v1.0.75: exclude Android app-private trees (Android/data,media,obb)

Scoped storage (Android 11+) lets a SAF grant LIST another app's
Android/media|data|obb dir but not OPEN the files, so every transfer there
failed and the pair was stuck reporting Partial forever (65 failures under
Android/media/com.whatsapp/ on Zahra). These hold app-managed data, not user
content, so exclude the whole subtree on both sides via path-prefix match in
isExcludedPath. ExcludePathTest covers the new prefixes + case-insensitivity.

.gitea/workflows/release.yml

@@ -10,6 +10,8 @@ on:
 jobs:
   build:
     runs-on: ubuntu-latest
+    permissions:
+      contents: write   # needed to create the release object on a tag
 
     steps:
       - uses: actions/checkout@v4
@@ -63,12 +65,17 @@ jobs:
           TAG: ${{ github.ref_name }}
           VERSION: ${{ steps.ver.outputs.name }}
         run: |
-          RELEASE_ID=$(curl -sf \
-            "https://gitea.khodak.me/api/v1/repos/amir/SyncFlow/releases/tags/$TAG" \
-            -H "Authorization: token $TOKEN" \
-            | python3 -c "import sys,json; print(json.load(sys.stdin)['id'])")
-          curl -sf -X POST \
-            "https://gitea.khodak.me/api/v1/repos/amir/SyncFlow/releases/$RELEASE_ID/assets" \
+          API="https://gitea.khodak.me/api/v1/repos/amir/SyncFlow"
+          # A pushed git tag does NOT create a Gitea release object — fetch it, create if missing.
+          RELEASE_ID=$(curl -s "$API/releases/tags/$TAG" -H "Authorization: token $TOKEN" \
+            | python3 -c "import sys,json;d=json.load(sys.stdin);print(d.get('id','') if isinstance(d,dict) else '')" 2>/dev/null)
+          if [ -z "$RELEASE_ID" ]; then
+            RELEASE_ID=$(curl -s -X POST "$API/releases" -H "Authorization: token $TOKEN" \
+              -H "Content-Type: application/json" -d "{\"tag_name\":\"$TAG\",\"name\":\"$TAG\"}" \
+              | python3 -c "import sys,json;print(json.load(sys.stdin).get('id',''))")
+            echo "created release object $RELEASE_ID for $TAG"
+          fi
+          curl -sf -X POST "$API/releases/$RELEASE_ID/assets?name=SyncFlow-v${VERSION}.apk" \
             -H "Authorization: token $TOKEN" \
             -F "attachment=@dist/SyncFlow-v${VERSION}.apk"
-          echo "APK uploaded to release $TAG"
+          echo "APK uploaded to release $TAG (id $RELEASE_ID)"

app/build.gradle.kts

@@ -33,7 +33,10 @@ android {
         minSdk = 26
         targetSdk = 35
         versionCode = versionProps["VERSION_CODE"].toString().toInt()
-        versionName = versionProps["VERSION_NAME"].toString()
+        // Single source of truth: the human version always tracks the build number, so the
+        // git tag (v1.0.N), the APK filename, and the in-app "About" all read 1.0.N and
+        // can never drift apart again. Bump only VERSION_CODE in version.properties.
+        versionName = "1.0.${versionProps["VERSION_CODE"].toString().toInt()}"
         testInstrumentationRunner = "androidx.test.runner.AndroidJUnitRunner"
 
         // Placeholder — replace with real keys before release

app/src/androidTest/kotlin/com/syncflow/NextcloudIntegrationTest.kt

@@ -22,6 +22,9 @@ import org.junit.Test
 import org.junit.runner.RunWith
 import java.io.ByteArrayInputStream
 import java.io.ByteArrayOutputStream
+import java.io.File
+import java.io.FileInputStream
+import java.io.FileOutputStream
 import java.time.Instant
 
 /**
@@ -37,6 +40,7 @@ import java.time.Instant
 @RunWith(AndroidJUnit4::class)
 class NextcloudIntegrationTest {
 
+    private val ctx = InstrumentationRegistry.getInstrumentation().targetContext
     private val args = InstrumentationRegistry.getArguments()
     private val url = args.getString("ncUrl")
     private val user = args.getString("ncUser")
@@ -138,4 +142,44 @@ class NextcloudIntegrationTest {
             runCatching { p.deleteFile(dir) }
         }
     }
+
+    /**
+     * Real-world large-file test: streams a multi-GB file FROM THE PHONE through the app's
+     * chunked-upload path to the external URL, verifies the full size landed, then cleans up.
+     * Opt-in (slow): pass -e bigFileMB=<size>, e.g. 1536 for 1.5 GB.
+     */
+    @Test
+    fun realWorld_largeFileChunkedUpload() = runBlocking {
+        assumeTrue("ncUrl/ncUser/ncPass required", url != null && user != null && pass != null)
+        val mb = args.getString("bigFileMB")?.toIntOrNull() ?: 0
+        assumeTrue("pass -e bigFileMB=<size> to run the big-file test", mb > 0)
+
+        val account = CloudAccount(
+            id = 1, displayName = "IT", email = user, providerType = ProviderType.NEXTCLOUD,
+            credentialJson = """{"username":"$user","password":"$pass"}""", serverUrl = url, port = null,
+        )
+        val p = NextcloudProvider(account) // default 100 MB chunks -> chunked path for >100 MB
+        val dir = "SyncFlowBig_${System.currentTimeMillis()}"
+        val tmp = File(ctx.cacheDir, "bigfile_${System.currentTimeMillis()}.bin")
+        try {
+            val total = mb.toLong() * 1024 * 1024
+            FileOutputStream(tmp).use { os ->
+                val buf = ByteArray(8 * 1024 * 1024)
+                var written = 0L
+                while (written < total) {
+                    val n = minOf(buf.size.toLong(), total - written).toInt()
+                    os.write(buf, 0, n); written += n
+                }
+            }
+            assertEquals(total, tmp.length())
+            p.createDirectory(dir).getOrThrow()
+            val up = p.uploadFile(FileInputStream(tmp), "$dir/big.bin", tmp.length())
+            assertTrue("large chunked upload failed: ${up.exceptionOrNull()}", up.isSuccess)
+            assertEquals("full file size must land on the server", total,
+                p.listFiles(dir).getOrThrow().first { it.name == "big.bin" }.sizeBytes)
+        } finally {
+            tmp.delete()
+            runCatching { p.deleteFile(dir) }
+        }
+    }
 }

app/src/androidTest/kotlin/com/syncflow/SftpgoWebDavTest.kt

@@ -0,0 +1,68 @@
+package com.syncflow
+
+import androidx.test.ext.junit.runners.AndroidJUnit4
+import androidx.test.platform.app.InstrumentationRegistry
+import com.syncflow.data.providers.webdav.WebDavProvider
+import com.syncflow.domain.model.CloudAccount
+import com.syncflow.domain.model.ProviderType
+import kotlinx.coroutines.runBlocking
+import org.junit.Assert.assertEquals
+import org.junit.Assert.assertTrue
+import org.junit.Assume.assumeTrue
+import org.junit.Test
+import org.junit.runner.RunWith
+import java.io.ByteArrayInputStream
+import java.io.ByteArrayOutputStream
+
+/**
+ * Live test of the app's SFTPGo provider (which is WebDavProvider) against a real SFTPGo
+ * server over its externally-exposed WebDAV URL. Validates the provider against a different
+ * WebDAV implementation than Nextcloud. Creds via -e davUrl/davUser/davPass; skips otherwise.
+ */
+@RunWith(AndroidJUnit4::class)
+class SftpgoWebDavTest {
+
+    private val args = InstrumentationRegistry.getArguments()
+
+    private fun provider() = WebDavProvider(
+        CloudAccount(
+            id = 1, displayName = "sftpgo", email = null, providerType = ProviderType.SFTPGO,
+            credentialJson = """{"username":"${args.getString("davUser")}","password":"${args.getString("davPass")}"}""",
+            serverUrl = args.getString("davUrl"), port = null,
+        ),
+    )
+
+    @Test fun sftpgoWebDavRoundTrip() = runBlocking {
+        assumeTrue("davUrl/davUser/davPass required", args.getString("davUrl") != null)
+        val p = provider()
+        val dir = "SyncFlowDav_${System.currentTimeMillis()}"
+        try {
+            assertTrue("testConnection", p.testConnection().isSuccess)
+            assertTrue("mkdir", p.createDirectory(dir).isSuccess)
+
+            // upload (atomic temp + MOVE), list, download — with a non-ASCII payload
+            val body = "sftpgo webdav round-trip ✓ café".toByteArray()
+            assertTrue("upload", p.uploadFile(ByteArrayInputStream(body), "$dir/f.txt", body.size.toLong()).isSuccess)
+            assertTrue("f.txt" in p.listFiles(dir).getOrThrow().map { it.name })
+            val out = ByteArrayOutputStream(); p.downloadFile("$dir/f.txt", out).getOrThrow()
+            assertEquals("sftpgo webdav round-trip ✓ café", out.toString("UTF-8"))
+
+            // overwrite via atomic temp+MOVE
+            val v2 = "updated-content".toByteArray()
+            assertTrue(p.uploadFile(ByteArrayInputStream(v2), "$dir/f.txt", v2.size.toLong()).isSuccess)
+            val out2 = ByteArrayOutputStream(); p.downloadFile("$dir/f.txt", out2).getOrThrow()
+            assertEquals("updated-content", out2.toString("UTF-8"))
+
+            // non-ASCII / special filename (the URL/MOVE-header encoding fix)
+            val special = "café & rapport (1).txt"
+            assertTrue(p.uploadFile(ByteArrayInputStream("x".toByteArray()), "$dir/$special", 1).isSuccess)
+            assertTrue(special in p.listFiles(dir).getOrThrow().map { it.name })
+
+            // delete
+            assertTrue(p.deleteFile("$dir/f.txt").isSuccess)
+            assertTrue("f.txt" !in p.listFiles(dir).getOrThrow().map { it.name })
+        } finally {
+            runCatching { p.deleteFile(dir) }
+        }
+    }
+}

app/src/main/kotlin/com/syncflow/data/providers/sftp/SftpProvider.kt

@@ -23,19 +23,36 @@ class SftpProvider(private val account: CloudAccount, private val credentialStor
     private val password = creds["password"]?.jsonPrimitive?.content
     private val privateKey = creds["private_key"]?.jsonPrimitive?.content
 
-    private fun <T> withSftp(block: (SFTPClient) -> T): T {
+    // Persistent SSH connection reused across all operations in the provider's lifetime.
+    // Each call to withSftp checks liveness and reconnects if the connection dropped.
+    // This eliminates the per-operation connect/auth/disconnect cycle that caused
+    // 100+ SSH handshakes during a recursive directory listing + file-transfer sync,
+    // leading to connection timeouts on large folder trees (e.g. 69 subdirectories).
+    private var sshClient: SSHClient? = null
+
+    private fun getOrCreateSsh(): SSHClient {
+        val existing = sshClient
+        if (existing != null && existing.isConnected && existing.isAuthenticated) return existing
         val ssh = SSHClient()
         ssh.addHostKeyVerifier(TofuHostKeyVerifier(credentialStore))
         ssh.connect(host, port)
-        try {
-            if (!privateKey.isNullOrBlank()) {
-                ssh.authPublickey(username, ssh.loadKeys(privateKey, null, null))
-            } else {
-                ssh.authPassword(username, password ?: "")
-            }
-            return ssh.newSFTPClient().use(block)
-        } finally {
-            ssh.disconnect()
+        if (!privateKey.isNullOrBlank()) {
+            ssh.authPublickey(username, ssh.loadKeys(privateKey, null, null))
+        } else {
+            ssh.authPassword(username, password ?: "")
+        }
+        sshClient = ssh
+        return ssh
+    }
+
+    private fun <T> withSftp(block: (SFTPClient) -> T): T {
+        return try {
+            getOrCreateSsh().newSFTPClient().use(block)
+        } catch (e: Exception) {
+            // Connection may have gone stale — reset and retry once with a fresh connection.
+            runCatching { sshClient?.disconnect() }
+            sshClient = null
+            getOrCreateSsh().newSFTPClient().use(block)
         }
     }
 

app/src/main/kotlin/com/syncflow/data/providers/webdav/WebDavProvider.kt

@@ -35,7 +35,8 @@ open class WebDavProvider(protected val account: CloudAccount) : CloudProvider {
         val pass = creds["password"]?.jsonPrimitive?.content ?: ""
         OkHttpClient.Builder()
             .connectTimeout(15, TimeUnit.SECONDS)
-            .readTimeout(30, TimeUnit.SECONDS)
+            .readTimeout(5, TimeUnit.MINUTES)
+            .writeTimeout(5, TimeUnit.MINUTES)
             .addInterceptor { chain ->
                 val req = chain.request().newBuilder()
                     .header("Authorization", Credentials.basic(user, pass))
@@ -149,7 +150,12 @@ open class WebDavProvider(protected val account: CloudAccount) : CloudProvider {
         withContext(Dispatchers.IO) {
             val req = Request.Builder().url(url(remotePath)).method("MKCOL", null).build()
             client.newCall(req).execute().use { resp ->
-                if (!resp.isSuccessful && resp.code != 405) throw Exception("MKCOL HTTP ${resp.code}")
+                // 405 = directory already exists (most servers)
+                // 423 = Locked — SFTPGo returns this when the dir exists and has a lock;
+                //       treat as "already there", not a failure, so uploads inside it proceed.
+                if (!resp.isSuccessful && resp.code != 405 && resp.code != 423) {
+                    throw Exception("MKCOL HTTP ${resp.code}")
+                }
             }
         }
     }

app/src/main/kotlin/com/syncflow/domain/sync/SyncEngine.kt

@@ -68,6 +68,36 @@ class SyncEngine @Inject constructor(
         else
             LocalAccessor.JavaFile(File(localPath))
 
+    /**
+     * Recursively collect every FILE under [basePath] on the remote, descending into each
+     * subdirectory (one Depth:1 PROPFIND per directory). Directories are never returned as
+     * files — only their contents. The provider already drops the parent entry from each
+     * listing, so children-only is returned; the explicit self-path guard prevents any
+     * pathological infinite recursion. This MUST mirror the recursive local walk: otherwise
+     * files in remote subfolders appear absent and a TWO_WAY/MIRROR sync deletes them locally.
+     */
+    private suspend fun listRemoteFilesRecursive(
+        provider: CloudProvider,
+        basePath: String,
+        depth: Int = 0,
+    ): List<RemoteFile> {
+        if (depth > 64) {
+            Timber.w("SyncEngine: remote recursion depth limit hit at $basePath")
+            return emptyList()
+        }
+        val out = mutableListOf<RemoteFile>()
+        for (entry in provider.listFiles(basePath).getOrThrow()) {
+            if (entry.isDirectory) {
+                if (entry.path.trimEnd('/') != basePath.trimEnd('/')) {
+                    out += listRemoteFilesRecursive(provider, entry.path, depth + 1)
+                }
+            } else {
+                out += entry
+            }
+        }
+        return out
+    }
+
     private suspend fun performSync(
         pair: SyncPair,
         provider: CloudProvider,
@@ -76,8 +106,19 @@ class SyncEngine @Inject constructor(
     ): SyncResult {
         val accessor = makeAccessor(pair.localPath)
         var knownStates = fileStateDao.getForPair(pair.id).associateBy { it.relativePath }
-        val remoteFiles = provider.listFiles(pair.remotePath).getOrThrow()
+        // The local walk is RECURSIVE, so the remote listing must be too. Listing only the top
+        // level (Depth:1) made every file inside a remote subfolder look "missing from remote",
+        // which on a TWO_WAY/MIRROR pair triggered DELETE_LOCAL and wiped those files off the
+        // device (data loss). Walk the remote tree so subfolder files are matched, not deleted.
+        // Exclusions are filtered on BOTH sides. The local walk already drops excluded files,
+        // but the remote listing did not, so any excluded path that already existed on the
+        // server (e.g. a previously-uploaded ".thumbnails" entry) looked "local-missing" and
+        // got DELETE_REMOTE'd every cycle — endless churn as Android regenerates the cache.
+        // Filtering remote + the merged path set makes excluded paths invisible to the engine:
+        // never uploaded, downloaded, or deleted on either side.
+        val remoteFiles = listRemoteFilesRecursive(provider, pair.remotePath)
             .associateBy { it.path.removePrefix(pair.remotePath).trimStart('/') }
+            .filterKeys { !isExcludedPath(it, pair) }
         val localFiles = accessor.walkFiles(pair)
 
         // Self-healing: if every known-state path is absent from the current local scan but
@@ -91,9 +132,14 @@ class SyncEngine @Inject constructor(
             return performSync(pair, provider, isRetry = true, onProgress = onProgress)
         }
 
-        val allPaths = (localFiles.keys + remoteFiles.keys + knownStates.keys).toSet()
+        // knownStates may still hold records for now-excluded paths (e.g. thumbnails uploaded
+        // by an older build). Drop them from the work set so they aren't acted on; their stale
+        // state rows are harmless and ignored.
+        val allPaths = (localFiles.keys + remoteFiles.keys + knownStates.keys)
+            .filter { !isExcludedPath(it, pair) }
+            .toSet()
         val hasPriorSyncState = knownStates.isNotEmpty()
-        val semaphore = Semaphore(4)
+        val semaphore = Semaphore(2)  // limit concurrency to be gentle on the server
         val uploadedAtomic = AtomicInteger(0)
         val downloadedAtomic = AtomicInteger(0)
         val deletedAtomic = AtomicInteger(0)
@@ -375,6 +421,53 @@ internal fun syncDecide(
 
 enum class SyncDecision { UPLOAD, DOWNLOAD, DELETE_LOCAL, DELETE_REMOTE, CONFLICT, SKIP }
 
+/**
+ * OS-generated, volatile paths that must NEVER sync on any pair, regardless of user exclude
+ * config. These are matched against every path SEGMENT (directory names included), so an entire
+ * subtree like "DCIM/.thumbnails/..." is ignored. Android continuously regenerates and evicts
+ * its thumbnail cache and shuffles files through .trashed-/.pending- staging dirs; syncing them
+ * produces an endless upload→evict→DELETE_REMOTE→regenerate loop. ".sfpart" is our own atomic-
+ * write temp suffix and must never be propagated either.
+ */
+private val ALWAYS_IGNORED_SEGMENTS = setOf(".thumbnails")
+private val ALWAYS_IGNORED_PREFIXES = listOf(".trashed-", ".pending-")
+private val ALWAYS_IGNORED_SUFFIXES = listOf(".sfpart")
+
+/**
+ * App-private storage trees. On Android 11+ (scoped storage) another app's SAF grant can LIST
+ * these directories but cannot OPEN the files inside, so every transfer fails and the pair is
+ * stuck reporting "Partial" forever (e.g. Android/media/com.whatsapp/...). They hold app-managed
+ * data, not user content worth syncing, so they are excluded entirely. Matched case-insensitively
+ * against the full relative path so the whole subtree is ignored on both sides.
+ */
+private val ALWAYS_IGNORED_PATH_PREFIXES = listOf("android/data/", "android/media/", "android/obb/")
+
+/**
+ * True if [rel] should be excluded from sync entirely. Applied symmetrically to the local walk,
+ * the remote listing, and known state so an excluded path is never uploaded, downloaded, or
+ * deleted. The always-ignored rules run on every segment; user-configured rules
+ * (skipHiddenFiles, excludePatterns, excludeExtensions) match the filename, mirroring the
+ * existing local-walk semantics in LocalAccessor.
+ */
+internal fun isExcludedPath(rel: String, pair: SyncPair): Boolean {
+    val normalized = rel.replace('\\', '/')
+    val lower = normalized.lowercase()
+    if (ALWAYS_IGNORED_PATH_PREFIXES.any { lower.startsWith(it) }) return true
+    val segments = normalized.split('/').filter { it.isNotEmpty() }
+    if (segments.isEmpty()) return false
+    for (seg in segments) {
+        if (seg in ALWAYS_IGNORED_SEGMENTS) return true
+        if (ALWAYS_IGNORED_PREFIXES.any { seg.startsWith(it) }) return true
+        if (ALWAYS_IGNORED_SUFFIXES.any { seg.endsWith(it) }) return true
+    }
+    val fileName = segments.last()
+    if (pair.skipHiddenFiles && fileName.startsWith('.')) return true
+    if (pair.excludePatterns.any { pat -> fileName.matches(globToRegex(pat)) }) return true
+    val ext = fileName.substringAfterLast('.', "").lowercase()
+    if (pair.excludeExtensions.any { ext == it.lowercase().trimStart('.') }) return true
+    return false
+}
+
 /**
  * True if a relative sync path is unsafe to act on — empty, absolute, or containing a ".."
  * segment that would let a hostile remote escape the sync root via path traversal. Applied to

app/src/main/kotlin/com/syncflow/ui/addpair/AddPairViewModel.kt

@@ -10,7 +10,10 @@ import com.syncflow.data.db.SyncPairDao
 import com.syncflow.data.db.entities.CloudAccountEntity
 import com.syncflow.data.db.entities.SyncPairEntity
 import com.syncflow.domain.model.*
+import androidx.work.ExistingPeriodicWorkPolicy
+import androidx.work.WorkManager
 import com.syncflow.worker.FileWatchService
+import com.syncflow.worker.SyncWorker
 import dagger.hilt.android.lifecycle.HiltViewModel
 import dagger.hilt.android.qualifiers.ApplicationContext
 import kotlinx.coroutines.flow.*
@@ -44,7 +47,7 @@ data class AddPairUiState(
     val chargingOnly: Boolean = false,
     val minBatteryPct: Int = 0,
     // ── File filters ─────────────────────────────────────────────────────────
-    val excludePatterns: String = ".DS_Store\n*.tmp\n.nomedia\nThumbs.db",
+    val excludePatterns: String = ".DS_Store\n*.tmp\n.nomedia\nThumbs.db\n.thumbnails",
     val includeExtensions: String = "",
     val excludeExtensions: String = "",
     val skipHiddenFiles: Boolean = true,
@@ -176,7 +179,7 @@ class AddPairViewModel @Inject constructor(
                     notifyOnComplete = s.notifyOnComplete, notifyOnError = s.notifyOnError,
                     isEnabled = true, lastSyncAt = null, lastSyncResult = SyncStatus.IDLE, pendingConflicts = 0,
                 )
-                if (editPairId == null) {
+                val pairId = if (editPairId == null) {
                     syncPairDao.insert(entity)
                 } else {
                     val existing = syncPairDao.getById(editPairId)
@@ -189,13 +192,40 @@ class AddPairViewModel @Inject constructor(
                     ) {
                         fileStateDao.deleteForPair(editPairId)
                     }
+                    editPairId
                 }
+                entity.copy(id = pairId)
             }
-                .onSuccess {
-                    if (s.scheduleType == ScheduleType.ON_CHANGE) FileWatchService.start(context)
+                .onSuccess { saved ->
+                    applySchedule(saved)
                     _state.update { it.copy(done = true) }
                 }
                 .onFailure { e -> _state.update { it.copy(isSaving = false, error = e.message) } }
         }
     }
+
+    /**
+     * Register the pair's background work the moment it's saved. Previously this only happened on
+     * the enable-toggle or a reboot, so a freshly-created scheduled pair never actually ran in the
+     * background. Mirrors HomeViewModel.toggleEnabled / BootReceiver.
+     */
+    private fun applySchedule(pair: SyncPairEntity) {
+        val wm = WorkManager.getInstance(context)
+        when (pair.scheduleType) {
+            ScheduleType.ON_CHANGE -> {
+                wm.cancelUniqueWork("periodic_${pair.id}")
+                FileWatchService.start(context)
+            }
+            ScheduleType.MANUAL -> wm.cancelUniqueWork("periodic_${pair.id}")
+            else -> {
+                val req = SyncWorker.buildPeriodicRequest(
+                    pair.id,
+                    pair.scheduleIntervalMinutes.toLong().coerceAtLeast(15),
+                    pair.wifiOnly,
+                    pair.chargingOnly,
+                )
+                wm.enqueueUniquePeriodicWork("periodic_${pair.id}", ExistingPeriodicWorkPolicy.UPDATE, req)
+            }
+        }
+    }
 }

app/src/test/kotlin/com/syncflow/domain/sync/ExcludePathTest.kt

@@ -0,0 +1,94 @@
+package com.syncflow.domain.sync
+
+import com.syncflow.domain.model.ConflictStrategy
+import com.syncflow.domain.model.DeleteBehavior
+import com.syncflow.domain.model.ScheduleType
+import com.syncflow.domain.model.SyncDirection
+import com.syncflow.domain.model.SyncPair
+import com.syncflow.domain.model.SyncStatus
+import org.junit.Assert.assertFalse
+import org.junit.Assert.assertTrue
+import org.junit.Test
+
+/**
+ * Exclusion symmetry: paths excluded from the local walk must also be excluded from the remote
+ * listing and the merged work set, so a previously-uploaded excluded file is never DELETE_REMOTE'd
+ * in an endless churn loop (the ".thumbnails" cache regression).
+ */
+class ExcludePathTest {
+
+    private fun pair(
+        excludePatterns: List<String> = emptyList(),
+        excludeExtensions: List<String> = emptyList(),
+        skipHiddenFiles: Boolean = false,
+    ) = SyncPair(
+        id = 1, name = "t", localPath = "/l", remotePath = "/r", accountId = 1,
+        syncDirection = SyncDirection.TWO_WAY,
+        conflictStrategy = ConflictStrategy.KEEP_NEWEST,
+        deleteBehavior = DeleteBehavior.MIRROR,
+        recursive = true,
+        scheduleType = ScheduleType.MANUAL, scheduleIntervalMinutes = 0,
+        scheduleDailyTime = null, scheduleWeekdays = 0,
+        wifiOnly = false, wifiSsid = "", chargingOnly = false, minBatteryPct = 0,
+        excludePatterns = excludePatterns, includeExtensions = emptyList(),
+        excludeExtensions = excludeExtensions, skipHiddenFiles = skipHiddenFiles,
+        minFileSizeKb = 0, maxFileSizeKb = 0,
+        notifyOnComplete = false, notifyOnError = false,
+        isEnabled = true, lastSyncAt = null, lastSyncResult = SyncStatus.IDLE,
+        pendingConflicts = 0,
+    )
+
+    @Test fun `thumbnails cache is always excluded regardless of config`() {
+        val p = pair()
+        assertTrue(isExcludedPath("DCIM/.thumbnails/123.jpg", p))
+        assertTrue(isExcludedPath("Pictures/.thumbnails/1000020397.jpg", p))
+        assertTrue(isExcludedPath(".thumbnails/x.jpg", p))
+    }
+
+    @Test fun `android trash and pending staging dirs are excluded`() {
+        val p = pair()
+        assertTrue(isExcludedPath("DCIM/Camera/.trashed-1700000000-IMG_0001.jpg", p))
+        assertTrue(isExcludedPath("DCIM/.pending-1700000000-VID_0001.mp4", p))
+    }
+
+    @Test fun `our own atomic-write temp files are excluded`() {
+        val p = pair()
+        assertTrue(isExcludedPath("Download/.movie.mp4.sfpart", p))
+        assertTrue(isExcludedPath("a/b/.photo.jpg.sfpart", p))
+    }
+
+    @Test fun `android app-private trees are excluded (scoped-storage unreadable)`() {
+        val p = pair()
+        assertTrue(isExcludedPath("Android/media/com.whatsapp/WhatsApp/Media/IMG.jpg", p))
+        assertTrue(isExcludedPath("Android/data/com.foo/files/x.bin", p))
+        assertTrue(isExcludedPath("Android/obb/com.game/main.obb", p))
+        assertTrue(isExcludedPath("android/MEDIA/com.x/y.jpg", p)) // case-insensitive
+    }
+
+    @Test fun `non-private Android paths are not excluded`() {
+        val p = pair()
+        // A user folder literally named "Android" at a deeper level is fine; only the
+        // top-level app-private trees are blocked.
+        assertFalse(isExcludedPath("DCIM/Android/holiday.jpg", p))
+        assertFalse(isExcludedPath("Pictures/android-wallpaper.png", p))
+    }
+
+    @Test fun `normal media files are not excluded`() {
+        val p = pair()
+        assertFalse(isExcludedPath("DCIM/Camera/IMG_0001.jpg", p))
+        assertFalse(isExcludedPath("Pictures/cat.png", p))
+        assertFalse(isExcludedPath("اصفهان/20171023.jpg", p)) // unicode folder, real data
+    }
+
+    @Test fun `user exclude patterns and extensions still apply on filename`() {
+        assertTrue(isExcludedPath("a/Thumbs.db", pair(excludePatterns = listOf("Thumbs.db"))))
+        assertTrue(isExcludedPath("a/note.tmp", pair(excludePatterns = listOf("*.tmp"))))
+        assertTrue(isExcludedPath("a/data.log", pair(excludeExtensions = listOf("log"))))
+        assertFalse(isExcludedPath("a/keep.jpg", pair(excludeExtensions = listOf("log"))))
+    }
+
+    @Test fun `skipHiddenFiles excludes dotfiles by filename only`() {
+        assertTrue(isExcludedPath("a/.hidden", pair(skipHiddenFiles = true)))
+        assertFalse(isExcludedPath("a/.hidden", pair(skipHiddenFiles = false)))
+    }
+}

version.properties

@@ -1,2 +1,2 @@
-VERSION_NAME=1.0.65
-VERSION_CODE=66
+VERSION_NAME=1.0.75
+VERSION_CODE=75