From fad61a65e53f81bc060c4bacd7eca675d988258e Mon Sep 17 00:00:00 2001
From: dansc <dansc@yandex.ru>
Date: Tue, 9 Jun 2026 18:06:22 +0300
Subject: [PATCH 1/2] feat: web dashboard + chrome extension for runtime
 account management
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Add a localhost-only web dashboard and a Chrome extension to manage the
DeepSeek account pool at runtime, layered on top of the existing file-based
pool (no duplicate pool):

- routes: GET /dashboard, GET /api/accounts, POST /api/accounts/import
  (cURL/HAR), POST /api/accounts/:id/check, DELETE /api/accounts/:id,
  GET /api/auth-status — localhost-only and CSRF-guarded
- runtime add/delete writes/removes managed files in data/accounts/ then
  reloads the pool; secrets written 0600 and gitignored
- live account check via GET /api/v0/users/current (no PoW), 15s timeout
- scripts/auth_from_curl.js + auth_from_har.js import helpers
- lib/parseAuth.js parses cURL/HAR auth captures
---
 .gitignore                     |   2 +
 chrome-extension/README.md     |  31 +++
 chrome-extension/background.js | 138 +++-------
 chrome-extension/manifest.json |  35 +--
 chrome-extension/popup.html    |  43 ++-
 chrome-extension/popup.js      | 230 ++++++++++------
 data/accounts/.gitkeep         |   0
 lib/parseAuth.js               | 107 ++++++++
 public/dashboard.html          | 468 +++++++++++++++++++++++++++++++++
 scripts/auth_from_curl.js      |  55 ++++
 scripts/auth_from_har.js       |  41 +++
 server.js                      | 257 +++++++++++++++++-
 12 files changed, 1204 insertions(+), 203 deletions(-)
 create mode 100644 chrome-extension/README.md
 create mode 100644 data/accounts/.gitkeep
 create mode 100644 lib/parseAuth.js
 create mode 100644 public/dashboard.html
 create mode 100644 scripts/auth_from_curl.js
 create mode 100644 scripts/auth_from_har.js

diff --git a/.gitignore b/.gitignore
index 2610c6d..a8cab52 100644
--- a/.gitignore
+++ b/.gitignore
@@ -3,6 +3,8 @@ node_modules/
 *.log
 auth.json
 deepseek-auth.json
+# Runtime-added auth files contain secrets — keep the dir, ignore its contents.
+data/accounts/*.json
 .chrome-profile-deepseek/
 .chrome-for-testing-profile-deepseek/
 .chrome-for-testing-profile-deepseek.stale-*/
diff --git a/chrome-extension/README.md b/chrome-extension/README.md
new file mode 100644
index 0000000..169369d
--- /dev/null
+++ b/chrome-extension/README.md
@@ -0,0 +1,31 @@
+# DeepSeek → FreeDeepseekAPI (расширение)
+
+Добавляет аккаунт DeepSeek в локальный FreeDeepseekAPI **одним кликом**:
+перехватывает заголовки реального запроса к `chat.deepseek.com/api/...`
+(`token` из `Authorization`, все cookie, `hif_*`) и отправляет на
+`http://localhost:9655/api/accounts/import`.
+
+Работает в Firefox и Chrome/Edge (Manifest V3).
+
+## Установка
+
+**Firefox**
+1. Откройте `about:debugging#/runtime/this-firefox`
+2. «Загрузить временное дополнение» → выберите `manifest.json` из этой папки.
+   (Временное дополнение: после перезапуска Firefox установить заново.)
+
+**Chrome / Edge**
+1. Откройте `chrome://extensions`
+2. Включите «Режим разработчика».
+3. «Загрузить распакованное» → выберите эту папку.
+
+## Использование
+1. Запустите FreeDeepseekAPI (порт 9655).
+2. Откройте `chat.deepseek.com` и войдите в нужный аккаунт.
+3. **Отправьте любое сообщение** (например `ok`) — чтобы прошёл запрос, из которого берутся креды.
+4. Клик по иконке расширения → **«➕ Добавить в FreeDeepseekAPI»**.
+
+Для нескольких аккаунтов повторите из разных профилей/логинов браузера.
+
+Вспомогательные кнопки: «Собрать» (показать креды), «Копировать JSON»,
+«Скачать файл» (`deepseek-auth.json`) — на случай ручного импорта через дашборд.
diff --git a/chrome-extension/background.js b/chrome-extension/background.js
index 7b32d94..481c500 100644
--- a/chrome-extension/background.js
+++ b/chrome-extension/background.js
@@ -1,97 +1,45 @@
-// DeepSeek Auth Exporter — Background Service Worker
-// Reads cookies from Chrome, forwards content-script localStorage data.
-
-const STORAGE_KEY = 'deepseek_auth';
-
-// Read all needed cookies from chat.deepseek.com
-async function readCookies() {
-  const needed = ['token', 'ds_session_id', 'smidV2'];
-  const results = {};
-  for (const name of needed) {
-    const cookie = await new Promise((resolve) =>
-      chrome.cookies.get({ url: 'https://chat.deepseek.com', name }, resolve)
-    );
-    results[name] = cookie ? cookie.value : '';
-  }
-
-  // Build cookie header string
-  const parts = [];
-  if (results.ds_session_id) parts.push(`ds_session_id=${results.ds_session_id}`);
-  if (results.smidV2) parts.push(`smidV2=${results.smidV2}`);
-  results.cookie = parts.join('; ');
-
-  return results;
-}
-
-// Read localStorage values via content script injection
-async function readLocalStorage(tabId) {
-  const keys = ['hif_dliq', 'hif_leim'];
-  try {
-    const results = await new Promise((resolve, reject) => {
-      chrome.tabs.sendMessage(
-        tabId,
-        { action: 'readLocalStorage', keys },
-        (response) => {
-          if (chrome.runtime.lastError) reject(chrome.runtime.lastError.message);
-          else resolve(response.data || {});
+// DeepSeek → FreeDeepseekAPI — перехват заголовков реального запроса.
+// token (Authorization: Bearer), cookie (все), hif (x-hif-*) берутся из
+// настоящего запроса к chat.deepseek.com/api/... — как в HAR/cURL.
+
+const WASM_DEFAULT = 'https://fe-static.deepseek.com/chat/static/sha3_wasm_bg.7b9ca65ddd.wasm';
+const KEY = 'deepseek_capture';
+
+// extraHeaders нужен Chrome для доступа к Cookie/Authorization; Firefox даёт их без него.
+const opts = ['requestHeaders'];
+try {
+    if (chrome.webRequest.OnBeforeSendHeadersOptions &&
+        chrome.webRequest.OnBeforeSendHeadersOptions.EXTRA_HEADERS) {
+        opts.push('extraHeaders');
+    }
+} catch (e) { /* Firefox: опции нет — это нормально */ }
+
+chrome.webRequest.onBeforeSendHeaders.addListener(
+    (details) => {
+        const h = {};
+        for (const x of (details.requestHeaders || [])) h[x.name.toLowerCase()] = x.value;
+        const auth = h['authorization'] || '';
+        const token = /^bearer\s+\S/i.test(auth) ? auth.replace(/^bearer\s+/i, '').trim() : '';
+        const cookie = h['cookie'] || '';
+        if (token && cookie) {
+            const cap = {
+                token,
+                cookie,
+                hif_dliq: h['x-hif-dliq'] || '',
+                hif_leim: h['x-hif-leim'] || '',
+                wasmUrl: WASM_DEFAULT,
+                _t: Date.now(),
+            };
+            chrome.storage.local.set({ [KEY]: cap });
         }
-      );
-    });
-    return results;
-  } catch (e) {
-    return {};
-  }
-}
-
-// Find an open DeepSeek tab
-function findDeepSeekTab() {
-  return new Promise((resolve) => {
-    chrome.tabs.query(
-      { url: 'https://chat.deepseek.com/*' },
-      (tabs) => resolve(tabs.length > 0 ? tabs[0] : null)
-    );
-  });
-}
-
-async function collectAndStore(tabId) {
-  const cookies = await readCookies();
-  let ls = {};
-  if (tabId) ls = await readLocalStorage(tabId);
-
-  const merged = {
-    token: cookies.token || '',
-    ds_session_id: cookies.ds_session_id || '',
-    smidV2: cookies.smidV2 || '',
-    cookie: cookies.cookie || '',
-    hif_dliq: ls.hif_dliq || '',
-    hif_leim: ls.hif_leim || '',
-    _lastUpdated: new Date().toISOString(),
-  };
-
-  await new Promise((resolve) =>
-    chrome.storage.local.set({ [STORAGE_KEY]: merged }, resolve)
-  );
-  return merged;
-}
-
-// Message handler — popup requests
-chrome.runtime.onMessage.addListener((request, sender, sendResponse) => {
-  if (request.action === 'collect') {
-    findDeepSeekTab().then(async (tab) => {
-      if (!tab) {
-        sendResponse({ success: false, error: 'No DeepSeek tab open' });
-        return;
-      }
-      const auth = await collectAndStore(tab.id);
-      sendResponse({ success: true, auth });
-    });
-    return true; // keep channel open for async
-  }
-
-  if (request.action === 'export') {
-    chrome.storage.local.get(STORAGE_KEY, (result) => {
-      sendResponse({ success: true, auth: result[STORAGE_KEY] || {} });
-    });
-    return true;
-  }
+    },
+    { urls: ['https://chat.deepseek.com/api/*'] },
+    opts
+);
+
+chrome.runtime.onMessage.addListener((req, sender, sendResponse) => {
+    if (req.action === 'get') {
+        chrome.storage.local.get(KEY, (r) => sendResponse({ success: true, cap: r[KEY] || null }));
+        return true; // async
+    }
 });
diff --git a/chrome-extension/manifest.json b/chrome-extension/manifest.json
index 0dd2fa3..5ff23de 100644
--- a/chrome-extension/manifest.json
+++ b/chrome-extension/manifest.json
@@ -1,27 +1,28 @@
 {
   "manifest_version": 3,
-  "name": "DeepSeek Auth Exporter",
-  "version": "1.0",
-  "description": "Extract DeepSeek Chat credentials from cookies + localStorage for use with the web API proxy",
-  "permissions": ["cookies", "storage", "downloads"],
-  "host_permissions": ["https://chat.deepseek.com/*"],
-  "content_scripts": [
-    {
-      "matches": ["https://chat.deepseek.com/*"],
-      "js": ["content.js"],
-      "run_at": "document_idle"
+  "name": "DeepSeek → FreeDeepseekAPI",
+  "version": "1.3",
+  "description": "Добавляет аккаунт DeepSeek в локальный FreeDeepseekAPI одним кликом. Перехватывает заголовки запроса chat.deepseek.com (token + cookie + hif).",
+  "author": "FreeDeepseekAPI",
+  "browser_specific_settings": {
+    "gecko": {
+      "id": "freedeepseek-auth@forgetmeai",
+      "strict_min_version": "121.0",
+      "data_collection_permissions": { "required": ["none"] }
     }
+  },
+  "permissions": ["webRequest", "storage"],
+  "host_permissions": [
+    "https://chat.deepseek.com/*",
+    "http://localhost:9655/*",
+    "http://127.0.0.1:9655/*"
   ],
   "background": {
-    "service_worker": "background.js"
+    "service_worker": "background.js",
+    "scripts": ["background.js"]
   },
   "action": {
     "default_popup": "popup.html",
-    "default_icon": {
-      "48": "icon.png"
-    }
-  },
-  "icons": {
-    "48": "icon.png"
+    "default_title": "DeepSeek → FreeDeepseekAPI"
   }
 }
diff --git a/chrome-extension/popup.html b/chrome-extension/popup.html
index f5837d7..b72ad1d 100644
--- a/chrome-extension/popup.html
+++ b/chrome-extension/popup.html
@@ -22,18 +22,43 @@
     .json-display { background: #0d1117; border: 1px solid #333; border-radius: 4px; padding: 8px; font-size: 10px; font-family: 'Courier New', monospace; color: #7ee787; white-space: pre-wrap; word-break: break-all; max-height: 180px; overflow-y: auto; margin-bottom: 8px; }
     .field label { display: block; font-size: 11px; color: #999; margin-bottom: 4px; }
     .detail { font-size: 10px; color: #666; text-align: center; }
+    .pool-section { margin-top: 14px; border-top: 1px solid #333; padding-top: 10px; }
+    .pool-header { display: flex; justify-content: space-between; align-items: center; margin-bottom: 8px; }
+    .pool-header .title { font-size: 12px; color: #4fc3f7; font-weight: 600; }
+    .link-btn { background: none; border: 1px solid #444; color: #9ccc65; border-radius: 5px; padding: 4px 8px; font-size: 11px; cursor: pointer; }
+    .link-btn:hover { background: #ffffff10; }
+    .link-btn:disabled { opacity: 0.5; cursor: default; }
+    .pool-list { display: flex; flex-direction: column; gap: 4px; max-height: 220px; overflow-y: auto; }
+    .pool-row { display: flex; align-items: center; gap: 6px; padding: 6px 8px; background: #0d1117; border: 1px solid #2a2a3a; border-radius: 5px; font-size: 11px; }
+    .pool-row .id { color: #888; font-family: 'Courier New', monospace; min-width: 40px; }
+    .pool-row .email { flex: 1; color: #ccc; overflow: hidden; text-overflow: ellipsis; white-space: nowrap; }
+    .badge { padding: 2px 7px; border-radius: 10px; font-size: 10px; font-weight: 600; white-space: nowrap; }
+    .badge.ok { background: #1b5e2033; color: #66bb6a; border: 1px solid #2e7d32; }
+    .badge.invalid { background: #b71c1c33; color: #ef5350; border: 1px solid #c62828; }
+    .badge.wait { background: #e6510033; color: #ff9800; border: 1px solid #e65100; }
+    .badge.expired { background: #44444433; color: #999; border: 1px solid #555; }
+    .badge.checking { background: #1565c033; color: #4fc3f7; border: 1px solid #1565c0; }
+    .row-actions { display: flex; gap: 4px; }
+    .acc-btn { background: #ffffff0d; border: 1px solid #444; color: #ddd; border-radius: 4px; padding: 3px 7px; font-size: 11px; cursor: pointer; }
+    .acc-btn:hover { background: #ffffff1a; }
+    .acc-btn.danger:hover { background: #b71c1c44; color: #ef5350; }
+    .acc-btn.confirm { background: #b71c1c; color: #fff; border-color: #c62828; }
+    .pool-empty { color: #666; font-size: 11px; text-align: center; padding: 10px; }
   </style>
 </head>
 <body>
-  <h1>🔑 DeepSeek Auth Exporter</h1>
-  <div class="sub">Export credentials for <code>FreeDeepseekAPI</code></div>
+  <h1>🔑 DeepSeek → FreeDeepseekAPI</h1>
+  <div class="sub">Откройте <code>chat.deepseek.com</code>, <b>отправьте любое сообщение</b>, затем нажмите кнопку</div>
 
   <div id="status" class="status warn">⏳ Loading...</div>
 
   <div class="btn-row">
-    <button id="btnCollect" class="btn-primary">🔄 Collect from Tab</button>
-    <button id="btnCopy" class="btn-success">📋 Copy JSON</button>
-    <button id="btnSave" class="btn-warn">💾 Download File</button>
+    <button id="btnAdd" class="btn-primary" style="font-size:13px;padding:11px">➕ Добавить в FreeDeepseekAPI</button>
+  </div>
+  <div class="btn-row">
+    <button id="btnCollect" class="btn-success">🔄 Собрать</button>
+    <button id="btnCopy" class="btn-success">📋 Копировать JSON</button>
+    <button id="btnSave" class="btn-warn">💾 Скачать файл</button>
   </div>
 
   <div class="field">
@@ -43,6 +68,14 @@ <h1>🔑 DeepSeek Auth Exporter</h1>
 
   <div class="detail" id="detail">Open chat.deepseek.com, then click Collect</div>
 
+  <div class="pool-section">
+    <div class="pool-header">
+      <span class="title" id="poolTitle">Пул аккаунтов</span>
+      <button id="btnCheckAll" class="link-btn">↻ Проверить все</button>
+    </div>
+    <div id="pool" class="pool-list"></div>
+  </div>
+
   <script src="popup.js"></script>
 </body>
 </html>
diff --git a/chrome-extension/popup.js b/chrome-extension/popup.js
index 4e86805..e2c4127 100644
--- a/chrome-extension/popup.js
+++ b/chrome-extension/popup.js
@@ -1,103 +1,171 @@
-// DeepSeek Auth Exporter — Popup Script
-
+// DeepSeek → FreeDeepseekAPI — Popup
 function $(id) { return document.getElementById(id); }
+const API_BASE = 'http://localhost:9655';
+const PROXY_URL = API_BASE + '/api/accounts/import';
+
+let current = null; // перехваченный набор кредов {token,cookie,hif_*,wasmUrl}
 
-const WASM_URL = 'https://fe-static.deepseek.com/chat/static/sha3_wasm_bg.7b9ca65ddd.wasm';
+function setStatus(cls, text) { $('status').className = 'status ' + cls; $('status').textContent = text; }
 
-function buildAuthJson(data) {
-  const cookie = [];
-  if (data.ds_session_id) cookie.push(`ds_session_id=${data.ds_session_id}`);
-  if (data.smidV2) cookie.push(`smidV2=${data.smidV2}`);
+function render(cap) {
+    if (!cap || !cap.token || !cap.cookie) {
+        setStatus('warn', '⚠️ Откройте chat.deepseek.com и ОТПРАВЬТЕ любое сообщение, затем нажмите кнопку.');
+        $('jsonPreview').textContent = '{ }';
+        $('detail').textContent = 'Креды появятся после запроса к DeepSeek';
+        return null;
+    }
+    const auth = { token: cap.token, hif_dliq: cap.hif_dliq || '', hif_leim: cap.hif_leim || '', cookie: cap.cookie, wasmUrl: cap.wasmUrl };
+    // превью с маскировкой секретов
+    $('jsonPreview').textContent = JSON.stringify({
+        token: auth.token.slice(0, 6) + '…(' + auth.token.length + ')',
+        cookie: auth.cookie.slice(0, 48) + '…',
+        hif_leim: auth.hif_leim ? ('…(' + auth.hif_leim.length + ')') : '',
+    }, null, 2);
+    setStatus('ok', '✅ Перехвачено: token + cookie' + (auth.hif_leim ? ' + hif' : '') + ' — готово');
+    $('detail').textContent = cap._t ? ('Обновлено: ' + new Date(cap._t).toLocaleTimeString()) : '';
+    return auth;
+}
 
-  return {
-    token: data.token || '',
-    hif_dliq: data.hif_dliq || '',
-    hif_leim: data.hif_leim || '',
-    cookie: cookie.join('; '),
-    wasmUrl: WASM_URL,
-  };
+function refresh() {
+    chrome.runtime.sendMessage({ action: 'get' }, (r) => { current = (r && r.success) ? render(r.cap) : render(null); });
 }
 
-function getStatus(auth, data) {
-  const checks = [
-    { label: 'token', ok: !!auth.token },
-    { label: 'cookie (ds_session_id / smidV2)', ok: auth.cookie.includes('=') },
-    { label: 'hif_dliq', ok: !!auth.hif_dliq },
-    { label: 'hif_leim', ok: !!auth.hif_leim },
-  ];
-  return { checks, allOk: checks.every((c) => c.ok) };
+// ── Панель пула (строится через DOM API, без innerHTML, чтобы исключить XSS) ──
+function mkBtn(act, label, title, cls) {
+    const b = document.createElement('button');
+    b.className = cls; b.dataset.act = act; b.title = title; b.textContent = label;
+    return b;
 }
 
-function render(data) {
-  const auth = buildAuthJson(data);
-  const preview = JSON.stringify(auth, null, 2);
-  $('jsonPreview').textContent = preview;
-
-  const { checks, allOk } = getStatus(auth, data);
-  const missing = checks.filter((c) => !c.ok).map((c) => c.label);
-
-  if (!data._lastUpdated) {
-    $('status').className = 'status warn';
-    $('status').textContent = '⚠️ No credentials yet. Click "Collect from Tab" while on chat.deepseek.com';
-  } else if (allOk) {
-    $('status').className = 'status ok';
-    $('status').textContent = '✅ All 4 credentials captured — ready to export';
-  } else {
-    $('status').className = 'status warn';
-    $('status').textContent = `⚠️ Missing: ${missing.join(', ')}`;
-  }
-
-  $('detail').textContent = data._lastUpdated
-    ? `Last updated: ${data._lastUpdated}`
-    : 'Open chat.deepseek.com, then click Collect';
+function setEmpty(text) {
+    const pool = $('pool'); pool.textContent = '';
+    const e = document.createElement('div'); e.className = 'pool-empty'; e.textContent = text;
+    pool.appendChild(e);
 }
 
-function loadAuth() {
-  chrome.runtime.sendMessage({ action: 'export' }, (response) => {
-    if (response && response.success) render(response.auth);
-    else {
-      $('status').className = 'status err';
-      $('status').textContent = '❌ Failed to read stored credentials';
+function renderPool(list) {
+    $('poolTitle').textContent = `Пул аккаунтов (${list.length})`;
+    if (!list.length) { setEmpty('Нет аккаунтов'); return; }
+    const pool = $('pool'); pool.textContent = '';
+    for (const a of list) {
+        const row = document.createElement('div');
+        row.className = 'pool-row'; row.dataset.id = a.id;
+
+        const idEl = document.createElement('span');
+        idEl.className = 'id'; idEl.textContent = a.id;
+
+        const emailEl = document.createElement('span');
+        emailEl.className = 'email'; emailEl.textContent = a.email || '—'; emailEl.title = a.email || '';
+
+        const badge = document.createElement('span');
+        badge.className = 'badge ' + (a.status || '').toLowerCase(); badge.textContent = a.status || '—';
+
+        const actions = document.createElement('span');
+        actions.className = 'row-actions';
+        actions.append(mkBtn('check', '↻', 'Проверить', 'acc-btn'), mkBtn('del', '✕', 'Удалить', 'acc-btn danger'));
+
+        row.append(idEl, emailEl, badge, actions);
+        pool.appendChild(row);
     }
-  });
 }
 
-// Collect button — reads cookies + localStorage from active DeepSeek tab
-$('btnCollect').addEventListener('click', () => {
-  $('status').className = 'status warn';
-  $('status').textContent = '⏳ Collecting from chat.deepseek.com...';
-  chrome.runtime.sendMessage({ action: 'collect' }, (response) => {
-    if (response && response.success) {
-      render(response.auth);
-    } else {
-      $('status').className = 'status err';
-      $('status').textContent = '❌ ' + (response?.error || 'Unknown error');
+async function loadPool() {
+    try {
+        const r = await fetch(API_BASE + '/api/accounts');
+        const j = await r.json();
+        renderPool(j.accounts || []);
+    } catch {
+        $('poolTitle').textContent = 'Пул аккаунтов';
+        setEmpty('FreeDeepseekAPI недоступен на :9655');
     }
-  });
+}
+
+async function checkAccount(id) {
+    const row = document.querySelector(`.pool-row[data-id="${id}"]`);
+    const b = row && row.querySelector('.badge');
+    if (b) { b.className = 'badge checking'; b.textContent = '…'; }
+    try {
+        const r = await fetch(`${API_BASE}/api/accounts/${id}/check`, { method: 'POST' });
+        const j = await r.json();
+        if (b) { b.className = 'badge ' + (j.status || '').toLowerCase(); b.textContent = j.status || '—'; }
+        if (j.email && row) { const em = row.querySelector('.email'); em.textContent = j.email; em.title = j.email; }
+        return j.status;
+    } catch { if (b) { b.className = 'badge invalid'; b.textContent = 'ERR'; } return 'ERROR'; }
+}
+
+async function deleteAccount(id) {
+    try { await fetch(`${API_BASE}/api/accounts/${id}`, { method: 'DELETE' }); } catch { /* noop */ }
+    loadPool();
+}
+
+// делегирование кликов в панели (check / удаление с инлайн-подтверждением)
+$('pool').addEventListener('click', (e) => {
+    const btn = e.target.closest('.acc-btn'); if (!btn) return;
+    const row = btn.closest('.pool-row'); const id = row && row.dataset.id; if (!id) return;
+    const act = btn.dataset.act;
+    if (act === 'check') { checkAccount(id); return; }
+    if (act === 'del') {
+        const actions = btn.parentElement; actions.textContent = '';
+        actions.append(mkBtn('yes', '✓', 'Удалить', 'acc-btn confirm'), mkBtn('no', '✗', 'Отмена', 'acc-btn'));
+        return;
+    }
+    if (act === 'yes') deleteAccount(id);
+    else if (act === 'no') loadPool();
 });
 
-// Copy JSON button
+async function checkAll() {
+    $('btnCheckAll').disabled = true;
+    const ids = [...document.querySelectorAll('.pool-row')].map(r => r.dataset.id);
+    for (const id of ids) await checkAccount(id);
+    $('btnCheckAll').disabled = false;
+}
+$('btnCheckAll').addEventListener('click', checkAll);
+
+// ── Главная кнопка — добавить перехваченные креды + авто-валидация ──
+$('btnAdd').addEventListener('click', async () => {
+    if (!current) {
+        refresh();
+        setStatus('warn', '⏳ Кредов нет. Отправьте сообщение в DeepSeek и нажмите снова.');
+        return;
+    }
+    setStatus('warn', '⏳ Отправка в FreeDeepseekAPI…');
+    try {
+        const r = await fetch(PROXY_URL, { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify(current) });
+        const j = await r.json();
+        if (j.ok) {
+            const who = j.email ? ` (${j.email})` : '';
+            setStatus('ok', `✅ Добавлен как ${j.id}${who} — проверяю…`);
+            await loadPool();
+            const st = await checkAccount(j.id);
+            if (st === 'OK') setStatus('ok', `🟢 ${j.id}${who} — рабочий`);
+            else setStatus('err', `🔴 ${j.id} — статус: ${st || 'неизвестен'}`);
+        } else if (j.existingId) {
+            setStatus('warn', `⚠️ Уже добавлен как ${j.existingId}`);
+            loadPool();
+        } else {
+            setStatus('err', '❌ ' + (j.error || 'Ошибка добавления'));
+        }
+    } catch (e) {
+        setStatus('err', '❌ FreeDeepseekAPI недоступен на localhost:9655 (запущен?)');
+    }
+});
+
+$('btnCollect').addEventListener('click', refresh);
+
 $('btnCopy').addEventListener('click', () => {
-  const json = $('jsonPreview').textContent;
-  navigator.clipboard.writeText(json).then(() => {
-    $('btnCopy').textContent = '✅ Copied!';
-    setTimeout(() => { $('btnCopy').textContent = '📋 Copy JSON'; }, 1500);
-  });
+    if (!current) return;
+    navigator.clipboard.writeText(JSON.stringify(current, null, 2)).then(() => {
+        $('btnCopy').textContent = '✅'; setTimeout(() => { $('btnCopy').textContent = '📋 Копировать JSON'; }, 1200);
+    });
 });
 
-// Download file button
 $('btnSave').addEventListener('click', () => {
-  const json = $('jsonPreview').textContent;
-  const blob = new Blob([json + '\n'], { type: 'application/json' });
-  const url = URL.createObjectURL(blob);
-  const a = document.createElement('a');
-  a.href = url;
-  a.download = 'deepseek-auth.json';
-  a.click();
-  URL.revokeObjectURL(url);
-  $('btnSave').textContent = '✅ Saved!';
-  setTimeout(() => { $('btnSave').textContent = '💾 Download File'; }, 1500);
+    if (!current) return;
+    const blob = new Blob([JSON.stringify(current, null, 2) + '\n'], { type: 'application/json' });
+    const url = URL.createObjectURL(blob);
+    const a = document.createElement('a'); a.href = url; a.download = 'deepseek-auth.json'; a.click();
+    URL.revokeObjectURL(url);
 });
 
-// Initial load
-loadAuth();
+refresh();
+loadPool();
diff --git a/data/accounts/.gitkeep b/data/accounts/.gitkeep
new file mode 100644
index 0000000..e69de29
diff --git a/lib/parseAuth.js b/lib/parseAuth.js
new file mode 100644
index 0000000..b333b9a
--- /dev/null
+++ b/lib/parseAuth.js
@@ -0,0 +1,107 @@
+'use strict';
+/*
+  Общий парсер авторизации DeepSeek из "Copy as cURL" или HAR-файла.
+  Используется и CLI-скриптами (scripts/auth_from_*.js), и эндпоинтом
+  дашборда POST /api/accounts/import. Возвращает плоский объект
+  { token, cookie, hif_dliq, hif_leim, wasmUrl } или { error }.
+*/
+
+const WASM_DEFAULT = 'https://fe-static.deepseek.com/chat/static/sha3_wasm_bg.7b9ca65ddd.wasm';
+
+// -H 'name: value' | -H "name: value" | --header ...
+function extractHeadersFromCurl(curl) {
+    const headers = {};
+    const re = /(?:-H|--header)\s+(['"])(.+?):\s?([\s\S]*?)\1(?=\s|$)/g;
+    let m;
+    while ((m = re.exec(curl))) headers[m[2].trim().toLowerCase()] = m[3].trim();
+    if (!headers['cookie']) {
+        const mc = curl.match(/(?:-b|--cookie)\s+(['"])([\s\S]*?)\1(?=\s|$)/);
+        if (mc) headers['cookie'] = mc[2].trim();
+    }
+    return headers;
+}
+
+function fromHeaders(h) {
+    return {
+        token: (h['authorization'] || '').replace(/^Bearer\s+/i, '').trim(),
+        cookie: h['cookie'] || '',
+        hif_dliq: h['x-hif-dliq'] || '',
+        hif_leim: h['x-hif-leim'] || '',
+    };
+}
+
+function parseCurl(curl) {
+    const s = String(curl || '');
+    const r = fromHeaders(extractHeadersFromCurl(s));
+    const wm = s.match(/https?:\/\/[^\s'"]*sha3[^\s'"]*\.wasm/i);
+    r.wasmUrl = wm ? wm[0] : '';
+    return r;
+}
+
+function parseHar(harText) {
+    let har;
+    try { har = (typeof harText === 'object') ? harText : JSON.parse(harText); }
+    catch { return { error: 'Не удалось прочитать HAR (не JSON)' }; }
+    const entries = (har.log && har.log.entries) || [];
+    const hv = (hs, n) => { const x = (hs || []).find(y => (y.name || '').toLowerCase() === n); return x ? (x.value || '') : ''; };
+
+    // выбираем лучший запрос к deepseek с Authorization: Bearer
+    let best = null;
+    for (const e of entries) {
+        const req = e.request || {};
+        const url = req.url || '';
+        if (!/deepseek\.com/i.test(url)) continue;
+        const auth = hv(req.headers, 'authorization');
+        if (!/bearer\s+\S/i.test(auth)) continue;
+        const cookie = hv(req.headers, 'cookie');
+        const dliq = hv(req.headers, 'x-hif-dliq');
+        const leim = hv(req.headers, 'x-hif-leim');
+        const score = (cookie ? 2 : 0) + (dliq ? 1 : 0) + (leim ? 1 : 0) + (/\/api\//.test(url) ? 1 : 0);
+        if (!best || score > best.score) {
+            best = { score, token: auth.replace(/^Bearer\s+/i, '').trim(), cookie, hif_dliq: dliq, hif_leim: leim };
+        }
+    }
+    if (!best) return { error: 'В HAR нет запросов к deepseek.com с заголовком Authorization: Bearer' };
+
+    let wasmUrl = '';
+    for (const e of entries) { const u = (e.request && e.request.url) || ''; if (/sha3.*\.wasm/i.test(u)) { wasmUrl = u; break; } }
+    return { token: best.token, cookie: best.cookie, hif_dliq: best.hif_dliq, hif_leim: best.hif_leim, wasmUrl };
+}
+
+// Авто-определение формата ввода (HAR — JSON с log.entries; иначе cURL).
+function parseAuthInput(text) {
+    const s = String(text || '').trim();
+    if (!s) return { error: 'Пустой ввод' };
+    if (s[0] === '{' || s[0] === '[') {
+        // готовый JSON {token,cookie,...} (например, из расширения-экспортёра)
+        try {
+            const o = JSON.parse(s);
+            if (o && typeof o === 'object' && o.token && o.cookie) {
+                return { token: String(o.token), cookie: String(o.cookie), hif_dliq: o.hif_dliq || '', hif_leim: o.hif_leim || '', wasmUrl: o.wasmUrl || '' };
+            }
+        } catch { /* не JSON-объект — пробуем HAR ниже */ }
+        const r = parseHar(s);
+        if (!r.error) return r; // это был HAR
+    }
+    if (/\bcurl\b|--header|(^|\s)-H\s/i.test(s)) return parseCurl(s);
+    // последняя попытка — вдруг HAR без явного префикса
+    return parseHar(s);
+}
+
+// Валидация + проставление wasmUrl (из ввода → из прошлого аккаунта → дефолт).
+function finalizeAuth(parsed, prevWasmUrl) {
+    if (!parsed || parsed.error) return parsed || { error: 'Пусто' };
+    const missing = [];
+    if (!parsed.token) missing.push('token (authorization: Bearer)');
+    if (!parsed.cookie) missing.push('cookie');
+    if (missing.length) return { error: 'Не найдено: ' + missing.join(', ') };
+    return {
+        token: parsed.token,
+        hif_dliq: parsed.hif_dliq || '',
+        hif_leim: parsed.hif_leim || '',
+        cookie: parsed.cookie,
+        wasmUrl: parsed.wasmUrl || prevWasmUrl || WASM_DEFAULT,
+    };
+}
+
+module.exports = { parseCurl, parseHar, parseAuthInput, finalizeAuth, WASM_DEFAULT };
diff --git a/public/dashboard.html b/public/dashboard.html
new file mode 100644
index 0000000..8725ae3
--- /dev/null
+++ b/public/dashboard.html
@@ -0,0 +1,468 @@
+<!DOCTYPE html>
+<html lang="ru">
+<head>
+<meta charset="UTF-8">
+<meta name="viewport" content="width=device-width, initial-scale=1.0">
+<title>FreeDeepseekAPI — Дашборд</title>
+<link rel="icon" href="data:image/svg+xml,%3Csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 24 24' fill='none' stroke='%234d6bfe' stroke-width='2' stroke-linecap='round'%3E%3Cpath d='M3 8c3-3.5 6-3.5 9 0s6 3.5 9 0'/%3E%3Cpath d='M3 13c3-3.5 6-3.5 9 0s6 3.5 9 0'/%3E%3Cpath d='M3 18c3-3.5 6-3.5 9 0s6 3.5 9 0'/%3E%3C/svg%3E">
+<script src="https://cdn.jsdelivr.net/npm/marked@12.0.2/marked.min.js" integrity="sha384-/TQbtLCAerC3jgaim+N78RZSDYV7ryeoBCVqTuzRrFec2akfBkHS7ACQ3PQhvMVi" crossorigin="anonymous" defer></script>
+<script src="https://cdn.jsdelivr.net/npm/dompurify@3.1.7/dist/purify.min.js" integrity="sha384-XQqX/4yiUGu+oyr87jvWzRuqBUK/adrY0DunhL+tID9m/9dwSpV8h9Fk/Sg6ifVQ" crossorigin="anonymous" defer></script>
+<style>
+  :root{
+    --bg:#0d1117; --bg2:#010409; --card:#161b22; --card2:#1c2230; --elev:#21262d;
+    --border:#2a2f37; --border2:#3d444d;
+    --text:#e6edf3; --muted:#9198a1; --faint:#6e7681;
+    --accent:#4d6bfe; --accent-press:#3b54d4; --accent-deep:#2d3fa0;
+    --ok:#3fb950; --warn:#d29922; --err:#f85149;
+    --mono:ui-monospace,SFMono-Regular,Consolas,monospace;
+    --s1:4px; --s2:8px; --s3:12px; --s4:16px; --s5:22px; --s6:30px;
+    --r:8px; --r2:12px;
+    --fs-xs:12px; --fs-sm:13px; --fs-md:14px; --fs-lg:16px; --fs-xl:20px; --fs-hero:28px;
+    --shadow:0 1px 2px rgba(0,0,0,.3);
+  }
+  *{box-sizing:border-box}
+  html{scrollbar-color:var(--border2) transparent}
+  body{margin:0;background:var(--bg);color:var(--text);font-family:-apple-system,Segoe UI,Roboto,Helvetica,Arial,sans-serif;line-height:1.5;font-size:var(--fs-sm)}
+  .wrap{max-width:1080px;margin:0 auto;padding:var(--s4) var(--s5) var(--s6)}
+  a{color:var(--accent);text-decoration:none}
+  svg.ic{width:1em;height:1em;fill:none;stroke:currentColor;stroke-width:1.9;stroke-linecap:round;stroke-linejoin:round;flex-shrink:0}
+
+  header{position:sticky;top:0;z-index:20;background:rgba(13,17,23,.85);backdrop-filter:blur(10px);
+    display:flex;align-items:center;justify-content:space-between;gap:var(--s4);flex-wrap:wrap;padding:var(--s3) 0;border-bottom:1px solid var(--border)}
+  h1{font-size:var(--fs-xl);margin:0;display:flex;align-items:center;gap:var(--s2);font-weight:700;letter-spacing:-.01em}
+  h1 .logo{width:24px;height:24px;color:var(--accent)}
+  .status-pill{display:inline-flex;align-items:center;gap:var(--s2);padding:6px 13px;border-radius:6px;border:1px solid var(--border);background:var(--card);font-size:var(--fs-sm);font-weight:600}
+  .dot{width:8px;height:8px;border-radius:50%;background:var(--faint)}
+  .dot.on{background:var(--ok);box-shadow:0 0 0 3px rgba(63,185,80,.16)}
+  .dot.off{background:var(--err);box-shadow:0 0 0 3px rgba(248,81,73,.16)}
+
+  .tabs{display:flex;gap:2px;overflow-x:auto;margin:var(--s4) 0 var(--s5);border-bottom:1px solid var(--border)}
+  .tab{font-family:inherit;cursor:pointer;background:none;border:none;border-bottom:2px solid transparent;color:var(--muted);
+    padding:10px 15px;font-size:var(--fs-md);font-weight:600;white-space:nowrap;display:inline-flex;align-items:center;gap:7px;transition:color .15s,border-color .15s}
+  .tab svg.ic{font-size:16px}
+  .tab:hover{color:var(--text)}
+  .tab[aria-selected="true"]{color:var(--text);border-bottom-color:var(--accent)}
+  .panel{display:none}
+  .panel.active{display:block;animation:fade .18s ease}
+  @keyframes fade{from{opacity:0}to{opacity:1}}
+
+  .grid{display:grid;grid-template-columns:1fr 1fr;gap:var(--s4)}
+  @media(max-width:760px){.grid{grid-template-columns:1fr}}
+  .card{background:var(--card);border:1px solid var(--border);border-radius:var(--r2);padding:var(--s5);box-shadow:var(--shadow)}
+  .full{grid-column:1/-1}
+  .card h2{font-size:var(--fs-md);color:var(--text);margin:0 0 var(--s4);display:flex;align-items:center;gap:var(--s2);font-weight:600}
+  .card h2 svg.ic{font-size:17px;color:var(--accent)}
+  .card h2 .spacer{flex:1}
+
+  .kpis{display:grid;grid-template-columns:repeat(3,1fr);gap:var(--s3);margin-bottom:var(--s4)}
+  @media(max-width:760px){.kpis{grid-template-columns:1fr}}
+  .kpi{background:var(--card);border:1px solid var(--border);border-radius:var(--r2);padding:var(--s4);box-shadow:var(--shadow)}
+  .kpi .num{font-size:var(--fs-hero);font-weight:700;letter-spacing:-.02em;line-height:1.1}
+  .kpi .lbl{color:var(--muted);font-size:var(--fs-xs);margin-top:2px;display:flex;align-items:center;gap:6px}
+  .kpi .num.ok{color:var(--ok)} .kpi .num.warn{color:var(--warn)} .kpi .num.err{color:var(--err)}
+
+  .row{display:flex;align-items:center;gap:var(--s2);margin-bottom:var(--s2)}
+  .row:last-child{margin-bottom:0}
+  label.k{width:92px;color:var(--muted);font-size:var(--fs-sm);flex-shrink:0}
+  .val{flex:1;font-family:var(--mono);font-size:var(--fs-sm);background:var(--elev);border:1px solid var(--border2);border-radius:6px;padding:8px 10px;overflow:auto;white-space:nowrap;color:var(--text)}
+
+  button{font-family:inherit;cursor:pointer;border-radius:6px;border:1px solid var(--border2);background:var(--elev);color:var(--text);padding:8px 12px;font-size:var(--fs-sm);font-weight:500;display:inline-flex;align-items:center;gap:6px;transition:background .15s,border-color .15s,color .15s}
+  button:hover{border-color:var(--accent);color:var(--accent)}
+  button:active{transform:translateY(1px)}
+  button:disabled{opacity:.4;cursor:default;transform:none}
+  button.primary{background:var(--accent-press);border-color:var(--accent-deep);color:#fff;font-weight:600}
+  button.primary:hover{background:var(--accent);color:#fff}
+  button.sm{padding:5px 9px;font-size:var(--fs-xs)}
+  button svg.ic{font-size:15px}
+  button.toggle.on{background:rgba(77,107,254,.16);border-color:var(--accent);color:var(--accent)}
+  :focus-visible{outline:2px solid var(--accent);outline-offset:2px;border-radius:4px}
+  .tab:focus-visible{outline:2px solid var(--accent);outline-offset:-3px;border-radius:0}
+
+  .hint{color:var(--muted);font-size:var(--fs-xs);margin-top:var(--s3);line-height:1.55}
+  .hint code{font-family:var(--mono);background:var(--bg2);padding:1px 5px;border-radius:4px;color:var(--accent)}
+  .onboard{background:rgba(77,107,254,.07);border:1px solid var(--accent-deep);border-radius:var(--r);padding:var(--s4);margin-bottom:var(--s3);line-height:1.6}
+  .onboard b{color:var(--text)}
+
+  textarea,input[type=text]{width:100%;font-family:inherit;font-size:var(--fs-md);background:var(--elev);border:1px solid var(--border2);border-radius:6px;padding:9px 11px;color:var(--text);resize:vertical}
+  textarea:focus,input:focus{outline:none;border-color:var(--accent);box-shadow:0 0 0 3px rgba(77,107,254,.16)}
+  select{font-family:inherit;font-size:var(--fs-sm);background:var(--elev);border:1px solid var(--border2);border-radius:6px;padding:8px 10px;color:var(--text);cursor:pointer}
+
+  .models{display:grid;grid-template-columns:repeat(auto-fill,minmax(190px,1fr));gap:6px;max-height:280px;overflow:auto;padding-right:4px}
+  .chip{font-family:var(--mono);font-size:var(--fs-xs);background:var(--card2);border:1px solid var(--border);border-radius:6px;padding:7px 10px;cursor:pointer;transition:.12s;display:flex;align-items:center;gap:6px;color:var(--text)}
+  .chip:hover{border-color:var(--accent)}
+
+  /* аккаунты — прямые полосы статуса */
+  .spacer{flex:1}
+  .acc{display:flex;align-items:center;gap:var(--s3);padding:10px 12px;background:var(--card2);border:1px solid var(--border);border-left:3px solid var(--faint);border-radius:0 var(--r) var(--r) 0;margin-bottom:6px;flex-wrap:wrap}
+  .acc.OK{border-left-color:var(--ok)} .acc.WAIT{border-left-color:var(--warn)}
+  .acc.INVALID,.acc.EXPIRED,.acc.ERROR{border-left-color:var(--err)}
+  .acc .id{font-weight:600;font-size:var(--fs-sm)} .acc .meta{color:var(--muted);font-size:var(--fs-xs);font-family:var(--mono)}
+  .badge{font-size:var(--fs-xs);font-weight:700;padding:3px 9px;border-radius:4px;display:inline-flex;align-items:center;gap:5px}
+  .badge::before{content:"";width:6px;height:6px;border-radius:50%;background:currentColor}
+  .badge.OK{background:rgba(63,185,80,.16);color:#56d364} .badge.WAIT{background:rgba(210,153,34,.18);color:#e3b341}
+  .badge.INVALID,.badge.EXPIRED,.badge.ERROR{background:rgba(248,81,73,.2);color:#ff7b72} .badge.checking{background:rgba(77,107,254,.16);color:var(--accent)}
+  .import-box{margin-top:var(--s4);border-top:1px solid var(--border);padding-top:var(--s4)}
+  .chip .id{overflow:hidden;text-overflow:ellipsis;white-space:nowrap;flex:1}
+  .chip .caps{display:flex;gap:3px;flex-shrink:0}
+  .cap{font-size:9px;font-weight:700;padding:1px 4px;border-radius:3px;letter-spacing:.02em}
+  .cap.r{background:rgba(210,153,34,.2);color:#e3b341}
+  .cap.s{background:rgba(63,185,80,.18);color:#56d364}
+
+  /* chat */
+  .chatbox{display:flex;flex-direction:column;height:66vh;min-height:440px}
+  .msgs{flex:1;overflow-y:auto;display:flex;flex-direction:column;gap:var(--s3);padding:var(--s1) var(--s1) var(--s3)}
+  .bubble{max-width:84%;padding:9px 13px;border-radius:12px;font-size:var(--fs-md);word-break:break-word}
+  .bubble.user{align-self:flex-end;background:var(--accent-press);color:#fff;border-bottom-right-radius:3px;white-space:pre-wrap}
+  .bubble.assistant{align-self:flex-start;background:var(--elev);border:1px solid var(--border);border-bottom-left-radius:3px;width:fit-content;max-width:84%}
+  .bubble.assistant.plain .body{white-space:pre-wrap}
+  .bubble.err{border-color:var(--err);color:#ff7b72;white-space:pre-wrap}
+  .bubble .role{font-size:10px;text-transform:uppercase;letter-spacing:.06em;opacity:.65;margin-bottom:4px;font-weight:700}
+  .bubble.streaming .body::after{content:"▍";animation:blink 1s steps(2) infinite;color:var(--accent)}
+  @keyframes blink{50%{opacity:0}}
+  /* панель размышлений */
+  .think{margin-bottom:8px;border:1px solid var(--border);border-radius:8px;background:var(--bg2);overflow:hidden}
+  .think summary{cursor:pointer;padding:6px 10px;color:var(--muted);font-weight:600;font-size:var(--fs-xs);display:flex;align-items:center;gap:6px;user-select:none;list-style:none}
+  .think summary::-webkit-details-marker{display:none}
+  .think summary svg.ic{font-size:14px;color:var(--warn)}
+  .think[open] summary{border-bottom:1px solid var(--border)}
+  .think .think-body{padding:8px 10px;color:var(--muted);white-space:pre-wrap;font-size:var(--fs-sm);max-height:280px;overflow:auto}
+  /* markdown */
+  .md>*:first-child{margin-top:0}.md>*:last-child{margin-bottom:0}
+  .md p{margin:.5em 0}.md ul,.md ol{margin:.5em 0;padding-left:1.4em}.md li{margin:.2em 0}
+  .md code{font-family:var(--mono);font-size:.9em;background:var(--bg2);padding:1px 5px;border-radius:4px}
+  .md pre{background:var(--bg2);border:1px solid var(--border);border-radius:8px;padding:10px 12px;overflow:auto;margin:.6em 0}
+  .md pre code{background:none;padding:0}
+  .md a{color:var(--accent);text-decoration:underline}
+  .md blockquote{border-left:3px solid var(--border2);margin:.5em 0;padding:.1em 0 .1em 12px;color:var(--muted)}
+  .md table{border-collapse:collapse;margin:.6em 0}.md th,.md td{border:1px solid var(--border);padding:5px 9px}
+  .md h1,.md h2,.md h3{margin:.7em 0 .3em;line-height:1.25}
+
+  .chat-ctrl{display:flex;gap:var(--s2);flex-wrap:wrap;align-items:center}
+  .chat-input{display:flex;gap:var(--s2);margin-top:var(--s3);align-items:flex-end}
+  .chat-input textarea{min-height:48px;max-height:170px;font-size:16px}
+  .empty{color:var(--muted);font-size:var(--fs-sm);text-align:center;margin:auto;padding:var(--s6);max-width:440px}
+  .empty svg.ic{font-size:28px;color:var(--faint);display:block;margin:0 auto var(--s3)}
+  .spinner{width:16px;height:16px;border:2px solid var(--border2);border-top-color:var(--accent);border-radius:50%;display:inline-block;animation:spin .7s linear infinite;vertical-align:middle}
+  @keyframes spin{to{transform:rotate(360deg)}}
+
+  .toast{position:fixed;bottom:22px;left:50%;transform:translateX(-50%) translateY(8px);background:var(--elev);border:1px solid var(--border2);color:var(--text);font-weight:600;padding:11px 18px;border-radius:8px;opacity:0;transition:.25s;pointer-events:none;font-size:var(--fs-sm);z-index:50;box-shadow:0 6px 22px rgba(0,0,0,.4);display:flex;align-items:center;gap:8px}
+  .toast.show{opacity:1;transform:translateX(-50%) translateY(0)}
+  .toast.ok{border-color:var(--ok)} .toast.ok svg{color:var(--ok)}
+  .toast.err{border-color:var(--err)} .toast.err svg{color:var(--err)}
+  .err-text{color:#ff7b72}
+  footer{margin-top:var(--s6);text-align:center;color:var(--faint);font-size:var(--fs-xs)}
+  @media(prefers-reduced-motion:reduce){*{animation:none!important;transition:none!important}}
+</style>
+</head>
+<body>
+<svg width="0" height="0" style="position:absolute" aria-hidden="true">
+  <symbol id="i-logo" viewBox="0 0 24 24"><path d="M3 8c3-3.5 6-3.5 9 0s6 3.5 9 0"/><path d="M3 13c3-3.5 6-3.5 9 0s6 3.5 9 0"/><path d="M3 18c3-3.5 6-3.5 9 0s6 3.5 9 0"/></symbol>
+  <symbol id="i-chat" viewBox="0 0 24 24"><path d="M21 12a8 8 0 0 1-11.5 7.2L4 21l1.8-5.5A8 8 0 1 1 21 12Z"/></symbol>
+  <symbol id="i-overview" viewBox="0 0 24 24"><rect x="3" y="3" width="7" height="7" rx="1.5"/><rect x="14" y="3" width="7" height="7" rx="1.5"/><rect x="3" y="14" width="7" height="7" rx="1.5"/><rect x="14" y="14" width="7" height="7" rx="1.5"/></symbol>
+  <symbol id="i-plug" viewBox="0 0 24 24"><path d="M9 2v6M15 2v6"/><path d="M7 8h10v3a5 5 0 0 1-10 0Z"/><path d="M12 16v6"/></symbol>
+  <symbol id="i-copy" viewBox="0 0 24 24"><rect x="9" y="9" width="12" height="12" rx="2"/><path d="M5 15V5a2 2 0 0 1 2-2h10"/></symbol>
+  <symbol id="i-check" viewBox="0 0 24 24"><path d="m20 6-11 11-5-5"/></symbol>
+  <symbol id="i-trash" viewBox="0 0 24 24"><path d="M3 6h18M8 6V4a1 1 0 0 1 1-1h6a1 1 0 0 1 1 1v2m2 0v14a2 2 0 0 1-2 2H7a2 2 0 0 1-2-2V6"/></symbol>
+  <symbol id="i-send" viewBox="0 0 24 24"><path d="M22 2 11 13M22 2l-7 20-4-9-9-4Z"/></symbol>
+  <symbol id="i-refresh" viewBox="0 0 24 24"><path d="M21 12a9 9 0 1 1-3-6.7"/><path d="M21 3v5h-5"/></symbol>
+  <symbol id="i-warn" viewBox="0 0 24 24"><path d="M12 9v4m0 4h.01M10.3 3.9 1.8 18a2 2 0 0 0 1.7 3h17a2 2 0 0 0 1.7-3L13.7 3.9a2 2 0 0 0-3.4 0Z"/></symbol>
+  <symbol id="i-bulb" viewBox="0 0 24 24"><path d="M9 18h6M10 22h4M12 2a7 7 0 0 0-4 12.7V17h8v-2.3A7 7 0 0 0 12 2Z"/></symbol>
+  <symbol id="i-search" viewBox="0 0 24 24"><circle cx="11" cy="11" r="7"/><path d="m21 21-4.3-4.3"/></symbol>
+  <symbol id="i-key" viewBox="0 0 24 24"><circle cx="8" cy="8" r="5"/><path d="m11.5 11.5 8.5 8.5M16 16l3-3M18 18l2-2"/></symbol>
+  <symbol id="i-accounts" viewBox="0 0 24 24"><circle cx="12" cy="8" r="4"/><path d="M4 21c0-4 4-6 8-6s8 2 8 6"/></symbol>
+  <symbol id="i-check" viewBox="0 0 24 24"><path d="m20 6-11 11-5-5"/></symbol>
+</svg>
+
+<div class="wrap">
+  <header>
+    <h1><svg class="ic logo"><use href="#i-logo"/></svg> FreeDeepseekAPI</h1>
+    <span class="status-pill"><span class="dot" id="statusDot"></span><span id="statusText" role="status" aria-live="polite">проверка…</span></span>
+  </header>
+
+  <nav class="tabs" role="tablist" aria-label="Разделы">
+    <button class="tab" role="tab" aria-selected="true" aria-controls="tab-chat" id="t-chat" data-tab="chat"><svg class="ic"><use href="#i-chat"/></svg>Чат</button>
+    <button class="tab" role="tab" aria-selected="false" aria-controls="tab-accounts" id="t-accounts" data-tab="accounts" tabindex="-1"><svg class="ic"><use href="#i-accounts"/></svg>Аккаунты</button>
+    <button class="tab" role="tab" aria-selected="false" aria-controls="tab-overview" id="t-overview" data-tab="overview" tabindex="-1"><svg class="ic"><use href="#i-overview"/></svg>Обзор</button>
+  </nav>
+
+  <!-- ЧАТ -->
+  <section id="tab-chat" class="panel active" role="tabpanel" aria-labelledby="t-chat">
+    <div class="card full chatbox">
+      <h2><svg class="ic"><use href="#i-chat"/></svg>Плейграунд чата <span class="spacer"></span>
+        <div class="chat-ctrl">
+          <select id="chatModel" aria-label="Модель">
+            <option value="deepseek-chat">deepseek-chat</option>
+            <option value="deepseek-reasoner">deepseek-reasoner</option>
+            <option value="deepseek-expert">deepseek-expert</option>
+            <option value="deepseek-v4-pro">deepseek-v4-pro</option>
+          </select>
+          <button class="sm" id="clearChat" title="Очистить"><svg class="ic"><use href="#i-trash"/></svg></button>
+        </div>
+      </h2>
+      <div class="msgs" id="msgs" role="log" aria-live="polite" aria-label="История чата"></div>
+      <div class="chat-input">
+        <textarea id="chatInput" aria-label="Сообщение" placeholder="Сообщение… (Enter — отправить, Shift+Enter — перенос)"></textarea>
+        <button class="primary" id="sendChat"><svg class="ic"><use href="#i-send"/></svg>Отправить</button>
+      </div>
+    </div>
+  </section>
+
+  <!-- АККАУНТЫ -->
+  <section id="tab-accounts" class="panel" role="tabpanel" aria-labelledby="t-accounts">
+    <div class="card full">
+      <h2><svg class="ic"><use href="#i-accounts"/></svg>Аккаунты DeepSeek <span class="spacer"></span>
+        <button class="sm" id="checkAllAcc"><svg class="ic"><use href="#i-check"/></svg>проверить все</button></h2>
+      <div id="accList"><span class="hint">загрузка…</span></div>
+      <div class="import-box">
+        <div class="hint" style="margin-bottom:6px">Добавить аккаунт: в браузере (где вошли в DeepSeek) F12 → Network → отправьте сообщение → правый клик на запросе к <code>chat.deepseek.com/api/...</code> → <b>Copy as cURL</b> (или <b>Save All As HAR</b>) → вставьте сюда.</div>
+        <textarea id="importText" aria-label="cURL или HAR" placeholder="Вставьте сюда cURL или содержимое HAR-файла…" style="min-height:72px;font-family:var(--mono);font-size:var(--fs-xs)"></textarea>
+        <div class="row" style="margin-top:var(--s2)"><button class="primary" id="importBtn"><svg class="ic"><use href="#i-key"/></svg>Импортировать аккаунт</button></div>
+      </div>
+    </div>
+  </section>
+
+  <!-- ОБЗОР -->
+  <section id="tab-overview" class="panel" role="tabpanel" aria-labelledby="t-overview">
+    <div class="kpis">
+      <div class="kpi"><div class="num" id="kpiStatus">—</div><div class="lbl"><svg class="ic"><use href="#i-refresh"/></svg>статус</div></div>
+      <div class="kpi"><div class="num" id="kpiModels">—</div><div class="lbl"><svg class="ic"><use href="#i-overview"/></svg>моделей</div></div>
+      <div class="kpi"><div class="num" id="kpiAuth">—</div><div class="lbl"><svg class="ic"><use href="#i-accounts"/></svg>аккаунтов онлайн</div></div>
+    </div>
+    <div class="grid">
+      <div class="card">
+        <h2><svg class="ic"><use href="#i-plug"/></svg>Как подключить</h2>
+        <div class="row"><label class="k">Base URL</label><div class="val" id="baseUrl">—</div><button class="sm" data-copy="baseUrl" aria-label="Копировать"><svg class="ic"><use href="#i-copy"/></svg></button></div>
+        <div class="row"><label class="k">API Key</label><div class="val">любой непустой (<b>sk-deepseek</b>)</div><button class="sm" data-copy-text="sk-deepseek" aria-label="Копировать"><svg class="ic"><use href="#i-copy"/></svg></button></div>
+        <div class="row"><label class="k">Модель</label><div class="val">deepseek-chat</div><button class="sm" data-copy-text="deepseek-chat" aria-label="Копировать"><svg class="ic"><use href="#i-copy"/></svg></button></div>
+        <div class="row" style="margin-top:var(--s3)">
+          <button class="sm" id="copyCurl"><svg class="ic"><use href="#i-copy"/></svg>cURL</button>
+          <button class="sm" id="copyPy"><svg class="ic"><use href="#i-copy"/></svg>Python</button>
+        </div>
+        <div class="hint">OpenAI-совместимо. Также есть Anthropic-шим <code>/v1/messages</code> и Responses <code>/v1/responses</code>.</div>
+      </div>
+      <div class="card">
+        <h2><svg class="ic"><use href="#i-key"/></svg>Авторизация DeepSeek</h2>
+        <div id="authBox"><span class="hint">загрузка…</span></div>
+        <div class="hint" style="margin-top:var(--s4)">Обновить логин: запустите <code>Авторизация DeepSeek.bat</code>, войдите в DeepSeek в открывшемся окне, отправьте <code>ok</code> и нажмите Enter в терминале.</div>
+      </div>
+      <div class="card full">
+        <h2><svg class="ic"><use href="#i-overview"/></svg>Модели (<span id="modelCount">0</span>) <span class="spacer"></span>
+          <span class="hint" style="margin:0"><span class="cap r">R</span> reasoning · <span class="cap s">S</span> web-поиск · клик копирует</span></h2>
+        <div class="models" id="modelList"><span class="hint">загрузка…</span></div>
+      </div>
+    </div>
+  </section>
+
+  <footer>FreeDeepseekAPI · дашборд · <a href="https://t.me/forgetmeai" target="_blank" rel="noopener noreferrer">t.me/forgetmeai</a></footer>
+</div>
+<div class="toast" id="toast" role="status" aria-live="polite"></div>
+
+<script>
+const $ = s => document.querySelector(s);
+const origin = location.origin;
+const esc = s => String(s).replace(/[&<>"]/g, c => ({'&':'&amp;','<':'&lt;','>':'&gt;','"':'&quot;'}[c]));
+const icon = id => `<svg class="ic"><use href="#${id}"/></svg>`;
+function toast(m, kind){ const t=$('#toast'); t.innerHTML=(kind==='err'?icon('i-warn'):kind==='ok'?icon('i-check'):'')+'<span>'+esc(m)+'</span>'; t.className='toast show'+(kind?' '+kind:''); clearTimeout(toast._t); toast._t=setTimeout(()=>t.className='toast',1900); }
+async function copyText(t){
+  try{ if(navigator.clipboard && isSecureContext){ await navigator.clipboard.writeText(t); return toast('Скопировано','ok'); } throw 0; }
+  catch{ try{ const a=document.createElement('textarea'); a.value=t; a.style.position='fixed'; a.style.opacity='0'; document.body.appendChild(a); a.select(); document.execCommand('copy'); a.remove(); toast('Скопировано','ok'); }catch{ toast('Не удалось скопировать','err'); } }
+}
+function mdRender(text){ try{ if(window.marked&&window.DOMPurify){ const html=window.marked.parse(text,{breaks:true}); return window.DOMPurify.sanitize(html,{ADD_ATTR:['target']}); } }catch{} return null; }
+// стабильный agent-id для серверной сессии DeepSeek (многоходовость)
+const AGENT_ID = (()=>{ let v=localStorage.getItem('ds_agent'); if(!v){ v='dash-'+Math.abs(Date.now()^(performance.now()*1000|0)).toString(36); localStorage.setItem('ds_agent',v); } return v; })();
+
+const apiBase = origin+'/v1';
+$('#baseUrl').textContent = apiBase;
+
+// ── Вкладки ──────────────────────────────────────────────────────────────
+const TABS=['chat','accounts','overview'];
+const inited={};
+function showTab(name){
+  if(!TABS.includes(name)) name='chat';
+  document.querySelectorAll('.tab').forEach(t=>{ const on=t.dataset.tab===name; t.setAttribute('aria-selected',on); t.tabIndex=on?0:-1; });
+  document.querySelectorAll('.panel').forEach(p=>p.classList.toggle('active', p.id==='tab-'+name));
+  if(location.hash.slice(1)!==name) history.replaceState(null,'','#'+name);
+  if(!inited[name]){ inited[name]=true; lazyInit(name); }
+}
+function lazyInit(name){ if(name==='overview'){ loadModels(); loadAuth(); } else if(name==='accounts'){ loadAccountsList(); } }
+document.querySelectorAll('.tab').forEach(t=> t.onclick=()=>showTab(t.dataset.tab));
+$('.tabs').addEventListener('keydown', e=>{
+  const i=TABS.indexOf(document.activeElement.dataset?.tab); if(i<0) return;
+  let j=null;
+  if(e.key==='ArrowRight') j=(i+1)%TABS.length; else if(e.key==='ArrowLeft') j=(i-1+TABS.length)%TABS.length;
+  else if(e.key==='Home') j=0; else if(e.key==='End') j=TABS.length-1;
+  if(j!==null){ e.preventDefault(); document.getElementById('t-'+TABS[j]).focus(); showTab(TABS[j]); }
+});
+window.addEventListener('hashchange', ()=>showTab((location.hash||'#chat').slice(1)));
+
+document.addEventListener('click', e=>{
+  const b=e.target.closest('[data-copy],[data-copy-text]'); if(!b) return;
+  if(b.dataset.copyText!==undefined) return copyText(b.dataset.copyText);
+  if(b.dataset.copy) return copyText($('#'+b.dataset.copy).textContent.trim());
+});
+$('#copyCurl').onclick=()=>copyText(`curl ${apiBase}/chat/completions \\\n  -H "Authorization: Bearer sk-deepseek" \\\n  -H "Content-Type: application/json" \\\n  -d '{"model":"deepseek-chat","messages":[{"role":"user","content":"Привет"}]}'`);
+$('#copyPy').onclick=()=>copyText(`from openai import OpenAI\nclient = OpenAI(base_url="${apiBase}", api_key="sk-deepseek")\nr = client.chat.completions.create(model="deepseek-chat",\n    messages=[{"role":"user","content":"Привет"}])\nprint(r.choices[0].message.content)`);
+
+// ── Статус / KPI / авторизация ───────────────────────────────────────────
+let healthCache=null;
+async function loadHealth(){
+  try{
+    const j=await (await fetch(origin+'/health')).json(); healthCache=j;
+    const n=(j.models||[]).length;
+    const ac=j.accounts||{};
+    $('#statusDot').className='dot on';
+    $('#statusText').textContent='онлайн · '+n+' моделей · '+(ac.online??0)+'/'+(ac.total??0)+' акк.';
+    $('#kpiStatus').textContent='Онлайн'; $('#kpiStatus').className='num ok';
+    $('#kpiModels').textContent=n;
+    $('#kpiAuth').textContent=(ac.online??0)+' / '+(ac.total??0); $('#kpiAuth').className='num'+(ac.online?' ok':' err');
+  }catch{ $('#statusDot').className='dot off'; $('#statusText').textContent='офлайн'; $('#kpiStatus').textContent='Офлайн'; $('#kpiStatus').className='num err'; $('#kpiAuth').textContent='—'; }
+}
+function fmtExp(ms){ if(!ms) return ''; const d=Math.round((ms-Date.now())/864e5); return 'до '+new Date(ms).toISOString().slice(0,10)+(d>=0?' ('+d+' дн)':' (истёк)'); }
+async function loadAuth(){
+  const box=$('#authBox');
+  try{
+    const j=await (await fetch(origin+'/api/auth-status')).json();
+    if(!j.config_ready){ box.innerHTML='<div class="onboard">Авторизация не настроена. Запустите <b>Авторизация DeepSeek.bat</b> и войдите в свой аккаунт DeepSeek.</div>'; return; }
+    const exp=j.token_exp?('<div class="row"><label class="k">Срок токена</label><div class="val">'+esc(fmtExp(j.token_exp))+'</div></div>'):'';
+    box.innerHTML=`<div class="row"><label class="k">Токен</label><div class="val">${j.has_token?'есть ✓':'нет'}</div></div>
+      <div class="row"><label class="k">Cookie</label><div class="val">${j.has_cookie?'есть ✓':'нет'}</div></div>
+      <div class="row"><label class="k">hif-заголовки</label><div class="val">${j.has_hif?'есть ✓':'опционально'}</div></div>${exp}`;
+  }catch{ box.innerHTML='<div class="hint err-text">Не удалось получить статус авторизации</div>'; }
+}
+// ── Аккаунты ───────────────────────────────────────────────────────────────
+const accStLabel=s=>({OK:'активен',WAIT:'лимит',INVALID:'невалиден',EXPIRED:'истёк',ERROR:'ошибка'})[s]||s;
+function fmtResetAt(iso){ try{ return new Date(iso).toLocaleString('ru-RU',{day:'2-digit',month:'2-digit',hour:'2-digit',minute:'2-digit'}); }catch{ return ''; } }
+async function loadAccountsList(){
+  const list=$('#accList');
+  try{
+    const j=await (await fetch(origin+'/api/accounts')).json();
+    if(!j.accounts||!j.accounts.length){ list.innerHTML='<div class="onboard">Пока нет аккаунтов. Добавьте первый через импорт ниже.</div>'; return; }
+    list.innerHTML=j.accounts.map(a=>{
+      const meta=a.resetAt?('лимит до '+fmtResetAt(a.resetAt)):(a.exp?fmtExp(a.exp):'');
+      return `<div class="acc ${esc(a.status)}"><span class="id">${esc(a.id)}</span><span class="badge ${esc(a.status)}">${accStLabel(a.status)}</span><span class="meta">…${esc(a.preview||'')}</span><span class="meta">${esc(meta)}</span><span class="spacer"></span>
+        <button class="sm" data-check="${esc(a.id)}" aria-label="Проверить ${esc(a.id)}">${icon('i-check')}проверить</button>
+        <button class="sm" data-del="${esc(a.id)}" aria-label="Удалить ${esc(a.id)}">${icon('i-trash')}</button></div>`;
+    }).join('');
+  }catch{ list.innerHTML='<div class="hint err-text">Не удалось загрузить аккаунты</div>'; }
+}
+$('#checkAllAcc').onclick=async()=>{
+  const b=$('#checkAllAcc'); b.disabled=true;
+  try{ const j=await (await fetch(origin+'/api/accounts')).json();
+    for(const a of (j.accounts||[])){ try{ await fetch(origin+'/api/accounts/'+encodeURIComponent(a.id)+'/check',{method:'POST'}); }catch{} }
+    await loadAccountsList(); await loadHealth(); toast('Проверка завершена','ok');
+  }catch{ toast('Ошибка','err'); } b.disabled=false;
+};
+$('#importBtn').onclick=async()=>{
+  const text=$('#importText').value.trim(); if(!text) return toast('Вставьте cURL или HAR','err');
+  const b=$('#importBtn'); b.disabled=true;
+  try{ const j=await (await fetch(origin+'/api/accounts/import',{method:'POST',headers:{'Content-Type':'text/plain'},body:text})).json();
+    if(j.ok){ toast('Добавлен '+j.id,'ok'); $('#importText').value=''; loadAccountsList(); loadHealth(); } else toast(j.error||'Ошибка импорта','err');
+  }catch{ toast('Сеть недоступна','err'); } b.disabled=false;
+};
+document.addEventListener('click', async e=>{
+  const t=e.target.closest('button'); if(!t) return;
+  if(t.dataset.check){ const acc=t.closest('.acc'); const badge=acc&&acc.querySelector('.badge'); if(badge){ badge.className='badge checking'; badge.textContent='проверка'; } t.disabled=true;
+    try{ await fetch(origin+'/api/accounts/'+encodeURIComponent(t.dataset.check)+'/check',{method:'POST'}); }catch{} await loadAccountsList(); await loadHealth(); return; }
+  if(t.dataset.del){ if(!confirm('Удалить аккаунт '+t.dataset.del+'?')) return; t.disabled=true;
+    try{ await fetch(origin+'/api/accounts/'+encodeURIComponent(t.dataset.del),{method:'DELETE'}); toast('Удалён','ok'); }catch{ toast('Ошибка','err'); } loadAccountsList(); loadHealth(); return; }
+});
+setInterval(()=>{ if($('#tab-accounts').classList.contains('active')) loadAccountsList(); }, 20000);
+// ── Модели ─────────────────────────────────────────────────────────────────
+async function loadModels(){
+  const list=$('#modelList');
+  try{
+    const j=await (await fetch(apiBase+'/models')).json();
+    const data=j.data||[];
+    $('#modelCount').textContent=data.length;
+    list.innerHTML=data.map(m=>{
+      const c=m.capabilities||{};
+      const caps=(c.reasoning?'<span class="cap r" title="reasoning">R</span>':'')+(c.search?'<span class="cap s" title="web-поиск">S</span>':'');
+      return `<span class="chip" data-model="${esc(m.id)}" title="клик — копировать"><span class="id">${esc(m.id)}</span><span class="caps">${caps}</span></span>`;
+    }).join('')||'<span class="hint err-text">не удалось загрузить</span>';
+  }catch{ list.innerHTML='<span class="hint err-text">не удалось загрузить</span>'; }
+}
+document.addEventListener('click', e=>{ const c=e.target.closest('.chip[data-model]'); if(c) copyText(c.dataset.model); });
+
+// Модель берётся напрямую из селектора (#chatModel).
+// Веб-поиск (-search) сейчас отключён: DeepSeek Web стабильно отдаёт пустой ответ.
+
+// ── Чат (история + reasoning + markdown, через /v1/chat/completions) ──────────
+let chatHistory=[], chatBusy=false, chatAbort=null;
+function bubbleEl(m){
+  const d=document.createElement('div'); d.className='bubble '+m.role+(m.err?' err':'');
+  d.innerHTML='<div class="role">'+(m.role==='user'?'Вы':'AI')+'</div>';
+  if(m.role==='assistant' && m.reasoning){
+    const det=document.createElement('details'); det.className='think';
+    det.innerHTML='<summary>'+icon('i-bulb')+'Размышления</summary><div class="think-body"></div>';
+    det.querySelector('.think-body').textContent=m.reasoning;
+    d.appendChild(det); d._think=det;
+  }
+  const c=document.createElement('div'); c.className='body';
+  if(m.role==='assistant' && !m.err && m.done){ const html=mdRender(m.content); if(html){ c.className='body md'; c.innerHTML=html; } else { c.textContent=m.content; d.classList.add('plain'); } }
+  else { c.textContent=m.content; if(m.role!=='user') d.classList.add('plain'); }
+  d.appendChild(c); d._c=c; return d;
+}
+function renderChat(){
+  const box=$('#msgs');
+  if(!chatHistory.length){ box.innerHTML='<div class="empty">'+icon('i-chat')+'Начните диалог. Ответ — стримингом с markdown; у reasoner-моделей появится панель «Размышления».</div>'; return; }
+  box.innerHTML=''; chatHistory.forEach(m=>box.appendChild(bubbleEl(m))); box.scrollTop=box.scrollHeight;
+}
+function atBottom(){ const b=$('#msgs'); return b.scrollHeight-b.scrollTop-b.clientHeight<60; }
+function setBusy(b){ chatBusy=b; const btn=$('#sendChat'); btn.innerHTML=b?'Стоп':icon('i-send')+'Отправить'; btn.classList.toggle('danger',b); }
+function ensureThink(node, asst){
+  if(node._think) return node._think.querySelector('.think-body');
+  const det=document.createElement('details'); det.className='think'; det.open=true;
+  det.innerHTML='<summary>'+icon('i-bulb')+'Размышления</summary><div class="think-body"></div>';
+  node.insertBefore(det, node._c); node._think=det;
+  return det.querySelector('.think-body');
+}
+
+async function sendChat(){
+  if(chatBusy){ chatAbort?.abort(); return; }
+  const text=$('#chatInput').value.trim();
+  if(!text) return;
+  const userMsg={role:'user',content:text};
+  chatHistory.push(userMsg); $('#chatInput').value='';
+  const asst={role:'assistant',content:'',reasoning:''}; chatHistory.push(asst);
+  const box=$('#msgs'); if(chatHistory.length===2) box.innerHTML='';
+  box.appendChild(bubbleEl(userMsg));
+  const node=bubbleEl(asst); node.classList.add('streaming','plain'); box.appendChild(node); box.scrollTop=box.scrollHeight;
+  setBusy(true); chatAbort=new AbortController();
+
+  const msgs=chatHistory.slice(0,-1).map(m=>({role:m.role,content:m.content}));
+  try{
+    const r=await fetch(apiBase+'/chat/completions',{method:'POST',headers:{'Content-Type':'application/json','Authorization':'Bearer sk-deepseek'},signal:chatAbort.signal,
+      body:JSON.stringify({model:$('#chatModel').value,messages:msgs,stream:true,user:AGENT_ID})});
+    if(!r.ok||!r.body) throw new Error('HTTP '+r.status);
+    const reader=r.body.getReader(), dec=new TextDecoder(); let buf='';
+    while(true){
+      const {value,done}=await reader.read(); if(done) break;
+      buf+=dec.decode(value,{stream:true}); const lines=buf.split('\n'); buf=lines.pop()||'';
+      for(const line of lines){ const s=line.trim(); if(!s.startsWith('data:')) continue; const p=s.slice(5).trim(); if(p==='[DONE]'){ buf=''; break; }
+        try{ const delta=JSON.parse(p).choices?.[0]?.delta||{};
+          if(delta.reasoning_content){ asst.reasoning+=delta.reasoning_content; ensureThink(node,asst).textContent=asst.reasoning; if(atBottom()) box.scrollTop=box.scrollHeight; }
+          if(delta.content){ asst.content+=delta.content; node._c.textContent=asst.content; if(atBottom()) box.scrollTop=box.scrollHeight; }
+        }catch{} }
+    }
+    if(!asst.content && !asst.reasoning){ chatHistory.pop(); node.remove(); toast('Пустой ответ','err'); }
+    else { asst.done=true; if(node._think) node._think.open=false; const html=mdRender(asst.content); if(html){ node.classList.remove('plain'); node._c.className='body md'; node._c.innerHTML=html; } if(atBottom()) box.scrollTop=box.scrollHeight; }
+  }catch(e){
+    if(e.name==='AbortError'){ if(!asst.content&&!asst.reasoning){ chatHistory.pop(); node.remove(); } else asst.done=true; }
+    else { asst.content='⚠ '+e.message; node._c.textContent=asst.content; node.classList.add('err'); asst.err=true; }
+  }finally{ node.classList.remove('streaming'); setBusy(false); chatAbort=null; }
+}
+$('#sendChat').onclick=sendChat;
+$('#chatInput').addEventListener('keydown', e=>{ if(e.key==='Enter'&&!e.shiftKey){ e.preventDefault(); sendChat(); } });
+$('#clearChat').onclick=async()=>{
+  if(chatBusy) chatAbort?.abort();
+  chatHistory=[]; renderChat();
+  try{ await fetch(origin+'/reset-session?agent='+encodeURIComponent(AGENT_ID),{method:'POST'}); }catch{}
+};
+
+// ── Старт ──────────────────────────────────────────────────────────────────
+renderChat();
+showTab((location.hash||'#chat').slice(1)||'chat');
+loadHealth(); setInterval(loadHealth, 15000);
+</script>
+</body>
+</html>
diff --git a/scripts/auth_from_curl.js b/scripts/auth_from_curl.js
new file mode 100644
index 0000000..062eaec
--- /dev/null
+++ b/scripts/auth_from_curl.js
@@ -0,0 +1,55 @@
+#!/usr/bin/env node
+/*
+  Adds a DeepSeek account from "Copy as cURL" to the file-based pool by writing a
+  new auth file into the managed dir (data/accounts/account_<ts>.json). The server
+  picks it up on its next reload. Works with any browser logged in to chat.deepseek.com.
+
+  Usage:
+    node scripts/auth_from_curl.js < curl.txt
+    node scripts/auth_from_curl.js path/to/curl.txt
+    Get-Clipboard -Raw | node scripts/auth_from_curl.js   # from clipboard (PowerShell)
+
+  How to get cURL: chat.deepseek.com → F12 → Network → send a message →
+  right-click the /api/v0/... request → Copy → Copy as cURL.
+*/
+const fs = require('fs');
+const path = require('path');
+const { parseAuthInput, finalizeAuth, WASM_DEFAULT } = require('../lib/parseAuth');
+
+const MANAGED_AUTH_DIR = path.join(__dirname, '..', 'data', 'accounts');
+
+function readStdin() {
+    return new Promise(resolve => {
+        let s = '';
+        process.stdin.setEncoding('utf8');
+        process.stdin.on('data', d => s += d);
+        process.stdin.on('end', () => resolve(s));
+        if (process.stdin.isTTY) resolve('');
+    });
+}
+
+(async () => {
+    const arg = process.argv[2];
+    let input = (arg && fs.existsSync(arg)) ? fs.readFileSync(arg, 'utf8') : await readStdin();
+    input = String(input || '').trim();
+    if (!input) { console.error('Empty: pass cURL via stdin, a file argument, or the clipboard.'); process.exit(1); }
+
+    const parsed = finalizeAuth(parseAuthInput(input), WASM_DEFAULT);
+    if (parsed.error) {
+        console.error('Error: ' + parsed.error);
+        console.error('Copy exactly the chat.deepseek.com/api/... request via "Copy as cURL".');
+        process.exit(2);
+    }
+    const content = {
+        token: parsed.token,
+        cookie: parsed.cookie,
+        wasmUrl: parsed.wasmUrl || WASM_DEFAULT,
+        hif_dliq: parsed.hif_dliq || '',
+        hif_leim: parsed.hif_leim || '',
+    };
+    fs.mkdirSync(MANAGED_AUTH_DIR, { recursive: true });
+    const file = path.join(MANAGED_AUTH_DIR, `account_${Date.now()}.json`);
+    fs.writeFileSync(file, JSON.stringify(content, null, 2), { mode: 0o600 });
+    console.log('OK: account written to ' + file +
+        ' (token ' + parsed.token.length + ' chars, cookie ' + parsed.cookie.split(';').filter(Boolean).length + ' values)');
+})();
diff --git a/scripts/auth_from_har.js b/scripts/auth_from_har.js
new file mode 100644
index 0000000..a9ac706
--- /dev/null
+++ b/scripts/auth_from_har.js
@@ -0,0 +1,41 @@
+#!/usr/bin/env node
+/*
+  Adds a DeepSeek account from a HAR file to the file-based pool by writing a new
+  auth file into the managed dir (data/accounts/account_<ts>.json). The server picks
+  it up on its next reload. HAR = DevTools → Network → "Save all as HAR". Any browser.
+
+  Usage:
+    node scripts/auth_from_har.js "path/to/archive.har"
+
+  Picks the best chat.deepseek.com/api/... request with Authorization: Bearer.
+*/
+const fs = require('fs');
+const path = require('path');
+const { parseHar, finalizeAuth, WASM_DEFAULT } = require('../lib/parseAuth');
+
+const MANAGED_AUTH_DIR = path.join(__dirname, '..', 'data', 'accounts');
+
+const harPath = process.argv[2];
+if (!harPath || !fs.existsSync(harPath)) {
+    console.error('Provide a path to a .har: node scripts/auth_from_har.js "archive.har"');
+    process.exit(1);
+}
+
+const parsed = finalizeAuth(parseHar(fs.readFileSync(harPath, 'utf8')), WASM_DEFAULT);
+if (parsed.error) {
+    console.error('Error: ' + parsed.error);
+    console.error('Save the HAR while logged in and after sending a message in DeepSeek.');
+    process.exit(2);
+}
+const content = {
+    token: parsed.token,
+    cookie: parsed.cookie,
+    wasmUrl: parsed.wasmUrl || WASM_DEFAULT,
+    hif_dliq: parsed.hif_dliq || '',
+    hif_leim: parsed.hif_leim || '',
+};
+fs.mkdirSync(MANAGED_AUTH_DIR, { recursive: true });
+const file = path.join(MANAGED_AUTH_DIR, `account_${Date.now()}.json`);
+fs.writeFileSync(file, JSON.stringify(content, null, 2), { mode: 0o600 });
+console.log('OK: account written to ' + file +
+    ' (token ' + parsed.token.length + ' chars, cookie ' + parsed.cookie.split(';').filter(Boolean).length + ' values)');
diff --git a/server.js b/server.js
index 3ba72a0..220a262 100755
--- a/server.js
+++ b/server.js
@@ -16,6 +16,7 @@ const os = require('os');
 const path = require('path');
 const readline = require('readline');
 const { spawnSync } = require('child_process');
+const { parseAuthInput, finalizeAuth } = require('./lib/parseAuth');
 
 const SERVER_HOST = os.hostname();  // Dynamic hostname detection
 const SERVER_PUBLIC_IP = (() => {
@@ -61,7 +62,13 @@ const SESSION_TTL_MS = 2 * 60 * 60 * 1000;  // 2 hours
 
 // === DeepSeek Web API Config — loaded from external config file ===
 const DS_CONFIG_PATH = process.env.DEEPSEEK_AUTH_PATH || path.join(__dirname, 'deepseek-auth.json');
+// Managed runtime auth dir: accounts added through the dashboard / import scripts
+// are written here as account_<ts>.json and picked up on the next reload. This
+// directory is always scanned in addition to the env-provided paths, so runtime
+// CRUD works on top of the maintainer's file-based pool without a separate store.
+const MANAGED_AUTH_DIR = path.join(__dirname, 'data', 'accounts');
 const DEFAULT_ACCOUNT_COOLDOWN_MS = Number(process.env.DEEPSEEK_ACCOUNT_COOLDOWN_MS || 10 * 60 * 1000);
+const DEFAULT_WASM = 'https://fe-static.deepseek.com/chat/static/sha3_wasm_bg.7b9ca65ddd.wasm';
 let DS_CONFIG = {};
 let dsHeaders = {};
 const accounts = [];
@@ -83,22 +90,45 @@ function buildBaseHeaders(config = DS_CONFIG) {
         "Content-Type": "application/json",
     };
 }
+// *.json files from the managed runtime dir (data/accounts). Created on demand so
+// runtime-added accounts survive reloads. Returns [] if the dir cannot be created.
+function managedAuthPaths() {
+    try {
+        fs.mkdirSync(MANAGED_AUTH_DIR, { recursive: true });
+        return fs.readdirSync(MANAGED_AUTH_DIR)
+            .filter(f => f.endsWith('.json'))
+            .sort()
+            .map(f => path.join(MANAGED_AUTH_DIR, f));
+    } catch (e) {
+        console.error(`[DS-API] Could not read managed auth dir ${MANAGED_AUTH_DIR}: ${e.message}`);
+        return [];
+    }
+}
 function discoverAuthPaths() {
+    let envPaths;
     if (process.env.DEEPSEEK_AUTH_DIR) {
         try {
-            return fs.readdirSync(process.env.DEEPSEEK_AUTH_DIR)
+            envPaths = fs.readdirSync(process.env.DEEPSEEK_AUTH_DIR)
                 .filter(f => f.endsWith('.json'))
                 .sort()
                 .map(f => path.join(process.env.DEEPSEEK_AUTH_DIR, f));
         } catch (e) {
             console.error(`[DS-API] Could not read DEEPSEEK_AUTH_DIR: ${e.message}`);
-            return [];
+            envPaths = [];
         }
+    } else if (process.env.DEEPSEEK_AUTH_PATH && process.env.DEEPSEEK_AUTH_PATH.includes(',')) {
+        envPaths = process.env.DEEPSEEK_AUTH_PATH.split(',').map(s => s.trim()).filter(Boolean);
+    } else {
+        envPaths = [DS_CONFIG_PATH];
     }
-    if (process.env.DEEPSEEK_AUTH_PATH && process.env.DEEPSEEK_AUTH_PATH.includes(',')) {
-        return process.env.DEEPSEEK_AUTH_PATH.split(',').map(s => s.trim()).filter(Boolean);
+    // Always also include the managed runtime dir, de-duplicated against env paths
+    // (resolved to absolute) so the same file is never loaded twice.
+    const seen = new Set(envPaths.map(p => path.resolve(p)));
+    const merged = [...envPaths];
+    for (const p of managedAuthPaths()) {
+        if (!seen.has(path.resolve(p))) { seen.add(path.resolve(p)); merged.push(p); }
     }
-    return [DS_CONFIG_PATH];
+    return merged;
 }
 function loadDeepSeekConfig({ fatal = true } = {}) {
     accounts.length = 0;
@@ -174,6 +204,118 @@ function markAccountFailure(account, status, reason = '') {
         console.log(`[account:${account.id}] cooldown for ${Math.round(DEFAULT_ACCOUNT_COOLDOWN_MS / 1000)}s after HTTP ${status}${reason ? ` (${reason})` : ''}`);
     }
 }
+
+// === Account management (dashboard / import) on top of the file-based pool ===
+
+// Decode a JWT payload's `exp` (in ms) without verifying the signature.
+function decodeTokenInfo(token) {
+    try {
+        const p = JSON.parse(Buffer.from(String(token).split('.')[1], 'base64url').toString());
+        return { exp: p.exp ? p.exp * 1000 : null };
+    } catch { return { exp: null }; }
+}
+
+// String status used by the dashboard. Distinct from accountStatus() (object form)
+// which is consumed by /health and the rest of the server.
+function accountStatusStr(account) {
+    if (!account.config.token || !account.config.cookie) return 'INVALID';
+    const { exp } = decodeTokenInfo(account.config.token);
+    if (exp && exp <= Date.now()) return 'EXPIRED';
+    if (account.cooldownUntil > Date.now()) return 'WAIT';
+    return 'OK';
+}
+
+// True only when the given absolute path lives inside the managed runtime dir.
+// Guards file deletion so env-provided auth files are never touched.
+function isManagedFile(file) {
+    if (!file) return false;
+    const dir = path.resolve(MANAGED_AUTH_DIR);
+    const rel = path.relative(dir, path.resolve(file));
+    return rel !== '' && !rel.startsWith('..') && !path.isAbsolute(rel);
+}
+
+// Add an account from a parsed auth object ({token,cookie,wasmUrl,hif_dliq,hif_leim,email}).
+// Dedups by token; writes a new file into the managed dir; reloads the pool.
+function addAccountFromAuth(parsed) {
+    const token = parsed && parsed.token;
+    if (!token) return { error: 'Need token' };
+    if (!parsed.cookie) return { error: 'Need cookie' };
+    const dup = accounts.find(a => a.config.token === token);
+    if (dup) return { error: 'This account is already added', existingId: dup.id };
+    const content = {
+        token,
+        cookie: parsed.cookie,
+        wasmUrl: parsed.wasmUrl || '',
+        hif_dliq: parsed.hif_dliq || '',
+        hif_leim: parsed.hif_leim || '',
+        email: parsed.email || '',
+    };
+    try {
+        fs.mkdirSync(MANAGED_AUTH_DIR, { recursive: true });
+        const file = path.join(MANAGED_AUTH_DIR, `account_${Date.now()}.json`);
+        fs.writeFileSync(file, JSON.stringify(content, null, 2), { mode: 0o600 });
+    } catch (e) {
+        return { error: 'Could not save account: ' + e.message };
+    }
+    loadDeepSeekConfig({ fatal: false });
+    const added = accounts.find(a => a.config.token === token);
+    return { ok: true, id: added ? added.id : null };
+}
+
+// Delete an account by id. Only removes the backing file when it is inside the
+// managed dir; env-provided files are left in place. Reloads the pool.
+function deleteAccountById(id) {
+    const account = accounts.find(a => a.id === id);
+    if (!account) return { error: 'Account not found' };
+    if (account.file && isManagedFile(account.file)) {
+        try { fs.unlinkSync(account.file); }
+        catch (e) { return { error: 'Could not delete account file: ' + e.message }; }
+    }
+    loadDeepSeekConfig({ fatal: false });
+    return { ok: true };
+}
+
+// Public, dashboard-friendly view of the pool.
+function listAccountsPublic() {
+    return accounts.map(a => ({
+        id: a.id,
+        status: accountStatusStr(a),
+        email: a.config.email || '',
+        exp: decodeTokenInfo(a.config.token).exp,
+        resetAt: a.cooldownUntil > Date.now() ? new Date(a.cooldownUntil).toISOString() : null,
+        preview: String(a.config.token || '').slice(-6),
+    }));
+}
+
+// Live liveness check via GET users/current — validates token/cookie directly,
+// needs no PoW (PoW is only required for completion). Hard 15s timeout so the
+// /check route can never hang. Returns { status, email }; never throws.
+async function checkAccountLive(account) {
+    try {
+        const resp = await fetch('https://chat.deepseek.com/api/v0/users/current', {
+            headers: buildBaseHeaders(account.config),
+            signal: AbortSignal.timeout(15000),
+        });
+        const text = await resp.text();
+        let j = null;
+        try { j = text ? JSON.parse(text) : null; } catch { j = null; }
+        if (resp.status === 429) {
+            markAccountFailure(account, 429, 'check');
+            return { status: 'WAIT', email: '' };
+        }
+        const code = j && (j.code ?? j.data?.code);
+        if (resp.status === 401 || resp.status === 403 || [40003, 40300, 40301].includes(Number(code))) {
+            return { status: 'INVALID', email: '' };
+        }
+        if (resp.ok && j && j.data && j.data.biz_data) {
+            return { status: 'OK', email: j.data.biz_data.email || '' };
+        }
+        return { status: 'ERROR', email: '' };
+    } catch {
+        // Network error or 15s timeout — treat as unknown, do not crash the route.
+        return { status: 'ERROR', email: '' };
+    }
+}
 async function readDeepSeekJsonResponse(resp, label, account) {
     const text = await resp.text();
     let json = null;
@@ -1061,6 +1203,22 @@ function formatMessages(messages, tools) {
     return { prompt: conversation.trim(), systemPrompt: systemPrompt.trim() };
 }
 
+// Account management is allowed from the local machine only.
+function isLocal(req) {
+    const ip = (req.socket && req.socket.remoteAddress) || '';
+    return ip === '127.0.0.1' || ip === '::1' || ip === '::ffff:127.0.0.1';
+}
+
+// CSRF guard for account management: reject cross-site requests. A browser always
+// sends Origin (and Referer) on a cross-origin request, so reject when the source
+// host does not match the server host. Non-browser clients (curl/scripts) send
+// neither and are not a CSRF vector, so they pass.
+function isCrossOrigin(req) {
+    const src = req.headers.origin || req.headers.referer;
+    if (!src) return false;
+    try { return new URL(src).host !== req.headers.host; } catch { return true; }
+}
+
 // === HTTP Server ===
 const server = http.createServer(async (req, res) => {
     res.setHeader('Access-Control-Allow-Origin', '*');
@@ -1136,6 +1294,95 @@ const server = http.createServer(async (req, res) => {
         return;
     }
 
+    // Dashboard (web UI) — single static file
+    if (req.method === 'GET' && url.pathname === '/dashboard') {
+        try {
+            const html = fs.readFileSync(path.join(__dirname, 'public', 'dashboard.html'));
+            res.writeHead(200, { 'Content-Type': 'text/html; charset=utf-8' });
+            res.end(html);
+        } catch {
+            res.writeHead(404, { 'Content-Type': 'text/plain; charset=utf-8' });
+            res.end('Dashboard not built (public/dashboard.html missing)');
+        }
+        return;
+    }
+
+    // Auth status for dashboard: decode JWT exp (no signature check) + presence flags
+    if (req.method === 'GET' && url.pathname === '/api/auth-status') {
+        const ok = accounts.find(a => accountStatusStr(a) === 'OK');
+        const tokenExp = ok ? decodeTokenInfo(ok.config.token).exp : null;
+        res.writeHead(200, { 'Content-Type': 'application/json' });
+        res.end(JSON.stringify({
+            config_ready: hasAuthConfig(),
+            accounts_total: accounts.length,
+            accounts_online: accounts.filter(a => accountStatusStr(a) === 'OK').length,
+            accounts_limited: accounts.filter(a => accountStatusStr(a) === 'WAIT').length,
+            token_exp: tokenExp,
+            has_token: accounts.some(a => a.config.token),
+            has_cookie: accounts.some(a => a.config.cookie),
+            has_hif: accounts.some(a => a.config.hif_dliq || a.config.hif_leim),
+        }));
+        return;
+    }
+
+    // ── DeepSeek account management (localhost only) ──
+    if (url.pathname === '/api/accounts' || url.pathname.startsWith('/api/accounts/')) {
+        if (!isLocal(req)) { res.writeHead(403, { 'Content-Type': 'application/json' }); res.end(JSON.stringify({ error: 'Available from localhost only' })); return; }
+        if (isCrossOrigin(req)) { res.writeHead(403, { 'Content-Type': 'application/json' }); res.end(JSON.stringify({ error: 'Cross-origin request rejected' })); return; }
+
+        // GET /api/accounts — list with statuses
+        if (req.method === 'GET' && url.pathname === '/api/accounts') {
+            res.writeHead(200, { 'Content-Type': 'application/json' }); res.end(JSON.stringify({ accounts: listAccountsPublic() })); return;
+        }
+
+        // POST /api/accounts/import — add an account from cURL/HAR (request body)
+        if (req.method === 'POST' && url.pathname === '/api/accounts/import') {
+            let body = '';
+            req.on('data', c => { body += c; if (body.length > 25 * 1024 * 1024) req.destroy(); });
+            req.on('end', () => {
+                try {
+                    const prevWasm = accounts.find(a => a.config.wasmUrl)?.config.wasmUrl || DEFAULT_WASM;
+                    const parsed = finalizeAuth(parseAuthInput(body), prevWasm);
+                    if (parsed.error) { res.writeHead(400, { 'Content-Type': 'application/json' }); res.end(JSON.stringify(parsed)); return; }
+                    const r = addAccountFromAuth(parsed);
+                    const code = r.error ? (r.existingId ? 409 : 400) : 200;
+                    res.writeHead(code, { 'Content-Type': 'application/json' }); res.end(JSON.stringify(r));
+                } catch (e) { res.writeHead(500, { 'Content-Type': 'application/json' }); res.end(JSON.stringify({ error: 'Import error: ' + e.message })); }
+            });
+            return;
+        }
+
+        // POST /api/accounts/:id/check — real liveness check via GET users/current
+        const mCheck = url.pathname.match(/^\/api\/accounts\/(account_[A-Za-z0-9]+)\/check$/);
+        if (req.method === 'POST' && mCheck) {
+            const id = mCheck[1];
+            const account = accounts.find(a => a.id === id);
+            if (!account) { res.writeHead(404, { 'Content-Type': 'application/json' }); res.end(JSON.stringify({ error: 'Account not found' })); return; }
+            const { status, email } = await checkAccountLive(account);
+            // On success, persist a freshly discovered email both in memory and (for
+            // managed files) on disk, so it survives the next pool reload.
+            if (status === 'OK' && email) {
+                account.config.email = email;
+                if (isManagedFile(account.file)) {
+                    try { fs.writeFileSync(account.file, JSON.stringify(account.config, null, 2), { mode: 0o600 }); }
+                    catch (e) { console.error(`[account:${id}] could not persist email: ${e.message}`); }
+                }
+            }
+            res.writeHead(200, { 'Content-Type': 'application/json' });
+            res.end(JSON.stringify({ id, status, email: account.config.email || '', exp: decodeTokenInfo(account.config.token).exp }));
+            return;
+        }
+
+        // DELETE /api/accounts/:id  or  POST /api/accounts/:id/delete
+        const mDel = url.pathname.match(/^\/api\/accounts\/(account_[A-Za-z0-9]+)(\/delete)?$/);
+        if (mDel && (req.method === 'DELETE' || (req.method === 'POST' && mDel[2]))) {
+            const r = deleteAccountById(mDel[1]);
+            res.writeHead(r.error ? 400 : 200, { 'Content-Type': 'application/json' }); res.end(JSON.stringify(r)); return;
+        }
+
+        res.writeHead(404, { 'Content-Type': 'application/json' }); res.end(JSON.stringify({ error: 'Unknown accounts endpoint' })); return;
+    }
+
     const apiMode = url.pathname === '/v1/messages'
         ? 'anthropic'
         : (url.pathname === '/v1/responses' ? 'responses' : 'openai');

From c3b3fa252c18eed5012dffd8e68f66d171756f9c Mon Sep 17 00:00:00 2001
From: dansc <dansc@yandex.ru>
Date: Tue, 9 Jun 2026 18:59:52 +0300
Subject: [PATCH 2/2] feat: dashboard/extension polish + per-account label

- dashboard: model picker, inline delete, copy, retry, auto-grow, and a
  per-account label with inline edit
- chrome extension: icons, server-status indicator, dashboard button, label
- parseAuth: handle Chrome "Copy as cURL (bash)" ANSI-C headers
- server: GET /api/accounts exposes label; POST /api/accounts/:id/label sets
  it (localhost + CSRF guarded, persisted to the managed account file)
---
 chrome-extension/icons/icon128.png | Bin 0 -> 510 bytes
 chrome-extension/icons/icon16.png  | Bin 0 -> 107 bytes
 chrome-extension/icons/icon48.png  | Bin 0 -> 195 bytes
 chrome-extension/manifest.json     |   8 +--
 chrome-extension/popup.html        |  18 ++++++-
 chrome-extension/popup.js          |  15 +++++-
 lib/parseAuth.js                   |  10 ++--
 public/dashboard.html              |  75 ++++++++++++++++++++++++++---
 server.js                          |  25 ++++++++++
 9 files changed, 135 insertions(+), 16 deletions(-)
 create mode 100644 chrome-extension/icons/icon128.png
 create mode 100644 chrome-extension/icons/icon16.png
 create mode 100644 chrome-extension/icons/icon48.png

diff --git a/chrome-extension/icons/icon128.png b/chrome-extension/icons/icon128.png
new file mode 100644
index 0000000000000000000000000000000000000000..ccce26717203865b0ca26c9ac51243db82f7def7
GIT binary patch
literal 510
zcmeAS@N?(olHy`uVBq!ia0vp^4Is?H1|$#LC7xzrU_9#S;uunK>+RixzRrO>E*DoS
zyI$aO4HofM3Upk;kyw51k=X;wAhQqga{c}CU&Y)R4k$7RFfchVa4;|`Ft9YBbJ&0V
z`Sp*t;W6`mX@=Bh^Tv*gyA6+gxGRwKBag$d#=J#hpR`lY{a%H(_iX}?%auDm?iM`q
z<1R<ipF9@BI`bxp{nCyg>0|HR7#J9i<-36t0a=gDv6Bo826ehjKm{ORP^S)KLIfa!
z{6N7E!VlCDVlbA%2lYf4yRn{^8N_Zlz^(+OnB+Tw+Bj-7gcukUK5WbYNi+)z<Vedi
zFxW_6x7pXOeERtJlANDE<ofmG?|=UI^l?Aag_eX%XWbby91Pyxd(05yX7KTvGGk1$
z!Ovrh8Dks_{_cCsnA5u9>AGx&oW>1r=e=g|Y2EO(FPqV)al_xb*NlJI+q})KSs$!-
zh}m~BlVLqm<~~PL21bSkWrha=xB{HXp}mS}TIoFh3kP>T0eQgF)z4*}Q$iB}GXI;p

literal 0
HcmV?d00001

diff --git a/chrome-extension/icons/icon16.png b/chrome-extension/icons/icon16.png
new file mode 100644
index 0000000000000000000000000000000000000000..14af7735722b945948d5e9fc855d604ab86d67b5
GIT binary patch
literal 107
zcmeAS@N?(olHy`uVBq!ia0vp^0wB!61|;P_|4#%`MxHK?Ar-fhCrrBZ+n+N{Vh-C6
z`G0+)!l?{;XLs-<D!3Y(IlJ*L*v2U0t{f_K>B4CrhOmd9Dx|g=UIFT6@O1TaS?83{
F1OUg!AN~LU

literal 0
HcmV?d00001

diff --git a/chrome-extension/icons/icon48.png b/chrome-extension/icons/icon48.png
new file mode 100644
index 0000000000000000000000000000000000000000..dc6a5a2ee38c1bf62e991cdf12d4e93f97d1e6ad
GIT binary patch
literal 195
zcmeAS@N?(olHy`uVBq!ia0vp^1|ZDA1|-9oezpUtE>9Q7kcwMxZ|-JnP!M3bxVBj-
z=jbBcQvp#HE_?WeW9;-Nhpv_Ne<lo6%fP_FY_a}!$wP)~A4CNzTk1I{mjBUly7zGN
zguM)_AKzCH(XA8N$o}B{4?&mOhVVV2j9^U+SJ*!2iZC9iR$x;2J9$#55|_f?4WVgK
lI)?A2&Ak58nHi)ib3JqPv)vu7)n3IQuBWS?%Q~loCICjwLKXl3

literal 0
HcmV?d00001

diff --git a/chrome-extension/manifest.json b/chrome-extension/manifest.json
index 5ff23de..5501740 100644
--- a/chrome-extension/manifest.json
+++ b/chrome-extension/manifest.json
@@ -1,7 +1,7 @@
 {
   "manifest_version": 3,
   "name": "DeepSeek → FreeDeepseekAPI",
-  "version": "1.3",
+  "version": "1.4",
   "description": "Добавляет аккаунт DeepSeek в локальный FreeDeepseekAPI одним кликом. Перехватывает заголовки запроса chat.deepseek.com (token + cookie + hif).",
   "author": "FreeDeepseekAPI",
   "browser_specific_settings": {
@@ -23,6 +23,8 @@
   },
   "action": {
     "default_popup": "popup.html",
-    "default_title": "DeepSeek → FreeDeepseekAPI"
-  }
+    "default_title": "DeepSeek → FreeDeepseekAPI",
+    "default_icon": { "16": "icons/icon16.png", "48": "icons/icon48.png", "128": "icons/icon128.png" }
+  },
+  "icons": { "16": "icons/icon16.png", "48": "icons/icon48.png", "128": "icons/icon128.png" }
 }
diff --git a/chrome-extension/popup.html b/chrome-extension/popup.html
index b72ad1d..05f1be5 100644
--- a/chrome-extension/popup.html
+++ b/chrome-extension/popup.html
@@ -44,10 +44,21 @@
     .acc-btn.danger:hover { background: #b71c1c44; color: #ef5350; }
     .acc-btn.confirm { background: #b71c1c; color: #fff; border-color: #c62828; }
     .pool-empty { color: #666; font-size: 11px; text-align: center; padding: 10px; }
+    .hdr { display: flex; align-items: center; justify-content: space-between; margin-bottom: 4px; }
+    .hdr h1 { margin: 0; }
+    .srv-dot { width: 9px; height: 9px; border-radius: 50%; background: #666; flex: none; }
+    .srv-dot.online { background: #66bb6a; box-shadow: 0 0 5px #2e7d32; }
+    .srv-dot.offline { background: #ef5350; box-shadow: 0 0 5px #c62828; }
+    .btn-row button:disabled { opacity: 0.45; cursor: default; }
+    .pool-row .email { cursor: pointer; }
+    .pool-row .email:hover { color: #4fc3f7; }
   </style>
 </head>
 <body>
-  <h1>🔑 DeepSeek → FreeDeepseekAPI</h1>
+  <div class="hdr">
+    <h1>🔑 DeepSeek → FreeDeepseekAPI</h1>
+    <span id="srvDot" class="srv-dot" title="Статус сервера FreeDeepseekAPI"></span>
+  </div>
   <div class="sub">Откройте <code>chat.deepseek.com</code>, <b>отправьте любое сообщение</b>, затем нажмите кнопку</div>
 
   <div id="status" class="status warn">⏳ Loading...</div>
@@ -71,7 +82,10 @@ <h1>🔑 DeepSeek → FreeDeepseekAPI</h1>
   <div class="pool-section">
     <div class="pool-header">
       <span class="title" id="poolTitle">Пул аккаунтов</span>
-      <button id="btnCheckAll" class="link-btn">↻ Проверить все</button>
+      <span style="display:flex; gap:6px">
+        <button id="btnDashboard" class="link-btn">🖥 Дашборд</button>
+        <button id="btnCheckAll" class="link-btn">↻ Проверить все</button>
+      </span>
     </div>
     <div id="pool" class="pool-list"></div>
   </div>
diff --git a/chrome-extension/popup.js b/chrome-extension/popup.js
index e2c4127..423ea09 100644
--- a/chrome-extension/popup.js
+++ b/chrome-extension/popup.js
@@ -6,12 +6,15 @@ const PROXY_URL = API_BASE + '/api/accounts/import';
 let current = null; // перехваченный набор кредов {token,cookie,hif_*,wasmUrl}
 
 function setStatus(cls, text) { $('status').className = 'status ' + cls; $('status').textContent = text; }
+function setSrvDot(online) { const d = $('srvDot'); if (d) { d.className = 'srv-dot ' + (online ? 'online' : 'offline'); d.title = online ? 'Сервер онлайн (:9655)' : 'Сервер недоступен (:9655)'; } }
+function setCredButtons(has) { for (const id of ['btnAdd', 'btnCopy', 'btnSave']) { const b = $(id); if (b) b.disabled = !has; } }
 
 function render(cap) {
     if (!cap || !cap.token || !cap.cookie) {
         setStatus('warn', '⚠️ Откройте chat.deepseek.com и ОТПРАВЬТЕ любое сообщение, затем нажмите кнопку.');
         $('jsonPreview').textContent = '{ }';
         $('detail').textContent = 'Креды появятся после запроса к DeepSeek';
+        setCredButtons(false);
         return null;
     }
     const auth = { token: cap.token, hif_dliq: cap.hif_dliq || '', hif_leim: cap.hif_leim || '', cookie: cap.cookie, wasmUrl: cap.wasmUrl };
@@ -23,6 +26,7 @@ function render(cap) {
     }, null, 2);
     setStatus('ok', '✅ Перехвачено: token + cookie' + (auth.hif_leim ? ' + hif' : '') + ' — готово');
     $('detail').textContent = cap._t ? ('Обновлено: ' + new Date(cap._t).toLocaleTimeString()) : '';
+    setCredButtons(true);
     return auth;
 }
 
@@ -55,7 +59,7 @@ function renderPool(list) {
         idEl.className = 'id'; idEl.textContent = a.id;
 
         const emailEl = document.createElement('span');
-        emailEl.className = 'email'; emailEl.textContent = a.email || '—'; emailEl.title = a.email || '';
+        emailEl.className = 'email'; emailEl.textContent = a.label || a.email || '—'; emailEl.title = a.email || a.label || '';
 
         const badge = document.createElement('span');
         badge.className = 'badge ' + (a.status || '').toLowerCase(); badge.textContent = a.status || '—';
@@ -73,8 +77,10 @@ async function loadPool() {
     try {
         const r = await fetch(API_BASE + '/api/accounts');
         const j = await r.json();
+        setSrvDot(true);
         renderPool(j.accounts || []);
     } catch {
+        setSrvDot(false);
         $('poolTitle').textContent = 'Пул аккаунтов';
         setEmpty('FreeDeepseekAPI недоступен на :9655');
     }
@@ -100,6 +106,12 @@ async function deleteAccount(id) {
 
 // делегирование кликов в панели (check / удаление с инлайн-подтверждением)
 $('pool').addEventListener('click', (e) => {
+    const emailEl = e.target.closest('.email');
+    if (emailEl && emailEl.textContent && emailEl.textContent !== '—') {
+        const full = emailEl.title || emailEl.textContent;
+        navigator.clipboard.writeText(full).then(() => { const o = emailEl.textContent; emailEl.textContent = '✓ скопировано'; setTimeout(() => { emailEl.textContent = o; }, 900); });
+        return;
+    }
     const btn = e.target.closest('.acc-btn'); if (!btn) return;
     const row = btn.closest('.pool-row'); const id = row && row.dataset.id; if (!id) return;
     const act = btn.dataset.act;
@@ -120,6 +132,7 @@ async function checkAll() {
     $('btnCheckAll').disabled = false;
 }
 $('btnCheckAll').addEventListener('click', checkAll);
+$('btnDashboard').addEventListener('click', () => { chrome.tabs.create({ url: API_BASE + '/dashboard' }); });
 
 // ── Главная кнопка — добавить перехваченные креды + авто-валидация ──
 $('btnAdd').addEventListener('click', async () => {
diff --git a/lib/parseAuth.js b/lib/parseAuth.js
index b333b9a..b406925 100644
--- a/lib/parseAuth.js
+++ b/lib/parseAuth.js
@@ -8,14 +8,15 @@
 
 const WASM_DEFAULT = 'https://fe-static.deepseek.com/chat/static/sha3_wasm_bg.7b9ca65ddd.wasm';
 
-// -H 'name: value' | -H "name: value" | --header ...
+// -H 'name: value' | -H "name: value" | -H $'name: value' (Chrome bash ANSI-C) | --header ...
+// Опциональный \$? перед кавычкой покрывает форму "Copy as cURL (bash)".
 function extractHeadersFromCurl(curl) {
     const headers = {};
-    const re = /(?:-H|--header)\s+(['"])(.+?):\s?([\s\S]*?)\1(?=\s|$)/g;
+    const re = /(?:-H|--header)\s+\$?(['"])(.+?):\s?([\s\S]*?)\1(?=\s|$)/g;
     let m;
     while ((m = re.exec(curl))) headers[m[2].trim().toLowerCase()] = m[3].trim();
     if (!headers['cookie']) {
-        const mc = curl.match(/(?:-b|--cookie)\s+(['"])([\s\S]*?)\1(?=\s|$)/);
+        const mc = curl.match(/(?:-b|--cookie)\s+\$?(['"])([\s\S]*?)\1(?=\s|$)/);
         if (mc) headers['cookie'] = mc[2].trim();
     }
     return headers;
@@ -31,7 +32,8 @@ function fromHeaders(h) {
 }
 
 function parseCurl(curl) {
-    const s = String(curl || '');
+    // снять bash line-continuations (\ + перевод строки), которые Chrome вставляет в "Copy as cURL"
+    const s = String(curl || '').replace(/\\\r?\n/g, ' ');
     const r = fromHeaders(extractHeadersFromCurl(s));
     const wm = s.match(/https?:\/\/[^\s'"]*sha3[^\s'"]*\.wasm/i);
     r.wasmUrl = wm ? wm[0] : '';
diff --git a/public/dashboard.html b/public/dashboard.html
index 8725ae3..8ce1a9c 100644
--- a/public/dashboard.html
+++ b/public/dashboard.html
@@ -72,6 +72,8 @@
   button:disabled{opacity:.4;cursor:default;transform:none}
   button.primary{background:var(--accent-press);border-color:var(--accent-deep);color:#fff;font-weight:600}
   button.primary:hover{background:var(--accent);color:#fff}
+  button.danger{background:var(--err);border-color:var(--err);color:#fff;font-weight:600}
+  button.danger:hover{background:#ff7b72;border-color:#ff7b72;color:#fff}
   button.sm{padding:5px 9px;font-size:var(--fs-xs)}
   button svg.ic{font-size:15px}
   button.toggle.on{background:rgba(77,107,254,.16);border-color:var(--accent);color:var(--accent)}
@@ -97,6 +99,7 @@
   .acc.OK{border-left-color:var(--ok)} .acc.WAIT{border-left-color:var(--warn)}
   .acc.INVALID,.acc.EXPIRED,.acc.ERROR{border-left-color:var(--err)}
   .acc .id{font-weight:600;font-size:var(--fs-sm)} .acc .meta{color:var(--muted);font-size:var(--fs-xs);font-family:var(--mono)}
+  .acc-label{font-weight:600;color:var(--accent);font-size:var(--fs-sm)}
   .badge{font-size:var(--fs-xs);font-weight:700;padding:3px 9px;border-radius:4px;display:inline-flex;align-items:center;gap:5px}
   .badge::before{content:"";width:6px;height:6px;border-radius:50%;background:currentColor}
   .badge.OK{background:rgba(63,185,80,.16);color:#56d364} .badge.WAIT{background:rgba(210,153,34,.18);color:#e3b341}
@@ -211,6 +214,7 @@ <h2><svg class="ic"><use href="#i-chat"/></svg>Плейграунд чата <sp
   <section id="tab-accounts" class="panel" role="tabpanel" aria-labelledby="t-accounts">
     <div class="card full">
       <h2><svg class="ic"><use href="#i-accounts"/></svg>Аккаунты DeepSeek <span class="spacer"></span>
+        <span class="hint" id="accUpdated" style="margin:0 8px 0 0"></span>
         <button class="sm" id="checkAllAcc"><svg class="ic"><use href="#i-check"/></svg>проверить все</button></h2>
       <div id="accList"><span class="hint">загрузка…</span></div>
       <div class="import-box">
@@ -339,12 +343,17 @@ <h2><svg class="ic"><use href="#i-overview"/></svg>Модели (<span id="model
     if(!j.accounts||!j.accounts.length){ list.innerHTML='<div class="onboard">Пока нет аккаунтов. Добавьте первый через импорт ниже.</div>'; return; }
     list.innerHTML=j.accounts.map(a=>{
       const meta=a.resetAt?('лимит до '+fmtResetAt(a.resetAt)):(a.exp?fmtExp(a.exp):'');
-      return `<div class="acc ${esc(a.status)}"><span class="id">${esc(a.id)}</span><span class="badge ${esc(a.status)}">${accStLabel(a.status)}</span><span class="meta">…${esc(a.preview||'')}</span><span class="meta">${esc(meta)}</span><span class="spacer"></span>
+      const email=a.email?`<span class="meta">${esc(a.email)}</span>`:'';
+      const labelHtml=a.label?`<span class="acc-label">${esc(a.label)}</span>`:'';
+      return `<div class="acc ${esc(a.status)}"><span class="id">${esc(a.id)}</span>${labelHtml}<span class="badge ${esc(a.status)}">${accStLabel(a.status)}</span>${email}<span class="meta">…${esc(a.preview||'')}</span><span class="meta">${esc(meta)}</span><span class="spacer"></span>
+        <button class="sm" data-label="${esc(a.id)}" title="Задать имя">✎</button>
         <button class="sm" data-check="${esc(a.id)}" aria-label="Проверить ${esc(a.id)}">${icon('i-check')}проверить</button>
         <button class="sm" data-del="${esc(a.id)}" aria-label="Удалить ${esc(a.id)}">${icon('i-trash')}</button></div>`;
     }).join('');
-  }catch{ list.innerHTML='<div class="hint err-text">Не удалось загрузить аккаунты</div>'; }
+    setAccUpdated();
+  }catch{ list.innerHTML='<div class="hint err-text">Не удалось загрузить аккаунты. <button class="sm" onclick="loadAccountsList()">'+icon('i-refresh')+'Повторить</button></div>'; }
 }
+function setAccUpdated(){ const e=$('#accUpdated'); if(e) e.textContent='обновлено '+new Date().toLocaleTimeString('ru-RU',{hour:'2-digit',minute:'2-digit'}); }
 $('#checkAllAcc').onclick=async()=>{
   const b=$('#checkAllAcc'); b.disabled=true;
   try{ const j=await (await fetch(origin+'/api/accounts')).json();
@@ -361,9 +370,25 @@ <h2><svg class="ic"><use href="#i-overview"/></svg>Модели (<span id="model
 };
 document.addEventListener('click', async e=>{
   const t=e.target.closest('button'); if(!t) return;
+  if(t.dataset.label!==undefined){
+    const acc=t.closest('.acc'); if(!acc) return;
+    const cur=acc.querySelector('.acc-label')?.textContent||'';
+    const inp=document.createElement('input'); inp.type='text'; inp.value=cur; inp.placeholder='имя аккаунта'; inp.style.cssText='max-width:150px;padding:3px 7px';
+    acc.insertBefore(inp, acc.querySelector('.spacer')); inp.focus(); inp.select();
+    inp.addEventListener('keydown', async ev=>{
+      if(ev.key==='Enter'){ ev.preventDefault();
+        try{ await fetch(origin+'/api/accounts/'+encodeURIComponent(t.dataset.label)+'/label',{method:'POST',headers:{'Content-Type':'application/json'},body:JSON.stringify({label:inp.value})}); toast('Имя сохранено','ok'); }catch{ toast('Ошибка','err'); }
+        loadAccountsList();
+      } else if(ev.key==='Escape'){ loadAccountsList(); }
+    });
+    inp.addEventListener('blur', ()=>loadAccountsList()); // убрать input, если кликнули мимо
+    return;
+  }
   if(t.dataset.check){ const acc=t.closest('.acc'); const badge=acc&&acc.querySelector('.badge'); if(badge){ badge.className='badge checking'; badge.textContent='проверка'; } t.disabled=true;
     try{ await fetch(origin+'/api/accounts/'+encodeURIComponent(t.dataset.check)+'/check',{method:'POST'}); }catch{} await loadAccountsList(); await loadHealth(); return; }
-  if(t.dataset.del){ if(!confirm('Удалить аккаунт '+t.dataset.del+'?')) return; t.disabled=true;
+  if(t.dataset.del){
+    if(t.dataset.confirm!=='1'){ t.dataset.confirm='1'; t.classList.add('danger'); t.innerHTML=icon('i-trash')+'точно?'; setTimeout(()=>{ if(t.dataset.confirm==='1'){ t.dataset.confirm=''; t.classList.remove('danger'); t.innerHTML=icon('i-trash'); } },3000); return; }
+    t.disabled=true;
     try{ await fetch(origin+'/api/accounts/'+encodeURIComponent(t.dataset.del),{method:'DELETE'}); toast('Удалён','ok'); }catch{ toast('Ошибка','err'); } loadAccountsList(); loadHealth(); return; }
 });
 setInterval(()=>{ if($('#tab-accounts').classList.contains('active')) loadAccountsList(); }, 20000);
@@ -379,7 +404,18 @@ <h2><svg class="ic"><use href="#i-overview"/></svg>Модели (<span id="model
       const caps=(c.reasoning?'<span class="cap r" title="reasoning">R</span>':'')+(c.search?'<span class="cap s" title="web-поиск">S</span>':'');
       return `<span class="chip" data-model="${esc(m.id)}" title="клик — копировать"><span class="id">${esc(m.id)}</span><span class="caps">${caps}</span></span>`;
     }).join('')||'<span class="hint err-text">не удалось загрузить</span>';
-  }catch{ list.innerHTML='<span class="hint err-text">не удалось загрузить</span>'; }
+  }catch{ list.innerHTML='<span class="hint err-text">не удалось загрузить. <button class="sm" onclick="loadModels()">'+icon('i-refresh')+'Повторить</button></span>'; }
+}
+// #chatModel наполняется реальными моделями из /v1/models; выбор сохраняется в localStorage
+async function populateChatModels(){
+  const sel=$('#chatModel'); if(!sel) return;
+  try{
+    const j=await (await fetch(apiBase+'/models')).json();
+    const data=j.data||[]; if(!data.length) return;
+    const saved=localStorage.getItem('ds_model');
+    sel.innerHTML=data.map(m=>`<option value="${esc(m.id)}">${esc(m.id)}</option>`).join('');
+    if(saved && data.some(m=>m.id===saved)) sel.value=saved;
+  }catch{ /* оставляем статичный fallback-список */ }
 }
 document.addEventListener('click', e=>{ const c=e.target.closest('.chip[data-model]'); if(c) copyText(c.dataset.model); });
 
@@ -400,7 +436,14 @@ <h2><svg class="ic"><use href="#i-overview"/></svg>Модели (<span id="model
   const c=document.createElement('div'); c.className='body';
   if(m.role==='assistant' && !m.err && m.done){ const html=mdRender(m.content); if(html){ c.className='body md'; c.innerHTML=html; } else { c.textContent=m.content; d.classList.add('plain'); } }
   else { c.textContent=m.content; if(m.role!=='user') d.classList.add('plain'); }
-  d.appendChild(c); d._c=c; return d;
+  d.appendChild(c); d._c=c;
+  if(m.role==='assistant' && m.done && (m.content||'').trim()){
+    if(c.classList.contains('md')) addCopyButtons(c);
+    const cp=document.createElement('button'); cp.className='sm'; cp.type='button'; cp.style.cssText='margin-top:6px;padding:3px 8px;font-size:11px';
+    cp.innerHTML=icon('i-copy')+'копировать'; cp.onclick=()=>copyText(m.content);
+    d.appendChild(cp);
+  }
+  return d;
 }
 function renderChat(){
   const box=$('#msgs');
@@ -445,7 +488,9 @@ <h2><svg class="ic"><use href="#i-overview"/></svg>Модели (<span id="model
         }catch{} }
     }
     if(!asst.content && !asst.reasoning){ chatHistory.pop(); node.remove(); toast('Пустой ответ','err'); }
-    else { asst.done=true; if(node._think) node._think.open=false; const html=mdRender(asst.content); if(html){ node.classList.remove('plain'); node._c.className='body md'; node._c.innerHTML=html; } if(atBottom()) box.scrollTop=box.scrollHeight; }
+    else { asst.done=true; if(node._think) node._think.open=false; const html=mdRender(asst.content); if(html){ node.classList.remove('plain'); node._c.className='body md'; node._c.innerHTML=html; addCopyButtons(node._c); }
+      if((asst.content||'').trim()){ const cp=document.createElement('button'); cp.className='sm'; cp.type='button'; cp.style.cssText='margin-top:6px;padding:3px 8px;font-size:11px'; cp.innerHTML=icon('i-copy')+'копировать'; cp.onclick=()=>copyText(asst.content); node.appendChild(cp); }
+      if(atBottom()) box.scrollTop=box.scrollHeight; }
   }catch(e){
     if(e.name==='AbortError'){ if(!asst.content&&!asst.reasoning){ chatHistory.pop(); node.remove(); } else asst.done=true; }
     else { asst.content='⚠ '+e.message; node._c.textContent=asst.content; node.classList.add('err'); asst.err=true; }
@@ -459,10 +504,28 @@ <h2><svg class="ic"><use href="#i-overview"/></svg>Модели (<span id="model
   try{ await fetch(origin+'/reset-session?agent='+encodeURIComponent(AGENT_ID),{method:'POST'}); }catch{}
 };
 
+// ── Утилиты UI ───────────────────────────────────────────────────────────────
+function addCopyButtons(container){
+  container.querySelectorAll('pre').forEach(pre=>{
+    if(pre.querySelector('.code-copy')) return;
+    pre.style.position='relative';
+    const b=document.createElement('button'); b.className='code-copy sm'; b.type='button'; b.textContent='copy';
+    b.style.cssText='position:absolute;top:6px;right:6px;padding:2px 7px;font-size:11px';
+    b.onclick=()=>{ const code=pre.querySelector('code'); copyText(code?code.textContent:pre.textContent); };
+    pre.appendChild(b);
+  });
+}
+function autoGrow(el){ if(!el) return; const fn=()=>{ el.style.height='auto'; const mh=parseInt(getComputedStyle(el).maxHeight)||9999; el.style.height=Math.min(el.scrollHeight, mh)+'px'; }; el.addEventListener('input',fn); }
+
 // ── Старт ──────────────────────────────────────────────────────────────────
 renderChat();
+populateChatModels();
+$('#chatModel').addEventListener('change',()=>localStorage.setItem('ds_model',$('#chatModel').value));
+autoGrow($('#chatInput')); autoGrow($('#importText'));
 showTab((location.hash||'#chat').slice(1)||'chat');
 loadHealth(); setInterval(loadHealth, 15000);
+// #28 авто-обновление Обзора (модели/auth), пока вкладка активна
+setInterval(()=>{ const ov=$('#tab-overview'); if(ov&&ov.classList.contains('active')){ loadModels(); loadAuth(); } }, 30000);
 </script>
 </body>
 </html>
diff --git a/server.js b/server.js
index 220a262..43706e3 100755
--- a/server.js
+++ b/server.js
@@ -249,6 +249,7 @@ function addAccountFromAuth(parsed) {
         hif_dliq: parsed.hif_dliq || '',
         hif_leim: parsed.hif_leim || '',
         email: parsed.email || '',
+        label: parsed.label || '',
     };
     try {
         fs.mkdirSync(MANAGED_AUTH_DIR, { recursive: true });
@@ -281,6 +282,7 @@ function listAccountsPublic() {
         id: a.id,
         status: accountStatusStr(a),
         email: a.config.email || '',
+        label: a.config.label || '',
         exp: decodeTokenInfo(a.config.token).exp,
         resetAt: a.cooldownUntil > Date.now() ? new Date(a.cooldownUntil).toISOString() : null,
         preview: String(a.config.token || '').slice(-6),
@@ -1373,6 +1375,29 @@ const server = http.createServer(async (req, res) => {
             return;
         }
 
+        // POST /api/accounts/:id/label — set a human-friendly label for the account
+        const mLabel = url.pathname.match(/^\/api\/accounts\/(account_[A-Za-z0-9]+)\/label$/);
+        if (req.method === 'POST' && mLabel) {
+            const id = mLabel[1];
+            const account = accounts.find(a => a.id === id);
+            if (!account) { res.writeHead(404, { 'Content-Type': 'application/json' }); res.end(JSON.stringify({ error: 'Account not found' })); return; }
+            let body = '';
+            req.on('data', c => { body += c; if (body.length > 64 * 1024) req.destroy(); });
+            req.on('end', () => {
+                try {
+                    const label = String((JSON.parse(body || '{}').label) || '').slice(0, 80);
+                    account.config.label = label;
+                    // Persist for managed files so the label survives the next pool reload.
+                    if (isManagedFile(account.file)) {
+                        try { fs.writeFileSync(account.file, JSON.stringify(account.config, null, 2), { mode: 0o600 }); }
+                        catch (e) { console.error(`[account:${id}] could not persist label: ${e.message}`); }
+                    }
+                    res.writeHead(200, { 'Content-Type': 'application/json' }); res.end(JSON.stringify({ ok: true, id, label }));
+                } catch (e) { res.writeHead(400, { 'Content-Type': 'application/json' }); res.end(JSON.stringify({ error: 'Invalid label body: ' + e.message })); }
+            });
+            return;
+        }
+
         // DELETE /api/accounts/:id  or  POST /api/accounts/:id/delete
         const mDel = url.pathname.match(/^\/api\/accounts\/(account_[A-Za-z0-9]+)(\/delete)?$/);
         if (mDel && (req.method === 'DELETE' || (req.method === 'POST' && mDel[2]))) {