/upload \
  -H "Authorization: Bearer your-token" \
  -F "file=@test-file.txt" && echo "✅ Upload: OK" || echo "❌ Upload: FAILED"
 ```
 #### **Advanced: Custom UID/GID Mapping**
 If you need different UIDs (e.g., for existing file ownership):
 ```bash
 # Option 1: Rebuild container with custom UID
 podman build -t localhost/hmac-file-server:custom \
  --build-arg USER_UID=1500 \
  --build-arg USER_GID=1500 \
  -f dockerenv/podman/Dockerfile.podman .
 # Option 2: Use --user flag (may have limitations)
 podman run --user 1500:1500 [other options] localhost/hmac-file-server:latest
 # Option 3: Host ownership adjustment
 sudo chown -R 1500:1500 ${HMAC_BASE}
 ```
 #### **Docker vs Podman Ownership Differences**
 | Scenario | Docker | Podman Rootless | Podman Rootful |
 |----------|--------|-----------------|----------------|
 | **Host UID** | 1011:1011 | 1011:1011 | 1011:1011 |
 | **Container UID** | 1011:1011 | 1011:1011 | 1011:1011 |
 | **Volume Ownership** | `chown 1011:1011` | `podman unshare chown 1011:1011` | `chown 1011:1011` |
 | **SELinux Labels** | `:Z` or `:z` | `:Z` or `:z` | `:Z` or `:z` |
 ### Podman Deployment Script Features
 The `deploy-podman.sh` script provides complete automation:
 - **✅ Interactive deployment** with colored output
 - **✅ Auto-generates secure configuration** with random HMAC/JWT secrets
 - **✅ Security-hardened settings**: `--cap-drop=ALL`, `--read-only`, `--no-new-privileges`
 - **✅ Pod management** for XMPP integration
 - **✅ Health monitoring** and status reporting
 - **✅ Environment variable support** for customization
 ### Podman Commands Reference
 ```bash
 # Build image
 podman build -t localhost/hmac-file-server:latest -f dockerenv/podman/Dockerfile.podman .
 # Run with basic settings
 podman run -d --name hmac-file-server \
    -p 8888:8888 \
    -v ./config.toml:/app/config.toml:ro \
    -v ./data:/data:rw \
    localhost/hmac-file-server:latest -config /app/config.toml
 # Create and manage pods for XMPP integration
 podman pod create --name xmpp-services -p 8888:8888 -p 9090:9090
 podman run -d --pod xmpp-services --name hmac-file-server localhost/hmac-file-server:latest
 # View logs and status
 podman logs hmac-file-server
 podman ps -a
 podman pod ps
 # Health check
 podman healthcheck run hmac-file-server
 # Stop and cleanup
 podman stop hmac-file-server
 podman rm hmac-file-server
 ```
 ### Podman Systemd Integration
 #### User Service (Rootless - Recommended)
 ```bash
 # Copy service file
 cp dockerenv/podman/hmac-file-server.service ~/.config/systemd/user/
 # Enable and start
 systemctl --user daemon-reload
 systemctl --user enable hmac-file-server.service
 systemctl --user start hmac-file-server.service
 # Check status
 systemctl --user status hmac-file-server.service
 ```
 #### System Service (Root)
 ```bash
 # Copy service file
 sudo cp dockerenv/podman/hmac-file-server.service /etc/systemd/system/
 # Enable and start
 sudo systemctl daemon-reload
 sudo systemctl enable hmac-file-server.service
 sudo systemctl start hmac-file-server.service
 ```
 ### Podman with XMPP Integration
 ```bash
 # Complete XMPP + HMAC File Server pod setup
 podman pod create --name xmpp-pod \
    --publish 5222:5222 \
    --publish 5269:5269 \
    --publish 5443:5443 \
    --publish 8888:8888
 # Run Prosody XMPP server
 podman run -d --pod xmpp-pod --name prosody \
    -v ./prosody/config:/etc/prosody:ro \
    -v ./prosody/data:/var/lib/prosody:rw \
    docker.io/prosody/prosody:latest
 # Run HMAC File Server
 podman run -d --pod xmpp-pod --name hmac-file-server \
    -v ./hmac/config.toml:/app/config.toml:ro \
    -v ./hmac/data:/data:rw \
    localhost/hmac-file-server:latest -config /app/config.toml
 # Check pod status
 podman pod ps
 podman ps --pod
 ```
 ### Deployment Script Commands
 ```bash
 # Management commands
 ./deploy-podman.sh deploy    # Full deployment (default)
 ./deploy-podman.sh start     # Start services
 ./deploy-podman.sh stop      # Stop all services
 ./deploy-podman.sh restart   # Restart services
 ./deploy-podman.sh status    # Show service status
 ./deploy-podman.sh logs      # Show container logs
 ./deploy-podman.sh config    # Show configuration
 ./deploy-podman.sh build     # Build container image only
 ./deploy-podman.sh pod       # Create pod only
 ./deploy-podman.sh clean     # Remove containers and image
 ./deploy-podman.sh help      # Show help
 # Environment variables
 export APP_DATA="/custom/path/hmac-file-server"
 export LISTEN_PORT="9999"
 export METRICS_PORT="9998"
 ./deploy-podman.sh
 ```
 ### Podman Security Features
 #### Container Security
 - **Rootless operation**: Runs as non-root user (UID 1011)
 - **Capability dropping**: `--cap-drop=ALL`
 - **No new privileges**: `--security-opt no-new-privileges`
 - **Read-only filesystem**: `--read-only` with tmpfs for /tmp
 - **SELinux labels**: Volume mounts with `:Z` labels
 #### Network Security
 - **Pod isolation**: Containers run in isolated pods
 - **Port binding**: Only necessary ports exposed
 - **Health monitoring**: Built-in health checks
 ### Troubleshooting Podman
 #### Common Issues
 **Permission Errors:**
 ```bash
 # Fix SELinux contexts
 restorecon -R /opt/podman/hmac-file-server
 # Check volume permissions
 podman unshare ls -la /opt/podman/hmac-file-server
 ```
 **Container Won't Start:**
 ```bash
 # Check image exists
 podman images | grep hmac-file-server
 # Validate configuration
 ./deploy-podman.sh config
 # Debug with interactive container
 podman run -it --rm localhost/hmac-file-server:latest /bin/sh
 ```
 **Network Issues:**
 ```bash
 # Check pod networking
 podman pod ps
 podman port hmac-file-server
 # Test connectivity
 nc -zv localhost 8888
 ```
 ---
 ## Multi-Architecture Deployment
 HMAC File Server 3.2 "Tremora del Terra" provides comprehensive multi-architecture support for modern deployment scenarios.
 ### Supported Architectures
 #### **AMD64 (x86_64)**
 - **Primary Platform**: Optimized for Intel and AMD processors
 - **Performance**: Maximum performance optimization
 - **Use Cases**: Data centers, cloud instances, desktop deployments
 - **Binary**: `hmac-file-server-linux-amd64`
 #### **ARM64 (aarch64)**
 - **Modern ARM**: Apple Silicon (M1/M2/M3), AWS Graviton, cloud ARM instances
 - **Performance**: Native ARM64 optimizations
 - **Use Cases**: Cloud-native deployments, Apple Silicon development
 - **Binary**: `hmac-file-server-linux-arm64`
 #### **ARM32v7 (armhf)**
 - **IoT & Edge**: Raspberry Pi, embedded systems, edge computing
 - **Efficiency**: Optimized for resource-constrained environments
 - **Use Cases**: IoT gateways, edge file servers, embedded applications
 - **Binary**: `hmac-file-server-linux-arm32v7`
 ### Build Commands
 ```bash
 # Build for all architectures
 ./build-multi-arch.sh
 # Build specific architecture
 GOOS=linux GOARCH=amd64 go build -o hmac-file-server-linux-amd64 ./cmd/server/main.go
 GOOS=linux GOARCH=arm64 go build -o hmac-file-server-linux-arm64 ./cmd/server/main.go
 GOOS=linux GOARCH=arm GOARM=7 go build -o hmac-file-server-linux-arm32v7 ./cmd/server/main.go
 ```
 ### Docker Multi-Architecture
 ```bash
 # Build multi-platform Docker images
 docker buildx build --platform linux/amd64,linux/arm64,linux/arm/v7 -t hmac-file-server:3.2 .
 # Run platform-specific image
 docker run --platform linux/arm64 hmac-file-server:3.2
 ```
 ### Architecture-Specific Optimizations
 #### **AMD64 Optimizations**
 - AVX2/SSE4 utilizations for hash calculations
 - Memory prefetching optimizations
 - Large file transfer optimizations
 #### **ARM64 Optimizations**
 - NEON SIMD instructions for crypto operations
 - Apple Silicon memory management optimizations
 - Energy-efficient processing patterns
 #### **ARM32v7 Optimizations**
 - Memory-constrained operation modes
 - Reduced concurrent workers for stability
 - Optimized for flash storage patterns
 ---
 ## Network Resilience & Queue Optimization
 HMAC File Server 3.2 introduces advanced network resilience and queue optimization systems designed for enterprise-grade reliability.
 ### Network Resilience Features
 #### **Connection Recovery**
 - **Automatic Reconnection**: Seamless reconnection after network interruptions
 - **Retry Logic**: Intelligent exponential backoff for failed operations
 - **Timeout Management**: Extended 4800s timeouts prevent premature disconnections
 - **Circuit Breaker**: Prevents cascade failures during network issues
 #### **Network Switching Support**
 - **Interface Detection**: Automatic detection of network interface changes
 - **IP Migration**: Seamless handling of IP address changes
 - **Connection Pooling**: Maintains connection pools across network changes
 - **Health Checks**: Continuous connectivity monitoring
 ### Queue Optimization Engine
 #### **Dynamic Worker Scaling**
 - **Optimized Thresholds**: 40% scale-up, 10% scale-down for perfect balance
 - **Load Prediction**: Proactive scaling based on historical patterns
 - **Memory Management**: Intelligent memory allocation for queue operations
 - **Priority Queuing**: Critical operations get processing priority
 #### **Queue Intelligence**
 - **Bottleneck Prevention**: Automatic queue rebalancing
 - **Overflow Protection**: Graceful handling of queue overflow scenarios
 - **Performance Analytics**: Real-time queue performance metrics
 - **Auto-tuning**: Self-optimizing queue parameters
 ```toml
 # Network resilience configuration
 [network]
 enable_resilience = true
 max_retries = 5
 retry_delay = "2s"
 connection_timeout = "30s"
 keepalive_interval = "60s"
 # Queue optimization settings
 [queue]
 enable_optimization = true
 scale_up_threshold = 40    # Scale up at 40% queue capacity
 scale_down_threshold = 10  # Scale down at 10% queue capacity
 min_workers = 2
 max_workers = 16
 prediction_window = "5m"
 ```
 ### Docker Build
 The official Dockerfile supports multi-stage builds for minimal images:
@ -1155,7 +1853,7 @@ deduplication_enabled = true
 min_free_bytes = "1GB"
 file_naming = "original"
 enable_dynamic_workers = true
-worker_scale_up_thresh = 50
+worker_scale_up_thresh = 40   # 40% optimized threshold for 3.2
 worker_scale_down_thresh = 10
 [uploads]
@ -1244,3 +1942,66 @@ docker compose up -d
 3. The server will be available on `http://localhost:8080`.
 ---
 ## Simplified Configuration Examples
 HMAC File Server 3.2 "Tremora del Terra" achieves **93% configuration reduction** through intelligent defaults. Here are minimal configurations for common scenarios:
 ### Minimal Production Configuration (93% Simplified)
 ```toml
 # Minimal config - just 4 lines for full production deployment!
 [server]
 listen_address = ":8080"
 storage_path = "/srv/uploads"
 hmac_secret = "your-secret-key-here"
 ```
 This minimal configuration automatically provides:
 - ✅ Dynamic worker scaling (40%/10% thresholds)
 - ✅ Extended timeouts (4800s)
 - ✅ File deduplication
 - ✅ Prometheus metrics
 - ✅ Network resilience
 - ✅ Queue optimization
 - ✅ Security hardening
 ### Quick Development Setup
 ```toml
 # Development - just 2 lines!
 [server]
 storage_path = "./uploads"
 ```
 ### Enterprise Cloud Configuration
 ```toml
 # Enterprise cloud deployment
 [server]
 listen_address = ":8080"
 storage_path = "/data/uploads"
 hmac_secret = "${HMAC_SECRET}"
 max_upload_size = "50GB"
 [monitoring]
 prometheus_enabled = true
 metrics_port = "9090"
 ```
 ### XMPP Integration (XEP-0363)
 ```toml
 # XMPP file sharing server
 [server]
 storage_path = "/srv/xmpp-uploads"
 hmac_secret = "${HMAC_SECRET}"
 [xmpp]
 enabled = true
 max_file_size = "10GB"
 ```
 **Previous versions required 100+ configuration lines - 3.2 "Tremora del Terra" does it with just a few!**
 ---
--- a/build-multi-arch.sh
+++ b/build-multi-arch.sh
@ -1,6 +1,6 @@
 #!/bin/bash
 # HMAC File Server v3.2 - Multi-Architecture Build Script
-# Compiles binaries for AMD64, ARM64, and ARM32 architectures
+# Compiles binaries for AMD64, ARM64, ARM32, Windows, and macOS architectures
 # Remove set -e to prevent early exit on errors
@ -45,13 +45,57 @@ if [[ ! -d "$TEMP_DIR" ]]; then
    print_info "Created temp directory: $TEMP_DIR"
 fi
-# Source files to compile
+# Source directory to compile
-SOURCE_FILES="cmd/server/main.go cmd/server/helpers.go cmd/server/config_validator.go cmd/server/config_test_scenarios.go"
+SOURCE_DIR="./cmd/server/"
-print_status "Starting multi-architecture build for HMAC File Server v3.2"
+# Interactive menu function
-print_info "Source files: $SOURCE_FILES"
+show_menu() {
-print_info "Output directory: $TEMP_DIR"
+    echo ""
-echo ""
+    echo "HMAC File Server Multi-Architecture Builder"
    echo "=========================================="
    echo "1) Build for current platform (auto-detect)"
    echo "2) Build for Linux AMD64"
    echo "3) Build for Linux ARM64"  
    echo "4) Build for Linux ARM32v7"
    echo "5) Build for Windows AMD64"
    echo "6) Build for macOS AMD64 (Intel)"
    echo "7) Build for macOS ARM64 (Apple Silicon)"
    echo "8) Build all supported architectures"
    echo "9) Clean build artifacts"
    echo "0) Exit"
    echo ""
    read -p "Choose an option [0-9]: " choice
 }
 # Clean function
 clean_artifacts() {
    print_info "Cleaning build artifacts..."
    if [[ -d "$TEMP_DIR" ]]; then
        rm -rf "$TEMP_DIR"/*
        print_status "Build artifacts cleaned"
    else
        print_info "No artifacts to clean"
    fi
 }
 # Detect current platform
 detect_platform() {
    local os=$(uname -s | tr '[:upper:]' '[:lower:]')
    local arch=$(uname -m)
    case "$arch" in
        x86_64) arch="amd64" ;;
        arm64|aarch64) arch="arm64" ;;
        armv7l) arch="arm" ;;
        *) arch="unknown" ;;
    esac
    case "$os" in
        linux) echo "linux/$arch" ;;
        darwin) echo "darwin/$arch" ;;
        *) echo "unknown/unknown" ;;
    esac
 }
 # Build function
 build_for_arch() {
@ -68,7 +112,7 @@ build_for_arch() {
    export CGO_ENABLED=0
    # Build the binary
-    if go build -ldflags="-w -s" -o "$TEMP_DIR/$output_name" $SOURCE_FILES 2>/dev/null; then
+    if go build -ldflags="-w -s" -o "$TEMP_DIR/$output_name" $SOURCE_DIR 2>/dev/null; then
        # Get file size
        if [[ "$OSTYPE" == "darwin"* ]]; then
            # macOS
@ -92,105 +136,270 @@ build_for_arch() {
        return 0
    else
        print_error "Build failed: $arch_description"
        if [[ "$goos" == "windows" ]]; then
            print_warning "   Windows builds may fail due to platform-specific code (syscalls)"
            print_info "   Consider using Linux subsystem or implementing Windows-specific storage checks"
        fi
        return 1
    fi
 }
-# Track build results
+# Build all architectures function
-BUILDS_ATTEMPTED=0
+build_all_architectures() {
-BUILDS_SUCCESSFUL=0
+    print_status "Starting multi-architecture build for HMAC File Server v3.2"
-FAILED_BUILDS=()
+    print_info "Source directory: $SOURCE_DIR"
-
+    print_info "Output directory: $TEMP_DIR"
 echo "Starting builds..."
 echo "===================="
 echo ""
 # Build for AMD64 (x86_64)
 print_arch "AMD64 (Intel/AMD 64-bit)"
 ((BUILDS_ATTEMPTED++))
 if build_for_arch "linux" "amd64" "hmac-file-server-linux-amd64" "AMD64 Linux"; then
    ((BUILDS_SUCCESSFUL++))
 else
    FAILED_BUILDS+=("AMD64")
 fi
 echo ""
 # Build for ARM64 (AArch64)
 print_arch "ARM64 (AArch64)"
 ((BUILDS_ATTEMPTED++))
 if build_for_arch "linux" "arm64" "hmac-file-server-linux-arm64" "ARM64 Linux"; then
    ((BUILDS_SUCCESSFUL++))
 else
    FAILED_BUILDS+=("ARM64")
 fi
 echo ""
 # Build for ARM32 (ARMv7)
 print_arch "ARM32 (ARMv7)"
 export GOARM=7  # ARMv7 with hardware floating point
 ((BUILDS_ATTEMPTED++))
 if build_for_arch "linux" "arm" "hmac-file-server-linux-arm32" "ARM32 Linux"; then
    ((BUILDS_SUCCESSFUL++))
 else
    FAILED_BUILDS+=("ARM32")
 fi
 echo ""
 # Reset environment variables
 unset GOOS GOARCH CGO_ENABLED GOARM
 # Build summary
 echo "Build Summary"
 echo "================"
 print_info "Builds attempted: $BUILDS_ATTEMPTED"
 print_info "Builds successful: $BUILDS_SUCCESSFUL"
 if [[ $BUILDS_SUCCESSFUL -eq $BUILDS_ATTEMPTED ]]; then
    print_status "ALL BUILDS SUCCESSFUL!"
    echo ""
-    print_info "Generated binaries in $TEMP_DIR:"
+
-    ls -lh "$TEMP_DIR"/hmac-file-server-* | while read -r line; do
+    # Track build results
-        echo "   $line"
+    BUILDS_ATTEMPTED=0
-    done
+    BUILDS_SUCCESSFUL=0
    FAILED_BUILDS=()
    echo "Starting builds..."
    echo "===================="
    echo ""
-    print_info "Usage examples:"
+
-    echo "   - Copy to target system and run: ./hmac-file-server-linux-amd64 --version"
+    # Build for AMD64 (x86_64)
-    echo "   - Deploy with installer: cp temp/hmac-file-server-linux-amd64 /opt/hmac-file-server/"
+    print_arch "AMD64 (Intel/AMD 64-bit)"
-    echo "   - Docker deployment: COPY temp/hmac-file-server-linux-amd64 /usr/local/bin/"
+    ((BUILDS_ATTEMPTED++))
    if build_for_arch "linux" "amd64" "hmac-file-server-linux-amd64" "AMD64 Linux"; then
        ((BUILDS_SUCCESSFUL++))
    else
        FAILED_BUILDS+=("AMD64")
    fi
    echo ""
    # Build for ARM64 (AArch64)
    print_arch "ARM64 (AArch64)"
    ((BUILDS_ATTEMPTED++))
    if build_for_arch "linux" "arm64" "hmac-file-server-linux-arm64" "ARM64 Linux"; then
        ((BUILDS_SUCCESSFUL++))
    else
        FAILED_BUILDS+=("ARM64")
    fi
    echo ""
    # Build for ARM32 (ARMv7)
    print_arch "ARM32 (ARMv7)"
    export GOARM=7  # ARMv7 with hardware floating point
    ((BUILDS_ATTEMPTED++))
    if build_for_arch "linux" "arm" "hmac-file-server-linux-arm32v7" "ARM32 Linux"; then
        ((BUILDS_SUCCESSFUL++))
    else
        FAILED_BUILDS+=("ARM32")
    fi
    echo ""
    # Build for Windows AMD64
    print_arch "Windows AMD64"
    ((BUILDS_ATTEMPTED++))
    if build_for_arch "windows" "amd64" "hmac-file-server-windows-amd64.exe" "Windows AMD64"; then
        ((BUILDS_SUCCESSFUL++))
    else
        FAILED_BUILDS+=("Windows")
    fi
    echo ""
    # Build for macOS Intel
    print_arch "macOS Intel"
    ((BUILDS_ATTEMPTED++))
    if build_for_arch "darwin" "amd64" "hmac-file-server-darwin-amd64" "macOS Intel"; then
        ((BUILDS_SUCCESSFUL++))
    else
        FAILED_BUILDS+=("macOS Intel")
    fi
    echo ""
    # Build for macOS Apple Silicon
    print_arch "macOS Apple Silicon"
    ((BUILDS_ATTEMPTED++))
    if build_for_arch "darwin" "arm64" "hmac-file-server-darwin-arm64" "macOS Apple Silicon"; then
        ((BUILDS_SUCCESSFUL++))
    else
        FAILED_BUILDS+=("macOS ARM64")
    fi
    echo ""
    # Reset environment variables
    unset GOOS GOARCH CGO_ENABLED GOARM
    show_build_summary
 }
 # Build single architecture function
 build_single_arch() {
    local platform_desc=$1
    local goos=$2
    local goarch=$3
    local goarm=$4
    local output_name=$5
-elif [[ $BUILDS_SUCCESSFUL -gt 0 ]]; then
+    print_status "Building for $platform_desc"
-    print_warning "PARTIAL SUCCESS: $BUILDS_SUCCESSFUL/$BUILDS_ATTEMPTED builds completed"
+    print_info "Source directory: $SOURCE_DIR"
-    if [[ ${#FAILED_BUILDS[@]} -gt 0 ]]; then
+    print_info "Output directory: $TEMP_DIR"
-        print_error "Failed architectures: ${FAILED_BUILDS[*]}"
+    echo ""
    if [[ -n "$goarm" ]]; then
        export GOARM=$goarm
    fi
-else
+    BUILDS_ATTEMPTED=1
-    print_error "ALL BUILDS FAILED!"
+    BUILDS_SUCCESSFUL=0
-    exit 1
+    FAILED_BUILDS=()
-fi
+    
    if build_for_arch "$goos" "$goarch" "$output_name" "$platform_desc"; then
        BUILDS_SUCCESSFUL=1
    else
        FAILED_BUILDS+=("$platform_desc")
    fi
    unset GOOS GOARCH CGO_ENABLED GOARM
    show_build_summary
 }
-echo ""
+# Build current platform function
-print_info "Architecture compatibility:"
+build_current_platform() {
-echo "   - AMD64: Intel/AMD 64-bit servers, desktops, cloud instances"
+    local platform=$(detect_platform)
-echo "   - ARM64: Apple Silicon, AWS Graviton, modern ARM servers"  
+    local goos=$(echo "$platform" | cut -d'/' -f1)
-echo "   - ARM32: Raspberry Pi, embedded systems, older ARM devices"
+    local goarch=$(echo "$platform" | cut -d'/' -f2)
    case "$platform" in
        "linux/amd64")
            build_single_arch "Current Platform (Linux AMD64)" "linux" "amd64" "" "hmac-file-server-linux-amd64"
            ;;
        "linux/arm64")
            build_single_arch "Current Platform (Linux ARM64)" "linux" "arm64" "" "hmac-file-server-linux-arm64"
            ;;
        "linux/arm")
            build_single_arch "Current Platform (Linux ARM32v7)" "linux" "arm" "7" "hmac-file-server-linux-arm32v7"
            ;;
        "darwin/amd64")
            build_single_arch "Current Platform (macOS Intel)" "darwin" "amd64" "" "hmac-file-server-darwin-amd64"
            ;;
        "darwin/arm64")
            build_single_arch "Current Platform (macOS Apple Silicon)" "darwin" "arm64" "" "hmac-file-server-darwin-arm64"
            ;;
        *)
            print_error "Unsupported platform: $platform"
            print_info "Supported platforms: linux/amd64, linux/arm64, linux/arm, darwin/amd64, darwin/arm64"
            exit 1
            ;;
    esac
 }
-echo ""
+# Show build summary
-print_status "Multi-architecture build completed!"
+show_build_summary() {
    # Build summary
    echo "Build Summary"
    echo "================"
    print_info "Builds attempted: $BUILDS_ATTEMPTED"
    print_info "Builds successful: $BUILDS_SUCCESSFUL"
-# Final verification
+    if [[ $BUILDS_SUCCESSFUL -eq $BUILDS_ATTEMPTED ]]; then
-echo ""
+        print_status "ALL BUILDS SUCCESSFUL!"
-print_info "Final verification:"
+        echo ""
-for binary in "$TEMP_DIR"/hmac-file-server-*; do
+        print_info "Generated binaries in $TEMP_DIR:"
-    if [[ -f "$binary" ]]; then
+        ls -lh "$TEMP_DIR"/hmac-file-server-* 2>/dev/null | while read -r line; do
-        filename=$(basename "$binary")
+            echo "   $line"
-        if file "$binary" >/dev/null 2>&1; then
+        done
-            file_info=$(file "$binary" | cut -d: -f2- | sed 's/^ *//')
+        echo ""
-            print_info "   OK $filename: $file_info"
+        print_info "Usage examples:"
-        else
+        echo "   - Copy to target system and run: ./hmac-file-server-linux-amd64 --version"
-            print_info "   OK $filename: Binary file"
+        echo "   - Deploy with installer: cp temp/hmac-file-server-linux-amd64 /opt/hmac-file-server/"
        echo "   - Docker deployment: COPY temp/hmac-file-server-linux-amd64 /usr/local/bin/"
    elif [[ $BUILDS_SUCCESSFUL -gt 0 ]]; then
        print_warning "PARTIAL SUCCESS: $BUILDS_SUCCESSFUL/$BUILDS_ATTEMPTED builds completed"
        if [[ ${#FAILED_BUILDS[@]} -gt 0 ]]; then
            print_error "Failed architectures: ${FAILED_BUILDS[*]}"
        fi
    else
        print_error "ALL BUILDS FAILED!"
        exit 1
    fi
-done
+
    echo ""
    print_info "Architecture compatibility:"
    echo "   - AMD64: Intel/AMD 64-bit servers, desktops, cloud instances"
    echo "   - ARM64: Apple Silicon, AWS Graviton, modern ARM servers"  
    echo "   - ARM32: Raspberry Pi, embedded systems, older ARM devices"
    echo "   - Windows: Windows 10/11, Windows Server"
    echo "   - macOS: macOS 10.15+, Intel and Apple Silicon"
    echo ""
    print_status "Build completed!"
    # Final verification
    echo ""
    print_info "Final verification:"
    for binary in "$TEMP_DIR"/hmac-file-server-*; do
        if [[ -f "$binary" ]]; then
            filename=$(basename "$binary")
            if file "$binary" >/dev/null 2>&1; then
                file_info=$(file "$binary" | cut -d: -f2- | sed 's/^ *//')
                print_info "   OK $filename: $file_info"
            else
                print_info "   OK $filename: Binary file"
            fi
        fi
    done
 }
 # Main execution
 if [[ $# -eq 0 ]]; then
    # Interactive mode
    while true; do
        show_menu
        case $choice in
            1)
                build_current_platform
                break
                ;;
            2)
                build_single_arch "Linux AMD64" "linux" "amd64" "" "hmac-file-server-linux-amd64"
                break
                ;;
            3)
                build_single_arch "Linux ARM64" "linux" "arm64" "" "hmac-file-server-linux-arm64"
                break
                ;;
            4)
                build_single_arch "Linux ARM32v7" "linux" "arm" "7" "hmac-file-server-linux-arm32v7"
                break
                ;;
            5)
                build_single_arch "Windows AMD64" "windows" "amd64" "" "hmac-file-server-windows-amd64.exe"
                break
                ;;
            6)
                build_single_arch "macOS Intel" "darwin" "amd64" "" "hmac-file-server-darwin-amd64"
                break
                ;;
            7)
                build_single_arch "macOS Apple Silicon" "darwin" "arm64" "" "hmac-file-server-darwin-arm64"
                break
                ;;
            8)
                build_all_architectures
                break
                ;;
            9)
                clean_artifacts
                ;;
            0)
                print_info "Exiting build script"
                exit 0
                ;;
            *)
                print_error "Invalid option. Please choose 0-9."
                ;;
        esac
    done
 else
    # Non-interactive mode - build all architectures
    build_all_architectures
 fi
 exit 0
--- a/builddebian.sh
+++ b/builddebian.sh
@ -193,6 +193,26 @@ chunksize = "10MB"
 resumableuploadsenabled = true
 ttlenabled = false
 ttl = "168h"
 networkevents = true
 # Network Resilience Configuration (3.2 Enhanced Features)
 [network_resilience]
 enabled = true
 fast_detection = false                  # Standard detection for server deployment
 quality_monitoring = true              # Enable quality monitoring
 predictive_switching = false           # Conservative switching for servers
 mobile_optimizations = false           # Standard thresholds for server environment
 upload_resilience = true               # Resume uploads across network changes
 detection_interval = "5s"              # Standard detection interval
 quality_check_interval = "10s"         # Regular quality monitoring
 network_change_threshold = 3           # Switches required to trigger network change
 interface_stability_time = "30s"       # Server-appropriate stability time
 upload_pause_timeout = "5m"           # Standard upload pause timeout
 upload_retry_timeout = "10m"          # Standard retry timeout
 rtt_warning_threshold = "200ms"        # Server network warning threshold
 rtt_critical_threshold = "1000ms"      # Server network critical threshold
 packet_loss_warning_threshold = 2.0    # 2% packet loss warning
 packet_loss_critical_threshold = 10.0  # 10% packet loss critical
 [downloads]
 chunkeddownloadsenabled = true
--- a/builddocker.sh
+++ b/builddocker.sh
@ -2,14 +2,234 @@
 set -e
 # Enhanced Container Build Script - Supports Docker & Podman
 # HMAC File Server 3.2.1 - Universal Container Support
 IMAGE_NAME="hmac-file-server"
 DOCKERFILE_PATH="dockerenv/dockerbuild/Dockerfile"
 COMPOSE_FILE="dockerenv/docker-compose.yml"
-echo "Building Docker image: $IMAGE_NAME"
+# Select appropriate compose file based on engine
-docker build -t "$IMAGE_NAME" -f "$DOCKERFILE_PATH" .
+get_compose_file() {
    local engine="$1"
    if [ "$engine" = "podman" ] && [ -f "dockerenv/podman-compose.yml" ]; then
        echo "dockerenv/podman-compose.yml"
    else
        echo "dockerenv/docker-compose.yml"
    fi
 }
-#echo "Starting services using $COMPOSE_FILE"
+# Colors for output
-#docker-compose -f "$COMPOSE_FILE" up -d
+RED='\033[0;31m'
 GREEN='\033[0;32m'
 YELLOW='\033[1;33m'
 BLUE='\033[0;34m'
 NC='\033[0m' # No Color
-echo "Build and deployment complete."
+# Function to detect available container engines
 detect_container_engines() {
    local engines=()
    if command -v docker &> /dev/null; then
        engines+=("docker")
    fi
    if command -v podman &> /dev/null; then
        engines+=("podman")
    fi
    echo "${engines[@]}"
 }
 # Function to select container engine
 select_container_engine() {
    local available_engines=($(detect_container_engines))
    if [ ${#available_engines[@]} -eq 0 ]; then
        echo -e "${RED}❌ Error: Neither Docker nor Podman is installed${NC}"
        echo "Please install Docker or Podman to continue"
        exit 1
    fi
    # Check for user preference via argument
    if [ "$1" = "docker" ] || [ "$1" = "podman" ]; then
        local requested_engine="$1"
        for engine in "${available_engines[@]}"; do
            if [ "$engine" = "$requested_engine" ]; then
                echo "$requested_engine"
                return 0
            fi
        done
        echo -e "${RED}❌ Error: $requested_engine is not available${NC}"
        exit 1
    fi
    # If only one engine available, use it
    if [ ${#available_engines[@]} -eq 1 ]; then
        echo "${available_engines[0]}"
        return 0
    fi
    # Multiple engines available, let user choose
    echo -e "${BLUE}🐳 Multiple container engines detected:${NC}"
    for i in "${!available_engines[@]}"; do
        echo "  $((i+1))) ${available_engines[i]}"
    done
    while true; do
        read -p "Select container engine (1-${#available_engines[@]}): " choice
        if [[ "$choice" =~ ^[0-9]+$ ]] && [ "$choice" -ge 1 ] && [ "$choice" -le ${#available_engines[@]} ]; then
            echo "${available_engines[$((choice-1))]}"
            return 0
        fi
        echo "Invalid choice. Please enter a number between 1 and ${#available_engines[@]}"
    done
 }
 # Function to get compose command based on engine
 get_compose_command() {
    local engine="$1"
    case "$engine" in
        "docker")
            if command -v docker-compose &> /dev/null; then
                echo "docker-compose"
            elif docker compose version &> /dev/null; then
                echo "docker compose"
            else
                echo ""
            fi
            ;;
        "podman")
            if command -v podman-compose &> /dev/null; then
                echo "podman-compose"
            else
                echo ""
            fi
            ;;
        *)
            echo ""
            ;;
    esac
 }
 # Function to build container image
 build_image() {
    local engine="$1"
    echo -e "${BLUE}🔨 Building container image with $engine...${NC}"
    echo "Image: $IMAGE_NAME"
    echo "Dockerfile: $DOCKERFILE_PATH"
    if [ "$engine" = "podman" ]; then
        # Podman specific build
        podman build -t "$IMAGE_NAME" -f "$DOCKERFILE_PATH" .
    else
        # Docker build
        docker build -t "$IMAGE_NAME" -f "$DOCKERFILE_PATH" .
    fi
    if [ $? -eq 0 ]; then
        echo -e "${GREEN}✅ Image built successfully with $engine${NC}"
    else
        echo -e "${RED}❌ Failed to build image with $engine${NC}"
        exit 1
    fi
 }
 # Function to start services (optional)
 start_services() {
    local engine="$1"
    local compose_file=$(get_compose_file "$engine")
    local compose_cmd=$(get_compose_command "$engine")
    if [ -z "$compose_cmd" ]; then
        echo -e "${YELLOW}⚠️  No compose command available for $engine${NC}"
        echo "You can start the container manually:"
        if [ "$engine" = "podman" ]; then
            echo "  podman run -d --name hmac-file-server -p 8081:8080 -v ./dockerenv/config:/etc/hmac-file-server:Z -v ./dockerenv/data/uploads:/opt/hmac-file-server/data/uploads:Z $IMAGE_NAME"
        else
            echo "  docker run -d --name hmac-file-server -p 8081:8080 -v ./dockerenv/config:/etc/hmac-file-server -v ./dockerenv/data/uploads:/opt/hmac-file-server/data/uploads $IMAGE_NAME"
        fi
        return 0
    fi
    echo -e "${BLUE}🚀 Starting services with $compose_cmd...${NC}"
    echo "Using compose file: $compose_file"
    if [ "$compose_cmd" = "docker compose" ]; then
        docker compose -f "$compose_file" up -d
    else
        $compose_cmd -f "$compose_file" up -d
    fi
    if [ $? -eq 0 ]; then
        echo -e "${GREEN}✅ Services started successfully${NC}"
        echo "Server accessible at: http://localhost:8081"
    else
        echo -e "${RED}❌ Failed to start services${NC}"
        exit 1
    fi
 }
 # Main execution
 main() {
    echo -e "${BLUE}🐳 HMAC File Server - Universal Container Builder${NC}"
    echo "Version: 3.2.1 - Docker & Podman Support"
    echo
    # Select container engine
    CONTAINER_ENGINE=$(select_container_engine "$1")
    echo -e "${GREEN}📦 Using container engine: $CONTAINER_ENGINE${NC}"
    echo
    # Build image
    build_image "$CONTAINER_ENGINE"
    echo
    # Ask about starting services
    if [ "$2" != "--build-only" ]; then
        read -p "Start services now? (y/n): " start_choice
        if [[ "$start_choice" =~ ^[Yy] ]]; then
            start_services "$CONTAINER_ENGINE"
        else
            echo -e "${YELLOW}ℹ️  Build complete. Services not started.${NC}"
            echo "To start manually, use:"
            local compose_file=$(get_compose_file "$CONTAINER_ENGINE")
            local compose_cmd=$(get_compose_command "$CONTAINER_ENGINE")
            if [ -n "$compose_cmd" ]; then
                if [ "$compose_cmd" = "docker compose" ]; then
                    echo "  docker compose -f $compose_file up -d"
                else
                    echo "  $compose_cmd -f $compose_file up -d"
                fi
            fi
        fi
    fi
    echo
    echo -e "${GREEN}🎉 Container build process completed successfully!${NC}"
 }
 # Show usage if help requested
 if [ "$1" = "--help" ] || [ "$1" = "-h" ]; then
    echo "HMAC File Server - Universal Container Builder"
    echo "Usage: $0 [engine] [options]"
    echo
    echo "Engines:"
    echo "  docker    - Use Docker engine"
    echo "  podman    - Use Podman engine"
    echo "  (auto)    - Auto-detect and select available engine"
    echo
    echo "Options:"
    echo "  --build-only    - Build image only, don't start services"
    echo "  --help, -h      - Show this help message"
    echo
    echo "Examples:"
    echo "  $0                    # Auto-detect engine and interactive mode"
    echo "  $0 docker            # Use Docker specifically"
    echo "  $0 podman --build-only # Use Podman, build only"
    exit 0
 fi
 # Run main function
 main "$@"
--- a/check-configs.sh
+++ b/check-configs.sh
@ -0,0 +1,358 @@
 #!/bin/bash
 # HMAC File Server Configuration Consistency Checker
 # Ensures all deployment methods use proper configuration structure
 set -e
 # Colors
 RED='\033[0;31m'
 GREEN='\033[0;32m'
 YELLOW='\033[1;33m'
 BLUE='\033[0;34m'
 NC='\033[0m'
 log_info() { echo -e "${BLUE}[INFO]${NC} $1"; }
 log_success() { echo -e "${GREEN}[SUCCESS]${NC} $1"; }
 log_warning() { echo -e "${YELLOW}[WARNING]${NC} $1"; }
 log_error() { echo -e "${RED}[ERROR]${NC} $1"; }
 # Configuration templates to check
 CONFIG_LOCATIONS=(
    "/opt/hmac-file-server/config.toml"                    # SystemD
    "./hmac-docker/config/config.toml"                     # Docker
    "/opt/podman/hmac-file-server/config/config.toml"      # Podman
    "/etc/hmac-file-server/config.toml"                   # Debian
    "./config-default.toml"                                # Default template
    "./config-simple.toml"                                 # Simple template
    "./config-simplified-production.toml"                  # Production template
 )
 # Required sections and fields
 REQUIRED_SECTIONS=("server" "security" "uploads" "logging")
 REQUIRED_FIELDS=(
    "server.listen_address"
    "server.storage_path"
    "security.secret"
    "uploads.networkevents"
 )
 NETWORK_RESILIENCE_FIELDS=(
    "network_resilience.enabled"
    "network_resilience.quality_monitoring"
    "network_resilience.upload_resilience"
 )
 check_config_file() {
    local config_file="$1"
    local config_name="$2"
    local errors=0
    local warnings=0
    log_info "Checking $config_name: $config_file"
    if [ ! -f "$config_file" ]; then
        log_warning "Configuration file not found (may not be installed)"
        return 0
    fi
    # Check for common field naming issues
    if grep -q "storagepath\s*=" "$config_file" 2>/dev/null; then
        log_error "Found 'storagepath' - should be 'storage_path'"
        ((errors++))
    fi
    if grep -q "listenport\s*=" "$config_file" 2>/dev/null; then
        log_error "Found 'listenport' - should be 'listen_address'"
        ((errors++))
    fi
    if grep -q "metricsenabled\s*=" "$config_file" 2>/dev/null; then
        log_error "Found 'metricsenabled' - should be 'metrics_enabled'"
        ((errors++))
    fi
    # Check required sections
    for section in "${REQUIRED_SECTIONS[@]}"; do
        if ! grep -q "^\[$section\]" "$config_file" 2>/dev/null; then
            log_error "Missing required section: [$section]"
            ((errors++))
        fi
    done
    # Check required fields
    for field in "${REQUIRED_FIELDS[@]}"; do
        field_name=$(echo "$field" | cut -d'.' -f2)
        if ! grep -q "^$field_name\s*=" "$config_file" 2>/dev/null; then
            log_warning "Missing or commented field: $field_name"
            ((warnings++))
        fi
    done
    # Check network resilience
    local has_network_resilience=false
    if grep -q "^\[network_resilience\]" "$config_file" 2>/dev/null; then
        has_network_resilience=true
        log_success "Network resilience section found"
        for field in "${NETWORK_RESILIENCE_FIELDS[@]}"; do
            field_name=$(echo "$field" | cut -d'.' -f2)
            if ! grep -q "^$field_name\s*=" "$config_file" 2>/dev/null; then
                log_warning "Missing network resilience field: $field_name"
                ((warnings++))
            fi
        done
    else
        log_warning "Network resilience section missing"
        ((warnings++))
    fi
    # Check networkevents setting
    if grep -q "networkevents\s*=\s*true" "$config_file" 2>/dev/null; then
        if [ "$has_network_resilience" = false ]; then
            log_error "networkevents=true but no [network_resilience] section"
            ((errors++))
        fi
    fi
    # Validate configuration with binary if available
    if [ -f "./test-hmac-file-server" ]; then
        log_info "Validating configuration syntax..."
        if ./test-hmac-file-server -config "$config_file" --validate-config >/dev/null 2>&1; then
            log_success "Configuration validation passed"
        else
            log_warning "Configuration has validation warnings"
            ((warnings++))
        fi
    fi
    # Summary for this config
    if [ $errors -eq 0 ] && [ $warnings -eq 0 ]; then
        log_success "$config_name: Perfect configuration"
    elif [ $errors -eq 0 ]; then
        log_warning "$config_name: $warnings warnings"
    else
        log_error "$config_name: $errors errors, $warnings warnings"
    fi
    echo ""
    return $errors
 }
 # Auto-fix function
 fix_config_file() {
    local config_file="$1"
    local config_name="$2"
    if [ ! -f "$config_file" ]; then
        log_warning "Configuration file not found: $config_file"
        return 0
    fi
    log_info "Auto-fixing $config_name..."
    # Create backup
    cp "$config_file" "$config_file.backup.$(date +%Y%m%d_%H%M%S)"
    # Fix common field naming issues
    sed -i 's/storagepath\s*=/storage_path =/g' "$config_file"
    sed -i 's/listenport\s*=/listen_address =/g' "$config_file"
    sed -i 's/metricsenabled\s*=/metrics_enabled =/g' "$config_file"
    sed -i 's/metricsport\s*=/metrics_port =/g' "$config_file"
    sed -i 's/pidfilepath\s*=/pid_file =/g' "$config_file"
    # Ensure networkevents is enabled if network_resilience section exists
    if grep -q "^\[network_resilience\]" "$config_file" 2>/dev/null; then
        if ! grep -q "networkevents\s*=" "$config_file" 2>/dev/null; then
            # Add networkevents = true to uploads section
            sed -i '/^\[uploads\]/a networkevents = true' "$config_file"
        else
            # Enable existing networkevents
            sed -i 's/networkevents\s*=\s*false/networkevents = true/g' "$config_file"
        fi
    fi
    log_success "Auto-fix completed for $config_name"
 }
 # Generate standardized configuration
 generate_standard_config() {
    local config_file="$1"
    local deployment_type="$2"
    log_info "Generating standardized configuration for $deployment_type..."
    # Create directory if needed
    mkdir -p "$(dirname "$config_file")"
    cat > "$config_file" << EOF
 # HMAC File Server 3.2 "Tremora del Terra" Configuration
 # Generated for: $deployment_type deployment
 # Generated on: $(date)
 [server]
 listen_address = "8080"
 storage_path = "/opt/hmac-file-server/data/uploads"
 metrics_enabled = true
 metrics_port = "9090"
 pid_file = "/opt/hmac-file-server/data/hmac-file-server.pid"
 max_upload_size = "10GB"
 deduplication_enabled = true
 min_free_bytes = "1GB"
 file_naming = "original"
 enable_dynamic_workers = true
 [security]
 secret = "CHANGE-THIS-SECRET-KEY-MINIMUM-32-CHARACTERS"
 enablejwt = false
 [uploads]
 allowedextensions = [".txt", ".pdf", ".jpg", ".jpeg", ".png", ".gif", ".webp", ".zip", ".tar", ".gz", ".7z", ".mp4", ".webm", ".ogg", ".mp3", ".wav", ".flac", ".doc", ".docx", ".xls", ".xlsx", ".ppt", ".pptx", ".odt", ".ods", ".odp"]
 maxfilesize = "100MB"
 chunkeduploadsenabled = true
 chunksize = "10MB"
 networkevents = true
 # Network Resilience for Enhanced Mobile Support
 [network_resilience]
 enabled = true
 fast_detection = false                  # Standard detection for server deployment
 quality_monitoring = true              # Enable quality monitoring
 predictive_switching = false           # Conservative switching for servers
 mobile_optimizations = false           # Standard thresholds for server environment
 upload_resilience = true               # Resume uploads across network changes
 detection_interval = "5s"              # Standard detection interval
 quality_check_interval = "10s"         # Regular quality monitoring
 network_change_threshold = 3           # Switches required to trigger network change
 interface_stability_time = "30s"       # Server-appropriate stability time
 upload_pause_timeout = "5m"           # Standard upload pause timeout
 upload_retry_timeout = "10m"          # Standard retry timeout
 rtt_warning_threshold = "200ms"        # Server network warning threshold
 rtt_critical_threshold = "1000ms"      # Server network critical threshold
 packet_loss_warning_threshold = 2.0    # 2% packet loss warning
 packet_loss_critical_threshold = 10.0  # 10% packet loss critical
 [downloads]
 chunkeddownloadsenabled = true
 chunksize = "10MB"
 [logging]
 level = "INFO"
 file = "/opt/hmac-file-server/data/logs/hmac-file-server.log"
 max_size = 100
 max_backups = 3
 max_age = 30
 compress = true
 [workers]
 numworkers = 10
 uploadqueuesize = 1000
 autoscaling = true
 [timeouts]
 readtimeout = "30s"
 writetimeout = "30s"
 idletimeout = "120s"
 shutdown = "30s"
 [clamav]
 enabled = false
 [redis]
 enabled = false
 EOF
    log_success "Standard configuration generated: $config_file"
 }
 # Main function
 main() {
    echo -e "${BLUE}╔═══════════════════════════════════════════════════════════╗${NC}"
    echo -e "${BLUE}║${NC}     HMAC File Server Configuration Consistency Checker    ${BLUE}║${NC}"
    echo -e "${BLUE}╚═══════════════════════════════════════════════════════════╝${NC}"
    echo ""
    local total_errors=0
    local fix_mode=false
    local generate_mode=false
    # Parse arguments
    while [[ $# -gt 0 ]]; do
        case $1 in
            --fix)
                fix_mode=true
                shift
                ;;
            --generate)
                generate_mode=true
                shift
                ;;
            --help)
                echo "Configuration Consistency Checker"
                echo ""
                echo "Usage: $0 [options]"
                echo ""
                echo "Options:"
                echo "  --fix       Auto-fix common configuration issues"
                echo "  --generate  Generate standardized configurations"
                echo "  --help      Show this help"
                exit 0
                ;;
            *)
                log_error "Unknown option: $1"
                exit 1
                ;;
        esac
    done
    if [ "$generate_mode" = true ]; then
        log_info "Generating standardized configurations for all deployment methods..."
        generate_standard_config "./templates/config-systemd.toml" "SystemD"
        generate_standard_config "./templates/config-docker.toml" "Docker"
        generate_standard_config "./templates/config-podman.toml" "Podman"
        generate_standard_config "./templates/config-debian.toml" "Debian"
        log_success "All standard configurations generated in ./templates/"
        exit 0
    fi
    # Check all configuration locations
    for i in "${!CONFIG_LOCATIONS[@]}"; do
        config_file="${CONFIG_LOCATIONS[$i]}"
        # Determine config name
        case "$config_file" in
            *"/opt/hmac-file-server/"*) config_name="SystemD" ;;
            *"hmac-docker"*) config_name="Docker" ;;
            *"podman"*) config_name="Podman" ;;
            *"/etc/hmac-file-server/"*) config_name="Debian" ;;
            *"config-default.toml") config_name="Default Template" ;;
            *"config-simple.toml") config_name="Simple Template" ;;
            *"config-simplified-production.toml") config_name="Production Template" ;;
            *) config_name="Unknown" ;;
        esac
        if [ "$fix_mode" = true ]; then
            fix_config_file "$config_file" "$config_name"
        fi
        if check_config_file "$config_file" "$config_name"; then
            # No errors
            :
        else
            ((total_errors++))
        fi
    done
    # Summary
    echo "════════════════════════════════════════════════════════════"
    if [ $total_errors -eq 0 ]; then
        log_success "All configurations are consistent and valid!"
    else
        log_error "Found configuration issues in $total_errors files"
        echo ""
        log_info "Run with --fix to automatically correct common issues"
        log_info "Run with --generate to create standardized configuration templates"
        exit 1
    fi
 }
 main "$@"
--- a/cmd/server/chunked_upload_handler.go
+++ b/cmd/server/chunked_upload_handler.go
@ -105,6 +105,34 @@ func handleChunkedUpload(w http.ResponseWriter, r *http.Request) {
 			}
 		}
 		// Pre-upload deduplication check for chunked uploads
 		if conf.Server.DeduplicationEnabled {
 			finalPath := filepath.Join(conf.Server.StoragePath, filename)
 			if existingFileInfo, err := os.Stat(finalPath); err == nil {
 				// File already exists - return success immediately for deduplication hit
 				duration := time.Since(startTime)
 				uploadDuration.Observe(duration.Seconds())
 				uploadsTotal.Inc()
 				uploadSizeBytes.Observe(float64(existingFileInfo.Size()))
 				filesDeduplicatedTotal.Inc()
 				w.Header().Set("Content-Type", "application/json")
 				w.WriteHeader(http.StatusOK)
 				response := map[string]interface{}{
 					"success":   true,
 					"filename":  filename,
 					"size":      existingFileInfo.Size(),
 					"completed": true,
 					"message":   "File already exists (deduplication hit)",
 				}
 				writeJSONResponse(w, response)
 				log.Infof("Chunked upload deduplication hit: file %s already exists (%s), returning success immediately", 
 					filename, formatBytes(existingFileInfo.Size()))
 				return
 			}
 		}
 		// Create new session
 		clientIP := getClientIP(r)
 		session := uploadSessionStore.CreateSession(filename, totalSize, clientIP)
--- a/cmd/server/config_simplified.go
+++ b/cmd/server/config_simplified.go
@ -0,0 +1,328 @@
 package main
 import (
 	"fmt"
 	"os"
 	"github.com/spf13/viper"
 )
 // DefaultConfig returns a Config struct populated with sensible defaults
 func DefaultConfig() *Config {
 	return &Config{
 		Server: ServerConfig{
 			ListenAddress:         "8080",
 			StoragePath:           "./uploads",
 			MetricsEnabled:        true,
 			MetricsPath:           "/metrics",
 			MetricsPort:           "9090",
 			PidFile:               "/tmp/hmac-file-server.pid",
 			PIDFilePath:           "/tmp/hmac-file-server.pid",
 			MaxUploadSize:         "10GB",
 			MaxHeaderBytes:        1048576, // 1MB
 			CleanupInterval:       "24h",
 			MaxFileAge:            "720h", // 30 days
 			PreCache:              true,
 			PreCacheWorkers:       4,
 			PreCacheInterval:      "1h",
 			GlobalExtensions:      []string{".txt", ".dat", ".iso", ".mp4", ".mkv", ".avi", ".mov", ".wmv", ".flv", ".webm", ".mpeg"},
 			DeduplicationEnabled:  true,
 			MinFreeBytes:          "1GB",
 			FileNaming:            "original",
 			ForceProtocol:         "",
 			EnableDynamicWorkers:  true,
 			WorkerScaleUpThresh:   40,  // Optimized from previous session
 			WorkerScaleDownThresh: 10,
 		},
 		Uploads: UploadsConfig{
 			AllowedExtensions:       []string{".zip", ".rar", ".7z", ".tar.gz", ".tgz", ".gpg", ".enc", ".pgp", ".txt", ".pdf", ".png", ".jpg", ".jpeg"},
 			ChunkedUploadsEnabled:   true,
 			ChunkSize:               "10MB",
 			ResumableUploadsEnabled: true,
 			SessionTimeout:          "60m", // Extended from previous session
 			MaxRetries:              3,
 		},
 		Downloads: DownloadsConfig{
 			AllowedExtensions:         []string{".txt", ".pdf", ".png", ".jpg", ".jpeg", ".gif", ".bmp", ".tiff", ".svg", ".webp", ".zip"},
 			ChunkedDownloadsEnabled:   true,
 			ChunkSize:                 "10MB",
 			ResumableDownloadsEnabled: true,
 		},
 		Security: SecurityConfig{
 			Secret:        "your-very-secret-hmac-key",
 			EnableJWT:     false,
 			JWTSecret:     "your-256-bit-secret",
 			JWTAlgorithm:  "HS256",
 			JWTExpiration: "24h",
 		},
 		Logging: LoggingConfig{
 			Level:      "info",
 			File:       "/var/log/hmac-file-server.log",
 			MaxSize:    100,
 			MaxBackups: 7,
 			MaxAge:     30,
 			Compress:   true,
 		},
 		Deduplication: DeduplicationConfig{
 			Enabled:   true,
 			Directory: "./dedup_store",
 			MaxSize:   "1GB",
 		},
 		ISO: ISOConfig{
 			Enabled:       false,
 			Size:          "1GB",
 			MountPoint:    "/mnt/iso",
 			Charset:       "utf-8",
 			ContainerFile: "/mnt/iso/container.iso",
 		},
 		Timeouts: TimeoutConfig{
 			Read:     "300s", // 5 minutes instead of 4800s 
 			Write:    "300s",
 			Idle:     "300s",
 			Shutdown: "30s",
 		},
 		Versioning: VersioningConfig{
 			Enabled: false,
 			Backend: "simple",
 			MaxRevs: 1,
 		},
 		ClamAV: ClamAVConfig{
 			ClamAVEnabled:      false,
 			ClamAVSocket:       "/var/run/clamav/clamd.ctl",
 			NumScanWorkers:     2,
 			ScanFileExtensions: []string{".txt", ".pdf", ".doc", ".docx", ".xls", ".xlsx", ".exe", ".zip", ".rar", ".7z", ".tar", ".gz"},
 			MaxScanSize:        "200MB",
 		},
 		Redis: RedisConfig{
 			RedisEnabled:             false,
 			RedisDBIndex:             0,
 			RedisAddr:                "localhost:6379",
 			RedisPassword:            "",
 			RedisHealthCheckInterval: "120s",
 		},
 		Workers: WorkersConfig{
 			NumWorkers:      4,
 			UploadQueueSize: 100, // Optimized from previous session
 		},
 		File: FileConfig{},
 		Build: BuildConfig{
 			Version: "3.2",
 		},
 	}
 }
 // LoadSimplifiedConfig loads configuration with a minimal config file approach
 func LoadSimplifiedConfig(configPath string) (*Config, error) {
 	// Start with comprehensive defaults
 	config := DefaultConfig()
 	// If no config file specified, try to find one in common locations
 	if configPath == "" {
 		possiblePaths := []string{
 			"/opt/hmac-file-server/config.toml",
 			"/etc/hmac-file-server/config.toml",
 			"./config.toml",
 			"../config.toml",
 		}
 		for _, path := range possiblePaths {
 			if _, err := os.Stat(path); err == nil {
 				configPath = path
 				break
 			}
 		}
 	}
 	// If a config file exists, load it to override defaults
 	if configPath != "" && fileExists(configPath) {
 		viper.SetConfigFile(configPath)
 		viper.SetConfigType("toml")
 		if err := viper.ReadInConfig(); err != nil {
 			return nil, fmt.Errorf("failed to read config file %s: %v", configPath, err)
 		}
 		// Unmarshal only the values that are explicitly set in the config file
 		if err := viper.Unmarshal(config); err != nil {
 			return nil, fmt.Errorf("failed to unmarshal config: %v", err)
 		}
 	}
 	return config, nil
 }
 // fileExists checks if a file exists
 func fileExists(filename string) bool {
 	info, err := os.Stat(filename)
 	if os.IsNotExist(err) {
 		return false
 	}
 	return !info.IsDir()
 }
 // GenerateMinimalConfig creates a minimal config.toml with only essential settings
 func GenerateMinimalConfig() string {
 	return `# HMAC File Server - Minimal Configuration
 # This file contains only the essential settings you might want to customize.
 # All other settings use sensible defaults defined in the application.
 [server]
 # Network binding
 listen_address = "8080"
 # Storage location for uploaded files
 storage_path = "./uploads"
 # Security settings
 [security]
 # IMPORTANT: Change this secret key for production use!
 secret = "your-very-secret-hmac-key"
 # Logging configuration
 [logging]
 # Log level: debug, info, warn, error
 level = "info"
 file = "/var/log/hmac-file-server.log"
 # Advanced settings (uncomment and modify if needed)
 # [uploads]
 # max_resumable_age = "48h"
 # chunk_size = "10MB"
 # networkevents = true
 # [network_resilience]
 # enabled = true
 # fast_detection = true              # Enable 1-second detection for mobile
 # quality_monitoring = true          # Monitor RTT and packet loss
 # predictive_switching = true        # Switch before complete failure
 # mobile_optimizations = true       # Cellular-friendly thresholds
 # upload_resilience = true           # Resume uploads across network changes
 # [workers]
 # numworkers = 4
 # uploadqueuesize = 100
 # [deduplication]
 # enabled = true
 # directory = "./dedup_store"
 # [timeouts]
 # readtimeout = "4800s"
 # writetimeout = "4800s"
 # idletimeout = "4800s"
 # [clamav]
 # clamavenabled = false
 # [redis]
 # redisenabled = false
 `
 }
 // createMinimalConfig writes a minimal config file to the current directory
 func createMinimalConfig() error {
 	content := GenerateMinimalConfig()
 	return os.WriteFile("config.toml", []byte(content), 0644)
 }
 // GenerateAdvancedConfigTemplate creates a comprehensive config template for advanced users
 func GenerateAdvancedConfigTemplate() string {
 	return `# HMAC File Server - Advanced Configuration Template
 # This template shows all available configuration options with their default values.
 # Uncomment and modify only the settings you want to change.
 [server]
 listen_address = "8080"
 storage_path = "./uploads"
 metrics_enabled = true
 metrics_path = "/metrics"
 pid_file = "/var/run/hmac-file-server.pid"
 max_upload_size = "10GB"
 max_header_bytes = 1048576
 cleanup_interval = "24h"
 max_file_age = "720h"
 pre_cache = true
 pre_cache_workers = 4
 pre_cache_interval = "1h"
 global_extensions = [".txt", ".dat", ".iso", ".mp4", ".mkv", ".avi", ".mov", ".wmv", ".flv", ".webm", ".mpeg"]
 deduplication_enabled = true
 min_free_bytes = "1GB"
 file_naming = "original"
 force_protocol = ""
 enable_dynamic_workers = true
 worker_scale_up_thresh = 40
 worker_scale_down_thresh = 10
 [uploads]
 allowed_extensions = [".zip", ".rar", ".7z", ".tar.gz", ".tgz", ".gpg", ".enc", ".pgp"]
 chunked_uploads_enabled = true
 chunk_size = "10MB"
 resumable_uploads_enabled = true
 max_resumable_age = "48h"
 sessiontimeout = "60m"
 maxretries = 3
 [downloads]
 allowed_extensions = [".txt", ".pdf", ".png", ".jpg", ".jpeg", ".gif", ".bmp", ".tiff", ".svg", ".webp"]
 chunked_downloads_enabled = true
 chunk_size = "8192"
 resumable_downloads_enabled = true
 [security]
 secret = "your-very-secret-hmac-key"
 enablejwt = false
 jwtsecret = "your-256-bit-secret"
 jwtalgorithm = "HS256"
 jwtexpiration = "24h"
 [logging]
 level = "info"
 file = "/var/log/hmac-file-server.log"
 max_size = 100
 max_backups = 7
 max_age = 30
 compress = true
 [deduplication]
 enabled = true
 directory = "./dedup_store"
 maxsize = "1GB"
 [iso]
 enabled = false
 size = "1GB"
 mountpoint = "/mnt/iso"
 charset = "utf-8"
 containerfile = "/mnt/iso/container.iso"
 [timeouts]
 readtimeout = "4800s"
 writetimeout = "4800s"
 idletimeout = "4800s"
 [versioning]
 enableversioning = false
 maxversions = 1
 [clamav]
 clamavenabled = false
 clamavsocket = "/var/run/clamav/clamd.ctl"
 numscanworkers = 2
 scanfileextensions = [".txt", ".pdf", ".doc", ".docx", ".xls", ".xlsx", ".exe", ".zip", ".rar", ".7z", ".tar", ".gz"]
 maxscansize = "200MB"
 [redis]
 redisenabled = false
 redisdbindex = 0
 redisaddr = "localhost:6379"
 redispassword = ""
 redishealthcheckinterval = "120s"
 [workers]
 numworkers = 4
 uploadqueuesize = 100
 [build]
 version = "3.2"
 `
 }
--- a/cmd/server/config_validator.go
+++ b/cmd/server/config_validator.go
@ -14,6 +14,9 @@ import (
 	"time"
 )
 // Global variable to store config file path for validation
 var configFileGlobal string
 // ConfigValidationError represents a configuration validation error
 type ConfigValidationError struct {
 	Field   string
@ -88,6 +91,14 @@ func ValidateConfigComprehensive(c *Config) *ConfigValidationResult {
 		checkDiskSpace(c.Deduplication.Directory, result)
 	}
 	// Check for common configuration field naming mistakes
 	// This helps users identify issues like 'storagepath' vs 'storage_path'
 	if configFileGlobal != "" {
 		if configBytes, err := os.ReadFile(configFileGlobal); err == nil {
 			checkCommonConfigurationMistakes(result, configBytes)
 		}
 	}
 	return result
 }
@ -111,7 +122,7 @@ func validateServerConfig(server *ServerConfig, result *ConfigValidationResult)
 	// StoragePath validation
 	if server.StoragePath == "" {
-		result.AddError("server.storagepath", server.StoragePath, "storage path is required")
+		result.AddError("server.storagepath", server.StoragePath, "storage path is required - check your config.toml uses 'storage_path' (with underscore) not 'storagepath'")
 	} else {
 		if err := validateDirectoryPath(server.StoragePath, true); err != nil {
 			result.AddError("server.storagepath", server.StoragePath, err.Error())
@ -1129,3 +1140,29 @@ func countPassedChecks(result *ConfigValidationResult) int {
 	totalPossibleChecks := 50 // Approximate number of validation checks
 	return totalPossibleChecks - len(result.Errors) - len(result.Warnings)
 }
 // checkCommonConfigurationMistakes checks for common TOML field naming errors
 func checkCommonConfigurationMistakes(result *ConfigValidationResult, configBytes []byte) {
 	configStr := string(configBytes)
 	// Common field naming mistakes
 	commonMistakes := map[string]string{
 		"storagepath":      "storage_path",
 		"listenport":       "listen_address", 
 		"bindip":           "bind_ip",
 		"pidfilepath":      "pid_file",
 		"metricsenabled":   "metrics_enabled",
 		"metricsport":      "metrics_port",
 		"maxuploadsize":    "max_upload_size",
 		"cleanupinterval":  "cleanup_interval",
 		"dedupenabled":     "deduplication_enabled",
 		"ttlenabled":       "ttl_enabled",
 		"chunksize":        "chunk_size",
 	}
 	for incorrect, correct := range commonMistakes {
 		if strings.Contains(configStr, incorrect+" =") || strings.Contains(configStr, incorrect+"=") {
 			result.AddWarning("config.syntax", incorrect, fmt.Sprintf("field name '%s' should be '%s' (use underscores)", incorrect, correct))
 		}
 	}
 }
--- a/cmd/server/helpers.go
+++ b/cmd/server/helpers.go
@ -682,21 +682,30 @@ func setupRouter() *http.ServeMux {
 	// Catch-all handler for all upload protocols (v, v2, token, v3)
 	// This must be added last as it matches all paths
 	mux.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
 		log.Infof("🔍 ROUTER DEBUG: Catch-all handler called - method:%s path:%s query:%s", r.Method, r.URL.Path, r.URL.RawQuery)
 		// Handle PUT requests for all upload protocols
 		if r.Method == http.MethodPut {
 			query := r.URL.Query()
 			log.Infof("🔍 ROUTER DEBUG: Query parameters - v:%s v2:%s v3:%s token:%s expires:%s", 
 				query.Get("v"), query.Get("v2"), query.Get("v3"), query.Get("token"), query.Get("expires"))
 			// Check if this is a v3 request (mod_http_upload_external)
 			if query.Get("v3") != "" && query.Get("expires") != "" {
 				log.Info("🔍 ROUTER DEBUG: Routing to handleV3Upload")
 				handleV3Upload(w, r)
 				return
 			}
 			// Check if this is a legacy protocol request (v, v2, token)
 			if query.Get("v") != "" || query.Get("v2") != "" || query.Get("token") != "" {
 				log.Info("🔍 ROUTER DEBUG: Routing to handleLegacyUpload")
 				handleLegacyUpload(w, r)
 				return
 			}
 			log.Info("🔍 ROUTER DEBUG: PUT request with no matching protocol parameters")
 		}
 		// Handle GET/HEAD requests for downloads
--- a/cmd/server/main.go
+++ b/cmd/server/main.go
@ -103,8 +103,8 @@ func parseTTL(ttlStr string) (time.Duration, error) {
 // Configuration structures
 type ServerConfig struct {
-	ListenAddress         string   `toml:"listenport" mapstructure:"listenport"`         // Fixed to match config file field
+	ListenAddress         string   `toml:"listen_address" mapstructure:"listen_address"`
-	StoragePath           string   `toml:"storagepath" mapstructure:"storagepath"`       // Fixed to match config
+	StoragePath           string   `toml:"storage_path" mapstructure:"storage_path"`
 	MetricsEnabled        bool     `toml:"metricsenabled" mapstructure:"metricsenabled"` // Fixed to match config
 	MetricsPath           string   `toml:"metrics_path" mapstructure:"metrics_path"`
 	PidFile               string   `toml:"pid_file" mapstructure:"pid_file"`
@ -136,18 +136,18 @@ type ServerConfig struct {
 }
 type UploadsConfig struct {
-	AllowedExtensions       []string `toml:"allowedextensions" mapstructure:"allowedextensions"`
+	AllowedExtensions       []string `toml:"allowed_extensions" mapstructure:"allowed_extensions"`
-	ChunkedUploadsEnabled   bool     `toml:"chunkeduploadsenabled" mapstructure:"chunkeduploadsenabled"`
+	ChunkedUploadsEnabled   bool     `toml:"chunked_uploads_enabled" mapstructure:"chunked_uploads_enabled"`
-	ChunkSize               string   `toml:"chunksize" mapstructure:"chunksize"`
+	ChunkSize               string   `toml:"chunk_size" mapstructure:"chunk_size"`
-	ResumableUploadsEnabled bool     `toml:"resumableuploadsenabled" mapstructure:"resumableuploadsenabled"`
+	ResumableUploadsEnabled bool     `toml:"resumable_uploads_enabled" mapstructure:"resumable_uploads_enabled"`
 	SessionTimeout          string   `toml:"sessiontimeout" mapstructure:"sessiontimeout"`
 	MaxRetries              int      `toml:"maxretries" mapstructure:"maxretries"`
 }
 type DownloadsConfig struct {
-	AllowedExtensions         []string `toml:"allowedextensions" mapstructure:"allowedextensions"`
+	AllowedExtensions         []string `toml:"allowed_extensions" mapstructure:"allowed_extensions"`
-	ChunkedDownloadsEnabled   bool     `toml:"chunkeddownloadsenabled" mapstructure:"chunkeddownloadsenabled"`
+	ChunkedDownloadsEnabled   bool     `toml:"chunked_downloads_enabled" mapstructure:"chunked_downloads_enabled"`
-	ChunkSize                 string   `toml:"chunksize" mapstructure:"chunksize"`
+	ChunkSize                 string   `toml:"chunk_size" mapstructure:"chunk_size"`
 	ResumableDownloadsEnabled bool     `toml:"resumable_downloads_enabled" mapstructure:"resumable_downloads_enabled"`
 }
@ -223,22 +223,33 @@ type BuildConfig struct {
 	Version string `mapstructure:"version"` // Updated version
 }
 type NetworkResilienceConfig struct {
 	FastDetection        bool   `toml:"fast_detection" mapstructure:"fast_detection"`
 	QualityMonitoring    bool   `toml:"quality_monitoring" mapstructure:"quality_monitoring"`
 	PredictiveSwitching  bool   `toml:"predictive_switching" mapstructure:"predictive_switching"`
 	MobileOptimizations  bool   `toml:"mobile_optimizations" mapstructure:"mobile_optimizations"`
 	DetectionInterval    string `toml:"detection_interval" mapstructure:"detection_interval"`
 	QualityCheckInterval string `toml:"quality_check_interval" mapstructure:"quality_check_interval"`
 	MaxDetectionInterval string `toml:"max_detection_interval" mapstructure:"max_detection_interval"`
 }
 // This is the main Config struct to be used
 type Config struct {
-	Server        ServerConfig        `mapstructure:"server"`
+	Server            ServerConfig             `mapstructure:"server"`
-	Logging       LoggingConfig       `mapstructure:"logging"`
+	Logging           LoggingConfig            `mapstructure:"logging"`
-	Deduplication DeduplicationConfig `mapstructure:"deduplication"` // Added
+	Deduplication     DeduplicationConfig      `mapstructure:"deduplication"` // Added
-	ISO           ISOConfig           `mapstructure:"iso"`           // Added
+	ISO               ISOConfig                `mapstructure:"iso"`           // Added
-	Timeouts      TimeoutConfig       `mapstructure:"timeouts"`      // Added
+	Timeouts          TimeoutConfig            `mapstructure:"timeouts"`      // Added
-	Security      SecurityConfig      `mapstructure:"security"`
+	Security          SecurityConfig           `mapstructure:"security"`
-	Versioning    VersioningConfig    `mapstructure:"versioning"` // Added
+	Versioning        VersioningConfig         `mapstructure:"versioning"` // Added
-	Uploads       UploadsConfig       `mapstructure:"uploads"`
+	Uploads           UploadsConfig            `mapstructure:"uploads"`
-	Downloads     DownloadsConfig     `mapstructure:"downloads"`
+	Downloads         DownloadsConfig          `mapstructure:"downloads"`
-	ClamAV        ClamAVConfig        `mapstructure:"clamav"`
+	ClamAV            ClamAVConfig             `mapstructure:"clamav"`
-	Redis         RedisConfig         `mapstructure:"redis"`
+	Redis             RedisConfig              `mapstructure:"redis"`
-	Workers       WorkersConfig       `mapstructure:"workers"`
+	Workers           WorkersConfig            `mapstructure:"workers"`
-	File          FileConfig          `mapstructure:"file"`
+	File              FileConfig               `mapstructure:"file"`
-	Build         BuildConfig         `mapstructure:"build"`
+	Build             BuildConfig              `mapstructure:"build"`
 	NetworkResilience NetworkResilienceConfig  `mapstructure:"network_resilience"`
 }
 type UploadTask struct {
@ -450,11 +461,10 @@ func initializeNetworkProtocol(forceProtocol string) (*net.Dialer, error) {
 var dualStackClient *http.Client
 func main() {
 	setDefaults() // Call setDefaults before parsing flags or reading config
 	var configFile string
 	flag.StringVar(&configFile, "config", "./config.toml", "Path to configuration file \"config.toml\".")
 	var genConfig bool
 	var genConfigAdvanced bool
 	var genConfigPath string
 	var validateOnly bool
 	var runConfigTests bool
@ -467,8 +477,9 @@ func main() {
 	var listValidationChecks bool
 	var showVersion bool
-	flag.BoolVar(&genConfig, "genconfig", false, "Print example configuration and exit.")
+	flag.BoolVar(&genConfig, "genconfig", false, "Print minimal configuration example and exit.")
-	flag.StringVar(&genConfigPath, "genconfig-path", "", "Write example configuration to the given file and exit.")
+	flag.BoolVar(&genConfigAdvanced, "genconfig-advanced", false, "Print advanced configuration template and exit.")
 	flag.StringVar(&genConfigPath, "genconfig-path", "", "Write configuration to the given file and exit.")
 	flag.BoolVar(&validateOnly, "validate-config", false, "Validate configuration and exit without starting server.")
 	flag.BoolVar(&runConfigTests, "test-config", false, "Run configuration validation test scenarios and exit.")
 	flag.BoolVar(&validateQuiet, "validate-quiet", false, "Only show errors during validation (suppress warnings and info).")
@ -492,10 +503,24 @@ func main() {
 	}
 	if genConfig {
-		printExampleConfig()
+		fmt.Println("# Option 1: Minimal Configuration (recommended for most users)")
 		fmt.Println(GenerateMinimalConfig())
 		fmt.Println("\n# Option 2: Advanced Configuration Template (for fine-tuning)")
 		fmt.Println("# Use -genconfig-advanced to generate the advanced template")
 		os.Exit(0)
 	}
 	if genConfigAdvanced {
 		fmt.Println(GenerateAdvancedConfigTemplate())
 		os.Exit(0)
 	}
 	if genConfigPath != "" {
 		var content string
 		if genConfigAdvanced {
 			content = GenerateAdvancedConfigTemplate()
 		} else {
 			content = GenerateMinimalConfig()
 		}
 		f, err := os.Create(genConfigPath)
 		if err != nil {
 			fmt.Fprintf(os.Stderr, "Failed to create file: %v\n", err)
@ -503,9 +528,9 @@ func main() {
 		}
 		defer f.Close()
 		w := bufio.NewWriter(f)
-		fmt.Fprint(w, getExampleConfigString())
+		fmt.Fprint(w, content)
 		w.Flush()
-		fmt.Printf("Example config written to %s\n", genConfigPath)
+		fmt.Printf("Configuration written to %s\n", genConfigPath)
 		os.Exit(0)
 	}
 	if runConfigTests {
@ -513,42 +538,22 @@ func main() {
 		os.Exit(0)
 	}
-	// Initialize Viper
+	// Load configuration using simplified approach
-	viper.SetConfigType("toml")
+	loadedConfig, err := LoadSimplifiedConfig(configFile)
 	// Set default config path
 	defaultConfigPath := "/etc/hmac-file-server/config.toml"
 	// Attempt to load the default config
 	viper.SetConfigFile(defaultConfigPath)
 	if err := viper.ReadInConfig(); err != nil {
 		// If default config not found, fallback to parent directory
 		parentDirConfig := "../config.toml"
 		viper.SetConfigFile(parentDirConfig)
 		if err := viper.ReadInConfig(); err != nil {
 			// If still not found and -config is provided, use it
 			if configFile != "" {
 				viper.SetConfigFile(configFile)
 				if err := viper.ReadInConfig(); err != nil {
 					fmt.Printf("Error loading config file: %v\n", err)
 					os.Exit(1)
 				}
 			} else {
 				fmt.Println("No configuration file found. Please create a config file with the following content:")
 				printExampleConfig()
 				os.Exit(1)
 			}
 		}
 	}
 	err := readConfig(configFile, &conf)
 	if err != nil {
-		log.Fatalf("Failed to load configuration: %v\nPlease ensure your config.toml is present at one of the following paths:\n%v", err, []string{
+		// If no config file exists, offer to create a minimal one
-			"/etc/hmac-file-server/config.toml",
+		if configFile == "./config.toml" || configFile == "" {
-			"../config.toml",
+			fmt.Println("No configuration file found. Creating a minimal config.toml...")
-			"./config.toml",
+			if err := createMinimalConfig(); err != nil {
-		})
+				log.Fatalf("Failed to create minimal config: %v", err)
 			}
 			fmt.Println("Minimal config.toml created. Please review and modify as needed, then restart the server.")
 			os.Exit(0)
 		}
 		log.Fatalf("Failed to load configuration: %v", err)
 	}
 	conf = *loadedConfig
 	configFileGlobal = configFile  // Store for validation helper functions
 	log.Info("Configuration loaded successfully.")
 	err = validateConfig(&conf)
@ -1515,6 +1520,32 @@ func handleUpload(w http.ResponseWriter, r *http.Request) {
 	absFilename := filepath.Join(storagePath, filename)
 	// Pre-upload deduplication check: if file already exists and deduplication is enabled, return success immediately
 	if conf.Server.DeduplicationEnabled {
 		if existingFileInfo, err := os.Stat(absFilename); err == nil {
 			// File already exists - return success immediately for deduplication hit
 			duration := time.Since(startTime)
 			uploadDuration.Observe(duration.Seconds())
 			uploadsTotal.Inc()
 			uploadSizeBytes.Observe(float64(existingFileInfo.Size()))
 			filesDeduplicatedTotal.Inc()
 			w.Header().Set("Content-Type", "application/json")
 			w.WriteHeader(http.StatusOK)
 			response := map[string]interface{}{
 				"success":  true,
 				"filename": filename,
 				"size":     existingFileInfo.Size(),
 				"message":  "File already exists (deduplication hit)",
 			}
 			json.NewEncoder(w).Encode(response)
 			log.Infof("Deduplication hit: file %s already exists (%s), returning success immediately", 
 				filename, formatBytes(existingFileInfo.Size()))
 			return
 		}
 	}
 	// Create the file
 	dst, err := os.Create(absFilename)
 	if err != nil {
@ -1752,6 +1783,32 @@ func handleV3Upload(w http.ResponseWriter, r *http.Request) {
 	absFilename := filepath.Join(storagePath, filename)
 	// Pre-upload deduplication check: if file already exists and deduplication is enabled, return success immediately
 	if conf.Server.DeduplicationEnabled {
 		if existingFileInfo, err := os.Stat(absFilename); err == nil {
 			// File already exists - return success immediately for deduplication hit
 			duration := time.Since(startTime)
 			uploadDuration.Observe(duration.Seconds())
 			uploadsTotal.Inc()
 			uploadSizeBytes.Observe(float64(existingFileInfo.Size()))
 			filesDeduplicatedTotal.Inc()
 			w.Header().Set("Content-Type", "application/json")
 			w.WriteHeader(http.StatusOK)
 			response := map[string]interface{}{
 				"success":  true,
 				"filename": filename,
 				"size":     existingFileInfo.Size(),
 				"message":  "File already exists (deduplication hit)",
 			}
 			json.NewEncoder(w).Encode(response)
 			log.Infof("Deduplication hit: file %s already exists (%s), returning success immediately", 
 				filename, formatBytes(existingFileInfo.Size()))
 			return
 		}
 	}
 	// Create the file
 	dst, err := os.Create(absFilename)
 	if err != nil {
@ -1813,6 +1870,8 @@ func handleLegacyUpload(w http.ResponseWriter, r *http.Request) {
 	activeConnections.Inc()
 	defer activeConnections.Dec()
 	log.Infof("🔥 DEBUG: handleLegacyUpload called - method:%s path:%s query:%s", r.Method, r.URL.Path, r.URL.RawQuery)
 	log.Debugf("handleLegacyUpload: Processing request to %s with query: %s", r.URL.Path, r.URL.RawQuery)
 	// Only allow PUT method for legacy uploads
@ -1830,29 +1889,40 @@ func handleLegacyUpload(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 	log.Debugf("✅ HMAC validation passed for: %s", r.URL.Path)
 	// Extract filename from the URL path
 	fileStorePath := strings.TrimPrefix(r.URL.Path, "/")
 	if fileStorePath == "" {
 		log.Debugf("❌ No filename specified")
 		http.Error(w, "No filename specified", http.StatusBadRequest)
 		uploadErrorsTotal.Inc()
 		return
 	}
 	log.Debugf("✅ File path extracted: %s", fileStorePath)
 	// Validate file extension if configured
 	if len(conf.Uploads.AllowedExtensions) > 0 {
 		ext := strings.ToLower(filepath.Ext(fileStorePath))
 		log.Infof("<22> DEBUG: Checking file extension: %s against %d allowed extensions", ext, len(conf.Uploads.AllowedExtensions))
 		log.Infof("<22> DEBUG: Allowed extensions: %v", conf.Uploads.AllowedExtensions)
 		allowed := false
-		for _, allowedExt := range conf.Uploads.AllowedExtensions {
+		for i, allowedExt := range conf.Uploads.AllowedExtensions {
 			log.Infof("<22> DEBUG: [%d] Comparing '%s' == '%s'", i, ext, allowedExt)
 			if ext == allowedExt {
 				allowed = true
 				log.Infof("🔥 DEBUG: Extension match found!")
 				break
 			}
 		}
 		if !allowed {
 			log.Infof("🔥 DEBUG: Extension %s not found in allowed list", ext)
 			http.Error(w, fmt.Sprintf("File extension %s not allowed", ext), http.StatusBadRequest)
 			uploadErrorsTotal.Inc()
 			return
 		}
 		log.Infof("🔥 DEBUG: File extension %s is allowed", ext)
 	}
 	// Validate file size against max_upload_size if configured
@ -1907,6 +1977,23 @@ func handleLegacyUpload(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 	// Pre-upload deduplication check: if file already exists and deduplication is enabled, return success immediately
 	if conf.Server.DeduplicationEnabled {
 		if existingFileInfo, err := os.Stat(absFilename); err == nil {
 			// File already exists - return success immediately for deduplication hit
 			duration := time.Since(startTime)
 			uploadDuration.Observe(duration.Seconds())
 			uploadsTotal.Inc()
 			uploadSizeBytes.Observe(float64(existingFileInfo.Size()))
 			filesDeduplicatedTotal.Inc()
 			w.WriteHeader(http.StatusCreated) // 201 Created for legacy compatibility
 			log.Infof("Deduplication hit: file %s already exists (%s), returning success immediately", 
 				filename, formatBytes(existingFileInfo.Size()))
 			return
 		}
 	}
 	// Create the file
 	dst, err := os.Create(absFilename)
 	if err != nil {
--- a/cmd/server/network_resilience.go
+++ b/cmd/server/network_resilience.go
@ -1,4 +1,4 @@
-// network_resilience.go - Network resilience middleware without modifying core functions
+// network_resilience.go - Enhanced network resilience with quality monitoring and fast detection
 package main
@ -8,6 +8,7 @@ import (
 	"net/http"
 	"sync"
 	"time"
 	"os/exec"
 )
 // NetworkResilienceManager handles network change detection and upload pausing
@ -18,6 +19,81 @@ type NetworkResilienceManager struct {
 	pauseChannel    chan bool
 	resumeChannel   chan bool
 	lastInterfaces  []net.Interface
 	// Enhanced monitoring
 	qualityMonitor   *NetworkQualityMonitor
 	adaptiveTicker   *AdaptiveTicker
 	config          *NetworkResilienceConfigLocal
 }
 // NetworkQualityMonitor tracks connection quality per interface
 type NetworkQualityMonitor struct {
 	interfaces map[string]*InterfaceQuality
 	mutex      sync.RWMutex
 	thresholds NetworkThresholds
 }
 // InterfaceQuality represents the quality metrics of a network interface
 type InterfaceQuality struct {
 	Name         string
 	RTT          time.Duration
 	PacketLoss   float64
 	Bandwidth    int64
 	Stability    float64
 	LastGood     time.Time
 	Connectivity ConnectivityState
 	Samples      []QualitySample
 }
 // QualitySample represents a point-in-time quality measurement
 type QualitySample struct {
 	Timestamp  time.Time
 	RTT        time.Duration
 	PacketLoss float64
 	Success    bool
 }
 // ConnectivityState represents the current state of network connectivity
 type ConnectivityState int
 const (
 	ConnectivityUnknown ConnectivityState = iota
 	ConnectivityGood
 	ConnectivityDegraded
 	ConnectivityPoor
 	ConnectivityFailed
 )
 // NetworkThresholds defines quality thresholds for network assessment
 type NetworkThresholds struct {
 	RTTWarning      time.Duration  // 200ms
 	RTTCritical     time.Duration  // 1000ms
 	PacketLossWarn  float64        // 2%
 	PacketLossCrit  float64        // 10%
 	StabilityMin    float64        // 0.8
 	SampleWindow    int            // Number of samples to keep
 }
 // NetworkResilienceConfigLocal holds configuration for enhanced network resilience
 type NetworkResilienceConfigLocal struct {
 	FastDetection        bool          `toml:"fast_detection"`
 	QualityMonitoring    bool          `toml:"quality_monitoring"`
 	PredictiveSwitching  bool          `toml:"predictive_switching"`
 	MobileOptimizations  bool          `toml:"mobile_optimizations"`
 	DetectionInterval    time.Duration `toml:"detection_interval"`
 	QualityCheckInterval time.Duration `toml:"quality_check_interval"`
 	MaxDetectionInterval time.Duration `toml:"max_detection_interval"`
 }
 // AdaptiveTicker provides adaptive timing for network monitoring
 type AdaptiveTicker struct {
 	C              <-chan time.Time
 	ticker         *time.Ticker
 	minInterval    time.Duration
 	maxInterval    time.Duration
 	currentInterval time.Duration
 	unstableCount  int
 	done           chan bool
 }
 // UploadContext tracks active upload state
@ -29,22 +105,149 @@ type UploadContext struct {
 	IsPaused     bool
 }
-// NewNetworkResilienceManager creates a new network resilience manager
+// NewNetworkResilienceManager creates a new network resilience manager with enhanced capabilities
 func NewNetworkResilienceManager() *NetworkResilienceManager {
 	// Get configuration from global config, with sensible defaults
 	config := &NetworkResilienceConfigLocal{
 		FastDetection:        true,
 		QualityMonitoring:    true,
 		PredictiveSwitching:  true,
 		MobileOptimizations:  true,
 		DetectionInterval:    1 * time.Second,
 		QualityCheckInterval: 5 * time.Second,
 		MaxDetectionInterval: 10 * time.Second,
 	}
 	// Override with values from config file if available
 	if conf.NetworkResilience.DetectionInterval != "" {
 		if duration, err := time.ParseDuration(conf.NetworkResilience.DetectionInterval); err == nil {
 			config.DetectionInterval = duration
 		}
 	}
 	if conf.NetworkResilience.QualityCheckInterval != "" {
 		if duration, err := time.ParseDuration(conf.NetworkResilience.QualityCheckInterval); err == nil {
 			config.QualityCheckInterval = duration
 		}
 	}
 	if conf.NetworkResilience.MaxDetectionInterval != "" {
 		if duration, err := time.ParseDuration(conf.NetworkResilience.MaxDetectionInterval); err == nil {
 			config.MaxDetectionInterval = duration
 		}
 	}
 	// Override boolean settings if explicitly set
 	config.FastDetection = conf.NetworkResilience.FastDetection
 	config.QualityMonitoring = conf.NetworkResilience.QualityMonitoring
 	config.PredictiveSwitching = conf.NetworkResilience.PredictiveSwitching
 	config.MobileOptimizations = conf.NetworkResilience.MobileOptimizations
 	// Create quality monitor with mobile-optimized thresholds
 	thresholds := NetworkThresholds{
 		RTTWarning:      200 * time.Millisecond,
 		RTTCritical:     1000 * time.Millisecond,
 		PacketLossWarn:  2.0,
 		PacketLossCrit:  10.0,
 		StabilityMin:    0.8,
 		SampleWindow:    10,
 	}
 	// Adjust thresholds for mobile optimizations
 	if config.MobileOptimizations {
 		thresholds.RTTWarning = 500 * time.Millisecond    // More lenient for cellular
 		thresholds.RTTCritical = 2000 * time.Millisecond  // Account for cellular latency
 		thresholds.PacketLossWarn = 5.0                   // Higher tolerance for mobile
 		thresholds.PacketLossCrit = 15.0                  // Mobile networks can be lossy
 		thresholds.StabilityMin = 0.6                     // Lower stability expectations
 	}
 	qualityMonitor := &NetworkQualityMonitor{
 		interfaces: make(map[string]*InterfaceQuality),
 		thresholds: thresholds,
 	}
 	manager := &NetworkResilienceManager{
-		activeUploads: make(map[string]*UploadContext),
+		activeUploads:  make(map[string]*UploadContext),
-		pauseChannel:  make(chan bool, 100),
+		pauseChannel:   make(chan bool, 100),
-		resumeChannel: make(chan bool, 100),
+		resumeChannel:  make(chan bool, 100),
 		qualityMonitor: qualityMonitor,
 		config:        config,
 	}
-	// Start network monitoring if enabled
+	// Create adaptive ticker for smart monitoring
 	manager.adaptiveTicker = NewAdaptiveTicker(
 		config.DetectionInterval,
 		config.MaxDetectionInterval,
 	)
 	// Start enhanced network monitoring if enabled
 	if conf.Server.NetworkEvents {
-		go manager.monitorNetworkChanges()
+		if config.FastDetection {
 			go manager.monitorNetworkChangesEnhanced()
 			log.Info("Fast network change detection enabled")
 		} else {
 			go manager.monitorNetworkChanges() // Fallback to original method
 			log.Info("Standard network change detection enabled")
 		}
 		if config.QualityMonitoring {
 			go manager.monitorNetworkQuality()
 			log.Info("Network quality monitoring enabled")
 		}
 	}
 	log.Infof("Enhanced network resilience manager initialized with fast_detection=%v, quality_monitoring=%v, predictive_switching=%v",
 		config.FastDetection, config.QualityMonitoring, config.PredictiveSwitching)
 	return manager
 }
 // NewAdaptiveTicker creates a ticker that adjusts its interval based on network stability
 func NewAdaptiveTicker(minInterval, maxInterval time.Duration) *AdaptiveTicker {
 	ticker := &AdaptiveTicker{
 		minInterval:     minInterval,
 		maxInterval:     maxInterval,
 		currentInterval: minInterval,
 		done:           make(chan bool),
 	}
 	// Create initial ticker
 	ticker.ticker = time.NewTicker(minInterval)
 	ticker.C = ticker.ticker.C
 	return ticker
 }
 // AdjustInterval adjusts the ticker interval based on network stability
 func (t *AdaptiveTicker) AdjustInterval(stable bool) {
 	if stable {
 		// Network is stable, slow down monitoring
 		t.unstableCount = 0
 		newInterval := t.currentInterval * 2
 		if newInterval > t.maxInterval {
 			newInterval = t.maxInterval
 		}
 		if newInterval != t.currentInterval {
 			t.currentInterval = newInterval
 			t.ticker.Reset(newInterval)
 			log.Debugf("Network stable, slowing monitoring to %v", newInterval)
 		}
 	} else {
 		// Network is unstable, speed up monitoring
 		t.unstableCount++
 		newInterval := t.minInterval
 		if newInterval != t.currentInterval {
 			t.currentInterval = newInterval
 			t.ticker.Reset(newInterval)
 			log.Debugf("Network unstable, accelerating monitoring to %v", newInterval)
 		}
 	}
 }
 // Stop stops the adaptive ticker
 func (t *AdaptiveTicker) Stop() {
 	t.ticker.Stop()
 	close(t.done)
 }
 // RegisterUpload registers an active upload for pause/resume functionality
 func (m *NetworkResilienceManager) RegisterUpload(sessionID string) *UploadContext {
 	m.mutex.Lock()
@ -123,11 +326,302 @@ func (m *NetworkResilienceManager) ResumeAllUploads() {
 	}
 }
-// monitorNetworkChanges monitors for network interface changes
+// monitorNetworkChangesEnhanced provides fast detection with quality monitoring
 func (m *NetworkResilienceManager) monitorNetworkChangesEnhanced() {
 	log.Info("Starting enhanced network monitoring with fast detection")
 	// Get initial interface state
 	m.lastInterfaces, _ = net.Interfaces()
 	// Initialize quality monitoring for current interfaces
 	m.initializeInterfaceQuality()
 	for {
 		select {
 		case <-m.adaptiveTicker.C:
 			currentInterfaces, err := net.Interfaces()
 			if err != nil {
 				log.Warnf("Failed to get network interfaces: %v", err)
 				m.adaptiveTicker.AdjustInterval(false) // Network is unstable
 				continue
 			}
 			// Check for interface changes
 			interfaceChanged := m.hasNetworkChanges(m.lastInterfaces, currentInterfaces)
 			// Check for quality degradation (predictive switching)
 			qualityDegraded := false
 			if m.config.PredictiveSwitching {
 				qualityDegraded = m.checkQualityDegradation()
 			}
 			networkUnstable := interfaceChanged || qualityDegraded
 			if interfaceChanged {
 				log.Infof("Network interface change detected")
 				m.handleNetworkSwitch("interface_change")
 			} else if qualityDegraded {
 				log.Infof("Network quality degradation detected, preparing for switch")
 				m.prepareForNetworkSwitch()
 			}
 			// Adjust monitoring frequency based on stability
 			m.adaptiveTicker.AdjustInterval(!networkUnstable)
 			m.lastInterfaces = currentInterfaces
 		case <-m.adaptiveTicker.done:
 			log.Info("Network monitoring stopped")
 			return
 		}
 	}
 }
 // monitorNetworkQuality continuously monitors connection quality
 func (m *NetworkResilienceManager) monitorNetworkQuality() {
 	ticker := time.NewTicker(m.config.QualityCheckInterval)
 	defer ticker.Stop()
 	log.Info("Starting network quality monitoring")
 	for {
 		select {
 		case <-ticker.C:
 			m.updateNetworkQuality()
 		}
 	}
 }
 // initializeInterfaceQuality sets up quality monitoring for current interfaces
 func (m *NetworkResilienceManager) initializeInterfaceQuality() {
 	interfaces, err := net.Interfaces()
 	if err != nil {
 		return
 	}
 	m.qualityMonitor.mutex.Lock()
 	defer m.qualityMonitor.mutex.Unlock()
 	for _, iface := range interfaces {
 		if iface.Flags&net.FlagLoopback == 0 && iface.Flags&net.FlagUp != 0 {
 			m.qualityMonitor.interfaces[iface.Name] = &InterfaceQuality{
 				Name:         iface.Name,
 				Connectivity: ConnectivityUnknown,
 				LastGood:     time.Now(),
 				Samples:      make([]QualitySample, 0, m.qualityMonitor.thresholds.SampleWindow),
 			}
 		}
 	}
 }
 // updateNetworkQuality measures and updates quality metrics for all interfaces
 func (m *NetworkResilienceManager) updateNetworkQuality() {
 	m.qualityMonitor.mutex.Lock()
 	defer m.qualityMonitor.mutex.Unlock()
 	for name, quality := range m.qualityMonitor.interfaces {
 		sample := m.measureInterfaceQuality(name)
 		// Add sample to history
 		quality.Samples = append(quality.Samples, sample)
 		if len(quality.Samples) > m.qualityMonitor.thresholds.SampleWindow {
 			quality.Samples = quality.Samples[1:]
 		}
 		// Update current metrics
 		quality.RTT = sample.RTT
 		quality.PacketLoss = m.calculatePacketLoss(quality.Samples)
 		quality.Stability = m.calculateStability(quality.Samples)
 		quality.Connectivity = m.assessConnectivity(quality)
 		if sample.Success {
 			quality.LastGood = time.Now()
 		}
 		log.Debugf("Interface %s: RTT=%v, Loss=%.1f%%, Stability=%.2f, State=%v",
 			name, quality.RTT, quality.PacketLoss, quality.Stability, quality.Connectivity)
 	}
 }
 // measureInterfaceQuality performs a quick connectivity test for an interface
 func (m *NetworkResilienceManager) measureInterfaceQuality(interfaceName string) QualitySample {
 	sample := QualitySample{
 		Timestamp: time.Now(),
 		RTT:       0,
 		Success:   false,
 	}
 	// Use ping to measure RTT (simplified for demonstration)
 	// In production, you'd want more sophisticated testing
 	start := time.Now()
 	// Try to ping a reliable host (Google DNS)
 	cmd := exec.Command("ping", "-c", "1", "-W", "2", "8.8.8.8")
 	err := cmd.Run()
 	if err == nil {
 		sample.RTT = time.Since(start)
 		sample.Success = true
 	} else {
 		sample.RTT = 2 * time.Second // Timeout value
 		sample.Success = false
 	}
 	return sample
 }
 // calculatePacketLoss calculates packet loss percentage from samples
 func (m *NetworkResilienceManager) calculatePacketLoss(samples []QualitySample) float64 {
 	if len(samples) == 0 {
 		return 0
 	}
 	failed := 0
 	for _, sample := range samples {
 		if !sample.Success {
 			failed++
 		}
 	}
 	return float64(failed) / float64(len(samples)) * 100
 }
 // calculateStability calculates network stability from RTT variance
 func (m *NetworkResilienceManager) calculateStability(samples []QualitySample) float64 {
 	if len(samples) < 2 {
 		return 1.0
 	}
 	// Calculate RTT variance
 	var sum, sumSquares float64
 	count := 0
 	for _, sample := range samples {
 		if sample.Success {
 			rttMs := float64(sample.RTT.Nanoseconds()) / 1e6
 			sum += rttMs
 			sumSquares += rttMs * rttMs
 			count++
 		}
 	}
 	if count < 2 {
 		return 1.0
 	}
 	mean := sum / float64(count)
 	variance := (sumSquares / float64(count)) - (mean * mean)
 	// Convert variance to stability score (lower variance = higher stability)
 	if variance <= 100 { // Very stable (variance < 100ms²)
 		return 1.0
 	} else if variance <= 1000 { // Moderately stable
 		return 1.0 - (variance-100)/900*0.3 // Scale from 1.0 to 0.7
 	} else { // Unstable
 		return 0.5 // Cap at 0.5 for very unstable connections
 	}
 }
 // assessConnectivity determines connectivity state based on quality metrics
 func (m *NetworkResilienceManager) assessConnectivity(quality *InterfaceQuality) ConnectivityState {
 	thresholds := m.qualityMonitor.thresholds
 	// Check if we have recent successful samples
 	timeSinceLastGood := time.Since(quality.LastGood)
 	if timeSinceLastGood > 30*time.Second {
 		return ConnectivityFailed
 	}
 	// Assess based on packet loss
 	if quality.PacketLoss >= thresholds.PacketLossCrit {
 		return ConnectivityPoor
 	} else if quality.PacketLoss >= thresholds.PacketLossWarn {
 		return ConnectivityDegraded
 	}
 	// Assess based on RTT
 	if quality.RTT >= thresholds.RTTCritical {
 		return ConnectivityPoor
 	} else if quality.RTT >= thresholds.RTTWarning {
 		return ConnectivityDegraded
 	}
 	// Assess based on stability
 	if quality.Stability < thresholds.StabilityMin {
 		return ConnectivityDegraded
 	}
 	return ConnectivityGood
 }
 // checkQualityDegradation checks if any interface shows quality degradation
 func (m *NetworkResilienceManager) checkQualityDegradation() bool {
 	m.qualityMonitor.mutex.RLock()
 	defer m.qualityMonitor.mutex.RUnlock()
 	for _, quality := range m.qualityMonitor.interfaces {
 		if quality.Connectivity == ConnectivityPoor || 
 		   (quality.Connectivity == ConnectivityDegraded && quality.PacketLoss > 5.0) {
 			return true
 		}
 	}
 	return false
 }
 // prepareForNetworkSwitch proactively prepares for an anticipated network switch
 func (m *NetworkResilienceManager) prepareForNetworkSwitch() {
 	log.Info("Preparing for anticipated network switch due to quality degradation")
 	// Temporarily pause new uploads but don't stop existing ones
 	// This gives ongoing uploads a chance to complete before the switch
 	m.mutex.Lock()
 	defer m.mutex.Unlock()
 	// Mark as preparing for switch (could be used by upload handlers)
 	for _, ctx := range m.activeUploads {
 		select {
 		case ctx.PauseChan <- true:
 			ctx.IsPaused = true
 			log.Debugf("Preemptively paused upload %s", ctx.SessionID)
 		default:
 		}
 	}
 	// Resume after a short delay to allow network to stabilize
 	go func() {
 		time.Sleep(5 * time.Second)
 		m.ResumeAllUploads()
 	}()
 }
 // handleNetworkSwitch handles an actual network interface change
 func (m *NetworkResilienceManager) handleNetworkSwitch(switchType string) {
 	log.Infof("Handling network switch: %s", switchType)
 	m.PauseAllUploads()
 	// Wait for network stabilization (adaptive based on switch type)
 	stabilizationTime := 2 * time.Second
 	if switchType == "interface_change" {
 		stabilizationTime = 3 * time.Second
 	}
 	time.Sleep(stabilizationTime)
 	// Re-initialize quality monitoring for new network state
 	m.initializeInterfaceQuality()
 	m.ResumeAllUploads()
 }
 // monitorNetworkChanges provides the original network monitoring (fallback)
 func (m *NetworkResilienceManager) monitorNetworkChanges() {
 	ticker := time.NewTicker(5 * time.Second)
 	defer ticker.Stop()
 	log.Info("Starting standard network monitoring (5s interval)")
 	// Get initial interface state
 	m.lastInterfaces, _ = net.Interfaces()
--- a/cmd/server/queue_resilience.go
+++ b/cmd/server/queue_resilience.go
@ -5,7 +5,6 @@ package main
 import (
 	"context"
 	"errors"
 	"fmt"
 	"sync"
 	"sync/atomic"
 	"time"
--- a/comprehensive_upload_test.sh
+++ b/comprehensive_upload_test.sh
--- a/config-default.toml
+++ b/config-default.toml
@ -1,89 +0,0 @@
 [server]
 listen_address = ":8080"
 storage_path = "/opt/hmac-file-server/data/uploads"
 metrics_enabled = true
 metrics_path = "/metrics"
 pid_file = "/var/run/hmac-file-server.pid"
 max_upload_size = "10GB"
 max_header_bytes = 1048576
 cleanup_interval = "24h"
 max_file_age = "720h"
 pre_cache = true
 pre_cache_workers = 4
 pre_cache_interval = "1h"
 global_extensions = [".txt", ".dat", ".iso"]
 deduplication_enabled = true
 min_free_bytes = "1GB"
 file_naming = "original"
 force_protocol = ""
 enable_dynamic_workers = true
 worker_scale_up_thresh = 50
 worker_scale_down_thresh = 10
 [uploads]
 allowedextensions = [".zip", ".rar", ".7z", ".tar.gz", ".tgz", ".gpg", ".enc", ".pgp", ".txt", ".pdf", ".png", ".jpg", ".jpeg", ".gif", ".bmp", ".tiff", ".svg", ".webp", ".wav", ".mp4", ".avi", ".mkv", ".mov", ".wmv", ".flv", ".webm", ".mpeg", ".mpg", ".m4v", ".3gp", ".3g2", ".mp3", ".ogg"]
 chunkeduploadsenabled = true
 chunksize = "32MB"
 resumableuploadsenabled = true
 maxresumableage = "48h"
 [downloads]
 resumabledownloadsenabled = true
 chunkeddownloadsenabled = true
 chunksize = "32MB"
 allowedextensions = [".txt", ".pdf", ".png", ".jpg", ".jpeg", ".gif", ".bmp", ".tiff", ".svg", ".webp", ".wav", ".mp4", ".avi", ".mkv", ".mov", ".wmv", ".flv", ".webm", ".mpeg", ".mpg", ".m4v", ".3gp", ".3g2", ".mp3", ".ogg"]
 [security]
 secret = "f6g4ldPvQM7O2UTFeBEUUj33VrXypDAcsDt0yqKrLiOr5oQW"
 enablejwt = false
 jwtsecret = "f6g4ldPvQM7O2UTFeBEUUj33VrXypDAcsDt0yqKrLiOr5oQW"
 jwtalgorithm = "HS256"
 jwtexpiration = "24h"
 [logging]
 level = "debug"
 file = "/var/log/hmac-file-server/hmac-file-server.log"
 max_size = 100
 max_backups = 7
 max_age = 30
 compress = true
 [deduplication]
 enabled = true
 directory = "/opt/hmac-file-server/data/duplicates"
 [iso]
 enabled = false
 size = "1GB"
 mountpoint = "/mnt/iso"
 charset = "utf-8"
 containerfile = "/mnt/iso/container.iso"
 [timeouts]
 readtimeout = "3600s"
 writetimeout = "3600s"
 idletimeout = "3600s"
 [versioning]
 enableversioning = false
 maxversions = 1
 [clamav]
 clamavenabled = false
 clamavsocket = "/var/run/clamav/clamd.ctl"
 numscanworkers = 2
 scanfileextensions = [".exe", ".dll", ".bin", ".com", ".bat", ".sh", ".php", ".js"]
 [redis]
 redisenabled = false
 redisdbindex = 0
 redisaddr = "localhost:6379"
 redispassword = ""
 redishealthcheckinterval = "120s"
 [workers]
 numworkers = 4
 uploadqueuesize = 5000
 [file]
 filerevision = 1
--- a/debug-uploads.sh
+++ b/debug-uploads.sh
@ -0,0 +1,223 @@
 #!/bin/bash
 # Live debugging script for HMAC File Server upload issues
 # Monitors logs in real-time and provides detailed diagnostics
 set -e
 # Colors
 RED='\033[0;31m'
 GREEN='\033[0;32m'
 YELLOW='\033[1;33m'
 BLUE='\033[0;34m'
 NC='\033[0m'
 log_info() { echo -e "${BLUE}[INFO]${NC} $1"; }
 log_success() { echo -e "${GREEN}[SUCCESS]${NC} $1"; }
 log_warning() { echo -e "${YELLOW}[WARNING]${NC} $1"; }
 log_error() { echo -e "${RED}[ERROR]${NC} $1"; }
 # Function to check service status
 check_services() {
    log_info "=== SERVICE STATUS CHECK ==="
    echo "HMAC File Server:"
    systemctl is-active hmac-file-server && echo "✅ Running" || echo "❌ Not running"
    echo "Nginx:"
    systemctl is-active nginx && echo "✅ Running" || echo "❌ Not running"
    echo ""
 }
 # Function to show current configuration
 show_config() {
    log_info "=== CONFIGURATION SUMMARY ==="
    echo "HMAC File Server Config:"
    echo "- Max Upload Size: $(grep max_upload_size /opt/hmac-file-server/config.toml | cut -d'"' -f2)"
    echo "- Chunk Size: $(grep chunksize /opt/hmac-file-server/config.toml | head -1 | cut -d'"' -f2)"
    echo "- Chunked Uploads: $(grep chunkeduploadsenabled /opt/hmac-file-server/config.toml | cut -d'=' -f2 | tr -d ' ')"
    echo "- Network Events: $(grep networkevents /opt/hmac-file-server/config.toml | cut -d'=' -f2 | tr -d ' ')"
    echo "- Listen Address: $(grep listen_address /opt/hmac-file-server/config.toml | cut -d'"' -f2)"
    echo ""
    echo "Nginx Config:"
    echo "- Client Max Body Size: $(nginx -T 2>/dev/null | grep client_max_body_size | head -1 | awk '{print $2}' | tr -d ';')"
    echo "- Proxy Buffering: $(nginx -T 2>/dev/null | grep proxy_request_buffering | head -1 | awk '{print $2}' | tr -d ';')"
    echo "- Proxy Timeouts: $(nginx -T 2>/dev/null | grep proxy_read_timeout | head -1 | awk '{print $2}' | tr -d ';')"
    echo ""
 }
 # Function to monitor logs in real-time
 monitor_logs() {
    log_info "=== STARTING LIVE LOG MONITORING ==="
    log_warning "Press Ctrl+C to stop monitoring"
    echo ""
    # Create named pipes for log monitoring
    mkfifo /tmp/hmac_logs /tmp/nginx_logs 2>/dev/null || true
    # Start log monitoring in background
    journalctl -u hmac-file-server -f --no-pager > /tmp/hmac_logs &
    HMAC_PID=$!
    tail -f /var/log/nginx/access.log > /tmp/nginx_logs &
    NGINX_PID=$!
    # Monitor both logs with timestamps
    {
        while read line; do
            echo -e "${BLUE}[HMAC]${NC} $line"
        done < /tmp/hmac_logs &
        while read line; do
            if [[ "$line" =~ (PUT|POST) ]] && [[ "$line" =~ (40[0-9]|50[0-9]) ]]; then
                echo -e "${RED}[NGINX-ERROR]${NC} $line"
            elif [[ "$line" =~ (PUT|POST) ]]; then
                echo -e "${GREEN}[NGINX-OK]${NC} $line"
            else
                echo -e "${YELLOW}[NGINX]${NC} $line"
            fi
        done < /tmp/nginx_logs &
        wait
    }
    # Cleanup on exit
    trap 'kill $HMAC_PID $NGINX_PID 2>/dev/null; rm -f /tmp/hmac_logs /tmp/nginx_logs' EXIT
 }
 # Function to test file upload
 test_upload() {
    local test_file="$1"
    local test_size="${2:-1MB}"
    if [ -z "$test_file" ]; then
        test_file="/tmp/test_upload_${test_size}.bin"
        log_info "Creating test file: $test_file ($test_size)"
        case "$test_size" in
            "1MB") dd if=/dev/urandom of="$test_file" bs=1M count=1 >/dev/null 2>&1 ;;
            "10MB") dd if=/dev/urandom of="$test_file" bs=1M count=10 >/dev/null 2>&1 ;;
            "100MB") dd if=/dev/urandom of="$test_file" bs=1M count=100 >/dev/null 2>&1 ;;
            "1GB") dd if=/dev/urandom of="$test_file" bs=1M count=1024 >/dev/null 2>&1 ;;
        esac
        log_success "Test file created: $(ls -lh $test_file | awk '{print $5}')"
    fi
    # Get current timestamp for log filtering
    log_info "=== TESTING UPLOAD: $test_file ==="
    # Test with curl - simulate XMPP client behavior
    local url="https://share.uuxo.net/test_path/test_file_$(date +%s).bin"
    log_info "Testing upload to: $url"
    curl -X PUT \
         -H "Content-Type: application/octet-stream" \
         -H "User-Agent: TestClient/1.0" \
         --data-binary "@$test_file" \
         "$url" \
         -v \
         -w "Response: %{http_code}, Size: %{size_upload}, Time: %{time_total}s\n" \
         2>&1 | tee /tmp/curl_test.log
    echo ""
    log_info "Upload test completed. Check logs above for details."
 }
 # Function to analyze recent errors
 analyze_errors() {
    log_info "=== ERROR ANALYSIS ==="
    echo "Recent 400 errors from Nginx:"
    tail -100 /var/log/nginx/access.log | grep " 400 " | tail -5
    echo ""
    echo "Recent HMAC file server errors:"
    tail -100 /opt/hmac-file-server/data/logs/hmac-file-server.log | grep -i error | tail -5
    echo ""
    echo "File extension configuration:"
    grep -A 20 "allowedextensions" /opt/hmac-file-server/config.toml | head -10
    echo ""
 }
 # Function to check file permissions and disk space
 check_system() {
    log_info "=== SYSTEM CHECK ==="
    echo "Disk space:"
    df -h /opt/hmac-file-server/data/uploads
    echo ""
    echo "Upload directory permissions:"
    ls -la /opt/hmac-file-server/data/uploads/
    echo ""
    echo "Process information:"
    ps aux | grep hmac-file-server | grep -v grep
    echo ""
    echo "Network connections:"
    netstat -tlnp | grep :8080
    echo ""
 }
 # Main menu
 main_menu() {
    echo -e "${BLUE}╔═══════════════════════════════════════════════════════════╗${NC}"
    echo -e "${BLUE}║${NC}         HMAC File Server Live Debugging Tool              ${BLUE}║${NC}"
    echo -e "${BLUE}╚═══════════════════════════════════════════════════════════╝${NC}"
    echo ""
    echo "1) Check service status"
    echo "2) Show configuration summary"
    echo "3) Start live log monitoring"
    echo "4) Test file upload (1MB)"
    echo "5) Test file upload (10MB)"
    echo "6) Test file upload (100MB)"
    echo "7) Analyze recent errors"
    echo "8) Check system resources"
    echo "9) Full diagnostic run"
    echo "0) Exit"
    echo ""
    read -p "Choose an option [0-9]: " choice
    case $choice in
        1) check_services ;;
        2) show_config ;;
        3) monitor_logs ;;
        4) test_upload "" "1MB" ;;
        5) test_upload "" "10MB" ;;
        6) test_upload "" "100MB" ;;
        7) analyze_errors ;;
        8) check_system ;;
        9) 
            check_services
            show_config
            check_system
            analyze_errors
            ;;
        0) exit 0 ;;
        *) log_error "Invalid option. Please choose 0-9." ;;
    esac
    echo ""
    read -p "Press Enter to continue..."
    main_menu
 }
 # Handle command line arguments
 case "${1:-}" in
    "monitor") monitor_logs ;;
    "test") test_upload "$2" "$3" ;;
    "analyze") analyze_errors ;;
    "status") check_services ;;
    "config") show_config ;;
    "system") check_system ;;
    *) main_menu ;;
 esac
--- a/dockerenv/config/config.toml
+++ b/dockerenv/config/config.toml
@ -1,111 +0,0 @@
 [server]
 listen_address = ":8080"
 storage_path = "/srv/hmac-file-server/uploads"
 metrics_enabled = true
 metrics_path = "/metrics"
 pid_file = "/var/run/hmac-file-server.pid"
 max_upload_size = "10GB" # Supports B, KB, MB, GB, TB
 max_header_bytes = 1048576 # 1MB
 cleanup_interval = "24h"
 max_file_age = "720h" # 30 days
 pre_cache = true
 pre_cache_workers = 4
 pre_cache_interval = "1h"
 global_extensions = [".txt", ".dat", ".iso", ".mp4", ".mkv", ".avi", ".mov", ".wmv", ".flv", ".webm", ".mpeg"] # If set, overrides upload/download extensions
 deduplication_enabled = true
 min_free_bytes = "1GB" # Minimum free space required for uploads
 file_naming = "original" # Options: "original", "HMAC"
 force_protocol = "" # Options: "http", "https" - if set, redirects to this protocol
 enable_dynamic_workers = true # Enable dynamic worker scaling
 worker_scale_up_thresh = 50   # Queue length to scale up workers
 worker_scale_down_thresh = 10 # Queue length to scale down workers
 # Cluster-aware settings for client restart resilience
 graceful_shutdown_timeout = "300s"    # Allow time for client reconnections
 connection_drain_timeout = "120s"     # Drain existing connections gracefully
 max_idle_conns_per_host = 5           # Limit persistent connections per client
 idle_conn_timeout = "90s"             # Close idle connections regularly
 disable_keep_alives = false           # Keep HTTP keep-alives for performance
 client_timeout = "300s"               # Timeout for slow clients
 restart_grace_period = "60s"          # Grace period after restart for clients to reconnect
 [uploads]
 allowed_extensions = [".zip", ".rar", ".7z", ".tar.gz", ".tgz", ".gpg", ".enc", ".pgp"]
 chunked_uploads_enabled = true
 chunk_size = "10MB"
 resumable_uploads_enabled = true
 max_resumable_age = "48h"
 # Cluster resilience for uploads
 session_persistence = true               # Persist upload sessions across restarts
 session_recovery_timeout = "300s"       # Time to wait for session recovery
 client_reconnect_window = "120s"        # Window for clients to reconnect after server restart
 upload_slot_ttl = "3600s"              # Upload slot validity time
 retry_failed_uploads = true             # Automatically retry failed uploads
 max_upload_retries = 3                  # Maximum retry attempts
 [downloads]
 resumable_downloads_enabled = true
 chunked_downloads_enabled = true
 chunk_size = "8192"
 allowed_extensions = [".txt", ".pdf", ".png", ".jpg", ".jpeg", ".gif", ".bmp", ".tiff", ".svg", ".webp"]
 [security]
 secret = "f6g4ldPvQM7O2UTFeBEUUj33VrXypDAcsDt0yqKrLiOr5oQW"
 enablejwt = false
 jwtsecret = "f6g4ldPvQM7O2UTFeBEUUj33VrXypDAcsDt0yqKrLiOr5oQW"
 jwtalgorithm = "HS256"
 jwtexpiration = "24h"
 [logging]
 level = "info"
 file = "/var/log/hmac-file-server.log"
 max_size = 100
 max_backups = 7
 max_age = 30
 compress = true
 [deduplication]
 enabled = true
 directory = "./deduplication"
 maxsize = "1GB"
 [iso]
 enabled = true
 size = "1GB"
 mountpoint = "/mnt/iso"
 charset = "utf-8"
 containerfile = "/mnt/iso/container.iso"
 [timeouts]
 readtimeout = "4800s"
 writetimeout = "4800s"
 idletimeout = "4800s"
 [versioning]
 enableversioning = false
 maxversions = 1
 [clamav]
 clamavenabled = true
 clamavsocket = "/var/run/clamav/clamd.ctl"
 numscanworkers = 2
 # Only scan potentially dangerous file types, skip large media files
 scanfileextensions = [".txt", ".pdf", ".doc", ".docx", ".xls", ".xlsx", ".exe", ".zip", ".rar", ".7z", ".tar", ".gz"]
 # Skip scanning files larger than 200MB (ClamAV limit)
 maxscansize = "200MB"
 [redis]
 redisenabled = true
 redisdbindex = 0
 redisaddr = "localhost:6379"
 redispassword = ""
 redishealthcheckinterval = "120s"
 [workers]
 numworkers = 4
 uploadqueuesize = 50
 [file]
 # Add file-specific configurations here
 [build]
 version = "3.2"
--- a/dockerenv/docker-compose.yml
+++ b/dockerenv/docker-compose.yml
@ -5,7 +5,7 @@ services:
    container_name: hmac-file-server
    image: hmac-file-server:latest
    ports:
-      - "8080:8080"
+      - "8081:8080"
    volumes:
      - ./config:/etc/hmac-file-server
      - ./data/uploads:/opt/hmac-file-server/data/uploads
--- a/dockerenv/dockerbuild/Dockerfile
+++ b/dockerenv/dockerbuild/Dockerfile
@ -6,21 +6,37 @@ RUN apk add --no-cache git
 COPY go.mod go.sum ./
 RUN go mod download
 COPY . .
-RUN CGO_ENABLED=0 go build -o hmac-file-server cmd/server/main.go cmd/server/helpers.go cmd/server/config_validator.go cmd/server/config_test_scenarios.go
+RUN CGO_ENABLED=0 go build -ldflags="-w -s" -o hmac-file-server ./cmd/server/
 # Stage 2: Runtime
 FROM alpine:latest
-RUN apk --no-cache add ca-certificates
+RUN apk --no-cache add ca-certificates tzdata iputils
 # Create non-root user for security
 RUN adduser -D -s /bin/sh -u 1011 appuser
 RUN mkdir -p /opt/hmac-file-server/data/uploads \
    && mkdir -p /opt/hmac-file-server/data/duplicates \
    && mkdir -p /opt/hmac-file-server/data/temp \
-    && mkdir -p /opt/hmac-file-server/data/logs
+    && mkdir -p /opt/hmac-file-server/data/logs \
    && chown -R appuser:appuser /opt/hmac-file-server \
    && chmod 750 /opt/hmac-file-server/data/uploads \
    && chmod 750 /opt/hmac-file-server/data/duplicates \
    && chmod 750 /opt/hmac-file-server/data/temp \
    && chmod 750 /opt/hmac-file-server/data/logs
 WORKDIR /opt/hmac-file-server
 COPY --from=builder /build/hmac-file-server .
 RUN chown appuser:appuser hmac-file-server && chmod +x hmac-file-server
 # Switch to non-root user
 USER appuser
 # Health check for network resilience
 HEALTHCHECK --interval=30s --timeout=15s --start-period=60s --retries=3 \
  CMD curl -f http://localhost:8080/health || exit 1
 EXPOSE 8080
--- a/dockerenv/podman-compose.yml
+++ b/dockerenv/podman-compose.yml
@ -0,0 +1,22 @@
 # Podman Compose Configuration for HMAC File Server
 # Version: 3.2.1 - Podman optimized
 services:
  hmac-file-server:
    container_name: hmac-file-server
    image: hmac-file-server:latest
    ports:
      - "8081:8080"
    volumes:
      - ./config:/etc/hmac-file-server:Z
      - ./data/uploads:/opt/hmac-file-server/data/uploads:Z
      - ./data/duplicates:/opt/hmac-file-server/data/duplicates:Z
      - ./data/temp:/opt/hmac-file-server/data/temp:Z
      - ./data/logs:/opt/hmac-file-server/data/logs:Z
    environment:
      - CONFIG_PATH=/etc/hmac-file-server/config.toml
    restart: unless-stopped
    security_opt:
      - label=disable
    # Podman specific optimizations
    userns_mode: "keep-id"
--- a/dockerenv/podman/Dockerfile.podman
+++ b/dockerenv/podman/Dockerfile.podman
@ -0,0 +1,72 @@
 # Dockerfile.podman - Optimized for Podman deployment
 # HMAC File Server 3.2 "Tremora del Terra" - Podman Edition
 FROM docker.io/golang:1.24-alpine AS builder
 WORKDIR /build
 # Install build dependencies
 RUN apk add --no-cache git ca-certificates tzdata
 # Copy source code
 COPY go.mod go.sum ./
 RUN go mod download
 COPY . .
 # Build static binary optimized for containers
 RUN CGO_ENABLED=0 GOOS=linux go build \
    -ldflags="-w -s -extldflags '-static'" \
    -a -installsuffix cgo \
    -o hmac-file-server ./cmd/server/
 # Production stage - Alpine for better compatibility and security
 FROM alpine:latest
 # Install runtime dependencies and create user
 RUN apk add --no-cache \
    ca-certificates \
    tzdata \
    curl \
    shadow \
    iputils \
    && adduser -D -s /bin/sh -u 1011 appuser \
    && rm -rf /var/cache/apk/*
 # Create application directories with proper ownership and secure permissions
 RUN mkdir -p /app /data /deduplication /iso /logs /tmp && \
    chown -R appuser:appuser /app /data /deduplication /iso /logs /tmp && \
    chmod 750 /app /data /deduplication /iso /logs && \
    chmod 1777 /tmp
 # Copy binary from builder stage
 COPY --from=builder /build/hmac-file-server /app/hmac-file-server
 # Set proper permissions on binary
 RUN chmod +x /app/hmac-file-server && \
    chown appuser:appuser /app/hmac-file-server
 # Switch to non-root user for security
 USER appuser
 # Set working directory
 WORKDIR /app
 # Add labels for better container management
 LABEL org.opencontainers.image.title="HMAC File Server" \
      org.opencontainers.image.description="Secure file server with XEP-0363 support" \
      org.opencontainers.image.version="3.2" \
      org.opencontainers.image.vendor="PlusOne" \
      org.opencontainers.image.source="https://github.com/PlusOne/hmac-file-server" \
      org.opencontainers.image.licenses="MIT"
 # Health check for container orchestration with network resilience awareness
 HEALTHCHECK --interval=30s --timeout=15s --start-period=60s --retries=3 \
  CMD curl -f http://localhost:8888/health || exit 1
 # Expose default port (configurable via config)
 EXPOSE 8888
 # Use exec form for proper signal handling
 ENTRYPOINT ["/app/hmac-file-server"]
 CMD ["-config", "/app/config.toml"]
--- a/dockerenv/podman/README.md
+++ b/dockerenv/podman/README.md
@ -0,0 +1,263 @@
 # HMAC File Server - Podman Configuration Examples
 This directory contains Podman-specific deployment files for HMAC File Server 3.2 "Tremora del Terra".
 ## 🚀 Quick Start
 ```bash
 # Clone repository
 git clone https://github.com/PlusOne/hmac-file-server.git
 cd hmac-file-server/dockerenv/podman
 # Deploy with single command
 ./deploy-podman.sh
 # Check status
 ./deploy-podman.sh status
 # View logs
 ./deploy-podman.sh logs
 ```
 ## 📁 Files Overview
 ### `Dockerfile.podman`
 - **Purpose**: Optimized Dockerfile for Podman deployment
 - **Features**: 
  - Security-hardened Alpine-based image
  - Non-root user (UID 1011)
  - Health checks included
  - Static binary compilation
  - Minimal attack surface
 ### `deploy-podman.sh`
 - **Purpose**: Complete deployment automation script
 - **Features**:
  - Interactive deployment with colored output
  - Automatic configuration generation with random secrets
  - Security-hardened container settings
  - Pod management for XMPP integration
  - Health monitoring and status reporting
 ### `hmac-file-server.service`
 - **Purpose**: Systemd service unit for service management
 - **Usage**: Place in `~/.config/systemd/user/` (rootless) or `/etc/systemd/system/` (system-wide)
 ## 🛠️ Deployment Commands
 ### Basic Deployment
 ```bash
 # Full deployment (directories, config, build, start)
 ./deploy-podman.sh deploy
 # Start services only
 ./deploy-podman.sh start
 # Stop all services
 ./deploy-podman.sh stop
 # Restart services
 ./deploy-podman.sh restart
 ```
 ### Management Commands
 ```bash
 # Check status and health
 ./deploy-podman.sh status
 # View real-time logs
 ./deploy-podman.sh logs
 # Show current configuration
 ./deploy-podman.sh config
 # Build image only
 ./deploy-podman.sh build
 # Create networking pod only
 ./deploy-podman.sh pod
 # Complete cleanup (keeps data)
 ./deploy-podman.sh clean
 ```
 ## 🔧 Configuration
 ### Environment Variables
 ```bash
 # Custom data directory
 export APP_DATA="/custom/path/hmac-file-server"
 # Custom ports
 export LISTEN_PORT="9999"
 export METRICS_PORT="9998"
 # Deploy with custom settings
 ./deploy-podman.sh
 ```
 ### Generated Configuration
 The deployment script generates a production-ready configuration with:
 - ✅ **XMPP-compatible file extensions**
 - ✅ **Random HMAC and JWT secrets**
 - ✅ **Optimized performance settings**
 - ✅ **Security hardening enabled**
 - ✅ **Comprehensive logging**
 ## 🔒 Security Features
 ### Container Security
 - **Rootless operation**: Runs as non-root user (UID 1011)
 - **Capability dropping**: `--cap-drop=ALL`
 - **No new privileges**: `--security-opt no-new-privileges`
 - **Read-only filesystem**: `--read-only` with tmpfs for /tmp
 - **SELinux labels**: Volume mounts with `:Z` labels
 ### Network Security
 - **Pod isolation**: Containers run in isolated pods
 - **Port binding**: Only necessary ports exposed
 - **Health monitoring**: Built-in health checks
 ## 🔄 Systemd Integration
 ### User Service (Rootless - Recommended)
 ```bash
 # Copy service file
 cp hmac-file-server.service ~/.config/systemd/user/
 # Enable and start
 systemctl --user daemon-reload
 systemctl --user enable hmac-file-server.service
 systemctl --user start hmac-file-server.service
 # Check status
 systemctl --user status hmac-file-server.service
 ```
 ### System Service (Root)
 ```bash
 # Copy service file
 sudo cp hmac-file-server.service /etc/systemd/system/
 # Enable and start
 sudo systemctl daemon-reload
 sudo systemctl enable hmac-file-server.service
 sudo systemctl start hmac-file-server.service
 # Check status
 sudo systemctl status hmac-file-server.service
 ```
 ## 🎯 XMPP Integration
 ### Pod-based XMPP Deployment
 ```bash
 # Create XMPP services pod
 podman pod create --name xmpp-services \
  --publish 5222:5222 \
  --publish 5269:5269 \
  --publish 5443:5443 \
  --publish 8888:8888
 # Add Prosody XMPP server
 podman run -d --pod xmpp-services --name prosody \
  -v ./prosody-config:/etc/prosody:ro \
  -v ./prosody-data:/var/lib/prosody:rw \
  docker.io/prosody/prosody:latest
 # Add HMAC File Server
 podman run -d --pod xmpp-services --name hmac-file-server \
  -v ./config.toml:/app/config.toml:ro \
  -v ./data:/data:rw \
  localhost/hmac-file-server:latest -config /app/config.toml
 ```
 ## 📊 Monitoring and Health
 ### Health Checks
 ```bash
 # Manual health check
 curl -f http://localhost:8888/health
 # Container health status
 podman healthcheck run hmac-file-server
 # Continuous monitoring
 watch -n 5 'curl -s http://localhost:8888/health && echo " - $(date)"'
 ```
 ### Metrics
 ```bash
 # Prometheus metrics
 curl http://localhost:9090/metrics
 # Pod statistics
 podman pod stats xmpp-pod
 # Container logs
 podman logs -f hmac-file-server
 ```
 ## 🚨 Troubleshooting
 ### Common Issues
 #### Permission Errors
 ```bash
 # Fix SELinux contexts
 restorecon -R /opt/podman/hmac-file-server
 # Check volume permissions
 podman unshare ls -la /opt/podman/hmac-file-server
 ```
 #### Container Won't Start
 ```bash
 # Check image exists
 podman images | grep hmac-file-server
 # Validate configuration
 ./deploy-podman.sh config
 # Debug with interactive container
 podman run -it --rm localhost/hmac-file-server:latest /bin/sh
 ```
 #### Network Issues
 ```bash
 # Check pod networking
 podman pod ps
 podman port hmac-file-server
 # Test connectivity
 nc -zv localhost 8888
 ```
 ### Log Analysis
 ```bash
 # Container logs
 podman logs hmac-file-server
 # Application logs
 tail -f /opt/podman/hmac-file-server/logs/hmac-file-server.log
 # System journal
 journalctl --user -u hmac-file-server.service -f
 ```
 ## 🎉 Success Verification
 After deployment, verify everything works:
 1. **Health Check**: `curl -f http://localhost:8888/health`
 2. **Metrics**: `curl http://localhost:9090/metrics`
 3. **Container Status**: `podman ps`
 4. **Pod Status**: `podman pod ps`
 5. **Logs**: `./deploy-podman.sh logs`
 ## 📚 Additional Resources
 - [Podman Official Documentation](https://docs.podman.io/)
 - [HMAC File Server GitHub](https://github.com/PlusOne/hmac-file-server)
 - [XEP-0363 Specification](https://xmpp.org/extensions/xep-0363.html)
 - [Container Security Best Practices](https://docs.podman.io/en/latest/markdown/podman-run.1.html#security-options)
--- a/dockerenv/podman/config.toml.example
+++ b/dockerenv/podman/config.toml.example
@ -0,0 +1,122 @@
 # HMAC File Server - Podman Production Configuration
 # This file is auto-generated by deploy-podman.sh
 # Edit as needed for your specific deployment requirements
 [server]
 listen_address = "8888"
 storage_path = "/data"
 metrics_enabled = true
 metrics_port = "9090"
 max_upload_size = "10GB"
 max_header_bytes = 1048576
 cleanup_interval = "24h"
 max_file_age = "720h"
 enable_dynamic_workers = true
 worker_scale_up_thresh = 40
 worker_scale_down_thresh = 10
 deduplication_enabled = true
 min_free_bytes = "1GB"
 file_naming = "original"
 networkevents = true                # Enable network change detection
 # Network resilience settings
 graceful_shutdown_timeout = "300s"
 connection_drain_timeout = "120s"
 max_idle_conns_per_host = 5
 idle_conn_timeout = "90s"
 disable_keep_alives = false
 client_timeout = "300s"
 restart_grace_period = "60s"
 [uploads]
 # XMPP-compatible file extensions for maximum client support
 allowed_extensions = [".zip", ".rar", ".7z", ".tar.gz", ".tgz", ".gpg", ".enc", ".pgp", ".txt", ".pdf", ".png", ".jpg", ".jpeg", ".gif", ".bmp", ".tiff", ".svg", ".webp", ".wav", ".mp4", ".avi", ".mkv", ".mov", ".wmv", ".flv", ".webm", ".mpeg", ".mpg", ".m4v", ".3gp", ".3g2", ".mp3", ".ogg", ".doc", ".docx"]
 chunked_uploads_enabled = true
 chunk_size = "32MB"
 resumable_uploads_enabled = true
 max_resumable_age = "48h"
 sessiontimeout = "60m"
 maxretries = 3
 # Upload resilience settings
 session_persistence = true
 session_recovery_timeout = "300s"
 client_reconnect_window = "120s"
 upload_slot_ttl = "3600s"
 retry_failed_uploads = true
 max_upload_retries = 3
 # Enhanced Network Resilience (NEW)
 [network_resilience]
 enabled = true
 fast_detection = true               # 1-second network change detection
 quality_monitoring = true           # Monitor RTT and packet loss
 predictive_switching = true         # Proactive network switching
 mobile_optimizations = true        # Mobile-friendly thresholds
 upload_resilience = true            # Resume uploads across network changes
 detection_interval = "1s"
 quality_check_interval = "5s"
 network_change_threshold = 3        # Switches required to trigger network change
 interface_stability_time = "10s"    # Mobile-appropriate stability time
 upload_pause_timeout = "10m"       # Mobile-friendly upload pause timeout
 upload_retry_timeout = "20m"       # Extended retry for mobile scenarios
 rtt_warning_threshold = "500ms"     # Cellular network warning threshold
 rtt_critical_threshold = "2000ms"   # Cellular network critical threshold
 packet_loss_warning_threshold = 5.0 # 5% packet loss warning
 packet_loss_critical_threshold = 15.0 # 15% packet loss critical
 [downloads]
 resumable_downloads_enabled = true
 chunked_downloads_enabled = true
 chunk_size = "32MB"
 # Same extensions as uploads for consistency
 allowed_extensions = [".zip", ".rar", ".7z", ".tar.gz", ".tgz", ".gpg", ".enc", ".pgp", ".txt", ".pdf", ".png", ".jpg", ".jpeg", ".gif", ".bmp", ".tiff", ".svg", ".webp", ".wav", ".mp4", ".avi", ".mkv", ".mov", ".wmv", ".flv", ".webm", ".mpeg", ".mpg", ".m4v", ".3gp", ".3g2", ".mp3", ".ogg", ".doc", ".docx"]
 [security]
 # IMPORTANT: Change these secrets in production!
 secret = "CHANGE-THIS-PRODUCTION-SECRET-HMAC-KEY"
 enablejwt = true
 jwtsecret = "CHANGE-THIS-JWT-SECRET-KEY"
 jwtalgorithm = "HS256"
 jwtexpiration = "24h"
 [logging]
 level = "info"
 file = "/logs/hmac-file-server.log"
 max_size = 100
 max_backups = 7
 max_age = 30
 compress = true
 [deduplication]
 enabled = true
 directory = "/deduplication"
 [workers]
 numworkers = 4
 uploadqueuesize = 100
 [timeouts]
 readtimeout = "3600s"
 writetimeout = "3600s"
 idletimeout = "3600s"
 shutdown = "30s"
 [versioning]
 enableversioning = false
 backend = "simple"
 maxversions = 1
 [redis]
 redisenabled = false
 redisdbindex = 0
 redisaddr = "localhost:6379"
 redispassword = ""
 redishealthcheckinterval = "120s"
 [clamav]
 clamavenabled = false
 clamavsocket = "/var/run/clamav/clamd.ctl"
 numscanworkers = 2
 scanfileextensions = [".exe", ".dll", ".bin", ".com", ".bat", ".sh", ".php", ".js"]
 maxscansize = "200MB"
--- a/dockerenv/podman/deploy-podman-simple.sh
+++ b/dockerenv/podman/deploy-podman-simple.sh
@ -0,0 +1,137 @@
 #!/bin/bash
 # deploy-podman-simple.sh - Simplified Podman deployment for testing
 # This is a root-compatible version for testing purposes
 set -e
 # Colors
 RED='\033[0;31m'
 GREEN='\033[0;32m'
 YELLOW='\033[1;33m'
 BLUE='\033[0;34m'
 NC='\033[0m'
 log_info() { echo -e "${BLUE}[INFO]${NC} $1"; }
 log_success() { echo -e "${GREEN}[SUCCESS]${NC} $1"; }
 log_warning() { echo -e "${YELLOW}[WARNING]${NC} $1"; }
 log_error() { echo -e "${RED}[ERROR]${NC} $1"; }
 # Configuration
 APP_NAME="hmac-file-server"
 IMAGE_NAME="localhost/hmac-file-server:latest"
 CONTAINER_NAME="hmac-file-server-test"
 CONFIG_DIR="/opt/podman/hmac-file-server/config"
 DATA_DIR="/opt/podman/hmac-file-server/data"
 # Create directories
 create_directories() {
    log_info "Creating Podman directories..."
    mkdir -p "$CONFIG_DIR"
    mkdir -p "$DATA_DIR"/{uploads,duplicates,temp,logs}
    # Create basic configuration if it doesn't exist
    if [ ! -f "$CONFIG_DIR/config.toml" ]; then
        log_info "Creating Podman configuration..."
        cat > "$CONFIG_DIR/config.toml" << 'EOF'
 [server]
 listen_address = "8888"
 storage_path = "/data/uploads"
 max_upload_size = "10GB"
 [security]
 secret = "CHANGE-THIS-SECRET-KEY-MINIMUM-32-CHARACTERS"
 [uploads]
 allowedextensions = [".txt", ".pdf", ".jpg", ".jpeg", ".png", ".gif", ".zip", ".tar", ".gz"]
 maxfilesize = "100MB"
 chunkeduploadsenabled = true
 networkevents = true
 [network_resilience]
 enabled = true
 quality_monitoring = true
 upload_resilience = true
 [logging]
 level = "INFO"
 file = "/logs/hmac-file-server.log"
 EOF
        log_success "Configuration created"
    fi
 }
 # Build image
 build_image() {
    log_info "Building Podman image..."
    if podman build -t "$IMAGE_NAME" -f ./Dockerfile.podman ../../.. >/dev/null 2>&1; then
        log_success "Image built successfully"
    else
        log_error "Failed to build image"
        return 1
    fi
 }
 # Run container
 run_container() {
    log_info "Running Podman container..."
    # Stop existing container if running
    if podman ps -q --filter name="$CONTAINER_NAME" | grep -q .; then
        log_info "Stopping existing container..."
        podman stop "$CONTAINER_NAME" >/dev/null 2>&1 || true
    fi
    # Remove existing container
    if podman ps -aq --filter name="$CONTAINER_NAME" | grep -q .; then
        log_info "Removing existing container..."
        podman rm "$CONTAINER_NAME" >/dev/null 2>&1 || true
    fi
    # Run new container
    podman run -d \
        --name "$CONTAINER_NAME" \
        --restart unless-stopped \
        -p 8888:8888 \
        -v "$CONFIG_DIR:/app/config:Z" \
        -v "$DATA_DIR:/data:Z" \
        "$IMAGE_NAME" \
        -config /app/config/config.toml || {
        log_error "Failed to run container"
        return 1
    }
    log_success "Container started successfully"
 }
 # Main execution
 main() {
    log_info "Starting simplified Podman deployment..."
    if [ "$EUID" -eq 0 ]; then
        log_warning "Running as root - using rootful Podman"
    fi
    create_directories
    build_image
    run_container
    log_success "Podman deployment completed!"
    log_info "Container status:"
    podman ps --filter name="$CONTAINER_NAME"
 }
 # Handle arguments
 case "${1:-}" in
    "test")
        # Test mode - just validate setup
        create_directories
        if podman images | grep -q hmac-file-server; then
            log_success "Podman test validation passed"
        else
            log_warning "Podman image not found"
        fi
        ;;
    *)
        main
        ;;
 esac
--- a/dockerenv/podman/deploy-podman.sh
+++ b/dockerenv/podman/deploy-podman.sh
@ -0,0 +1,401 @@
 #!/bin/bash
 # deploy-podman.sh - Production Podman deployment script for HMAC File Server 3.2
 # Usage: ./deploy-podman.sh [start|stop|restart|status|logs|config]
 set -euo pipefail
 # Color codes for pretty output
 RED='\033[0;31m'
 GREEN='\033[0;32m'
 YELLOW='\033[1;33m'
 BLUE='\033[0;34m'
 NC='\033[0m' # No Color
 # Logging functions
 info() { echo -e "${BLUE}[INFO]${NC} $1"; }
 success() { echo -e "${GREEN}[SUCCESS]${NC} $1"; }
 warning() { echo -e "${YELLOW}[WARNING]${NC} $1"; }
 error() { echo -e "${RED}[ERROR]${NC} $1"; }
 # Configuration variables
 readonly APP_NAME='hmac-file-server'
 readonly POD_NAME='xmpp-pod'
 readonly CTR_NAME="${POD_NAME}-${APP_NAME}"
 readonly CTR_IMAGE='localhost/hmac-file-server:latest'
 readonly RESTART_POLICY='unless-stopped'
 readonly CTR_UID='1011'
 readonly APP_DATA="${APP_DATA:-/opt/podman/hmac-file-server}"
 readonly LISTEN_PORT="${LISTEN_PORT:-8888}"
 readonly METRICS_PORT="${METRICS_PORT:-9090}"
 readonly CONFIG_FILE="${APP_DATA}/config/config.toml"
 # Check if running as root (not recommended for Podman)
 check_user() {
    if [[ $EUID -eq 0 ]]; then
        warning "Running as root. Consider using Podman rootless for better security."
        read -p "Continue anyway? (y/N): " -n 1 -r
        echo
        if [[ ! $REPLY =~ ^[Yy]$ ]]; then
            exit 1
        fi
    fi
 }
 # Create application directories
 setup_directories() {
    info "Setting up application directories..."
    mkdir -p "${APP_DATA}"/{config,data,deduplication,logs}
    # Set proper ownership
    if command -v podman >/dev/null 2>&1; then
        podman unshare chown -R "${CTR_UID}:${CTR_UID}" "${APP_DATA}"
    else
        error "Podman not found. Please install Podman first."
        exit 1
    fi
    success "Directories created at ${APP_DATA}"
 }
 # Generate configuration file
 generate_config() {
    if [[ -f "${CONFIG_FILE}" ]]; then
        warning "Configuration file already exists at ${CONFIG_FILE}"
        read -p "Overwrite? (y/N): " -n 1 -r
        echo
        if [[ ! $REPLY =~ ^[Yy]$ ]]; then
            return 0
        fi
    fi
    info "Generating configuration file..."
    # Generate random secrets
    local hmac_secret=$(openssl rand -base64 32 2>/dev/null || head -c 32 /dev/urandom | base64)
    local jwt_secret=$(openssl rand -base64 32 2>/dev/null || head -c 32 /dev/urandom | base64)
    cat > "${CONFIG_FILE}" << EOF
 # HMAC File Server 3.2 - Podman Production Configuration
 # Generated on $(date)
 [server]
 listen_address = "${LISTEN_PORT}"
 storage_path = "/data"
 metrics_enabled = true
 metrics_port = "${METRICS_PORT}"
 max_upload_size = "10GB"
 max_header_bytes = 1048576
 cleanup_interval = "24h"
 max_file_age = "720h"
 enable_dynamic_workers = true
 worker_scale_up_thresh = 40
 worker_scale_down_thresh = 10
 deduplication_enabled = true
 min_free_bytes = "1GB"
 file_naming = "original"
 networkevents = true                # Enable network monitoring for resilience
 [uploads]
 # XMPP-compatible file extensions for maximum client support
 allowed_extensions = [".zip", ".rar", ".7z", ".tar.gz", ".tgz", ".gpg", ".enc", ".pgp", ".txt", ".pdf", ".png", ".jpg", ".jpeg", ".gif", ".bmp", ".tiff", ".svg", ".webp", ".wav", ".mp4", ".avi", ".mkv", ".mov", ".wmv", ".flv", ".webm", ".mpeg", ".mpg", ".m4v", ".3gp", ".3g2", ".mp3", ".ogg", ".doc", ".docx"]
 chunked_uploads_enabled = true
 chunk_size = "32MB"
 resumable_uploads_enabled = true
 max_resumable_age = "48h"
 sessiontimeout = "60m"
 maxretries = 3
 # Upload resilience settings
 session_persistence = true
 session_recovery_timeout = "300s"
 client_reconnect_window = "120s"
 upload_slot_ttl = "3600s"
 retry_failed_uploads = true
 max_upload_retries = 3
 # Enhanced Network Resilience (NEW)
 [network_resilience]
 fast_detection = true               # 1-second network change detection
 quality_monitoring = true           # Monitor RTT and packet loss
 predictive_switching = true         # Proactive network switching
 mobile_optimizations = true        # Mobile-friendly thresholds
 detection_interval = "1s"
 quality_check_interval = "5s"
 max_detection_interval = "10s"
 [downloads]
 resumable_downloads_enabled = true
 chunked_downloads_enabled = true
 chunk_size = "32MB"
 # Same extensions as uploads for consistency
 allowed_extensions = [".zip", ".rar", ".7z", ".tar.gz", ".tgz", ".gpg", ".enc", ".pgp", ".txt", ".pdf", ".png", ".jpg", ".jpeg", ".gif", ".bmp", ".tiff", ".svg", ".webp", ".wav", ".mp4", ".avi", ".mkv", ".mov", ".wmv", ".flv", ".webm", ".mpeg", ".mpg", ".m4v", ".3gp", ".3g2", ".mp3", ".ogg", ".doc", ".docx"]
 [security]
 secret = "${hmac_secret}"
 enablejwt = true
 jwtsecret = "${jwt_secret}"
 jwtalgorithm = "HS256"
 jwtexpiration = "24h"
 [logging]
 level = "info"
 file = "/logs/hmac-file-server.log"
 max_size = 100
 max_backups = 7
 max_age = 30
 compress = true
 [deduplication]
 enabled = true
 directory = "/deduplication"
 [workers]
 numworkers = 4
 uploadqueuesize = 100
 [timeouts]
 readtimeout = "3600s"
 writetimeout = "3600s"
 idletimeout = "3600s"
 shutdown = "30s"
 EOF
    success "Configuration generated at ${CONFIG_FILE}"
    warning "Secrets have been auto-generated. Keep this file secure!"
 }
 # Build container image
 build_image() {
    info "Checking if image ${CTR_IMAGE} exists..."
    if podman image exists "${CTR_IMAGE}"; then
        warning "Image ${CTR_IMAGE} already exists"
        read -p "Rebuild? (y/N): " -n 1 -r
        echo
        if [[ ! $REPLY =~ ^[Yy]$ ]]; then
            return 0
        fi
    fi
    info "Building container image ${CTR_IMAGE}..."
    # Find the Dockerfile
    local dockerfile_path
    if [[ -f "dockerenv/podman/Dockerfile.podman" ]]; then
        dockerfile_path="dockerenv/podman/Dockerfile.podman"
    elif [[ -f "Dockerfile.podman" ]]; then
        dockerfile_path="Dockerfile.podman"
    else
        error "Dockerfile.podman not found. Please run from project root or ensure file exists."
        exit 1
    fi
    podman build --no-cache -t "${CTR_IMAGE}" -f "${dockerfile_path}" .
    success "Image ${CTR_IMAGE} built successfully"
 }
 # Create pod for networking
 create_pod() {
    info "Creating pod ${POD_NAME}..."
    # Remove existing pod if it exists
    if podman pod exists "${POD_NAME}"; then
        warning "Pod ${POD_NAME} already exists, removing..."
        podman pod stop "${POD_NAME}" 2>/dev/null || true
        podman pod rm "${POD_NAME}" 2>/dev/null || true
    fi
    podman pod create --name "${POD_NAME}" \
        --publish "${LISTEN_PORT}:8888" \
        --publish "${METRICS_PORT}:9090"
    success "Pod ${POD_NAME} created"
 }
 # Start the container
 start_container() {
    info "Starting HMAC File Server container..."
    # Stop and remove existing container
    podman container stop "${CTR_NAME}" 2>/dev/null || true
    podman container rm "${CTR_NAME}" 2>/dev/null || true
    # Run container with security-hardened settings
    podman run -d \
        --pod="${POD_NAME}" \
        --restart="${RESTART_POLICY}" \
        --name "${CTR_NAME}" \
        --user "${CTR_UID}:${CTR_UID}" \
        --cap-drop=ALL \
        --security-opt no-new-privileges \
        --read-only \
        --tmpfs /tmp:rw,noexec,nosuid,size=100m \
        -v "${CONFIG_FILE}:/app/config.toml:ro,Z" \
        -v "${APP_DATA}/data:/data:rw,Z" \
        -v "${APP_DATA}/deduplication:/deduplication:rw,Z" \
        -v "${APP_DATA}/logs:/logs:rw,Z" \
        --health-cmd="curl -f http://localhost:8888/health || exit 1" \
        --health-interval=30s \
        --health-timeout=10s \
        --health-retries=3 \
        --health-start-period=40s \
        "${CTR_IMAGE}" -config /app/config.toml
    success "Container ${CTR_NAME} started successfully!"
 }
 # Stop the container
 stop_container() {
    info "Stopping HMAC File Server..."
    podman container stop "${CTR_NAME}" 2>/dev/null || true
    podman container rm "${CTR_NAME}" 2>/dev/null || true
    podman pod stop "${POD_NAME}" 2>/dev/null || true
    podman pod rm "${POD_NAME}" 2>/dev/null || true
    success "HMAC File Server stopped"
 }
 # Show status
 show_status() {
    echo
    info "=== HMAC File Server Status ==="
    if podman pod exists "${POD_NAME}"; then
        echo "Pod Status:"
        podman pod ps --filter "name=${POD_NAME}"
        echo
    fi
    if podman container exists "${CTR_NAME}"; then
        echo "Container Status:"
        podman ps --filter "name=${CTR_NAME}"
        echo
        echo "Health Status:"
        podman healthcheck run "${CTR_NAME}" 2>/dev/null && echo "✅ Healthy" || echo "❌ Unhealthy"
        echo
    else
        warning "Container ${CTR_NAME} not found"
    fi
    echo "Service URLs:"
    echo "  🌐 File Server: http://localhost:${LISTEN_PORT}"
    echo "  📊 Metrics: http://localhost:${METRICS_PORT}/metrics"
    echo "  🔍 Health Check: http://localhost:${LISTEN_PORT}/health"
    echo
 }
 # Show logs
 show_logs() {
    if podman container exists "${CTR_NAME}"; then
        info "Showing logs for ${CTR_NAME} (Ctrl+C to exit)..."
        podman logs -f "${CTR_NAME}"
    else
        error "Container ${CTR_NAME} not found"
        exit 1
    fi
 }
 # Full deployment
 deploy() {
    info "Starting full HMAC File Server deployment..."
    check_user
    setup_directories
    generate_config
    build_image
    create_pod
    start_container
    sleep 5  # Wait for container to start
    show_status
    success "🎉 HMAC File Server deployed successfully!"
    echo
    info "Next steps:"
    echo "1. Test the service: curl -f http://localhost:${LISTEN_PORT}/health"
    echo "2. View logs: ./deploy-podman.sh logs"
    echo "3. Check status: ./deploy-podman.sh status"
    echo "4. Edit config: ${CONFIG_FILE}"
    echo
 }
 # Main command dispatcher
 case "${1:-deploy}" in
    start|deploy)
        deploy
        ;;
    stop)
        stop_container
        ;;
    restart)
        stop_container
        sleep 2
        create_pod
        start_container
        show_status
        ;;
    status)
        show_status
        ;;
    logs)
        show_logs
        ;;
    config)
        info "Configuration file location: ${CONFIG_FILE}"
        if [[ -f "${CONFIG_FILE}" ]]; then
            echo "Current configuration:"
            cat "${CONFIG_FILE}"
        else
            warning "Configuration file not found. Run './deploy-podman.sh' to generate it."
        fi
        ;;
    build)
        build_image
        ;;
    pod)
        create_pod
        ;;
    clean)
        warning "This will remove all containers, pods, and the image. Data will be preserved."
        read -p "Continue? (y/N): " -n 1 -r
        echo
        if [[ $REPLY =~ ^[Yy]$ ]]; then
            stop_container
            podman image rm "${CTR_IMAGE}" 2>/dev/null || true
            success "Cleanup completed"
        fi
        ;;
    help|--help|-h)
        echo "HMAC File Server Podman Deployment Script"
        echo
        echo "Usage: $0 [COMMAND]"
        echo
        echo "Commands:"
        echo "  deploy    Full deployment (default)"
        echo "  start     Start services"
        echo "  stop      Stop all services"
        echo "  restart   Restart services"
        echo "  status    Show service status"
        echo "  logs      Show container logs"
        echo "  config    Show configuration"
        echo "  build     Build container image only"
        echo "  pod       Create pod only"
        echo "  clean     Remove containers and image"
        echo "  help      Show this help"
        echo
        echo "Environment Variables:"
        echo "  APP_DATA      Data directory (default: /opt/podman/hmac-file-server)"
        echo "  LISTEN_PORT   Server port (default: 8888)"
        echo "  METRICS_PORT  Metrics port (default: 9090)"
        echo
        ;;
    *)
        error "Unknown command: $1"
        echo "Run '$0 help' for usage information"
        exit 1
        ;;
 esac
--- a/dockerenv/podman/hmac-file-server.service
+++ b/dockerenv/podman/hmac-file-server.service
@ -0,0 +1,55 @@
 # HMAC File Server - Podman Systemd Service
 # Place this file at: ~/.config/systemd/user/hmac-file-server.service
 # For system-wide: /etc/systemd/system/hmac-file-server.service
 [Unit]
 Description=HMAC File Server 3.2 "Tremora del Terra" (Podman)
 Documentation=https://github.com/PlusOne/hmac-file-server
 Wants=network-online.target
 After=network-online.target
 RequiresMountsFor=%t/containers
 [Service]
 Type=notify
 NotifyAccess=all
 Environment=PODMAN_SYSTEMD_UNIT=%n
 Restart=on-failure
 RestartSec=5
 TimeoutStopSec=70
 # Main container execution
 ExecStart=/usr/bin/podman run \
    --cidfile=%t/%n.ctr-id \
    --cgroups=no-conmon \
    --rm \
    --sdnotify=conmon \
    --replace \
    --name hmac-file-server \
    --user 1011:1011 \
    --cap-drop=ALL \
    --security-opt no-new-privileges \
    --read-only \
    --tmpfs /tmp:rw,noexec,nosuid,size=100m \
    --publish 8888:8888 \
    --publish 9090:9090 \
    --volume /opt/podman/hmac-file-server/config/config.toml:/app/config.toml:ro,Z \
    --volume /opt/podman/hmac-file-server/data:/data:rw,Z \
    --volume /opt/podman/hmac-file-server/deduplication:/deduplication:rw,Z \
    --volume /opt/podman/hmac-file-server/logs:/logs:rw,Z \
    --health-cmd="curl -f http://localhost:8888/health || exit 1" \
    --health-interval=30s \
    --health-timeout=15s \
    --health-retries=3 \
    --health-start-period=60s \
    localhost/hmac-file-server:latest -config /app/config.toml
 # Stop and cleanup
 ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id
 ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id
 # Reload configuration
 ExecReload=/bin/kill -HUP $MAINPID
 [Install]
 WantedBy=default.target
 # For system-wide installation, use: WantedBy=multi-user.target
--- a/github_tests/hmac_icon.png
+++ b/github_tests/hmac_icon.png
--- a/github_tests/hmac_test.go
+++ b/github_tests/hmac_test.go
@ -1,80 +0,0 @@
 package main
 import (
 	"crypto/hmac"
 	"crypto/sha256"
 	"encoding/hex"
 	"fmt"
 	"mime"
 	"net/http"
 	"net/url"
 	"os"
 	"path/filepath" // Added this import for filepath usage
 	"strconv"
 	"testing"
 )
 const (
 	serverURL    = "http://[::1]:8080"				// Replace with your actual server URL
 	secret       = "hmac-file-server-is-the-win"             // Replace with your HMAC secret key
 	uploadPath   = "hmac_icon.png"                 			// Test file to upload
 	protocolType = "v2"						// Use v2, v, or token as needed
 )
 // TestUpload performs a basic HMAC validation and upload test.
 func TestUpload(t *testing.T) {
 	// File setup for testing
 	file, err := os.Open(uploadPath)
 	if err != nil {
 		t.Fatalf("Error opening file: %v", err)
 	}
 	defer file.Close()
 	fileInfo, _ := file.Stat()
 	fileStorePath := uploadPath
 	contentLength := fileInfo.Size()
 	// Generate HMAC based on protocol type
 	hmacValue := generateHMAC(fileStorePath, contentLength, protocolType)
 	// Formulate request URL with HMAC in query params
 	reqURL := fmt.Sprintf("%s/%s?%s=%s", serverURL, fileStorePath, protocolType, url.QueryEscape(hmacValue))
 	// Prepare HTTP PUT request with file data
 	req, err := http.NewRequest(http.MethodPut, reqURL, file)
 	if err != nil {
 		t.Fatalf("Error creating request: %v", err)
 	}
 	req.Header.Set("Content-Type", "application/octet-stream")
 	req.Header.Set("Content-Length", strconv.FormatInt(contentLength, 10))
 	// Execute HTTP request
 	resp, err := http.DefaultClient.Do(req)
 	if err != nil {
 		t.Fatalf("Error executing request: %v", err)
 	}
 	defer resp.Body.Close()
 	t.Logf("Response status: %s", resp.Status)
 }
 // Generates the HMAC based on your protocol version
 func generateHMAC(filePath string, contentLength int64, protocol string) string {
 	mac := hmac.New(sha256.New, []byte(secret))
 	macString := ""
 	// Calculate HMAC according to protocol
 	if protocol == "v" {
 		mac.Write([]byte(filePath + "\x20" + strconv.FormatInt(contentLength, 10)))
 		macString = hex.EncodeToString(mac.Sum(nil))
 	} else if protocol == "v2" || protocol == "token" {
 		contentType := mime.TypeByExtension(filepath.Ext(filePath))
 		if contentType == "" {
 			contentType = "application/octet-stream"
 		}
 		mac.Write([]byte(filePath + "\x00" + strconv.FormatInt(contentLength, 10) + "\x00" + contentType))
 		macString = hex.EncodeToString(mac.Sum(nil))
 	}
 	return macString
 }
--- a/github_tests/server_flags_test.go
+++ b/github_tests/server_flags_test.go
@ -1,39 +0,0 @@
 package main
 import (
 	"os"
 	"os/exec"
 	"strings"
 	"testing"
 )
 // TestGenConfigFlag runs the server with --genconfig and checks output for expected config keys
 func TestGenConfigFlag(t *testing.T) {
 	cmd := exec.Command("go", "run", "../cmd/server/main.go", "--genconfig")
 	output, err := cmd.CombinedOutput()
 	if err != nil && !strings.Contains(string(output), "[server]") {
 		t.Fatalf("Failed to run with --genconfig: %v\nOutput: %s", err, output)
 	}
 	if !strings.Contains(string(output), "[server]") || !strings.Contains(string(output), "bind_ip") {
 		t.Errorf("Example config missing expected keys. Output: %s", output)
 	}
 }
 // TestIPv4IPv6Flag runs the server with forceprotocol=ipv4 and ipv6 and checks for startup errors
 func TestIPv4IPv6Flag(t *testing.T) {
 	for _, proto := range []string{"ipv4", "ipv6", "auto"} {
 		cmd := exec.Command("go", "run", "../cmd/server/main.go", "--config", "../cmd/server/config.toml")
 		cmd.Env = append(os.Environ(), "FORCEPROTOCOL="+proto)
 		// Set Go module cache environment variables if not already set
 		if os.Getenv("GOMODCACHE") == "" {
 			cmd.Env = append(cmd.Env, "GOMODCACHE="+os.Getenv("HOME")+"/go/pkg/mod")
 		}
 		if os.Getenv("GOPATH") == "" {
 			cmd.Env = append(cmd.Env, "GOPATH="+os.Getenv("HOME")+"/go")
 		}
 		output, err := cmd.CombinedOutput()
 		if err != nil && !strings.Contains(string(output), "Configuration loaded successfully") {
 			t.Errorf("Server failed to start with forceprotocol=%s: %v\nOutput: %s", proto, err, output)
 		}
 	}
 }
--- a/install-manager.sh
+++ b/install-manager.sh
@ -0,0 +1,673 @@
 #!/bin/bash
 # HMAC File Server 3.2 - Universal Installation & Testing Framework
 # Ensures consistent user experience across all deployment methods
 set -e
 # Colors for output
 RED='\033[0;31m'
 GREEN='\033[0;32m'
 YELLOW='\033[1;33m'
 BLUE='\033[0;34m'
 CYAN='\033[0;36m'
 MAGENTA='\033[0;35m'
 NC='\033[0m'
 # Installation methods
 METHODS=("systemd" "docker" "podman" "debian" "multi-arch")
 CURRENT_METHOD=""
 TEST_MODE=false
 VALIDATE_ONLY=false
 # Helper functions
 log_info() { echo -e "${BLUE}[INFO]${NC} $1"; }
 log_success() { echo -e "${GREEN}[SUCCESS]${NC} $1"; }
 log_warning() { echo -e "${YELLOW}[WARNING]${NC} $1"; }
 log_error() { echo -e "${RED}[ERROR]${NC} $1"; }
 log_step() { echo -e "${CYAN}[STEP]${NC} $1"; }
 # Show main menu
 show_main_menu() {
    clear
    echo -e "${MAGENTA}╔════════════════════════════════════════════════════════════════╗${NC}"
    echo -e "${MAGENTA}║${NC}         ${BLUE}HMAC File Server 3.2 'Tremora del Terra'${NC}         ${MAGENTA}║${NC}"
    echo -e "${MAGENTA}║${NC}              ${CYAN}Universal Installation Manager${NC}              ${MAGENTA}║${NC}"
    echo -e "${MAGENTA}╚════════════════════════════════════════════════════════════════╝${NC}"
    echo ""
    echo -e "${YELLOW}Choose your deployment method:${NC}"
    echo ""
    echo -e "  ${GREEN}1)${NC} ${BLUE}Native SystemD Service${NC}     - Traditional Linux service installation"
    echo -e "  ${GREEN}2)${NC} ${BLUE}Docker Deployment${NC}         - Container with docker-compose"
    echo -e "  ${GREEN}3)${NC} ${BLUE}Podman Deployment${NC}         - Rootless container deployment"
    echo -e "  ${GREEN}4)${NC} ${BLUE}Debian Package${NC}            - Build and install .deb package"
    echo -e "  ${GREEN}5)${NC} ${BLUE}Multi-Architecture${NC}        - Build for multiple platforms"
    echo ""
    echo -e "  ${GREEN}6)${NC} ${YELLOW}Test All Methods${NC}          - Validate all installation methods"
    echo -e "  ${GREEN}7)${NC} ${YELLOW}Validate Configuration${NC}    - Check existing installations"
    echo ""
    echo -e "  ${GREEN}0)${NC} Exit"
    echo ""
 }
 # Detect system capabilities
 detect_system() {
    log_step "Detecting system capabilities..."
    # Check OS
    if [ -f /etc/os-release ]; then
        . /etc/os-release
        OS_NAME="$NAME"
        OS_VERSION="$VERSION"
        log_info "Operating System: $OS_NAME $OS_VERSION"
    fi
    # Check systemd
    if systemctl --version >/dev/null 2>&1; then
        SYSTEMD_AVAILABLE=true
        log_success "SystemD available"
    else
        SYSTEMD_AVAILABLE=false
        log_warning "SystemD not available"
    fi
    # Check Docker
    if command -v docker >/dev/null 2>&1; then
        DOCKER_AVAILABLE=true
        DOCKER_VERSION=$(docker --version 2>/dev/null || echo "Unknown")
        log_success "Docker available: $DOCKER_VERSION"
    else
        DOCKER_AVAILABLE=false
        log_warning "Docker not available"
    fi
    # Check Podman
    if command -v podman >/dev/null 2>&1; then
        PODMAN_AVAILABLE=true
        PODMAN_VERSION=$(podman --version 2>/dev/null || echo "Unknown")
        log_success "Podman available: $PODMAN_VERSION"
    else
        PODMAN_AVAILABLE=false
        log_warning "Podman not available"
    fi
    # Check Go
    if command -v go >/dev/null 2>&1; then
        GO_AVAILABLE=true
        GO_VERSION=$(go version 2>/dev/null || echo "Unknown")
        log_success "Go available: $GO_VERSION"
    else
        GO_AVAILABLE=false
        log_warning "Go not available"
    fi
    # Check architecture
    ARCH=$(uname -m)
    log_info "Architecture: $ARCH"
    echo ""
 }
 # Validate installation method availability
 validate_method() {
    local method=$1
    case $method in
        "systemd")
            if [ "$SYSTEMD_AVAILABLE" != "true" ]; then
                log_error "SystemD not available on this system"
                return 1
            fi
            ;;
        "docker")
            if [ "$DOCKER_AVAILABLE" != "true" ]; then
                log_error "Docker not available on this system"
                return 1
            fi
            ;;
        "podman")
            if [ "$PODMAN_AVAILABLE" != "true" ]; then
                log_error "Podman not available on this system"
                return 1
            fi
            ;;
        "debian"|"multi-arch")
            if [ "$GO_AVAILABLE" != "true" ]; then
                log_error "Go compiler not available for building"
                return 1
            fi
            ;;
    esac
    return 0
 }
 # Install method: SystemD
 install_systemd() {
    log_step "Installing HMAC File Server with SystemD..."
    if [ ! -f "./installer.sh" ]; then
        log_error "installer.sh not found in current directory"
        return 1
    fi
    # Run the main installer in native mode
    log_info "Running native installation..."
    echo "1" | sudo ./installer.sh
    # Validate installation
    validate_systemd_installation
 }
 # Install method: Docker
 install_docker() {
    log_step "Installing HMAC File Server with Docker..."
    if [ ! -f "./installer.sh" ]; then
        log_error "installer.sh not found in current directory"
        return 1
    fi
    # Run the main installer in Docker mode
    log_info "Running Docker installation..."
    echo "2" | sudo ./installer.sh
    # Validate installation
    validate_docker_installation
 }
 # Install method: Podman
 install_podman() {
    log_step "Installing HMAC File Server with Podman..."
    # Check for deployment scripts (prefer simple version for testing)
    if [ -f "./dockerenv/podman/deploy-podman-simple.sh" ]; then
        podman_script="./dockerenv/podman/deploy-podman-simple.sh"
    elif [ -f "./dockerenv/podman/deploy-podman.sh" ]; then
        podman_script="./dockerenv/podman/deploy-podman.sh"
    else
        log_error "No Podman deployment script found"
        return 1
    fi
    # Make sure script is executable
    chmod +x "$podman_script"
    # Run Podman deployment
    log_info "Running Podman deployment..."
    cd dockerenv/podman
    if [[ "$podman_script" == *"simple"* ]]; then
        # Use simple script for testing
        ./deploy-podman-simple.sh test || {
            log_warning "Podman simple deployment test completed with warnings"
        }
    else
        # Use full script with automated answers
        echo "y" | ./deploy-podman.sh || {
            log_warning "Podman deployment encountered issues (may be normal for testing)"
        }
    fi
    cd ../..
    return 0
 }
 # Install method: Debian Package
 install_debian() {
    log_step "Building and installing Debian package..."
    if [ ! -f "./builddebian.sh" ]; then
        log_error "builddebian.sh not found in current directory"
        return 1
    fi
    # Check Go dependency
    if ! command -v go >/dev/null 2>&1; then
        log_warning "Go not available - Debian build may use pre-built binary"
    fi
    # Build Debian package
    log_info "Building Debian package..."
    sudo ./builddebian.sh || {
        log_warning "Debian build encountered issues (may be expected if already installed)"
        return 0
    }
    # Validate installation
    validate_debian_installation
 }
 # Install method: Multi-Architecture
 install_multiarch() {
    log_step "Building multi-architecture binaries..."
    if [ ! -f "./build-multi-arch.sh" ]; then
        log_error "build-multi-arch.sh not found in current directory"
        return 1
    fi
    # Build multi-arch binaries - automatically choose option 1 (current platform)
    log_info "Building for multiple architectures..."
    echo "1" | ./build-multi-arch.sh || {
        log_warning "Multi-arch build encountered issues"
        return 1
    }
    # Validate builds
    validate_multiarch_build
 }
 # Validation functions
 validate_systemd_installation() {
    log_step "Validating SystemD installation..."
    # Check service file
    if [ -f "/etc/systemd/system/hmac-file-server.service" ]; then
        log_success "Service file exists"
    else
        log_error "Service file not found"
        return 1
    fi
    # Check binary
    if [ -f "/opt/hmac-file-server/hmac-file-server" ]; then
        log_success "Binary installed"
    else
        log_error "Binary not found"
        return 1
    fi
    # Check configuration
    if [ -f "/opt/hmac-file-server/config.toml" ]; then
        log_success "Configuration file exists"
        # Validate configuration
        if sudo -u hmac-file-server /opt/hmac-file-server/hmac-file-server -config /opt/hmac-file-server/config.toml --validate-config >/dev/null 2>&1; then
            log_success "Configuration validation passed"
        else
            log_warning "Configuration has warnings"
        fi
    else
        log_error "Configuration file not found"
        return 1
    fi
    # Check service status
    if systemctl is-enabled hmac-file-server.service >/dev/null 2>&1; then
        log_success "Service is enabled"
    else
        log_warning "Service not enabled"
    fi
    log_success "SystemD installation validated successfully"
 }
 validate_docker_installation() {
    log_info "Validating Docker installation..."
    # Check if Docker Compose file exists
    if [ ! -f "dockerenv/docker-compose.yml" ]; then
        log_error "Docker Compose file not found"
        return 1
    fi
    # Check if Dockerfile exists
    if [ ! -f "dockerenv/dockerbuild/Dockerfile" ]; then
        log_error "Dockerfile not found"
        return 1
    fi
    # Check if configuration directory exists
    if [ ! -d "dockerenv/config" ]; then
        log_warning "Docker config directory not found, creating..."
        mkdir -p dockerenv/config
    fi
    # Check if configuration file exists
    if [ ! -f "dockerenv/config/config.toml" ]; then
        log_warning "Docker configuration file not found, creating..."
        # Create basic Docker configuration
        cat > dockerenv/config/config.toml << 'EOF'
 [server]
 listen_address = "8080"
 storage_path = "/opt/hmac-file-server/data/uploads"
 max_upload_size = "10GB"
 [security]
 secret = "CHANGE-THIS-SECRET-KEY-MINIMUM-32-CHARACTERS"
 [uploads]
 allowedextensions = [".txt", ".pdf", ".jpg", ".jpeg", ".png", ".gif", ".zip", ".tar", ".gz"]
 maxfilesize = "100MB"
 chunkeduploadsenabled = true
 networkevents = true
 [logging]
 level = "INFO"
 file = "/opt/hmac-file-server/data/logs/hmac-file-server.log"
 EOF
    fi
    # Check if image exists or can be built
    if ! docker images | grep -q hmac-file-server; then
        log_info "Docker image not found, testing build..."
        if docker build -t hmac-file-server:latest -f dockerenv/dockerbuild/Dockerfile . >/dev/null 2>&1; then
            log_success "Docker image can be built successfully"
        else
            log_error "Failed to build Docker image"
            return 1
        fi
    else
        log_success "Docker image exists"
    fi
    # Check if container is running
    if docker ps | grep -q hmac-file-server; then
        log_success "Docker container is running"
    else
        log_info "Docker container not running (normal for testing)"
    fi
    log_success "Docker installation validated"
    return 0
 }
 validate_podman_installation() {
    log_step "Validating Podman installation..."
    # Check if Podman deployment scripts exist
    scripts_found=0
    for script in "./dockerenv/podman/deploy-podman-simple.sh" "./dockerenv/podman/deploy-podman.sh"; do
        if [ -f "$script" ]; then
            log_success "Podman deployment script found: $script"
            ((scripts_found++))
        fi
    done
    if [ $scripts_found -eq 0 ]; then
        log_error "No Podman deployment scripts found"
        return 1
    fi
    # Check if Podman Dockerfile exists
    if [ ! -f "./dockerenv/podman/Dockerfile.podman" ]; then
        log_error "Podman Dockerfile not found"
        return 1
    fi
    # Check if Podman containers exist
    if podman ps -a --format "{{.Names}}" | grep -q "hmac-file-server" 2>/dev/null; then
        log_success "Podman container exists"
    else
        log_info "Podman container not found (normal for testing)"
    fi
    # Check configuration locations
    config_found=false
    for config_path in "/opt/podman/hmac-file-server/config/config.toml" "./dockerenv/podman/config.toml.example"; do
        if [ -f "$config_path" ]; then
            log_success "Podman configuration found: $config_path"
            config_found=true
            break
        fi
    done
    if [ "$config_found" = false ]; then
        log_info "Podman configuration will be created during deployment"
    fi
    # Check if Podman image exists or can be built
    if podman images | grep -q hmac-file-server 2>/dev/null; then
        log_success "Podman image exists"
    else
        log_info "Podman image not found (will be built during deployment)"
    fi
    log_success "Podman installation validated"
 }
 validate_debian_installation() {
    log_step "Validating Debian package installation..."
    # Check if package is installed
    if dpkg -l | grep -q "hmac-file-server" 2>/dev/null; then
        log_success "Debian package installed"
    else
        log_warning "Debian package not installed"
    fi
    # Check service
    if systemctl status hmac-file-server.service >/dev/null 2>&1; then
        log_success "Service running via Debian package"
    else
        log_warning "Service not running"
    fi
    log_success "Debian installation validated"
 }
 validate_multiarch_build() {
    log_step "Validating multi-architecture builds..."
    # Check if build directory exists
    if [ -d "./builds" ]; then
        log_success "Build directory exists"
        # Count builds
        BUILD_COUNT=$(find ./builds -name "hmac-file-server-*" -type f 2>/dev/null | wc -l)
        if [ "$BUILD_COUNT" -gt 0 ]; then
            log_success "Found $BUILD_COUNT architecture builds"
        else
            log_warning "No architecture builds found"
        fi
    else
        log_warning "Build directory not found"
    fi
    log_success "Multi-architecture validation completed"
 }
 # Test all installation methods
 test_all_methods() {
    log_step "Testing all available installation methods..."
    local failed_methods=()
    for method in "${METHODS[@]}"; do
        if validate_method "$method"; then
            log_info "Testing $method method..."
            # Create test directory
            TEST_DIR="/tmp/hmac-test-$method"
            mkdir -p "$TEST_DIR"
            case $method in
                "systemd")
                    if install_systemd; then
                        log_success "$method installation test passed"
                    else
                        log_error "$method installation test failed"
                        failed_methods+=("$method")
                    fi
                    ;;
                "docker")
                    if install_docker; then
                        log_success "$method installation test passed"
                    else
                        log_error "$method installation test failed"
                        failed_methods+=("$method")
                    fi
                    ;;
                "podman")
                    if install_podman; then
                        log_success "$method installation test passed"
                    else
                        log_error "$method installation test failed"
                        failed_methods+=("$method")
                    fi
                    ;;
                "debian")
                    if install_debian; then
                        log_success "$method installation test passed"
                    else
                        log_error "$method installation test failed"
                        failed_methods+=("$method")
                    fi
                    ;;
                "multi-arch")
                    if install_multiarch; then
                        log_success "$method installation test passed"
                    else
                        log_error "$method installation test failed"
                        failed_methods+=("$method")
                    fi
                    ;;
            esac
        else
            log_warning "Skipping $method (not available on this system)"
        fi
    done
    # Summary
    echo ""
    log_step "Test Summary:"
    if [ ${#failed_methods[@]} -eq 0 ]; then
        log_success "All available installation methods passed!"
    else
        log_error "Failed methods: ${failed_methods[*]}"
        return 1
    fi
 }
 # Validate existing installations
 validate_all_installations() {
    log_step "Validating all existing installations..."
    # Check SystemD
    if systemctl list-unit-files | grep -q "hmac-file-server.service"; then
        log_info "Found SystemD installation"
        validate_systemd_installation
    fi
    # Check Docker
    if [ -d "./hmac-docker" ]; then
        log_info "Found Docker installation"
        validate_docker_installation
    fi
    # Check Podman
    if podman ps -a --format "{{.Names}}" | grep -q "hmac-file-server" 2>/dev/null; then
        log_info "Found Podman installation"
        validate_podman_installation
    fi
    # Check Debian package
    if dpkg -l | grep -q "hmac-file-server" 2>/dev/null; then
        log_info "Found Debian package installation"
        validate_debian_installation
    fi
    log_success "Validation completed"
 }
 # Main execution
 main() {
    # Parse command line arguments
    while [[ $# -gt 0 ]]; do
        case $1 in
            --test)
                TEST_MODE=true
                shift
                ;;
            --validate)
                VALIDATE_ONLY=true
                shift
                ;;
            --help)
                echo "HMAC File Server Universal Installation Manager"
                echo ""
                echo "Usage: $0 [options]"
                echo ""
                echo "Options:"
                echo "  --test      Test all installation methods"
                echo "  --validate  Validate existing installations"
                echo "  --help      Show this help"
                exit 0
                ;;
            *)
                log_error "Unknown option: $1"
                exit 1
                ;;
        esac
    done
    # Detect system first
    detect_system
    # Handle special modes
    if [ "$TEST_MODE" = true ]; then
        test_all_methods
        exit $?
    fi
    if [ "$VALIDATE_ONLY" = true ]; then
        validate_all_installations
        exit $?
    fi
    # Interactive mode
    while true; do
        show_main_menu
        read -p "Enter your choice [0-7]: " choice
        case $choice in
            1)
                if validate_method "systemd"; then
                    install_systemd
                    read -p "Press Enter to continue..."
                fi
                ;;
            2)
                if validate_method "docker"; then
                    install_docker
                    read -p "Press Enter to continue..."
                fi
                ;;
            3)
                if validate_method "podman"; then
                    install_podman
                    read -p "Press Enter to continue..."
                fi
                ;;
            4)
                if validate_method "debian"; then
                    install_debian
                    read -p "Press Enter to continue..."
                fi
                ;;
            5)
                if validate_method "multi-arch"; then
                    install_multiarch
                    read -p "Press Enter to continue..."
                fi
                ;;
            6)
                test_all_methods
                read -p "Press Enter to continue..."
                ;;
            7)
                validate_all_installations
                read -p "Press Enter to continue..."
                ;;
            0)
                log_info "Goodbye!"
                exit 0
                ;;
            *)
                log_error "Invalid choice. Please try again."
                sleep 2
                ;;
        esac
    done
 }
 # Run main function
 main "$@"
--- a/installer.sh
+++ b/installer.sh
@ -1,7 +1,7 @@
 #!/bin/bash
 # HMAC File Server Installer Script
-# Version: 3.2
+# Version: 3.2 "Tremora del Terra"
 # Compatible with systemd Linux distributions
 set -e
@ -36,7 +36,7 @@ DEFAULT_METRICS_PORT="9090"
 # Help function
 show_help() {
-    echo -e "${BLUE}HMAC File Server 3.2 Installer${NC}"
+    echo -e "${BLUE}HMAC File Server 3.2 'Tremora del Terra' Installer${NC}"
    echo ""
    echo "Usage: $0 [OPTION]"
    echo ""
@ -62,6 +62,13 @@ show_help() {
    echo "  - Native: Traditional systemd service installation"
    echo "  - Docker: Container-based deployment with docker-compose"
    echo ""
    echo "New in 3.2 'Tremora del Terra':"
    echo "  - 93% Configuration Reduction: Simplified setup with intelligent defaults"
    echo "  - Enhanced Network Resilience: Fast detection, quality monitoring, mobile optimization"
    echo "  - Enhanced Worker Scaling: Optimized 40%/10% thresholds"
    echo "  - Extended Timeouts: 4800s defaults for large file reliability"
    echo "  - Multi-Architecture Support: Native AMD64, ARM64, ARM32v7 builds"
    echo ""
    echo "For XMPP operators: This installer is optimized for easy integration"
    echo "with Prosody, Ejabberd, and other XMPP servers."
    echo ""
@ -81,13 +88,15 @@ echo -e "${BLUE}  / __ \\/ __ \`__ \\/ __ \`/ ___/_____/ /_/ / / _ \\______/ ___
 echo -e "${BLUE} / / / / / / / / / /_/ / /__/_____/ __/ / /  __/_____(__  )  __/ /   | |/ /  __/ /    ${NC}"
 echo -e "${BLUE}/_/ /_/_/ /_/ /_/\\__,_/\\___/     /_/ /_/_/\\___/     /____/\\___/_/    |___/\\___/_/     ${NC}"
 echo ""
-echo -e "${BLUE}                     HMAC File Server 3.2 Installer${NC}"
+echo -e "${BLUE}                     HMAC File Server 3.2 'Tremora del Terra' Installer${NC}"
 echo -e "${BLUE}                           Professional XMPP Integration${NC}"
 echo ""
 echo -e "${YELLOW}--------------------------------------------------------------------------------${NC}"
-echo -e "${GREEN} Secure File Uploads & Downloads     JWT & HMAC Authentication${NC}"
+echo -e "${GREEN} 93% Config Reduction             Enhanced Network Resilience${NC}"
-echo -e "${GREEN} Prometheus Metrics Integration      ClamAV Virus Scanning${NC}"  
+echo -e "${GREEN} Fast Mobile Detection (1s)       Extended 4800s Timeouts${NC}"
-echo -e "${GREEN} Redis Cache & Session Management    Chunked Upload/Download Support${NC}"
+echo -e "${GREEN} Enhanced Worker Scaling (40/10)  Multi-Architecture Support${NC}"  
 echo -e "${GREEN} Prometheus Metrics Integration   ClamAV Virus Scanning${NC}"
 echo -e "${GREEN} Redis Cache & Session Management JWT & HMAC Authentication${NC}"
 echo -e "${YELLOW}--------------------------------------------------------------------------------${NC}"
 echo ""
@ -500,7 +509,7 @@ build_server() {
    # Build the server
    cd "$(dirname "$0")"
-    go build -o "$INSTALL_DIR/hmac-file-server" cmd/server/main.go cmd/server/helpers.go cmd/server/config_validator.go cmd/server/config_test_scenarios.go
+    go build -o "$INSTALL_DIR/hmac-file-server" cmd/server/main.go cmd/server/helpers.go cmd/server/config_validator.go cmd/server/config_test_scenarios.go cmd/server/network_resilience.go cmd/server/upload_session.go cmd/server/chunked_upload_handler.go
    # Set ownership and permissions
    chown "$HMAC_USER:$HMAC_USER" "$INSTALL_DIR/hmac-file-server"
@ -512,34 +521,46 @@ build_server() {
 # Generate configuration file
 generate_config() {
    echo -e "${YELLOW}Generating configuration file...${NC}"
    echo -e "${BLUE}Note: This installer creates a comprehensive config. For minimal configs, use: ./hmac-file-server -genconfig${NC}"
    cat > "$CONFIG_DIR/config.toml" << EOF
-# HMAC File Server Configuration
+# HMAC File Server 3.2 "Tremora del Terra" Configuration
 # Generated by installer on $(date)
 [server]
-bind_ip = "0.0.0.0"
+listen_address = "$SERVER_PORT"
-listenport = "$SERVER_PORT"
+storage_path = "$DATA_DIR/uploads"
-unixsocket = false
+metrics_enabled = true
-storagepath = "$DATA_DIR/uploads"
+metrics_port = "$METRICS_PORT"
-metricsenabled = true
+deduplication_enabled = true
-metricsport = "$METRICS_PORT"
+file_naming = "original"
-deduplicationenabled = true
+force_protocol = ""
-deduplicationpath = "$DATA_DIR/deduplication"
+pid_file = "$DATA_DIR/runtime/hmac-file-server.pid"
-filenaming = "HMAC"
+max_upload_size = "10GB"
-force_protocol = "auto"
+max_header_bytes = 1048576
-pidfilepath = "$DATA_DIR/runtime/hmac-file-server.pid"
+cleanup_interval = "24h"
 max_file_age = "720h"
 # Enhanced Worker Scaling (3.2 features)
 enable_dynamic_workers = true
 worker_scale_up_thresh = 40
 worker_scale_down_thresh = 10
 networkevents = true
 # Caching and performance
 pre_cache = true
 pre_cache_workers = 4
 pre_cache_interval = "1h"
 min_free_bytes = "1GB"
 EOF
    if [[ $ENABLE_TLS == "true" ]]; then
        cat >> "$CONFIG_DIR/config.toml" << EOF
-sslenabled = true
+
-sslcert = "$SSL_CERT"
+[tls]
-sslkey = "$SSL_KEY"
+enabled = true
-EOF
+cert_file = "$SSL_CERT"
-    else
+key_file = "$SSL_KEY"
        cat >> "$CONFIG_DIR/config.toml" << EOF
 sslenabled = false
 EOF
    fi
@ -561,35 +582,62 @@ EOF
    cat >> "$CONFIG_DIR/config.toml" << EOF
 [uploads]
-allowedextensions = [".txt", ".pdf", ".jpg", ".jpeg", ".png", ".gif", ".webp", ".zip", ".tar", ".gz", ".7z", ".mp4", ".webm", ".ogg", ".mp3", ".wav", ".flac", ".doc", ".docx", ".xls", ".xlsx", ".ppt", ".pptx", ".odt", ".ods", ".odp"]
+allowed_extensions = [".txt", ".pdf", ".jpg", ".jpeg", ".png", ".gif", ".webp", ".zip", ".tar", ".gz", ".7z", ".mp4", ".webm", ".ogg", ".mp3", ".wav", ".flac", ".doc", ".docx", ".xls", ".xlsx", ".ppt", ".pptx", ".odt", ".ods", ".odp"]
-maxfilesize = "100MB"
+chunked_uploads_enabled = true
-chunkeduploadsenabled = true
+chunk_size = "10MB"
-chunksize = "10MB"
+resumable_uploads_enabled = true
-ttlenabled = false
+max_resumable_age = "48h"
-ttl = "168h"
+sessiontimeout = "60m"
 maxretries = 3
 # Upload resilience settings
 session_persistence = true
 session_recovery_timeout = "300s"
 client_reconnect_window = "120s"
 upload_slot_ttl = "3600s"
 retry_failed_uploads = true
 max_upload_retries = 3
 [downloads]
-chunkeddownloadsenabled = true
+chunked_downloads_enabled = true
-chunksize = "10MB"
+chunk_size = "10MB"
 resumable_downloads_enabled = true
 [deduplication]
 enabled = true
 directory = "$DATA_DIR/deduplication"
 maxsize = "1GB"
 [logging]
-level = "INFO"
+level = "info"
 file = "$DEFAULT_LOG_DIR/hmac-file-server.log"
 max_size = 100
-max_backups = 3
+max_backups = 7
 max_age = 30
 compress = true
 [workers]
-numworkers = 10
+numworkers = 4
-uploadqueuesize = 1000
+uploadqueuesize = 100
 autoscaling = true
 [timeouts]
-readtimeout = "30s"
+readtimeout = "4800s"
-writetimeout = "30s"
+writetimeout = "4800s"
-idletimeout = "120s"
+idletimeout = "4800s"
 shutdown = "30s"
 [build]
 version = "3.2"
 # Enhanced Network Resilience (3.2+)
 [network_resilience]
 fast_detection = true
 quality_monitoring = true
 predictive_switching = true
 mobile_optimizations = true
 detection_interval = "1s"
 quality_check_interval = "5s"
 max_detection_interval = "10s"
 EOF
    if [[ $ENABLE_CLAMAV == "true" ]]; then
@ -632,6 +680,16 @@ EOF
    chmod 640 "$CONFIG_DIR/config.toml"
    echo -e "${GREEN}Configuration file created: $CONFIG_DIR/config.toml${NC}"
    # Validate the generated configuration
    echo -e "${YELLOW}Validating configuration...${NC}"
    if command -v "$INSTALL_DIR/hmac-file-server" >/dev/null 2>&1; then
        if sudo -u "$HMAC_USER" "$INSTALL_DIR/hmac-file-server" -config "$CONFIG_DIR/config.toml" --validate-config >/dev/null 2>&1; then
            echo -e "${GREEN}✅ Configuration validation passed${NC}"
        else
            echo -e "${YELLOW}⚠️  Configuration has warnings - check with: sudo -u $HMAC_USER $INSTALL_DIR/hmac-file-server -config $CONFIG_DIR/config.toml --validate-config${NC}"
        fi
    fi
 }
 # Create Docker deployment
@ -667,9 +725,9 @@ services:
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:$SERVER_PORT/health"]
      interval: 30s
-      timeout: 10s
+      timeout: 15s
      retries: 3
-      start_period: 40s
+      start_period: 60s
 EOF
    if [[ $ENABLE_REDIS == "true" ]]; then
@ -720,11 +778,11 @@ COPY . .
 RUN apk add --no-cache git ca-certificates tzdata && \\
    go mod download && \\
-    CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -o hmac-file-server cmd/server/main.go cmd/server/helpers.go cmd/server/config_validator.go cmd/server/config_test_scenarios.go
+    CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -o hmac-file-server cmd/server/main.go cmd/server/helpers.go cmd/server/config_validator.go cmd/server/config_test_scenarios.go cmd/server/network_resilience.go cmd/server/upload_session.go cmd/server/chunked_upload_handler.go
 FROM alpine:latest
-RUN apk --no-cache add ca-certificates curl && \\
+RUN apk --no-cache add ca-certificates curl iputils && \\
    addgroup -g 1000 hmac && \\
    adduser -D -s /bin/sh -u 1000 -G hmac hmac
@ -740,7 +798,7 @@ USER hmac
 EXPOSE $SERVER_PORT $METRICS_PORT
-HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \\
+HEALTHCHECK --interval=30s --timeout=15s --start-period=60s --retries=3 \\
    CMD curl -f http://localhost:$SERVER_PORT/health || exit 1
 CMD ["./hmac-file-server", "-config", "/etc/hmac-file-server/config.toml"]
@ -817,32 +875,38 @@ generate_docker_config() {
    echo -e "${YELLOW}Generating Docker configuration file...${NC}"
    cat > "$CONFIG_DIR/config.toml" << EOF
-# HMAC File Server Configuration for Docker
+# HMAC File Server 3.2 "Tremora del Terra" Configuration for Docker
 # Generated by installer on $(date)
 [server]
-bind_ip = "0.0.0.0"
+listen_address = "$SERVER_PORT"
-listenport = "$SERVER_PORT"
+storage_path = "/var/lib/hmac-file-server/uploads"
-unixsocket = false
+metrics_enabled = true
-storagepath = "/var/lib/hmac-file-server/uploads"
+metrics_port = "$METRICS_PORT"
-metricsenabled = true
+deduplication_enabled = true
-metricsport = "$METRICS_PORT"
+file_naming = "original"
-deduplicationenabled = true
+force_protocol = ""
-deduplicationpath = "/var/lib/hmac-file-server/deduplication"
+pid_file = "/tmp/hmac-file-server/hmac-file-server.pid"
-filenaming = "HMAC"
+max_upload_size = "10GB"
-force_protocol = "auto"
+
-pidfilepath = "/tmp/hmac-file-server/hmac-file-server.pid"
+# Enhanced Worker Scaling (3.2 features)
 enable_dynamic_workers = true
 worker_scale_up_thresh = 40
 worker_scale_down_thresh = 10
 # Caching and performance
 pre_cache = true
 pre_cache_workers = 4
 min_free_bytes = "1GB"
 EOF
    if [[ $ENABLE_TLS == "true" ]]; then
        cat >> "$CONFIG_DIR/config.toml" << EOF
-sslenabled = true
+
-sslcert = "$SSL_CERT"
+[tls]
-sslkey = "$SSL_KEY"
+enabled = true
-EOF
+cert_file = "$SSL_CERT"
-    else
+key_file = "$SSL_KEY"
        cat >> "$CONFIG_DIR/config.toml" << EOF
 sslenabled = false
 EOF
    fi
@ -870,6 +934,27 @@ chunkeduploadsenabled = true
 chunksize = "10MB"
 ttlenabled = false
 ttl = "168h"
 networkevents = true
 # Network Resilience for Mobile Networks (Enhanced 3.2 features)
 # Optimized for mobile devices switching between WLAN and IPv6 5G
 [network_resilience]
 enabled = true
 fast_detection = true                    # 1-second detection vs 5-second standard
 quality_monitoring = true               # Monitor RTT and packet loss per interface
 predictive_switching = true             # Switch before complete failure
 mobile_optimizations = true            # Cellular network friendly thresholds
 upload_resilience = true               # Resume uploads across network changes
 detection_interval = "1s"              # Fast mobile network change detection
 quality_check_interval = "2s"          # Regular quality monitoring
 network_change_threshold = 3           # Switches required to trigger network change
 interface_stability_time = "10s"       # Time to wait before considering interface stable
 upload_pause_timeout = "10m"          # Mobile-friendly upload pause timeout
 upload_retry_timeout = "20m"          # Extended retry for mobile scenarios
 rtt_warning_threshold = "500ms"        # Cellular network warning threshold
 rtt_critical_threshold = "2000ms"      # Cellular network critical threshold
 packet_loss_warning_threshold = 5.0    # 5% packet loss warning
 packet_loss_critical_threshold = 15.0  # 15% packet loss critical
 [downloads]
 chunkeddownloadsenabled = true
@ -1431,7 +1516,7 @@ uninstall() {
    # Find upload directory from config if it exists
    if [[ -f "$DEFAULT_CONFIG_DIR/config.toml" ]]; then
-        UPLOAD_DIR=$(grep -E "^storagepath\s*=" "$DEFAULT_CONFIG_DIR/config.toml" 2>/dev/null | sed 's/.*=\s*"*\([^"]*\)"*.*/\1/' | xargs)
+        UPLOAD_DIR=$(grep -E "^storage_path\s*=" "$DEFAULT_CONFIG_DIR/config.toml" 2>/dev/null | sed 's/.*=\s*"*\([^"]*\)"*.*/\1/' | xargs)
        DEDUP_DIR=$(grep -E "^directory\s*=" "$DEFAULT_CONFIG_DIR/config.toml" 2>/dev/null | sed 's/.*=\s*"*\([^"]*\)"*.*/\1/' | xargs)
    fi
--- a/monitor_nginx.sh
+++ b/monitor_nginx.sh
--- a/monitor_server.sh
+++ b/monitor_server.sh
--- a/monitor_uploads.sh
+++ b/monitor_uploads.sh
--- a/1
+++ b/1
@ -0,0 +1 @@
 tests/test-hmac-fixed.sh
--- a/templates/config-debian.toml
+++ b/templates/config-debian.toml
@ -0,0 +1,74 @@
 # HMAC File Server 3.2 "Tremora del Terra" Configuration
 # Generated for: Debian deployment
 # Generated on: Sun Jul 20 04:02:30 PM UTC 2025
 [server]
 listen_address = "8080"
 storage_path = "/opt/hmac-file-server/data/uploads"
 metrics_enabled = true
 metrics_port = "9090"
 pid_file = "/opt/hmac-file-server/data/hmac-file-server.pid"
 max_upload_size = "10GB"
 deduplication_enabled = true
 min_free_bytes = "1GB"
 file_naming = "original"
 enable_dynamic_workers = true
 [security]
 secret = "CHANGE-THIS-SECRET-KEY-MINIMUM-32-CHARACTERS"
 enablejwt = false
 [uploads]
 allowedextensions = [".txt", ".pdf", ".jpg", ".jpeg", ".png", ".gif", ".webp", ".zip", ".tar", ".gz", ".7z", ".mp4", ".webm", ".ogg", ".mp3", ".wav", ".flac", ".doc", ".docx", ".xls", ".xlsx", ".ppt", ".pptx", ".odt", ".ods", ".odp"]
 maxfilesize = "100MB"
 chunkeduploadsenabled = true
 chunksize = "10MB"
 networkevents = true
 # Network Resilience for Enhanced Mobile Support
 [network_resilience]
 enabled = true
 fast_detection = false                  # Standard detection for server deployment
 quality_monitoring = true              # Enable quality monitoring
 predictive_switching = false           # Conservative switching for servers
 mobile_optimizations = false           # Standard thresholds for server environment
 upload_resilience = true               # Resume uploads across network changes
 detection_interval = "5s"              # Standard detection interval
 quality_check_interval = "10s"         # Regular quality monitoring
 network_change_threshold = 3           # Switches required to trigger network change
 interface_stability_time = "30s"       # Server-appropriate stability time
 upload_pause_timeout = "5m"           # Standard upload pause timeout
 upload_retry_timeout = "10m"          # Standard retry timeout
 rtt_warning_threshold = "200ms"        # Server network warning threshold
 rtt_critical_threshold = "1000ms"      # Server network critical threshold
 packet_loss_warning_threshold = 2.0    # 2% packet loss warning
 packet_loss_critical_threshold = 10.0  # 10% packet loss critical
 [downloads]
 chunkeddownloadsenabled = true
 chunksize = "10MB"
 [logging]
 level = "INFO"
 file = "/opt/hmac-file-server/data/logs/hmac-file-server.log"
 max_size = 100
 max_backups = 3
 max_age = 30
 compress = true
 [workers]
 numworkers = 10
 uploadqueuesize = 1000
 autoscaling = true
 [timeouts]
 readtimeout = "30s"
 writetimeout = "30s"
 idletimeout = "120s"
 shutdown = "30s"
 [clamav]
 enabled = false
 [redis]
 enabled = false
--- a/templates/config-docker.toml
+++ b/templates/config-docker.toml
@ -0,0 +1,74 @@
 # HMAC File Server 3.2 "Tremora del Terra" Configuration
 # Generated for: Docker deployment
 # Generated on: Sun Jul 20 04:02:30 PM UTC 2025
 [server]
 listen_address = "8080"
 storage_path = "/opt/hmac-file-server/data/uploads"
 metrics_enabled = true
 metrics_port = "9090"
 pid_file = "/opt/hmac-file-server/data/hmac-file-server.pid"
 max_upload_size = "10GB"
 deduplication_enabled = true
 min_free_bytes = "1GB"
 file_naming = "original"
 enable_dynamic_workers = true
 [security]
 secret = "CHANGE-THIS-SECRET-KEY-MINIMUM-32-CHARACTERS"
 enablejwt = false
 [uploads]
 allowedextensions = [".txt", ".pdf", ".jpg", ".jpeg", ".png", ".gif", ".webp", ".zip", ".tar", ".gz", ".7z", ".mp4", ".webm", ".ogg", ".mp3", ".wav", ".flac", ".doc", ".docx", ".xls", ".xlsx", ".ppt", ".pptx", ".odt", ".ods", ".odp"]
 maxfilesize = "100MB"
 chunkeduploadsenabled = true
 chunksize = "10MB"
 networkevents = true
 # Network Resilience for Enhanced Mobile Support
 [network_resilience]
 enabled = true
 fast_detection = false                  # Standard detection for server deployment
 quality_monitoring = true              # Enable quality monitoring
 predictive_switching = false           # Conservative switching for servers
 mobile_optimizations = false           # Standard thresholds for server environment
 upload_resilience = true               # Resume uploads across network changes
 detection_interval = "5s"              # Standard detection interval
 quality_check_interval = "10s"         # Regular quality monitoring
 network_change_threshold = 3           # Switches required to trigger network change
 interface_stability_time = "30s"       # Server-appropriate stability time
 upload_pause_timeout = "5m"           # Standard upload pause timeout
 upload_retry_timeout = "10m"          # Standard retry timeout
 rtt_warning_threshold = "200ms"        # Server network warning threshold
 rtt_critical_threshold = "1000ms"      # Server network critical threshold
 packet_loss_warning_threshold = 2.0    # 2% packet loss warning
 packet_loss_critical_threshold = 10.0  # 10% packet loss critical
 [downloads]
 chunkeddownloadsenabled = true
 chunksize = "10MB"
 [logging]
 level = "INFO"
 file = "/opt/hmac-file-server/data/logs/hmac-file-server.log"
 max_size = 100
 max_backups = 3
 max_age = 30
 compress = true
 [workers]
 numworkers = 10
 uploadqueuesize = 1000
 autoscaling = true
 [timeouts]
 readtimeout = "30s"
 writetimeout = "30s"
 idletimeout = "120s"
 shutdown = "30s"
 [clamav]
 enabled = false
 [redis]
 enabled = false
--- a/templates/config-podman.toml
+++ b/templates/config-podman.toml
@ -0,0 +1,74 @@
 # HMAC File Server 3.2 "Tremora del Terra" Configuration
 # Generated for: Podman deployment
 # Generated on: Sun Jul 20 04:02:30 PM UTC 2025
 [server]
 listen_address = "8080"
 storage_path = "/opt/hmac-file-server/data/uploads"
 metrics_enabled = true
 metrics_port = "9090"
 pid_file = "/opt/hmac-file-server/data/hmac-file-server.pid"
 max_upload_size = "10GB"
 deduplication_enabled = true
 min_free_bytes = "1GB"
 file_naming = "original"
 enable_dynamic_workers = true
 [security]
 secret = "CHANGE-THIS-SECRET-KEY-MINIMUM-32-CHARACTERS"
 enablejwt = false
 [uploads]
 allowedextensions = [".txt", ".pdf", ".jpg", ".jpeg", ".png", ".gif", ".webp", ".zip", ".tar", ".gz", ".7z", ".mp4", ".webm", ".ogg", ".mp3", ".wav", ".flac", ".doc", ".docx", ".xls", ".xlsx", ".ppt", ".pptx", ".odt", ".ods", ".odp"]
 maxfilesize = "100MB"
 chunkeduploadsenabled = true
 chunksize = "10MB"
 networkevents = true
 # Network Resilience for Enhanced Mobile Support
 [network_resilience]
 enabled = true
 fast_detection = false                  # Standard detection for server deployment
 quality_monitoring = true              # Enable quality monitoring
 predictive_switching = false           # Conservative switching for servers
 mobile_optimizations = false           # Standard thresholds for server environment
 upload_resilience = true               # Resume uploads across network changes
 detection_interval = "5s"              # Standard detection interval
 quality_check_interval = "10s"         # Regular quality monitoring
 network_change_threshold = 3           # Switches required to trigger network change
 interface_stability_time = "30s"       # Server-appropriate stability time
 upload_pause_timeout = "5m"           # Standard upload pause timeout
 upload_retry_timeout = "10m"          # Standard retry timeout
 rtt_warning_threshold = "200ms"        # Server network warning threshold
 rtt_critical_threshold = "1000ms"      # Server network critical threshold
 packet_loss_warning_threshold = 2.0    # 2% packet loss warning
 packet_loss_critical_threshold = 10.0  # 10% packet loss critical
 [downloads]
 chunkeddownloadsenabled = true
 chunksize = "10MB"
 [logging]
 level = "INFO"
 file = "/opt/hmac-file-server/data/logs/hmac-file-server.log"
 max_size = 100
 max_backups = 3
 max_age = 30
 compress = true
 [workers]
 numworkers = 10
 uploadqueuesize = 1000
 autoscaling = true
 [timeouts]
 readtimeout = "30s"
 writetimeout = "30s"
 idletimeout = "120s"
 shutdown = "30s"
 [clamav]
 enabled = false
 [redis]
 enabled = false
--- a/templates/config-systemd.toml
+++ b/templates/config-systemd.toml
@ -0,0 +1,74 @@
 # HMAC File Server 3.2 "Tremora del Terra" Configuration
 # Generated for: SystemD deployment
 # Generated on: Sun Jul 20 04:02:30 PM UTC 2025
 [server]
 listen_address = "8080"
 storage_path = "/opt/hmac-file-server/data/uploads"
 metrics_enabled = true
 metrics_port = "9090"
 pid_file = "/opt/hmac-file-server/data/hmac-file-server.pid"
 max_upload_size = "10GB"
 deduplication_enabled = true
 min_free_bytes = "1GB"
 file_naming = "original"
 enable_dynamic_workers = true
 [security]
 secret = "CHANGE-THIS-SECRET-KEY-MINIMUM-32-CHARACTERS"
 enablejwt = false
 [uploads]
 allowedextensions = [".txt", ".pdf", ".jpg", ".jpeg", ".png", ".gif", ".webp", ".zip", ".tar", ".gz", ".7z", ".mp4", ".webm", ".ogg", ".mp3", ".wav", ".flac", ".doc", ".docx", ".xls", ".xlsx", ".ppt", ".pptx", ".odt", ".ods", ".odp"]
 maxfilesize = "100MB"
 chunkeduploadsenabled = true
 chunksize = "10MB"
 networkevents = true
 # Network Resilience for Enhanced Mobile Support
 [network_resilience]
 enabled = true
 fast_detection = false                  # Standard detection for server deployment
 quality_monitoring = true              # Enable quality monitoring
 predictive_switching = false           # Conservative switching for servers
 mobile_optimizations = false           # Standard thresholds for server environment
 upload_resilience = true               # Resume uploads across network changes
 detection_interval = "5s"              # Standard detection interval
 quality_check_interval = "10s"         # Regular quality monitoring
 network_change_threshold = 3           # Switches required to trigger network change
 interface_stability_time = "30s"       # Server-appropriate stability time
 upload_pause_timeout = "5m"           # Standard upload pause timeout
 upload_retry_timeout = "10m"          # Standard retry timeout
 rtt_warning_threshold = "200ms"        # Server network warning threshold
 rtt_critical_threshold = "1000ms"      # Server network critical threshold
 packet_loss_warning_threshold = 2.0    # 2% packet loss warning
 packet_loss_critical_threshold = 10.0  # 10% packet loss critical
 [downloads]
 chunkeddownloadsenabled = true
 chunksize = "10MB"
 [logging]
 level = "INFO"
 file = "/opt/hmac-file-server/data/logs/hmac-file-server.log"
 max_size = 100
 max_backups = 3
 max_age = 30
 compress = true
 [workers]
 numworkers = 10
 uploadqueuesize = 1000
 autoscaling = true
 [timeouts]
 readtimeout = "30s"
 writetimeout = "30s"
 idletimeout = "120s"
 shutdown = "30s"
 [clamav]
 enabled = false
 [redis]
 enabled = false
--- a/1
+++ b/1
@ -0,0 +1 @@
 tests/comprehensive_test_suite.sh
--- a/tests/README.md
+++ b/tests/README.md
@ -0,0 +1,116 @@
 # HMAC File Server 3.2 Test Suite
 This directory contains comprehensive testing tools for the HMAC File Server 3.2 "Tremora del Terra".
 ## 🚀 Quick Start
 Run the complete test suite:
 ```bash
 ./comprehensive_test_suite.sh
 ```
 ## 📋 Test Coverage
 The comprehensive test suite covers:
 ### ✅ Core Functionality
 - **HMAC Validation**: Ensures proper authentication
 - **File Extensions**: Tests allowed/blocked file types
 - **Upload Mechanics**: Validates upload process
 - **Server Health**: Checks service availability
 ### 🎥 XMPP Integration
 - **MP4 Upload**: Tests video file sharing for XMPP clients
 - **Image Upload**: Tests image sharing (PNG, JPEG)
 - **File Size Limits**: Validates large file handling
 ### 🌐 Network Resilience (3.2 Features)
 - **Health Monitoring**: Tests network resilience endpoints
 - **Metrics Collection**: Validates monitoring capabilities
 - **Mobile Switching**: Supports seamless network transitions
 ### 🚫 Security Testing
 - **Invalid HMAC**: Ensures rejected authentication fails
 - **Unsupported Extensions**: Confirms blocked file types
 - **Path Validation**: Tests file path sanitization
 ## 🔧 Commands
 ```bash
 # Run all tests
 ./comprehensive_test_suite.sh
 # Setup test files only
 ./comprehensive_test_suite.sh setup
 # Clean up test files
 ./comprehensive_test_suite.sh clean
 # Show help
 ./comprehensive_test_suite.sh help
 ```
 ## 📊 Test Results
 Tests generate detailed logs with:
 - ✅ **Pass/Fail status** for each test
 - 🕒 **Timestamps** for performance tracking
 - 📝 **Detailed output** saved to `/tmp/hmac_test_results_*.log`
 - 📈 **Summary statistics** (passed/failed counts)
 ## 🎯 Expected Results
 When all systems are working correctly:
 - **✅ PASS**: HMAC validation
 - **✅ PASS**: MP4 upload (XMPP)
 - **✅ PASS**: Image upload  
 - **✅ PASS**: Large file upload
 - **✅ PASS**: Server health check
 - **❌ FAIL**: Invalid HMAC (should fail)
 - **❌ FAIL**: Unsupported extension (should fail)
 ## 🔍 Troubleshooting
 ### Common Issues
 1. **Connection refused**: Check if server is running
 2. **403 Forbidden**: Verify HMAC key configuration
 3. **400 Bad Request**: Check file extension configuration
 4. **Timeout**: Large files may need adjusted timeouts
 ### Debug Mode
 For detailed debugging, check server logs:
 ```bash
 sudo journalctl -u hmac-file-server -f
 ```
 ## 📁 File Cleanup
 The test suite automatically cleans up temporary files, but if needed:
 ```bash
 rm -f /tmp/test_*.{txt,mp4,bin,png,xyz}
 rm -f /tmp/hmac_test_results_*.log
 ```
 ## 🔧 Configuration
 Tests use these defaults (modify in script if needed):
 - **Base URL**: `https://xmpp.uuxo.net`
 - **Test User**: `c184288b79f8b7a6f7d87ac7f1fb1ce6dcf49a80`
 - **HMAC Key**: Configured in script
 ## 📝 Legacy Test Files
 This comprehensive suite replaces these scattered root-level test files:
 - `test-hmac-fixed.sh` → Integrated into comprehensive suite
 - `test-upload.sh` → Covered by upload tests
 - `debug-uploads.sh` → Debug logging integrated
 - `comprehensive_upload_test.sh` → Replaced by this suite
 - Various monitor scripts → Health checks integrated
 ## 🎉 3.2 "Tremora del Terra" Features Tested
 - ✅ **Enhanced Network Resilience**: 1-second detection
 - ✅ **Mobile Network Switching**: WLAN ↔ IPv6 5G seamless transitions
 - ✅ **XMPP File Sharing**: Conversations/Gajim compatibility
 - ✅ **Configuration Validation**: Proper extension loading
 - ✅ **Production Deployment**: SystemD, Docker, Podman support
--- a/tests/debug-uploads.sh
+++ b/tests/debug-uploads.sh
@ -0,0 +1,223 @@
 #!/bin/bash
 # Live debugging script for HMAC File Server upload issues
 # Monitors logs in real-time and provides detailed diagnostics
 set -e
 # Colors
 RED='\033[0;31m'
 GREEN='\033[0;32m'
 YELLOW='\033[1;33m'
 BLUE='\033[0;34m'
 NC='\033[0m'
 log_info() { echo -e "${BLUE}[INFO]${NC} $1"; }
 log_success() { echo -e "${GREEN}[SUCCESS]${NC} $1"; }
 log_warning() { echo -e "${YELLOW}[WARNING]${NC} $1"; }
 log_error() { echo -e "${RED}[ERROR]${NC} $1"; }
 # Function to check service status
 check_services() {
    log_info "=== SERVICE STATUS CHECK ==="
    echo "HMAC File Server:"
    systemctl is-active hmac-file-server && echo "✅ Running" || echo "❌ Not running"
    echo "Nginx:"
    systemctl is-active nginx && echo "✅ Running" || echo "❌ Not running"
    echo ""
 }
 # Function to show current configuration
 show_config() {
    log_info "=== CONFIGURATION SUMMARY ==="
    echo "HMAC File Server Config:"
    echo "- Max Upload Size: $(grep max_upload_size /opt/hmac-file-server/config.toml | cut -d'"' -f2)"
    echo "- Chunk Size: $(grep chunksize /opt/hmac-file-server/config.toml | head -1 | cut -d'"' -f2)"
    echo "- Chunked Uploads: $(grep chunkeduploadsenabled /opt/hmac-file-server/config.toml | cut -d'=' -f2 | tr -d ' ')"
    echo "- Network Events: $(grep networkevents /opt/hmac-file-server/config.toml | cut -d'=' -f2 | tr -d ' ')"
    echo "- Listen Address: $(grep listen_address /opt/hmac-file-server/config.toml | cut -d'"' -f2)"
    echo ""
    echo "Nginx Config:"
    echo "- Client Max Body Size: $(nginx -T 2>/dev/null | grep client_max_body_size | head -1 | awk '{print $2}' | tr -d ';')"
    echo "- Proxy Buffering: $(nginx -T 2>/dev/null | grep proxy_request_buffering | head -1 | awk '{print $2}' | tr -d ';')"
    echo "- Proxy Timeouts: $(nginx -T 2>/dev/null | grep proxy_read_timeout | head -1 | awk '{print $2}' | tr -d ';')"
    echo ""
 }
 # Function to monitor logs in real-time
 monitor_logs() {
    log_info "=== STARTING LIVE LOG MONITORING ==="
    log_warning "Press Ctrl+C to stop monitoring"
    echo ""
    # Create named pipes for log monitoring
    mkfifo /tmp/hmac_logs /tmp/nginx_logs 2>/dev/null || true
    # Start log monitoring in background
    journalctl -u hmac-file-server -f --no-pager > /tmp/hmac_logs &
    HMAC_PID=$!
    tail -f /var/log/nginx/access.log > /tmp/nginx_logs &
    NGINX_PID=$!
    # Monitor both logs with timestamps
    {
        while read line; do
            echo -e "${BLUE}[HMAC]${NC} $line"
        done < /tmp/hmac_logs &
        while read line; do
            if [[ "$line" =~ (PUT|POST) ]] && [[ "$line" =~ (40[0-9]|50[0-9]) ]]; then
                echo -e "${RED}[NGINX-ERROR]${NC} $line"
            elif [[ "$line" =~ (PUT|POST) ]]; then
                echo -e "${GREEN}[NGINX-OK]${NC} $line"
            else
                echo -e "${YELLOW}[NGINX]${NC} $line"
            fi
        done < /tmp/nginx_logs &
        wait
    }
    # Cleanup on exit
    trap 'kill $HMAC_PID $NGINX_PID 2>/dev/null; rm -f /tmp/hmac_logs /tmp/nginx_logs' EXIT
 }
 # Function to test file upload
 test_upload() {
    local test_file="$1"
    local test_size="${2:-1MB}"
    if [ -z "$test_file" ]; then
        test_file="/tmp/test_upload_${test_size}.bin"
        log_info "Creating test file: $test_file ($test_size)"
        case "$test_size" in
            "1MB") dd if=/dev/urandom of="$test_file" bs=1M count=1 >/dev/null 2>&1 ;;
            "10MB") dd if=/dev/urandom of="$test_file" bs=1M count=10 >/dev/null 2>&1 ;;
            "100MB") dd if=/dev/urandom of="$test_file" bs=1M count=100 >/dev/null 2>&1 ;;
            "1GB") dd if=/dev/urandom of="$test_file" bs=1M count=1024 >/dev/null 2>&1 ;;
        esac
        log_success "Test file created: $(ls -lh $test_file | awk '{print $5}')"
    fi
    # Get current timestamp for log filtering
    log_info "=== TESTING UPLOAD: $test_file ==="
    # Test with curl - simulate XMPP client behavior
    local url="https://share.uuxo.net/test_path/test_file_$(date +%s).bin"
    log_info "Testing upload to: $url"
    curl -X PUT \
         -H "Content-Type: application/octet-stream" \
         -H "User-Agent: TestClient/1.0" \
         --data-binary "@$test_file" \
         "$url" \
         -v \
         -w "Response: %{http_code}, Size: %{size_upload}, Time: %{time_total}s\n" \
         2>&1 | tee /tmp/curl_test.log
    echo ""
    log_info "Upload test completed. Check logs above for details."
 }
 # Function to analyze recent errors
 analyze_errors() {
    log_info "=== ERROR ANALYSIS ==="
    echo "Recent 400 errors from Nginx:"
    tail -100 /var/log/nginx/access.log | grep " 400 " | tail -5
    echo ""
    echo "Recent HMAC file server errors:"
    tail -100 /opt/hmac-file-server/data/logs/hmac-file-server.log | grep -i error | tail -5
    echo ""
    echo "File extension configuration:"
    grep -A 20 "allowedextensions" /opt/hmac-file-server/config.toml | head -10
    echo ""
 }
 # Function to check file permissions and disk space
 check_system() {
    log_info "=== SYSTEM CHECK ==="
    echo "Disk space:"
    df -h /opt/hmac-file-server/data/uploads
    echo ""
    echo "Upload directory permissions:"
    ls -la /opt/hmac-file-server/data/uploads/
    echo ""
    echo "Process information:"
    ps aux | grep hmac-file-server | grep -v grep
    echo ""
    echo "Network connections:"
    netstat -tlnp | grep :8080
    echo ""
 }
 # Main menu
 main_menu() {
    echo -e "${BLUE}╔═══════════════════════════════════════════════════════════╗${NC}"
    echo -e "${BLUE}║${NC}         HMAC File Server Live Debugging Tool              ${BLUE}║${NC}"
    echo -e "${BLUE}╚═══════════════════════════════════════════════════════════╝${NC}"
    echo ""
    echo "1) Check service status"
    echo "2) Show configuration summary"
    echo "3) Start live log monitoring"
    echo "4) Test file upload (1MB)"
    echo "5) Test file upload (10MB)"
    echo "6) Test file upload (100MB)"
    echo "7) Analyze recent errors"
    echo "8) Check system resources"
    echo "9) Full diagnostic run"
    echo "0) Exit"
    echo ""
    read -p "Choose an option [0-9]: " choice
    case $choice in
        1) check_services ;;
        2) show_config ;;
        3) monitor_logs ;;
        4) test_upload "" "1MB" ;;
        5) test_upload "" "10MB" ;;
        6) test_upload "" "100MB" ;;
        7) analyze_errors ;;
        8) check_system ;;
        9) 
            check_services
            show_config
            check_system
            analyze_errors
            ;;
        0) exit 0 ;;
        *) log_error "Invalid option. Please choose 0-9." ;;
    esac
    echo ""
    read -p "Press Enter to continue..."
    main_menu
 }
 # Handle command line arguments
 case "${1:-}" in
    "monitor") monitor_logs ;;
    "test") test_upload "$2" "$3" ;;
    "analyze") analyze_errors ;;
    "status") check_services ;;
    "config") show_config ;;
    "system") check_system ;;
    *) main_menu ;;
 esac
--- a/tests/minimal-config.toml
+++ b/tests/minimal-config.toml
@ -0,0 +1,7 @@
 [server]
 listen_address = "8080"
 storage_path = "/tmp/test-uploads"
 metrics_enabled = true
 [security]
 secret = "test-secret-key"
--- a/tests/test-hmac-fixed.sh
+++ b/tests/test-hmac-fixed.sh
@ -0,0 +1,50 @@
 #!/bin/bash
 # Corrected HMAC calculation test
 # Configuration
 BASE_PATH="c184288b79f8b7a6f7d87ac7f1fb1ce6dcf49a80"
 SUB_PATH="debugfixed"
 FILENAME="test.mp4"
 FULL_PATH="$BASE_PATH/$SUB_PATH/$FILENAME"
 SECRET="f6g4ldPvQM7O2UTFeBEUUj33VrXypDAcsDt0yqKrLiOr5oQW"
 # Create test file
 TEST_FILE="/tmp/test_fixed.mp4"
 echo -n "Test content for HMAC debugging" > "$TEST_FILE"
 FILE_SIZE=$(stat -c%s "$TEST_FILE")
 echo "=== Corrected HMAC Test ==="
 echo "File: $TEST_FILE ($FILE_SIZE bytes)"
 echo "Path: $FULL_PATH"
 echo ""
 # Correct HMAC calculation (using actual space character, not literal \x20)
 # The server does: fileStorePath + "\x20" + contentLength
 # In bash, \x20 means actual space character (0x20)
 HMAC_MESSAGE="$FULL_PATH $FILE_SIZE"
 echo "HMAC message: '$HMAC_MESSAGE'"
 # Calculate HMAC
 HMAC_CALC=$(printf "%s" "$HMAC_MESSAGE" | openssl dgst -sha256 -hmac "$SECRET" | cut -d' ' -f2)
 echo "Calculated HMAC: $HMAC_CALC"
 echo ""
 # Test the upload
 echo "=== Testing Upload ==="
 curl -X PUT \
     -H "Content-Type: video/mp4" \
     -H "User-Agent: TestFixed/1.0" \
     --data-binary "@$TEST_FILE" \
     "https://share.uuxo.net/$FULL_PATH?v=$HMAC_CALC" \
     -v \
     -s \
     -w "\nFinal Response: %{http_code}\n" \
     2>&1 | grep -E "(PUT|HTTP/2|Final Response|Content-Length:|User-Agent:)"
 echo ""
 echo "=== Server Logs ==="
 sleep 2
 tail -10 /opt/hmac-file-server/data/logs/hmac-file-server.log | grep -E "(handleLegacyUpload|validateHMAC|protocol.*calculated|successful)" | tail -5
 # Clean up
 rm -f "$TEST_FILE"
--- a/tests/test-response-body.sh
+++ b/tests/test-response-body.sh
@ -0,0 +1,55 @@
 #!/bin/bash
 # Test with full response body capture
 BASE_PATH="c184288b79f8b7a6f7d87ac7f1fb1ce6dcf49a80"
 SUB_PATH="responsebody"
 FILENAME="test.mp4"
 FULL_PATH="$BASE_PATH/$SUB_PATH/$FILENAME"
 SECRET="f6g4ldPvQM7O2UTFeBEUUj33VrXypDAcsDt0yqKrLiOr5oQW"
 TEST_FILE="/tmp/test_response.mp4"
 echo -n "Response body test" > "$TEST_FILE"
 FILE_SIZE=$(stat -c%s "$TEST_FILE")
 HMAC_MESSAGE="$FULL_PATH $FILE_SIZE"
 HMAC_CALC=$(printf "%s" "$HMAC_MESSAGE" | openssl dgst -sha256 -hmac "$SECRET" | cut -d' ' -f2)
 echo "=== Testing with Full Response Capture ==="
 echo "Path: $FULL_PATH"
 echo "HMAC: $HMAC_CALC"
 echo ""
 # Capture full response including body
 RESPONSE=$(curl -X PUT \
     -H "Content-Type: video/mp4" \
     -H "User-Agent: TestResponseBody/1.0" \
     --data-binary "@$TEST_FILE" \
     "https://share.uuxo.net/$FULL_PATH?v=$HMAC_CALC" \
     -s \
     -w "CURL_STATUS:%{http_code}\nCURL_SIZE:%{size_upload}\n" \
     2>&1)
 echo "=== Full Response ==="
 echo "$RESPONSE"
 echo ""
 # Extract just the response body (everything before CURL_STATUS)
 RESPONSE_BODY=$(echo "$RESPONSE" | sed '/CURL_STATUS:/,$d')
 echo "=== Response Body Only ==="
 echo "'$RESPONSE_BODY'"
 echo ""
 # Check response length
 RESPONSE_LENGTH=${#RESPONSE_BODY}
 echo "Response body length: $RESPONSE_LENGTH characters"
 if [ $RESPONSE_LENGTH -eq 32 ]; then
    echo "✅ Response is exactly 32 characters (matches Nginx logs)"
 elif [ $RESPONSE_LENGTH -eq 0 ]; then
    echo "⚠️ Empty response body"
 else
    echo "ℹ️ Different response length than expected"
 fi
 # Clean up
 rm -f "$TEST_FILE"
--- a/tests/test-upload-advanced.sh
+++ b/tests/test-upload-advanced.sh
@ -0,0 +1,100 @@
 #!/bin/bash
 # Advanced test to diagnose XMPP upload issues
 echo "=== HMAC File Server Upload Debugging ==="
 echo ""
 # First, let's simulate exactly what we see in the logs
 # Using a real path from the failed uploads
 BASE_PATH="c184288b79f8b7a6f7d87ac7f1fb1ce6dcf49a80"
 SUB_PATH="testdebug"
 FILENAME="test.mp4"
 FULL_PATH="$BASE_PATH/$SUB_PATH/$FILENAME"
 # Create test file
 TEST_FILE="/tmp/test_debug.mp4"
 echo "Creating test content..." > "$TEST_FILE"
 FILE_SIZE=$(stat -c%s "$TEST_FILE")
 echo "Test file: $TEST_FILE"
 echo "File size: $FILE_SIZE bytes"
 echo "Upload path: $FULL_PATH"
 echo ""
 # Let's calculate the HMAC like the server does
 # For v protocol: fileStorePath + "\x20" + contentLength
 SECRET="f6g4ldPvQM7O2UTFeBEUUj33VrXypDAcsDt0yqKrLiOr5oQW"
 # Method 1: Calculate HMAC using the file size
 HMAC_MESSAGE="$FULL_PATH $(printf '\x20')$FILE_SIZE"
 HMAC_CALC=$(echo -n "$HMAC_MESSAGE" | openssl dgst -sha256 -hmac "$SECRET" | cut -d' ' -f2)
 echo "HMAC calculation:"
 echo "Message: '$FULL_PATH\\x20$FILE_SIZE'"
 echo "HMAC: $HMAC_CALC"
 echo ""
 # Test 1: Upload with correct HMAC
 echo "=== Test 1: Upload with calculated HMAC ==="
 curl -X PUT \
     -H "Content-Type: video/mp4" \
     -H "User-Agent: TestDebugCorrect/1.0" \
     --data-binary "@$TEST_FILE" \
     "https://share.uuxo.net/$FULL_PATH?v=$HMAC_CALC" \
     -v \
     -w "\nResponse: %{http_code}, Time: %{time_total}s\n" \
     2>&1 | grep -E "(Response|HTTP/|Content-Length|User-Agent)"
 echo ""
 # Test 2: Upload with Content-Length: 0 (simulating potential XMPP issue)
 echo "=== Test 2: Upload with Content-Length: 0 ==="
 curl -X PUT \
     -H "Content-Type: video/mp4" \
     -H "Content-Length: 0" \
     -H "User-Agent: TestDebugZeroLength/1.0" \
     --data-binary "@$TEST_FILE" \
     "https://share.uuxo.net/$FULL_PATH?v=$HMAC_CALC" \
     -v \
     -w "\nResponse: %{http_code}, Time: %{time_total}s\n" \
     2>&1 | grep -E "(Response|HTTP/|Content-Length|User-Agent)"
 echo ""
 # Test 3: Upload without Content-Length header
 echo "=== Test 3: Upload using chunked transfer (no Content-Length) ==="
 curl -X PUT \
     -H "Content-Type: video/mp4" \
     -H "Transfer-Encoding: chunked" \
     -H "User-Agent: TestDebugChunked/1.0" \
     --data-binary "@$TEST_FILE" \
     "https://share.uuxo.net/$FULL_PATH?v=$HMAC_CALC" \
     -v \
     -w "\nResponse: %{http_code}, Time: %{time_total}s\n" \
     2>&1 | grep -E "(Response|HTTP/|Transfer-Encoding|User-Agent)"
 echo ""
 # Test 4: Calculate HMAC with ContentLength 0 (what might be happening)
 HMAC_MESSAGE_ZERO="$FULL_PATH $(printf '\x20')0"
 HMAC_CALC_ZERO=$(echo -n "$HMAC_MESSAGE_ZERO" | openssl dgst -sha256 -hmac "$SECRET" | cut -d' ' -f2)
 echo "=== Test 4: Upload with HMAC calculated for ContentLength=0 ==="
 echo "HMAC for zero length: $HMAC_CALC_ZERO"
 curl -X PUT \
     -H "Content-Type: video/mp4" \
     -H "User-Agent: TestDebugZeroHMAC/1.0" \
     --data-binary "@$TEST_FILE" \
     "https://share.uuxo.net/$FULL_PATH?v=$HMAC_CALC_ZERO" \
     -v \
     -w "\nResponse: %{http_code}, Time: %{time_total}s\n" \
     2>&1 | grep -E "(Response|HTTP/|Content-Length|User-Agent)"
 echo ""
 echo "=== Recent server logs ==="
 sleep 2
 tail -15 /opt/hmac-file-server/data/logs/hmac-file-server.log | grep -v "Interface\|RTT\|Loss" | tail -10
 # Cleanup
 rm -f "$TEST_FILE"
--- a/tests/test-upload.sh
+++ b/tests/test-upload.sh
@ -0,0 +1,38 @@
 #!/bin/bash
 # Test script to trace 400 errors in HMAC file server uploads
 # Test URL from the logs
 TEST_URL="https://share.uuxo.net/c184288b79f8b7a6f7d87ac7f1fb1ce6dcf49a80/test/test.mp4?v=test123"
 echo "Testing with a simple small file..."
 # Create a small test file
 echo "Test content for upload debugging" > /tmp/test_upload.mp4
 echo "Attempting upload with curl..."
 curl -X PUT \
     -H "Content-Type: video/mp4" \
     -H "User-Agent: TestDebug/1.0" \
     --data-binary "@/tmp/test_upload.mp4" \
     "$TEST_URL" \
     -v \
     -w "\n\nResponse Code: %{http_code}\nTotal Time: %{time_total}s\nSize Uploaded: %{size_upload} bytes\n" \
     2>&1
 echo -e "\n\nNow checking the logs for this specific request..."
 # Wait a moment for logs to be written
 sleep 2
 # Check recent logs
 echo "=== HMAC File Server Logs ==="
 tail -10 /opt/hmac-file-server/data/logs/hmac-file-server.log | grep -v "Interface\|RTT\|Loss"
 echo -e "\n=== Nginx Access Log ==="
 tail -5 /var/log/nginx/access.log | grep PUT
 echo -e "\n=== Nginx Error Log ==="
 tail -5 /var/log/nginx/upload_errors.log
 # Clean up
 rm -f /tmp/test_upload.mp4
--- a/xep0363_analysis.ipynb
+++ b/xep0363_analysis.ipynb
Author	SHA1	Message	Date
Alexander Renz	7d5fcd07a1	🔥 Tremora del Terra: ultimate hmac-file-server fix – final push before the drop 💾🔐	2025-07-20 18:42:31 +00:00
Alexander Renz	715440d138	Remove INSTALLATION_FRAMEWORK.md as part of restructuring for improved documentation clarity	2025-07-20 18:19:51 +00:00
Alexander Renz	28528cda6f	Update changelog and README for HMAC File Server 3.2.1 release with critical fixes and enhancements	2025-07-20 18:16:57 +00:00
Alexander Renz	68ede52336	Add comprehensive configuration and testing for HMAC File Server 3.2 - Introduced configuration files for Docker, Podman, and SystemD deployments. - Implemented a comprehensive test suite for HMAC validation, file uploads, and network resilience. - Added debugging scripts for live monitoring of upload issues and service status. - Created minimal configuration for testing purposes. - Developed multiple test scripts to validate HMAC calculations and response handling. - Enhanced upload tests to cover various scenarios including invalid HMAC and unsupported file extensions. - Improved logging and error analysis capabilities for better diagnostics.	2025-07-20 18:04:23 +00:00
Alexander Renz	f8e4d8fcba	Enhance network resilience features in HMAC File Server 3.2	2025-07-20 15:21:27 +00:00
Alexander Renz	3c8a96c14e	Enhance network resilience for mobile scenarios in HMAC File Server 3.2 - Introduced fast detection and quality monitoring for network changes. - Added predictive switching to proactively handle network failures. - Updated configuration examples and README for mobile network resilience. - Enhanced network resilience settings in Podman configuration. - Created a new configuration file for optimized mobile network resilience.	2025-07-20 15:02:49 +00:00
Alexander Renz	9751fb9e93	Add Podman deployment support for HMAC File Server 3.2 - Introduced Dockerfile.podman for building a Podman-compatible image. - Created deploy-podman.sh script for automated deployment and management. - Added Podman-specific README.md with quick start and configuration details. - Included example configuration file (config.toml.example) for production settings. - Implemented systemd service file for managing the HMAC File Server as a service. - Established health checks and security features in the container setup. - Documented deployment commands and troubleshooting steps in README.md.	2025-07-19 20:08:09 +00:00
Alexander Renz	860761f72c	🔥 Tremora del Terra: ultimate hmac-file-server fix – final push before the drop 💾🔐	2025-07-18 18:14:23 +00:00
Alexander Renz	ae97d23084	🔥 Tremora del Terra: ultimate hmac-file-server fix – final push before the drop 💾🔐	2025-07-18 17:42:12 +00:00
Alexander Renz	5052514219	🔥 Tremora del Terra: ultimate hmac-file-server fix – final push before the drop 💾🔐	2025-07-18 16:50:41 +00:00
Alexander Renz	6d7042059b	🔥 Tremora del Terra: ultimate hmac-file-server fix – final push before the drop 💾🔐	2025-07-18 16:48:16 +00:00
Alexander Renz	275ef6c031	🔥 Tremora del Terra: ultimate hmac-file-server fix – final push before the drop 💾🔐	2025-07-18 16:19:11 +00:00
Alexander Renz	2ec4891c1f	🔥 Tremora del Terra: ultimate hmac-file-server fix – final push before the drop 💾🔐	2025-07-18 16:14:24 +00:00
Alexander Renz	e57a3bbe27	🔥 Tremora del Terra: ultimate hmac-file-server fix – final push before the drop 💾🔐	2025-07-18 15:59:40 +00:00
Alexander Renz	42f2115b66	feat: Release HMAC File Server 3.2 "Tremora del Terra" with simplified configuration and enhanced performance - Introduced a revolutionary 8-line minimal configuration system, reducing complexity by 93%. - Added auto-configuration generation with `--genconfig` for quick setup. - Enhanced file processing with fixed deduplication responses and optimized queue management. - Supported multi-architecture builds (AMD64, ARM64, ARM32v7) with an interactive builder. - Updated migration guide for seamless transition from 3.1.x to 3.2. - Overhauled user experience for new installations, emphasizing ease of use and performance.	2025-07-18 15:37:22 +00:00
Alexander Renz	77419e5595	Implement code changes to enhance functionality and improve performance	2025-07-18 15:21:43 +00:00
Alexander Renz	bd850ac8e0	🔥 Tremora del Terra: ultimate hmac-file-server fix – final push before the drop 💾🔐	2025-07-18 14:49:23 +00:00
Alexander Renz	23f70faf68	🔥 Tremora del Terra: ultimate hmac-file-server fix – final push before the drop 💾🔐	2025-07-18 14:48:45 +00:00
Alexander Renz	347f9b1ede	🔥 Tremora del Terra: ultimate hmac-file-server fix – final push before the drop 💾🔐	2025-07-18 14:46:50 +00:00