fixing broken puppeteer providers in docker caused by alpine chromium 146 crashing / switched to debian slim with puppeteer's own chrome for testing / dropped 2-stage build / run as non-root / purge build tools after install, improve docker-test.sh to verify it all works. That's it. ;)

Added few more properties for buying a house

.gitignore

@@ -6,3 +6,4 @@ npm-debug.log
 .DS_Store
 .idea
 .vscode
+tools/release/config.json

CHANGELOG.md

@@ -1,94 +0,0 @@
-Newer release changelog see https://github.com/orangecoding/fredy/releases
-
----
-
-###### [V5.5.0]
-
-- Upgrading dependencies
-- fixing provider
-- allow multiple instances of 1 provider
-- **BREAKING**: Minimum node version is now 16
-
-###### [V5.4.6]
-
-- Adding Instana node.js monitoring
--
-
-###### [V5.4.5]
-
-- Adding Instana node.js monitoring
-
-###### [V5.4.4]
-
-- Add support for Immo Südwest Presse (immo.swp.de)
-- Telegram: Use job name instead of ID and link in title
-- Fix race condition if user ID is in session but not in user store
-- Allow visiting the original provider URL
-
-###### [V5.4.3]
-
-- re-writing readme
-- improving docker build
-- using github's actions to build docker and test automatically
-
-###### [V5.4.2]
-
-- Fixing prod build
-
-###### [V5.4.1]
-
-- Upgrading dependencies
-- Provider urls are now automagically been changed to include the correct sort order for search results
-
-```
-Note: It has been an point of confusion since the very beginning of Fredy, that people simply copied the url, but
-did not take care of sorting the search results by date. If this is not done, Fredy will most likely not see the latest
-results, thus cannot report them. This release fixes it by adding the necessary params (or replaces them).
-```
-
-###### [V5.3.0]
-
-- Upgrading dependencies
-- It's now possible to send mails to multiple receiver using comma separation for MailJet & Sendgrid
-- Fixing Immowelt scraping
-
-###### [V5.2.0]
-
-- Upgrading dependencies
-- Adding new similarity check layer (Duplicates are being removed now)
-- Adding paging for search results
-
-###### [V5.1.0]
-
-- Upgrading dependencies
-- NodeJS 12.13 is now the minimum supported version
-- Adding general settings as new configuration page to ui
-- Adding new feature working hours
-
-###### [V5.0.0]
-
-- Upgrading dependencies
-- NodeJS 12 is now the minimum supported version
-
-###### [V4.0.0]
-
-Bringing back Immoscout :tada:
-
-###### [V3.0.0]
-
-This is basically a re-write, your old config file will not be compatible anymore. Please re-created your search jobs
-on the new ui and use the values from your previous config file if needed.
-
-```
-- We're getting rid of manual config changes, Fredy, now ships with a UI so that it's easy for you to create and edit jobs
-```
-
-###### [V2.0.0]
-
-```
-- Fredy can now run multiple search job on one instance
-- Changed lot's of the structure of Fredy to make this happen
-[BREAKING CHANGES]
-- The config has been changed, the config of V1.x will not work any longer
-- Sources have been renamed to provider
-```

Dockerfile

@@ -1,69 +1,59 @@
-# ================================
-# Stage 1: Build stage
-# ================================
-FROM node:22-alpine AS builder
+FROM node:22-slim
 
-WORKDIR /build
-
-# Install build dependencies needed for native modules (better-sqlite3)
-RUN apk add --no-cache python3 make g++
-
-# Copy package files first for better layer caching
-COPY package.json yarn.lock ./
-
-# Install all dependencies (including devDependencies for building)
-RUN yarn config set network-timeout 600000 \
-  && yarn --frozen-lockfile
-
-# Copy source files needed for build
-COPY index.html vite.config.js ./
-COPY ui ./ui
-COPY lib ./lib
-
-# Build frontend assets
-RUN yarn build:frontend
-
-# ================================
-# Stage 2: Production stage
-# ================================
-FROM node:22-alpine
+# System deps for Chrome for Testing + build tools for native modules (better-sqlite3)
+# Must run as root
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    curl ca-certificates fonts-liberation libasound2 \
+    libatk-bridge2.0-0 libatk1.0-0 libcups2 libdbus-1-3 \
+    libdrm2 libgbm1 libgtk-3-0 libnspr4 libnss3 \
+    libx11-xcb1 libxcomposite1 libxdamage1 libxrandr2 xdg-utils \
+    python3 make g++ \
+  && rm -rf /var/lib/apt/lists/* \
+  && mkdir -p /db /conf /fredy \
+  && chown node:node /db /conf /fredy
 
 WORKDIR /fredy
 
-# Install Chromium and curl (for healthcheck)
-# Using Alpine's chromium package which is much smaller
-RUN apk add --no-cache chromium curl
+# Everything from here runs as the built-in non-root node user (UID 1000)
+USER node
 
 ENV NODE_ENV=production \
-    PUPPETEER_SKIP_CHROMIUM_DOWNLOAD=true \
-    PUPPETEER_EXECUTABLE_PATH=/usr/bin/chromium-browser
+    IS_DOCKER=true
 
-# Install build dependencies for native modules, then remove them after yarn install
-COPY package.json yarn.lock ./
+COPY --chown=node:node package.json yarn.lock ./
 
-RUN apk add --no-cache --virtual .build-deps python3 make g++ \
-  && yarn config set network-timeout 600000 \
-  && yarn --frozen-lockfile --production \
-  && yarn cache clean \
-  && apk del .build-deps
+# Install dependencies and purge build tools (only needed to compile better-sqlite3)
+RUN yarn config set network-timeout 600000 \
+  && yarn --frozen-lockfile \
+  && yarn cache clean
 
-# Copy built frontend from builder stage
-COPY --from=builder /build/ui/public ./ui/public
+# Install Chrome for Testing in a separate layer — it's ~150MB and rarely changes,
+# so keeping it separate avoids re-downloading on every code/dependency change
+RUN npx puppeteer browsers install chrome
 
-# Copy application source (only what's needed at runtime)
-COPY index.js ./
-COPY index.html ./
-COPY lib ./lib
+# Purge build tools now that native modules are compiled
+USER root
+RUN apt-get purge -y python3 make g++ \
+  && apt-get autoremove -y \
+  && rm -rf /var/lib/apt/lists/*
+USER node
 
-# Prepare runtime directories and symlinks for data and config
-RUN mkdir -p /db /conf \
-  && chown 1000:1000 /db /conf \
-  && chmod 777 /db /conf \
-  && ln -s /db /fredy/db \
+COPY --chown=node:node index.html vite.config.js ./
+COPY --chown=node:node ui ./ui
+COPY --chown=node:node lib ./lib
+
+RUN yarn build:frontend
+
+COPY --chown=node:node index.js ./
+
+RUN ln -s /db /fredy/db \
   && ln -s /conf /fredy/conf
 
 EXPOSE 9998
 VOLUME /db
 VOLUME /conf
 
+HEALTHCHECK --interval=30s --timeout=10s --start-period=30s --retries=3 \
+  CMD curl -f http://localhost:9998/ || exit 1
+
 CMD ["node", "index.js"]

README.md

@@ -119,7 +119,7 @@ Should you use [Unraid](https://unraid.net/), you can now install Fredy from the
 
 ## 📸 Screenshots
 
-| Fredy Main Overview                              | Job Configuration                                                     | Found Listings                                                              |
+| Fredy Maps View                                  | Dashboard                                               | Found Listings                                                              |
 |--------------------------------------------------|-----------------------------------------------------------------------|-----------------------------------------------------------------------------|
 | ![Screenshot showing Fredy](doc/screenshot1.png) | ![Screenshot showing job configuration in Fredy](doc/screenshot3.png) | ![Screenshot showing found listings in Fredy](doc/screenshot2.png) |
 
@@ -154,6 +154,13 @@ to Slack + Telegram."\
 Jobs run automatically at the interval you configure (see
 `/conf/config.json`).
 
+### MCP Server 🤖
+
+Starting with **V20**, Fredy ships with a built-in **MCP Server **. This allows you to connect Fredy to LLMs (like Claude, ChatGPT, or local models via LM Studio) and query your real estate data using natural language.
+The local LLM can even enrich existing listings by checking the listing online.   
+
+For more information on how to set it up and use it, please refer to the [MCP Readme](lib/mcp/README.md).
+
 ------------------------------------------------------------------------
 
 ## Immoscout

copyright.js

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2025 by Christian Kellner.
+ * Copyright (c) 2026 by Christian Kellner.
  * Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
  */
 
@@ -30,12 +30,16 @@ async function getAllFiles(dir = '.') {
 
 /* eslint-disable no-console */
 async function addCopyright(files) {
+  const oldCopyrightRegex =
+    /^(\/\*\n \* Copyright \(c\) \d{4} by Christian Kellner\.\n \* Licensed under Apache-2.0 with Commons Clause and Attribution\/Naming Clause\n \*\/\n\n)+/;
   for (let file of files) {
     try {
       let content = await fs.readFile(file, 'utf8');
-      if (!content.startsWith(COPYRIGHT)) {
-        await fs.writeFile(file, COPYRIGHT + content);
-        console.log(`Added copyright to ${file}`);
+      const strippedContent = content.replace(oldCopyrightRegex, '');
+      const newContent = COPYRIGHT + strippedContent;
+      if (content !== newContent) {
+        await fs.writeFile(file, newContent);
+        console.log(`Added/Updated copyright in ${file}`);
       }
     } catch (err) {
       console.error(`Error processing ${file}: ${err}`);

docker-test.sh

@@ -7,12 +7,63 @@ if [ "$(docker ps -aq -f name=fredy)" ]; then
   docker rm fredy || true
 fi
 
+# On Apple Silicon, force linux/amd64 to match production CI and avoid arm64/x86_64
+# Chrome mismatch under Rosetta. On native Linux (amd64 or arm64) let Docker pick naturally. That took me fucking 1 hour to figure out.
+PLATFORM=""
+if [ "$(uname -m)" = "arm64" ] && [ "$(uname -s)" = "Darwin" ]; then
+  PLATFORM="linux/amd64"
+fi
+
 # Build image from local Dockerfile, forcing a fresh build without cache
-docker build --no-cache -t fredy:local .
+if [ -n "$PLATFORM" ]; then
+  docker build --no-cache --platform "$PLATFORM" -t fredy:local .
+else
+  docker build --no-cache -t fredy:local .
+fi
 
 # Run container with volumes and port mapping
-docker run -d --name fredy \
-  -v fredy_conf:/conf \
-  -v fredy_db:/db \
-  -p 9998:9998 \
-  fredy:local
+if [ -n "$PLATFORM" ]; then
+  docker run -d --name fredy --platform "$PLATFORM" -v fredy_conf:/conf -v fredy_db:/db -p 9998:9998 fredy:local
+else
+  docker run -d --name fredy -v fredy_conf:/conf -v fredy_db:/db -p 9998:9998 fredy:local
+fi
+
+echo "Waiting for app to be ready..."
+for i in $(seq 1 30); do
+  if docker exec fredy curl -sf http://localhost:9998/ > /dev/null 2>&1; then
+    echo "App is up"
+    break
+  fi
+  if [ "$i" = "30" ]; then
+    echo "App did not come up in time"
+    docker logs fredy
+    exit 1
+  fi
+  sleep 2
+done
+
+# Verify the process is NOT running as root
+RUNNING_USER=$(docker exec fredy id -u)
+if [ "$RUNNING_USER" = "0" ]; then
+  echo "Process is running as root!"
+  exit 1
+fi
+echo "Process runs as UID $RUNNING_USER (not root)"
+
+# Verify Chrome launches without crashing
+echo "Testing Chrome..."
+CHROME=$(docker exec fredy find /home/node/.cache/puppeteer -name chrome -type f 2>/dev/null | head -1)
+if [ -z "$CHROME" ]; then
+  echo "Chrome binary not found"
+  exit 1
+fi
+if docker exec fredy "$CHROME" --headless --no-sandbox --disable-gpu --dump-dom https://example.com 2>&1 | grep -q "<html"; then
+  echo "Chrome works"
+else
+  echo "Chrome failed to render a page"
+  docker exec fredy "$CHROME" --headless --no-sandbox --disable-gpu --dump-dom https://example.com 2>&1 | head -20
+  exit 1
+fi
+
+echo ""
+echo "All checks passed."

eslint.config.js

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2025 by Christian Kellner.
+ * Copyright (c) 2026 by Christian Kellner.
  * Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
  */
 
@@ -8,94 +8,41 @@ import js from '@eslint/js';
 import prettier from 'eslint-config-prettier';
 import globals from 'globals';
 import react from 'eslint-plugin-react';
-import babelParser from '@babel/eslint-parser';
 
 export default [
   {
-    files: ['**/*.{js,jsx,ts,tsx}'],
     ignores: ['**/node_modules/**', '**/dist/**', '**/build/**', '**/public/**', 'db/**', 'conf/**'],
   },
-  js.configs.recommended,
-  prettier,
+
   {
+    files: ['**/*.{js,jsx}'],
     languageOptions: {
-      parser: babelParser,
+      ecmaVersion: 'latest',
       sourceType: 'module',
-      ecmaVersion: 2021,
+      parserOptions: {
+        ecmaFeatures: { jsx: true },
+      },
       globals: {
         ...globals.browser,
         ...globals.node,
-        ...globals.mocha,
+        ...globals.jest,
         Promise: 'readonly',
         fetch: 'readonly',
         describe: 'readonly',
         after: 'readonly',
         it: 'readonly',
+        beforeEach: 'readonly',
+        afterEach: 'readonly',
+        vi: 'readonly',
       },
-      parserOptions: { requireConfigFile: false },
     },
     plugins: { react },
-    rules: {
-      eqeqeq: [2, 'allow-null'],
-      strict: 0,
-      'no-redeclare': [2, { builtinGlobals: false }],
-      'class-methods-use-this': 'off',
-      indent: ['off', 2],
-      'linebreak-style': ['error', 'unix'],
-      quotes: ['error', 'single', { avoidEscape: true, allowTemplateLiterals: true }],
-      semi: ['error', 'always'],
-      'no-console': ['error', { allow: ['warn', 'error'] }],
-      'jsx-quotes': ['error', 'prefer-double'],
-      'react/display-name': 'off',
-      'react/forbid-prop-types': 'off',
-      'react/jsx-closing-bracket-location': 'off',
-      'react/jsx-curly-spacing': 'off',
-      'react/jsx-handler-names': ['off', { eventHandlerPrefix: 'handle', eventHandlerPropPrefix: 'on' }],
-      'react/jsx-indent-props': 'off',
-      'react/jsx-key': 'off',
-      'react/jsx-max-props-per-line': 'off',
-      'react/jsx-no-bind': ['error', { ignoreRefs: true, allowArrowFunctions: true, allowBind: false }],
-      'react/jsx-no-duplicate-props': ['error', { ignoreCase: true }],
-      'react/jsx-no-literals': 'off',
-      'react/jsx-no-undef': 'error',
-      'react/jsx-pascal-case': ['error', { allowAllCaps: true, ignore: [] }],
-      'react/sort-prop-types': ['off', { ignoreCase: true, callbacksLast: false, requiredFirst: false }],
-      'react/jsx-sort-prop-types': 'off',
-      'react/jsx-sort-props': 'off',
-      'react/jsx-uses-react': 'error',
-      'react/jsx-uses-vars': 'error',
-      'react/no-danger': 'warn',
-      'react/no-deprecated': 'error',
-      'react/no-did-mount-set-state': 'error',
-      'react/no-did-update-set-state': 'warn',
-      'react/no-direct-mutation-state': 'off',
-      'react/no-is-mounted': 'error',
-      'react/no-set-state': 'off',
-      'react/no-string-refs': 'warn',
-      'react/no-unknown-property': 'error',
-      'react/prop-types': ['error', { ignore: [], customValidators: [], skipUndeclared: true }],
-      'react/react-in-jsx-scope': 'error',
-      'react/require-extension': 'off',
-      'react/require-render-return': 'error',
-      'react/self-closing-comp': 'warn',
-      'react/sort-comp': 'off',
-      'react/jsx-wrap-multilines': ['warn', { declaration: true, assignment: true, return: true }],
-      'react/wrap-multilines': 'off',
-      'react/jsx-first-prop-new-line': 'off',
-      'react/jsx-equals-spacing': ['warn', 'never'],
-      'react/jsx-no-target-blank': 'error',
-      'react/jsx-filename-extension': ['error', { extensions: ['.jsx'] }],
-      'react/jsx-no-comment-textnodes': 'error',
-      'react/no-comment-textnodes': 'off',
-      'react/no-render-return-value': 'error',
-      'react/require-optimization': ['off', { allowDecorators: [] }],
-      'react/no-find-dom-node': 'warn',
-      'react/forbid-component-props': ['off', { forbid: [] }],
-      'react/no-danger-with-children': 'error',
-      'react/no-unused-prop-types': ['warn', { customValidators: [], skipShapeProps: true }],
-      'react/style-prop-object': 'error',
-      'react/no-children-prop': 'warn',
-    },
     settings: { react: { version: 'detect' } },
+    rules: {
+      ...js.configs.recommended.rules,
+      'no-console': ['error', { allow: ['warn', 'error'] }],
+    },
   },
+
+  prettier,
 ];

index.html

@@ -7,7 +7,7 @@
       content="user-scalable=no, width=device-width, initial-scale=1, maximum-scale=1"
     />
     <meta name="google" content="notranslate" />
-      <meta name="apple-mobile-web-app-capable" content="yes" />
+      <meta name="mobile-web-app-capable" content="yes">
       <meta name="apple-mobile-web-app-status-bar-style" content="black-translucent" />
 
       <title>Fredy || Real Estate Finder</title>

index.js

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2025 by Christian Kellner.
+ * Copyright (c) 2026 by Christian Kellner.
  * Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
  */
 
@@ -8,10 +8,10 @@ import { checkIfConfigIsAccessible, getProviders, refreshConfig } from './lib/ut
 import * as similarityCache from './lib/services/similarity-check/similarityCache.js';
 import { runMigrations } from './lib/services/storage/migrations/migrate.js';
 import { ensureDemoUserExists, ensureAdminUserExists } from './lib/services/storage/userStorage.js';
-import { cleanupDemoAtMidnight } from './lib/services/crons/demoCleanup-cron.js';
 import { initTrackerCron } from './lib/services/crons/tracker-cron.js';
 import logger from './lib/services/logger.js';
 import { initActiveCheckerCron } from './lib/services/crons/listing-alive-cron.js';
+import { initGeocodingCron } from './lib/services/crons/geocoding-cron.js';
 import { getSettings } from './lib/services/storage/settingsStorage.js';
 import SqliteConnection, { computeDbPath } from './lib/services/storage/SqliteConnection.js';
 import { initJobExecutionService } from './lib/services/jobs/jobExecutionService.js';
@@ -53,7 +53,6 @@ await import('./lib/api/api.js');
 
 if (settings.demoMode) {
   logger.info('Running in demo mode');
-  cleanupDemoAtMidnight();
 }
 
 ensureAdminUserExists();
@@ -61,6 +60,7 @@ ensureDemoUserExists();
 await initTrackerCron();
 //do not wait for this to finish, let it run in the background
 initActiveCheckerCron();
+initGeocodingCron();
 
 logger.info(`Started Fredy successfully. Ui can be accessed via http://localhost:${settings.port}`);
 

lib/FredyPipelineExecutioner.js

@@ -1,14 +1,24 @@
 /*
- * Copyright (c) 2025 by Christian Kellner.
+ * Copyright (c) 2026 by Christian Kellner.
  * Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
  */
 
 import { NoNewListingsWarning } from './errors.js';
-import { storeListings, getKnownListingHashesForJobAndProvider } from './services/storage/listingsStorage.js';
+import {
+  storeListings,
+  getKnownListingHashesForJobAndProvider,
+  deleteListingsById,
+} from './services/storage/listingsStorage.js';
+import { getJob } from './services/storage/jobStorage.js';
 import * as notify from './notification/notify.js';
 import Extractor from './services/extractor/extractor.js';
 import urlModifier from './services/queryStringMutator.js';
 import logger from './services/logger.js';
+import { geocodeAddress } from './services/geocoding/geoCodingService.js';
+import { distanceMeters } from './services/listings/distanceCalculator.js';
+import { getUserSettings } from './services/storage/settingsStorage.js';
+import { updateListingDistance } from './services/storage/listingsStorage.js';
+import booleanPointInPolygon from '@turf/boolean-point-in-polygon';
 
 /**
  * @typedef {Object} Listing
@@ -53,18 +63,21 @@ class FredyPipelineExecutioner {
    * @param {(raw:any)=>Listing} providerConfig.normalize Function to convert raw scraped data into a Listing shape.
    * @param {(listing:Listing)=>boolean} providerConfig.filter Function to filter out unwanted listings.
    * @param {(url:string, waitForSelector?:string)=>Promise<void>|Promise<Listing[]>} [providerConfig.getListings] Optional override to fetch listings.
-   *
    * @param {Object} notificationConfig Notification configuration passed to notification adapters.
+   * @param {Object} spatialFilter Optional spatial filter configuration.
    * @param {string} providerId The ID of the provider currently in use.
    * @param {string} jobKey Key of the job that is currently running (from within the config).
    * @param {SimilarityCache} similarityCache Cache instance for checking similar entries.
+   * @param browser
    */
-  constructor(providerConfig, notificationConfig, providerId, jobKey, similarityCache) {
+  constructor(providerConfig, notificationConfig, spatialFilter, providerId, jobKey, similarityCache, browser) {
     this._providerConfig = providerConfig;
     this._notificationConfig = notificationConfig;
+    this._spatialFilter = spatialFilter;
     this._providerId = providerId;
     this._jobKey = jobKey;
     this._similarityCache = similarityCache;
+    this._browser = browser;
   }
 
   /**
@@ -79,12 +92,75 @@ class FredyPipelineExecutioner {
       .then(this._normalize.bind(this))
       .then(this._filter.bind(this))
       .then(this._findNew.bind(this))
+      .then(this._geocode.bind(this))
       .then(this._save.bind(this))
+      .then(this._calculateDistance.bind(this))
       .then(this._filterBySimilarListings.bind(this))
+      .then(this._filterByArea.bind(this))
       .then(this._notify.bind(this))
       .catch(this._handleError.bind(this));
   }
 
+  /**
+   * Geocode new listings.
+   *
+   * @param {Listing[]} newListings New listings to geocode.
+   * @returns {Promise<Listing[]>} Resolves with the listings (potentially with added coordinates).
+   */
+  async _geocode(newListings) {
+    for (const listing of newListings) {
+      if (listing.address) {
+        const coords = await geocodeAddress(listing.address);
+        if (coords) {
+          listing.latitude = coords.lat;
+          listing.longitude = coords.lng;
+        }
+      }
+    }
+    return newListings;
+  }
+
+  /**
+   * Filter listings by area using the provider's area filter if available.
+   * Only filters if areaFilter is set on the provider AND the listing has coordinates.
+   *
+   * @param {Listing[]} newListings New listings to filter by area.
+   * @returns {Promise<Listing[]>} Resolves with listings that are within the area (or not filtered if no area is set).
+   */
+  _filterByArea(newListings) {
+    const polygonFeatures = this._spatialFilter?.features?.filter((f) => f.geometry?.type === 'Polygon');
+
+    // If no area filter is set, return all listings
+    if (!polygonFeatures?.length) {
+      return newListings;
+    }
+
+    const filteredIds = [];
+    // Filter listings by area - keep only those within the polygon
+    const keptListings = newListings.filter((listing) => {
+      // If listing doesn't have coordinates, keep it (don't filter out)
+      if (listing.latitude == null || listing.longitude == null) {
+        return true;
+      }
+
+      // Check if the point is inside the polygons
+      const point = [listing.longitude, listing.latitude]; // GeoJSON format: [lon, lat]
+      const isInPolygon = polygonFeatures.some((feature) => booleanPointInPolygon(point, feature));
+
+      if (!isInPolygon) {
+        filteredIds.push(listing.id);
+      }
+
+      return isInPolygon;
+    });
+
+    if (filteredIds.length > 0) {
+      deleteListingsById(filteredIds);
+    }
+
+    return keptListings;
+  }
+
   /**
    * Fetch listings from the provider, using the default Extractor flow unless
    * a provider-specific getListings override is supplied.
@@ -93,7 +169,7 @@ class FredyPipelineExecutioner {
    * @returns {Promise<Listing[]>} Resolves with an array of listings (empty when none found).
    */
   _getListings(url) {
-    const extractor = new Extractor();
+    const extractor = new Extractor({ ...this._providerConfig.puppeteerOptions, browser: this._browser });
     return new Promise((resolve, reject) => {
       extractor
         .execute(url, this._providerConfig.waitForSelector)
@@ -180,6 +256,42 @@ class FredyPipelineExecutioner {
     return newListings;
   }
 
+  /**
+   * Calculate distance for new listings.
+   *
+   * @param {Listing[]} listings
+   * @returns {Listing[]}
+   * @private
+   */
+  _calculateDistance(listings) {
+    if (listings.length === 0) return [];
+
+    const job = getJob(this._jobKey);
+    const userId = job?.userId;
+
+    if (userId == null || typeof userId !== 'string') {
+      logger.debug('Skipping distance calculation: userId is missing or invalid');
+      return listings;
+    }
+
+    const userSettings = getUserSettings(userId);
+    const homeAddress = userSettings?.home_address;
+
+    if (!homeAddress || !homeAddress.coords) {
+      return listings;
+    }
+
+    const { lat, lng } = homeAddress.coords;
+    for (const listing of listings) {
+      if (listing.latitude != null && listing.longitude != null) {
+        const dist = distanceMeters(lat, lng, listing.latitude, listing.longitude);
+        updateListingDistance(listing.id, dist);
+        listing.distance_to_destination = dist;
+      }
+    }
+    return listings;
+  }
+
   /**
    * Remove listings that are similar to already known entries according to the similarity cache.
    * Adds the remaining listings to the cache.
@@ -188,7 +300,8 @@ class FredyPipelineExecutioner {
    * @returns {Listing[]} Listings considered unique enough to keep.
    */
   _filterBySimilarListings(listings) {
-    return listings.filter((listing) => {
+    const filteredIds = [];
+    const keptListings = listings.filter((listing) => {
       const similar = this._similarityCache.checkAndAddEntry({
         title: listing.title,
         address: listing.address,
@@ -198,9 +311,16 @@ class FredyPipelineExecutioner {
         logger.debug(
           `Filtering similar entry for title '${listing.title}' and address '${listing.address}' (Provider: '${this._providerId}')`,
         );
+        filteredIds.push(listing.id);
       }
       return !similar;
     });
+
+    if (filteredIds.length > 0) {
+      deleteListingsById(filteredIds);
+    }
+
+    return keptListings;
   }
 
   /**

lib/TRACKING_POIS.js

@@ -0,0 +1,10 @@
+/*
+ * Copyright (c) 2026 by Christian Kellner.
+ * Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
+ */
+
+export const TRACKING_POIS = {
+  DISTANCE_ADDRESS_ENTERED: 'DISTANCE_ADDRESS_ENTERED',
+  WELCOME_FINISHED: 'WELCOME_FINISHED',
+  WELCOME_SKIPPED: 'WELCOME_SKIPPED',
+};

lib/api/api.js

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2025 by Christian Kellner.
+ * Copyright (c) 2026 by Christian Kellner.
  * Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
  */
 
@@ -10,6 +10,7 @@ import { providerRouter } from './routes/providerRouter.js';
 import { versionRouter } from './routes/versionRouter.js';
 import { loginRouter } from './routes/loginRoute.js';
 import { userRouter } from './routes/userRoute.js';
+import { userSettingsRouter } from './routes/userSettingsRoute.js';
 import { jobRouter } from './routes/jobRouter.js';
 import bodyParser from 'body-parser';
 import restana from 'restana';
@@ -20,9 +21,10 @@ import { demoRouter } from './routes/demoRouter.js';
 import logger from '../services/logger.js';
 import { listingsRouter } from './routes/listingsRouter.js';
 import { getSettings } from '../services/storage/settingsStorage.js';
-import { featureRouter } from './routes/featureRouter.js';
 import { dashboardRouter } from './routes/dashboardRouter.js';
 import { backupRouter } from './routes/backupRouter.js';
+import { trackingRouter } from './routes/trackingRoute.js';
+import { registerMcpRoutes } from '../mcp/mcpHttpRoute.js';
 const service = restana();
 const staticService = files(path.join(getDirName(), '../ui/public'));
 const PORT = (await getSettings()).port || 9998;
@@ -35,7 +37,8 @@ service.use('/api/jobs', authInterceptor());
 service.use('/api/version', authInterceptor());
 service.use('/api/listings', authInterceptor());
 service.use('/api/dashboard', authInterceptor());
-service.use('/api/features', authInterceptor());
+service.use('/api/user/settings', authInterceptor());
+service.use('/api/tracking', authInterceptor());
 
 // /admin can only be accessed when user is having admin permissions
 service.use('/api/admin', adminInterceptor());
@@ -44,15 +47,19 @@ service.use('/api/admin/generalSettings', generalSettingsRouter);
 service.use('/api/admin/backup', backupRouter);
 service.use('/api/jobs/provider', providerRouter);
 service.use('/api/admin/users', userRouter);
+service.use('/api/user/settings', userSettingsRouter);
 service.use('/api/version', versionRouter);
 service.use('/api/jobs', jobRouter);
 service.use('/api/login', loginRouter);
 service.use('/api/listings', listingsRouter);
-service.use('/api/features', featureRouter);
 service.use('/api/dashboard', dashboardRouter);
+service.use('/api/tracking', trackingRouter);
 //this route is unsecured intentionally as it is being queried from the login page
 service.use('/api/demo', demoRouter);
 
+// MCP Streamable HTTP endpoint (secured via Bearer token, not cookie-session)
+registerMcpRoutes(service);
+
 service.start(PORT).then(() => {
   logger.debug(`Started API service on port ${PORT}`);
 });

lib/api/routes/backupRouter.js

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2025 by Christian Kellner.
+ * Copyright (c) 2026 by Christian Kellner.
  * Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
  */
 

lib/api/routes/dashboardRouter.js

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2025 by Christian Kellner.
+ * Copyright (c) 2026 by Christian Kellner.
  * Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
  */
 

lib/api/routes/demoRouter.js

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2025 by Christian Kellner.
+ * Copyright (c) 2026 by Christian Kellner.
  * Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
  */
 

lib/api/routes/featureRouter.js

@@ -1,17 +0,0 @@
-/*
- * Copyright (c) 2025 by Christian Kellner.
- * Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
- */
-
-import restana from 'restana';
-import getFeatures from '../../features.js';
-const service = restana();
-const featureRouter = service.newRouter();
-
-featureRouter.get('/', async (req, res) => {
-  const features = getFeatures();
-  res.body = Object.assign({}, { features });
-  res.send();
-});
-
-export { featureRouter };

lib/api/routes/generalSettingsRoute.js

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2025 by Christian Kellner.
+ * Copyright (c) 2026 by Christian Kellner.
  * Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
  */
 

lib/api/routes/jobRouter.js

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2025 by Christian Kellner.
+ * Copyright (c) 2026 by Christian Kellner.
  * Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
  */
 
@@ -11,10 +11,13 @@ import logger from '../../services/logger.js';
 import { bus } from '../../services/events/event-bus.js';
 import { isRunning as isJobRunning } from '../../services/jobs/run-state.js';
 import { addClient as addSseClient, removeClient } from '../../services/sse/sse-broker.js';
+import { getSettings } from '../../services/storage/settingsStorage.js';
 
 const service = restana();
 const jobRouter = service.newRouter();
 
+const DEMO_JOB_NAME = 'Demo-Job';
+
 function doesJobBelongsToUser(job, req) {
   const userId = req.session.currentUser;
   if (userId == null) {
@@ -160,7 +163,17 @@ jobRouter.post('/:jobId/run', async (req, res) => {
 });
 
 jobRouter.post('/', async (req, res) => {
-  const { provider, notificationAdapter, name, blacklist = [], jobId, enabled, shareWithUsers = [] } = req.body;
+  const {
+    provider,
+    notificationAdapter,
+    name,
+    blacklist = [],
+    jobId,
+    enabled,
+    shareWithUsers = [],
+    spatialFilter = null,
+  } = req.body;
+  const settings = await getSettings();
   try {
     let jobFromDb = jobStorage.getJob(jobId);
 
@@ -169,6 +182,11 @@ jobRouter.post('/', async (req, res) => {
       return;
     }
 
+    if (settings.demoMode && jobFromDb && jobFromDb.name === DEMO_JOB_NAME) {
+      res.send(new Error('Sorry, but you cannot change the Status of our Demo Job ;)'));
+      return;
+    }
+
     jobStorage.upsertJob({
       userId: req.session.currentUser,
       jobId,
@@ -178,6 +196,7 @@ jobRouter.post('/', async (req, res) => {
       provider,
       notificationAdapter,
       shareWithUsers,
+      spatialFilter,
     });
   } catch (error) {
     res.send(new Error(error));
@@ -188,8 +207,14 @@ jobRouter.post('/', async (req, res) => {
 
 jobRouter.delete('', async (req, res) => {
   const { jobId } = req.body;
+  const settings = await getSettings();
   try {
     const job = jobStorage.getJob(jobId);
+    if (settings.demoMode && job.name === DEMO_JOB_NAME) {
+      res.send(new Error('Sorry, but you cannot remove the Demo Job ;)'));
+      return;
+    }
+
     if (!doesJobBelongsToUser(job, req)) {
       res.send(new Error('You are trying to remove a job that is not associated to your user'));
     } else {
@@ -204,8 +229,15 @@ jobRouter.delete('', async (req, res) => {
 jobRouter.put('/:jobId/status', async (req, res) => {
   const { status } = req.body;
   const { jobId } = req.params;
+  const settings = await getSettings();
   try {
     const job = jobStorage.getJob(jobId);
+
+    if (settings.demoMode && job.name === DEMO_JOB_NAME) {
+      res.send(new Error('Sorry, but you cannot change the Status of our Demo Job ;)'));
+      return;
+    }
+
     if (!doesJobBelongsToUser(job, req)) {
       res.send(new Error('You are trying change a job that is not associated to your user'));
     } else {

lib/api/routes/listingsRouter.js

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2025 by Christian Kellner.
+ * Copyright (c) 2026 by Christian Kellner.
  * Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
  */
 
@@ -10,6 +10,7 @@ import { isAdmin as isAdminFn } from '../security.js';
 import logger from '../../services/logger.js';
 import { nullOrEmpty } from '../../utils.js';
 import { getJobs } from '../../services/storage/jobStorage.js';
+import { getSettings } from '../../services/storage/settingsStorage.js';
 
 const service = restana();
 
@@ -63,6 +64,29 @@ listingsRouter.get('/table', async (req, res) => {
   res.send();
 });
 
+listingsRouter.get('/map', async (req, res) => {
+  const { jobId } = req.query || {};
+
+  res.body = listingStorage.getListingsForMap({
+    jobId: nullOrEmpty(jobId) ? null : jobId,
+    userId: req.session.currentUser,
+    isAdmin: isAdminFn(req),
+  });
+  res.send();
+});
+
+listingsRouter.get('/:listingId', async (req, res) => {
+  const { listingId } = req.params;
+  const listing = listingStorage.getListingById(listingId, req.session.currentUser, isAdminFn(req));
+  if (!listing) {
+    res.statusCode = 404;
+    res.body = { message: 'Listing not found' };
+    return res.send();
+  }
+  res.body = listing;
+  res.send();
+});
+
 // Toggle watch state for the current user on a listing
 listingsRouter.post('/watch', async (req, res) => {
   try {
@@ -83,9 +107,15 @@ listingsRouter.post('/watch', async (req, res) => {
 });
 
 listingsRouter.delete('/job', async (req, res) => {
-  const { jobId } = req.body;
+  const { jobId, hardDelete = false } = req.body;
+  const settings = await getSettings();
   try {
-    listingStorage.deleteListingsByJobId(jobId);
+    if (settings.demoMode) {
+      res.send(new Error('Sorry, but you cannot remove listings in demo mode ;)'));
+      return;
+    }
+
+    listingStorage.deleteListingsByJobId(jobId, hardDelete);
   } catch (error) {
     res.send(new Error(error));
     logger.error(error);
@@ -94,10 +124,10 @@ listingsRouter.delete('/job', async (req, res) => {
 });
 
 listingsRouter.delete('/', async (req, res) => {
-  const { ids } = req.body;
+  const { ids, hardDelete = false } = req.body;
   try {
     if (Array.isArray(ids) && ids.length > 0) {
-      listingStorage.deleteListingsById(ids);
+      listingStorage.deleteListingsById(ids, hardDelete);
     }
   } catch (error) {
     res.send(new Error(error));

lib/api/routes/loginRoute.js

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2025 by Christian Kellner.
+ * Copyright (c) 2026 by Christian Kellner.
  * Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
  */
 

lib/api/routes/notificationAdapterRouter.js

@@ -1,10 +1,12 @@
 /*
- * Copyright (c) 2025 by Christian Kellner.
+ * Copyright (c) 2026 by Christian Kellner.
  * Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
  */
 
 import fs from 'fs';
 import restana from 'restana';
+import logger from '../../services/logger.js';
+
 const service = restana();
 const notificationAdapterRouter = service.newRouter();
 const notificationAdapterList = fs.readdirSync('./lib//notification/adapter').filter((file) => file.endsWith('.js'));
@@ -34,11 +36,14 @@ notificationAdapterRouter.post('/try', async (req, res) => {
       serviceName: 'TestCall',
       newListings: [
         {
-          price: '42 €',
-          title: 'This is a test listing',
-          address: 'some address',
-          size: '666 2m',
-          link: 'https://www.orange-coding.net',
+          address: 'Heidestrasse 17, 51147 Köln',
+          description: exampleDescription,
+          id: '1',
+          imageUrl: 'https://placehold.co/600x400/png',
+          price: '1.000 €',
+          size: '76 m²',
+          title: 'Stilvolle gepflegte 3-Raum-Wohnung mit gehobener Innenausstattung',
+          url: 'https://www.orange-coding.net',
         },
       ],
       notificationConfig,
@@ -46,6 +51,7 @@ notificationAdapterRouter.post('/try', async (req, res) => {
     });
     res.send();
   } catch (Exception) {
+    logger.error('Error during notification adapter test:', Exception);
     res.send(new Error(Exception));
   }
 });
@@ -54,3 +60,51 @@ notificationAdapterRouter.get('/', async (req, res) => {
   res.send();
 });
 export { notificationAdapterRouter };
+
+const exampleDescription = `
+Wohnungstyp: Etagenwohnung
+Nutzfläche: 76 m²
+Etage: 2 von 3
+Schlafzimmer: 1
+Badezimmer: 1
+Bezugsfrei ab: 1.4.2026
+Haustiere: Nein
+Garage/Stellplatz: Tiefgarage
+Anzahl Garage/Stellplatz: 1
+Kaltmiete (zzgl. Nebenkosten): 1.000 €
+Preis/m²: 13,16 €/m²
+Nebenkosten: 230 €
+Heizkosten in Nebenkosten enthalten: Ja
+Gesamtmiete: 1.230 €
+Kaution: 3.000,00
+Preis pro Parkfläche: 60 €
+Baujahr: 2000
+Objektzustand: Modernisiert
+Qualität der Ausstattung: Gehoben
+Heizungsart: Fernwärme
+Energieausweistyp: Verbrauchsausweis
+Energieausweis: liegt vor
+Endenergieverbrauch: 72 kWh/(m²∙a)
+Baujahr laut Energieausweis: 2000
+
+Diese moderne 3-Zimmer-Wohnung liegt direkt neben einem Park und nur wenige Minuten von der S-Bahn-Haltestelle entfernt. Das Stadtzentrum sowie Freizeiteinrichtungen sind 1,5 km entfernt.
+
+Die Wohnung ist ideal für Paare oder kleine Familien geeignet.
+
+Ausstattung:
+- neuer hochwertiger Bodenbelag (Holzoptik) in allen Räumen außer Bad/Küche
+- sonniger Balkon (Süd)
+- Tiefgaragenstellplatz 
+- Kellerabteil
+- gepflegtes Mehrfamilienhaus
+
+Die Küche ist vom Mieter nach eigenen Wünschen einzurichten.
+
+Vermietung direkt vom Eigentümer - provisionsfrei!
+
+Lage:
+• Park: 1 Minute zu Fuß
+• S-Bahn Station: 2 Minuten zu Fuß  
+• Supermärkte, Restaurants, täglicher Bedarf in der Nähe
+• Gute Anbindung Richtung Großstadt und Flughafen
+`;

lib/api/routes/providerRouter.js

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2025 by Christian Kellner.
+ * Copyright (c) 2026 by Christian Kellner.
  * Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
  */
 

lib/api/routes/trackingRoute.js

@@ -0,0 +1,37 @@
+/*
+ * Copyright (c) 2026 by Christian Kellner.
+ * Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
+ */
+
+import restana from 'restana';
+import { trackPoi } from '../../services/tracking/Tracker.js';
+import { TRACKING_POIS } from '../../TRACKING_POIS.js';
+import logger from '../../services/logger.js';
+
+const service = restana();
+const trackingRouter = service.newRouter();
+
+trackingRouter.get('/trackingPois', async (req, res) => {
+  res.body = TRACKING_POIS;
+  res.send();
+});
+
+trackingRouter.post('/poi', async (req, res) => {
+  const { poi } = req.body;
+  if (!poi) {
+    res.statusCode = 400;
+    res.send({ error: 'Feature name is required' });
+    return;
+  }
+
+  try {
+    await trackPoi(poi);
+    res.send({ success: true });
+  } catch (error) {
+    logger.error('Error tracking feature', error);
+    res.statusCode = 500;
+    res.send({ error: error.message });
+  }
+});
+
+export { trackingRouter };

lib/api/routes/userRoute.js

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2025 by Christian Kellner.
+ * Copyright (c) 2026 by Christian Kellner.
  * Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
  */
 

lib/api/routes/userSettingsRoute.js

@@ -0,0 +1,121 @@
+/*
+ * Copyright (c) 2026 by Christian Kellner.
+ * Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
+ */
+
+import restana from 'restana';
+import SqliteConnection from '../../services/storage/SqliteConnection.js';
+import { getSettings, upsertSettings } from '../../services/storage/settingsStorage.js';
+import { resetGeocoordinatesAndDistanceForUser } from '../../services/storage/listingsStorage.js';
+import { geocodeAddress } from '../../services/geocoding/geoCodingService.js';
+import { autocompleteAddress } from '../../services/geocoding/autocompleteService.js';
+import { fromJson } from '../../utils.js';
+import { trackPoi } from '../../services/tracking/Tracker.js';
+import { TRACKING_POIS } from '../../TRACKING_POIS.js';
+import logger from '../../services/logger.js';
+import { runGeoCordTask } from '../../services/crons/geocoding-cron.js';
+
+const service = restana();
+const userSettingsRouter = service.newRouter();
+
+userSettingsRouter.get('/', async (req, res) => {
+  const userId = req.session.currentUser;
+  const rows = SqliteConnection.query('SELECT name, value FROM settings WHERE user_id = @userId', { userId });
+  const settings = {};
+  for (const r of rows) {
+    settings[r.name] = fromJson(r.value, null);
+  }
+  res.body = settings;
+  res.send();
+});
+
+userSettingsRouter.get('/autocomplete', async (req, res) => {
+  const { q } = req.query;
+  try {
+    const results = await autocompleteAddress(q);
+    res.body = results;
+    res.send();
+  } catch (error) {
+    res.statusCode = 500;
+    res.send({ error: error.message });
+  }
+});
+
+userSettingsRouter.post('/home-address', async (req, res) => {
+  const userId = req.session.currentUser;
+  const { home_address } = req.body;
+  const settings = await getSettings();
+
+  if (settings.demoMode) {
+    res.send(new Error('In demo mode, it is not allowed to change the home address.'));
+    return;
+  }
+
+  try {
+    if (home_address) {
+      await trackPoi(TRACKING_POIS.DISTANCE_ADDRESS_ENTERED);
+      const coords = await geocodeAddress(home_address);
+      if (coords && coords.lat !== -1) {
+        upsertSettings({ home_address: { address: home_address, coords } }, userId);
+        resetGeocoordinatesAndDistanceForUser(userId);
+        //we do NOT wait for this to finish, as we don't want to block the response
+        runGeoCordTask();
+        res.send({ success: true, coords });
+      } else {
+        res.statusCode = 400;
+        res.send({ error: 'Could not geocode address' });
+      }
+    } else {
+      upsertSettings({ home_address: null }, userId);
+      res.send({ success: true });
+    }
+  } catch (error) {
+    logger.error('Error updating home address settings', error);
+    res.statusCode = 500;
+    res.send({ error: error.message });
+  }
+});
+
+userSettingsRouter.post('/news-hash', async (req, res) => {
+  const userId = req.session.currentUser;
+  const { news_hash } = req.body;
+
+  const globalSettings = await getSettings();
+  if (globalSettings.demoMode) {
+    res.statusCode = 403;
+    res.send({ error: 'In demo mode, it is not allowed to change settings.' });
+    return;
+  }
+
+  try {
+    upsertSettings({ news_hash }, userId);
+    res.send({ success: true });
+  } catch (error) {
+    logger.error('Error updating news hash', error);
+    res.statusCode = 500;
+    res.send({ error: error.message });
+  }
+});
+
+userSettingsRouter.post('/immoscout-details', async (req, res) => {
+  const userId = req.session.currentUser;
+  const { immoscout_details } = req.body;
+
+  const globalSettings = await getSettings();
+  if (globalSettings.demoMode) {
+    res.statusCode = 403;
+    res.send({ error: 'In demo mode, it is not allowed to change settings.' });
+    return;
+  }
+
+  try {
+    upsertSettings({ immoscout_details: !!immoscout_details }, userId);
+    res.send({ success: true });
+  } catch (error) {
+    logger.error('Error updating immoscout details setting', error);
+    res.statusCode = 500;
+    res.send({ error: error.message });
+  }
+});
+
+export { userSettingsRouter };

lib/api/routes/versionRouter.js

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2025 by Christian Kellner.
+ * Copyright (c) 2026 by Christian Kellner.
  * Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
  */
 

lib/api/security.js

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2025 by Christian Kellner.
+ * Copyright (c) 2026 by Christian Kellner.
  * Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
  */
 

lib/defaultConfig.js

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2025 by Christian Kellner.
+ * Copyright (c) 2026 by Christian Kellner.
  * Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
  */
 

lib/errors.js

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2025 by Christian Kellner.
+ * Copyright (c) 2026 by Christian Kellner.
  * Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
  */
 

lib/features.js

@@ -1,14 +0,0 @@
-/*
- * Copyright (c) 2025 by Christian Kellner.
- * Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
- */
-
-const FEATURES = {
-  WATCHLIST_MANAGEMENT: false,
-};
-
-export default function getFeatures() {
-  return {
-    ...FEATURES,
-  };
-}

lib/mcp/README.md

@@ -0,0 +1,323 @@
+ # Fredy MCP Server
+
+The Fredy MCP Server exposes your real estate jobs and listings data to LLM clients. It supports two transports:
+
+- **Stdio**: for local LLM clients (Claude Desktop, LM Studio, llm-cli, mcp-cli, etc.)
+- **Streamable HTTP**: for remote LLM clients (ChatGPT, cloud-hosted agents, etc.)
+
+## Authentication
+
+All MCP access is **token-based** based. Every Fredy user is automatically assigned a **permanent, non-expiring MCP token** when their account is created. This token is a secret and should be treated like a password.
+
+### Where to find your token
+
+MCP tokens are displayed in the **User Management** list (Admin → Users). Each user's token is shown in the **"MCP Token"** column.
+
+> **Important:** MCP tokens never expire. They are permanent secrets tied to each user account. If a token is compromised, you must change the token! If you chose to use a token from an admin account, the LLM can query information from ALL jobs/listings. 
+
+## Available Tools
+
+| Tool | Description                                                                    |
+|------|--------------------------------------------------------------------------------|
+| `list_jobs` | List real estate search jobs with pagination and text filtering                |
+| `get_job` | Get detailed information about a specific job                                  |
+| `list_listings` | Search and list real estate listings with pagination, text search, and filters |
+| `get_listing` | Get full details of a single listing                                           |
+| `get_current_date_time` | Gets the current date/time for the llm to be used                              |
+
+### Tool Details
+
+#### list_jobs
+- `page` (number, optional) – Page number (default: 1)
+- `pageSize` (number, optional) – Results per page (default: 50, max: 1000). Use pagination to fetch more.
+- `filter` (string, optional) – Free-text filter on job name
+
+Response: markdown table with columns ID, Name, Enabled, Active Listings. Includes summary and pagination info.
+
+#### get_job
+- `jobId` (string, required) – The job ID to retrieve
+
+#### list_listings
+- `page` (number, optional) – Page number (default: 1)
+- `pageSize` (number, optional) – Results per page (default: 50, max: 1000). Use pagination to fetch more.
+- `filter` (string, optional) – Free-text search across title, address, provider, link
+- `jobId` (string, optional) – Filter listings by job ID
+- `activeOnly` (boolean, optional) – When true, only show active listings
+- `provider` (string, optional) – Filter by provider name
+- `createdAfter` (number, optional) – Only include listings created at or after this unix timestamp in milliseconds (e.g. `1772008362564`). Useful for queries like "give me all listings from today".
+- `createdBefore` (number, optional) – Only include listings created at or before this unix timestamp in milliseconds (e.g. `1772008362564`).
+- `minPrice` (number, optional) – Only include listings with price >= this value (e.g. `500`). Numeric, no currency symbol.
+- `maxPrice` (number, optional) – Only include listings with price <= this value (e.g. `1500`). Numeric, no currency symbol.
+- `sortField` (string, optional) – Sort by: created_at, price, size, provider, title, is_active
+- `sortDir` (string, optional) – Sort direction: asc or desc
+
+Response: markdown table with columns ID, Title, Address, Price, Size, Provider, Active, Created, Job. Includes summary and pagination info. Use `get_listing` for full details.
+
+> **Note:** All timestamps are **unix timestamps in milliseconds** (e.g. `1772008362564`), not seconds.
+
+#### get_listing
+- `listingId` (string, required) – The listing ID to retrieve
+
+## Usage with Local LLM (stdio transport)
+
+The stdio transport communicates over stdin/stdout and is ideal for local LLM tools.
+
+### Quick Start
+
+```bash
+MCP_TOKEN=fredy_<your-token> node mcp/stdio.js
+# or
+MCP_TOKEN=fredy_<your-token> yarn mcp:stdio
+```
+
+### Testing with MCP Inspector
+
+The [MCP Inspector](https://github.com/modelcontextprotocol/inspector) lets you interactively test your MCP server in a browser UI.
+
+```bash
+npx @modelcontextprotocol/inspector -e MCP_TOKEN=fredy_<your-token> -- node mcp/stdio.js
+```
+
+Once the inspector is running, open the URL shown in your terminal (usually `http://localhost:6274`). You can then:
+1. Click **Connect** to establish the stdio connection
+2. Go to the **Tools** tab to see all available tools
+3. Select a tool, fill in parameters, and click **Run** to test it
+
+### LM Studio Configuration
+
+[LM Studio](https://lmstudio.ai/) supports MCP servers natively, allowing your local LLM to access Fredy's jobs and listings data.
+
+#### Setup
+
+1. Open **LM Studio** and load a model that supports tool use (e.g., Qwen 2.5, Llama 3.1, Mistral, etc.)
+2. In the right side  under **Integrations** click on "# install" and "edit mcp.json"
+3. Edit the LM Studio MCP config file directly (`~/.lmstudio/config/mcp.json` or via the UI export):
+
+   ```json
+   {
+     "mcpServers": {
+       "fredy": {
+         "command": "node",
+         "args": ["/absolute/path/to/fredy/mcp/stdio.js"],
+         "env": {
+           "MCP_TOKEN": "fredy_<your-token>"
+         }
+       }
+     }
+   }
+   ```
+
+4. Toggle the server **on**: LM Studio will spawn the stdio process and connect
+5. You should see the Fredy tools appear as available tools
+
+#### Suggestion on LLM
+After testing numerous LLM's, I got the best results with Qwen 3.5 or Qwen 2.5.. E.g. `Qwen2.5-14B-Instruct-1M-8bit`.
+
+#### Usage
+
+Once connected, simply ask your LLM about your real estate data in natural language:
+
+- *"Show me all my active search jobs"*
+- *"List the latest listings from my Berlin apartment search"*
+- *"Get details for listing XYZ"*
+- *"What are the cheapest listings across all my jobs?"*
+
+The LLM will automatically call the appropriate Fredy MCP tools and present the results.
+
+> **Tip:** Make sure Fredy is running and the database is accessible before starting the MCP server in LM Studio. The stdio transport initializes its own database connection, so Fredy's main process does not need to be running, but the database file must exist and be up-to-date (migrations applied).
+
+### Claude Desktop Configuration
+
+[Claude Desktop](https://claude.ai/download) supports MCP servers natively via its developer settings.
+
+#### Setup
+
+1. Open **Claude Desktop**
+2. Go to **Settings → Developer → Edit Config** — this opens the `claude_desktop_config.json` file
+3. Add the `fredy` server to the `mcpServers` object:
+
+   ```json
+   {
+     "mcpServers": {
+       "fredy": {
+         "command": "/opt/homebrew/opt/node@22/bin/node",
+         "args": ["/absolute/path/to/fredy/lib/mcp/stdio.js"],
+         "env": {
+           "MCP_TOKEN": "fredy_<your-token>"
+         }
+       }
+     }
+   }
+   ```
+
+   Replace `/absolute/path/to/fredy` with the actual path on your machine (e.g. `/Users/you/dev/fredy`).
+
+   > **Important:** Claude Desktop launches with a restricted `PATH` and often cannot find `node` by name. Always use the **full absolute path** to the node binary. Find yours by running `which node` in a terminal. Common locations:
+   > - Homebrew (default): `/opt/homebrew/bin/node`
+   > - Homebrew (versioned, e.g. node@22): `/opt/homebrew/opt/node@22/bin/node`
+   > - nvm: `/Users/<you>/.nvm/versions/node/<version>/bin/node`
+
+4. Save the file and **restart Claude Desktop**
+5. You should see a hammer icon (🔨) in the chat input — click it to confirm the Fredy tools are listed
+
+#### Usage
+
+Once connected, simply ask Claude about your real estate data:
+
+- *"Show me all my active search jobs"*
+- *"List the latest listings from my Berlin apartment search"*
+- *"What are the cheapest apartments added this week?"*
+
+Claude will automatically call the appropriate Fredy MCP tools.
+
+> **Note:** Fredy's main web process does not need to be running — the stdio transport opens its own database connection directly. But the SQLite database file must exist and migrations must have been applied.
+
+---
+
+## Usage with Remote LLM (Streamable HTTP transport)
+
+The HTTP transport is automatically available when Fredy is running. It uses the MCP Streamable HTTP protocol at:
+
+```
+POST   /api/mcp   – JSON-RPC messages (initialize, tool calls)
+GET    /api/mcp   – SSE stream for server-initiated notifications
+DELETE /api/mcp   – Terminate session
+```
+
+### Authentication
+
+All requests must include the token as a Bearer token:
+
+```
+Authorization: Bearer fredy_<your-token>
+```
+
+### Example: Initialize a session
+
+```bash
+curl -X POST http://localhost:9998/api/mcp \
+  -H "Content-Type: application/json" \
+  -H "Authorization: Bearer fredy_<your-token>" \
+  -d '{
+    "jsonrpc": "2.0",
+    "id": 1,
+    "method": "initialize",
+    "params": {
+      "protocolVersion": "2025-03-26",
+      "capabilities": {},
+      "clientInfo": { "name": "test-client", "version": "1.0.0" }
+    }
+  }'
+```
+
+### Example: Call a tool
+
+```bash
+curl -X POST http://localhost:9998/api/mcp \
+  -H "Content-Type: application/json" \
+  -H "Authorization: Bearer fredy_<your-token>" \
+  -H "Mcp-Session-Id: <session-id-from-init-response>" \
+  -d '{
+    "jsonrpc": "2.0",
+    "id": 2,
+    "method": "tools/call",
+    "params": {
+      "name": "list_jobs",
+      "arguments": { "page": 1, "pageSize": 10 }
+    }
+  }'
+```
+
+## Security
+
+- Every user is automatically assigned a permanent MCP token at account creation – **tokens never expire**
+- Tokens are cryptographically random (256-bit) and prefixed with `fredy_`
+- Each token is scoped to a single user – the LLM can only access that user's data
+- Non-admin users only see their own jobs and jobs shared with them
+- Tokens are stored in the `mcp_token` column of the `users` table
+- Tokens are deleted automatically when the owning user is removed
+- The `/api/mcp` endpoint uses Bearer token auth (independent of cookie-session)
+- Treat MCP tokens like passwords – do not share them publicly
+
+## Response Format
+
+All tool responses use **markdown** instead of JSON for maximum LLM readability and token efficiency:
+
+- **List responses** (list_jobs, list_listings) use markdown tables with a summary line and pagination footer
+- **Detail responses** (get_job, get_listing) use markdown key-value lists
+- **Error responses** include the tool name and error message
+
+Example list response:
+
+```
+**Tool:** list_listings | **Status:** OK
+
+Found **85** listing(s). Showing page 1 of 2 (50 on this page). More pages available — use page=2 to continue.
+
+| ID | Title | Address | Price | Size | Provider | Active | Created | Job |
+|----|-------|---------|-------|------|----------|--------|---------|-----|
+| abc123 | Nice flat | Berlin | 1200 | 70 | immoscout | yes | 2026-02-25 10:30:00 | My Search |
+| ... | ... | ... | ... | ... | ... | ... | ... | ... |
+
+Use **get_listing** with an ID for full details (description, link, image).
+
+**Page:** 1/2 | **Has more:** yes
+```
+
+Example detail response:
+
+```
+**Tool:** get_listing | **Status:** OK
+
+### Listing: Nice flat
+
+- **ID:** abc123
+- **Title:** Nice flat
+- **Address:** Berlin
+- **Price:** 1200
+- **Size:** 70
+- **Provider:** immoscout
+- **Link:** https://...
+- **Active:** yes
+- **Created:** 2026-02-25 10:30:00
+```
+
+Markdown is used because it is significantly more token-efficient than JSON (~40-60% fewer tokens for tabular data) and natively understood by all LLMs.
+
+## Architecture
+
+```
+┌─────────────────┐     stdio      ┌──────────────┐
+│  Local LLM      │◄──────────────►│  mcp/stdio.js│
+│  (LM Studio,    │                │  (transport)  │
+│   Claude, etc.) │                │               │
+└─────────────────┘                └──────┬───────┘
+                                          │
+┌─────────────────┐  Streamable HTTP ┌────┴────────┐
+│  Remote LLM     │◄───────────────►│  /api/mcp    │
+│                 │  (Bearer token) │  (transport)  │
+└─────────────────┘                 └──────┬───────┘
+                                           │
+                                ┌──────────┴──────────┐
+                                │  mcpAuthentication  │
+                                │  (token validation, │
+                                │   access control)   │
+                                └──────────┬──────────┘
+                                           │
+                                  ┌────────┴────────┐
+                                  │  mcpAdapter.js  │
+                                  │  (tool routing  │
+                                  │   + data fetch) │
+                                  └────────┬────────┘
+                                           │
+                                  ┌────────┴────────┐
+                                  │ mcpNormalizer.js│
+                                  │ (markdown       │
+                                  │  formatting)    │
+                                  └────────┬────────┘
+                                           │
+                                    ┌──────┴───────┐
+                                    │  Fredy DB    │
+                                    │  (SQLite)    │
+                                    └──────────────┘
+```

lib/mcp/mcpAdapter.js

@@ -0,0 +1,231 @@
+/*
+ * Copyright (c) 2026 by Christian Kellner.
+ * Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
+ */
+
+/*
+ * Copyright (c) 2026 by Christian Kellner.
+ * Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
+ */
+import { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
+import { z } from 'zod';
+import { queryJobs, getJob } from '../services/storage/jobStorage.js';
+import { queryListings, getListingById } from '../services/storage/listingsStorage.js';
+import { authenticateToolCall, checkJobAccess } from './mcpAuthentication.js';
+import {
+  normalizeListJobs,
+  normalizeGetJob,
+  normalizeListListings,
+  normalizeGetListing,
+  normalizeError,
+} from './mcpNormalizer.js';
+
+/**
+ * Create a configured MCP server instance with all Fredy tools registered.
+ *
+ * The adapter fetches raw data from storage and delegates response formatting
+ * to the normalizer layer (mcpNormalizer.js) which produces a consistent
+ * { ok, summary, data, meta } envelope for every tool response.
+ *
+ * Each tool call requires a userId (resolved from the MCP token before invocation).
+ * Tools respect user scoping: non-admin users only see their own jobs/listings.
+ *
+ * @returns {McpServer}
+ */
+export function createMcpServer() {
+  const server = new McpServer(
+    {
+      name: 'fredy-mcp',
+      version: '1.0.0',
+    },
+    {
+      capabilities: {
+        tools: {},
+      },
+      instructions:
+        'Fredy MCP Server – query real estate jobs and listings. ' +
+        'All timestamps are unix timestamps in milliseconds (e.g. 1772008362564). ' +
+        'Use list_jobs to browse jobs, get_job for details, ' +
+        'list_listings to search listings (supports time filters like createdAfter/createdBefore), ' +
+        'and get_listing for full details of a single listing. ' +
+        'Responses are formatted as markdown with a summary, data (tables for lists, key-value for details), and pagination info. ' +
+        'Always present results to the user as soon as you have them — do NOT call the tool again unless you need additional pages or different data.',
+    },
+  );
+
+  // ── list_jobs ───────────────────────────────────────────────────────
+  server.tool(
+    'list_jobs',
+    'List real estate search jobs for the authenticated user. ' +
+      'Returns up to 50 jobs per page by default. Use pagination (page parameter) to fetch more. ' +
+      'Check meta.hasMore to know if there are additional pages.',
+    {
+      page: z.number().optional().describe('Page number (default: 1)'),
+      pageSize: z
+        .number()
+        .optional()
+        .describe('Results per page (default: 50, max: 1000). Start with the default and paginate if needed.'),
+      filter: z.string().optional().describe('Free-text filter on job name'),
+    },
+    async ({ page, pageSize, filter }, extra) => {
+      const { user, error } = authenticateToolCall(extra, 'list_jobs');
+      if (error) return normalizeError(error, 'list_jobs');
+
+      const safePage = page ?? 1;
+      const safePageSize = pageSize ?? 50;
+
+      const result = queryJobs({
+        page: safePage,
+        pageSize: safePageSize,
+        freeTextFilter: filter,
+        userId: user.id,
+        isAdmin: user.isAdmin,
+      });
+
+      return normalizeListJobs(result, { page: safePage, pageSize: safePageSize });
+    },
+  );
+
+  // ── get_job ─────────────────────────────────────────────────────────
+  server.tool(
+    'get_job',
+    'Get detailed information about a specific job by its ID.',
+    {
+      jobId: z.string().describe('The job ID to retrieve'),
+    },
+    async ({ jobId }, extra) => {
+      const { user, error } = authenticateToolCall(extra, 'get_job');
+      if (error) return normalizeError(error, 'get_job');
+
+      const job = getJob(jobId);
+      if (!job) {
+        return normalizeError('Job not found.', 'get_job');
+      }
+
+      if (!checkJobAccess(user, job)) {
+        return normalizeError('Access denied.', 'get_job');
+      }
+
+      return normalizeGetJob(job);
+    },
+  );
+
+  // ── list_listings ───────────────────────────────────────────────────
+  server.tool(
+    'list_listings',
+    'Search and list real estate listings. Returns up to 50 listings per page by default. ' +
+      'Use pagination (page parameter) to fetch more. Check meta.hasMore in the response. ' +
+      'Supports text search, time filtering, and various filters. ' +
+      'All timestamps are unix timestamps in milliseconds (e.g. 1772008362564). ' +
+      'Use createdAfter/createdBefore to filter by time, e.g. "give me all listings from today". ' +
+      'Use get_listing to get full details (description, link, image) for a specific listing.',
+    {
+      page: z.number().optional().describe('Page number (default: 1)'),
+      pageSize: z
+        .number()
+        .optional()
+        .describe('Results per page (default: 50, max: 1000). Start with the default and paginate if needed.'),
+      filter: z.string().optional().describe('Free-text search across title, address, provider, link'),
+      jobId: z.string().optional().describe('Filter listings by job ID'),
+      activeOnly: z.boolean().optional().describe('When true, only show active listings'),
+      provider: z.string().optional().describe('Filter by provider name'),
+      createdAfter: z
+        .number()
+        .optional()
+        .describe(
+          'Only include listings created at or after this unix timestamp in milliseconds (e.g. 1772008362564). Useful for queries like "listings from today".',
+        ),
+      createdBefore: z
+        .number()
+        .optional()
+        .describe(
+          'Only include listings created at or before this unix timestamp in milliseconds (e.g. 1772008362564).',
+        ),
+      minPrice: z
+        .number()
+        .optional()
+        .describe(
+          'Only include listings with price >= this value (e.g. 500). Price is a numeric value (no currency symbol).',
+        ),
+      maxPrice: z
+        .number()
+        .optional()
+        .describe(
+          'Only include listings with price <= this value (e.g. 1500). Price is a numeric value (no currency symbol).',
+        ),
+      sortField: z.string().optional().describe('Sort by: created_at, price, size, provider, title, is_active'),
+      sortDir: z.string().optional().describe('Sort direction: asc or desc'),
+    },
+    async (
+      {
+        page,
+        pageSize,
+        filter,
+        jobId,
+        activeOnly,
+        provider,
+        createdAfter,
+        createdBefore,
+        minPrice,
+        maxPrice,
+        sortField,
+        sortDir,
+      },
+      extra,
+    ) => {
+      const { user, error } = authenticateToolCall(extra, 'list_listings');
+      if (error) return normalizeError(error, 'list_listings');
+
+      const safePage = page ?? 1;
+      const safePageSize = pageSize ?? 50;
+
+      const result = queryListings({
+        page: safePage,
+        pageSize: safePageSize,
+        freeTextFilter: filter,
+        jobIdFilter: jobId,
+        activityFilter: activeOnly === true ? true : activeOnly === false ? false : undefined,
+        providerFilter: provider,
+        createdAfter: createdAfter ?? null,
+        createdBefore: createdBefore ?? null,
+        minPrice: minPrice ?? null,
+        maxPrice: maxPrice ?? null,
+        sortField: sortField ?? null,
+        sortDir: sortDir ?? 'desc',
+        userId: user.id,
+        isAdmin: user.isAdmin,
+      });
+
+      return normalizeListListings(result, { page: safePage, pageSize: safePageSize });
+    },
+  );
+
+  // ── get_listing ─────────────────────────────────────────────────────
+  server.tool(
+    'get_listing',
+    'Get full details of a single listing by its ID.',
+    {
+      listingId: z.string().describe('The listing ID to retrieve'),
+    },
+    async ({ listingId }, extra) => {
+      const { user, error } = authenticateToolCall(extra, 'get_listing');
+      if (error) return normalizeError(error, 'get_listing');
+
+      const listing = getListingById(listingId, user.id, user.isAdmin);
+      if (!listing) {
+        return normalizeError('Listing not found or access denied.', 'get_listing');
+      }
+
+      return normalizeGetListing(listing);
+    },
+  );
+
+  // ── get_current_date_ime ─────────────────────────────────────────────────────
+  server.tool('get_current_date_time', 'Returns the current date and time.', {}, () => {
+    return {
+      content: [{ type: 'text', text: `Timestring: ${new Date().toLocaleString()}, MS since 1970: ${Date.now()}` }],
+    };
+  });
+
+  return server;
+}

lib/mcp/mcpAuthentication.js

@@ -0,0 +1,66 @@
+/*
+ * Copyright (c) 2026 by Christian Kellner.
+ * Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
+ */
+
+/**
+ * MCP Authentication Layer
+ *
+ * Centralizes all authentication and authorization logic for MCP tool calls
+ * and HTTP requests. Ensures consistent access control across all transports.
+ */
+
+import { getUser, validateMcpToken } from '../services/storage/userStorage.js';
+
+/**
+ * Authenticate an MCP tool call by extracting and validating the user from authInfo.
+ *
+ * @param {{ authInfo?: { userId?: string } }} extra - The extra context passed by the MCP SDK.
+ * @returns {{ user: object|null, error: string|null }}
+ *   - On success: { user: <userObject>, error: null }
+ *   - On failure: { user: null, error: <errorMessage> }
+ */
+export function authenticateToolCall(extra) {
+  const userId = extra?.authInfo?.userId;
+  if (!userId) {
+    return { user: null, error: 'Authentication required. Please provide a valid MCP API token.' };
+  }
+
+  const user = getUser(userId);
+  if (!user) {
+    return { user: null, error: 'Authentication required. Please provide a valid MCP API token.' };
+  }
+
+  return { user, error: null };
+}
+
+/**
+ * Check whether a user has access to a specific job.
+ * Admins have access to all jobs. Non-admins can only access their own jobs
+ * or jobs explicitly shared with them.
+ *
+ * @param {object} user - The authenticated user object.
+ * @param {object} job - The job object from storage.
+ * @returns {boolean} True if the user is allowed to access this job.
+ */
+export function checkJobAccess(user, job) {
+  if (user.isAdmin) return true;
+  if (job.userId === user.id) return true;
+  if (Array.isArray(job.shared_with_user) && job.shared_with_user.includes(user.id)) return true;
+  return false;
+}
+
+/**
+ * Authenticate an HTTP request by extracting and validating the Bearer token
+ * from the Authorization header.
+ *
+ * @param {import('http').IncomingMessage} req
+ * @returns {{ userId: string } | null} The authenticated user info, or null if invalid.
+ */
+export function authenticateRequest(req) {
+  const authHeader = req.headers['authorization'] || '';
+  if (!authHeader.startsWith('Bearer ')) return null;
+  const token = authHeader.slice(7).trim();
+  if (!token) return null;
+  return validateMcpToken(token);
+}

lib/mcp/mcpHttpRoute.js

@@ -0,0 +1,131 @@
+/*
+ * Copyright (c) 2026 by Christian Kellner.
+ * Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
+ */
+
+/*
+ * Copyright (c) 2026 by Christian Kellner.
+ * Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
+ */
+import { StreamableHTTPServerTransport } from '@modelcontextprotocol/sdk/server/streamableHttp.js';
+import { createMcpServer } from './mcpAdapter.js';
+import { authenticateRequest } from './mcpAuthentication.js';
+import logger from '../services/logger.js';
+import crypto from 'crypto';
+
+/**
+ * Active transports keyed by session id.
+ * Each session gets its own McpServer + StreamableHTTPServerTransport pair.
+ * @type {Map<string, { server: McpServer, transport: StreamableHTTPServerTransport }>}
+ */
+const sessions = new Map();
+
+/**
+ * Get or create a session for the given session id with authentication.
+ * @param {string|undefined} sessionId
+ * @param {{ userId: string }} auth
+ * @returns {{ server: McpServer, transport: StreamableHTTPServerTransport }}
+ */
+function getOrCreateSession(sessionId, auth) {
+  if (sessionId && sessions.has(sessionId)) {
+    return sessions.get(sessionId);
+  }
+
+  const transport = new StreamableHTTPServerTransport({
+    sessionIdGenerator: () => crypto.randomUUID(),
+    onsessioninitialized: (sid) => {
+      sessions.set(sid, entry);
+      logger.debug(`MCP session created: ${sid}`);
+    },
+  });
+
+  const server = createMcpServer();
+  const entry = { server, transport, userId: auth.userId };
+
+  transport.onclose = () => {
+    const sid = transport.sessionId;
+    if (sid) {
+      sessions.delete(sid);
+      logger.debug(`MCP session closed: ${sid}`);
+    }
+  };
+
+  return entry;
+}
+
+/**
+ * Register MCP Streamable HTTP routes on a restana service.
+ *
+ * Mounts handlers at /api/mcp to handle the MCP Streamable HTTP protocol:
+ * - POST /api/mcp  – JSON-RPC messages (initialize, tool calls, etc.)
+ * - GET  /api/mcp  – SSE stream for server-initiated notifications
+ * - DELETE /api/mcp – session termination
+ *
+ * All endpoints require a valid Bearer token in the Authorization header.
+ *
+ * @param {import('restana').Service} service - The restana service instance.
+ */
+export function registerMcpRoutes(service) {
+  // POST – main JSON-RPC endpoint
+  service.post('/api/mcp', async (req, res) => {
+    const auth = authenticateRequest(req);
+    if (!auth) {
+      res.statusCode = 401;
+      return res.send({ error: 'Unauthorized. Provide a valid Bearer token.' });
+    }
+
+    const sessionId = req.headers['mcp-session-id'];
+    const { server, transport } = getOrCreateSession(sessionId, auth);
+
+    // Connect server to transport if not already connected
+    if (!transport.onmessage) {
+      await server.connect(transport);
+    }
+
+    // Inject authInfo so tools can access the authenticated user
+    req.auth = { userId: auth.userId };
+
+    await transport.handleRequest(req, res, req.body);
+  });
+
+  // GET – SSE stream for server-initiated messages
+  service.get('/api/mcp', async (req, res) => {
+    const auth = authenticateRequest(req);
+    if (!auth) {
+      res.statusCode = 401;
+      return res.send({ error: 'Unauthorized. Provide a valid Bearer token.' });
+    }
+
+    const sessionId = req.headers['mcp-session-id'];
+    if (!sessionId || !sessions.has(sessionId)) {
+      res.statusCode = 400;
+      return res.send({ error: 'Invalid or missing session. Send an initialize request first.' });
+    }
+
+    const { transport } = sessions.get(sessionId);
+    await transport.handleRequest(req, res);
+  });
+
+  // DELETE – terminate session
+  service.delete('/api/mcp', async (req, res) => {
+    const auth = authenticateRequest(req);
+    if (!auth) {
+      res.statusCode = 401;
+      return res.send({ error: 'Unauthorized. Provide a valid Bearer token.' });
+    }
+
+    const sessionId = req.headers['mcp-session-id'];
+    if (!sessionId || !sessions.has(sessionId)) {
+      res.statusCode = 404;
+      return res.send({ error: 'Session not found.' });
+    }
+
+    const { transport } = sessions.get(sessionId);
+    await transport.close();
+    sessions.delete(sessionId);
+    res.statusCode = 200;
+    res.send({ ok: true });
+  });
+
+  logger.debug('MCP Streamable HTTP endpoint registered at /api/mcp');
+}

lib/mcp/mcpNormalizer.js

@@ -0,0 +1,180 @@
+/*
+ * Copyright (c) 2026 by Christian Kellner.
+ * Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
+ */
+
+/**
+ * MCP Response Normalizer
+ *
+ * Transforms raw adapter data into LLM-friendly markdown responses.
+ * Markdown is significantly better than JSON for LLM consumption because:
+ * - LLMs are trained extensively on markdown text
+ * - Markdown tables are ~40-60% more token-efficient than JSON arrays
+ * - Less syntactic noise (no quotes, brackets, commas around every value)
+ * - Natively readable and structured
+ *
+ * Each response follows a consistent structure:
+ * 1. Status line (OK/ERROR + tool name)
+ * 2. Summary (human-readable description)
+ * 3. Data (markdown table for lists, key-value for single items)
+ * 4. Pagination info (for list responses)
+ */
+
+/**
+ * Wrap a markdown string as an MCP text content result.
+ * @param {string} markdown
+ * @param {boolean} [isError=false]
+ * @returns {{ content: Array, isError?: boolean }}
+ */
+function toMcpResponse(markdown, isError = false) {
+  const result = {
+    content: [{ type: 'text', text: markdown }],
+  };
+  if (isError) result.isError = true;
+  return result;
+}
+
+/**
+ * Format a unix timestamp (ms) as a human-readable date string.
+ * @param {number|null|undefined} ts
+ * @returns {string}
+ */
+function formatDate(ts) {
+  if (ts == null) return '–';
+  return new Date(ts)
+    .toISOString()
+    .replace('T', ' ')
+    .replace(/\.\d{3}Z$/, '');
+}
+
+/**
+ * Escape pipe characters in table cell values.
+ * @param {*} val
+ * @returns {string}
+ */
+function cell(val) {
+  if (val == null) return '–';
+  return String(val).replace(/\|/g, '\\|').replace(/\n/g, ' ');
+}
+
+/**
+ * Normalize a list_jobs response.
+ * @param {{ totalNumber: number, page: number, result: object[] }} queryResult
+ * @param {{ page: number, pageSize: number }} params
+ * @returns {{ content: Array }}
+ */
+export function normalizeListJobs(queryResult, { page, pageSize }) {
+  const maxPage = Math.max(1, Math.ceil(queryResult.totalNumber / pageSize));
+  const hasMore = page < maxPage;
+  const jobs = queryResult.result;
+
+  let md = `**Tool:** list_jobs | **Status:** OK\n\n`;
+  md += `Found **${queryResult.totalNumber}** job(s). Showing page ${page} of ${maxPage} (${jobs.length} on this page).`;
+  if (hasMore) md += ` More pages available — use page=${page + 1} to continue.`;
+  md += '\n\n';
+
+  if (jobs.length > 0) {
+    md += `| ID | Name | Enabled | Active Listings |\n`;
+    md += `|----|------|---------|----------------|\n`;
+    for (const j of jobs) {
+      md += `| ${cell(j.id)} | ${cell(j.name)} | ${j.enabled ? 'yes' : 'no'} | ${j.numberOfFoundListings ?? 0} |\n`;
+    }
+  } else {
+    md += `No jobs found.\n`;
+  }
+
+  md += `\n**Page:** ${page}/${maxPage} | **Has more:** ${hasMore ? 'yes' : 'no'}`;
+  return toMcpResponse(md);
+}
+
+/**
+ * Normalize a get_job response.
+ * @param {object} job - The job object from storage.
+ * @returns {{ content: Array }}
+ */
+export function normalizeGetJob(job) {
+  const providers = (job.provider ?? []).map((p) => p.id || p);
+
+  let md = `**Tool:** get_job | **Status:** OK\n\n`;
+  md += `### Job: ${job.name || job.id}\n\n`;
+  md += `- **ID:** ${job.id}\n`;
+  md += `- **Name:** ${job.name || '–'}\n`;
+  md += `- **Enabled:** ${job.enabled ? 'yes' : 'no'}\n`;
+  md += `- **Active Listings:** ${job.numberOfFoundListings ?? 0}\n`;
+  md += `- **Providers:** ${providers.length > 0 ? providers.join(', ') : '–'}\n`;
+  md += `- **Blacklist:** ${(job.blacklist ?? []).length > 0 ? job.blacklist.join(', ') : '–'}\n`;
+
+  return toMcpResponse(md);
+}
+
+/**
+ * Normalize a list_listings response.
+ * @param {{ totalNumber: number, page: number, result: object[] }} queryResult
+ * @param {{ page: number, pageSize: number }} params
+ * @returns {{ content: Array }}
+ */
+export function normalizeListListings(queryResult, { page, pageSize }) {
+  const maxPage = Math.max(1, Math.ceil(queryResult.totalNumber / pageSize));
+  const hasMore = page < maxPage;
+  const listings = queryResult.result;
+
+  let md = `**Tool:** list_listings | **Status:** OK\n\n`;
+  md += `Found **${queryResult.totalNumber}** listing(s). Showing page ${page} of ${maxPage} (${listings.length} on this page).`;
+  if (hasMore) md += ` More pages available — use page=${page + 1} to continue.`;
+  md += '\n\n';
+
+  if (listings.length > 0) {
+    md += `| ID | Title | Address | Price | Size | Provider | Active | Created | Job |\n`;
+    md += `|----|-------|---------|-------|------|----------|--------|---------|-----|\n`;
+    for (const l of listings) {
+      md += `| ${cell(l.id)} | ${cell(l.title)} | ${cell(l.address)} | ${cell(l.price)} | ${cell(l.size)} | ${cell(l.provider)} | ${l.is_active ? 'yes' : 'no'} | ${formatDate(l.created_at)} | ${cell(l.job_name)} |\n`;
+    }
+    md += `\nUse **get_listing** with an ID for full details (description, link, image).\n`;
+  } else {
+    md += `No listings found.\n`;
+  }
+
+  md += `\n**Page:** ${page}/${maxPage} | **Has more:** ${hasMore ? 'yes' : 'no'}`;
+  return toMcpResponse(md);
+}
+
+/**
+ * Normalize a get_listing response.
+ * @param {object} listing - The listing object from storage.
+ * @returns {{ content: Array }}
+ */
+export function normalizeGetListing(listing) {
+  let md = `**Tool:** get_listing | **Status:** OK\n\n`;
+  md += `### Listing: ${listing.title || listing.id}\n\n`;
+  md += `- **ID:** ${listing.id}\n`;
+  md += `- **Title:** ${listing.title || '–'}\n`;
+  md += `- **Description:** ${listing.description || '–'}\n`;
+  md += `- **Address:** ${listing.address || '–'}\n`;
+  md += `- **Price:** ${listing.price ?? '–'}\n`;
+  md += `- **Size:** ${listing.size ?? '–'}\n`;
+  md += `- **Provider:** ${listing.provider || '–'}\n`;
+  md += `- **Link:** ${listing.link || '–'}\n`;
+  md += `- **Image:** ${listing.image_url || '–'}\n`;
+  md += `- **Active:** ${listing.is_active ? 'yes' : 'no'}\n`;
+  md += `- **Created:** ${formatDate(listing.created_at)}\n`;
+  md += `- **Job:** ${listing.job_name || '–'}\n`;
+  if (listing.latitude != null && listing.longitude != null) {
+    md += `- **Location:** ${listing.latitude}, ${listing.longitude}\n`;
+  }
+  if (listing.distance_to_destination != null) {
+    md += `- **Distance to destination:** ${listing.distance_to_destination}\n`;
+  }
+
+  return toMcpResponse(md);
+}
+
+/**
+ * Normalize an error response.
+ * @param {string} message - The error message.
+ * @param {string} [tool] - Optional tool name for context.
+ * @returns {{ content: Array, isError: boolean }}
+ */
+export function normalizeError(message, tool) {
+  const md = `**Tool:** ${tool ?? 'unknown'} | **Status:** ERROR\n\n${message}`;
+  return toMcpResponse(md, true);
+}

lib/mcp/stdio.js

@@ -0,0 +1,76 @@
+/*
+ * Copyright (c) 2026 by Christian Kellner.
+ * Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
+ */
+
+/*
+ * Copyright (c) 2026 by Christian Kellner.
+ * Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
+ */
+/**
+ * Fredy MCP Server – stdio transport
+ *
+ * Launches the MCP server over stdin/stdout so that local LLM clients
+ * (e.g. Claude Desktop, llm-cli, mcp-cli) can connect directly.
+ *
+ * Usage:
+ *   MCP_TOKEN=fredy_<your-token> node mcp/stdio.js
+ *
+ * The MCP_TOKEN environment variable must contain a valid Fredy MCP token.
+ * Each user has a permanent, non-expiring token shown in the user management list.
+ */
+import { fileURLToPath } from 'url';
+import path from 'path';
+import { StdioServerTransport } from '@modelcontextprotocol/sdk/server/stdio.js';
+import SqliteConnection from '../services/storage/SqliteConnection.js';
+import { runMigrations } from '../services/storage/migrations/migrate.js';
+import { createMcpServer } from './mcpAdapter.js';
+import { validateMcpToken } from '../services/storage/userStorage.js';
+
+// Ensure cwd is the project root so that relative DB/config paths resolve correctly
+// (LM Studio and other MCP hosts may spawn this process from an arbitrary directory)
+const __dirname = path.dirname(fileURLToPath(import.meta.url));
+process.chdir(path.resolve(__dirname, '..', '..'));
+
+// Initialize the database (required for standalone usage)
+await SqliteConnection.init();
+await runMigrations();
+
+const token = process.env.MCP_TOKEN;
+if (!token) {
+  process.stderr.write('Error: MCP_TOKEN environment variable is required.\n');
+  process.stderr.write('Each user has a permanent MCP token shown in the user management list.\n');
+  process.exit(1);
+}
+
+const auth = validateMcpToken(token);
+if (!auth) {
+  process.stderr.write('Error: Invalid MCP_TOKEN. Token not found or user no longer exists.\n');
+  process.exit(1);
+}
+
+const mcpServer = createMcpServer();
+
+// Wrap the stdio transport to inject authInfo into every message
+const transport = new StdioServerTransport();
+
+// Patch: the MCP SDK passes authInfo through the transport's onmessage extra param.
+// For stdio we inject the resolved user from the token.
+const patchedTransport = new Proxy(transport, {
+  set(target, prop, value) {
+    if (prop === 'onmessage') {
+      target.onmessage = (message, extra) => {
+        value(message, { ...extra, authInfo: { userId: auth.userId } });
+      };
+      return true;
+    }
+    target[prop] = value;
+    return true;
+  },
+  get(target, prop) {
+    return target[prop];
+  },
+});
+
+await mcpServer.connect(patchedTransport);
+process.stderr.write('Fredy MCP Server running on stdio\n');

lib/notification/adapter/apprise.js

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2025 by Christian Kellner.
+ * Copyright (c) 2026 by Christian Kellner.
  * Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
  */
 

lib/notification/adapter/console.js

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2025 by Christian Kellner.
+ * Copyright (c) 2026 by Christian Kellner.
  * Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
  */
 

lib/notification/adapter/discord_webhook.js

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2025 by Christian Kellner.
+ * Copyright (c) 2026 by Christian Kellner.
  * Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
  */
 

lib/notification/adapter/http.js

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2025 by Christian Kellner.
+ * Copyright (c) 2026 by Christian Kellner.
  * Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
  */
 
@@ -16,8 +16,8 @@ const mapListing = (listing) => ({
   url: listing.link,
 });
 
-export const send = ({ serviceName, newListings, notificationConfig, jobKey }) => {
-  const { authToken, endpointUrl } = notificationConfig.find((a) => a.id === config.id).fields;
+export const send = async ({ serviceName, newListings, notificationConfig, jobKey }) => {
+  const { authToken, endpointUrl, selfSignedCerts } = notificationConfig.find((a) => a.id === config.id).fields;
 
   const listings = newListings.map(mapListing);
   const body = {
@@ -34,11 +34,20 @@ export const send = ({ serviceName, newListings, notificationConfig, jobKey }) =
     headers['Authorization'] = `Bearer ${authToken}`;
   }
 
-  return fetch(endpointUrl, {
+  let fetchOptions = {
     method: 'POST',
-    headers: headers,
+    headers,
+    timeout: 10000,
     body: JSON.stringify(body),
-  });
+  };
+
+  if (selfSignedCerts === true) {
+    fetchOptions.dispatcher = new (await import('undici')).Agent({
+      connect: { rejectUnauthorized: false },
+    });
+  }
+
+  return fetch(endpointUrl, fetchOptions);
 };
 
 export const config = {
@@ -52,6 +61,10 @@ export const config = {
       label: 'Endpoint URL',
       type: 'text',
     },
+    selfSignedCerts: {
+      label: 'Self-signed certificates',
+      type: 'boolean',
+    },
     authToken: {
       description: "Your application's auth token, if required by your endpoint.",
       label: 'Auth token (optional)',

lib/notification/adapter/mailJet.js

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2025 by Christian Kellner.
+ * Copyright (c) 2026 by Christian Kellner.
  * Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
  */
 

lib/notification/adapter/mattermost.js

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2025 by Christian Kellner.
+ * Copyright (c) 2026 by Christian Kellner.
  * Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
  */
 

lib/notification/adapter/ntfy.js

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2025 by Christian Kellner.
+ * Copyright (c) 2026 by Christian Kellner.
  * Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
  */
 

lib/notification/adapter/pushover.js

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2025 by Christian Kellner.
+ * Copyright (c) 2026 by Christian Kellner.
  * Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
  */
 

lib/notification/adapter/resend.js

@@ -0,0 +1,88 @@
+/*
+ * Copyright (c) 2026 by Christian Kellner.
+ * Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
+ */
+
+import { Resend } from 'resend';
+import path from 'path';
+import fs from 'fs';
+import Handlebars from 'handlebars';
+import { markdown2Html } from '../../services/markdown.js';
+import { getDirName, normalizeImageUrl } from '../../utils.js';
+
+const __dirname = getDirName();
+const template = fs.readFileSync(path.resolve(__dirname + '/notification/emailTemplate/template.hbs'), 'utf8');
+const emailTemplate = Handlebars.compile(template);
+
+const mapListings = (serviceName, jobKey, listings) =>
+  listings.map((l) => {
+    const image = normalizeImageUrl(l.image);
+    return {
+      title: l.title || '',
+      link: l.link || '',
+      address: l.address || '',
+      size: l.size || '',
+      price: l.price || '',
+      image,
+      hasImage: Boolean(image),
+      serviceName,
+      jobKey,
+    };
+  });
+
+export const send = async ({ serviceName, newListings, notificationConfig, jobKey }) => {
+  const { apiKey, receiver, from } = notificationConfig.find((adapter) => adapter.id === config.id).fields;
+
+  const to = receiver
+    .trim()
+    .split(',')
+    .map((r) => r.trim())
+    .filter(Boolean);
+
+  const resend = new Resend(apiKey);
+
+  const listings = mapListings(serviceName, jobKey, newListings);
+
+  const html = emailTemplate({
+    serviceName: `Job: (${jobKey}) | Service: ${serviceName}`,
+    numberOfListings: listings.length,
+    listings,
+  });
+
+  const { error } = await resend.emails.send({
+    from,
+    to,
+    subject: `Fredy found ${listings.length} new listing(s) for ${serviceName}`,
+    html,
+  });
+
+  if (!error) {
+    return Promise.resolve();
+  } else {
+    return Promise.reject(error.message);
+  }
+};
+
+export const config = {
+  id: 'resend',
+  name: 'Resend',
+  description: 'Resend is being used to send new listings via mail.',
+  readme: markdown2Html('lib/notification/adapter/resend.md'),
+  fields: {
+    apiKey: {
+      type: 'text',
+      label: 'Api Key',
+      description: 'The Resend API key used to send emails.',
+    },
+    receiver: {
+      type: 'email',
+      label: 'Receiver Email',
+      description: 'Comma-separated email addresses Fredy will send notifications to.',
+    },
+    from: {
+      type: 'email',
+      label: 'Sender Email',
+      description: 'The verified email address or domain you send from in Resend.',
+    },
+  },
+};

lib/notification/adapter/resend.md

@@ -0,0 +1,17 @@
+### Resend Adapter
+
+Resend is a modern email delivery service that Fredy can use to send notifications.
+
+Setup:
+- Create a Resend account: https://resend.com/
+- Create an API key and add it to Fredy's configuration.
+- Choose the sender address (e.g., you@yourdomain.com). Verify the domain (https://resend.com/domains/) in Resend before using it.
+- Optional for local testing: you can use `onboarding@resend.dev`, but Resend may restrict who you can send to when using test domains.
+
+Multiple recipients:
+- Separate email addresses with commas (e.g., some@email.com, someOther@email.com).
+
+Notes & Troubleshooting:
+- Ensure the `from` address is verified or belongs to a verified domain in Resend.
+- If emails don't arrive, check your spam folder and Resend dashboard logs.
+- The template displays listing images via their public URLs; make sure images are reachable.

lib/notification/adapter/sendGrid.js

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2025 by Christian Kellner.
+ * Copyright (c) 2026 by Christian Kellner.
  * Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
  */
 

lib/notification/adapter/slack.js

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2025 by Christian Kellner.
+ * Copyright (c) 2026 by Christian Kellner.
  * Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
  */
 

lib/notification/adapter/slack_with_webhooks.js

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2025 by Christian Kellner.
+ * Copyright (c) 2026 by Christian Kellner.
  * Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
  */
 

lib/notification/adapter/smtp.js

@@ -0,0 +1,112 @@
+/*
+ * Copyright (c) 2026 by Christian Kellner.
+ * Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
+ */
+
+import nodemailer from 'nodemailer';
+import path from 'path';
+import fs from 'fs';
+import Handlebars from 'handlebars';
+import { markdown2Html } from '../../services/markdown.js';
+import { getDirName, normalizeImageUrl } from '../../utils.js';
+
+const __dirname = getDirName();
+const template = fs.readFileSync(path.resolve(__dirname + '/notification/emailTemplate/template.hbs'), 'utf8');
+const emailTemplate = Handlebars.compile(template);
+
+const mapListings = (serviceName, jobKey, listings) =>
+  listings.map((l) => {
+    const image = normalizeImageUrl(l.image);
+    return {
+      title: l.title || '',
+      link: l.link || '',
+      address: l.address || '',
+      size: l.size || '',
+      price: l.price || '',
+      image,
+      hasImage: Boolean(image),
+      serviceName,
+      jobKey,
+    };
+  });
+
+export const send = async ({ serviceName, newListings, notificationConfig, jobKey }) => {
+  const { host, port, secure, username, password, receiver, from } = notificationConfig.find(
+    (adapter) => adapter.id === config.id,
+  ).fields;
+
+  const to = receiver
+    .trim()
+    .split(',')
+    .map((r) => r.trim())
+    .filter(Boolean);
+
+  const transporter = nodemailer.createTransport({
+    host,
+    port: Number(port),
+    secure: secure === 'true',
+    auth: {
+      user: username,
+      pass: password,
+    },
+  });
+
+  const listings = mapListings(serviceName, jobKey, newListings);
+
+  const html = emailTemplate({
+    serviceName: `Job: (${jobKey}) | Service: ${serviceName}`,
+    numberOfListings: listings.length,
+    listings,
+  });
+
+  return transporter.sendMail({
+    from,
+    to: to.join(','),
+    subject: `Fredy found ${listings.length} new listing(s) for ${serviceName}`,
+    html,
+  });
+};
+
+export const config = {
+  id: 'smtp',
+  name: 'SMTP',
+  description: 'Send notifications via any SMTP server using Nodemailer.',
+  readme: markdown2Html('lib/notification/adapter/smtp.md'),
+  fields: {
+    host: {
+      type: 'text',
+      label: 'SMTP Host',
+      description: 'The hostname of the SMTP server (e.g., smtp.gmail.com).',
+    },
+    port: {
+      type: 'text',
+      label: 'SMTP Port',
+      description: 'The port of the SMTP server (e.g., 587 for STARTTLS, 465 for SSL).',
+    },
+    secure: {
+      type: 'text',
+      label: 'Secure (SSL/TLS)',
+      description: 'Set to "true" for port 465 (SSL). Leave empty or "false" for STARTTLS on port 587.',
+    },
+    username: {
+      type: 'text',
+      label: 'Username',
+      description: 'The username for SMTP authentication.',
+    },
+    password: {
+      type: 'text',
+      label: 'Password',
+      description: 'The password (or app password) for SMTP authentication.',
+    },
+    receiver: {
+      type: 'text',
+      label: 'Receiver Email(s)',
+      description: 'Comma-separated email addresses Fredy will send notifications to.',
+    },
+    from: {
+      type: 'email',
+      label: 'Sender Email',
+      description: 'The email address Fredy sends from.',
+    },
+  },
+};

lib/notification/adapter/smtp.md

@@ -0,0 +1,22 @@
+### SMTP Adapter
+
+Send notifications through any SMTP server using [Nodemailer](https://nodemailer.com/).
+This works with Gmail, Outlook, self-hosted mail servers, or any provider that supports SMTP.
+
+Setup:
+
+- Provide the SMTP host and port of your mail server.
+- For **SSL/TLS** (port 465), set Secure to `true`.
+- For **STARTTLS** (port 587), leave Secure empty or set it to `false`.
+- Enter the username and password for authentication. For Gmail, use an [App Password](https://support.google.com/accounts/answer/185833).
+- Set the sender email address (must be allowed by your SMTP server).
+
+Multiple recipients:
+
+- Separate email addresses with commas (e.g., `some@email.com`, `someOther@email.com`).
+
+Common SMTP settings:
+
+- **Gmail** — `smtp.gmail.com`, port 587, secure: false
+- **Outlook** — `smtp.office365.com`, port 587, secure: false
+- **Yahoo** — `smtp.mail.yahoo.com`, port 465, secure: true

lib/notification/adapter/sqlite.js

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2025 by Christian Kellner.
+ * Copyright (c) 2026 by Christian Kellner.
  * Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
  */
 

lib/notification/adapter/telegram.js

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2025 by Christian Kellner.
+ * Copyright (c) 2026 by Christian Kellner.
  * Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
  */
 

lib/notification/notify.js

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2025 by Christian Kellner.
+ * Copyright (c) 2026 by Christian Kellner.
  * Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
  */
 

lib/provider/einsAImmobilien.js

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2025 by Christian Kellner.
+ * Copyright (c) 2026 by Christian Kellner.
  * Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
  */
 

lib/provider/immobilienDe.js

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2025 by Christian Kellner.
+ * Copyright (c) 2026 by Christian Kellner.
  * Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
  */
 
@@ -9,7 +9,9 @@ import checkIfListingIsActive from '../services/listings/listingActiveTester.js'
 let appliedBlackList = [];
 
 function shortenLink(link) {
-  return link.substring(0, link.indexOf('?'));
+  if (!link) return '';
+  const index = link.indexOf('?');
+  return index === -1 ? link : link.substring(0, index);
 }
 
 function parseId(shortenedLink) {
@@ -23,7 +25,7 @@ function normalize(o) {
   const title = o.title || 'No title available';
   const address = o.address || null;
   const shortLink = shortenLink(o.link);
-  const link = `${baseUrl}/${shortLink}`;
+  const link = baseUrl + shortLink;
   const image = baseUrl + o.image;
   const id = buildHash(parseId(shortLink), o.price);
   return Object.assign(o, { id, price, size, title, address, link, image });
@@ -37,18 +39,18 @@ function applyBlacklist(o) {
 
 const config = {
   url: null,
-  crawlContainer: '._ref',
+  crawlContainer: 'a:has(div.list_entry)',
   sortByDateParam: 'sort_col=*created_ts&sort_dir=desc',
   waitForSelector: 'body',
   crawlFields: {
     id: '@href', //will be transformed later
-    price: '.list_entry .immo_preis .label_info',
-    size: '.list_entry .flaeche .label_info | removeNewline | trim',
-    title: '.list_entry .part_text h3 span',
-    description: '.list_entry .description | trim',
+    price: '.immo_preis .label_info',
+    size: '.flaeche .label_info | removeNewline | trim',
+    title: 'h3 span',
+    description: '.description | trim',
     link: '@href',
-    address: '.list_entry .place',
-    image: '.list_entry img@src',
+    address: '.place',
+    image: 'img@src',
   },
   normalize: normalize,
   filter: applyBlacklist,

lib/provider/immonet.js

@@ -1,53 +0,0 @@
-/*
- * Copyright (c) 2025 by Christian Kellner.
- * Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
- */
-
-import { isOneOf, buildHash } from '../utils.js';
-import checkIfListingIsActive from '../services/listings/listingActiveTester.js';
-let appliedBlackList = [];
-
-function normalize(o) {
-  const size = o.size != null ? o.size.replace('Wohnfläche ', '') : 'N/A m²';
-  const price = o.price.replace('Kaufpreis ', '');
-  const address = o.address?.split(' • ')?.pop() ?? null;
-  const title = o.title || 'No title available';
-  const link = o.link != null ? decodeURIComponent(o.link) : config.url;
-  const id = buildHash(title, price);
-  return Object.assign(o, { id, address, price, size, title, link });
-}
-function applyBlacklist(o) {
-  const titleNotBlacklisted = !isOneOf(o.title, appliedBlackList);
-  const descNotBlacklisted = !isOneOf(o.description, appliedBlackList);
-  return titleNotBlacklisted && descNotBlacklisted;
-}
-const config = {
-  url: null,
-  crawlContainer: 'div[data-testid="serp-core-classified-card-testid"]',
-  sortByDateParam: 'sortby=19',
-  waitForSelector: 'div[data-testid="serp-gridcontainer-testid"]',
-  crawlFields: {
-    id: 'button@title |trim',
-    title: 'button@title |trim',
-    price: 'div[data-testid="cardmfe-price-testid"] | trim',
-    size: 'div[data-testid="cardmfe-keyfacts-testid"] | trim',
-    address: 'div[data-testid="cardmfe-description-box-address"] | trim',
-    image: 'div[data-testid="cardmfe-picture-box-test-id"] img@src',
-    link: 'button@data-base',
-    description: 'div[data-testid="cardmfe-description-text-test-id"] | trim',
-  },
-  normalize: normalize,
-  filter: applyBlacklist,
-  activeTester: checkIfListingIsActive,
-};
-export const init = (sourceConfig, blacklist) => {
-  config.enabled = sourceConfig.enabled;
-  config.url = sourceConfig.url;
-  appliedBlackList = blacklist || [];
-};
-export const metaInformation = {
-  name: 'Immonet',
-  baseUrl: 'https://www.immonet.de/',
-  id: 'immonet',
-};
-export { config };

lib/provider/immoscout.js

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2025 by Christian Kellner.
+ * Copyright (c) 2026 by Christian Kellner.
  * Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
  */
 
@@ -8,7 +8,7 @@
  *
  * The mobile API provides the following endpoints:
  * - GET /search/total?{search parameters}: Returns the total number of listings for the given query
- *   Example: `curl -H "User-Agent: ImmoScout_27.3_26.0_._" https://api.mobile.immobilienscout24.de/search/total?searchType=region&realestatetype=apartmentrent&pricetype=calculatedtotalrent&geocodes=%2Fde%2Fberlin%2Fberlin `
+ *   Example: `curl -H "User-Agent: ImmoScout_27.12_26.2_._" https://api.mobile.immobilienscout24.de/search/total?searchType=region&realestatetype=apartmentrent&pricetype=calculatedtotalrent&geocodes=%2Fde%2Fberlin%2Fberlin `
  *
  * - POST /search/list?{search parameters}: Actually retrieves the listings. Body is json encoded and contains
  *   data specifying additional results (advertisements) to return. The format is as follows:
@@ -20,12 +20,12 @@
  *   ```
  *   It is not necessary to provide data for the specified keys.
  *
- *   Example: `curl -X POST 'https://api.mobile.immobilienscout24.de/search/list?pricetype=calculatedtotalrent&realestatetype=apartmentrent&searchType=region&geocodes=%2Fde%2Fberlin%2Fberlin&pagenumber=1' -H "Connection: keep-alive" -H "User-Agent: ImmoScout_27.3_26.0_._" -H "Accept: application/json" -H "Content-Type: application/json" -d '{"supportedResultListType": [], "userData": {}}'`
+ *   Example: `curl -X POST 'https://api.mobile.immobilienscout24.de/search/list?pricetype=calculatedtotalrent&realestatetype=apartmentrent&searchType=region&geocodes=%2Fde%2Fberlin%2Fberlin&pagenumber=1' -H "Connection: keep-alive" -H "User-Agent: ImmoScout_27.12_26.2_._" -H "Accept: application/json" -H "Content-Type: application/json" -d '{"supportedResultListType": [], "userData": {}}'`
 
  * - GET /expose/{id} - Returns the details of a listing. The response contains additional details not included in the
  *   listing response.
  *
- *   Example: `curl -H "User-Agent: ImmoScout_27.3_26.0_._" "https://api.mobile.immobilienscout24.de/expose/158382494"`
+ *   Example: `curl -H "User-Agent: ImmoScout_27.12_26.2_._" "https://api.mobile.immobilienscout24.de/expose/158382494"`
  *
  *
  * It is necessary to set the correct User Agent (see `getListings`) in the request header.
@@ -46,13 +46,15 @@ import {
   convertWebToMobile,
 } from '../services/immoscout/immoscout-web-translator.js';
 import logger from '../services/logger.js';
+import { getUserSettings } from '../services/storage/settingsStorage.js';
 let appliedBlackList = [];
+let currentUserId = null;
 
 async function getListings(url) {
   const response = await fetch(url, {
     method: 'POST',
     headers: {
-      'User-Agent': 'ImmoScout_27.3_26.0_._',
+      'User-Agent': 'ImmoScout_27.12_26.2_._',
       'Content-Type': 'application/json',
     },
     body: JSON.stringify({
@@ -66,29 +68,92 @@ async function getListings(url) {
   }
 
   const responseBody = await response.json();
-  return responseBody.resultListItems
-    .filter((item) => item.type === 'EXPOSE_RESULT')
-    .map((expose) => {
-      const item = expose.item;
-      const [price, size] = item.attributes;
-      const image = item?.titlePicture?.preview ?? null;
-      return {
-        id: item.id,
-        price: price?.value,
-        size: size?.value,
-        title: item.title,
-        description: item.description,
-        link: `${metaInformation.baseUrl}expose/${item.id}`,
-        address: item.address?.line,
-        image,
-      };
-    });
+  return Promise.all(
+    responseBody.resultListItems
+      .filter((item) => item.type === 'EXPOSE_RESULT')
+      .map(async (expose) => {
+        const item = expose.item;
+        const [price, size] = item.attributes;
+        const image = item?.titlePicture?.full ?? item?.titlePicture?.preview ?? null;
+        let listing = {
+          id: item.id,
+          price: price?.value,
+          size: size?.value,
+          title: item.title,
+          link: `${metaInformation.baseUrl}expose/${item.id}`,
+          address: item.address?.line,
+          image,
+        };
+        if (currentUserId) {
+          const userSettings = getUserSettings(currentUserId);
+          if (userSettings.immoscout_details) {
+            return await pushDetails(listing);
+          }
+        }
+        return listing;
+      }),
+  );
+}
+
+async function pushDetails(listing) {
+  const detailed = await fetch(`https://api.mobile.immobilienscout24.de/expose/${listing.id}`, {
+    headers: {
+      'User-Agent': 'ImmoScout_27.3_26.0_._',
+      'Content-Type': 'application/json',
+    },
+  });
+  if (!detailed.ok) {
+    logger.error('Error fetching listing details from ImmoScout Mobile API:', detailed.statusText);
+    return listing;
+  }
+  const detailBody = await detailed.json();
+
+  listing.description = buildDescription(detailBody);
+
+  return listing;
+}
+
+function buildDescription(detailBody) {
+  const sections = detailBody.sections || [];
+  const contact = detailBody.contact || {};
+  const cData = contact?.contactData || {};
+  const agentName = cData?.agent?.name || '';
+  const agentCompany = cData?.agent?.company || '';
+  const stars = cData?.agent?.rating?.numberOfStars || '';
+  const phoneNumbers = contact?.phoneNumbers || [];
+  const phoneNumbersMapped = phoneNumbers
+    .map((p) => `${p.label}: ${p.text}`)
+    .join('\n')
+    .trim();
+
+  const attributes = sections
+    .filter((s) => s.type === 'ATTRIBUTE_LIST')
+    .flatMap((s) => s.attributes)
+    .filter((attr) => attr.label && attr.text)
+    .map((attr) => `${attr.label} ${attr.text}`)
+    .join('\n');
+
+  const freeText = sections
+    .filter((s) => s.type === 'TEXT_AREA')
+    .map((s) => {
+      return `${s.title}\n${s.text}`;
+    })
+    .join('\n\n');
+
+  return (
+    `Agent: ${agentName ? agentName : 'Unbekannt'} ${agentCompany ? `(${agentCompany}) ` : ''}${stars ? `- ${stars} stars` : ''}\n` +
+    (phoneNumbersMapped ? `Phone Numbers:\n${phoneNumbersMapped}` : '') +
+    '\n\n' +
+    attributes.trim() +
+    '\n\n' +
+    freeText.trim()
+  );
 }
 
 async function isListingActive(link) {
   const result = await fetch(convertImmoscoutListingToMobileListing(link), {
     headers: {
-      'User-Agent': 'ImmoScout_27.3_26.0_._',
+      'User-Agent': 'ImmoScout_27.12_26.2_._',
     },
   });
 
@@ -137,6 +202,7 @@ export const init = (sourceConfig, blacklist) => {
   config.enabled = sourceConfig.enabled;
   config.url = convertWebToMobile(sourceConfig.url);
   appliedBlackList = blacklist || [];
+  currentUserId = sourceConfig.userId || null;
 };
 export const metaInformation = {
   name: 'Immoscout',

lib/provider/immoswp.js

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2025 by Christian Kellner.
+ * Copyright (c) 2026 by Christian Kellner.
  * Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
  */
 

lib/provider/immowelt.js

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2025 by Christian Kellner.
+ * Copyright (c) 2026 by Christian Kellner.
  * Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
  */
 

lib/provider/kleinanzeigen.js

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2025 by Christian Kellner.
+ * Copyright (c) 2026 by Christian Kellner.
  * Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
  */
 

lib/provider/mcMakler.js

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2025 by Christian Kellner.
+ * Copyright (c) 2026 by Christian Kellner.
  * Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
  */
 

lib/provider/neubauKompass.js

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2025 by Christian Kellner.
+ * Copyright (c) 2026 by Christian Kellner.
  * Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
  */
 

lib/provider/ohneMakler.js

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2025 by Christian Kellner.
+ * Copyright (c) 2026 by Christian Kellner.
  * Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
  */
 

lib/provider/regionalimmobilien24.js

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2025 by Christian Kellner.
+ * Copyright (c) 2026 by Christian Kellner.
  * Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
  */
 

lib/provider/sparkasse.js

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2025 by Christian Kellner.
+ * Copyright (c) 2026 by Christian Kellner.
  * Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
  */
 
@@ -36,7 +36,7 @@ const config = {
   },
   normalize: normalize,
   filter: applyBlacklist,
-  activeTester: checkIfListingIsActive,
+  activeTester: (url) => checkIfListingIsActive(url, 'Angebot nicht gefunden'),
 };
 export const init = (sourceConfig, blacklist) => {
   config.enabled = sourceConfig.enabled;

lib/provider/wgGesucht.js

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2025 by Christian Kellner.
+ * Copyright (c) 2026 by Christian Kellner.
  * Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
  */
 

lib/provider/wohnungsboerse.js

@@ -0,0 +1,58 @@
+/*
+ * Copyright (c) 2026 by Christian Kellner.
+ * Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
+ */
+
+import * as utils from '../utils.js';
+import checkIfListingIsActive from '../services/listings/listingActiveTester.js';
+
+let appliedBlackList = [];
+
+function normalize(o) {
+  const id = o.link.split('/').pop();
+  const price = o.price;
+  const size = o.size;
+  const rooms = o.rooms;
+  const [city = '', part = ''] = (o.description || '').split('-').map((v) => v.trim());
+  const address = `${part}, ${city}`;
+  return Object.assign(o, { id, price, size, rooms, address });
+}
+
+function applyBlacklist(o) {
+  const titleNotBlacklisted = !utils.isOneOf(o.title, appliedBlackList);
+  const descNotBlacklisted = !utils.isOneOf(o.description, appliedBlackList);
+  return o.id != null && o.title != null && titleNotBlacklisted && descNotBlacklisted && o.link.startsWith(o.link);
+}
+
+const config = {
+  url: null,
+  sortByDateParam: null,
+  waitForSelector: 'body',
+  crawlContainer: '.search_result_container > a',
+  crawlFields: {
+    id: '*',
+    title: 'h3 | trim',
+    price: 'dl:nth-of-type(1) dd | removeNewline | trim',
+    rooms: 'dl:nth-of-type(2) dd | removeNewline | trim',
+    size: 'dl:nth-of-type(3) dd | removeNewline | trim',
+    description: 'div.before\\:icon-location_marker | trim',
+    link: '@href',
+    imageUrl: 'img@src',
+  },
+  normalize: normalize,
+  filter: applyBlacklist,
+  activeTester: checkIfListingIsActive,
+};
+
+export const init = (sourceConfig, blacklistTerms) => {
+  config.url = sourceConfig.url;
+  appliedBlackList = blacklistTerms || [];
+};
+
+export const metaInformation = {
+  name: 'Wohnungsboerse',
+  baseUrl: 'https://www.wohnungsboerse.net',
+  id: 'wohnungsboerse',
+};
+
+export { config };

lib/services/crons/demoCleanup-cron.js

@@ -1,29 +0,0 @@
-/*
- * Copyright (c) 2025 by Christian Kellner.
- * Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
- */
-
-import { removeJobsByUserId } from '../storage/jobStorage.js';
-import { getUsers } from '../storage/userStorage.js';
-import logger from '../logger.js';
-import cron from 'node-cron';
-import { getSettings } from '../storage/settingsStorage.js';
-
-/**
- * if we are running in demo environment, we have to cleanup the db files (specifically the jobs table)
- */
-export function cleanupDemoAtMidnight() {
-  cron.schedule('0 0 * * *', cleanup);
-}
-
-async function cleanup() {
-  const settings = await getSettings();
-  if (settings.demoMode) {
-    const demoUser = getUsers(false).find((user) => user.username === 'demo');
-    if (demoUser == null) {
-      logger.error('Demo user not found, cannot remove Jobs');
-      return Promise.resolve();
-    }
-    removeJobsByUserId(demoUser.id);
-  }
-}

lib/services/crons/geocoding-cron.js

@@ -0,0 +1,46 @@
+/*
+ * Copyright (c) 2026 by Christian Kellner.
+ * Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
+ */
+
+import cron from 'node-cron';
+import { getListingsToGeocode, updateListingGeocoordinates } from '../storage/listingsStorage.js';
+import { geocodeAddress, isGeocodingPaused } from '../geocoding/geoCodingService.js';
+import { getJobs } from '../storage/jobStorage.js';
+import { calculateDistanceForJob } from '../geocoding/distanceService.js';
+import { getSettings } from '../storage/settingsStorage.js';
+import logger from '../logger.js';
+
+export async function runGeoCordTask() {
+  const listings = getListingsToGeocode();
+  if (listings.length > 0) {
+    for (const listing of listings) {
+      if (isGeocodingPaused()) {
+        break;
+      }
+
+      const coords = await geocodeAddress(listing.address);
+      if (coords) {
+        updateListingGeocoordinates(listing.id, coords.lat, coords.lng);
+      }
+    }
+  }
+
+  //additional run
+  const jobs = getJobs();
+  for (const job of jobs) {
+    calculateDistanceForJob(job.id, job.userId);
+  }
+}
+
+export async function initGeocodingCron() {
+  const settings = await getSettings();
+  if (settings.demoMode) {
+    logger.info('Do not start geo service as we are in demo mode');
+    return;
+  }
+  // run directly on start
+  await runGeoCordTask();
+  // then every 6 hours
+  cron.schedule('0 */6 * * *', runGeoCordTask);
+}

lib/services/crons/listing-alive-cron.js

@@ -1,16 +1,23 @@
 /*
- * Copyright (c) 2025 by Christian Kellner.
+ * Copyright (c) 2026 by Christian Kellner.
  * Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
  */
 
 import cron from 'node-cron';
 import runActiveChecker from '../listings/listingActiveService.js';
+import logger from '../logger.js';
+import { getSettings } from '../storage/settingsStorage.js';
 
 async function runTask() {
   await runActiveChecker();
 }
 
 export async function initActiveCheckerCron() {
+  const settings = await getSettings();
+  if (settings.demoMode) {
+    logger.info('Do not start listing active checker as we are in demo mode');
+    return;
+  }
   //run directly on start
   await runTask();
   // then every day at 1 am

lib/services/crons/tracker-cron.js

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2025 by Christian Kellner.
+ * Copyright (c) 2026 by Christian Kellner.
  * Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
  */
 

lib/services/events/event-bus.js

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2025 by Christian Kellner.
+ * Copyright (c) 2026 by Christian Kellner.
  * Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
  */
 

lib/services/extractor/botPrevention.js

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2025 by Christian Kellner.
+ * Copyright (c) 2026 by Christian Kellner.
  * Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
  */
 

lib/services/extractor/extractor.js

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2025 by Christian Kellner.
+ * Copyright (c) 2026 by Christian Kellner.
  * Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
  */
 

lib/services/extractor/parser/parser.js

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2025 by Christian Kellner.
+ * Copyright (c) 2026 by Christian Kellner.
  * Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
  */
 

lib/services/extractor/puppeteerExtractor.js

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2025 by Christian Kellner.
+ * Copyright (c) 2026 by Christian Kellner.
  * Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
  */
 
@@ -19,52 +19,80 @@ import path from 'path';
 
 puppeteer.use(StealthPlugin());
 
-export default async function execute(url, waitForSelector, options) {
-  let browser;
-  let page;
-  let result = null;
+export async function launchBrowser(url, options) {
+  const preCfg = getPreLaunchConfig(url, options || {});
+  const launchArgs = [
+    '--no-sandbox',
+    '--disable-gpu',
+    '--disable-setuid-sandbox',
+    '--disable-dev-shm-usage',
+    '--disable-crash-reporter',
+    '--no-first-run',
+    '--no-default-browser-check',
+    preCfg.langArg,
+    preCfg.windowSizeArg,
+    ...preCfg.extraArgs,
+  ];
+  if (options?.proxyUrl) {
+    launchArgs.push(`--proxy-server=${options.proxyUrl}`);
+  }
+
   let userDataDir;
   let removeUserDataDir = false;
+  if (options && options.userDataDir) {
+    userDataDir = options.userDataDir;
+  } else {
+    const prefix = path.join(os.tmpdir(), 'puppeteer-fredy-');
+    userDataDir = fs.mkdtempSync(prefix);
+    removeUserDataDir = true;
+  }
+
+  const browser = await puppeteer.launch({
+    headless: options?.puppeteerHeadless ?? true,
+    args: launchArgs,
+    timeout: options?.puppeteerTimeout || 45_000,
+    userDataDir,
+    executablePath: options?.executablePath,
+  });
+
+  browser.__fredy_userDataDir = userDataDir;
+  browser.__fredy_removeUserDataDir = removeUserDataDir;
+
+  return browser;
+}
+
+export async function closeBrowser(browser) {
+  if (!browser) return;
+  const userDataDir = browser.__fredy_userDataDir;
+  const removeUserDataDir = browser.__fredy_removeUserDataDir;
+  try {
+    await browser.close();
+  } catch {
+    // ignore
+  }
+  if (removeUserDataDir && userDataDir) {
+    try {
+      await fs.promises.rm(userDataDir, { recursive: true, force: true });
+    } catch {
+      // ignore
+    }
+  }
+}
+
+export default async function execute(url, waitForSelector, options) {
+  let browser = options?.browser;
+  let isExternalBrowser = !!browser;
+  let page;
+  let result;
   try {
     debug(`Sending request to ${url} using Puppeteer.`);
 
-    // Prepare a dedicated temporary userDataDir to avoid leaking /tmp/.org.chromium.* dirs
-    if (options && options.userDataDir) {
-      userDataDir = options.userDataDir;
-      removeUserDataDir = !!options.cleanupUserDataDir;
-    } else {
-      const prefix = path.join(os.tmpdir(), 'puppeteer-fredy-');
-      userDataDir = fs.mkdtempSync(prefix);
-      removeUserDataDir = true;
+    if (!isExternalBrowser) {
+      browser = await launchBrowser(url, options);
     }
 
-    const launchArgs = [
-      '--no-sandbox',
-      '--disable-gpu',
-      '--disable-setuid-sandbox',
-      '--disable-dev-shm-usage',
-      '--disable-crash-reporter',
-      '--no-first-run',
-      '--no-default-browser-check',
-    ];
-    if (options?.proxyUrl) {
-      launchArgs.push(`--proxy-server=${options.proxyUrl}`);
-    }
-    // Prepare bot prevention pre-launch config
-    const preCfg = getPreLaunchConfig(url, options || {});
-    launchArgs.push(preCfg.langArg);
-    launchArgs.push(preCfg.windowSizeArg);
-    launchArgs.push(...preCfg.extraArgs);
-
-    browser = await puppeteer.launch({
-      headless: options?.puppeteerHeadless ?? true,
-      args: launchArgs,
-      timeout: options?.puppeteerTimeout || 30_000,
-      userDataDir,
-      executablePath: options?.executablePath, // allow using system Chrome
-    });
-
     page = await browser.newPage();
+    const preCfg = getPreLaunchConfig(url, options || {});
     await applyBotPreventionToPage(page, preCfg);
     // Provide languages value before navigation
     await applyLanguagePersistence(page, preCfg);
@@ -104,7 +132,7 @@ export default async function execute(url, waitForSelector, options) {
       result = pageSource || (await page.content());
     }
   } catch (error) {
-    if (error?.message?.includes('Timeout')) {
+    if (error?.name?.includes('Timeout')) {
       logger.debug('Error executing with puppeteer executor', error);
     } else {
       logger.warn('Error executing with puppeteer executor', error);
@@ -118,19 +146,8 @@ export default async function execute(url, waitForSelector, options) {
     } catch {
       // ignore
     }
-    try {
-      if (browser != null) {
-        await browser.close();
-      }
-    } catch {
-      // ignore
-    }
-    try {
-      if (removeUserDataDir && userDataDir) {
-        await fs.promises.rm(userDataDir, { recursive: true, force: true });
-      }
-    } catch {
-      // ignore
+    if (browser != null && !isExternalBrowser) {
+      await closeBrowser(browser);
     }
   }
   return result;

lib/services/extractor/utils.js

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2025 by Christian Kellner.
+ * Copyright (c) 2026 by Christian Kellner.
  * Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
  */
 

lib/services/geocoding/autocompleteService.js

@@ -0,0 +1,26 @@
+/*
+ * Copyright (c) 2026 by Christian Kellner.
+ * Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
+ */
+
+import { autocomplete as nominatimAutocomplete } from './client/nominatimClient.js';
+import logger from '../logger.js';
+
+/**
+ * Autocompletes an address using Nominatim.
+ *
+ * @param {string} query - The search query.
+ * @returns {Promise<string[]>} List of matching addresses.
+ */
+export async function autocompleteAddress(query) {
+  if (!query) {
+    return [];
+  }
+
+  try {
+    return await nominatimAutocomplete(query);
+  } catch (error) {
+    logger.error('Error during address autocomplete:', error);
+    return [];
+  }
+}

lib/services/geocoding/client/nominatimClient.js

@@ -0,0 +1,153 @@
+/*
+ * Copyright (c) 2026 by Christian Kellner.
+ * Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
+ */
+
+import os from 'os';
+import crypto from 'crypto';
+import https from 'https';
+import fetch from 'node-fetch';
+import pThrottle from 'p-throttle';
+import logger from '../../logger.js';
+
+const API_URL = 'https://nominatim.openstreetmap.org/search';
+
+const agent = new https.Agent({
+  keepAlive: true,
+  keepAliveMsecs: 1000,
+});
+
+const throttle = pThrottle({
+  limit: 1,
+  interval: 1000,
+});
+
+function computeMachineId() {
+  const hostname = os.hostname() || 'unknown-host';
+  const nets = os.networkInterfaces?.() || {};
+  const macs = [];
+
+  for (const ifname of Object.keys(nets)) {
+    for (const addr of nets[ifname] || []) {
+      if (!addr) continue;
+      if (addr.internal) continue;
+      if (addr.mac && addr.mac !== '00:00:00:00:00:00') macs.push(addr.mac);
+    }
+  }
+
+  macs.sort();
+
+  const raw = [hostname, os.platform(), os.arch(), ...macs].join('|');
+
+  return crypto.createHash('sha256').update(raw).digest('hex').slice(0, 20);
+}
+
+/**
+ * Nominatim requires a specific User-Agent.
+ * Since Fredy is self-hosted, we use a unique machine ID to make it specific.
+ */
+const userAgent = `Fredy-Self-Hosted (${computeMachineId()}; https://github.com/orangecoding/fredy)`;
+
+let last429 = 0;
+const PAUSE_DURATION = 3600000; // 1 hour
+
+/**
+ * Geocodes an address using Nominatim.
+ *
+ * @param {string} address - The address to geocode.
+ * @returns {Promise<{lat: number, lng: number}|null>} The geocoordinates or null if error. {lat: -1, lng: -1} if not found.
+ */
+async function doGeocode(address) {
+  if (Date.now() - last429 < PAUSE_DURATION) {
+    return null;
+  }
+
+  const url = `${API_URL}?q=${encodeURIComponent(address)}&format=json&countrycodes=de`;
+
+  try {
+    const response = await fetch(url, {
+      agent,
+      timeout: 60000,
+      headers: {
+        'User-Agent': userAgent,
+      },
+    });
+
+    if (response.status === 429) {
+      logger.warn('Nominatim rate limit hit. Pausing for 1 hour.');
+      last429 = Date.now();
+      return null;
+    }
+
+    if (!response.ok) {
+      logger.error(`Nominatim API error: ${response.status} ${response.statusText}`);
+      return null;
+    }
+
+    const data = await response.json();
+
+    if (Array.isArray(data) && data.length > 0) {
+      const result = data[0];
+      return {
+        lat: parseFloat(result.lat),
+        lng: parseFloat(result.lon),
+      };
+    }
+
+    return { lat: -1, lng: -1 };
+  } catch (error) {
+    logger.error('Error during Nominatim geocoding:', error);
+    return null;
+  }
+}
+
+/**
+ * Autocompletes an address using Nominatim.
+ *
+ * @param {string} query - The search query.
+ * @returns {Promise<string[]>} List of matching addresses.
+ */
+async function doAutocomplete(query) {
+  if (Date.now() - last429 < PAUSE_DURATION) {
+    return [];
+  }
+
+  const url = `${API_URL}?q=${encodeURIComponent(query)}&format=json&addressdetails=1&limit=5&countrycodes=de`;
+
+  try {
+    const response = await fetch(url, {
+      agent,
+      headers: {
+        'User-Agent': userAgent,
+      },
+    });
+
+    if (response.status === 429) {
+      logger.warn('Nominatim rate limit hit. Pausing for 1 hour.');
+      last429 = Date.now();
+      return [];
+    }
+
+    if (!response.ok) {
+      logger.error(`Nominatim API error: ${response.status} ${response.statusText}`);
+      return [];
+    }
+
+    const data = await response.json();
+
+    if (Array.isArray(data)) {
+      return data.map((item) => item.display_name);
+    }
+
+    return [];
+  } catch (error) {
+    logger.error('Error during Nominatim autocomplete:', error);
+    return [];
+  }
+}
+
+export const geocode = throttle(doGeocode);
+
+export const autocomplete = throttle(doAutocomplete);
+
+export const isPaused = () => Date.now() - last429 < PAUSE_DURATION;

lib/services/geocoding/distanceService.js

@@ -0,0 +1,61 @@
+/*
+ * Copyright (c) 2026 by Christian Kellner.
+ * Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
+ */
+
+import { distanceMeters } from '../listings/distanceCalculator.js';
+import {
+  getListingsToCalculateDistance,
+  getListingsForUserToCalculateDistance,
+  updateListingDistance,
+} from '../storage/listingsStorage.js';
+import { getUserSettings } from '../storage/settingsStorage.js';
+
+/**
+ * Calculates and updates distances for listings of a specific job.
+ * Only processes listings where distance_to_destination is null.
+ *
+ * @param {string} jobId
+ * @param {string} userId
+ * @returns {void}
+ */
+export function calculateDistanceForJob(jobId, userId) {
+  const userSettings = getUserSettings(userId);
+  const homeAddress = userSettings.home_address;
+
+  if (!homeAddress || !homeAddress.coords) {
+    return;
+  }
+
+  const listings = getListingsToCalculateDistance(jobId);
+  const { lat, lng } = homeAddress.coords;
+
+  for (const listing of listings) {
+    const dist = distanceMeters(lat, lng, listing.latitude, listing.longitude);
+    updateListingDistance(listing.id, dist);
+  }
+}
+
+/**
+ * Calculates and updates distances for all active listings of a user.
+ * Usually called when the user updates their home address.
+ *
+ * @param {string} userId
+ * @returns {void}
+ */
+export function calculateDistanceForUser(userId) {
+  const userSettings = getUserSettings(userId);
+  const homeAddress = userSettings.home_address;
+
+  if (!homeAddress || !homeAddress.coords) {
+    return;
+  }
+
+  const listings = getListingsForUserToCalculateDistance(userId);
+  const { lat, lng } = homeAddress.coords;
+
+  for (const listing of listings) {
+    const dist = distanceMeters(lat, lng, listing.latitude, listing.longitude);
+    updateListingDistance(listing.id, dist);
+  }
+}

lib/services/geocoding/geoCodingService.js

@@ -0,0 +1,43 @@
+/*
+ * Copyright (c) 2026 by Christian Kellner.
+ * Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
+ */
+
+import { getGeocoordinatesByAddress } from '../storage/listingsStorage.js';
+import { geocode as nominatimGeocode, isPaused as isNominatimPaused } from './client/nominatimClient.js';
+import logger from '../logger.js';
+
+/**
+ * Geocodes an address using Nominatim or cached results from the database.
+ *
+ * @param {string} address - The address to geocode.
+ * @returns {Promise<{lat: number, lng: number}|null>} The geocoordinates or null if error. {lat: -1, lng: -1} if not found.
+ */
+export async function geocodeAddress(address) {
+  if (!address) {
+    return null;
+  }
+
+  try {
+    // 1. Check if we already have this address geocoded in our database
+    const cachedCoordinates = getGeocoordinatesByAddress(address);
+    if (cachedCoordinates) {
+      logger.debug(`Found cached geocoordinates for address: ${address}`);
+      return cachedCoordinates;
+    }
+
+    // 2. If not, use Nominatim
+    return await nominatimGeocode(address);
+  } catch (error) {
+    logger.error('Error during geocoding:', error);
+    return null;
+  }
+}
+
+/**
+ * Checks if we are currently in a rate limit pause.
+ * @returns {boolean}
+ */
+export function isGeocodingPaused() {
+  return isNominatimPaused();
+}

lib/services/immoscout/immoscout-web-translator.js

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2025 by Christian Kellner.
+ * Copyright (c) 2026 by Christian Kellner.
  * Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
  */
 
@@ -79,6 +79,8 @@ const PARAM_NAME_MAP = {
   price: 'price',
   constructionyear: 'constructionyear',
   apartmenttypes: 'apartmenttypes',
+  buildingtypes: 'buildingtypes',
+  ground: 'ground',
   pricetype: 'pricetype',
   floor: 'floor',
   geocodes: 'geocodes',
@@ -86,6 +88,7 @@ const PARAM_NAME_MAP = {
   shape: 'shape',
   sorting: 'sorting',
   newbuilding: 'newbuilding',
+  fulltext: 'fulltext',
 };
 
 const EQUIPMENT_MAP = {
@@ -97,19 +100,28 @@ const EQUIPMENT_MAP = {
   guesttoilet: 'guestToilet',
   balcony: 'balcony',
   handicappedaccessible: 'handicappedAccessible',
+  lodgerflat: 'lodgerflat',
 };
 
 const REAL_ESTATE_TYPE = {
   'haus-mieten': 'houserent',
   'wohnung-mieten': 'apartmentrent',
   'wohnung-kaufen': 'apartmentbuy',
+  'wohnung-kaufen-mit-balkon': 'apartmentbuy',
+  'eigentumswohnung-mit-garten': 'apartmentbuy',
   'haus-kaufen': 'housebuy',
+  'haus-mit-keller-kaufen': 'housebuy',
+  'luxushaus-kaufen': 'housebuy',
+  'villa-kaufen': 'housebuy',
+  'neubauhaus-kaufen': 'housebuy',
 };
 
 const WEB_PATH_TO_APARTMENT_EQUIPMENT_MAP = {
   // Category "Balkon/Terrasse"
   'wohnung-mit-balkon-mieten': { equipment: ['balcony'] },
+  'wohnung-kaufen-mit-balkon': { equipment: ['balcony'] },
   'wohnung-mit-garten-mieten': { equipment: ['garden'] },
+  'eigentumswohnung-mit-garten': { equipment: ['garden'] },
   // Category "Wohnungstyp"
   'souterrainwohnung-mieten': { apartmenttypes: ['halfbasement'] },
   'erdgeschosswohnung-mieten': { apartmenttypes: ['groundfloor'] },
@@ -144,7 +156,7 @@ export function convertWebToMobile(webUrl) {
 
   const realTypeKey = segments.at(-1);
   let realType = REAL_ESTATE_TYPE[realTypeKey];
-  let additionalParamsFromWebPath;
+  let additionalParamsFromWebPath = WEB_PATH_TO_APARTMENT_EQUIPMENT_MAP[realTypeKey] || null;
 
   if (!realType) {
     // Test for seo optimized apartment path (only used on the ImmoScout web app)
@@ -165,7 +177,7 @@ export function convertWebToMobile(webUrl) {
     Object.entries(rawParams).filter(([key]) => key !== 'enteredFrom' && PARAM_NAME_MAP[key]),
   );
 
-  const geocodes = `/${segments.slice(2, 5).join('/')}`;
+  const geocodes = `/${segments.slice(2, segments.length - 1).join('/')}`;
   const isRadius = segments.includes('radius');
   const mobileParams = {
     searchType: isRadius ? 'radius' : 'region',

lib/services/jobs/jobExecutionService.js

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2025 by Christian Kellner.
+ * Copyright (c) 2026 by Christian Kellner.
  * Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
  */
 
@@ -13,6 +13,7 @@ import FredyPipelineExecutioner from '../../FredyPipelineExecutioner.js';
 import * as similarityCache from '../similarity-check/similarityCache.js';
 import { isRunning, markFinished, markRunning } from './run-state.js';
 import { sendToUsers } from '../sse/sse-broker.js';
+import * as puppeteerExtractor from '../extractor/puppeteerExtractor.js';
 
 /**
  * Initializes the job execution service.
@@ -94,7 +95,7 @@ export function initJobExecutionService({ providers, settings, intervalMs }) {
    * @param {{userId?: string, isAdmin?: boolean}} [context] - Who requested the run; determines job filtering.
    * @returns {void}
    */
-  function runAll(respectWorkingHours = true, context = undefined) {
+  async function runAll(respectWorkingHours = true, context = undefined) {
     if (settings.demoMode) return;
     const now = Date.now();
     const withinHours = duringWorkingHoursOrNotSet(settings, now);
@@ -103,15 +104,18 @@ export function initJobExecutionService({ providers, settings, intervalMs }) {
       return;
     }
     settings.lastRun = now;
-    jobStorage
+    const jobs = jobStorage
       .getJobs()
       .filter((job) => job.enabled)
       .filter((job) => {
         if (!context) return true; // startup/cron → all
         if (context.isAdmin) return true; // admin → all
         return context.userId ? job.userId === context.userId : false; // user → own
-      })
-      .forEach((job) => executeJob(job));
+      });
+
+    for (const job of jobs) {
+      await executeJob(job);
+    }
   }
 
   /**
@@ -154,28 +158,43 @@ export function initJobExecutionService({ providers, settings, intervalMs }) {
     } catch (err) {
       logger.warn('Failed to emit start status for job', job.id, err);
     }
+    let browser;
     try {
       const jobProviders = job.provider.filter(
         (p) => providers.find((loaded) => loaded.metaInformation.id === p.id) != null,
       );
-      const executions = jobProviders.map(async (prov) => {
-        const matchedProvider = providers.find((loaded) => loaded.metaInformation.id === prov.id);
-        matchedProvider.init(prov, job.blacklist);
-        await new FredyPipelineExecutioner(
-          matchedProvider.config,
-          job.notificationAdapter,
-          prov.id,
-          job.id,
-          similarityCache,
-        ).execute();
-      });
-      const results = await Promise.allSettled(executions);
-      for (const r of results) {
-        if (r.status === 'rejected') {
-          logger.error(r.reason);
+      for (const prov of jobProviders) {
+        try {
+          const matchedProvider = providers.find((loaded) => loaded.metaInformation.id === prov.id);
+          matchedProvider.init({ ...prov, userId: job.userId }, job.blacklist);
+
+          if (browser && !browser.isConnected()) {
+            logger.debug('Browser is disconnected, nullifying to launch a new one.');
+            await puppeteerExtractor.closeBrowser(browser);
+            browser = null;
+          }
+
+          if (!browser && matchedProvider.config.getListings == null) {
+            browser = await puppeteerExtractor.launchBrowser(matchedProvider.config.url, {});
+          }
+
+          await new FredyPipelineExecutioner(
+            matchedProvider.config,
+            job.notificationAdapter,
+            job.spatialFilter,
+            prov.id,
+            job.id,
+            similarityCache,
+            browser,
+          ).execute();
+        } catch (err) {
+          logger.error(err);
         }
       }
     } finally {
+      if (browser) {
+        await puppeteerExtractor.closeBrowser(browser);
+      }
       markFinished(job.id);
       try {
         bus.emit('jobs:status', { jobId: job.id, running: false });

lib/services/jobs/run-state.js

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2025 by Christian Kellner.
+ * Copyright (c) 2026 by Christian Kellner.
  * Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
  */
 

lib/services/listings/distanceCalculator.js

@@ -0,0 +1,35 @@
+/*
+ * Copyright (c) 2026 by Christian Kellner.
+ * Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
+ */
+
+const R = 6371000; // Earth radius in meters
+/**
+ * Calculate the great-circle distance between two points on Earth using the Haversine formula.
+ * This is to calculate the distance between the listing address & the address provided by the user. I know, it is only
+ * a rough estimation as this calculates the distance as a straight line, but it's more convenient than using an external
+ * service and still gives a good approximation for sorting purposes.
+ * Returns distance in meters.
+ *
+ * @param {number} lat1
+ * @param {number} lon1
+ * @param {number} lat2
+ * @param {number} lon2
+ * @returns {number}
+ */
+export function distanceMeters(lat1, lon1, lat2, lon2) {
+  const toRad = (deg) => (deg * Math.PI) / 180;
+
+  const phi1 = toRad(lat1);
+  const phi2 = toRad(lat2);
+  const dPhi = toRad(lat2 - lat1);
+  const dLambda = toRad(lon2 - lon1);
+
+  const a =
+    Math.sin(dPhi / 2) * Math.sin(dPhi / 2) +
+    Math.cos(phi1) * Math.cos(phi2) * Math.sin(dLambda / 2) * Math.sin(dLambda / 2);
+
+  const c = 2 * Math.atan2(Math.sqrt(a), Math.sqrt(1 - a));
+
+  return Math.round(R * c * 10) / 10;
+}

lib/services/listings/listingActiveService.js

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2025 by Christian Kellner.
+ * Copyright (c) 2026 by Christian Kellner.
  * Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
  */
 

lib/services/listings/listingActiveTester.js

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2025 by Christian Kellner.
+ * Copyright (c) 2026 by Christian Kellner.
  * Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
  */
 
@@ -8,37 +8,71 @@ import { randomBetween, sleep } from '../../utils.js';
 
 const maxAttempts = 3;
 
+const userAgents = [
+  'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36',
+  'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36',
+  'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36',
+  'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.2 Safari/605.1.15',
+  'Mozilla/5.0 (iPhone; CPU iPhone OS 17_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5 Mobile/15E148 Safari/604.1',
+];
+
 /**
- * Check if a listing is still active with up to 3 attempts and exponential backoff.
- * Backoff waits are capped and the last wait is at most 2000 ms.
+ * Check if a listing is still active with up to 5 attempts and exponential backoff.
+ * Backoff waits are randomized and capped.
  *
  * Rules:
- * - HTTP 200 => return 1
+ * - HTTP 200 => return 1 (if checkForText is provided and found, returns 0)
  * - HTTP 401/403 => return -1 (most certainly detected as a bot)
  * - HTTP 404 => return 0
  * - Other statuses or network errors => retry until attempts are exhausted
  *
- * @returns {Promise<Integer>} 1 if active, o if not active and -1 if detected as bot
+ * @returns {Promise<Integer>} 1 if active, 0 if not active and -1 if detected as bot
  */
-export default async function checkIfListingIsActive(link) {
+export default async function checkIfListingIsActive(link, checkForText = null) {
   await sleep(randomBetween(50, 100));
 
   for (let attempt = 1; attempt <= maxAttempts; attempt++) {
     try {
+      const userAgent = userAgents[Math.floor(Math.random() * userAgents.length)];
       const res = await fetch(link, {
+        redirect: 'manual',
         headers: {
-          'User-Agent':
-            'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36',
-          'Accept-Language': 'de-DE,de;q=0.9,en;q=0.8',
+          'User-Agent': userAgent,
+          Accept:
+            'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7',
+          'Accept-Language': 'de-DE,de;q=0.9,en-US;q=0.8,en;q=0.7',
+          'Accept-Encoding': 'gzip, deflate, br',
+          'Cache-Control': 'max-age=0',
+          'Sec-Ch-Ua': '"Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24"',
+          'Sec-Ch-Ua-Mobile': '?0',
+          'Sec-Ch-Ua-Platform': '"macOS"',
+          'Sec-Fetch-Dest': 'document',
+          'Sec-Fetch-Mode': 'navigate',
+          'Sec-Fetch-Site': 'none',
+          'Sec-Fetch-User': '?1',
+          'Upgrade-Insecure-Requests': '1',
+          Referer: 'https://www.google.com/',
         },
       });
 
       if (res.status === 200) {
+        if (checkForText) {
+          const htmText = await res.text();
+          if (htmText.includes(checkForText)) {
+            return 0;
+          }
+        }
+
         return 1;
       }
-      if (res.status === 401) return -1;
-      if (res.status === 403) return -1;
-      if (res.status === 404) return 0;
+      if (res.status === 401 || res.status === 403) {
+        if (attempt < maxAttempts) {
+          await sleep(backoffDelay(attempt));
+          continue;
+        }
+        return -1;
+      }
+      if (res.status === 404 || res.status === 410) return 0;
 
       // For any other status, only retry if attempts remain
       if (attempt < maxAttempts) {
@@ -61,13 +95,13 @@ export default async function checkIfListingIsActive(link) {
 }
 
 /**
- * Exponential backoff delay with cap.
- * attempt: 1 -> 500ms, 2 -> 1000ms, 3 -> 2000ms (cap)
+ * Exponential backoff delay with cap and jitter.
  * @param {number} attempt 1-based attempt index
  * @returns {number} delay in ms
  */
 function backoffDelay(attempt) {
   const base = 500;
   const cap = 2000;
-  return Math.min(base * 2 ** (attempt - 1), cap);
+  const delay = Math.min(base * 2 ** (attempt - 1), cap);
+  return delay + randomBetween(0, 1000);
 }

lib/services/logger.js

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2025 by Christian Kellner.
+ * Copyright (c) 2026 by Christian Kellner.
  * Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
  */
 

lib/services/markdown.js

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2025 by Christian Kellner.
+ * Copyright (c) 2026 by Christian Kellner.
  * Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
  */
 

lib/services/queryStringMutator.js

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2025 by Christian Kellner.
+ * Copyright (c) 2026 by Christian Kellner.
  * Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
  */
 

lib/services/security/hash.js

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2025 by Christian Kellner.
+ * Copyright (c) 2026 by Christian Kellner.
  * Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
  */
 

lib/services/similarity-check/similarityCache.js

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2025 by Christian Kellner.
+ * Copyright (c) 2026 by Christian Kellner.
  * Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
  */
 

lib/services/sse/sse-broker.js

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2025 by Christian Kellner.
+ * Copyright (c) 2026 by Christian Kellner.
  * Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
  */
 

lib/services/storage/SqliteConnection.js

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2025 by Christian Kellner.
+ * Copyright (c) 2026 by Christian Kellner.
  * Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
  */
 
@@ -34,9 +34,8 @@ class SqliteConnection {
 
   static async init() {
     if (this.#sqlLiteCfg == null) {
-      readConfigFromStorage().then((c) => {
-        this.#sqlLiteCfg = c.sqlitepath;
-      });
+      const c = await readConfigFromStorage();
+      this.#sqlLiteCfg = c.sqlitepath;
     }
   }
   /**

lib/services/storage/backupRestoreService.js

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2025 by Christian Kellner.
+ * Copyright (c) 2026 by Christian Kellner.
  * Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
  */
 

lib/services/storage/jobStorage.js

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2025 by Christian Kellner.
+ * Copyright (c) 2026 by Christian Kellner.
  * Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
  */
 
@@ -30,6 +30,7 @@ export const upsertJob = ({
   notificationAdapter,
   userId,
   shareWithUsers = [],
+  spatialFilter = null,
 }) => {
   const id = jobId || nanoid();
   const existing = SqliteConnection.query(`SELECT id, user_id FROM jobs WHERE id = @id LIMIT 1`, { id })[0];
@@ -37,12 +38,13 @@ export const upsertJob = ({
   if (existing) {
     SqliteConnection.execute(
       `UPDATE jobs
-         SET enabled = @enabled,
-             name = @name,
-             blacklist = @blacklist,
-             provider = @provider,
-             notification_adapter = @notification_adapter,
-             shared_with_user = @shareWithUsers
+       SET enabled = @enabled,
+           name = @name,
+           blacklist = @blacklist,
+           provider = @provider,
+           notification_adapter = @notification_adapter,
+           shared_with_user = @shareWithUsers,
+           spatial_filter = @spatialFilter
        WHERE id = @id`,
       {
         id,
@@ -52,12 +54,13 @@ export const upsertJob = ({
         shareWithUsers: toJson(shareWithUsers ?? []),
         provider: toJson(provider ?? []),
         notification_adapter: toJson(notificationAdapter ?? []),
+        spatialFilter: spatialFilter ? toJson(spatialFilter) : null,
       },
     );
   } else {
     SqliteConnection.execute(
-      `INSERT INTO jobs (id, user_id, enabled, name, blacklist, provider, notification_adapter, shared_with_user)
-       VALUES (@id, @user_id, @enabled, @name, @blacklist, @provider, @notification_adapter, @shareWithUsers)`,
+      `INSERT INTO jobs (id, user_id, enabled, name, blacklist, provider, notification_adapter, shared_with_user, spatial_filter)
+       VALUES (@id, @user_id, @enabled, @name, @blacklist, @provider, @notification_adapter, @shareWithUsers, @spatialFilter)`,
       {
         id,
         user_id: ownerId,
@@ -67,6 +70,7 @@ export const upsertJob = ({
         provider: toJson(provider ?? []),
         shareWithUsers: toJson(shareWithUsers ?? []),
         notification_adapter: toJson(notificationAdapter ?? []),
+        spatialFilter: spatialFilter ? toJson(spatialFilter) : null,
       },
     );
   }
@@ -87,10 +91,11 @@ export const getJob = (jobId) => {
             j.provider,
             j.shared_with_user,
             j.notification_adapter AS notificationAdapter,
-            (SELECT COUNT(1) FROM listings l WHERE l.job_id = j.id) AS numberOfFoundListings
-       FROM jobs j
-      WHERE j.id = @id
-      LIMIT 1`,
+            j.spatial_filter AS spatialFilter,
+            (SELECT COUNT(1) FROM listings l WHERE l.job_id = j.id AND l.is_active = 1 AND l.manually_deleted = 0) AS numberOfFoundListings
+     FROM jobs j
+     WHERE j.id = @id
+       LIMIT 1`,
     { id: jobId },
   )[0];
   if (!row) return null;
@@ -101,6 +106,7 @@ export const getJob = (jobId) => {
     provider: fromJson(row.provider, []),
     shared_with_user: fromJson(row.shared_with_user, []),
     notificationAdapter: fromJson(row.notificationAdapter, []),
+    spatialFilter: fromJson(row.spatialFilter, null),
   };
 };
 
@@ -150,9 +156,11 @@ export const getJobs = () => {
             j.provider,
             j.shared_with_user,
             j.notification_adapter AS notificationAdapter,
-            (SELECT COUNT(1) FROM listings l WHERE l.job_id = j.id) AS numberOfFoundListings
-       FROM jobs j
-       ORDER BY j.name IS NULL, j.name`,
+            j.spatial_filter AS spatialFilter,
+            (SELECT COUNT(1) FROM listings l WHERE l.job_id = j.id AND l.is_active = 1 AND l.manually_deleted = 0) AS numberOfFoundListings
+     FROM jobs j
+     WHERE j.enabled = 1
+     ORDER BY j.name IS NULL, j.name`,
   );
   return rows.map((row) => ({
     ...row,
@@ -161,6 +169,7 @@ export const getJobs = () => {
     provider: fromJson(row.provider, []),
     shared_with_user: fromJson(row.shared_with_user, []),
     notificationAdapter: fromJson(row.notificationAdapter, []),
+    spatialFilter: fromJson(row.spatialFilter, null),
   }));
 };
 
@@ -189,7 +198,7 @@ export const queryJobs = ({
   isAdmin = false,
 } = {}) => {
   // sanitize inputs
-  const safePageSize = Number.isFinite(pageSize) && pageSize > 0 ? Math.min(500, Math.floor(pageSize)) : 50;
+  const safePageSize = Number.isFinite(pageSize) && pageSize > 0 ? Math.min(1000, Math.floor(pageSize)) : 50;
   const safePage = Number.isFinite(page) && page > 0 ? Math.floor(page) : 1;
   const offset = (safePage - 1) * safePageSize;
 
@@ -250,11 +259,12 @@ export const queryJobs = ({
             j.provider,
             j.shared_with_user,
             j.notification_adapter AS notificationAdapter,
-            (SELECT COUNT(1) FROM listings l WHERE l.job_id = j.id) AS numberOfFoundListings
+            j.spatial_filter AS spatialFilter,
+            (SELECT COUNT(1) FROM listings l WHERE l.job_id = j.id AND l.is_active = 1 AND l.manually_deleted = 0) AS numberOfFoundListings
      FROM jobs j
        ${whereSql}
-         ${orderSql}
-     LIMIT @limit OFFSET @offset`,
+       ${orderSql}
+       LIMIT @limit OFFSET @offset`,
     params,
   );
 
@@ -265,6 +275,7 @@ export const queryJobs = ({
     provider: fromJson(row.provider, []),
     shared_with_user: fromJson(row.shared_with_user, []),
     notificationAdapter: fromJson(row.notificationAdapter, []),
+    spatialFilter: fromJson(row.spatialFilter, null),
   }));
 
   return { totalNumber, page: safePage, result };