feat: implement mock service instances for non-WASM builds using testify/mock

Signed-off-by: Deluan <deluan@navidrome.org>
fix: handle URL parsing errors and use atomic upsert in plugin repository
2026-01-01 03:18:13 -05:00 · 2025-12-31 19:34:14 -05:00 · 2025-12-31 17:06:33 -05:00 · 2025-12-31 17:06:33 -05:00 · 2025-12-31 17:06:33 -05:00 · 2025-12-31 17:06:33 -05:00
541 changed files with 44751 additions and 36164 deletions
--- a/.devcontainer/Dockerfile
+++ b/.devcontainer/Dockerfile
@@ -9,12 +9,19 @@ ARG INSTALL_NODE="true"
 ARG NODE_VERSION="lts/*"
 RUN if [ "${INSTALL_NODE}" = "true" ]; then su vscode -c "source /usr/local/share/nvm/nvm.sh && nvm install ${NODE_VERSION} 2>&1"; fi

-# [Optional] Uncomment this section to install additional OS packages.
+# Install additional OS packages
 RUN apt-get update && export DEBIAN_FRONTEND=noninteractive \
-    && apt-get -y install --no-install-recommends libtag1-dev ffmpeg
+    && apt-get -y install --no-install-recommends ffmpeg

-# [Optional] Uncomment the next line to use go get to install anything else you need
-# RUN go get -x <your-dependency-or-tool>
+# Install TagLib from cross-taglib releases
+ARG CROSS_TAGLIB_VERSION="2.1.1-1"
+ARG TARGETARCH
+RUN DOWNLOAD_ARCH="linux-${TARGETARCH}" \
+    && wget -q "https://github.com/navidrome/cross-taglib/releases/download/v${CROSS_TAGLIB_VERSION}/taglib-${DOWNLOAD_ARCH}.tar.gz" -O /tmp/cross-taglib.tar.gz \
+    && tar -xzf /tmp/cross-taglib.tar.gz -C /usr --strip-components=1 \
+    && mv /usr/include/taglib/* /usr/include/ \
+    && rmdir /usr/include/taglib \
+    && rm /tmp/cross-taglib.tar.gz /usr/provenance.json

 # [Optional] Uncomment this line to install global node packages.
 # RUN su vscode -c "source /usr/local/share/nvm/nvm.sh && npm install -g <your-package-here>" 2>&1
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@@ -7,7 +7,8 @@
 			"VARIANT": "1.25",
 			// Options
 			"INSTALL_NODE": "true",
-			"NODE_VERSION": "v24"
+			"NODE_VERSION": "v24",
+			"CROSS_TAGLIB_VERSION": "2.1.1-1"
 		}
 	},
 	"workspaceMount": "",
@@ -54,12 +55,10 @@
 		4533,
 		4633
 	],
-	// Use 'postCreateCommand' to run commands after the container is created.
-	// "postCreateCommand": "make setup-dev",
 	// Comment out connect as root instead. More info: https://aka.ms/vscode-remote/containers/non-root.
 	"remoteUser": "vscode",
 	"remoteEnv": {
 		"ND_MUSICFOLDER": "./music",
 		"ND_DATAFOLDER": "./data"
 	}
-}
+}
--- a/.github/workflows/pipeline.yml
+++ b/.github/workflows/pipeline.yml
@@ -88,6 +88,16 @@ jobs:
            exit 1
          fi

+      - name: Run go generate
+        run: go generate ./...
+      - name: Verify no changes from go generate
+        run: |
+          git status --porcelain
+          if [ -n "$(git status --porcelain)" ]; then
+            echo 'Generated code is out of date. Run "make gen" and commit the changes'
+            exit 1
+          fi
+
  go:
    name: Test Go code
    runs-on: ubuntu-latest
@@ -217,7 +227,7 @@ jobs:
            CROSS_TAGLIB_VERSION=${{ env.CROSS_TAGLIB_VERSION }}

      - name: Upload Binaries
-        uses: actions/upload-artifact@v5
+        uses: actions/upload-artifact@v6
        with:
          name: navidrome-${{ env.PLATFORM }}
          path: ./output
@@ -248,7 +258,7 @@ jobs:
          touch "/tmp/digests/${digest#sha256:}"          

      - name: Upload digest
-        uses: actions/upload-artifact@v5
+        uses: actions/upload-artifact@v6
        if: env.IS_LINUX == 'true' && env.IS_DOCKER_PUSH_CONFIGURED == 'true' && env.IS_ARMV5 == 'false'
        with:
          name: digests-${{ env.PLATFORM }}
@@ -256,8 +266,11 @@ jobs:
          if-no-files-found: error
          retention-days: 1

-  push-manifest:
-    name: Push Docker manifest
+  push-manifest-ghcr:
+    name: Push to GHCR
+    permissions:
+      contents: read
+      packages: write
    runs-on: ubuntu-latest
    needs: [build, check-push-enabled]
    if: needs.check-push-enabled.outputs.is_enabled == 'true'
@@ -267,7 +280,41 @@ jobs:
      - uses: actions/checkout@v6

      - name: Download digests
-        uses: actions/download-artifact@v6
+        uses: actions/download-artifact@v7
+        with:
+          path: /tmp/digests
+          pattern: digests-*
+          merge-multiple: true
+
+      - name: Prepare Docker Buildx
+        uses: ./.github/actions/prepare-docker
+        id: docker
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Create manifest list and push to ghcr.io
+        working-directory: /tmp/digests
+        run: |
+          docker buildx imagetools create $(jq -cr '.tags | map(select(startswith("ghcr.io"))) | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
+            $(printf '${{ env.REGISTRY_IMAGE }}@sha256:%s ' *)          
+
+      - name: Inspect image in ghcr.io
+        run: |
+          docker buildx imagetools inspect ${{ env.REGISTRY_IMAGE }}:${{ steps.docker.outputs.version }}
+
+  push-manifest-dockerhub:
+    name: Push to Docker Hub
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    needs: [build, check-push-enabled]
+    if: needs.check-push-enabled.outputs.is_enabled == 'true' && vars.DOCKER_HUB_REPO != ''
+    continue-on-error: true
+    steps:
+      - uses: actions/checkout@v6
+
+      - name: Download digests
+        uses: actions/download-artifact@v7
        with:
          path: /tmp/digests
          pattern: digests-*
@@ -282,28 +329,27 @@ jobs:
          hub_username: ${{ secrets.DOCKER_HUB_USERNAME }}
          hub_password: ${{ secrets.DOCKER_HUB_PASSWORD }}

-      - name: Create manifest list and push to ghcr.io
-        working-directory: /tmp/digests
-        run: |
-          docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
-            $(printf '${{ env.REGISTRY_IMAGE }}@sha256:%s ' *)          
-
      - name: Create manifest list and push to Docker Hub
-        working-directory: /tmp/digests
-        if: vars.DOCKER_HUB_REPO != ''
-        run: |
-          docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
-            $(printf '${{ vars.DOCKER_HUB_REPO }}@sha256:%s ' *)          
-
-      - name: Inspect image in ghcr.io
-        run: |
-          docker buildx imagetools inspect ${{ env.REGISTRY_IMAGE }}:${{ steps.docker.outputs.version }}
+        uses: nick-fields/retry@v3
+        with:
+          timeout_minutes: 5
+          max_attempts: 3
+          retry_wait_seconds: 30
+          command: |
+            cd /tmp/digests
+            docker buildx imagetools create $(jq -cr '.tags | map(select(startswith("ghcr.io") | not)) | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
+              $(printf 'ghcr.io/${{ github.repository }}@sha256:%s ' *)

      - name: Inspect image in Docker Hub
-        if: vars.DOCKER_HUB_REPO != ''
        run: |
          docker buildx imagetools inspect ${{ vars.DOCKER_HUB_REPO }}:${{ steps.docker.outputs.version }}

+  cleanup-digests:
+    name: Cleanup digest artifacts
+    runs-on: ubuntu-latest
+    needs: [push-manifest-ghcr, push-manifest-dockerhub]
+    if: always() && needs.push-manifest-ghcr.result == 'success'
+    steps:
      - name: Delete unnecessary digest artifacts
        env:
          GH_TOKEN: ${{ github.token }}
@@ -320,7 +366,7 @@ jobs:
    steps:
      - uses: actions/checkout@v6

-      - uses: actions/download-artifact@v6
+      - uses: actions/download-artifact@v7
        with:
          path: ./binaries
          pattern: navidrome-windows*
@@ -339,7 +385,7 @@ jobs:
          du -h binaries/msi/*.msi

      - name: Upload MSI files
-        uses: actions/upload-artifact@v5
+        uses: actions/upload-artifact@v6
        with:
          name: navidrome-windows-installers
          path: binaries/msi/*.msi
@@ -357,7 +403,7 @@ jobs:
          fetch-depth: 0
          fetch-tags: true

-      - uses: actions/download-artifact@v6
+      - uses: actions/download-artifact@v7
        with:
          path: ./binaries
          pattern: navidrome-*
@@ -383,7 +429,7 @@ jobs:
          rm ./dist/*.tar.gz ./dist/*.zip

      - name: Upload all-packages artifact
-        uses: actions/upload-artifact@v5
+        uses: actions/upload-artifact@v6
        with:
          name: packages
          path: dist/navidrome_0*
@@ -406,13 +452,13 @@ jobs:
        item: ${{ fromJson(needs.release.outputs.package_list) }}
    steps:
      - name: Download all-packages artifact
-        uses: actions/download-artifact@v6
+        uses: actions/download-artifact@v7
        with:
          name: packages
          path: ./dist

      - name: Upload all-packages artifact
-        uses: actions/upload-artifact@v5
+        uses: actions/upload-artifact@v6
        with:
          name: navidrome_linux_${{ matrix.item }}
          path: dist/navidrome_0*_linux_${{ matrix.item }}
--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@@ -12,7 +12,7 @@ jobs:
      pull-requests: write
    runs-on: ubuntu-latest
    steps:
-      - uses: dessant/lock-threads@v5
+      - uses: dessant/lock-threads@v6
        with:
          process-only: 'issues, prs'
          issue-inactive-days: 120
--- a/.github/workflows/update-translations.yml
+++ b/.github/workflows/update-translations.yml
@@ -24,7 +24,7 @@ jobs:
          git status --porcelain
          git diff
      - name: Create Pull Request
-        uses: peter-evans/create-pull-request@v7
+        uses: peter-evans/create-pull-request@v8
        with:
          token: ${{ secrets.PAT }}
          author: "navidrome-bot <navidrome-bot@navidrome.org>"
--- a/.gitignore
+++ b/.gitignore
@@ -17,6 +17,7 @@ master.zip
 testDB
 cache/*
 *.swp
+coverage.out
 dist
 music
 *.db*
@@ -25,10 +26,13 @@ docker-compose.yml
 !contrib/docker-compose.yml
 binaries
 navidrome-*
+/ndpgen
 AGENTS.md
 .github/prompts
 .github/instructions
 .github/git-commit-instructions.md
 *.exe
 *.test
-*.wasm
+*.wasm
+*.ndp
+openspec/
--- a/10
+++ b/10
@@ -2,10 +2,10 @@ FROM --platform=$BUILDPLATFORM ghcr.io/crazy-max/osxcross:14.5-debian AS osxcros

 ########################################################################################################################
 ### Build xx (original image: tonistiigi/xx)
-FROM --platform=$BUILDPLATFORM public.ecr.aws/docker/library/alpine:3.19 AS xx-build
+FROM --platform=$BUILDPLATFORM public.ecr.aws/docker/library/alpine:3.20 AS xx-build

-# v1.5.0
-ENV XX_VERSION=b4e4c451c778822e6742bfc9d9a91d7c7d885c8a
+# v1.9.0
+ENV XX_VERSION=a5592eab7a57895e8d385394ff12241bc65ecd50

 RUN apk add -U --no-cache git
 RUN git clone https://github.com/tonistiigi/xx && \
@@ -26,7 +26,7 @@ COPY --from=xx-build /out/ /usr/bin/

 ########################################################################################################################
 ### Get TagLib
-FROM --platform=$BUILDPLATFORM public.ecr.aws/docker/library/alpine:3.19 AS taglib-build
+FROM --platform=$BUILDPLATFORM public.ecr.aws/docker/library/alpine:3.20 AS taglib-build
 ARG TARGETPLATFORM
 ARG CROSS_TAGLIB_VERSION=2.1.1-1
 ENV CROSS_TAGLIB_RELEASES_URL=https://github.com/navidrome/cross-taglib/releases/download/v${CROSS_TAGLIB_VERSION}/
@@ -122,7 +122,7 @@ COPY --from=build /out /

 ########################################################################################################################
 ### Build Final Image
-FROM public.ecr.aws/docker/library/alpine:3.19 AS final
+FROM public.ecr.aws/docker/library/alpine:3.20 AS final
 LABEL maintainer="deluan@navidrome.org"
 LABEL org.opencontainers.image.source="https://github.com/navidrome/navidrome"

--- a/33
+++ b/33
@@ -16,7 +16,7 @@ DOCKER_TAG ?= deluan/navidrome:develop

 # Taglib version to use in cross-compilation, from https://github.com/navidrome/cross-taglib
 CROSS_TAGLIB_VERSION ?= 2.1.1-1
-GOLANGCI_LINT_VERSION ?= v2.6.2
+GOLANGCI_LINT_VERSION ?= v2.7.2

 UI_SRC_FILES := $(shell find ui -type f -not -path "ui/build/*" -not -path "ui/node_modules/*")

@@ -50,7 +50,7 @@ test: ##@Development Run Go tests. Use PKG variable to specify packages to test,
 	go test -tags netgo $(PKG)
 .PHONY: test

-testall: test-race test-i18n test-js ##@Development Run Go and JS tests
+testall: test test-i18n test-js ##@Development Run Go and JS tests
 .PHONY: testall

 test-race: ##@Development Run Go tests with race detector
@@ -85,7 +85,7 @@ install-golangci-lint: ##@Development Install golangci-lint if not present
 .PHONY: install-golangci-lint

 lint: install-golangci-lint ##@Development Lint Go code
-	PATH=$$PATH:./bin golangci-lint run -v --timeout 5m
+	PATH=$$PATH:./bin golangci-lint run --timeout 5m
 .PHONY: lint

 lintall: lint ##@Development Lint Go and JS code
@@ -103,6 +103,15 @@ wire: check_go_env ##@Development Update Dependency Injection
 	go tool wire gen -tags=netgo ./...
 .PHONY: wire

+gen: check_go_env ##@Development Run go generate for code generation
+	go generate ./...
+	cd plugins/cmd/ndpgen && go run . -host-wrappers -input=../../host -package=host
+	cd plugins/cmd/ndpgen && go run . -input=../../host -output=../../pdk -go -python -rust
+	cd plugins/cmd/ndpgen && go run . -capability-only -input=../../capabilities -output=../../pdk -go -rust
+	cd plugins/cmd/ndpgen && go run . -schemas -input=../../capabilities
+	go mod tidy -C plugins/pdk/go
+.PHONY: gen
+
 snapshots: ##@Development Update (GoLang) Snapshot tests
 	UPDATE_SNAPSHOTS=true go tool ginkgo ./server/subsonic/responses/...
 .PHONY: snapshots
@@ -266,24 +275,6 @@ deprecated:
 	@echo "WARNING: This target is deprecated and will be removed in future releases. Use 'make build' instead."
 .PHONY: deprecated

-# Generate Go code from plugins/api/api.proto
-plugin-gen: check_go_env ##@Development Generate Go code from plugins protobuf files
-	go generate ./plugins/...
-.PHONY: plugin-gen
-
-plugin-examples: check_go_env ##@Development Build all example plugins
-	$(MAKE) -C plugins/examples clean all
-.PHONY: plugin-examples
-
-plugin-clean: check_go_env ##@Development Clean all plugins
-	$(MAKE) -C plugins/examples clean
-	$(MAKE) -C plugins/testdata clean
-.PHONY: plugin-clean
-
-plugin-tests: check_go_env ##@Development Build all test plugins
-	$(MAKE) -C plugins/testdata clean all
-.PHONY: plugin-tests
-
 .DEFAULT_GOAL := help

 HELP_FUN = \
--- a/cmd/pls.go
+++ b/cmd/pls.go
@@ -10,11 +10,8 @@ import (
 	"strconv"

 	"github.com/Masterminds/squirrel"
-	"github.com/navidrome/navidrome/core/auth"
-	"github.com/navidrome/navidrome/db"
 	"github.com/navidrome/navidrome/log"
 	"github.com/navidrome/navidrome/model"
-	"github.com/navidrome/navidrome/persistence"
 	"github.com/spf13/cobra"
 )

@@ -52,7 +49,7 @@ var (
 		Short: "Export playlists",
 		Long:  "Export Navidrome playlists to M3U files",
 		Run: func(cmd *cobra.Command, args []string) {
-			runExporter()
+			runExporter(cmd.Context())
 		},
 	}

@@ -60,15 +57,13 @@ var (
 		Use:   "list",
 		Short: "List playlists",
 		Run: func(cmd *cobra.Command, args []string) {
-			runList()
+			runList(cmd.Context())
 		},
 	}
 )

-func runExporter() {
-	sqlDB := db.Db()
-	ds := persistence.New(sqlDB)
-	ctx := auth.WithAdminUser(context.Background(), ds)
+func runExporter(ctx context.Context) {
+	ds, ctx := getAdminContext(ctx)
 	playlist, err := ds.Playlist(ctx).GetWithTracks(playlistID, true, false)
 	if err != nil && !errors.Is(err, model.ErrNotFound) {
 		log.Fatal("Error retrieving playlist", "name", playlistID, err)
@@ -100,31 +95,19 @@ func runExporter() {
 	}
 }

-func runList() {
+func runList(ctx context.Context) {
 	if outputFormat != "csv" && outputFormat != "json" {
 		log.Fatal("Invalid output format. Must be one of csv, json", "format", outputFormat)
 	}

-	sqlDB := db.Db()
-	ds := persistence.New(sqlDB)
-	ctx := auth.WithAdminUser(context.Background(), ds)
-
+	ds, ctx := getAdminContext(ctx)
 	options := model.QueryOptions{Sort: "owner_name"}

 	if userID != "" {
-		user, err := ds.User(ctx).FindByUsername(userID)
-
-		if err != nil && !errors.Is(err, model.ErrNotFound) {
-			log.Fatal("Error retrieving user by name", "name", userID, err)
+		user, err := getUser(ctx, userID, ds)
+		if err != nil {
+			log.Fatal(ctx, "Error retrieving user", "username or id", userID)
 		}
-
-		if errors.Is(err, model.ErrNotFound) {
-			user, err = ds.User(ctx).Get(userID)
-			if err != nil {
-				log.Fatal("Error retrieving user by id", "id", userID, err)
-			}
-		}
-
 		options.Filters = squirrel.Eq{"owner_id": user.ID}
 	}

--- a/cmd/plugin.go
+++ b/cmd/plugin.go
@@ -1,716 +0,0 @@
-package cmd
-
-import (
-	"cmp"
-	"crypto/sha256"
-	"encoding/hex"
-	"fmt"
-	"io"
-	"os"
-	"path/filepath"
-	"strings"
-	"text/tabwriter"
-	"time"
-
-	"github.com/navidrome/navidrome/conf"
-	"github.com/navidrome/navidrome/log"
-	"github.com/navidrome/navidrome/plugins"
-	"github.com/navidrome/navidrome/plugins/schema"
-	"github.com/navidrome/navidrome/utils"
-	"github.com/navidrome/navidrome/utils/slice"
-	"github.com/spf13/cobra"
-)
-
-const (
-	pluginPackageExtension = ".ndp"
-	pluginDirPermissions   = 0700
-	pluginFilePermissions  = 0600
-)
-
-func init() {
-	pluginCmd := &cobra.Command{
-		Use:   "plugin",
-		Short: "Manage Navidrome plugins",
-		Long:  "Commands for managing Navidrome plugins",
-	}
-
-	listCmd := &cobra.Command{
-		Use:   "list",
-		Short: "List installed plugins",
-		Long:  "List all installed plugins with their metadata",
-		Run:   pluginList,
-	}
-
-	infoCmd := &cobra.Command{
-		Use:   "info [pluginPackage|pluginName]",
-		Short: "Show details of a plugin",
-		Long:  "Show detailed information about a plugin package (.ndp file) or an installed plugin",
-		Args:  cobra.ExactArgs(1),
-		Run:   pluginInfo,
-	}
-
-	installCmd := &cobra.Command{
-		Use:   "install [pluginPackage]",
-		Short: "Install a plugin from a .ndp file",
-		Long:  "Install a Navidrome Plugin Package (.ndp) file",
-		Args:  cobra.ExactArgs(1),
-		Run:   pluginInstall,
-	}
-
-	removeCmd := &cobra.Command{
-		Use:   "remove [pluginName]",
-		Short: "Remove an installed plugin",
-		Long:  "Remove a plugin by name",
-		Args:  cobra.ExactArgs(1),
-		Run:   pluginRemove,
-	}
-
-	updateCmd := &cobra.Command{
-		Use:   "update [pluginPackage]",
-		Short: "Update an existing plugin",
-		Long:  "Update an installed plugin with a new version from a .ndp file",
-		Args:  cobra.ExactArgs(1),
-		Run:   pluginUpdate,
-	}
-
-	refreshCmd := &cobra.Command{
-		Use:   "refresh [pluginName]",
-		Short: "Reload a plugin without restarting Navidrome",
-		Long:  "Reload and recompile a plugin without needing to restart Navidrome",
-		Args:  cobra.ExactArgs(1),
-		Run:   pluginRefresh,
-	}
-
-	devCmd := &cobra.Command{
-		Use:   "dev [folder_path]",
-		Short: "Create symlink to development folder",
-		Long:  "Create a symlink from a plugin development folder to the plugins directory for easier development",
-		Args:  cobra.ExactArgs(1),
-		Run:   pluginDev,
-	}
-
-	pluginCmd.AddCommand(listCmd, infoCmd, installCmd, removeCmd, updateCmd, refreshCmd, devCmd)
-	rootCmd.AddCommand(pluginCmd)
-}
-
-// Validation helpers
-
-func validatePluginPackageFile(path string) error {
-	if !utils.FileExists(path) {
-		return fmt.Errorf("plugin package not found: %s", path)
-	}
-	if filepath.Ext(path) != pluginPackageExtension {
-		return fmt.Errorf("not a valid plugin package: %s (expected %s extension)", path, pluginPackageExtension)
-	}
-	return nil
-}
-
-func validatePluginDirectory(pluginsDir, pluginName string) (string, error) {
-	pluginDir := filepath.Join(pluginsDir, pluginName)
-	if !utils.FileExists(pluginDir) {
-		return "", fmt.Errorf("plugin not found: %s (path: %s)", pluginName, pluginDir)
-	}
-	return pluginDir, nil
-}
-
-func resolvePluginPath(pluginDir string) (resolvedPath string, isSymlink bool, err error) {
-	// Check if it's a directory or a symlink
-	lstat, err := os.Lstat(pluginDir)
-	if err != nil {
-		return "", false, fmt.Errorf("failed to stat plugin: %w", err)
-	}
-
-	isSymlink = lstat.Mode()&os.ModeSymlink != 0
-
-	if isSymlink {
-		// Resolve the symlink target
-		targetDir, err := os.Readlink(pluginDir)
-		if err != nil {
-			return "", true, fmt.Errorf("failed to resolve symlink: %w", err)
-		}
-
-		// If target is a relative path, make it absolute
-		if !filepath.IsAbs(targetDir) {
-			targetDir = filepath.Join(filepath.Dir(pluginDir), targetDir)
-		}
-
-		// Verify the target exists and is a directory
-		targetInfo, err := os.Stat(targetDir)
-		if err != nil {
-			return "", true, fmt.Errorf("failed to access symlink target %s: %w", targetDir, err)
-		}
-
-		if !targetInfo.IsDir() {
-			return "", true, fmt.Errorf("symlink target is not a directory: %s", targetDir)
-		}
-
-		return targetDir, true, nil
-	} else if !lstat.IsDir() {
-		return "", false, fmt.Errorf("not a valid plugin directory: %s", pluginDir)
-	}
-
-	return pluginDir, false, nil
-}
-
-// Package handling helpers
-
-func loadAndValidatePackage(ndpPath string) (*plugins.PluginPackage, error) {
-	if err := validatePluginPackageFile(ndpPath); err != nil {
-		return nil, err
-	}
-
-	pkg, err := plugins.LoadPackage(ndpPath)
-	if err != nil {
-		return nil, fmt.Errorf("failed to load plugin package: %w", err)
-	}
-
-	return pkg, nil
-}
-
-func extractAndSetupPlugin(ndpPath, targetDir string) error {
-	if err := plugins.ExtractPackage(ndpPath, targetDir); err != nil {
-		return fmt.Errorf("failed to extract plugin package: %w", err)
-	}
-
-	ensurePluginDirPermissions(targetDir)
-	return nil
-}
-
-// Display helpers
-
-func displayPluginTableRow(w *tabwriter.Writer, discovery plugins.PluginDiscoveryEntry) {
-	if discovery.Error != nil {
-		// Handle global errors (like directory read failure)
-		if discovery.ID == "" {
-			log.Error("Failed to read plugins directory", "folder", conf.Server.Plugins.Folder, discovery.Error)
-			return
-		}
-		// Handle individual plugin errors - show them in the table
-		fmt.Fprintf(w, "%s\tERROR\tERROR\tERROR\tERROR\t%v\n", discovery.ID, discovery.Error)
-		return
-	}
-
-	// Mark symlinks with an indicator
-	nameDisplay := discovery.Manifest.Name
-	if discovery.IsSymlink {
-		nameDisplay = nameDisplay + " (dev)"
-	}
-
-	// Convert capabilities to strings
-	capabilities := slice.Map(discovery.Manifest.Capabilities, func(cap schema.PluginManifestCapabilitiesElem) string {
-		return string(cap)
-	})
-
-	fmt.Fprintf(w, "%s\t%s\t%s\t%s\t%s\t%s\n",
-		discovery.ID,
-		nameDisplay,
-		cmp.Or(discovery.Manifest.Author, "-"),
-		cmp.Or(discovery.Manifest.Version, "-"),
-		strings.Join(capabilities, ", "),
-		cmp.Or(discovery.Manifest.Description, "-"))
-}
-
-func displayTypedPermissions(permissions schema.PluginManifestPermissions, indent string) {
-	if permissions.Http != nil {
-		fmt.Printf("%shttp:\n", indent)
-		fmt.Printf("%s  Reason: %s\n", indent, permissions.Http.Reason)
-		fmt.Printf("%s  Allow Local Network: %t\n", indent, permissions.Http.AllowLocalNetwork)
-		fmt.Printf("%s  Allowed URLs:\n", indent)
-		for urlPattern, methodEnums := range permissions.Http.AllowedUrls {
-			methods := make([]string, len(methodEnums))
-			for i, methodEnum := range methodEnums {
-				methods[i] = string(methodEnum)
-			}
-			fmt.Printf("%s    %s: [%s]\n", indent, urlPattern, strings.Join(methods, ", "))
-		}
-		fmt.Println()
-	}
-
-	if permissions.Config != nil {
-		fmt.Printf("%sconfig:\n", indent)
-		fmt.Printf("%s  Reason: %s\n", indent, permissions.Config.Reason)
-		fmt.Println()
-	}
-
-	if permissions.Scheduler != nil {
-		fmt.Printf("%sscheduler:\n", indent)
-		fmt.Printf("%s  Reason: %s\n", indent, permissions.Scheduler.Reason)
-		fmt.Println()
-	}
-
-	if permissions.Websocket != nil {
-		fmt.Printf("%swebsocket:\n", indent)
-		fmt.Printf("%s  Reason: %s\n", indent, permissions.Websocket.Reason)
-		fmt.Printf("%s  Allow Local Network: %t\n", indent, permissions.Websocket.AllowLocalNetwork)
-		fmt.Printf("%s  Allowed URLs: [%s]\n", indent, strings.Join(permissions.Websocket.AllowedUrls, ", "))
-		fmt.Println()
-	}
-
-	if permissions.Cache != nil {
-		fmt.Printf("%scache:\n", indent)
-		fmt.Printf("%s  Reason: %s\n", indent, permissions.Cache.Reason)
-		fmt.Println()
-	}
-
-	if permissions.Artwork != nil {
-		fmt.Printf("%sartwork:\n", indent)
-		fmt.Printf("%s  Reason: %s\n", indent, permissions.Artwork.Reason)
-		fmt.Println()
-	}
-
-	if permissions.Subsonicapi != nil {
-		allowedUsers := "All Users"
-		if len(permissions.Subsonicapi.AllowedUsernames) > 0 {
-			allowedUsers = strings.Join(permissions.Subsonicapi.AllowedUsernames, ", ")
-		}
-		fmt.Printf("%ssubsonicapi:\n", indent)
-		fmt.Printf("%s  Reason: %s\n", indent, permissions.Subsonicapi.Reason)
-		fmt.Printf("%s  Allow Admins: %t\n", indent, permissions.Subsonicapi.AllowAdmins)
-		fmt.Printf("%s  Allowed Usernames: [%s]\n", indent, allowedUsers)
-		fmt.Println()
-	}
-}
-
-func displayPluginDetails(manifest *schema.PluginManifest, fileInfo *pluginFileInfo, permInfo *pluginPermissionInfo) {
-	fmt.Println("\nPlugin Information:")
-	fmt.Printf("  Name:        %s\n", manifest.Name)
-	fmt.Printf("  Author:      %s\n", manifest.Author)
-	fmt.Printf("  Version:     %s\n", manifest.Version)
-	fmt.Printf("  Description: %s\n", manifest.Description)
-
-	fmt.Print("  Capabilities:    ")
-	capabilities := make([]string, len(manifest.Capabilities))
-	for i, cap := range manifest.Capabilities {
-		capabilities[i] = string(cap)
-	}
-	fmt.Print(strings.Join(capabilities, ", "))
-	fmt.Println()
-
-	// Display manifest permissions using the typed permissions
-	fmt.Println("  Required Permissions:")
-	displayTypedPermissions(manifest.Permissions, "    ")
-
-	// Print file information if available
-	if fileInfo != nil {
-		fmt.Println("Package Information:")
-		fmt.Printf("  File:        %s\n", fileInfo.path)
-		fmt.Printf("  Size:        %d bytes (%.2f KB)\n", fileInfo.size, float64(fileInfo.size)/1024)
-		fmt.Printf("  SHA-256:     %s\n", fileInfo.hash)
-		fmt.Printf("  Modified:    %s\n", fileInfo.modTime.Format(time.RFC3339))
-	}
-
-	// Print file permissions information if available
-	if permInfo != nil {
-		fmt.Println("File Permissions:")
-		fmt.Printf("  Plugin Directory: %s (%s)\n", permInfo.dirPath, permInfo.dirMode)
-		if permInfo.isSymlink {
-			fmt.Printf("  Symlink Target:   %s (%s)\n", permInfo.targetPath, permInfo.targetMode)
-		}
-		fmt.Printf("  Manifest File:    %s\n", permInfo.manifestMode)
-		if permInfo.wasmMode != "" {
-			fmt.Printf("  WASM File:        %s\n", permInfo.wasmMode)
-		}
-	}
-}
-
-type pluginFileInfo struct {
-	path    string
-	size    int64
-	hash    string
-	modTime time.Time
-}
-
-type pluginPermissionInfo struct {
-	dirPath      string
-	dirMode      string
-	isSymlink    bool
-	targetPath   string
-	targetMode   string
-	manifestMode string
-	wasmMode     string
-}
-
-func getFileInfo(path string) *pluginFileInfo {
-	fileInfo, err := os.Stat(path)
-	if err != nil {
-		log.Error("Failed to get file information", err)
-		return nil
-	}
-
-	return &pluginFileInfo{
-		path:    path,
-		size:    fileInfo.Size(),
-		hash:    calculateSHA256(path),
-		modTime: fileInfo.ModTime(),
-	}
-}
-
-func getPermissionInfo(pluginDir string) *pluginPermissionInfo {
-	// Get plugin directory permissions
-	dirInfo, err := os.Lstat(pluginDir)
-	if err != nil {
-		log.Error("Failed to get plugin directory permissions", err)
-		return nil
-	}
-
-	permInfo := &pluginPermissionInfo{
-		dirPath: pluginDir,
-		dirMode: dirInfo.Mode().String(),
-	}
-
-	// Check if it's a symlink
-	if dirInfo.Mode()&os.ModeSymlink != 0 {
-		permInfo.isSymlink = true
-
-		// Get target path and permissions
-		targetPath, err := os.Readlink(pluginDir)
-		if err == nil {
-			if !filepath.IsAbs(targetPath) {
-				targetPath = filepath.Join(filepath.Dir(pluginDir), targetPath)
-			}
-			permInfo.targetPath = targetPath
-
-			if targetInfo, err := os.Stat(targetPath); err == nil {
-				permInfo.targetMode = targetInfo.Mode().String()
-			}
-		}
-	}
-
-	// Get manifest file permissions
-	manifestPath := filepath.Join(pluginDir, "manifest.json")
-	if manifestInfo, err := os.Stat(manifestPath); err == nil {
-		permInfo.manifestMode = manifestInfo.Mode().String()
-	}
-
-	// Get WASM file permissions (look for .wasm files)
-	entries, err := os.ReadDir(pluginDir)
-	if err == nil {
-		for _, entry := range entries {
-			if filepath.Ext(entry.Name()) == ".wasm" {
-				wasmPath := filepath.Join(pluginDir, entry.Name())
-				if wasmInfo, err := os.Stat(wasmPath); err == nil {
-					permInfo.wasmMode = wasmInfo.Mode().String()
-					break // Just show the first WASM file found
-				}
-			}
-		}
-	}
-
-	return permInfo
-}
-
-// Command implementations
-
-func pluginList(cmd *cobra.Command, args []string) {
-	discoveries := plugins.DiscoverPlugins(conf.Server.Plugins.Folder)
-
-	w := tabwriter.NewWriter(os.Stdout, 0, 0, 2, ' ', 0)
-	fmt.Fprintln(w, "ID\tNAME\tAUTHOR\tVERSION\tCAPABILITIES\tDESCRIPTION")
-
-	for _, discovery := range discoveries {
-		displayPluginTableRow(w, discovery)
-	}
-	w.Flush()
-}
-
-func pluginInfo(cmd *cobra.Command, args []string) {
-	path := args[0]
-	pluginsDir := conf.Server.Plugins.Folder
-
-	var manifest *schema.PluginManifest
-	var fileInfo *pluginFileInfo
-	var permInfo *pluginPermissionInfo
-
-	if filepath.Ext(path) == pluginPackageExtension {
-		// It's a package file
-		pkg, err := loadAndValidatePackage(path)
-		if err != nil {
-			log.Fatal("Failed to load plugin package", err)
-		}
-		manifest = pkg.Manifest
-		fileInfo = getFileInfo(path)
-		// No permission info for package files
-	} else {
-		// It's a plugin name
-		pluginDir, err := validatePluginDirectory(pluginsDir, path)
-		if err != nil {
-			log.Fatal("Plugin validation failed", err)
-		}
-
-		manifest, err = plugins.LoadManifest(pluginDir)
-		if err != nil {
-			log.Fatal("Failed to load plugin manifest", err)
-		}
-
-		// Get permission info for installed plugins
-		permInfo = getPermissionInfo(pluginDir)
-	}
-
-	displayPluginDetails(manifest, fileInfo, permInfo)
-}
-
-func pluginInstall(cmd *cobra.Command, args []string) {
-	ndpPath := args[0]
-	pluginsDir := conf.Server.Plugins.Folder
-
-	pkg, err := loadAndValidatePackage(ndpPath)
-	if err != nil {
-		log.Fatal("Package validation failed", err)
-	}
-
-	// Create target directory based on plugin name
-	targetDir := filepath.Join(pluginsDir, pkg.Manifest.Name)
-
-	// Check if plugin already exists
-	if utils.FileExists(targetDir) {
-		log.Fatal("Plugin already installed", "name", pkg.Manifest.Name, "path", targetDir,
-			"use", "navidrome plugin update")
-	}
-
-	if err := extractAndSetupPlugin(ndpPath, targetDir); err != nil {
-		log.Fatal("Plugin installation failed", err)
-	}
-
-	fmt.Printf("Plugin '%s' v%s installed successfully\n", pkg.Manifest.Name, pkg.Manifest.Version)
-}
-
-func pluginRemove(cmd *cobra.Command, args []string) {
-	pluginName := args[0]
-	pluginsDir := conf.Server.Plugins.Folder
-
-	pluginDir, err := validatePluginDirectory(pluginsDir, pluginName)
-	if err != nil {
-		log.Fatal("Plugin validation failed", err)
-	}
-
-	_, isSymlink, err := resolvePluginPath(pluginDir)
-	if err != nil {
-		log.Fatal("Failed to resolve plugin path", err)
-	}
-
-	if isSymlink {
-		// For symlinked plugins (dev mode), just remove the symlink
-		if err := os.Remove(pluginDir); err != nil {
-			log.Fatal("Failed to remove plugin symlink", "name", pluginName, err)
-		}
-		fmt.Printf("Development plugin symlink '%s' removed successfully (target directory preserved)\n", pluginName)
-	} else {
-		// For regular plugins, remove the entire directory
-		if err := os.RemoveAll(pluginDir); err != nil {
-			log.Fatal("Failed to remove plugin directory", "name", pluginName, err)
-		}
-		fmt.Printf("Plugin '%s' removed successfully\n", pluginName)
-	}
-}
-
-func pluginUpdate(cmd *cobra.Command, args []string) {
-	ndpPath := args[0]
-	pluginsDir := conf.Server.Plugins.Folder
-
-	pkg, err := loadAndValidatePackage(ndpPath)
-	if err != nil {
-		log.Fatal("Package validation failed", err)
-	}
-
-	// Check if plugin exists
-	targetDir := filepath.Join(pluginsDir, pkg.Manifest.Name)
-	if !utils.FileExists(targetDir) {
-		log.Fatal("Plugin not found", "name", pkg.Manifest.Name, "path", targetDir,
-			"use", "navidrome plugin install")
-	}
-
-	// Create a backup of the existing plugin
-	backupDir := targetDir + ".bak." + time.Now().Format("20060102150405")
-	if err := os.Rename(targetDir, backupDir); err != nil {
-		log.Fatal("Failed to backup existing plugin", err)
-	}
-
-	// Extract the new package
-	if err := extractAndSetupPlugin(ndpPath, targetDir); err != nil {
-		// Restore backup if extraction failed
-		os.RemoveAll(targetDir)
-		_ = os.Rename(backupDir, targetDir) // Ignore error as we're already in a fatal path
-		log.Fatal("Plugin update failed", err)
-	}
-
-	// Remove the backup
-	os.RemoveAll(backupDir)
-
-	fmt.Printf("Plugin '%s' updated to v%s successfully\n", pkg.Manifest.Name, pkg.Manifest.Version)
-}
-
-func pluginRefresh(cmd *cobra.Command, args []string) {
-	pluginName := args[0]
-	pluginsDir := conf.Server.Plugins.Folder
-
-	pluginDir, err := validatePluginDirectory(pluginsDir, pluginName)
-	if err != nil {
-		log.Fatal("Plugin validation failed", err)
-	}
-
-	resolvedPath, isSymlink, err := resolvePluginPath(pluginDir)
-	if err != nil {
-		log.Fatal("Failed to resolve plugin path", err)
-	}
-
-	if isSymlink {
-		log.Debug("Processing symlinked plugin", "name", pluginName, "link", pluginDir, "target", resolvedPath)
-	}
-
-	fmt.Printf("Refreshing plugin '%s'...\n", pluginName)
-
-	// Get the plugin manager and refresh
-	mgr := GetPluginManager(cmd.Context())
-	log.Debug("Scanning plugins directory", "path", pluginsDir)
-	mgr.ScanPlugins()
-
-	log.Info("Waiting for plugin compilation to complete", "name", pluginName)
-
-	// Wait for compilation to complete
-	if err := mgr.EnsureCompiled(pluginName); err != nil {
-		log.Fatal("Failed to compile refreshed plugin", "name", pluginName, err)
-	}
-
-	log.Info("Plugin compilation completed successfully", "name", pluginName)
-	fmt.Printf("Plugin '%s' refreshed successfully\n", pluginName)
-}
-
-func pluginDev(cmd *cobra.Command, args []string) {
-	sourcePath, err := filepath.Abs(args[0])
-	if err != nil {
-		log.Fatal("Invalid path", "path", args[0], err)
-	}
-	pluginsDir := conf.Server.Plugins.Folder
-
-	// Validate source directory and manifest
-	if err := validateDevSource(sourcePath); err != nil {
-		log.Fatal("Source validation failed", err)
-	}
-
-	// Load manifest to get plugin name
-	manifest, err := plugins.LoadManifest(sourcePath)
-	if err != nil {
-		log.Fatal("Failed to load plugin manifest", "path", filepath.Join(sourcePath, "manifest.json"), err)
-	}
-
-	pluginName := cmp.Or(manifest.Name, filepath.Base(sourcePath))
-	targetPath := filepath.Join(pluginsDir, pluginName)
-
-	// Handle existing target
-	if err := handleExistingTarget(targetPath, sourcePath); err != nil {
-		log.Fatal("Failed to handle existing target", err)
-	}
-
-	// Create target directory if needed
-	if err := os.MkdirAll(filepath.Dir(targetPath), 0755); err != nil {
-		log.Fatal("Failed to create plugins directory", "path", filepath.Dir(targetPath), err)
-	}
-
-	// Create the symlink
-	if err := os.Symlink(sourcePath, targetPath); err != nil {
-		log.Fatal("Failed to create symlink", "source", sourcePath, "target", targetPath, err)
-	}
-
-	fmt.Printf("Development symlink created: '%s' -> '%s'\n", targetPath, sourcePath)
-	fmt.Println("Plugin can be refreshed with: navidrome plugin refresh", pluginName)
-}
-
-// Utility functions
-
-func validateDevSource(sourcePath string) error {
-	sourceInfo, err := os.Stat(sourcePath)
-	if err != nil {
-		return fmt.Errorf("source folder not found: %s (%w)", sourcePath, err)
-	}
-	if !sourceInfo.IsDir() {
-		return fmt.Errorf("source path is not a directory: %s", sourcePath)
-	}
-
-	manifestPath := filepath.Join(sourcePath, "manifest.json")
-	if !utils.FileExists(manifestPath) {
-		return fmt.Errorf("source folder missing manifest.json: %s", sourcePath)
-	}
-
-	return nil
-}
-
-func handleExistingTarget(targetPath, sourcePath string) error {
-	if !utils.FileExists(targetPath) {
-		return nil // Nothing to handle
-	}
-
-	// Check if it's already a symlink to our source
-	existingLink, err := os.Readlink(targetPath)
-	if err == nil && existingLink == sourcePath {
-		fmt.Printf("Symlink already exists and points to the correct source\n")
-		return fmt.Errorf("symlink already exists") // This will cause early return in caller
-	}
-
-	// Handle case where target exists but is not a symlink to our source
-	fmt.Printf("Target path '%s' already exists.\n", targetPath)
-	fmt.Print("Do you want to replace it? (y/N): ")
-	var response string
-	_, err = fmt.Scanln(&response)
-	if err != nil || strings.ToLower(response) != "y" {
-		if err != nil {
-			log.Debug("Error reading input, assuming 'no'", err)
-		}
-		return fmt.Errorf("operation canceled")
-	}
-
-	// Remove existing target
-	if err := os.RemoveAll(targetPath); err != nil {
-		return fmt.Errorf("failed to remove existing target %s: %w", targetPath, err)
-	}
-
-	return nil
-}
-
-func ensurePluginDirPermissions(dir string) {
-	if err := os.Chmod(dir, pluginDirPermissions); err != nil {
-		log.Error("Failed to set plugin directory permissions", "dir", dir, err)
-	}
-
-	// Apply permissions to all files in the directory
-	entries, err := os.ReadDir(dir)
-	if err != nil {
-		log.Error("Failed to read plugin directory", "dir", dir, err)
-		return
-	}
-
-	for _, entry := range entries {
-		path := filepath.Join(dir, entry.Name())
-		info, err := os.Stat(path)
-		if err != nil {
-			log.Error("Failed to stat file", "path", path, err)
-			continue
-		}
-
-		mode := os.FileMode(pluginFilePermissions) // Files
-		if info.IsDir() {
-			mode = os.FileMode(pluginDirPermissions) // Directories
-			ensurePluginDirPermissions(path)         // Recursive
-		}
-
-		if err := os.Chmod(path, mode); err != nil {
-			log.Error("Failed to set file permissions", "path", path, err)
-		}
-	}
-}
-
-func calculateSHA256(filePath string) string {
-	file, err := os.Open(filePath)
-	if err != nil {
-		log.Error("Failed to open file for hashing", err)
-		return "N/A"
-	}
-	defer file.Close()
-
-	hasher := sha256.New()
-	if _, err := io.Copy(hasher, file); err != nil {
-		log.Error("Failed to calculate hash", err)
-		return "N/A"
-	}
-
-	return hex.EncodeToString(hasher.Sum(nil))
-}
--- a/cmd/plugin_test.go
+++ b/cmd/plugin_test.go
@@ -1,193 +0,0 @@
-package cmd
-
-import (
-	"io"
-	"os"
-	"path/filepath"
-	"strings"
-
-	"github.com/navidrome/navidrome/conf"
-	"github.com/navidrome/navidrome/conf/configtest"
-	. "github.com/onsi/ginkgo/v2"
-	. "github.com/onsi/gomega"
-	"github.com/spf13/cobra"
-)
-
-var _ = Describe("Plugin CLI Commands", func() {
-	var tempDir string
-	var cmd *cobra.Command
-	var stdOut *os.File
-	var origStdout *os.File
-	var outReader *os.File
-
-	// Helper to create a test plugin with the given name and details
-	createTestPlugin := func(name, author, version string, capabilities []string) string {
-		pluginDir := filepath.Join(tempDir, name)
-		Expect(os.MkdirAll(pluginDir, 0755)).To(Succeed())
-
-		// Create a properly formatted capabilities JSON array
-		capabilitiesJSON := `"` + strings.Join(capabilities, `", "`) + `"`
-
-		manifest := `{
-			"name": "` + name + `",
-			"author": "` + author + `",
-			"version": "` + version + `",
-			"description": "Plugin for testing",
-			"website": "https://test.navidrome.org/` + name + `",
-			"capabilities": [` + capabilitiesJSON + `],
-			"permissions": {}
-		}`
-
-		Expect(os.WriteFile(filepath.Join(pluginDir, "manifest.json"), []byte(manifest), 0600)).To(Succeed())
-
-		// Create a dummy WASM file
-		wasmContent := []byte("dummy wasm content for testing")
-		Expect(os.WriteFile(filepath.Join(pluginDir, "plugin.wasm"), wasmContent, 0600)).To(Succeed())
-
-		return pluginDir
-	}
-
-	// Helper to execute a command and return captured output
-	captureOutput := func(reader io.Reader) string {
-		stdOut.Close()
-		outputBytes, err := io.ReadAll(reader)
-		Expect(err).NotTo(HaveOccurred())
-		return string(outputBytes)
-	}
-
-	BeforeEach(func() {
-		DeferCleanup(configtest.SetupConfig())
-		tempDir = GinkgoT().TempDir()
-
-		// Setup config
-		conf.Server.Plugins.Enabled = true
-		conf.Server.Plugins.Folder = tempDir
-
-		// Create a command for testing
-		cmd = &cobra.Command{Use: "test"}
-
-		// Setup stdout capture
-		origStdout = os.Stdout
-		var err error
-		outReader, stdOut, err = os.Pipe()
-		Expect(err).NotTo(HaveOccurred())
-		os.Stdout = stdOut
-
-		DeferCleanup(func() {
-			os.Stdout = origStdout
-		})
-	})
-
-	AfterEach(func() {
-		os.Stdout = origStdout
-		if stdOut != nil {
-			stdOut.Close()
-		}
-		if outReader != nil {
-			outReader.Close()
-		}
-	})
-
-	Describe("Plugin list command", func() {
-		It("should list installed plugins", func() {
-			// Create test plugins
-			createTestPlugin("plugin1", "Test Author", "1.0.0", []string{"MetadataAgent"})
-			createTestPlugin("plugin2", "Another Author", "2.1.0", []string{"Scrobbler"})
-
-			// Execute command
-			pluginList(cmd, []string{})
-
-			// Verify output
-			output := captureOutput(outReader)
-
-			Expect(output).To(ContainSubstring("plugin1"))
-			Expect(output).To(ContainSubstring("Test Author"))
-			Expect(output).To(ContainSubstring("1.0.0"))
-			Expect(output).To(ContainSubstring("MetadataAgent"))
-
-			Expect(output).To(ContainSubstring("plugin2"))
-			Expect(output).To(ContainSubstring("Another Author"))
-			Expect(output).To(ContainSubstring("2.1.0"))
-			Expect(output).To(ContainSubstring("Scrobbler"))
-		})
-	})
-
-	Describe("Plugin info command", func() {
-		It("should display information about an installed plugin", func() {
-			// Create test plugin with multiple capabilities
-			createTestPlugin("test-plugin", "Test Author", "1.0.0",
-				[]string{"MetadataAgent", "Scrobbler"})
-
-			// Execute command
-			pluginInfo(cmd, []string{"test-plugin"})
-
-			// Verify output
-			output := captureOutput(outReader)
-
-			Expect(output).To(ContainSubstring("Name:        test-plugin"))
-			Expect(output).To(ContainSubstring("Author:      Test Author"))
-			Expect(output).To(ContainSubstring("Version:     1.0.0"))
-			Expect(output).To(ContainSubstring("Description: Plugin for testing"))
-			Expect(output).To(ContainSubstring("Capabilities:    MetadataAgent, Scrobbler"))
-		})
-	})
-
-	Describe("Plugin remove command", func() {
-		It("should remove a regular plugin directory", func() {
-			// Create test plugin
-			pluginDir := createTestPlugin("regular-plugin", "Test Author", "1.0.0",
-				[]string{"MetadataAgent"})
-
-			// Execute command
-			pluginRemove(cmd, []string{"regular-plugin"})
-
-			// Verify output
-			output := captureOutput(outReader)
-			Expect(output).To(ContainSubstring("Plugin 'regular-plugin' removed successfully"))
-
-			// Verify directory is actually removed
-			_, err := os.Stat(pluginDir)
-			Expect(os.IsNotExist(err)).To(BeTrue())
-		})
-
-		It("should remove only the symlink for a development plugin", func() {
-			// Create a real source directory
-			sourceDir := filepath.Join(GinkgoT().TempDir(), "dev-plugin-source")
-			Expect(os.MkdirAll(sourceDir, 0755)).To(Succeed())
-
-			manifest := `{
-				"name": "dev-plugin",
-				"author": "Dev Author",
-				"version": "0.1.0",
-				"description": "Development plugin for testing",
-				"website": "https://test.navidrome.org/dev-plugin",
-				"capabilities": ["Scrobbler"],
-				"permissions": {}
-			}`
-			Expect(os.WriteFile(filepath.Join(sourceDir, "manifest.json"), []byte(manifest), 0600)).To(Succeed())
-
-			// Create a dummy WASM file
-			wasmContent := []byte("dummy wasm content for testing")
-			Expect(os.WriteFile(filepath.Join(sourceDir, "plugin.wasm"), wasmContent, 0600)).To(Succeed())
-
-			// Create a symlink in the plugins directory
-			symlinkPath := filepath.Join(tempDir, "dev-plugin")
-			Expect(os.Symlink(sourceDir, symlinkPath)).To(Succeed())
-
-			// Execute command
-			pluginRemove(cmd, []string{"dev-plugin"})
-
-			// Verify output
-			output := captureOutput(outReader)
-			Expect(output).To(ContainSubstring("Development plugin symlink 'dev-plugin' removed successfully"))
-			Expect(output).To(ContainSubstring("target directory preserved"))
-
-			// Verify the symlink is removed but source directory exists
-			_, err := os.Lstat(symlinkPath)
-			Expect(os.IsNotExist(err)).To(BeTrue())
-
-			_, err = os.Stat(sourceDir)
-			Expect(err).NotTo(HaveOccurred())
-		})
-	})
-})
--- a/cmd/root.go
+++ b/cmd/root.go
@@ -330,16 +330,13 @@ func startPlaybackServer(ctx context.Context) func() error {
 // startPluginManager starts the plugin manager, if configured.
 func startPluginManager(ctx context.Context) func() error {
 	return func() error {
+		manager := GetPluginManager(ctx)
 		if !conf.Server.Plugins.Enabled {
-			log.Debug("Plugins are DISABLED")
+			log.Debug("Plugin system is DISABLED")
 			return nil
 		}
 		log.Info(ctx, "Starting plugin manager")
-		// Get the manager instance and scan for plugins
-		manager := GetPluginManager(ctx)
-		manager.ScanPlugins()
-
-		return nil
+		return manager.Start(ctx)
 	}
 }

@@ -374,6 +371,7 @@ func init() {
 	rootCmd.Flags().Duration("scaninterval", viper.GetDuration("scaninterval"), "how frequently to scan for changes in your music library")
 	rootCmd.Flags().String("uiloginbackgroundurl", viper.GetString("uiloginbackgroundurl"), "URL to a backaground image used in the Login page")
 	rootCmd.Flags().Bool("enabletranscodingconfig", viper.GetBool("enabletranscodingconfig"), "enables transcoding configuration in the UI")
+	rootCmd.Flags().Bool("enabletranscodingcancellation", viper.GetBool("enabletranscodingcancellation"), "enables transcoding context cancellation")
 	rootCmd.Flags().String("transcodingcachesize", viper.GetString("transcodingcachesize"), "size of transcoding cache")
 	rootCmd.Flags().String("imagecachesize", viper.GetString("imagecachesize"), "size of image (art work) cache. set to 0 to disable cache")
 	rootCmd.Flags().String("albumplaycountmode", viper.GetString("albumplaycountmode"), "how to compute playcount for albums. absolute (default) or normalized")
@@ -397,6 +395,7 @@ func init() {
 	_ = viper.BindPFlag("prometheus.metricspath", rootCmd.Flags().Lookup("prometheus.metricspath"))

 	_ = viper.BindPFlag("enabletranscodingconfig", rootCmd.Flags().Lookup("enabletranscodingconfig"))
+	_ = viper.BindPFlag("enabletranscodingcancellation", rootCmd.Flags().Lookup("enabletranscodingcancellation"))
 	_ = viper.BindPFlag("transcodingcachesize", rootCmd.Flags().Lookup("transcodingcachesize"))
 	_ = viper.BindPFlag("imagecachesize", rootCmd.Flags().Lookup("imagecachesize"))
 }
--- a/cmd/scan.go
+++ b/cmd/scan.go
@@ -1,9 +1,12 @@
 package cmd

 import (
+	"bufio"
 	"context"
 	"encoding/gob"
+	"fmt"
 	"os"
+	"strings"

 	"github.com/navidrome/navidrome/core"
 	"github.com/navidrome/navidrome/db"
@@ -19,12 +22,14 @@ var (
 	fullScan   bool
 	subprocess bool
 	targets    []string
+	targetFile string
 )

 func init() {
 	scanCmd.Flags().BoolVarP(&fullScan, "full", "f", false, "check all subfolders, ignoring timestamps")
 	scanCmd.Flags().BoolVarP(&subprocess, "subprocess", "", false, "run as subprocess (internal use)")
 	scanCmd.Flags().StringArrayVarP(&targets, "target", "t", []string{}, "list of libraryID:folderPath pairs, can be repeated (e.g., \"-t 1:Music/Rock -t 1:Music/Jazz -t 2:Classical\")")
+	scanCmd.Flags().StringVar(&targetFile, "target-file", "", "path to file containing targets (one libraryID:folderPath per line)")
 	rootCmd.AddCommand(scanCmd)
 }

@@ -71,10 +76,17 @@ func runScanner(ctx context.Context) {
 	ds := persistence.New(sqlDB)
 	pls := core.NewPlaylists(ds)

-	// Parse targets if provided
+	// Parse targets from command line or file
 	var scanTargets []model.ScanTarget
-	if len(targets) > 0 {
-		var err error
+	var err error
+
+	if targetFile != "" {
+		scanTargets, err = readTargetsFromFile(targetFile)
+		if err != nil {
+			log.Fatal(ctx, "Failed to read targets from file", err)
+		}
+		log.Info(ctx, "Scanning specific folders from file", "numTargets", len(scanTargets))
+	} else if len(targets) > 0 {
 		scanTargets, err = model.ParseTargets(targets)
 		if err != nil {
 			log.Fatal(ctx, "Failed to parse targets", err)
@@ -94,3 +106,31 @@ func runScanner(ctx context.Context) {
 		trackScanInteractively(ctx, progress)
 	}
 }
+
+// readTargetsFromFile reads scan targets from a file, one per line.
+// Each line should be in the format "libraryID:folderPath".
+// Empty lines and lines starting with # are ignored.
+func readTargetsFromFile(filePath string) ([]model.ScanTarget, error) {
+	file, err := os.Open(filePath)
+	if err != nil {
+		return nil, fmt.Errorf("failed to open target file: %w", err)
+	}
+	defer file.Close()
+
+	var targetStrings []string
+	scanner := bufio.NewScanner(file)
+	for scanner.Scan() {
+		line := strings.TrimSpace(scanner.Text())
+		// Skip empty lines and comments
+		if line == "" {
+			continue
+		}
+		targetStrings = append(targetStrings, line)
+	}
+
+	if err := scanner.Err(); err != nil {
+		return nil, fmt.Errorf("failed to read target file: %w", err)
+	}
+
+	return model.ParseTargets(targetStrings)
+}
--- a/cmd/scan_test.go
+++ b/cmd/scan_test.go
@@ -0,0 +1,89 @@
+package cmd
+
+import (
+	"os"
+	"path/filepath"
+
+	"github.com/navidrome/navidrome/model"
+	. "github.com/onsi/ginkgo/v2"
+	. "github.com/onsi/gomega"
+)
+
+var _ = Describe("readTargetsFromFile", func() {
+	var tempDir string
+
+	BeforeEach(func() {
+		var err error
+		tempDir, err = os.MkdirTemp("", "navidrome-test-")
+		Expect(err).ToNot(HaveOccurred())
+	})
+
+	AfterEach(func() {
+		os.RemoveAll(tempDir)
+	})
+
+	It("reads valid targets from file", func() {
+		filePath := filepath.Join(tempDir, "targets.txt")
+		content := "1:Music/Rock\n2:Music/Jazz\n3:Classical\n"
+		err := os.WriteFile(filePath, []byte(content), 0600)
+		Expect(err).ToNot(HaveOccurred())
+
+		targets, err := readTargetsFromFile(filePath)
+		Expect(err).ToNot(HaveOccurred())
+		Expect(targets).To(HaveLen(3))
+		Expect(targets[0]).To(Equal(model.ScanTarget{LibraryID: 1, FolderPath: "Music/Rock"}))
+		Expect(targets[1]).To(Equal(model.ScanTarget{LibraryID: 2, FolderPath: "Music/Jazz"}))
+		Expect(targets[2]).To(Equal(model.ScanTarget{LibraryID: 3, FolderPath: "Classical"}))
+	})
+
+	It("skips empty lines", func() {
+		filePath := filepath.Join(tempDir, "targets.txt")
+		content := "1:Music/Rock\n\n2:Music/Jazz\n\n"
+		err := os.WriteFile(filePath, []byte(content), 0600)
+		Expect(err).ToNot(HaveOccurred())
+
+		targets, err := readTargetsFromFile(filePath)
+		Expect(err).ToNot(HaveOccurred())
+		Expect(targets).To(HaveLen(2))
+	})
+
+	It("trims whitespace", func() {
+		filePath := filepath.Join(tempDir, "targets.txt")
+		content := "  1:Music/Rock  \n\t2:Music/Jazz\t\n"
+		err := os.WriteFile(filePath, []byte(content), 0600)
+		Expect(err).ToNot(HaveOccurred())
+
+		targets, err := readTargetsFromFile(filePath)
+		Expect(err).ToNot(HaveOccurred())
+		Expect(targets).To(HaveLen(2))
+		Expect(targets[0].FolderPath).To(Equal("Music/Rock"))
+		Expect(targets[1].FolderPath).To(Equal("Music/Jazz"))
+	})
+
+	It("returns error for non-existent file", func() {
+		_, err := readTargetsFromFile("/nonexistent/file.txt")
+		Expect(err).To(HaveOccurred())
+		Expect(err.Error()).To(ContainSubstring("failed to open target file"))
+	})
+
+	It("returns error for invalid target format", func() {
+		filePath := filepath.Join(tempDir, "targets.txt")
+		content := "invalid-format\n"
+		err := os.WriteFile(filePath, []byte(content), 0600)
+		Expect(err).ToNot(HaveOccurred())
+
+		_, err = readTargetsFromFile(filePath)
+		Expect(err).To(HaveOccurred())
+	})
+
+	It("handles mixed valid and empty lines", func() {
+		filePath := filepath.Join(tempDir, "targets.txt")
+		content := "\n1:Music/Rock\n\n\n2:Music/Jazz\n\n"
+		err := os.WriteFile(filePath, []byte(content), 0600)
+		Expect(err).ToNot(HaveOccurred())
+
+		targets, err := readTargetsFromFile(filePath)
+		Expect(err).ToNot(HaveOccurred())
+		Expect(targets).To(HaveLen(2))
+	})
+})
--- a/cmd/user.go
+++ b/cmd/user.go
@@ -0,0 +1,477 @@
+package cmd
+
+import (
+	"context"
+	"encoding/csv"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"os"
+	"strconv"
+	"strings"
+	"syscall"
+	"time"
+
+	"github.com/Masterminds/squirrel"
+	"github.com/navidrome/navidrome/log"
+	"github.com/navidrome/navidrome/model"
+	"github.com/spf13/cobra"
+	"golang.org/x/term"
+)
+
+var (
+	email      string
+	libraryIds []int
+	name       string
+
+	removeEmail    bool
+	removeName     bool
+	setAdmin       bool
+	setPassword    bool
+	setRegularUser bool
+)
+
+func init() {
+	rootCmd.AddCommand(userRoot)
+
+	userCreateCommand.Flags().StringVarP(&userID, "username", "u", "", "username")
+
+	userCreateCommand.Flags().StringVarP(&email, "email", "e", "", "New user email")
+	userCreateCommand.Flags().IntSliceVarP(&libraryIds, "library-ids", "i", []int{}, "Comma-separated list of library IDs. Set the user's accessible libraries. If empty, the user can access all libraries. This is incompatible with admin, as admin can always access all libraries")
+
+	userCreateCommand.Flags().BoolVarP(&setAdmin, "admin", "a", false, "If set, make the user an admin. This user will have access to every library")
+	userCreateCommand.Flags().StringVar(&name, "name", "", "New user's name (this is separate from username used to log in)")
+
+	_ = userCreateCommand.MarkFlagRequired("username")
+
+	userRoot.AddCommand(userCreateCommand)
+
+	userDeleteCommand.Flags().StringVarP(&userID, "user", "u", "", "username or id")
+	_ = userDeleteCommand.MarkFlagRequired("user")
+	userRoot.AddCommand(userDeleteCommand)
+
+	userEditCommand.Flags().StringVarP(&userID, "user", "u", "", "username or id")
+
+	userEditCommand.Flags().BoolVar(&setAdmin, "set-admin", false, "If set, make the user an admin")
+	userEditCommand.Flags().BoolVar(&setRegularUser, "set-regular", false, "If set, make the user a non-admin")
+	userEditCommand.MarkFlagsMutuallyExclusive("set-admin", "set-regular")
+
+	userEditCommand.Flags().BoolVar(&removeEmail, "remove-email", false, "If set, clear the user's email")
+	userEditCommand.Flags().StringVarP(&email, "email", "e", "", "New user email")
+	userEditCommand.MarkFlagsMutuallyExclusive("email", "remove-email")
+
+	userEditCommand.Flags().BoolVar(&removeName, "remove-name", false, "If set, clear the user's name")
+	userEditCommand.Flags().StringVar(&name, "name", "", "New user name (this is separate from username used to log in)")
+	userEditCommand.MarkFlagsMutuallyExclusive("name", "remove-name")
+
+	userEditCommand.Flags().BoolVar(&setPassword, "set-password", false, "If set, the user's new password will be prompted on the CLI")
+
+	userEditCommand.Flags().IntSliceVarP(&libraryIds, "library-ids", "i", []int{}, "Comma-separated list of library IDs. Set the user's accessible libraries by id")
+
+	_ = userEditCommand.MarkFlagRequired("user")
+	userRoot.AddCommand(userEditCommand)
+
+	userListCommand.Flags().StringVarP(&outputFormat, "format", "f", "csv", "output format [supported values: csv, json]")
+	userRoot.AddCommand(userListCommand)
+}
+
+var (
+	userRoot = &cobra.Command{
+		Use:   "user",
+		Short: "Administer users",
+		Long:  "Create, delete, list, or update users",
+	}
+
+	userCreateCommand = &cobra.Command{
+		Use:     "create",
+		Aliases: []string{"c"},
+		Short:   "Create a new user",
+		Run: func(cmd *cobra.Command, args []string) {
+			runCreateUser(cmd.Context())
+		},
+	}
+
+	userDeleteCommand = &cobra.Command{
+		Use:     "delete",
+		Aliases: []string{"d"},
+		Short:   "Deletes an existing user",
+		Run: func(cmd *cobra.Command, args []string) {
+			runDeleteUser(cmd.Context())
+		},
+	}
+
+	userEditCommand = &cobra.Command{
+		Use:     "edit",
+		Aliases: []string{"e"},
+		Short:   "Edit a user",
+		Long:    "Edit the password, admin status, and/or library access",
+		Run: func(cmd *cobra.Command, args []string) {
+			runUserEdit(cmd.Context())
+		},
+	}
+
+	userListCommand = &cobra.Command{
+		Use:   "list",
+		Short: "List users",
+		Run: func(cmd *cobra.Command, args []string) {
+			runUserList(cmd.Context())
+		},
+	}
+)
+
+func promptPassword() string {
+	for {
+		fmt.Print("Enter new password (press enter with no password to cancel): ")
+		// This cast is necessary for some platforms
+		password, err := term.ReadPassword(int(syscall.Stdin)) //nolint:unconvert
+
+		if err != nil {
+			log.Fatal("Error getting password", err)
+		}
+
+		fmt.Print("\nConfirm new password (press enter with no password to cancel): ")
+		confirmation, err := term.ReadPassword(int(syscall.Stdin)) //nolint:unconvert
+
+		if err != nil {
+			log.Fatal("Error getting password confirmation", err)
+		}
+
+		// clear the line.
+		fmt.Println()
+
+		pass := string(password)
+		confirm := string(confirmation)
+
+		if pass == "" {
+			return ""
+		}
+
+		if pass == confirm {
+			return pass
+		}
+
+		fmt.Println("Password and password confirmation do not match")
+	}
+}
+
+func libraryError(libraries model.Libraries) error {
+	ids := make([]int, len(libraries))
+	for idx, library := range libraries {
+		ids[idx] = library.ID
+	}
+	return fmt.Errorf("not all available libraries found. Requested ids: %v, Found libraries: %v", libraryIds, ids)
+}
+
+func runCreateUser(ctx context.Context) {
+	password := promptPassword()
+	if password == "" {
+		log.Fatal("Empty password provided, user creation cancelled")
+	}
+
+	user := model.User{
+		UserName:    userID,
+		Email:       email,
+		Name:        name,
+		IsAdmin:     setAdmin,
+		NewPassword: password,
+	}
+
+	if user.Name == "" {
+		user.Name = userID
+	}
+
+	ds, ctx := getAdminContext(ctx)
+
+	err := ds.WithTx(func(tx model.DataStore) error {
+		existingUser, err := tx.User(ctx).FindByUsername(userID)
+		if existingUser != nil {
+			return fmt.Errorf("existing user '%s'", userID)
+		}
+
+		if err != nil && !errors.Is(err, model.ErrNotFound) {
+			return fmt.Errorf("failed to check existing username: %w", err)
+		}
+
+		if len(libraryIds) > 0 && !setAdmin {
+			user.Libraries, err = tx.Library(ctx).GetAll(model.QueryOptions{Filters: squirrel.Eq{"id": libraryIds}})
+			if err != nil {
+				return err
+			}
+
+			if len(user.Libraries) != len(libraryIds) {
+				return libraryError(user.Libraries)
+			}
+		} else {
+			user.Libraries, err = tx.Library(ctx).GetAll()
+			if err != nil {
+				return err
+			}
+		}
+
+		err = tx.User(ctx).Put(&user)
+		if err != nil {
+			return err
+		}
+
+		updatedIds := make([]int, len(user.Libraries))
+		for idx, lib := range user.Libraries {
+			updatedIds[idx] = lib.ID
+		}
+
+		err = tx.User(ctx).SetUserLibraries(user.ID, updatedIds)
+		return err
+	})
+
+	if err != nil {
+		log.Fatal(ctx, err)
+	}
+
+	log.Info(ctx, "Successfully created user", "id", user.ID, "username", user.UserName)
+}
+
+func runDeleteUser(ctx context.Context) {
+	ds, ctx := getAdminContext(ctx)
+
+	var err error
+	var user *model.User
+
+	err = ds.WithTx(func(tx model.DataStore) error {
+		count, err := tx.User(ctx).CountAll()
+		if err != nil {
+			return err
+		}
+
+		if count == 1 {
+			return errors.New("refusing to delete the last user")
+		}
+
+		user, err = getUser(ctx, userID, tx)
+		if err != nil {
+			return err
+		}
+
+		return tx.User(ctx).Delete(user.ID)
+	})
+
+	if err != nil {
+		log.Fatal(ctx, "Failed to delete user", err)
+	}
+
+	log.Info(ctx, "Deleted user", "username", user.UserName)
+}
+
+func runUserEdit(ctx context.Context) {
+	ds, ctx := getAdminContext(ctx)
+
+	var err error
+	var user *model.User
+	changes := []string{}
+
+	err = ds.WithTx(func(tx model.DataStore) error {
+		var newLibraries model.Libraries
+
+		user, err = getUser(ctx, userID, tx)
+		if err != nil {
+			return err
+		}
+
+		if len(libraryIds) > 0 && !setAdmin {
+			libraries, err := tx.Library(ctx).GetAll(model.QueryOptions{Filters: squirrel.Eq{"id": libraryIds}})
+
+			if err != nil {
+				return err
+			}
+
+			if len(libraries) != len(libraryIds) {
+				return libraryError(libraries)
+			}
+
+			newLibraries = libraries
+			changes = append(changes, "updated library ids")
+		}
+
+		if setAdmin && !user.IsAdmin {
+			libraries, err := tx.Library(ctx).GetAll()
+			if err != nil {
+				return err
+			}
+
+			user.IsAdmin = true
+			user.Libraries = libraries
+			changes = append(changes, "set admin")
+
+			newLibraries = libraries
+		}
+
+		if setRegularUser && user.IsAdmin {
+			user.IsAdmin = false
+			changes = append(changes, "set regular user")
+		}
+
+		if setPassword {
+			password := promptPassword()
+
+			if password != "" {
+				user.NewPassword = password
+				changes = append(changes, "updated password")
+			}
+		}
+
+		if email != "" && email != user.Email {
+			user.Email = email
+			changes = append(changes, "updated email")
+		} else if removeEmail && user.Email != "" {
+			user.Email = ""
+			changes = append(changes, "removed email")
+		}
+
+		if name != "" && name != user.Name {
+			user.Name = name
+			changes = append(changes, "updated name")
+		} else if removeName && user.Name != "" {
+			user.Name = ""
+			changes = append(changes, "removed name")
+		}
+
+		if len(changes) == 0 {
+			return nil
+		}
+
+		err := tx.User(ctx).Put(user)
+		if err != nil {
+			return err
+		}
+
+		if len(newLibraries) > 0 {
+			updatedIds := make([]int, len(newLibraries))
+			for idx, lib := range newLibraries {
+				updatedIds[idx] = lib.ID
+			}
+
+			err := tx.User(ctx).SetUserLibraries(user.ID, updatedIds)
+			if err != nil {
+				return err
+			}
+		}
+
+		return nil
+	})
+
+	if err != nil {
+		log.Fatal(ctx, "Failed to update user", err)
+	}
+
+	if len(changes) == 0 {
+		log.Info(ctx, "No changes for user", "user", user.UserName)
+	} else {
+		log.Info(ctx, "Updated user", "user", user.UserName, "changes", strings.Join(changes, ", "))
+	}
+}
+
+type displayLibrary struct {
+	ID   int    `json:"id"`
+	Path string `json:"path"`
+}
+
+type displayUser struct {
+	Id         string           `json:"id"`
+	Username   string           `json:"username"`
+	Name       string           `json:"name"`
+	Email      string           `json:"email"`
+	Admin      bool             `json:"admin"`
+	CreatedAt  time.Time        `json:"createdAt"`
+	UpdatedAt  time.Time        `json:"updatedAt"`
+	LastAccess *time.Time       `json:"lastAccess"`
+	LastLogin  *time.Time       `json:"lastLogin"`
+	Libraries  []displayLibrary `json:"libraries"`
+}
+
+func runUserList(ctx context.Context) {
+	if outputFormat != "csv" && outputFormat != "json" {
+		log.Fatal("Invalid output format. Must be one of csv, json", "format", outputFormat)
+	}
+
+	ds, ctx := getAdminContext(ctx)
+
+	users, err := ds.User(ctx).ReadAll()
+	if err != nil {
+		log.Fatal(ctx, "Failed to retrieve users", err)
+	}
+
+	userList := users.(model.Users)
+
+	if outputFormat == "csv" {
+		w := csv.NewWriter(os.Stdout)
+		_ = w.Write([]string{
+			"user id",
+			"username",
+			"user's name",
+			"user email",
+			"admin",
+			"created at",
+			"updated at",
+			"last access",
+			"last login",
+			"libraries",
+		})
+		for _, user := range userList {
+			paths := make([]string, len(user.Libraries))
+
+			for idx, library := range user.Libraries {
+				paths[idx] = fmt.Sprintf("%d:%s", library.ID, library.Path)
+			}
+
+			var lastAccess, lastLogin string
+
+			if user.LastAccessAt != nil {
+				lastAccess = user.LastAccessAt.Format(time.RFC3339Nano)
+			} else {
+				lastAccess = "never"
+			}
+
+			if user.LastLoginAt != nil {
+				lastLogin = user.LastLoginAt.Format(time.RFC3339Nano)
+			} else {
+				lastLogin = "never"
+			}
+
+			_ = w.Write([]string{
+				user.ID,
+				user.UserName,
+				user.Name,
+				user.Email,
+				strconv.FormatBool(user.IsAdmin),
+				user.CreatedAt.Format(time.RFC3339Nano),
+				user.UpdatedAt.Format(time.RFC3339Nano),
+				lastAccess,
+				lastLogin,
+				fmt.Sprintf("'%s'", strings.Join(paths, "|")),
+			})
+		}
+		w.Flush()
+	} else {
+		users := make([]displayUser, len(userList))
+		for idx, user := range userList {
+			paths := make([]displayLibrary, len(user.Libraries))
+
+			for idx, library := range user.Libraries {
+				paths[idx].ID = library.ID
+				paths[idx].Path = library.Path
+			}
+
+			users[idx].Id = user.ID
+			users[idx].Username = user.UserName
+			users[idx].Name = user.Name
+			users[idx].Email = user.Email
+			users[idx].Admin = user.IsAdmin
+			users[idx].CreatedAt = user.CreatedAt
+			users[idx].UpdatedAt = user.UpdatedAt
+			users[idx].LastAccess = user.LastAccessAt
+			users[idx].LastLogin = user.LastLoginAt
+			users[idx].Libraries = paths
+		}
+
+		j, _ := json.Marshal(users)
+		fmt.Printf("%s\n", j)
+	}
+}
--- a/cmd/utils.go
+++ b/cmd/utils.go
@@ -0,0 +1,42 @@
+package cmd
+
+import (
+	"context"
+	"errors"
+	"fmt"
+
+	"github.com/navidrome/navidrome/core/auth"
+	"github.com/navidrome/navidrome/db"
+	"github.com/navidrome/navidrome/log"
+	"github.com/navidrome/navidrome/model"
+	"github.com/navidrome/navidrome/model/request"
+	"github.com/navidrome/navidrome/persistence"
+)
+
+func getAdminContext(ctx context.Context) (model.DataStore, context.Context) {
+	sqlDB := db.Db()
+	ds := persistence.New(sqlDB)
+	ctx = auth.WithAdminUser(ctx, ds)
+	u, _ := request.UserFrom(ctx)
+	if !u.IsAdmin {
+		log.Fatal(ctx, "There must be at least one admin user to run this command.")
+	}
+	return ds, ctx
+}
+
+func getUser(ctx context.Context, id string, ds model.DataStore) (*model.User, error) {
+	user, err := ds.User(ctx).FindByUsername(id)
+
+	if err != nil && !errors.Is(err, model.ErrNotFound) {
+		return nil, fmt.Errorf("finding user by name: %w", err)
+	}
+
+	if errors.Is(err, model.ErrNotFound) {
+		user, err = ds.User(ctx).Get(id)
+		if err != nil {
+			return nil, fmt.Errorf("finding user by id: %w", err)
+		}
+	}
+
+	return user, nil
+}
--- a/cmd/wire_gen.go
+++ b/cmd/wire_gen.go
@@ -47,9 +47,7 @@ func CreateServer() *server.Server {
 	sqlDB := db.Db()
 	dataStore := persistence.New(sqlDB)
 	broker := events.GetBroker()
-	metricsMetrics := metrics.GetPrometheusInstance(dataStore)
-	manager := plugins.GetManager(dataStore, metricsMetrics)
-	insights := metrics.GetInstance(dataStore, manager)
+	insights := metrics.GetInstance(dataStore)
 	serverServer := server.New(dataStore, broker, insights)
 	return serverServer
 }
@@ -59,21 +57,21 @@ func CreateNativeAPIRouter(ctx context.Context) *nativeapi.Router {
 	dataStore := persistence.New(sqlDB)
 	share := core.NewShare(dataStore)
 	playlists := core.NewPlaylists(dataStore)
-	metricsMetrics := metrics.GetPrometheusInstance(dataStore)
-	manager := plugins.GetManager(dataStore, metricsMetrics)
-	insights := metrics.GetInstance(dataStore, manager)
+	insights := metrics.GetInstance(dataStore)
 	fileCache := artwork.GetImageCache()
 	fFmpeg := ffmpeg.New()
+	broker := events.GetBroker()
+	manager := plugins.GetManager(dataStore, broker)
 	agentsAgents := agents.GetAgents(dataStore, manager)
 	provider := external.NewProvider(dataStore, agentsAgents)
 	artworkArtwork := artwork.NewArtwork(dataStore, fileCache, fFmpeg, provider)
 	cacheWarmer := artwork.NewCacheWarmer(artworkArtwork, fileCache)
-	broker := events.GetBroker()
+	metricsMetrics := metrics.GetPrometheusInstance(dataStore)
 	modelScanner := scanner.New(ctx, dataStore, cacheWarmer, broker, playlists, metricsMetrics)
 	watcher := scanner.GetWatcher(dataStore, modelScanner)
 	library := core.NewLibrary(dataStore, modelScanner, watcher, broker)
 	maintenance := core.NewMaintenance(dataStore)
-	router := nativeapi.New(dataStore, share, playlists, insights, library, maintenance)
+	router := nativeapi.New(dataStore, share, playlists, insights, library, maintenance, manager)
 	return router
 }

@@ -82,8 +80,8 @@ func CreateSubsonicAPIRouter(ctx context.Context) *subsonic.Router {
 	dataStore := persistence.New(sqlDB)
 	fileCache := artwork.GetImageCache()
 	fFmpeg := ffmpeg.New()
-	metricsMetrics := metrics.GetPrometheusInstance(dataStore)
-	manager := plugins.GetManager(dataStore, metricsMetrics)
+	broker := events.GetBroker()
+	manager := plugins.GetManager(dataStore, broker)
 	agentsAgents := agents.GetAgents(dataStore, manager)
 	provider := external.NewProvider(dataStore, agentsAgents)
 	artworkArtwork := artwork.NewArtwork(dataStore, fileCache, fFmpeg, provider)
@@ -93,8 +91,8 @@ func CreateSubsonicAPIRouter(ctx context.Context) *subsonic.Router {
 	archiver := core.NewArchiver(mediaStreamer, dataStore, share)
 	players := core.NewPlayers(dataStore)
 	cacheWarmer := artwork.NewCacheWarmer(artworkArtwork, fileCache)
-	broker := events.GetBroker()
 	playlists := core.NewPlaylists(dataStore)
+	metricsMetrics := metrics.GetPrometheusInstance(dataStore)
 	modelScanner := scanner.New(ctx, dataStore, cacheWarmer, broker, playlists, metricsMetrics)
 	playTracker := scrobbler.GetPlayTracker(dataStore, broker, manager)
 	playbackServer := playback.GetInstance(dataStore)
@@ -107,8 +105,8 @@ func CreatePublicRouter() *public.Router {
 	dataStore := persistence.New(sqlDB)
 	fileCache := artwork.GetImageCache()
 	fFmpeg := ffmpeg.New()
-	metricsMetrics := metrics.GetPrometheusInstance(dataStore)
-	manager := plugins.GetManager(dataStore, metricsMetrics)
+	broker := events.GetBroker()
+	manager := plugins.GetManager(dataStore, broker)
 	agentsAgents := agents.GetAgents(dataStore, manager)
 	provider := external.NewProvider(dataStore, agentsAgents)
 	artworkArtwork := artwork.NewArtwork(dataStore, fileCache, fFmpeg, provider)
@@ -137,9 +135,7 @@ func CreateListenBrainzRouter() *listenbrainz.Router {
 func CreateInsights() metrics.Insights {
 	sqlDB := db.Db()
 	dataStore := persistence.New(sqlDB)
-	metricsMetrics := metrics.GetPrometheusInstance(dataStore)
-	manager := plugins.GetManager(dataStore, metricsMetrics)
-	insights := metrics.GetInstance(dataStore, manager)
+	insights := metrics.GetInstance(dataStore)
 	return insights
 }

@@ -155,14 +151,14 @@ func CreateScanner(ctx context.Context) model.Scanner {
 	dataStore := persistence.New(sqlDB)
 	fileCache := artwork.GetImageCache()
 	fFmpeg := ffmpeg.New()
-	metricsMetrics := metrics.GetPrometheusInstance(dataStore)
-	manager := plugins.GetManager(dataStore, metricsMetrics)
+	broker := events.GetBroker()
+	manager := plugins.GetManager(dataStore, broker)
 	agentsAgents := agents.GetAgents(dataStore, manager)
 	provider := external.NewProvider(dataStore, agentsAgents)
 	artworkArtwork := artwork.NewArtwork(dataStore, fileCache, fFmpeg, provider)
 	cacheWarmer := artwork.NewCacheWarmer(artworkArtwork, fileCache)
-	broker := events.GetBroker()
 	playlists := core.NewPlaylists(dataStore)
+	metricsMetrics := metrics.GetPrometheusInstance(dataStore)
 	modelScanner := scanner.New(ctx, dataStore, cacheWarmer, broker, playlists, metricsMetrics)
 	return modelScanner
 }
@@ -172,14 +168,14 @@ func CreateScanWatcher(ctx context.Context) scanner.Watcher {
 	dataStore := persistence.New(sqlDB)
 	fileCache := artwork.GetImageCache()
 	fFmpeg := ffmpeg.New()
-	metricsMetrics := metrics.GetPrometheusInstance(dataStore)
-	manager := plugins.GetManager(dataStore, metricsMetrics)
+	broker := events.GetBroker()
+	manager := plugins.GetManager(dataStore, broker)
 	agentsAgents := agents.GetAgents(dataStore, manager)
 	provider := external.NewProvider(dataStore, agentsAgents)
 	artworkArtwork := artwork.NewArtwork(dataStore, fileCache, fFmpeg, provider)
 	cacheWarmer := artwork.NewCacheWarmer(artworkArtwork, fileCache)
-	broker := events.GetBroker()
 	playlists := core.NewPlaylists(dataStore)
+	metricsMetrics := metrics.GetPrometheusInstance(dataStore)
 	modelScanner := scanner.New(ctx, dataStore, cacheWarmer, broker, playlists, metricsMetrics)
 	watcher := scanner.GetWatcher(dataStore, modelScanner)
 	return watcher
@@ -192,19 +188,19 @@ func GetPlaybackServer() playback.PlaybackServer {
 	return playbackServer
 }

-func getPluginManager() plugins.Manager {
+func getPluginManager() *plugins.Manager {
 	sqlDB := db.Db()
 	dataStore := persistence.New(sqlDB)
-	metricsMetrics := metrics.GetPrometheusInstance(dataStore)
-	manager := plugins.GetManager(dataStore, metricsMetrics)
+	broker := events.GetBroker()
+	manager := plugins.GetManager(dataStore, broker)
 	return manager
 }

 // wire_injectors.go:

-var allProviders = wire.NewSet(core.Set, artwork.Set, server.New, subsonic.New, nativeapi.New, public.New, persistence.New, lastfm.NewRouter, listenbrainz.NewRouter, events.GetBroker, scanner.New, scanner.GetWatcher, plugins.GetManager, metrics.GetPrometheusInstance, db.Db, wire.Bind(new(agents.PluginLoader), new(plugins.Manager)), wire.Bind(new(scrobbler.PluginLoader), new(plugins.Manager)), wire.Bind(new(metrics.PluginLoader), new(plugins.Manager)), wire.Bind(new(core.Watcher), new(scanner.Watcher)))
+var allProviders = wire.NewSet(core.Set, artwork.Set, server.New, subsonic.New, nativeapi.New, public.New, persistence.New, lastfm.NewRouter, listenbrainz.NewRouter, events.GetBroker, scanner.New, scanner.GetWatcher, metrics.GetPrometheusInstance, db.Db, plugins.GetManager, wire.Bind(new(agents.PluginLoader), new(*plugins.Manager)), wire.Bind(new(scrobbler.PluginLoader), new(*plugins.Manager)), wire.Bind(new(nativeapi.PluginManager), new(*plugins.Manager)), wire.Bind(new(core.Watcher), new(scanner.Watcher)))

-func GetPluginManager(ctx context.Context) plugins.Manager {
+func GetPluginManager(ctx context.Context) *plugins.Manager {
 	manager := getPluginManager()
 	manager.SetSubsonicRouter(CreateSubsonicAPIRouter(ctx))
 	return manager
--- a/cmd/wire_injectors.go
+++ b/cmd/wire_injectors.go
@@ -39,12 +39,12 @@ var allProviders = wire.NewSet(
 	events.GetBroker,
 	scanner.New,
 	scanner.GetWatcher,
-	plugins.GetManager,
 	metrics.GetPrometheusInstance,
 	db.Db,
-	wire.Bind(new(agents.PluginLoader), new(plugins.Manager)),
-	wire.Bind(new(scrobbler.PluginLoader), new(plugins.Manager)),
-	wire.Bind(new(metrics.PluginLoader), new(plugins.Manager)),
+	plugins.GetManager,
+	wire.Bind(new(agents.PluginLoader), new(*plugins.Manager)),
+	wire.Bind(new(scrobbler.PluginLoader), new(*plugins.Manager)),
+	wire.Bind(new(nativeapi.PluginManager), new(*plugins.Manager)),
 	wire.Bind(new(core.Watcher), new(scanner.Watcher)),
 )

@@ -120,13 +120,13 @@ func GetPlaybackServer() playback.PlaybackServer {
 	))
 }

-func getPluginManager() plugins.Manager {
+func getPluginManager() *plugins.Manager {
 	panic(wire.Build(
 		allProviders,
 	))
 }

-func GetPluginManager(ctx context.Context) plugins.Manager {
+func GetPluginManager(ctx context.Context) *plugins.Manager {
 	manager := getPluginManager()
 	manager.SetSubsonicRouter(CreateSubsonicAPIRouter(ctx))
 	return manager
--- a/conf/configuration.go
+++ b/conf/configuration.go
@@ -41,6 +41,7 @@ type configOptions struct {
 	UIWelcomeMessage                string
 	MaxSidebarPlaylists             int
 	EnableTranscodingConfig         bool
+	EnableTranscodingCancellation   bool
 	EnableDownloads                 bool
 	EnableExternalServices          bool
 	EnableInsightsCollector         bool
@@ -86,11 +87,9 @@ type configOptions struct {
 	AuthRequestLimit                int
 	AuthWindowLength                time.Duration
 	PasswordEncryptionKey           string
-	ReverseProxyUserHeader          string
-	ReverseProxyWhitelist           string
+	ExtAuth                         extAuthOptions
 	Plugins                         pluginsOptions
-	PluginConfig                    map[string]map[string]string
-	HTTPSecurityHeaders             secureOptions       `json:",omitzero"`
+	HTTPHeaders                     httpHeaderOptions   `json:",omitzero"`
 	Prometheus                      prometheusOptions   `json:",omitzero"`
 	Scanner                         scannerOptions      `json:",omitzero"`
 	Jukebox                         jukeboxOptions      `json:",omitzero"`
@@ -102,36 +101,38 @@ type configOptions struct {
 	Spotify                         spotifyOptions      `json:",omitzero"`
 	Deezer                          deezerOptions       `json:",omitzero"`
 	ListenBrainz                    listenBrainzOptions `json:",omitzero"`
-	Tags                            map[string]TagConf  `json:",omitempty"`
+	EnableScrobbleHistory           bool
+	Tags                            map[string]TagConf `json:",omitempty"`
 	Agents                          string

 	// DevFlags. These are used to enable/disable debugging and incomplete features
-	DevLogLevels                     map[string]string `json:",omitempty"`
-	DevLogSourceLine                 bool
-	DevEnableProfiler                bool
-	DevAutoCreateAdminPassword       string
-	DevAutoLoginUsername             string
-	DevActivityPanel                 bool
-	DevActivityPanelUpdateRate       time.Duration
-	DevSidebarPlaylists              bool
-	DevShowArtistPage                bool
-	DevUIShowConfig                  bool
-	DevNewEventStream                bool
-	DevOffsetOptimize                int
-	DevArtworkMaxRequests            int
-	DevArtworkThrottleBacklogLimit   int
-	DevArtworkThrottleBacklogTimeout time.Duration
-	DevArtistInfoTimeToLive          time.Duration
-	DevAlbumInfoTimeToLive           time.Duration
-	DevExternalScanner               bool
-	DevScannerThreads                uint
-	DevSelectiveWatcher              bool
-	DevInsightsInitialDelay          time.Duration
-	DevEnablePlayerInsights          bool
-	DevEnablePluginsInsights         bool
-	DevPluginCompilationTimeout      time.Duration
-	DevExternalArtistFetchMultiplier float64
-	DevOptimizeDB                    bool
+	DevLogLevels                      map[string]string `json:",omitempty"`
+	DevLogSourceLine                  bool
+	DevEnableProfiler                 bool
+	DevAutoCreateAdminPassword        string
+	DevAutoLoginUsername              string
+	DevActivityPanel                  bool
+	DevActivityPanelUpdateRate        time.Duration
+	DevSidebarPlaylists               bool
+	DevShowArtistPage                 bool
+	DevUIShowConfig                   bool
+	DevNewEventStream                 bool
+	DevOffsetOptimize                 int
+	DevArtworkMaxRequests             int
+	DevArtworkThrottleBacklogLimit    int
+	DevArtworkThrottleBacklogTimeout  time.Duration
+	DevArtistInfoTimeToLive           time.Duration
+	DevAlbumInfoTimeToLive            time.Duration
+	DevExternalScanner                bool
+	DevScannerThreads                 uint
+	DevSelectiveWatcher               bool
+	DevInsightsInitialDelay           time.Duration
+	DevEnablePlayerInsights           bool
+	DevEnablePluginsInsights          bool
+	DevPluginCompilationTimeout       time.Duration
+	DevExternalArtistFetchMultiplier  float64
+	DevOptimizeDB                     bool
+	DevPreserveUnicodeInExternalCalls bool
 }

 type scannerOptions struct {
@@ -186,8 +187,8 @@ type listenBrainzOptions struct {
 	BaseURL string
 }

-type secureOptions struct {
-	CustomFrameOptionsValue string
+type httpHeaderOptions struct {
+	FrameOptions string
 }

 type prometheusOptions struct {
@@ -224,9 +225,16 @@ type inspectOptions struct {
 }

 type pluginsOptions struct {
-	Enabled   bool
-	Folder    string
-	CacheSize string
+	Enabled    bool
+	Folder     string
+	CacheSize  string
+	AutoReload bool
+	LogLevel   string
+}
+
+type extAuthOptions struct {
+	TrustedSources string
+	UserHeader     string
 }

 var (
@@ -247,6 +255,11 @@ func LoadFromFile(confFile string) {
 func Load(noConfigDump bool) {
 	parseIniFileConfiguration()

+	// Map deprecated options to their new names for backwards compatibility
+	mapDeprecatedOption("ReverseProxyWhitelist", "ExtAuth.TrustedSources")
+	mapDeprecatedOption("ReverseProxyUserHeader", "ExtAuth.UserHeader")
+	mapDeprecatedOption("HTTPSecurityHeaders.CustomFrameOptionsValue", "HTTPHeaders.FrameOptions")
+
 	err := viper.Unmarshal(&Server)
 	if err != nil {
 		_, _ = fmt.Fprintln(os.Stderr, "FATAL: Error parsing config:", err)
@@ -330,9 +343,18 @@ func Load(noConfigDump bool) {
 		Server.BaseScheme = u.Scheme
 	}

+	// Log configuration source
+	if Server.ConfigFile != "" {
+		log.Info("Loaded configuration", "file", Server.ConfigFile)
+	} else if hasNDEnvVars() {
+		log.Info("No configuration file found. Loaded configuration only from environment variables")
+	} else {
+		log.Warn("No configuration file found. Using default values. To specify a config file, use the --configfile flag or set the ND_CONFIGFILE environment variable.")
+	}
+
 	// Print current configuration if log level is Debug
 	if log.IsGreaterOrEqualTo(log.LevelDebug) && !noConfigDump {
-		prettyConf := pretty.Sprintf("Loaded configuration from '%s': %# v", Server.ConfigFile, Server)
+		prettyConf := pretty.Sprintf("Configuration: %# v", Server)
 		if Server.EnableLogRedacting {
 			prettyConf = log.Redact(prettyConf)
 		}
@@ -347,9 +369,12 @@ func Load(noConfigDump bool) {
 		log.Warn(fmt.Sprintf("Extractor '%s' is not implemented, using 'taglib'", Server.Scanner.Extractor))
 		Server.Scanner.Extractor = consts.DefaultScannerExtractor
 	}
-	logDeprecatedOptions("Scanner.GenreSeparators")
-	logDeprecatedOptions("Scanner.GroupAlbumReleases")
-	logDeprecatedOptions("DevEnableBufferedScrobble") // Deprecated: Buffered scrobbling is now always enabled and this option is ignored
+	logDeprecatedOptions("Scanner.GenreSeparators", "")
+	logDeprecatedOptions("Scanner.GroupAlbumReleases", "")
+	logDeprecatedOptions("DevEnableBufferedScrobble", "") // Deprecated: Buffered scrobbling is now always enabled and this option is ignored
+	logDeprecatedOptions("ReverseProxyWhitelist", "ExtAuth.TrustedSources")
+	logDeprecatedOptions("ReverseProxyUserHeader", "ExtAuth.UserHeader")
+	logDeprecatedOptions("HTTPSecurityHeaders.CustomFrameOptionsValue", "HTTPHeaders.FrameOptions")

 	// Call init hooks
 	for _, hook := range hooks {
@@ -357,16 +382,30 @@ func Load(noConfigDump bool) {
 	}
 }

-func logDeprecatedOptions(options ...string) {
-	for _, option := range options {
-		envVar := "ND_" + strings.ToUpper(strings.ReplaceAll(option, ".", "_"))
-		if os.Getenv(envVar) != "" {
-			log.Warn(fmt.Sprintf("Option '%s' is deprecated and will be ignored in a future release", envVar))
-		}
-		if viper.InConfig(option) {
-			log.Warn(fmt.Sprintf("Option '%s' is deprecated and will be ignored in a future release", option))
+func logDeprecatedOptions(oldName, newName string) {
+	envVar := "ND_" + strings.ToUpper(strings.ReplaceAll(oldName, ".", "_"))
+	newEnvVar := "ND_" + strings.ToUpper(strings.ReplaceAll(newName, ".", "_"))
+	logWarning := func(oldName, newName string) {
+		if newName != "" {
+			log.Warn(fmt.Sprintf("Option '%s' is deprecated and will be ignored in a future release. Please use the new '%s'", oldName, newName))
+		} else {
+			log.Warn(fmt.Sprintf("Option '%s' is deprecated and will be ignored in a future release", oldName))
 		}
 	}
+	if os.Getenv(envVar) != "" {
+		logWarning(envVar, newEnvVar)
+	}
+	if viper.InConfig(oldName) {
+		logWarning(oldName, newName)
+	}
+}
+
+// mapDeprecatedOption is used to provide backwards compatibility for deprecated options. It should be called after
+// the config has been read by viper, but before unmarshalling it into the Config struct.
+func mapDeprecatedOption(legacyName, newName string) {
+	if viper.IsSet(legacyName) {
+		viper.Set(newName, viper.Get(legacyName))
+	}
 }

 // parseIniFileConfiguration is used to parse the config file when it is in INI format. For INI files, it
@@ -475,6 +514,16 @@ func AddHook(hook func()) {
 	hooks = append(hooks, hook)
 }

+// hasNDEnvVars checks if any ND_ prefixed environment variables are set (excluding ND_CONFIGFILE)
+func hasNDEnvVars() bool {
+	for _, env := range os.Environ() {
+		if strings.HasPrefix(env, "ND_") && !strings.HasPrefix(env, "ND_CONFIGFILE=") {
+			return true
+		}
+	}
+	return false
+}
+
 func setViperDefaults() {
 	viper.SetDefault("musicfolder", filepath.Join(".", "music"))
 	viper.SetDefault("cachefolder", "")
@@ -492,6 +541,7 @@ func setViperDefaults() {
 	viper.SetDefault("uiwelcomemessage", "")
 	viper.SetDefault("maxsidebarplaylists", consts.DefaultMaxSidebarPlaylists)
 	viper.SetDefault("enabletranscodingconfig", false)
+	viper.SetDefault("enabletranscodingcancellation", false)
 	viper.SetDefault("transcodingcachesize", "100MB")
 	viper.SetDefault("imagecachesize", "100MB")
 	viper.SetDefault("albumplaycountmode", consts.AlbumPlayCountModeAbsolute)
@@ -536,8 +586,8 @@ func setViperDefaults() {
 	viper.SetDefault("authrequestlimit", 5)
 	viper.SetDefault("authwindowlength", 20*time.Second)
 	viper.SetDefault("passwordencryptionkey", "")
-	viper.SetDefault("reverseproxyuserheader", "Remote-User")
-	viper.SetDefault("reverseproxywhitelist", "")
+	viper.SetDefault("extauth.userheader", "Remote-User")
+	viper.SetDefault("extauth.trustedsources", "")
 	viper.SetDefault("prometheus.enabled", false)
 	viper.SetDefault("prometheus.metricspath", consts.PrometheusDefaultPath)
 	viper.SetDefault("prometheus.password", "")
@@ -558,7 +608,7 @@ func setViperDefaults() {
 	viper.SetDefault("subsonic.appendsubtitle", true)
 	viper.SetDefault("subsonic.artistparticipations", false)
 	viper.SetDefault("subsonic.defaultreportrealpath", false)
-	viper.SetDefault("subsonic.legacyclients", "DSub")
+	viper.SetDefault("subsonic.legacyclients", "DSub,SubMusic")
 	viper.SetDefault("agents", "lastfm,spotify,deezer")
 	viper.SetDefault("lastfm.enabled", true)
 	viper.SetDefault("lastfm.language", "en")
@@ -571,7 +621,8 @@ func setViperDefaults() {
 	viper.SetDefault("deezer.language", "en")
 	viper.SetDefault("listenbrainz.enabled", true)
 	viper.SetDefault("listenbrainz.baseurl", "https://api.listenbrainz.org/1/")
-	viper.SetDefault("httpsecurityheaders.customframeoptionsvalue", "DENY")
+	viper.SetDefault("enablescrobblehistory", true)
+	viper.SetDefault("httpheaders.frameoptions", "DENY")
 	viper.SetDefault("backup.path", "")
 	viper.SetDefault("backup.schedule", "")
 	viper.SetDefault("backup.count", 0)
@@ -583,7 +634,8 @@ func setViperDefaults() {
 	viper.SetDefault("inspect.backlogtimeout", consts.RequestThrottleBacklogTimeout)
 	viper.SetDefault("plugins.folder", "")
 	viper.SetDefault("plugins.enabled", false)
-	viper.SetDefault("plugins.cachesize", "100MB")
+	viper.SetDefault("plugins.cachesize", "200MB")
+	viper.SetDefault("plugins.autoreload", false)

 	// DevFlags. These are used to enable/disable debugging and incomplete features
 	viper.SetDefault("devlogsourceline", false)
@@ -611,6 +663,7 @@ func setViperDefaults() {
 	viper.SetDefault("devplugincompilationtimeout", time.Minute)
 	viper.SetDefault("devexternalartistfetchmultiplier", 1.5)
 	viper.SetDefault("devoptimizedb", true)
+	viper.SetDefault("devpreserveunicodeinexternalcalls", false)
 }

 func init() {
--- a/conf/configuration_test.go
+++ b/conf/configuration_test.go
@@ -41,6 +41,9 @@ var _ = Describe("Configuration", func() {
 			Expect(conf.Server.Tags["custom"].Aliases).To(Equal([]string{format, "test"}))
 			Expect(conf.Server.Tags["artist"].Split).To(Equal([]string{";"}))

+			// Check deprecated option mapping
+			Expect(conf.Server.ExtAuth.UserHeader).To(Equal("X-Auth-User"))
+
 			// The config file used should be the one we created
 			Expect(conf.Server.ConfigFile).To(Equal(filename))
 		},
--- a/conf/testdata/cfg.ini
+++ b/conf/testdata/cfg.ini
@@ -1,6 +1,7 @@
 [default]
 MusicFolder = /ini/music
 UIWelcomeMessage = 'Welcome ini' ; Just a comment to test the LoadOptions
+ReverseProxyUserHeader = 'X-Auth-User'

 [Tags]
 Custom.Aliases = ini,test
--- a/conf/testdata/cfg.json
+++ b/conf/testdata/cfg.json
@@ -1,6 +1,7 @@
 {
  "musicFolder": "/json/music",
  "uiWelcomeMessage": "Welcome json",
+  "reverseProxyUserHeader": "X-Auth-User",
  "Tags": {
    "artist": {
      "split": ";"
--- a/conf/testdata/cfg.toml
+++ b/conf/testdata/cfg.toml
@@ -1,5 +1,6 @@
 musicFolder = "/toml/music"
 uiWelcomeMessage = "Welcome toml"
+ReverseProxyUserHeader = "X-Auth-User"

 Tags.artist.Split = ';'

--- a/conf/testdata/cfg.yaml
+++ b/conf/testdata/cfg.yaml
@@ -1,5 +1,6 @@
 musicFolder: "/yaml/music"
 uiWelcomeMessage: "Welcome yaml"
+reverseProxyUserHeader: "X-Auth-User"
 Tags:
  artist:
    split:  [";"]
--- a/consts/consts.go
+++ b/consts/consts.go
@@ -150,6 +150,8 @@ var (
 	}
 )

+var HTTPUserAgent = "Navidrome" + "/" + Version
+
 var (
 	VariousArtists = "Various Artists"
 	// TODO This will be dynamic when using disambiguation
--- a/core/agents/agents.go
+++ b/core/agents/agents.go
@@ -64,6 +64,7 @@ func (a *Agents) getEnabledAgentNames() []enabledAgent {
 	if a.pluginLoader != nil {
 		availablePlugins = a.pluginLoader.PluginNames("MetadataAgent")
 	}
+	log.Trace("Available MetadataAgent plugins", "plugins", availablePlugins)

 	configuredAgents := strings.Split(conf.Server.Agents, ",")

@@ -354,6 +355,9 @@ func (a *Agents) GetAlbumImages(ctx context.Context, name, artist, mbid string)
 			continue
 		}
 		images, err := retriever.GetAlbumImages(ctx, name, artist, mbid)
+		if err != nil {
+			log.Trace(ctx, "Agent GetAlbumImages failed", "agent", ag.AgentName(), "album", name, "artist", artist, "mbid", mbid, err)
+		}
 		if len(images) > 0 && err == nil {
 			log.Debug(ctx, "Got Album Images", "agent", ag.AgentName(), "album", name, "artist", artist,
 				"mbid", mbid, "elapsed", time.Since(start))
--- a/core/agents/deezer/client.go
+++ b/core/agents/deezer/client.go
@@ -43,6 +43,7 @@ func newClient(hc httpDoer, language string) *client {
 func (c *client) searchArtists(ctx context.Context, name string, limit int) ([]Artist, error) {
 	params := url.Values{}
 	params.Add("q", name)
+	params.Add("order", "RANKING")
 	params.Add("limit", strconv.Itoa(limit))
 	req, err := http.NewRequestWithContext(ctx, "GET", apiBaseURL+"/search/artist", nil)
 	if err != nil {
--- a/core/agents/deezer/deezer.go
+++ b/core/agents/deezer/deezer.go
@@ -3,6 +3,7 @@ package deezer
 import (
 	"context"
 	"errors"
+	"fmt"
 	"net/http"
 	"strings"

@@ -82,10 +83,20 @@ func (s *deezerAgent) searchArtist(ctx context.Context, name string) (*Artist, e
 		return nil, err
 	}

+	log.Trace(ctx, "Artists found", "count", len(artists), "searched_name", name)
+	for i := range artists {
+		log.Trace(ctx, fmt.Sprintf("Artists found #%d", i), "name", artists[i].Name, "id", artists[i].ID, "link", artists[i].Link)
+		if i > 2 {
+			break
+		}
+	}
+
 	// If the first one has the same name, that's the one
 	if !strings.EqualFold(artists[0].Name, name) {
+		log.Trace(ctx, "Top artist do not match", "searched_name", name, "found_name", artists[0].Name)
 		return nil, agents.ErrNotFound
 	}
+	log.Trace(ctx, "Found artist", "name", artists[0].Name, "id", artists[0].ID, "link", artists[0].Link)
 	return &artists[0], err
 }

--- a/core/agents/lastfm/agent.go
+++ b/core/agents/lastfm/agent.go
@@ -290,11 +290,11 @@ func (l *lastfmAgent) callArtistGetTopTracks(ctx context.Context, artistName str
 	return t.Track, nil
 }

-func (l *lastfmAgent) getArtistForScrobble(track *model.MediaFile) string {
-	if conf.Server.LastFM.ScrobbleFirstArtistOnly && len(track.Participants[model.RoleArtist]) > 0 {
-		return track.Participants[model.RoleArtist][0].Name
+func (l *lastfmAgent) getArtistForScrobble(track *model.MediaFile, role model.Role, displayName string) string {
+	if conf.Server.LastFM.ScrobbleFirstArtistOnly && len(track.Participants[role]) > 0 {
+		return track.Participants[role][0].Name
 	}
-	return track.Artist
+	return displayName
 }

 func (l *lastfmAgent) NowPlaying(ctx context.Context, userId string, track *model.MediaFile, position int) error {
@@ -304,13 +304,13 @@ func (l *lastfmAgent) NowPlaying(ctx context.Context, userId string, track *mode
 	}

 	err = l.client.updateNowPlaying(ctx, sk, ScrobbleInfo{
-		artist:      l.getArtistForScrobble(track),
+		artist:      l.getArtistForScrobble(track, model.RoleArtist, track.Artist),
 		track:       track.Title,
 		album:       track.Album,
 		trackNumber: track.TrackNumber,
 		mbid:        track.MbzRecordingID,
 		duration:    int(track.Duration),
-		albumArtist: track.AlbumArtist,
+		albumArtist: l.getArtistForScrobble(track, model.RoleAlbumArtist, track.AlbumArtist),
 	})
 	if err != nil {
 		log.Warn(ctx, "Last.fm client.updateNowPlaying returned error", "track", track.Title, err)
@@ -330,13 +330,13 @@ func (l *lastfmAgent) Scrobble(ctx context.Context, userId string, s scrobbler.S
 		return nil
 	}
 	err = l.client.scrobble(ctx, sk, ScrobbleInfo{
-		artist:      l.getArtistForScrobble(&s.MediaFile),
+		artist:      l.getArtistForScrobble(&s.MediaFile, model.RoleArtist, s.Artist),
 		track:       s.Title,
 		album:       s.Album,
 		trackNumber: s.TrackNumber,
 		mbid:        s.MbzRecordingID,
 		duration:    int(s.Duration),
-		albumArtist: s.AlbumArtist,
+		albumArtist: l.getArtistForScrobble(&s.MediaFile, model.RoleAlbumArtist, s.AlbumArtist),
 		timestamp:   s.TimeStamp,
 	})
 	if err == nil {
--- a/core/agents/lastfm/agent_test.go
+++ b/core/agents/lastfm/agent_test.go
@@ -201,6 +201,10 @@ var _ = Describe("lastfmAgent", func() {
 						{Artist: model.Artist{ID: "ar-1", Name: "First Artist"}},
 						{Artist: model.Artist{ID: "ar-2", Name: "Second Artist"}},
 					},
+					model.RoleAlbumArtist: []model.Participant{
+						{Artist: model.Artist{ID: "ar-1", Name: "First Album Artist"}},
+						{Artist: model.Artist{ID: "ar-2", Name: "Second Album Artist"}},
+					},
 				},
 			}
 		})
@@ -229,6 +233,23 @@ var _ = Describe("lastfmAgent", func() {
 				err := agent.NowPlaying(ctx, "user-2", track, 0)
 				Expect(err).To(MatchError(scrobbler.ErrNotAuthorized))
 			})
+
+			When("ScrobbleFirstArtistOnly is true", func() {
+				BeforeEach(func() {
+					conf.Server.LastFM.ScrobbleFirstArtistOnly = true
+				})
+
+				It("uses only the first artist", func() {
+					httpClient.Res = http.Response{Body: io.NopCloser(bytes.NewBufferString("{}")), StatusCode: 200}
+
+					err := agent.NowPlaying(ctx, "user-1", track, 0)
+
+					Expect(err).ToNot(HaveOccurred())
+					sentParams := httpClient.SavedRequest.URL.Query()
+					Expect(sentParams.Get("artist")).To(Equal("First Artist"))
+					Expect(sentParams.Get("albumArtist")).To(Equal("First Album Artist"))
+				})
+			})
 		})

 		Describe("scrobble", func() {
@@ -267,6 +288,7 @@ var _ = Describe("lastfmAgent", func() {
 					Expect(err).ToNot(HaveOccurred())
 					sentParams := httpClient.SavedRequest.URL.Query()
 					Expect(sentParams.Get("artist")).To(Equal("First Artist"))
+					Expect(sentParams.Get("albumArtist")).To(Equal("First Album Artist"))
 				})
 			})

--- a/core/artwork/sources.go
+++ b/core/artwork/sources.go
@@ -182,6 +182,7 @@ func fromAlbumExternalSource(ctx context.Context, al model.Album, provider exter
 func fromURL(ctx context.Context, imageUrl *url.URL) (io.ReadCloser, string, error) {
 	hc := http.Client{Timeout: 5 * time.Second}
 	req, _ := http.NewRequestWithContext(ctx, http.MethodGet, imageUrl.String(), nil)
+	req.Header.Set("User-Agent", consts.HTTPUserAgent)
 	resp, err := hc.Do(req)
 	if err != nil {
 		return nil, "", err
--- a/core/external/provider.go
+++ b/core/external/provider.go
@@ -51,12 +51,28 @@ type provider struct {

 type auxAlbum struct {
 	model.Album
-	Name string
+}
+
+// Name returns the appropriate album name for external API calls
+// based on the DevPreserveUnicodeInExternalCalls configuration option
+func (a *auxAlbum) Name() string {
+	if conf.Server.DevPreserveUnicodeInExternalCalls {
+		return a.Album.Name
+	}
+	return str.Clear(a.Album.Name)
 }

 type auxArtist struct {
 	model.Artist
-	Name string
+}
+
+// Name returns the appropriate artist name for external API calls
+// based on the DevPreserveUnicodeInExternalCalls configuration option
+func (a *auxArtist) Name() string {
+	if conf.Server.DevPreserveUnicodeInExternalCalls {
+		return a.Artist.Name
+	}
+	return str.Clear(a.Artist.Name)
 }

 type Agents interface {
@@ -88,7 +104,6 @@ func (e *provider) getAlbum(ctx context.Context, id string) (auxAlbum, error) {
 	switch v := entity.(type) {
 	case *model.Album:
 		album.Album = *v
-		album.Name = str.Clear(v.Name)
 	case *model.MediaFile:
 		return e.getAlbum(ctx, v.AlbumID)
 	default:
@@ -106,8 +121,9 @@ func (e *provider) UpdateAlbumInfo(ctx context.Context, id string) (*model.Album
 	}

 	updatedAt := V(album.ExternalInfoUpdatedAt)
+	albumName := album.Name()
 	if updatedAt.IsZero() {
-		log.Debug(ctx, "AlbumInfo not cached. Retrieving it now", "updatedAt", updatedAt, "id", id, "name", album.Name)
+		log.Debug(ctx, "AlbumInfo not cached. Retrieving it now", "updatedAt", updatedAt, "id", id, "name", albumName)
 		album, err = e.populateAlbumInfo(ctx, album)
 		if err != nil {
 			return nil, err
@@ -116,7 +132,7 @@ func (e *provider) UpdateAlbumInfo(ctx context.Context, id string) (*model.Album

 	// If info is expired, trigger a populateAlbumInfo in the background
 	if time.Since(updatedAt) > conf.Server.DevAlbumInfoTimeToLive {
-		log.Debug("Found expired cached AlbumInfo, refreshing in the background", "updatedAt", album.ExternalInfoUpdatedAt, "name", album.Name)
+		log.Debug("Found expired cached AlbumInfo, refreshing in the background", "updatedAt", album.ExternalInfoUpdatedAt, "name", albumName)
 		e.albumQueue.enqueue(&album)
 	}

@@ -125,12 +141,13 @@ func (e *provider) UpdateAlbumInfo(ctx context.Context, id string) (*model.Album

 func (e *provider) populateAlbumInfo(ctx context.Context, album auxAlbum) (auxAlbum, error) {
 	start := time.Now()
-	info, err := e.ag.GetAlbumInfo(ctx, album.Name, album.AlbumArtist, album.MbzAlbumID)
+	albumName := album.Name()
+	info, err := e.ag.GetAlbumInfo(ctx, albumName, album.AlbumArtist, album.MbzAlbumID)
 	if errors.Is(err, agents.ErrNotFound) {
 		return album, nil
 	}
 	if err != nil {
-		log.Error("Error refreshing AlbumInfo", "id", album.ID, "name", album.Name, "artist", album.AlbumArtist,
+		log.Error("Error refreshing AlbumInfo", "id", album.ID, "name", albumName, "artist", album.AlbumArtist,
 			"elapsed", time.Since(start), err)
 		return album, err
 	}
@@ -142,7 +159,7 @@ func (e *provider) populateAlbumInfo(ctx context.Context, album auxAlbum) (auxAl
 		album.Description = info.Description
 	}

-	images, err := e.ag.GetAlbumImages(ctx, album.Name, album.AlbumArtist, album.MbzAlbumID)
+	images, err := e.ag.GetAlbumImages(ctx, albumName, album.AlbumArtist, album.MbzAlbumID)
 	if err == nil && len(images) > 0 {
 		sort.Slice(images, func(i, j int) bool {
 			return images[i].Size > images[j].Size
@@ -161,7 +178,7 @@ func (e *provider) populateAlbumInfo(ctx context.Context, album auxAlbum) (auxAl

 	err = e.ds.Album(ctx).UpdateExternalInfo(&album.Album)
 	if err != nil {
-		log.Error(ctx, "Error trying to update album external information", "id", album.ID, "name", album.Name,
+		log.Error(ctx, "Error trying to update album external information", "id", album.ID, "name", albumName,
 			"elapsed", time.Since(start), err)
 	} else {
 		log.Trace(ctx, "AlbumInfo collected", "album", album, "elapsed", time.Since(start))
@@ -181,7 +198,6 @@ func (e *provider) getArtist(ctx context.Context, id string) (auxArtist, error)
 	switch v := entity.(type) {
 	case *model.Artist:
 		artist.Artist = *v
-		artist.Name = str.Clear(v.Name)
 	case *model.MediaFile:
 		return e.getArtist(ctx, v.ArtistID)
 	case *model.Album:
@@ -210,8 +226,9 @@ func (e *provider) refreshArtistInfo(ctx context.Context, id string) (auxArtist,

 	// If we don't have any info, retrieves it now
 	updatedAt := V(artist.ExternalInfoUpdatedAt)
+	artistName := artist.Name()
 	if updatedAt.IsZero() {
-		log.Debug(ctx, "ArtistInfo not cached. Retrieving it now", "updatedAt", updatedAt, "id", id, "name", artist.Name)
+		log.Debug(ctx, "ArtistInfo not cached. Retrieving it now", "updatedAt", updatedAt, "id", id, "name", artistName)
 		artist, err = e.populateArtistInfo(ctx, artist)
 		if err != nil {
 			return auxArtist{}, err
@@ -220,7 +237,7 @@ func (e *provider) refreshArtistInfo(ctx context.Context, id string) (auxArtist,

 	// If info is expired, trigger a populateArtistInfo in the background
 	if time.Since(updatedAt) > conf.Server.DevArtistInfoTimeToLive {
-		log.Debug("Found expired cached ArtistInfo, refreshing in the background", "updatedAt", updatedAt, "name", artist.Name)
+		log.Debug("Found expired cached ArtistInfo, refreshing in the background", "updatedAt", updatedAt, "name", artistName)
 		e.artistQueue.enqueue(&artist)
 	}
 	return artist, nil
@@ -229,8 +246,9 @@ func (e *provider) refreshArtistInfo(ctx context.Context, id string) (auxArtist,
 func (e *provider) populateArtistInfo(ctx context.Context, artist auxArtist) (auxArtist, error) {
 	start := time.Now()
 	// Get MBID first, if it is not yet available
+	artistName := artist.Name()
 	if artist.MbzArtistID == "" {
-		mbid, err := e.ag.GetArtistMBID(ctx, artist.ID, artist.Name)
+		mbid, err := e.ag.GetArtistMBID(ctx, artist.ID, artistName)
 		if mbid != "" && err == nil {
 			artist.MbzArtistID = mbid
 		}
@@ -246,14 +264,14 @@ func (e *provider) populateArtistInfo(ctx context.Context, artist auxArtist) (au
 	_ = g.Wait()

 	if utils.IsCtxDone(ctx) {
-		log.Warn(ctx, "ArtistInfo update canceled", "elapsed", "id", artist.ID, "name", artist.Name, time.Since(start), ctx.Err())
+		log.Warn(ctx, "ArtistInfo update canceled", "id", artist.ID, "name", artistName, "elapsed", time.Since(start), ctx.Err())
 		return artist, ctx.Err()
 	}

 	artist.ExternalInfoUpdatedAt = P(time.Now())
 	err := e.ds.Artist(ctx).UpdateExternalInfo(&artist.Artist)
 	if err != nil {
-		log.Error(ctx, "Error trying to update artist external information", "id", artist.ID, "name", artist.Name,
+		log.Error(ctx, "Error trying to update artist external information", "id", artist.ID, "name", artistName,
 			"elapsed", time.Since(start), err)
 	} else {
 		log.Trace(ctx, "ArtistInfo collected", "artist", artist, "elapsed", time.Since(start))
@@ -281,7 +299,7 @@ func (e *provider) ArtistRadio(ctx context.Context, id string, count int) (model
 		}

 		topCount := max(count, 20)
-		topSongs, err := e.getMatchingTopSongs(ctx, e.ag, &auxArtist{Name: a.Name, Artist: a}, topCount)
+		topSongs, err := e.getMatchingTopSongs(ctx, e.ag, &auxArtist{Artist: a}, topCount)
 		if err != nil {
 			log.Warn(ctx, "Error getting artist's top songs", "artist", a.Name, err)
 			return nil
@@ -344,22 +362,23 @@ func (e *provider) AlbumImage(ctx context.Context, id string) (*url.URL, error)
 		return nil, err
 	}

-	images, err := e.ag.GetAlbumImages(ctx, album.Name, album.AlbumArtist, album.MbzAlbumID)
+	albumName := album.Name()
+	images, err := e.ag.GetAlbumImages(ctx, albumName, album.AlbumArtist, album.MbzAlbumID)
 	if err != nil {
 		switch {
 		case errors.Is(err, agents.ErrNotFound):
-			log.Trace(ctx, "Album not found in agent", "albumID", id, "name", album.Name, "artist", album.AlbumArtist)
+			log.Trace(ctx, "Album not found in agent", "albumID", id, "name", albumName, "artist", album.AlbumArtist)
 			return nil, model.ErrNotFound
 		case errors.Is(err, context.Canceled):
 			log.Debug(ctx, "GetAlbumImages call canceled", err)
 		default:
-			log.Warn(ctx, "Error getting album images from agent", "albumID", id, "name", album.Name, "artist", album.AlbumArtist, err)
+			log.Warn(ctx, "Error getting album images from agent", "albumID", id, "name", albumName, "artist", album.AlbumArtist, err)
 		}
 		return nil, err
 	}

 	if len(images) == 0 {
-		log.Warn(ctx, "Agent returned no images without error", "albumID", id, "name", album.Name, "artist", album.AlbumArtist)
+		log.Warn(ctx, "Agent returned no images without error", "albumID", id, "name", albumName, "artist", album.AlbumArtist)
 		return nil, model.ErrNotFound
 	}

@@ -401,9 +420,10 @@ func (e *provider) TopSongs(ctx context.Context, artistName string, count int) (
 }

 func (e *provider) getMatchingTopSongs(ctx context.Context, agent agents.ArtistTopSongsRetriever, artist *auxArtist, count int) (model.MediaFiles, error) {
-	songs, err := agent.GetArtistTopSongs(ctx, artist.ID, artist.Name, artist.MbzArtistID, count)
+	artistName := artist.Name()
+	songs, err := agent.GetArtistTopSongs(ctx, artist.ID, artistName, artist.MbzArtistID, count)
 	if err != nil {
-		return nil, fmt.Errorf("failed to get top songs for artist %s: %w", artist.Name, err)
+		return nil, fmt.Errorf("failed to get top songs for artist %s: %w", artistName, err)
 	}

 	mbidMatches, err := e.loadTracksByMBID(ctx, songs)
@@ -415,13 +435,13 @@ func (e *provider) getMatchingTopSongs(ctx context.Context, agent agents.ArtistT
 		return nil, fmt.Errorf("failed to load tracks by title: %w", err)
 	}

-	log.Trace(ctx, "Top Songs loaded", "name", artist.Name, "numSongs", len(songs), "numMBIDMatches", len(mbidMatches), "numTitleMatches", len(titleMatches))
+	log.Trace(ctx, "Top Songs loaded", "name", artistName, "numSongs", len(songs), "numMBIDMatches", len(mbidMatches), "numTitleMatches", len(titleMatches))
 	mfs := e.selectTopSongs(songs, mbidMatches, titleMatches, count)

 	if len(mfs) == 0 {
-		log.Debug(ctx, "No matching top songs found", "name", artist.Name)
+		log.Debug(ctx, "No matching top songs found", "name", artistName)
 	} else {
-		log.Debug(ctx, "Found matching top songs", "name", artist.Name, "numSongs", len(mfs))
+		log.Debug(ctx, "Found matching top songs", "name", artistName, "numSongs", len(mfs))
 	}

 	return mfs, nil
@@ -518,7 +538,7 @@ func (e *provider) selectTopSongs(songs []agents.Song, byMBID, byTitle map[strin
 }

 func (e *provider) callGetURL(ctx context.Context, agent agents.ArtistURLRetriever, artist *auxArtist) {
-	artisURL, err := agent.GetArtistURL(ctx, artist.ID, artist.Name, artist.MbzArtistID)
+	artisURL, err := agent.GetArtistURL(ctx, artist.ID, artist.Name(), artist.MbzArtistID)
 	if err != nil {
 		return
 	}
@@ -526,7 +546,7 @@ func (e *provider) callGetURL(ctx context.Context, agent agents.ArtistURLRetriev
 }

 func (e *provider) callGetBiography(ctx context.Context, agent agents.ArtistBiographyRetriever, artist *auxArtist) {
-	bio, err := agent.GetArtistBiography(ctx, artist.ID, str.Clear(artist.Name), artist.MbzArtistID)
+	bio, err := agent.GetArtistBiography(ctx, artist.ID, artist.Name(), artist.MbzArtistID)
 	if err != nil {
 		return
 	}
@@ -536,7 +556,7 @@ func (e *provider) callGetBiography(ctx context.Context, agent agents.ArtistBiog
 }

 func (e *provider) callGetImage(ctx context.Context, agent agents.ArtistImageRetriever, artist *auxArtist) {
-	images, err := agent.GetArtistImages(ctx, artist.ID, artist.Name, artist.MbzArtistID)
+	images, err := agent.GetArtistImages(ctx, artist.ID, artist.Name(), artist.MbzArtistID)
 	if err != nil {
 		return
 	}
@@ -555,13 +575,14 @@ func (e *provider) callGetImage(ctx context.Context, agent agents.ArtistImageRet

 func (e *provider) callGetSimilar(ctx context.Context, agent agents.ArtistSimilarRetriever, artist *auxArtist,
 	limit int, includeNotPresent bool) {
-	similar, err := agent.GetSimilarArtists(ctx, artist.ID, artist.Name, artist.MbzArtistID, limit)
+	artistName := artist.Name()
+	similar, err := agent.GetSimilarArtists(ctx, artist.ID, artistName, artist.MbzArtistID, limit)
 	if len(similar) == 0 || err != nil {
 		return
 	}
 	start := time.Now()
 	sa, err := e.mapSimilarArtists(ctx, similar, limit, includeNotPresent)
-	log.Debug(ctx, "Mapped Similar Artists", "artist", artist.Name, "numSimilar", len(sa), "elapsed", time.Since(start))
+	log.Debug(ctx, "Mapped Similar Artists", "artist", artistName, "numSimilar", len(sa), "elapsed", time.Since(start))
 	if err != nil {
 		return
 	}
@@ -635,11 +656,7 @@ func (e *provider) findArtistByName(ctx context.Context, artistName string) (*au
 	if len(artists) == 0 {
 		return nil, model.ErrNotFound
 	}
-	artist := &auxArtist{
-		Artist: artists[0],
-		Name:   str.Clear(artists[0].Name),
-	}
-	return artist, nil
+	return &auxArtist{Artist: artists[0]}, nil
 }

 func (e *provider) loadSimilar(ctx context.Context, artist *auxArtist, count int, includeNotPresent bool) error {
@@ -655,7 +672,7 @@ func (e *provider) loadSimilar(ctx context.Context, artist *auxArtist, count int
 		Filters: squirrel.Eq{"artist.id": ids},
 	})
 	if err != nil {
-		log.Error("Error loading similar artists", "id", artist.ID, "name", artist.Name, err)
+		log.Error("Error loading similar artists", "id", artist.ID, "name", artist.Name(), err)
 		return err
 	}

--- a/core/external/provider_albumimage_test.go
+++ b/core/external/provider_albumimage_test.go
@@ -260,6 +260,69 @@ var _ = Describe("Provider - AlbumImage", func() {
 		mockMediaFileRepo.AssertCalled(GinkgoT(), "Get", "not-found")
 		mockAlbumAgent.AssertNotCalled(GinkgoT(), "GetAlbumImages", mock.Anything, mock.Anything, mock.Anything)
 	})
+
+	Context("Unicode handling in album names", func() {
+		var albumWithEnDash *model.Album
+		var expectedURL *url.URL
+
+		const (
+			originalAlbumName   = "Raising Hell–Deluxe" // Album name with en dash
+			normalizedAlbumName = "Raising Hell-Deluxe" // Normalized version with hyphen
+		)
+
+		BeforeEach(func() {
+			// Test with en dash (–) in album name
+			albumWithEnDash = &model.Album{ID: "album-endash", Name: originalAlbumName, AlbumArtistID: "artist-1"}
+			mockArtistRepo.Mock = mock.Mock{} // Reset default expectations
+			mockAlbumRepo.Mock = mock.Mock{}  // Reset default expectations
+			mockArtistRepo.On("Get", "album-endash").Return(nil, model.ErrNotFound).Once()
+			mockAlbumRepo.On("Get", "album-endash").Return(albumWithEnDash, nil).Once()
+
+			expectedURL, _ = url.Parse("http://example.com/album.jpg")
+
+			// Mock the album agent to return an image for the album
+			mockAlbumAgent.On("GetAlbumImages", ctx, mock.AnythingOfType("string"), "", "").
+				Return([]agents.ExternalImage{
+					{URL: "http://example.com/album.jpg", Size: 1000},
+				}, nil).Once()
+		})
+
+		When("DevPreserveUnicodeInExternalCalls is true", func() {
+			BeforeEach(func() {
+				conf.Server.DevPreserveUnicodeInExternalCalls = true
+			})
+
+			It("preserves Unicode characters in album names", func() {
+				// Act
+				imgURL, err := provider.AlbumImage(ctx, "album-endash")
+
+				// Assert
+				Expect(err).ToNot(HaveOccurred())
+				Expect(imgURL).To(Equal(expectedURL))
+				mockAlbumRepo.AssertCalled(GinkgoT(), "Get", "album-endash")
+				// This is the key assertion: ensure the original Unicode name is used
+				mockAlbumAgent.AssertCalled(GinkgoT(), "GetAlbumImages", ctx, originalAlbumName, "", "")
+			})
+		})
+
+		When("DevPreserveUnicodeInExternalCalls is false", func() {
+			BeforeEach(func() {
+				conf.Server.DevPreserveUnicodeInExternalCalls = false
+			})
+
+			It("normalizes Unicode characters", func() {
+				// Act
+				imgURL, err := provider.AlbumImage(ctx, "album-endash")
+
+				// Assert
+				Expect(err).ToNot(HaveOccurred())
+				Expect(imgURL).To(Equal(expectedURL))
+				mockAlbumRepo.AssertCalled(GinkgoT(), "Get", "album-endash")
+				// This assertion ensures the normalized name is used (en dash → hyphen)
+				mockAlbumAgent.AssertCalled(GinkgoT(), "GetAlbumImages", ctx, normalizedAlbumName, "", "")
+			})
+		})
+	})
 })

 // mockAlbumInfoAgent implementation
--- a/core/external/provider_artistimage_test.go
+++ b/core/external/provider_artistimage_test.go
@@ -265,6 +265,67 @@ var _ = Describe("Provider - ArtistImage", func() {
 		mockArtistRepo.AssertCalled(GinkgoT(), "Get", "artist-1")
 		mockImageAgent.AssertCalled(GinkgoT(), "GetArtistImages", ctx, "artist-1", "Artist One", "")
 	})
+
+	Context("Unicode handling in artist names", func() {
+		var artistWithEnDash *model.Artist
+		var expectedURL *url.URL
+
+		const (
+			originalArtistName   = "Run–D.M.C." // Artist name with en dash
+			normalizedArtistName = "Run-D.M.C." // Normalized version with hyphen
+		)
+
+		BeforeEach(func() {
+			// Test with en dash (–) in artist name like "Run–D.M.C."
+			artistWithEnDash = &model.Artist{ID: "artist-endash", Name: originalArtistName}
+			mockArtistRepo.Mock = mock.Mock{} // Reset default expectations
+			mockArtistRepo.On("Get", "artist-endash").Return(artistWithEnDash, nil).Once()
+
+			expectedURL, _ = url.Parse("http://example.com/rundmc.jpg")
+
+			// Mock the image agent to return an image for the artist
+			mockImageAgent.On("GetArtistImages", ctx, "artist-endash", mock.AnythingOfType("string"), "").
+				Return([]agents.ExternalImage{
+					{URL: "http://example.com/rundmc.jpg", Size: 1000},
+				}, nil).Once()
+
+		})
+
+		When("DevPreserveUnicodeInExternalCalls is true", func() {
+			BeforeEach(func() {
+				conf.Server.DevPreserveUnicodeInExternalCalls = true
+			})
+			It("preserves Unicode characters in artist names", func() {
+				// Act
+				imgURL, err := provider.ArtistImage(ctx, "artist-endash")
+
+				// Assert
+				Expect(err).ToNot(HaveOccurred())
+				Expect(imgURL).To(Equal(expectedURL))
+				mockArtistRepo.AssertCalled(GinkgoT(), "Get", "artist-endash")
+				// This is the key assertion: ensure the original Unicode name is used
+				mockImageAgent.AssertCalled(GinkgoT(), "GetArtistImages", ctx, "artist-endash", originalArtistName, "")
+			})
+		})
+
+		When("DevPreserveUnicodeInExternalCalls is false", func() {
+			BeforeEach(func() {
+				conf.Server.DevPreserveUnicodeInExternalCalls = false
+			})
+
+			It("normalizes Unicode characters", func() {
+				// Act
+				imgURL, err := provider.ArtistImage(ctx, "artist-endash")
+
+				// Assert
+				Expect(err).ToNot(HaveOccurred())
+				Expect(imgURL).To(Equal(expectedURL))
+				mockArtistRepo.AssertCalled(GinkgoT(), "Get", "artist-endash")
+				// This assertion ensures the normalized name is used (en dash → hyphen)
+				mockImageAgent.AssertCalled(GinkgoT(), "GetArtistImages", ctx, "artist-endash", normalizedArtistName, "")
+			})
+		})
+	})
 })

 // mockArtistImageAgent implementation using testify/mock
--- a/core/ffmpeg/ffmpeg.go
+++ b/core/ffmpeg/ffmpeg.go
@@ -112,7 +112,7 @@ func (e *ffmpeg) start(ctx context.Context, args []string) (io.ReadCloser, error
 	log.Trace(ctx, "Executing ffmpeg command", "cmd", args)
 	j := &ffCmd{args: args}
 	j.PipeReader, j.out = io.Pipe()
-	err := j.start()
+	err := j.start(ctx)
 	if err != nil {
 		return nil, err
 	}
@@ -127,8 +127,8 @@ type ffCmd struct {
 	cmd  *exec.Cmd
 }

-func (j *ffCmd) start() error {
-	cmd := exec.Command(j.args[0], j.args[1:]...) // #nosec
+func (j *ffCmd) start(ctx context.Context) error {
+	cmd := exec.CommandContext(ctx, j.args[0], j.args[1:]...) // #nosec
 	cmd.Stdout = j.out
 	if log.IsGreaterOrEqualTo(log.LevelTrace) {
 		cmd.Stderr = os.Stderr
--- a/core/ffmpeg/ffmpeg_test.go
+++ b/core/ffmpeg/ffmpeg_test.go
@@ -1,7 +1,11 @@
 package ffmpeg

 import (
+	"context"
+	"runtime"
+	sync "sync"
 	"testing"
+	"time"

 	"github.com/navidrome/navidrome/log"
 	"github.com/navidrome/navidrome/tests"
@@ -65,4 +69,98 @@ var _ = Describe("ffmpeg", func() {
 			Expect(args).To(Equal([]string{"/usr/bin/with spaces/ffmpeg.exe", "-i", "one.mp3", "-f", "ffmetadata"}))
 		})
 	})
+
+	Describe("FFmpeg", func() {
+		Context("when FFmpeg is available", func() {
+			var ff FFmpeg
+
+			BeforeEach(func() {
+				ffOnce = sync.Once{}
+				ff = New()
+				// Skip if FFmpeg is not available
+				if !ff.IsAvailable() {
+					Skip("FFmpeg not available on this system")
+				}
+			})
+
+			It("should interrupt transcoding when context is cancelled", func() {
+				ctx, cancel := context.WithTimeout(GinkgoT().Context(), 5*time.Second)
+				defer cancel()
+
+				// Use a command that generates audio indefinitely
+				// -f lavfi uses FFmpeg's built-in audio source
+				// -t 0 means no time limit (runs forever)
+				command := "ffmpeg -f lavfi -i sine=frequency=1000:duration=0 -f mp3 -"
+
+				// The input file is not used here, but we need to provide a valid path to the Transcode function
+				stream, err := ff.Transcode(ctx, command, "tests/fixtures/test.mp3", 128, 0)
+				Expect(err).ToNot(HaveOccurred())
+				defer stream.Close()
+
+				// Read some data first to ensure FFmpeg is running
+				buf := make([]byte, 1024)
+				_, err = stream.Read(buf)
+				Expect(err).ToNot(HaveOccurred())
+
+				// Cancel the context
+				cancel()
+
+				// Next read should fail due to cancelled context
+				_, err = stream.Read(buf)
+				Expect(err).To(HaveOccurred())
+			})
+
+			It("should handle immediate context cancellation", func() {
+				ctx, cancel := context.WithCancel(GinkgoT().Context())
+				cancel() // Cancel immediately
+
+				// This should fail immediately
+				_, err := ff.Transcode(ctx, "ffmpeg -i %s -f mp3 -", "tests/fixtures/test.mp3", 128, 0)
+				Expect(err).To(MatchError(context.Canceled))
+			})
+		})
+
+		Context("with mock process behavior", func() {
+			var longRunningCmd string
+			BeforeEach(func() {
+				// Use a long-running command for testing cancellation
+				switch runtime.GOOS {
+				case "windows":
+					// Use PowerShell's Start-Sleep
+					ffmpegPath = "powershell"
+					longRunningCmd = "powershell -Command Start-Sleep -Seconds 10"
+				default:
+					// Use sleep on Unix-like systems
+					ffmpegPath = "sleep"
+					longRunningCmd = "sleep 10"
+				}
+			})
+
+			It("should terminate the underlying process when context is cancelled", func() {
+				ff := New()
+				ctx, cancel := context.WithTimeout(GinkgoT().Context(), 5*time.Second)
+				defer cancel()
+
+				// Start a process that will run for a while
+				stream, err := ff.Transcode(ctx, longRunningCmd, "tests/fixtures/test.mp3", 0, 0)
+				Expect(err).ToNot(HaveOccurred())
+				defer stream.Close()
+
+				// Give the process time to start
+				time.Sleep(50 * time.Millisecond)
+
+				// Cancel the context
+				cancel()
+
+				// Try to read from the stream, which should fail
+				buf := make([]byte, 100)
+				_, err = stream.Read(buf)
+				Expect(err).To(HaveOccurred(), "Expected stream to be closed due to process termination")
+
+				// Verify the stream is closed by attempting another read
+				_, err = stream.Read(buf)
+				Expect(err).To(HaveOccurred())
+			})
+		})
+	})
 })
--- a/core/media_streamer.go
+++ b/core/media_streamer.go
@@ -204,7 +204,20 @@ func NewTranscodingCache() TranscodingCache {
 				log.Error(ctx, "Error loading transcoding command", "format", job.format, err)
 				return nil, os.ErrInvalid
 			}
-			out, err := job.ms.transcoder.Transcode(ctx, t.Command, job.filePath, job.bitRate, job.offset)
+
+			// Choose the appropriate context based on EnableTranscodingCancellation configuration.
+			// This is where we decide whether transcoding processes should be cancellable or not.
+			var transcodingCtx context.Context
+			if conf.Server.EnableTranscodingCancellation {
+				// Use the request context directly, allowing cancellation when client disconnects
+				transcodingCtx = ctx
+			} else {
+				// Use background context with request values preserved.
+				// This prevents cancellation but maintains request metadata (user, client, etc.)
+				transcodingCtx = request.AddValues(context.Background(), ctx)
+			}
+
+			out, err := job.ms.transcoder.Transcode(transcodingCtx, t.Command, job.filePath, job.bitRate, job.offset)
 			if err != nil {
 				log.Error(ctx, "Error starting transcoder", "id", job.mf.ID, err)
 				return nil, os.ErrInvalid
--- a/core/metrics/insights.go
+++ b/core/metrics/insights.go
@@ -23,7 +23,8 @@ import (
 	"github.com/navidrome/navidrome/log"
 	"github.com/navidrome/navidrome/model"
 	"github.com/navidrome/navidrome/model/request"
-	"github.com/navidrome/navidrome/plugins/schema"
+	"github.com/navidrome/navidrome/plugins"
+	"github.com/navidrome/navidrome/server/events"
 	"github.com/navidrome/navidrome/utils/singleton"
 )

@@ -37,18 +38,12 @@ var (
 )

 type insightsCollector struct {
-	ds           model.DataStore
-	pluginLoader PluginLoader
-	lastRun      atomic.Int64
-	lastStatus   atomic.Bool
+	ds         model.DataStore
+	lastRun    atomic.Int64
+	lastStatus atomic.Bool
 }

-// PluginLoader defines an interface for loading plugins
-type PluginLoader interface {
-	PluginList() map[string]schema.PluginManifest
-}
-
-func GetInstance(ds model.DataStore, pluginLoader PluginLoader) Insights {
+func GetInstance(ds model.DataStore) Insights {
 	return singleton.GetInstance(func() *insightsCollector {
 		id, err := ds.Property(context.TODO()).Get(consts.InsightsIDKey)
 		if err != nil {
@@ -60,7 +55,7 @@ func GetInstance(ds model.DataStore, pluginLoader PluginLoader) Insights {
 			}
 		}
 		insightsID = id
-		return &insightsCollector{ds: ds, pluginLoader: pluginLoader}
+		return &insightsCollector{ds: ds}
 	})
 }

@@ -223,7 +218,7 @@ var staticData = sync.OnceValue(func() insights.Data {
 	data.Config.ScanSchedule = conf.Server.Scanner.Schedule
 	data.Config.ScanWatcherWait = uint64(math.Trunc(conf.Server.Scanner.WatcherWait.Seconds()))
 	data.Config.ScanOnStartup = conf.Server.Scanner.ScanOnStartup
-	data.Config.ReverseProxyConfigured = conf.Server.ReverseProxyWhitelist != ""
+	data.Config.ReverseProxyConfigured = conf.Server.ExtAuth.TrustedSources != ""
 	data.Config.HasCustomPID = conf.Server.PID.Track != "" || conf.Server.PID.Album != ""
 	data.Config.HasCustomTags = len(conf.Server.Tags) > 0

@@ -319,12 +314,16 @@ func (c *insightsCollector) hasSmartPlaylists(ctx context.Context) (bool, error)

 // collectPlugins collects information about installed plugins
 func (c *insightsCollector) collectPlugins(_ context.Context) map[string]insights.PluginInfo {
-	plugins := make(map[string]insights.PluginInfo)
-	for id, manifest := range c.pluginLoader.PluginList() {
-		plugins[id] = insights.PluginInfo{
-			Name:    manifest.Name,
-			Version: manifest.Version,
+	// TODO Fix import/inject cycles
+	manager := plugins.GetManager(c.ds, events.GetBroker())
+	info := manager.GetPluginInfo()
+
+	result := make(map[string]insights.PluginInfo, len(info))
+	for name, p := range info {
+		result[name] = insights.PluginInfo{
+			Name:    p.Name,
+			Version: p.Version,
 		}
 	}
-	return plugins
+	return result
 }
--- a/core/metrics/insights_linux.go
+++ b/core/metrics/insights_linux.go
@@ -42,6 +42,7 @@ type MountInfo struct {

 var fsTypeMap = map[int64]string{
 	0x5346414f: "afs",
+	0x187:      "autofs",
 	0x61756673: "aufs",
 	0x9123683E: "btrfs",
 	0xc36400:   "ceph",
@@ -55,9 +56,11 @@ var fsTypeMap = map[int64]string{
 	0x6a656a63: "fakeowner", // FS inside a container
 	0x65735546: "fuse",
 	0x4244:     "hfs",
+	0x482b:     "hfs+",
 	0x9660:     "iso9660",
 	0x3153464a: "jfs",
 	0x00006969: "nfs",
+	0x5346544e: "ntfs", // NTFS_SB_MAGIC
 	0x7366746e: "ntfs",
 	0x794c7630: "overlayfs",
 	0x9fa0:     "proc",
@@ -69,8 +72,16 @@ var fsTypeMap = map[int64]string{
 	0x01021997: "v9fs",
 	0x786f4256: "vboxsf",
 	0x4d44:     "vfat",
+	0xca451a4e: "virtiofs",
 	0x58465342: "xfs",
 	0x2FC12FC1: "zfs",
+	0x7c7c6673: "prlfs", // Parallels Shared Folders
+
+	// Signed/unsigned conversion issues (negative hex values converted to uint32)
+	-0x6edc97c2: "btrfs", // 0x9123683e
+	-0x1acb2be:  "smb2",  // 0xfe534d42
+	-0xacb2be:   "cifs",  // 0xff534d42
+	-0xd0adff0:  "f2fs",  // 0xf2f52010
 }

 func getFilesystemType(path string) (string, error) {
--- a/core/playlists.go
+++ b/core/playlists.go
@@ -1,6 +1,7 @@
 package core

 import (
+	"cmp"
 	"context"
 	"encoding/json"
 	"errors"
@@ -9,7 +10,7 @@ import (
 	"net/url"
 	"os"
 	"path/filepath"
-	"regexp"
+	"slices"
 	"strings"
 	"time"

@@ -194,22 +195,35 @@ func (s *playlists) parseM3U(ctx context.Context, pls *model.Playlist, folder *m
 			}
 			filteredLines = append(filteredLines, line)
 		}
-		paths, err := s.normalizePaths(ctx, pls, folder, filteredLines)
+		resolvedPaths, err := s.resolvePaths(ctx, folder, filteredLines)
 		if err != nil {
-			log.Warn(ctx, "Error normalizing paths in playlist", "playlist", pls.Name, err)
+			log.Warn(ctx, "Error resolving paths in playlist", "playlist", pls.Name, err)
 			continue
 		}
-		found, err := mediaFileRepository.FindByPaths(paths)
+
+		// Normalize to NFD for filesystem compatibility (macOS). Database stores paths in NFD.
+		// See https://github.com/navidrome/navidrome/issues/4663
+		resolvedPaths = slice.Map(resolvedPaths, func(path string) string {
+			return strings.ToLower(norm.NFD.String(path))
+		})
+
+		found, err := mediaFileRepository.FindByPaths(resolvedPaths)
 		if err != nil {
 			log.Warn(ctx, "Error reading files from DB", "playlist", pls.Name, err)
 			continue
 		}
+		// Build lookup map with library-qualified keys, normalized for comparison
 		existing := make(map[string]int, len(found))
 		for idx := range found {
-			existing[normalizePathForComparison(found[idx].Path)] = idx
+			// Normalize to lowercase for case-insensitive comparison
+			// Key format: "libraryID:path"
+			key := fmt.Sprintf("%d:%s", found[idx].LibraryID, strings.ToLower(found[idx].Path))
+			existing[key] = idx
 		}
-		for _, path := range paths {
-			idx, ok := existing[normalizePathForComparison(path)]
+
+		// Find media files in the order of the resolved paths, to keep playlist order
+		for _, path := range resolvedPaths {
+			idx, ok := existing[path]
 			if ok {
 				mfs = append(mfs, found[idx])
 			} else {
@@ -226,69 +240,150 @@ func (s *playlists) parseM3U(ctx context.Context, pls *model.Playlist, folder *m
 	return nil
 }

-// normalizePathForComparison normalizes a file path to NFC form and converts to lowercase
-// for consistent comparison. This fixes Unicode normalization issues on macOS where
-// Apple Music creates playlists with NFC-encoded paths but the filesystem uses NFD.
-func normalizePathForComparison(path string) string {
-	return strings.ToLower(norm.NFC.String(path))
+// pathResolution holds the result of resolving a playlist path to a library-relative path.
+type pathResolution struct {
+	absolutePath string
+	libraryPath  string
+	libraryID    int
+	valid        bool
 }

-// TODO This won't work for multiple libraries
-func (s *playlists) normalizePaths(ctx context.Context, pls *model.Playlist, folder *model.Folder, lines []string) ([]string, error) {
-	libRegex, err := s.compileLibraryPaths(ctx)
+// ToQualifiedString converts the path resolution to a library-qualified string with forward slashes.
+// Format: "libraryID:relativePath" with forward slashes for path separators.
+func (r pathResolution) ToQualifiedString() (string, error) {
+	if !r.valid {
+		return "", fmt.Errorf("invalid path resolution")
+	}
+	relativePath, err := filepath.Rel(r.libraryPath, r.absolutePath)
 	if err != nil {
-		return nil, err
+		return "", err
 	}
-
-	res := make([]string, 0, len(lines))
-	for idx, line := range lines {
-		var libPath string
-		var filePath string
-
-		if folder != nil && !filepath.IsAbs(line) {
-			libPath = folder.LibraryPath
-			filePath = filepath.Join(folder.AbsolutePath(), line)
-		} else {
-			cleanLine := filepath.Clean(line)
-			if libPath = libRegex.FindString(cleanLine); libPath != "" {
-				filePath = cleanLine
-			}
-		}
-
-		if libPath != "" {
-			if rel, err := filepath.Rel(libPath, filePath); err == nil {
-				res = append(res, rel)
-			} else {
-				log.Debug(ctx, "Error getting relative path", "playlist", pls.Name, "path", line, "libPath", libPath,
-					"filePath", filePath, err)
-			}
-		} else {
-			log.Warn(ctx, "Path in playlist not found in any library", "path", line, "line", idx)
-		}
-	}
-	return slice.Map(res, filepath.ToSlash), nil
+	// Convert path separators to forward slashes
+	return fmt.Sprintf("%d:%s", r.libraryID, filepath.ToSlash(relativePath)), nil
 }

-func (s *playlists) compileLibraryPaths(ctx context.Context) (*regexp.Regexp, error) {
-	libs, err := s.ds.Library(ctx).GetAll()
-	if err != nil {
-		return nil, err
-	}
+// libraryMatcher holds sorted libraries with cleaned paths for efficient path matching.
+type libraryMatcher struct {
+	libraries    model.Libraries
+	cleanedPaths []string
+}

-	// Create regex patterns for each library path
-	patterns := make([]string, len(libs))
+// findLibraryForPath finds which library contains the given absolute path.
+// Returns library ID and path, or 0 and empty string if not found.
+func (lm *libraryMatcher) findLibraryForPath(absolutePath string) (int, string) {
+	// Check sorted libraries (longest path first) to find the best match
+	for i, cleanLibPath := range lm.cleanedPaths {
+		// Check if absolutePath is under this library path
+		if strings.HasPrefix(absolutePath, cleanLibPath) {
+			// Ensure it's a proper path boundary (not just a prefix)
+			if len(absolutePath) == len(cleanLibPath) || absolutePath[len(cleanLibPath)] == filepath.Separator {
+				return lm.libraries[i].ID, cleanLibPath
+			}
+		}
+	}
+	return 0, ""
+}
+
+// newLibraryMatcher creates a libraryMatcher with libraries sorted by path length (longest first).
+// This ensures correct matching when library paths are prefixes of each other.
+// Example: /music-classical must be checked before /music
+// Otherwise, /music-classical/track.mp3 would match /music instead of /music-classical
+func newLibraryMatcher(libs model.Libraries) *libraryMatcher {
+	// Sort libraries by path length (descending) to ensure longest paths match first.
+	slices.SortFunc(libs, func(i, j model.Library) int {
+		return cmp.Compare(len(j.Path), len(i.Path)) // Reverse order for descending
+	})
+
+	// Pre-clean all library paths once for efficient matching
+	cleanedPaths := make([]string, len(libs))
 	for i, lib := range libs {
-		cleanPath := filepath.Clean(lib.Path)
-		escapedPath := regexp.QuoteMeta(cleanPath)
-		patterns[i] = fmt.Sprintf("^%s(?:/|$)", escapedPath)
+		cleanedPaths[i] = filepath.Clean(lib.Path)
 	}
-	// Combine all patterns into a single regex
-	combinedPattern := strings.Join(patterns, "|")
-	re, err := regexp.Compile(combinedPattern)
+	return &libraryMatcher{
+		libraries:    libs,
+		cleanedPaths: cleanedPaths,
+	}
+}
+
+// pathResolver handles path resolution logic for playlist imports.
+type pathResolver struct {
+	matcher *libraryMatcher
+}
+
+// newPathResolver creates a pathResolver with libraries loaded from the datastore.
+func newPathResolver(ctx context.Context, ds model.DataStore) (*pathResolver, error) {
+	libs, err := ds.Library(ctx).GetAll()
 	if err != nil {
-		return nil, fmt.Errorf("compiling library paths `%s`: %w", combinedPattern, err)
+		return nil, err
 	}
-	return re, nil
+	matcher := newLibraryMatcher(libs)
+	return &pathResolver{matcher: matcher}, nil
+}
+
+// resolvePath determines the absolute path and library path for a playlist entry.
+// For absolute paths, it uses them directly.
+// For relative paths, it resolves them relative to the playlist's folder location.
+// Example: playlist at /music/playlists/test.m3u with line "../songs/abc.mp3"
+//
+//	resolves to /music/songs/abc.mp3
+func (r *pathResolver) resolvePath(line string, folder *model.Folder) pathResolution {
+	var absolutePath string
+	if folder != nil && !filepath.IsAbs(line) {
+		// Resolve relative path to absolute path based on playlist location
+		absolutePath = filepath.Clean(filepath.Join(folder.AbsolutePath(), line))
+	} else {
+		// Use absolute path directly after cleaning
+		absolutePath = filepath.Clean(line)
+	}
+
+	return r.findInLibraries(absolutePath)
+}
+
+// findInLibraries matches an absolute path against all known libraries and returns
+// a pathResolution with the library information. Returns an invalid resolution if
+// the path is not found in any library.
+func (r *pathResolver) findInLibraries(absolutePath string) pathResolution {
+	libID, libPath := r.matcher.findLibraryForPath(absolutePath)
+	if libID == 0 {
+		return pathResolution{valid: false}
+	}
+	return pathResolution{
+		absolutePath: absolutePath,
+		libraryPath:  libPath,
+		libraryID:    libID,
+		valid:        true,
+	}
+}
+
+// resolvePaths converts playlist file paths to library-qualified paths (format: "libraryID:relativePath").
+// For relative paths, it resolves them to absolute paths first, then determines which
+// library they belong to. This allows playlists to reference files across library boundaries.
+func (s *playlists) resolvePaths(ctx context.Context, folder *model.Folder, lines []string) ([]string, error) {
+	resolver, err := newPathResolver(ctx, s.ds)
+	if err != nil {
+		return nil, err
+	}
+
+	results := make([]string, 0, len(lines))
+	for idx, line := range lines {
+		resolution := resolver.resolvePath(line, folder)
+
+		if !resolution.valid {
+			log.Warn(ctx, "Path in playlist not found in any library", "path", line, "line", idx)
+			continue
+		}
+
+		qualifiedPath, err := resolution.ToQualifiedString()
+		if err != nil {
+			log.Debug(ctx, "Error getting library-qualified path", "path", line,
+				"libPath", resolution.libraryPath, "filePath", resolution.absolutePath, err)
+			continue
+		}
+
+		results = append(results, qualifiedPath)
+	}
+
+	return results, nil
 }

 func (s *playlists) updatePlaylist(ctx context.Context, newPls *model.Playlist) error {
--- a/core/playlists_internal_test.go
+++ b/core/playlists_internal_test.go
@@ -0,0 +1,406 @@
+package core
+
+import (
+	"context"
+
+	"github.com/navidrome/navidrome/model"
+	"github.com/navidrome/navidrome/tests"
+	. "github.com/onsi/ginkgo/v2"
+	. "github.com/onsi/gomega"
+)
+
+var _ = Describe("libraryMatcher", func() {
+	var ds *tests.MockDataStore
+	var mockLibRepo *tests.MockLibraryRepo
+	ctx := context.Background()
+
+	BeforeEach(func() {
+		mockLibRepo = &tests.MockLibraryRepo{}
+		ds = &tests.MockDataStore{
+			MockedLibrary: mockLibRepo,
+		}
+	})
+
+	// Helper function to create a libraryMatcher from the mock datastore
+	createMatcher := func(ds model.DataStore) *libraryMatcher {
+		libs, err := ds.Library(ctx).GetAll()
+		Expect(err).ToNot(HaveOccurred())
+		return newLibraryMatcher(libs)
+	}
+
+	Describe("Longest library path matching", func() {
+		It("matches the longest library path when multiple libraries share a prefix", func() {
+			// Setup libraries with prefix conflicts
+			mockLibRepo.SetData([]model.Library{
+				{ID: 1, Path: "/music"},
+				{ID: 2, Path: "/music-classical"},
+				{ID: 3, Path: "/music-classical/opera"},
+			})
+
+			matcher := createMatcher(ds)
+
+			// Test that longest path matches first and returns correct library ID
+			testCases := []struct {
+				path            string
+				expectedLibID   int
+				expectedLibPath string
+			}{
+				{"/music-classical/opera/track.mp3", 3, "/music-classical/opera"},
+				{"/music-classical/track.mp3", 2, "/music-classical"},
+				{"/music/track.mp3", 1, "/music"},
+				{"/music-classical/opera/subdir/file.mp3", 3, "/music-classical/opera"},
+			}
+
+			for _, tc := range testCases {
+				libID, libPath := matcher.findLibraryForPath(tc.path)
+				Expect(libID).To(Equal(tc.expectedLibID), "Path %s should match library ID %d, but got %d", tc.path, tc.expectedLibID, libID)
+				Expect(libPath).To(Equal(tc.expectedLibPath), "Path %s should match library path %s, but got %s", tc.path, tc.expectedLibPath, libPath)
+			}
+		})
+
+		It("handles libraries with similar prefixes but different structures", func() {
+			mockLibRepo.SetData([]model.Library{
+				{ID: 1, Path: "/home/user/music"},
+				{ID: 2, Path: "/home/user/music-backup"},
+			})
+
+			matcher := createMatcher(ds)
+
+			// Test that music-backup library is matched correctly
+			libID, libPath := matcher.findLibraryForPath("/home/user/music-backup/track.mp3")
+			Expect(libID).To(Equal(2))
+			Expect(libPath).To(Equal("/home/user/music-backup"))
+
+			// Test that music library is still matched correctly
+			libID, libPath = matcher.findLibraryForPath("/home/user/music/track.mp3")
+			Expect(libID).To(Equal(1))
+			Expect(libPath).To(Equal("/home/user/music"))
+		})
+
+		It("matches path that is exactly the library root", func() {
+			mockLibRepo.SetData([]model.Library{
+				{ID: 1, Path: "/music"},
+				{ID: 2, Path: "/music-classical"},
+			})
+
+			matcher := createMatcher(ds)
+
+			// Exact library path should match
+			libID, libPath := matcher.findLibraryForPath("/music-classical")
+			Expect(libID).To(Equal(2))
+			Expect(libPath).To(Equal("/music-classical"))
+		})
+
+		It("handles complex nested library structures", func() {
+			mockLibRepo.SetData([]model.Library{
+				{ID: 1, Path: "/media"},
+				{ID: 2, Path: "/media/audio"},
+				{ID: 3, Path: "/media/audio/classical"},
+				{ID: 4, Path: "/media/audio/classical/baroque"},
+			})
+
+			matcher := createMatcher(ds)
+
+			testCases := []struct {
+				path            string
+				expectedLibID   int
+				expectedLibPath string
+			}{
+				{"/media/audio/classical/baroque/bach/track.mp3", 4, "/media/audio/classical/baroque"},
+				{"/media/audio/classical/mozart/track.mp3", 3, "/media/audio/classical"},
+				{"/media/audio/rock/track.mp3", 2, "/media/audio"},
+				{"/media/video/movie.mp4", 1, "/media"},
+			}
+
+			for _, tc := range testCases {
+				libID, libPath := matcher.findLibraryForPath(tc.path)
+				Expect(libID).To(Equal(tc.expectedLibID), "Path %s should match library ID %d", tc.path, tc.expectedLibID)
+				Expect(libPath).To(Equal(tc.expectedLibPath), "Path %s should match library path %s", tc.path, tc.expectedLibPath)
+			}
+		})
+	})
+
+	Describe("Edge cases", func() {
+		It("handles empty library list", func() {
+			mockLibRepo.SetData([]model.Library{})
+
+			matcher := createMatcher(ds)
+			Expect(matcher).ToNot(BeNil())
+
+			// Should not match anything
+			libID, libPath := matcher.findLibraryForPath("/music/track.mp3")
+			Expect(libID).To(Equal(0))
+			Expect(libPath).To(BeEmpty())
+		})
+
+		It("handles single library", func() {
+			mockLibRepo.SetData([]model.Library{
+				{ID: 1, Path: "/music"},
+			})
+
+			matcher := createMatcher(ds)
+
+			libID, libPath := matcher.findLibraryForPath("/music/track.mp3")
+			Expect(libID).To(Equal(1))
+			Expect(libPath).To(Equal("/music"))
+		})
+
+		It("handles libraries with special characters in paths", func() {
+			mockLibRepo.SetData([]model.Library{
+				{ID: 1, Path: "/music[test]"},
+				{ID: 2, Path: "/music(backup)"},
+			})
+
+			matcher := createMatcher(ds)
+			Expect(matcher).ToNot(BeNil())
+
+			// Special characters should match literally
+			libID, libPath := matcher.findLibraryForPath("/music[test]/track.mp3")
+			Expect(libID).To(Equal(1))
+			Expect(libPath).To(Equal("/music[test]"))
+		})
+	})
+
+	Describe("Path matching order", func() {
+		It("ensures longest paths match first", func() {
+			mockLibRepo.SetData([]model.Library{
+				{ID: 1, Path: "/a"},
+				{ID: 2, Path: "/ab"},
+				{ID: 3, Path: "/abc"},
+			})
+
+			matcher := createMatcher(ds)
+
+			// Verify that longer paths match correctly (not cut off by shorter prefix)
+			testCases := []struct {
+				path          string
+				expectedLibID int
+			}{
+				{"/abc/file.mp3", 3},
+				{"/ab/file.mp3", 2},
+				{"/a/file.mp3", 1},
+			}
+
+			for _, tc := range testCases {
+				libID, _ := matcher.findLibraryForPath(tc.path)
+				Expect(libID).To(Equal(tc.expectedLibID), "Path %s should match library ID %d", tc.path, tc.expectedLibID)
+			}
+		})
+	})
+})
+
+var _ = Describe("pathResolver", func() {
+	var ds *tests.MockDataStore
+	var mockLibRepo *tests.MockLibraryRepo
+	var resolver *pathResolver
+	ctx := context.Background()
+
+	BeforeEach(func() {
+		mockLibRepo = &tests.MockLibraryRepo{}
+		ds = &tests.MockDataStore{
+			MockedLibrary: mockLibRepo,
+		}
+
+		// Setup test libraries
+		mockLibRepo.SetData([]model.Library{
+			{ID: 1, Path: "/music"},
+			{ID: 2, Path: "/music-classical"},
+			{ID: 3, Path: "/podcasts"},
+		})
+
+		var err error
+		resolver, err = newPathResolver(ctx, ds)
+		Expect(err).ToNot(HaveOccurred())
+	})
+
+	Describe("resolvePath", func() {
+		It("resolves absolute paths", func() {
+			resolution := resolver.resolvePath("/music/artist/album/track.mp3", nil)
+
+			Expect(resolution.valid).To(BeTrue())
+			Expect(resolution.libraryID).To(Equal(1))
+			Expect(resolution.libraryPath).To(Equal("/music"))
+			Expect(resolution.absolutePath).To(Equal("/music/artist/album/track.mp3"))
+		})
+
+		It("resolves relative paths when folder is provided", func() {
+			folder := &model.Folder{
+				Path:        "playlists",
+				LibraryPath: "/music",
+				LibraryID:   1,
+			}
+
+			resolution := resolver.resolvePath("../artist/album/track.mp3", folder)
+
+			Expect(resolution.valid).To(BeTrue())
+			Expect(resolution.libraryID).To(Equal(1))
+			Expect(resolution.absolutePath).To(Equal("/music/artist/album/track.mp3"))
+		})
+
+		It("returns invalid resolution for paths outside any library", func() {
+			resolution := resolver.resolvePath("/outside/library/track.mp3", nil)
+
+			Expect(resolution.valid).To(BeFalse())
+		})
+	})
+
+	Describe("resolvePath", func() {
+		Context("With absolute paths", func() {
+			It("resolves path within a library", func() {
+				resolution := resolver.resolvePath("/music/track.mp3", nil)
+
+				Expect(resolution.valid).To(BeTrue())
+				Expect(resolution.libraryID).To(Equal(1))
+				Expect(resolution.libraryPath).To(Equal("/music"))
+				Expect(resolution.absolutePath).To(Equal("/music/track.mp3"))
+			})
+
+			It("resolves path to the longest matching library", func() {
+				resolution := resolver.resolvePath("/music-classical/track.mp3", nil)
+
+				Expect(resolution.valid).To(BeTrue())
+				Expect(resolution.libraryID).To(Equal(2))
+				Expect(resolution.libraryPath).To(Equal("/music-classical"))
+			})
+
+			It("returns invalid resolution for path outside libraries", func() {
+				resolution := resolver.resolvePath("/videos/movie.mp4", nil)
+
+				Expect(resolution.valid).To(BeFalse())
+			})
+
+			It("cleans the path before matching", func() {
+				resolution := resolver.resolvePath("/music//artist/../artist/track.mp3", nil)
+
+				Expect(resolution.valid).To(BeTrue())
+				Expect(resolution.absolutePath).To(Equal("/music/artist/track.mp3"))
+			})
+		})
+
+		Context("With relative paths", func() {
+			It("resolves relative path within same library", func() {
+				folder := &model.Folder{
+					Path:        "playlists",
+					LibraryPath: "/music",
+					LibraryID:   1,
+				}
+
+				resolution := resolver.resolvePath("../songs/track.mp3", folder)
+
+				Expect(resolution.valid).To(BeTrue())
+				Expect(resolution.libraryID).To(Equal(1))
+				Expect(resolution.absolutePath).To(Equal("/music/songs/track.mp3"))
+			})
+
+			It("resolves relative path to different library", func() {
+				folder := &model.Folder{
+					Path:        "playlists",
+					LibraryPath: "/music",
+					LibraryID:   1,
+				}
+
+				// Path goes up and into a different library
+				resolution := resolver.resolvePath("../../podcasts/episode.mp3", folder)
+
+				Expect(resolution.valid).To(BeTrue())
+				Expect(resolution.libraryID).To(Equal(3))
+				Expect(resolution.libraryPath).To(Equal("/podcasts"))
+			})
+
+			It("uses matcher to find correct library for resolved path", func() {
+				folder := &model.Folder{
+					Path:        "playlists",
+					LibraryPath: "/music",
+					LibraryID:   1,
+				}
+
+				// This relative path resolves to music-classical library
+				resolution := resolver.resolvePath("../../music-classical/track.mp3", folder)
+
+				Expect(resolution.valid).To(BeTrue())
+				Expect(resolution.libraryID).To(Equal(2))
+				Expect(resolution.libraryPath).To(Equal("/music-classical"))
+			})
+
+			It("returns invalid for relative paths escaping all libraries", func() {
+				folder := &model.Folder{
+					Path:        "playlists",
+					LibraryPath: "/music",
+					LibraryID:   1,
+				}
+
+				resolution := resolver.resolvePath("../../../../etc/passwd", folder)
+
+				Expect(resolution.valid).To(BeFalse())
+			})
+		})
+	})
+
+	Describe("Cross-library resolution scenarios", func() {
+		It("handles playlist in library A referencing file in library B", func() {
+			// Playlist is in /music/playlists
+			folder := &model.Folder{
+				Path:        "playlists",
+				LibraryPath: "/music",
+				LibraryID:   1,
+			}
+
+			// Relative path that goes to /podcasts library
+			resolution := resolver.resolvePath("../../podcasts/show/episode.mp3", folder)
+
+			Expect(resolution.valid).To(BeTrue())
+			Expect(resolution.libraryID).To(Equal(3), "Should resolve to podcasts library")
+			Expect(resolution.libraryPath).To(Equal("/podcasts"))
+		})
+
+		It("prefers longer library paths when resolving", func() {
+			// Ensure /music-classical is matched instead of /music
+			resolution := resolver.resolvePath("/music-classical/baroque/track.mp3", nil)
+
+			Expect(resolution.valid).To(BeTrue())
+			Expect(resolution.libraryID).To(Equal(2), "Should match /music-classical, not /music")
+		})
+	})
+})
+
+var _ = Describe("pathResolution", func() {
+	Describe("ToQualifiedString", func() {
+		It("converts valid resolution to qualified string with forward slashes", func() {
+			resolution := pathResolution{
+				absolutePath: "/music/artist/album/track.mp3",
+				libraryPath:  "/music",
+				libraryID:    1,
+				valid:        true,
+			}
+
+			qualifiedStr, err := resolution.ToQualifiedString()
+
+			Expect(err).ToNot(HaveOccurred())
+			Expect(qualifiedStr).To(Equal("1:artist/album/track.mp3"))
+		})
+
+		It("handles Windows-style paths by converting to forward slashes", func() {
+			resolution := pathResolution{
+				absolutePath: "/music/artist/album/track.mp3",
+				libraryPath:  "/music",
+				libraryID:    2,
+				valid:        true,
+			}
+
+			qualifiedStr, err := resolution.ToQualifiedString()
+
+			Expect(err).ToNot(HaveOccurred())
+			// Should always use forward slashes regardless of OS
+			Expect(qualifiedStr).To(ContainSubstring("2:"))
+			Expect(qualifiedStr).ToNot(ContainSubstring("\\"))
+		})
+
+		It("returns error for invalid resolution", func() {
+			resolution := pathResolution{valid: false}
+
+			_, err := resolution.ToQualifiedString()
+
+			Expect(err).To(HaveOccurred())
+		})
+	})
+})
--- a/core/playlists_test.go
+++ b/core/playlists_test.go
@@ -1,4 +1,4 @@
-package core
+package core_test

 import (
 	"context"
@@ -9,6 +9,7 @@ import (

 	"github.com/navidrome/navidrome/conf"
 	"github.com/navidrome/navidrome/conf/configtest"
+	"github.com/navidrome/navidrome/core"
 	"github.com/navidrome/navidrome/model"
 	"github.com/navidrome/navidrome/model/criteria"
 	"github.com/navidrome/navidrome/model/request"
@@ -20,7 +21,7 @@ import (

 var _ = Describe("Playlists", func() {
 	var ds *tests.MockDataStore
-	var ps Playlists
+	var ps core.Playlists
 	var mockPlsRepo mockedPlaylistRepo
 	var mockLibRepo *tests.MockLibraryRepo
 	ctx := context.Background()
@@ -33,16 +34,16 @@ var _ = Describe("Playlists", func() {
 			MockedLibrary:  mockLibRepo,
 		}
 		ctx = request.WithUser(ctx, model.User{ID: "123"})
-		// Path should be libPath, but we want to match the root folder referenced in the m3u, which is `/`
-		mockLibRepo.SetData([]model.Library{{ID: 1, Path: "/"}})
 	})

 	Describe("ImportFile", func() {
 		var folder *model.Folder
 		BeforeEach(func() {
-			ps = NewPlaylists(ds)
+			ps = core.NewPlaylists(ds)
 			ds.MockedMediaFile = &mockedMediaFileRepo{}
 			libPath, _ := os.Getwd()
+			// Set up library with the actual library path that matches the folder
+			mockLibRepo.SetData([]model.Library{{ID: 1, Path: libPath}})
 			folder = &model.Folder{
 				ID:          "1",
 				LibraryID:   1,
@@ -112,6 +113,224 @@ var _ = Describe("Playlists", func() {
 				Expect(err.Error()).To(ContainSubstring("line 19, column 1: invalid character '\\n'"))
 			})
 		})
+
+		Describe("Cross-library relative paths", func() {
+			var tmpDir, plsDir, songsDir string
+
+			BeforeEach(func() {
+				// Create temp directory structure
+				tmpDir = GinkgoT().TempDir()
+				plsDir = tmpDir + "/playlists"
+				songsDir = tmpDir + "/songs"
+				Expect(os.Mkdir(plsDir, 0755)).To(Succeed())
+				Expect(os.Mkdir(songsDir, 0755)).To(Succeed())
+
+				// Setup two different libraries with paths matching our temp structure
+				mockLibRepo.SetData([]model.Library{
+					{ID: 1, Path: songsDir},
+					{ID: 2, Path: plsDir},
+				})
+
+				// Create a mock media file repository that returns files for both libraries
+				// Note: The paths are relative to their respective library roots
+				ds.MockedMediaFile = &mockedMediaFileFromListRepo{
+					data: []string{
+						"abc.mp3", // This is songs/abc.mp3 relative to songsDir
+						"def.mp3", // This is playlists/def.mp3 relative to plsDir
+					},
+				}
+				ps = core.NewPlaylists(ds)
+			})
+
+			It("handles relative paths that reference files in other libraries", func() {
+				// Create a temporary playlist file with relative path
+				plsContent := "#PLAYLIST:Cross Library Test\n../songs/abc.mp3\ndef.mp3"
+				plsFile := plsDir + "/test.m3u"
+				Expect(os.WriteFile(plsFile, []byte(plsContent), 0600)).To(Succeed())
+
+				// Playlist is in the Playlists library folder
+				// Important: Path should be relative to LibraryPath, and Name is the folder name
+				plsFolder := &model.Folder{
+					ID:          "2",
+					LibraryID:   2,
+					LibraryPath: plsDir,
+					Path:        "",
+					Name:        "",
+				}
+
+				pls, err := ps.ImportFile(ctx, plsFolder, "test.m3u")
+				Expect(err).ToNot(HaveOccurred())
+				Expect(pls.Tracks).To(HaveLen(2))
+				Expect(pls.Tracks[0].Path).To(Equal("abc.mp3")) // From songsDir library
+				Expect(pls.Tracks[1].Path).To(Equal("def.mp3")) // From plsDir library
+			})
+
+			It("ignores paths that point outside all libraries", func() {
+				// Create a temporary playlist file with path outside libraries
+				plsContent := "#PLAYLIST:Outside Test\n../../outside.mp3\nabc.mp3"
+				plsFile := plsDir + "/test.m3u"
+				Expect(os.WriteFile(plsFile, []byte(plsContent), 0600)).To(Succeed())
+
+				plsFolder := &model.Folder{
+					ID:          "2",
+					LibraryID:   2,
+					LibraryPath: plsDir,
+					Path:        "",
+					Name:        "",
+				}
+
+				pls, err := ps.ImportFile(ctx, plsFolder, "test.m3u")
+				Expect(err).ToNot(HaveOccurred())
+				// Should only find abc.mp3, not outside.mp3
+				Expect(pls.Tracks).To(HaveLen(1))
+				Expect(pls.Tracks[0].Path).To(Equal("abc.mp3"))
+			})
+
+			It("handles relative paths with multiple '../' components", func() {
+				// Create a nested structure: tmpDir/playlists/subfolder/test.m3u
+				subFolder := plsDir + "/subfolder"
+				Expect(os.Mkdir(subFolder, 0755)).To(Succeed())
+
+				// Create the media file in the subfolder directory
+				// The mock will return it as "def.mp3" relative to plsDir
+				ds.MockedMediaFile = &mockedMediaFileFromListRepo{
+					data: []string{
+						"abc.mp3", // From songsDir library
+						"def.mp3", // From plsDir library root
+					},
+				}
+
+				// From subfolder, ../../songs/abc.mp3 should resolve to songs library
+				// ../def.mp3 should resolve to plsDir/def.mp3
+				plsContent := "#PLAYLIST:Nested Test\n../../songs/abc.mp3\n../def.mp3"
+				plsFile := subFolder + "/test.m3u"
+				Expect(os.WriteFile(plsFile, []byte(plsContent), 0600)).To(Succeed())
+
+				// The folder: AbsolutePath = LibraryPath + Path + Name
+				// So for /playlists/subfolder: LibraryPath=/playlists, Path="", Name="subfolder"
+				plsFolder := &model.Folder{
+					ID:          "2",
+					LibraryID:   2,
+					LibraryPath: plsDir,
+					Path:        "",          // Empty because subfolder is directly under library root
+					Name:        "subfolder", // The folder name
+				}
+
+				pls, err := ps.ImportFile(ctx, plsFolder, "test.m3u")
+				Expect(err).ToNot(HaveOccurred())
+				Expect(pls.Tracks).To(HaveLen(2))
+				Expect(pls.Tracks[0].Path).To(Equal("abc.mp3")) // From songsDir library
+				Expect(pls.Tracks[1].Path).To(Equal("def.mp3")) // From plsDir library root
+			})
+
+			It("correctly resolves libraries when one path is a prefix of another", func() {
+				// This tests the bug where /music would match before /music-classical
+				// Create temp directory structure with prefix conflict
+				tmpDir := GinkgoT().TempDir()
+				musicDir := tmpDir + "/music"
+				musicClassicalDir := tmpDir + "/music-classical"
+				Expect(os.Mkdir(musicDir, 0755)).To(Succeed())
+				Expect(os.Mkdir(musicClassicalDir, 0755)).To(Succeed())
+
+				// Setup two libraries where one is a prefix of the other
+				mockLibRepo.SetData([]model.Library{
+					{ID: 1, Path: musicDir},          // /tmp/xxx/music
+					{ID: 2, Path: musicClassicalDir}, // /tmp/xxx/music-classical
+				})
+
+				// Mock will return tracks from both libraries
+				ds.MockedMediaFile = &mockedMediaFileFromListRepo{
+					data: []string{
+						"rock.mp3", // From music library
+						"bach.mp3", // From music-classical library
+					},
+				}
+
+				// Create playlist in music library that references music-classical
+				plsContent := "#PLAYLIST:Cross Prefix Test\nrock.mp3\n../music-classical/bach.mp3"
+				plsFile := musicDir + "/test.m3u"
+				Expect(os.WriteFile(plsFile, []byte(plsContent), 0600)).To(Succeed())
+
+				plsFolder := &model.Folder{
+					ID:          "1",
+					LibraryID:   1,
+					LibraryPath: musicDir,
+					Path:        "",
+					Name:        "",
+				}
+
+				pls, err := ps.ImportFile(ctx, plsFolder, "test.m3u")
+				Expect(err).ToNot(HaveOccurred())
+				Expect(pls.Tracks).To(HaveLen(2))
+				Expect(pls.Tracks[0].Path).To(Equal("rock.mp3")) // From music library
+				Expect(pls.Tracks[1].Path).To(Equal("bach.mp3")) // From music-classical library (not music!)
+			})
+
+			It("correctly handles identical relative paths from different libraries", func() {
+				// This tests the bug where two libraries have files at the same relative path
+				// and only one appears in the playlist
+				tmpDir := GinkgoT().TempDir()
+				musicDir := tmpDir + "/music"
+				classicalDir := tmpDir + "/classical"
+				Expect(os.Mkdir(musicDir, 0755)).To(Succeed())
+				Expect(os.Mkdir(classicalDir, 0755)).To(Succeed())
+				Expect(os.MkdirAll(musicDir+"/album", 0755)).To(Succeed())
+				Expect(os.MkdirAll(classicalDir+"/album", 0755)).To(Succeed())
+				// Create placeholder files so paths resolve correctly
+				Expect(os.WriteFile(musicDir+"/album/track.mp3", []byte{}, 0600)).To(Succeed())
+				Expect(os.WriteFile(classicalDir+"/album/track.mp3", []byte{}, 0600)).To(Succeed())
+
+				// Both libraries have a file at "album/track.mp3"
+				mockLibRepo.SetData([]model.Library{
+					{ID: 1, Path: musicDir},
+					{ID: 2, Path: classicalDir},
+				})
+
+				// Mock returns files with same relative path but different IDs and library IDs
+				// Keys use the library-qualified format: "libraryID:path"
+				ds.MockedMediaFile = &mockedMediaFileRepo{
+					data: map[string]model.MediaFile{
+						"1:album/track.mp3": {ID: "music-track", Path: "album/track.mp3", LibraryID: 1, Title: "Rock Song"},
+						"2:album/track.mp3": {ID: "classical-track", Path: "album/track.mp3", LibraryID: 2, Title: "Classical Piece"},
+					},
+				}
+				// Recreate playlists service to pick up new mock
+				ps = core.NewPlaylists(ds)
+
+				// Create playlist in music library that references both tracks
+				plsContent := "#PLAYLIST:Same Path Test\nalbum/track.mp3\n../classical/album/track.mp3"
+				plsFile := musicDir + "/test.m3u"
+				Expect(os.WriteFile(plsFile, []byte(plsContent), 0600)).To(Succeed())
+
+				plsFolder := &model.Folder{
+					ID:          "1",
+					LibraryID:   1,
+					LibraryPath: musicDir,
+					Path:        "",
+					Name:        "",
+				}
+
+				pls, err := ps.ImportFile(ctx, plsFolder, "test.m3u")
+				Expect(err).ToNot(HaveOccurred())
+
+				// Should have BOTH tracks, not just one
+				Expect(pls.Tracks).To(HaveLen(2), "Playlist should contain both tracks with same relative path")
+
+				// Verify we got tracks from DIFFERENT libraries (the key fix!)
+				// Collect the library IDs
+				libIDs := make(map[int]bool)
+				for _, track := range pls.Tracks {
+					libIDs[track.LibraryID] = true
+				}
+				Expect(libIDs).To(HaveLen(2), "Tracks should come from two different libraries")
+				Expect(libIDs[1]).To(BeTrue(), "Should have track from library 1")
+				Expect(libIDs[2]).To(BeTrue(), "Should have track from library 2")
+
+				// Both tracks should have the same relative path
+				Expect(pls.Tracks[0].Path).To(Equal("album/track.mp3"))
+				Expect(pls.Tracks[1].Path).To(Equal("album/track.mp3"))
+			})
+		})
 	})

 	Describe("ImportM3U", func() {
@@ -119,7 +338,7 @@ var _ = Describe("Playlists", func() {
 		BeforeEach(func() {
 			repo = &mockedMediaFileFromListRepo{}
 			ds.MockedMediaFile = repo
-			ps = NewPlaylists(ds)
+			ps = core.NewPlaylists(ds)
 			mockLibRepo.SetData([]model.Library{{ID: 1, Path: "/music"}, {ID: 2, Path: "/new"}})
 			ctx = request.WithUser(ctx, model.User{ID: "123"})
 		})
@@ -206,53 +425,23 @@ var _ = Describe("Playlists", func() {
 			Expect(pls.Tracks[0].Path).To(Equal("abc/tEsT1.Mp3"))
 		})

-		It("handles Unicode normalization when comparing paths", func() {
-			// Test case for Apple Music playlists that use NFC encoding vs macOS filesystem NFD
-			// The character "è" can be represented as NFC (single codepoint) or NFD (e + combining accent)
-
-			const pathWithAccents = "artist/Michèle Desrosiers/album/Noël.m4a"
-
-			// Simulate a database entry with NFD encoding (as stored by macOS filesystem)
-			nfdPath := norm.NFD.String(pathWithAccents)
+		It("handles Unicode normalization when comparing paths (NFD vs NFC)", func() {
+			// Simulate macOS filesystem: stores paths in NFD (decomposed) form
+			// "è" (U+00E8) in NFC becomes "e" + "◌̀" (U+0065 + U+0300) in NFD
+			nfdPath := "artist/Mich" + string([]rune{'e', '\u0300'}) + "le/song.mp3" // NFD: e + combining grave
 			repo.data = []string{nfdPath}

-			// Simulate an Apple Music M3U playlist entry with NFC encoding
-			nfcPath := norm.NFC.String("/music/" + pathWithAccents)
-			m3u := strings.Join([]string{
-				nfcPath,
-			}, "\n")
+			// Simulate Apple Music M3U: uses NFC (composed) form
+			nfcPath := "/music/artist/Mich\u00E8le/song.mp3" // NFC: single è character
+			m3u := nfcPath + "\n"
 			f := strings.NewReader(m3u)
-
 			pls, err := ps.ImportM3U(ctx, f)
 			Expect(err).ToNot(HaveOccurred())
-			Expect(pls.Tracks).To(HaveLen(1), "Should find the track despite Unicode normalization differences")
+			Expect(pls.Tracks).To(HaveLen(1))
+			// Should match despite different Unicode normalization forms
 			Expect(pls.Tracks[0].Path).To(Equal(nfdPath))
 		})
-	})

-	Describe("normalizePathForComparison", func() {
-		It("normalizes Unicode characters to NFC form and converts to lowercase", func() {
-			// Test with NFD (decomposed) input - as would come from macOS filesystem
-			nfdPath := norm.NFD.String("Michèle") // Explicitly convert to NFD form
-			normalized := normalizePathForComparison(nfdPath)
-			Expect(normalized).To(Equal("michèle"))
-
-			// Test with NFC (composed) input - as would come from Apple Music M3U
-			nfcPath := "Michèle" // This might be in NFC form
-			normalizedNfc := normalizePathForComparison(nfcPath)
-
-			// Ensure the two paths are not equal in their original forms
-			Expect(nfdPath).ToNot(Equal(nfcPath))
-
-			// Both should normalize to the same result
-			Expect(normalized).To(Equal(normalizedNfc))
-		})
-
-		It("handles paths with mixed case and Unicode characters", func() {
-			path := "Artist/Noël Coward/Album/Song.mp3"
-			normalized := normalizePathForComparison(path)
-			Expect(normalized).To(Equal("artist/noël coward/album/song.mp3"))
-		})
 	})

 	Describe("InPlaylistsPath", func() {
@@ -269,27 +458,27 @@ var _ = Describe("Playlists", func() {

 		It("returns true if PlaylistsPath is empty", func() {
 			conf.Server.PlaylistsPath = ""
-			Expect(InPlaylistsPath(folder)).To(BeTrue())
+			Expect(core.InPlaylistsPath(folder)).To(BeTrue())
 		})

 		It("returns true if PlaylistsPath is any (**/**)", func() {
 			conf.Server.PlaylistsPath = "**/**"
-			Expect(InPlaylistsPath(folder)).To(BeTrue())
+			Expect(core.InPlaylistsPath(folder)).To(BeTrue())
 		})

 		It("returns true if folder is in PlaylistsPath", func() {
 			conf.Server.PlaylistsPath = "other/**:playlists/**"
-			Expect(InPlaylistsPath(folder)).To(BeTrue())
+			Expect(core.InPlaylistsPath(folder)).To(BeTrue())
 		})

 		It("returns false if folder is not in PlaylistsPath", func() {
 			conf.Server.PlaylistsPath = "other"
-			Expect(InPlaylistsPath(folder)).To(BeFalse())
+			Expect(core.InPlaylistsPath(folder)).To(BeFalse())
 		})

 		It("returns true if for a playlist in root of MusicFolder if PlaylistsPath is '.'", func() {
 			conf.Server.PlaylistsPath = "."
-			Expect(InPlaylistsPath(folder)).To(BeFalse())
+			Expect(core.InPlaylistsPath(folder)).To(BeFalse())

 			folder2 := model.Folder{
 				LibraryPath: "/music",
@@ -297,22 +486,47 @@ var _ = Describe("Playlists", func() {
 				Name:        ".",
 			}

-			Expect(InPlaylistsPath(folder2)).To(BeTrue())
+			Expect(core.InPlaylistsPath(folder2)).To(BeTrue())
 		})
 	})
 })

-// mockedMediaFileRepo's FindByPaths method returns a list of MediaFiles with the same paths as the input
+// mockedMediaFileRepo's FindByPaths method returns MediaFiles for the given paths.
+// If data map is provided, looks up files by key; otherwise creates them from paths.
 type mockedMediaFileRepo struct {
 	model.MediaFileRepository
+	data map[string]model.MediaFile
 }

 func (r *mockedMediaFileRepo) FindByPaths(paths []string) (model.MediaFiles, error) {
 	var mfs model.MediaFiles
+
+	// If data map provided, look up files
+	if r.data != nil {
+		for _, path := range paths {
+			if mf, ok := r.data[path]; ok {
+				mfs = append(mfs, mf)
+			}
+		}
+		return mfs, nil
+	}
+
+	// Otherwise, create MediaFiles from paths
 	for idx, path := range paths {
+		// Strip library qualifier if present (format: "libraryID:path")
+		actualPath := path
+		libraryID := 1
+		if parts := strings.SplitN(path, ":", 2); len(parts) == 2 {
+			if id, err := strconv.Atoi(parts[0]); err == nil {
+				libraryID = id
+				actualPath = parts[1]
+			}
+		}
+
 		mfs = append(mfs, model.MediaFile{
-			ID:   strconv.Itoa(idx),
-			Path: path,
+			ID:        strconv.Itoa(idx),
+			Path:      actualPath,
+			LibraryID: libraryID,
 		})
 	}
 	return mfs, nil
@@ -324,13 +538,38 @@ type mockedMediaFileFromListRepo struct {
 	data []string
 }

-func (r *mockedMediaFileFromListRepo) FindByPaths([]string) (model.MediaFiles, error) {
+func (r *mockedMediaFileFromListRepo) FindByPaths(paths []string) (model.MediaFiles, error) {
 	var mfs model.MediaFiles
-	for idx, path := range r.data {
-		mfs = append(mfs, model.MediaFile{
-			ID:   strconv.Itoa(idx),
-			Path: path,
-		})
+
+	for idx, dataPath := range r.data {
+		// Normalize the data path to NFD (simulates macOS filesystem storage)
+		normalizedDataPath := norm.NFD.String(dataPath)
+
+		for _, requestPath := range paths {
+			// Strip library qualifier if present (format: "libraryID:path")
+			actualPath := requestPath
+			libraryID := 1
+			if parts := strings.SplitN(requestPath, ":", 2); len(parts) == 2 {
+				if id, err := strconv.Atoi(parts[0]); err == nil {
+					libraryID = id
+					actualPath = parts[1]
+				}
+			}
+
+			// The request path should already be normalized to NFD by production code
+			// before calling FindByPaths (to match DB storage)
+			normalizedRequestPath := norm.NFD.String(actualPath)
+
+			// Case-insensitive comparison (like SQL's "collate nocase")
+			if strings.EqualFold(normalizedRequestPath, normalizedDataPath) {
+				mfs = append(mfs, model.MediaFile{
+					ID:        strconv.Itoa(idx),
+					Path:      dataPath, // Return original path from DB
+					LibraryID: libraryID,
+				})
+				break
+			}
+		}
 	}
 	return mfs, nil
 }
--- a/core/publicurl/publicurl.go
+++ b/core/publicurl/publicurl.go
@@ -0,0 +1,81 @@
+package publicurl
+
+import (
+	"cmp"
+	"net/http"
+	"net/url"
+	"path"
+	"strconv"
+	"strings"
+
+	"github.com/navidrome/navidrome/conf"
+	"github.com/navidrome/navidrome/consts"
+	"github.com/navidrome/navidrome/core/auth"
+	"github.com/navidrome/navidrome/log"
+	"github.com/navidrome/navidrome/model"
+)
+
+// ImageURL generates a public URL for artwork images.
+// It creates a signed token for the artwork ID and builds a complete public URL.
+func ImageURL(req *http.Request, artID model.ArtworkID, size int) string {
+	token, _ := auth.CreatePublicToken(map[string]any{"id": artID.String()})
+	uri := path.Join(consts.URLPathPublicImages, token)
+	params := url.Values{}
+	if size > 0 {
+		params.Add("size", strconv.Itoa(size))
+	}
+	return PublicURL(req, uri, params)
+}
+
+// PublicURL builds a full URL for public-facing resources.
+// It uses ShareURL from config if available, otherwise falls back to extracting
+// the scheme and host from the provided http.Request.
+// If req is nil and ShareURL is not set, it defaults to http://localhost.
+func PublicURL(req *http.Request, u string, params url.Values) string {
+	if conf.Server.ShareURL == "" {
+		return AbsoluteURL(req, u, params)
+	}
+	shareUrl, err := url.Parse(conf.Server.ShareURL)
+	if err != nil {
+		return AbsoluteURL(req, u, params)
+	}
+	buildUrl, err := url.Parse(u)
+	if err != nil {
+		return AbsoluteURL(req, u, params)
+	}
+	buildUrl.Scheme = shareUrl.Scheme
+	buildUrl.Host = shareUrl.Host
+	if len(params) > 0 {
+		buildUrl.RawQuery = params.Encode()
+	}
+	return buildUrl.String()
+}
+
+// AbsoluteURL builds an absolute URL from a relative path.
+// It uses BaseHost/BaseScheme from config if available, otherwise extracts
+// the scheme and host from the http.Request.
+// If req is nil and BaseHost is not set, it defaults to http://localhost.
+func AbsoluteURL(req *http.Request, u string, params url.Values) string {
+	buildUrl, err := url.Parse(u)
+	if err != nil {
+		log.Error(req.Context(), "Failed to parse URL path", "url", u, err)
+		return ""
+	}
+	if strings.HasPrefix(u, "/") {
+		buildUrl.Path = path.Join(conf.Server.BasePath, buildUrl.Path)
+		if conf.Server.BaseHost != "" {
+			buildUrl.Scheme = cmp.Or(conf.Server.BaseScheme, "http")
+			buildUrl.Host = conf.Server.BaseHost
+		} else if req != nil {
+			buildUrl.Scheme = req.URL.Scheme
+			buildUrl.Host = req.Host
+		} else {
+			buildUrl.Scheme = "http"
+			buildUrl.Host = "localhost"
+		}
+	}
+	if len(params) > 0 {
+		buildUrl.RawQuery = params.Encode()
+	}
+	return buildUrl.String()
+}
--- a/core/publicurl/publicurl_test.go
+++ b/core/publicurl/publicurl_test.go
@@ -0,0 +1,174 @@
+package publicurl_test
+
+import (
+	"net/http"
+	"net/url"
+	"testing"
+
+	"github.com/go-chi/jwtauth/v5"
+	"github.com/navidrome/navidrome/conf"
+	"github.com/navidrome/navidrome/conf/configtest"
+	"github.com/navidrome/navidrome/core/auth"
+	"github.com/navidrome/navidrome/core/publicurl"
+	"github.com/navidrome/navidrome/log"
+	"github.com/navidrome/navidrome/model"
+	"github.com/navidrome/navidrome/tests"
+	. "github.com/onsi/ginkgo/v2"
+	. "github.com/onsi/gomega"
+)
+
+func TestPublicURL(t *testing.T) {
+	tests.Init(t, false)
+	log.SetLevel(log.LevelFatal)
+	RegisterFailHandler(Fail)
+	RunSpecs(t, "Public URL Suite")
+}
+
+var _ = Describe("Public URL Utilities", func() {
+	BeforeEach(func() {
+		DeferCleanup(configtest.SetupConfig())
+	})
+
+	Describe("PublicURL", func() {
+		When("ShareURL is set", func() {
+			BeforeEach(func() {
+				conf.Server.ShareURL = "https://share.example.com"
+			})
+
+			It("uses ShareURL as the base", func() {
+				r, _ := http.NewRequest("GET", "http://localhost/test", nil)
+				result := publicurl.PublicURL(r, "/path/to/resource", nil)
+				Expect(result).To(Equal("https://share.example.com/path/to/resource"))
+			})
+
+			It("includes query parameters", func() {
+				r, _ := http.NewRequest("GET", "http://localhost/test", nil)
+				params := url.Values{"size": []string{"300"}, "format": []string{"png"}}
+				result := publicurl.PublicURL(r, "/image/123", params)
+				Expect(result).To(ContainSubstring("https://share.example.com/image/123"))
+				Expect(result).To(ContainSubstring("size=300"))
+				Expect(result).To(ContainSubstring("format=png"))
+			})
+
+			It("works without a request", func() {
+				result := publicurl.PublicURL(nil, "/path/to/resource", nil)
+				Expect(result).To(Equal("https://share.example.com/path/to/resource"))
+			})
+		})
+
+		When("ShareURL is not set", func() {
+			BeforeEach(func() {
+				conf.Server.ShareURL = ""
+			})
+
+			It("falls back to AbsoluteURL with request", func() {
+				r, _ := http.NewRequest("GET", "https://myserver.com/test", nil)
+				r.Host = "myserver.com"
+				result := publicurl.PublicURL(r, "/path/to/resource", nil)
+				Expect(result).To(Equal("https://myserver.com/path/to/resource"))
+			})
+
+			It("falls back to localhost without request", func() {
+				result := publicurl.PublicURL(nil, "/path/to/resource", nil)
+				Expect(result).To(Equal("http://localhost/path/to/resource"))
+			})
+		})
+	})
+
+	Describe("AbsoluteURL", func() {
+		When("BaseHost is set", func() {
+			BeforeEach(func() {
+				conf.Server.BaseHost = "configured.example.com"
+				conf.Server.BaseScheme = "https"
+				conf.Server.BasePath = ""
+			})
+
+			It("uses BaseHost and BaseScheme", func() {
+				r, _ := http.NewRequest("GET", "http://localhost/test", nil)
+				result := publicurl.AbsoluteURL(r, "/path/to/resource", nil)
+				Expect(result).To(Equal("https://configured.example.com/path/to/resource"))
+			})
+
+			It("defaults to http scheme if BaseScheme is empty", func() {
+				conf.Server.BaseScheme = ""
+				r, _ := http.NewRequest("GET", "http://localhost/test", nil)
+				result := publicurl.AbsoluteURL(r, "/path/to/resource", nil)
+				Expect(result).To(Equal("http://configured.example.com/path/to/resource"))
+			})
+		})
+
+		When("BaseHost is not set", func() {
+			BeforeEach(func() {
+				conf.Server.BaseHost = ""
+				conf.Server.BasePath = ""
+			})
+
+			It("extracts host from request", func() {
+				r, _ := http.NewRequest("GET", "https://request.example.com/test", nil)
+				r.Host = "request.example.com"
+				result := publicurl.AbsoluteURL(r, "/path/to/resource", nil)
+				Expect(result).To(Equal("https://request.example.com/path/to/resource"))
+			})
+
+			It("falls back to localhost without request", func() {
+				result := publicurl.AbsoluteURL(nil, "/path/to/resource", nil)
+				Expect(result).To(Equal("http://localhost/path/to/resource"))
+			})
+		})
+
+		When("BasePath is set", func() {
+			BeforeEach(func() {
+				conf.Server.BasePath = "/navidrome"
+				conf.Server.BaseHost = "example.com"
+				conf.Server.BaseScheme = "https"
+			})
+
+			It("prepends BasePath to the URL", func() {
+				r, _ := http.NewRequest("GET", "http://localhost/test", nil)
+				result := publicurl.AbsoluteURL(r, "/path/to/resource", nil)
+				Expect(result).To(Equal("https://example.com/navidrome/path/to/resource"))
+			})
+		})
+
+		It("passes through absolute URLs unchanged", func() {
+			r, _ := http.NewRequest("GET", "http://localhost/test", nil)
+			result := publicurl.AbsoluteURL(r, "https://other.example.com/path", nil)
+			Expect(result).To(Equal("https://other.example.com/path"))
+		})
+
+		It("includes query parameters", func() {
+			conf.Server.BaseHost = "example.com"
+			conf.Server.BaseScheme = "https"
+			r, _ := http.NewRequest("GET", "http://localhost/test", nil)
+			params := url.Values{"key": []string{"value"}}
+			result := publicurl.AbsoluteURL(r, "/path", params)
+			Expect(result).To(Equal("https://example.com/path?key=value"))
+		})
+	})
+
+	Describe("ImageURL", func() {
+		BeforeEach(func() {
+			conf.Server.ShareURL = "https://share.example.com"
+			// Initialize JWT auth for token generation
+			auth.TokenAuth = jwtauth.New("HS256", []byte("test secret"), nil)
+		})
+
+		It("generates a URL with the artwork token", func() {
+			artID := model.NewArtworkID(model.KindAlbumArtwork, "album-123", nil)
+			result := publicurl.ImageURL(nil, artID, 0)
+			Expect(result).To(HavePrefix("https://share.example.com/share/img/"))
+		})
+
+		It("includes size parameter when provided", func() {
+			artID := model.NewArtworkID(model.KindArtistArtwork, "artist-1", nil)
+			result := publicurl.ImageURL(nil, artID, 300)
+			Expect(result).To(ContainSubstring("size=300"))
+		})
+
+		It("omits size parameter when zero", func() {
+			artID := model.NewArtworkID(model.KindMediaFileArtwork, "track-1", nil)
+			result := publicurl.ImageURL(nil, artID, 0)
+			Expect(result).ToNot(ContainSubstring("size="))
+		})
+	})
+})
--- a/core/scrobbler/buffered_scrobbler_test.go
+++ b/core/scrobbler/buffered_scrobbler_test.go
@@ -38,9 +38,9 @@ var _ = Describe("BufferedScrobbler", func() {
 	It("forwards NowPlaying calls", func() {
 		track := &model.MediaFile{ID: "123", Title: "Test Track"}
 		Expect(bs.NowPlaying(ctx, "user1", track, 0)).To(Succeed())
-		Expect(scr.NowPlayingCalled).To(BeTrue())
-		Expect(scr.UserID).To(Equal("user1"))
-		Expect(scr.Track).To(Equal(track))
+		Expect(scr.GetNowPlayingCalled()).To(BeTrue())
+		Expect(scr.GetUserID()).To(Equal("user1"))
+		Expect(scr.GetTrack()).To(Equal(track))
 	})

 	It("enqueues scrobbles to buffer", func() {
@@ -51,9 +51,10 @@ var _ = Describe("BufferedScrobbler", func() {
 		Expect(scr.ScrobbleCalled.Load()).To(BeFalse())

 		Expect(bs.Scrobble(ctx, "user1", scrobble)).To(Succeed())
-		Expect(buffer.Length()).To(Equal(int64(1)))

-		// Wait for the scrobble to be sent
+		// Wait for the background goroutine to process the scrobble.
+		// We don't check buffer.Length() here because the background goroutine
+		// may dequeue the entry before we can observe it.
 		Eventually(scr.ScrobbleCalled.Load).Should(BeTrue())

 		lastScrobble := scr.LastScrobble.Load()
--- a/core/scrobbler/play_tracker.go
+++ b/core/scrobbler/play_tracker.go
@@ -31,6 +31,13 @@ type Submission struct {
 	Timestamp time.Time
 }

+type nowPlayingEntry struct {
+	ctx      context.Context
+	userId   string
+	track    *model.MediaFile
+	position int
+}
+
 type PlayTracker interface {
 	NowPlaying(ctx context.Context, playerId string, playerName string, trackId string, position int) error
 	GetNowPlaying(ctx context.Context) ([]NowPlayingInfo, error)
@@ -52,6 +59,11 @@ type playTracker struct {
 	pluginScrobblers  map[string]Scrobbler
 	pluginLoader      PluginLoader
 	mu                sync.RWMutex
+	npQueue           map[string]nowPlayingEntry
+	npMu              sync.Mutex
+	npSignal          chan struct{}
+	shutdown          chan struct{}
+	workerDone        chan struct{}
 }

 func GetPlayTracker(ds model.DataStore, broker events.Broker, pluginManager PluginLoader) PlayTracker {
@@ -71,6 +83,10 @@ func newPlayTracker(ds model.DataStore, broker events.Broker, pluginManager Plug
 		builtinScrobblers: make(map[string]Scrobbler),
 		pluginScrobblers:  make(map[string]Scrobbler),
 		pluginLoader:      pluginManager,
+		npQueue:           make(map[string]nowPlayingEntry),
+		npSignal:          make(chan struct{}, 1),
+		shutdown:          make(chan struct{}),
+		workerDone:        make(chan struct{}),
 	}
 	if conf.Server.EnableNowPlaying {
 		m.OnExpiration(func(_ string, _ NowPlayingInfo) {
@@ -90,9 +106,16 @@ func newPlayTracker(ds model.DataStore, broker events.Broker, pluginManager Plug
 		p.builtinScrobblers[name] = s
 	}
 	log.Debug("List of builtin scrobblers enabled", "names", enabled)
+	go p.nowPlayingWorker()
 	return p
 }

+// stopNowPlayingWorker stops the background worker. This is primarily for testing.
+func (p *playTracker) stopNowPlayingWorker() {
+	close(p.shutdown)
+	<-p.workerDone // Wait for worker to finish
+}
+
 // pluginNamesMatchScrobblers returns true if the set of pluginNames matches the keys in pluginScrobblers
 func pluginNamesMatchScrobblers(pluginNames []string, scrobblers map[string]Scrobbler) bool {
 	if len(pluginNames) != len(scrobblers) {
@@ -198,11 +221,60 @@ func (p *playTracker) NowPlaying(ctx context.Context, playerId string, playerNam
 	}
 	player, _ := request.PlayerFrom(ctx)
 	if player.ScrobbleEnabled {
-		p.dispatchNowPlaying(ctx, user.ID, mf, position)
+		p.enqueueNowPlaying(ctx, playerId, user.ID, mf, position)
 	}
 	return nil
 }

+func (p *playTracker) enqueueNowPlaying(ctx context.Context, playerId string, userId string, track *model.MediaFile, position int) {
+	p.npMu.Lock()
+	defer p.npMu.Unlock()
+	ctx = context.WithoutCancel(ctx) // Prevent cancellation from affecting background processing
+	p.npQueue[playerId] = nowPlayingEntry{
+		ctx:      ctx,
+		userId:   userId,
+		track:    track,
+		position: position,
+	}
+	p.sendNowPlayingSignal()
+}
+
+func (p *playTracker) sendNowPlayingSignal() {
+	// Don't block if the previous signal was not read yet
+	select {
+	case p.npSignal <- struct{}{}:
+	default:
+	}
+}
+
+func (p *playTracker) nowPlayingWorker() {
+	defer close(p.workerDone)
+	for {
+		select {
+		case <-p.shutdown:
+			return
+		case <-time.After(time.Second):
+		case <-p.npSignal:
+		}
+
+		p.npMu.Lock()
+		if len(p.npQueue) == 0 {
+			p.npMu.Unlock()
+			continue
+		}
+
+		// Keep a copy of the entries to process and clear the queue
+		entries := p.npQueue
+		p.npQueue = make(map[string]nowPlayingEntry)
+		p.npMu.Unlock()
+
+		// Process entries without holding lock
+		for _, entry := range entries {
+			p.dispatchNowPlaying(entry.ctx, entry.userId, entry.track, entry.position)
+		}
+	}
+}
+
 func (p *playTracker) dispatchNowPlaying(ctx context.Context, userId string, t *model.MediaFile, position int) {
 	if t.Artist == consts.UnknownArtist {
 		log.Debug(ctx, "Ignoring external NowPlaying update for track with unknown artist", "track", t.Title, "artist", t.Artist)
@@ -276,8 +348,14 @@ func (p *playTracker) incPlay(ctx context.Context, track *model.MediaFile, times
 		}
 		for _, artist := range track.Participants[model.RoleArtist] {
 			err = tx.Artist(ctx).IncPlayCount(artist.ID, timestamp)
+			if err != nil {
+				return err
+			}
 		}
-		return err
+		if conf.Server.EnableScrobbleHistory {
+			return tx.Scrobble(ctx).RecordScrobble(track.ID, timestamp)
+		}
+		return nil
 	})
 }

--- a/core/scrobbler/play_tracker_test.go
+++ b/core/scrobbler/play_tracker_test.go
@@ -24,15 +24,26 @@ import (
 // Moved to top-level scope to avoid linter issues

 type mockPluginLoader struct {
+	mu         sync.RWMutex
 	names      []string
 	scrobblers map[string]Scrobbler
 }

 func (m *mockPluginLoader) PluginNames(service string) []string {
+	m.mu.RLock()
+	defer m.mu.RUnlock()
 	return m.names
 }

+func (m *mockPluginLoader) SetNames(names []string) {
+	m.mu.Lock()
+	defer m.mu.Unlock()
+	m.names = names
+}
+
 func (m *mockPluginLoader) LoadScrobbler(name string) (Scrobbler, bool) {
+	m.mu.RLock()
+	defer m.mu.RUnlock()
 	s, ok := m.scrobblers[name]
 	return s, ok
 }
@@ -46,24 +57,24 @@ var _ = Describe("PlayTracker", func() {
 	var album model.Album
 	var artist1 model.Artist
 	var artist2 model.Artist
-	var fake fakeScrobbler
+	var fake *fakeScrobbler

 	BeforeEach(func() {
 		DeferCleanup(configtest.SetupConfig())
-		ctx = context.Background()
+		ctx = GinkgoT().Context()
 		ctx = request.WithUser(ctx, model.User{ID: "u-1"})
 		ctx = request.WithPlayer(ctx, model.Player{ScrobbleEnabled: true})
 		ds = &tests.MockDataStore{}
-		fake = fakeScrobbler{Authorized: true}
+		fake = &fakeScrobbler{Authorized: true}
 		Register("fake", func(model.DataStore) Scrobbler {
-			return &fake
+			return fake
 		})
 		Register("disabled", func(model.DataStore) Scrobbler {
 			return nil
 		})
 		eventBroker = &fakeEventBroker{}
 		tracker = newPlayTracker(ds, eventBroker, nil)
-		tracker.(*playTracker).builtinScrobblers["fake"] = &fake // Bypass buffering for tests
+		tracker.(*playTracker).builtinScrobblers["fake"] = fake // Bypass buffering for tests

 		track = model.MediaFile{
 			ID:             "123",
@@ -86,6 +97,11 @@ var _ = Describe("PlayTracker", func() {
 		_ = ds.Album(ctx).(*tests.MockAlbumRepo).Put(&album)
 	})

+	AfterEach(func() {
+		// Stop the worker goroutine to prevent data races between tests
+		tracker.(*playTracker).stopNowPlayingWorker()
+	})
+
 	It("does not register disabled scrobblers", func() {
 		Expect(tracker.(*playTracker).builtinScrobblers).To(HaveKey("fake"))
 		Expect(tracker.(*playTracker).builtinScrobblers).ToNot(HaveKey("disabled"))
@@ -95,10 +111,10 @@ var _ = Describe("PlayTracker", func() {
 		It("sends track to agent", func() {
 			err := tracker.NowPlaying(ctx, "player-1", "player-one", "123", 0)
 			Expect(err).ToNot(HaveOccurred())
-			Expect(fake.NowPlayingCalled).To(BeTrue())
-			Expect(fake.UserID).To(Equal("u-1"))
-			Expect(fake.Track.ID).To(Equal("123"))
-			Expect(fake.Track.Participants).To(Equal(track.Participants))
+			Eventually(func() bool { return fake.GetNowPlayingCalled() }).Should(BeTrue())
+			Expect(fake.GetUserID()).To(Equal("u-1"))
+			Expect(fake.GetTrack().ID).To(Equal("123"))
+			Expect(fake.GetTrack().Participants).To(Equal(track.Participants))
 		})
 		It("does not send track to agent if user has not authorized", func() {
 			fake.Authorized = false
@@ -106,7 +122,7 @@ var _ = Describe("PlayTracker", func() {
 			err := tracker.NowPlaying(ctx, "player-1", "player-one", "123", 0)

 			Expect(err).ToNot(HaveOccurred())
-			Expect(fake.NowPlayingCalled).To(BeFalse())
+			Expect(fake.GetNowPlayingCalled()).To(BeFalse())
 		})
 		It("does not send track to agent if player is not enabled to send scrobbles", func() {
 			ctx = request.WithPlayer(ctx, model.Player{ScrobbleEnabled: false})
@@ -114,7 +130,7 @@ var _ = Describe("PlayTracker", func() {
 			err := tracker.NowPlaying(ctx, "player-1", "player-one", "123", 0)

 			Expect(err).ToNot(HaveOccurred())
-			Expect(fake.NowPlayingCalled).To(BeFalse())
+			Expect(fake.GetNowPlayingCalled()).To(BeFalse())
 		})
 		It("does not send track to agent if artist is unknown", func() {
 			track.Artist = consts.UnknownArtist
@@ -122,7 +138,7 @@ var _ = Describe("PlayTracker", func() {
 			err := tracker.NowPlaying(ctx, "player-1", "player-one", "123", 0)

 			Expect(err).ToNot(HaveOccurred())
-			Expect(fake.NowPlayingCalled).To(BeFalse())
+			Expect(fake.GetNowPlayingCalled()).To(BeFalse())
 		})

 		It("stores position when greater than zero", func() {
@@ -130,11 +146,12 @@ var _ = Describe("PlayTracker", func() {
 			err := tracker.NowPlaying(ctx, "player-1", "player-one", "123", pos)
 			Expect(err).ToNot(HaveOccurred())

+			Eventually(func() int { return fake.GetPosition() }).Should(Equal(pos))
+
 			playing, err := tracker.GetNowPlaying(ctx)
 			Expect(err).ToNot(HaveOccurred())
 			Expect(playing).To(HaveLen(1))
 			Expect(playing[0].Position).To(Equal(pos))
-			Expect(fake.Position).To(Equal(pos))
 		})

 		It("sends event with count", func() {
@@ -153,6 +170,17 @@ var _ = Describe("PlayTracker", func() {
 			Expect(err).ToNot(HaveOccurred())
 			Expect(eventBroker.getEvents()).To(BeEmpty())
 		})
+
+		It("passes user to scrobbler via context (fix for issue #4787)", func() {
+			ctx = request.WithUser(ctx, model.User{ID: "u-1", UserName: "testuser"})
+			ctx = request.WithPlayer(ctx, model.Player{ScrobbleEnabled: true})
+
+			err := tracker.NowPlaying(ctx, "player-1", "player-one", "123", 0)
+			Expect(err).ToNot(HaveOccurred())
+			Eventually(func() bool { return fake.GetNowPlayingCalled() }).Should(BeTrue())
+			// Verify the username was passed through async dispatch via context
+			Eventually(func() string { return fake.GetUsername() }).Should(Equal("testuser"))
+		})
 	})

 	Describe("GetNowPlaying", func() {
@@ -160,9 +188,9 @@ var _ = Describe("PlayTracker", func() {
 			track2 := track
 			track2.ID = "456"
 			_ = ds.MediaFile(ctx).Put(&track2)
-			ctx = request.WithUser(context.Background(), model.User{UserName: "user-1"})
+			ctx = request.WithUser(GinkgoT().Context(), model.User{UserName: "user-1"})
 			_ = tracker.NowPlaying(ctx, "player-1", "player-one", "123", 0)
-			ctx = request.WithUser(context.Background(), model.User{UserName: "user-2"})
+			ctx = request.WithUser(GinkgoT().Context(), model.User{UserName: "user-2"})
 			_ = tracker.NowPlaying(ctx, "player-2", "player-two", "456", 0)

 			playing, err := tracker.GetNowPlaying(ctx)
@@ -210,7 +238,7 @@ var _ = Describe("PlayTracker", func() {

 			Expect(err).ToNot(HaveOccurred())
 			Expect(fake.ScrobbleCalled.Load()).To(BeTrue())
-			Expect(fake.UserID).To(Equal("u-1"))
+			Expect(fake.GetUserID()).To(Equal("u-1"))
 			lastScrobble := fake.LastScrobble.Load()
 			Expect(lastScrobble.TimeStamp).To(BeTemporally("~", ts, 1*time.Second))
 			Expect(lastScrobble.ID).To(Equal("123"))
@@ -274,49 +302,82 @@ var _ = Describe("PlayTracker", func() {
 			Expect(artist1.PlayCount).To(Equal(int64(1)))
 			Expect(artist2.PlayCount).To(Equal(int64(1)))
 		})
+
+		Context("Scrobble History", func() {
+			It("records scrobble in repository", func() {
+				conf.Server.EnableScrobbleHistory = true
+				ctx = request.WithUser(ctx, model.User{ID: "u-1", UserName: "user-1"})
+				ts := time.Now()
+
+				err := tracker.Submit(ctx, []Submission{{TrackID: "123", Timestamp: ts}})
+
+				Expect(err).ToNot(HaveOccurred())
+
+				mockDS := ds.(*tests.MockDataStore)
+				mockScrobble := mockDS.Scrobble(ctx).(*tests.MockScrobbleRepo)
+				Expect(mockScrobble.RecordedScrobbles).To(HaveLen(1))
+				Expect(mockScrobble.RecordedScrobbles[0].MediaFileID).To(Equal("123"))
+				Expect(mockScrobble.RecordedScrobbles[0].UserID).To(Equal("u-1"))
+				Expect(mockScrobble.RecordedScrobbles[0].SubmissionTime).To(Equal(ts))
+			})
+
+			It("does not record scrobble when history is disabled", func() {
+				conf.Server.EnableScrobbleHistory = false
+				ctx = request.WithUser(ctx, model.User{ID: "u-1", UserName: "user-1"})
+				ts := time.Now()
+
+				err := tracker.Submit(ctx, []Submission{{TrackID: "123", Timestamp: ts}})
+
+				Expect(err).ToNot(HaveOccurred())
+				mockDS := ds.(*tests.MockDataStore)
+				mockScrobble := mockDS.Scrobble(ctx).(*tests.MockScrobbleRepo)
+				Expect(mockScrobble.RecordedScrobbles).To(HaveLen(0))
+			})
+		})
 	})

 	Describe("Plugin scrobbler logic", func() {
 		var pluginLoader *mockPluginLoader
-		var pluginFake fakeScrobbler
+		var pluginFake *fakeScrobbler

 		BeforeEach(func() {
-			pluginFake = fakeScrobbler{Authorized: true}
+			pluginFake = &fakeScrobbler{Authorized: true}
 			pluginLoader = &mockPluginLoader{
 				names:      []string{"plugin1"},
-				scrobblers: map[string]Scrobbler{"plugin1": &pluginFake},
+				scrobblers: map[string]Scrobbler{"plugin1": pluginFake},
 			}
 			tracker = newPlayTracker(ds, events.GetBroker(), pluginLoader)

 			// Bypass buffering for both built-in and plugin scrobblers
-			tracker.(*playTracker).builtinScrobblers["fake"] = &fake
-			tracker.(*playTracker).pluginScrobblers["plugin1"] = &pluginFake
+			tracker.(*playTracker).builtinScrobblers["fake"] = fake
+			tracker.(*playTracker).pluginScrobblers["plugin1"] = pluginFake
 		})

 		It("registers and uses plugin scrobbler for NowPlaying", func() {
 			err := tracker.NowPlaying(ctx, "player-1", "player-one", "123", 0)
 			Expect(err).ToNot(HaveOccurred())
-			Expect(pluginFake.NowPlayingCalled).To(BeTrue())
+			Eventually(func() bool { return pluginFake.GetNowPlayingCalled() }).Should(BeTrue())
 		})

 		It("removes plugin scrobbler if not present anymore", func() {
 			// First call: plugin present
 			_ = tracker.NowPlaying(ctx, "player-1", "player-one", "123", 0)
-			Expect(pluginFake.NowPlayingCalled).To(BeTrue())
-			pluginFake.NowPlayingCalled = false
+			Eventually(func() bool { return pluginFake.GetNowPlayingCalled() }).Should(BeTrue())
+			pluginFake.nowPlayingCalled.Store(false)
 			// Remove plugin
-			pluginLoader.names = []string{}
+			pluginLoader.SetNames([]string{})
 			_ = tracker.NowPlaying(ctx, "player-1", "player-one", "123", 0)
-			Expect(pluginFake.NowPlayingCalled).To(BeFalse())
+			// Should not be called since plugin was removed
+			Consistently(func() bool { return pluginFake.GetNowPlayingCalled() }).Should(BeFalse())
 		})

 		It("calls both builtin and plugin scrobblers for NowPlaying", func() {
-			fake.NowPlayingCalled = false
-			pluginFake.NowPlayingCalled = false
+			fake.nowPlayingCalled.Store(false)
+			pluginFake.nowPlayingCalled.Store(false)
 			err := tracker.NowPlaying(ctx, "player-1", "player-one", "123", 0)
 			Expect(err).ToNot(HaveOccurred())
-			Expect(fake.NowPlayingCalled).To(BeTrue())
-			Expect(pluginFake.NowPlayingCalled).To(BeTrue())
+			Eventually(func() bool { return fake.GetNowPlayingCalled() }).Should(BeTrue())
+			Eventually(func() bool { return pluginFake.GetNowPlayingCalled() }).Should(BeTrue())
 		})

 		It("calls plugin scrobbler for Submit", func() {
@@ -334,7 +395,7 @@ var _ = Describe("PlayTracker", func() {
 		var mockedBS *mockBufferedScrobbler

 		BeforeEach(func() {
-			ctx = context.Background()
+			ctx = GinkgoT().Context()
 			ctx = request.WithUser(ctx, model.User{ID: "u-1"})
 			ctx = request.WithPlayer(ctx, model.Player{ScrobbleEnabled: true})
 			ds = &tests.MockDataStore{}
@@ -359,7 +420,7 @@ var _ = Describe("PlayTracker", func() {

 		It("calls Stop on scrobblers when removing them", func() {
 			// Change the plugin names to simulate a plugin being removed
-			mockPlugin.names = []string{}
+			mockPlugin.SetNames([]string{})

 			// Call refreshPluginScrobblers which should detect the removed plugin
 			pTracker.refreshPluginScrobblers()
@@ -375,32 +436,69 @@ var _ = Describe("PlayTracker", func() {

 type fakeScrobbler struct {
 	Authorized       bool
-	NowPlayingCalled bool
+	nowPlayingCalled atomic.Bool
 	ScrobbleCalled   atomic.Bool
-	UserID           string
-	Track            *model.MediaFile
-	Position         int
+	userID           atomic.Pointer[string]
+	username         atomic.Pointer[string]
+	track            atomic.Pointer[model.MediaFile]
+	position         atomic.Int32
 	LastScrobble     atomic.Pointer[Scrobble]
 	Error            error
 }

+func (f *fakeScrobbler) GetNowPlayingCalled() bool {
+	return f.nowPlayingCalled.Load()
+}
+
+func (f *fakeScrobbler) GetUserID() string {
+	if p := f.userID.Load(); p != nil {
+		return *p
+	}
+	return ""
+}
+
+func (f *fakeScrobbler) GetTrack() *model.MediaFile {
+	return f.track.Load()
+}
+
+func (f *fakeScrobbler) GetPosition() int {
+	return int(f.position.Load())
+}
+
+func (f *fakeScrobbler) GetUsername() string {
+	if p := f.username.Load(); p != nil {
+		return *p
+	}
+	return ""
+}
+
 func (f *fakeScrobbler) IsAuthorized(ctx context.Context, userId string) bool {
 	return f.Error == nil && f.Authorized
 }

 func (f *fakeScrobbler) NowPlaying(ctx context.Context, userId string, track *model.MediaFile, position int) error {
-	f.NowPlayingCalled = true
+	f.nowPlayingCalled.Store(true)
 	if f.Error != nil {
 		return f.Error
 	}
-	f.UserID = userId
-	f.Track = track
-	f.Position = position
+	f.userID.Store(&userId)
+	// Capture username from context (this is what plugin scrobblers do)
+	username, _ := request.UsernameFrom(ctx)
+	if username == "" {
+		if u, ok := request.UserFrom(ctx); ok {
+			username = u.UserName
+		}
+	}
+	if username != "" {
+		f.username.Store(&username)
+	}
+	f.track.Store(track)
+	f.position.Store(int32(position))
 	return nil
 }

 func (f *fakeScrobbler) Scrobble(ctx context.Context, userId string, s Scrobble) error {
-	f.UserID = userId
+	f.userID.Store(&userId)
 	f.LastScrobble.Store(&s)
 	f.ScrobbleCalled.Store(true)
 	if f.Error != nil {
--- a/db/migrations/20251206013022_create_scrobbles_table.sql
+++ b/db/migrations/20251206013022_create_scrobbles_table.sql
@@ -0,0 +1,20 @@
+-- +goose Up
+-- +goose StatementBegin
+CREATE TABLE scrobbles(
+    media_file_id VARCHAR(255) NOT NULL
+        REFERENCES media_file(id)
+            ON DELETE CASCADE
+            ON UPDATE CASCADE,
+    user_id VARCHAR(255) NOT NULL 
+        REFERENCES user(id)
+            ON DELETE CASCADE
+            ON UPDATE CASCADE,
+    submission_time INTEGER NOT NULL
+);
+CREATE INDEX scrobbles_date ON scrobbles (submission_time);
+-- +goose StatementEnd
+
+-- +goose Down
+-- +goose StatementBegin
+DROP TABLE scrobbles;
+-- +goose StatementEnd
--- a/db/migrations/20251227192712_create_plugin_table.sql
+++ b/db/migrations/20251227192712_create_plugin_table.sql
@@ -0,0 +1,15 @@
+-- +goose Up
+CREATE TABLE IF NOT EXISTS plugin (
+    id TEXT PRIMARY KEY,
+    path TEXT NOT NULL,
+    manifest TEXT NOT NULL,
+    config TEXT,
+    enabled INTEGER NOT NULL DEFAULT 0,
+    last_error TEXT,
+    sha256 TEXT NOT NULL,
+    created_at DATETIME NOT NULL,
+    updated_at DATETIME NOT NULL
+);
+
+-- +goose Down
+DROP TABLE IF EXISTS plugin;
--- a/go.mod
+++ b/go.mod
@@ -21,6 +21,7 @@ require (
 	github.com/djherbis/stream v1.4.0
 	github.com/djherbis/times v1.6.0
 	github.com/dustin/go-humanize v1.0.1
+	github.com/extism/go-sdk v1.7.1
 	github.com/fatih/structs v1.1.0
 	github.com/go-chi/chi/v5 v5.2.3
 	github.com/go-chi/cors v1.2.2
@@ -36,16 +37,15 @@ require (
 	github.com/jellydator/ttlcache/v3 v3.4.0
 	github.com/kardianos/service v1.2.4
 	github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51
-	github.com/knqyf263/go-plugin v0.9.0
 	github.com/kr/pretty v0.3.1
 	github.com/lestrrat-go/jwx/v2 v2.1.6
-	github.com/maruel/natural v1.2.1
+	github.com/maruel/natural v1.3.0
 	github.com/matoous/go-nanoid/v2 v2.1.0
 	github.com/mattn/go-sqlite3 v1.14.32
 	github.com/microcosm-cc/bluemonday v1.0.27
 	github.com/mileusna/useragent v1.3.5
-	github.com/onsi/ginkgo/v2 v2.27.2
-	github.com/onsi/gomega v1.38.2
+	github.com/onsi/ginkgo/v2 v2.27.3
+	github.com/onsi/gomega v1.38.3
 	github.com/pelletier/go-toml/v2 v2.2.4
 	github.com/pocketbase/dbx v1.11.0
 	github.com/pressly/goose/v3 v3.26.0
@@ -54,21 +54,20 @@ require (
 	github.com/robfig/cron/v3 v3.0.1
 	github.com/sabhiram/go-gitignore v0.0.0-20210923224102-525f6e181f06
 	github.com/sirupsen/logrus v1.9.3
-	github.com/spf13/cobra v1.10.1
+	github.com/spf13/cobra v1.10.2
 	github.com/spf13/viper v1.21.0
 	github.com/stretchr/testify v1.11.1
-	github.com/tetratelabs/wazero v1.10.1
+	github.com/tetratelabs/wazero v1.11.0
 	github.com/unrolled/secure v1.17.0
 	github.com/xrash/smetrics v0.0.0-20250705151800-55b8f293f342
 	go.uber.org/goleak v1.3.0
-	golang.org/x/exp v0.0.0-20251113190631-e25ba8c21ef6
-	golang.org/x/image v0.33.0
-	golang.org/x/net v0.47.0
-	golang.org/x/sync v0.18.0
-	golang.org/x/sys v0.38.0
-	golang.org/x/text v0.31.0
+	golang.org/x/image v0.34.0
+	golang.org/x/net v0.48.0
+	golang.org/x/sync v0.19.0
+	golang.org/x/sys v0.39.0
+	golang.org/x/term v0.38.0
+	golang.org/x/text v0.32.0
 	golang.org/x/time v0.14.0
-	google.golang.org/protobuf v1.36.10
 	gopkg.in/yaml.v3 v3.0.1
 )

@@ -83,17 +82,20 @@ require (
 	github.com/creack/pty v1.1.11 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/decred/dcrd/dcrec/secp256k1/v4 v4.4.0 // indirect
+	github.com/dylibso/observe-sdk/go v0.0.0-20240819160327-2d926c5d788a // indirect
 	github.com/fsnotify/fsnotify v1.9.0 // indirect
 	github.com/go-logr/logr v1.4.3 // indirect
 	github.com/go-task/slim-sprig/v3 v3.0.0 // indirect
 	github.com/go-viper/mapstructure/v2 v2.4.0 // indirect
+	github.com/gobwas/glob v0.2.3 // indirect
 	github.com/goccy/go-json v0.10.5 // indirect
 	github.com/goccy/go-yaml v1.18.0 // indirect
 	github.com/google/go-cmp v0.7.0 // indirect
-	github.com/google/pprof v0.0.0-20251114195745-4902fdda35c8 // indirect
+	github.com/google/pprof v0.0.0-20251213031049-b05bdaca462f // indirect
 	github.com/google/subcommands v1.2.0 // indirect
 	github.com/gorilla/css v1.0.1 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
+	github.com/ianlancetaylor/demangle v0.0.0-20250417193237-f615e6bd150b // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/klauspost/cpuid/v2 v2.3.0 // indirect
 	github.com/kr/text v0.2.0 // indirect
@@ -124,14 +126,18 @@ require (
 	github.com/spf13/pflag v1.0.10 // indirect
 	github.com/stretchr/objx v0.5.2 // indirect
 	github.com/subosito/gotenv v1.6.0 // indirect
+	github.com/tetratelabs/wabin v0.0.0-20230304001439-f6f874872834 // indirect
 	github.com/zeebo/xxh3 v1.0.2 // indirect
+	go.opentelemetry.io/proto/otlp v1.3.1 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
 	go.yaml.in/yaml/v2 v2.4.2 // indirect
 	go.yaml.in/yaml/v3 v3.0.4 // indirect
-	golang.org/x/crypto v0.45.0 // indirect
-	golang.org/x/mod v0.30.0 // indirect
-	golang.org/x/telemetry v0.0.0-20251111182119-bc8e575c7b54 // indirect
-	golang.org/x/tools v0.39.0 // indirect
+	golang.org/x/crypto v0.46.0 // indirect
+	golang.org/x/exp v0.0.0-20251209150349-8475f28825e9 // indirect
+	golang.org/x/mod v0.31.0 // indirect
+	golang.org/x/telemetry v0.0.0-20251203150158-8fff8a5912fc // indirect
+	golang.org/x/tools v0.40.0 // indirect
+	google.golang.org/protobuf v1.36.11 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/natefinch/npipe.v2 v2.0.0-20160621034901-c1b8fa8bdcce // indirect
 )
--- a/go.sum
+++ b/go.sum
@@ -55,6 +55,10 @@ github.com/djherbis/times v1.6.0 h1:w2ctJ92J8fBvWPxugmXIv7Nz7Q3iDMKNx9v5ocVH20c=
 github.com/djherbis/times v1.6.0/go.mod h1:gOHeRAz2h+VJNZ5Gmc/o7iD9k4wW7NMVqieYCY99oc0=
 github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY=
 github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto=
+github.com/dylibso/observe-sdk/go v0.0.0-20240819160327-2d926c5d788a h1:UwSIFv5g5lIvbGgtf3tVwC7Ky9rmMFBp0RMs+6f6YqE=
+github.com/dylibso/observe-sdk/go v0.0.0-20240819160327-2d926c5d788a/go.mod h1:C8DzXehI4zAbrdlbtOByKX6pfivJTBiV9Jjqv56Yd9Q=
+github.com/extism/go-sdk v1.7.1 h1:lWJos6uY+tRFdlIHR+SJjwFDApY7OypS/2nMhiVQ9Sw=
+github.com/extism/go-sdk v1.7.1/go.mod h1:IT+Xdg5AZM9hVtpFUA+uZCJMge/hbvshl8bwzLtFyKA=
 github.com/fatih/structs v1.1.0 h1:Q7juDM0QtcnhCpeyLGQKyg4TOIghuNXrkL32pHAUMxo=
 github.com/fatih/structs v1.1.0/go.mod h1:9NiDSp5zOcgEDl+j00MP/WkGVPOlPRLejGD8Ga6PJ7M=
 github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8=
@@ -87,6 +91,8 @@ github.com/go-viper/encoding/ini v0.1.1 h1:MVWY7B2XNw7lnOqHutGRc97bF3rP7omOdgjdM
 github.com/go-viper/encoding/ini v0.1.1/go.mod h1:Pfi4M2V1eAGJVZ5q6FrkHPhtHED2YgLlXhvgMVrB+YQ=
 github.com/go-viper/mapstructure/v2 v2.4.0 h1:EBsztssimR/CONLSZZ04E8qAkxNYq4Qp9LvH92wZUgs=
 github.com/go-viper/mapstructure/v2 v2.4.0/go.mod h1:oJDH3BJKyqBA2TXFhDsKDGDTlndYOZ6rGS0BRZIxGhM=
+github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y=
+github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8=
 github.com/goccy/go-json v0.10.5 h1:Fq85nIqj+gXn/S5ahsiTlK3TmC85qgirsdTP/+DeaC4=
 github.com/goccy/go-json v0.10.5/go.mod h1:oq7eo15ShAhp70Anwd5lgX2pLfOS3QCiwU/PULtXL6M=
 github.com/goccy/go-yaml v1.18.0 h1:8W7wMFS12Pcas7KU+VVkaiCng+kG8QiFeFwzFb+rwuw=
@@ -99,8 +105,8 @@ github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
 github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU=
 github.com/google/go-pipeline v0.0.0-20230411140531-6cbedfc1d3fc h1:hd+uUVsB1vdxohPneMrhGH2YfQuH5hRIK9u4/XCeUtw=
 github.com/google/go-pipeline v0.0.0-20230411140531-6cbedfc1d3fc/go.mod h1:SL66SJVysrh7YbDCP9tH30b8a9o/N2HeiQNUm85EKhc=
-github.com/google/pprof v0.0.0-20251114195745-4902fdda35c8 h1:3DsUAV+VNEQa2CUVLxCY3f87278uWfIDhJnbdvDjvmE=
-github.com/google/pprof v0.0.0-20251114195745-4902fdda35c8/go.mod h1:I6V7YzU0XDpsHqbsyrghnFZLO1gwK6NPTNvmetQIk9U=
+github.com/google/pprof v0.0.0-20251213031049-b05bdaca462f h1:HU1RgM6NALf/KW9HEY6zry3ADbDKcmpQ+hJedoNGQYQ=
+github.com/google/pprof v0.0.0-20251213031049-b05bdaca462f/go.mod h1:67FPmZWbr+KDT/VlpWtw6sO9XSjpJmLuHpoLmWiTGgY=
 github.com/google/subcommands v1.2.0 h1:vWQspBTo2nEqTUFita5/KeEWlUL8kQObDFbub/EN9oE=
 github.com/google/subcommands v1.2.0/go.mod h1:ZjhPrFU+Olkh9WazFPsl27BQ4UPiG37m3yTrtFlrHVk=
 github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
@@ -118,6 +124,8 @@ github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY
 github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
 github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo=
 github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM=
+github.com/ianlancetaylor/demangle v0.0.0-20250417193237-f615e6bd150b h1:ogbOPx86mIhFy764gGkqnkFC8m5PJA7sPzlk9ppLVQA=
+github.com/ianlancetaylor/demangle v0.0.0-20250417193237-f615e6bd150b/go.mod h1:gx7rwoVhcfuVKG5uya9Hs3Sxj7EIvldVofAWIUtGouw=
 github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
 github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
 github.com/jellydator/ttlcache/v3 v3.4.0 h1:YS4P125qQS0tNhtL6aeYkheEaB/m8HCqdMMP4mnWdTY=
@@ -134,8 +142,6 @@ github.com/klauspost/compress v1.18.0 h1:c/Cqfb0r+Yi+JtIEq73FWXVkRonBlf0CRNYc8Zt
 github.com/klauspost/compress v1.18.0/go.mod h1:2Pp+KzxcywXVXMr50+X0Q/Lsb43OQHYWRCY2AiWywWQ=
 github.com/klauspost/cpuid/v2 v2.3.0 h1:S4CRMLnYUhGeDFDqkGriYKdfoFlDnMtqTiI/sFzhA9Y=
 github.com/klauspost/cpuid/v2 v2.3.0/go.mod h1:hqwkgyIinND0mEev00jJYCxPNVRVXFQeu1XKlok6oO0=
-github.com/knqyf263/go-plugin v0.9.0 h1:CQs2+lOPIlkZVtcb835ZYDEoyyWJWLbSTWeCs0EwTwI=
-github.com/knqyf263/go-plugin v0.9.0/go.mod h1:2z5lCO1/pez6qGo8CvCxSlBFSEat4MEp1DrnA+f7w8Q=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
 github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
@@ -162,8 +168,8 @@ github.com/lestrrat-go/jwx/v2 v2.1.6 h1:hxM1gfDILk/l5ylers6BX/Eq1m/pnxe9NBwW6lVf
 github.com/lestrrat-go/jwx/v2 v2.1.6/go.mod h1:Y722kU5r/8mV7fYDifjug0r8FK8mZdw0K0GpJw/l8pU=
 github.com/lestrrat-go/option v1.0.1 h1:oAzP2fvZGQKWkvHa1/SAcFolBEca1oN+mQ7eooNBEYU=
 github.com/lestrrat-go/option v1.0.1/go.mod h1:5ZHFbivi4xwXxhxY9XHDe2FHo6/Z7WWmtT7T5nBBp3I=
-github.com/maruel/natural v1.2.1 h1:G/y4pwtTA07lbQsMefvsmEO0VN0NfqpxprxXDM4R/4o=
-github.com/maruel/natural v1.2.1/go.mod h1:v+Rfd79xlw1AgVBjbO0BEQmptqb5HvL/k9GRHB7ZKEg=
+github.com/maruel/natural v1.3.0 h1:VsmCsBmEyrR46RomtgHs5hbKADGRVtliHTyCOLFBpsg=
+github.com/maruel/natural v1.3.0/go.mod h1:v+Rfd79xlw1AgVBjbO0BEQmptqb5HvL/k9GRHB7ZKEg=
 github.com/matoous/go-nanoid/v2 v2.1.0 h1:P64+dmq21hhWdtvZfEAofnvJULaRR1Yib0+PnU669bE=
 github.com/matoous/go-nanoid/v2 v2.1.0/go.mod h1:KlbGNQ+FhrUNIHUxZdL63t7tl4LaPkZNpUULS8H4uVM=
 github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
@@ -186,10 +192,10 @@ github.com/ncruces/go-strftime v0.1.9 h1:bY0MQC28UADQmHmaF5dgpLmImcShSi2kHU9XLdh
 github.com/ncruces/go-strftime v0.1.9/go.mod h1:Fwc5htZGVVkseilnfgOVb9mKy6w1naJmn9CehxcKcls=
 github.com/ogier/pflag v0.0.1 h1:RW6JSWSu/RkSatfcLtogGfFgpim5p7ARQ10ECk5O750=
 github.com/ogier/pflag v0.0.1/go.mod h1:zkFki7tvTa0tafRvTBIZTvzYyAu6kQhPZFnshFFPE+g=
-github.com/onsi/ginkgo/v2 v2.27.2 h1:LzwLj0b89qtIy6SSASkzlNvX6WktqurSHwkk2ipF/Ns=
-github.com/onsi/ginkgo/v2 v2.27.2/go.mod h1:ArE1D/XhNXBXCBkKOLkbsb2c81dQHCRcF5zwn/ykDRo=
-github.com/onsi/gomega v1.38.2 h1:eZCjf2xjZAqe+LeWvKb5weQ+NcPwX84kqJ0cZNxok2A=
-github.com/onsi/gomega v1.38.2/go.mod h1:W2MJcYxRGV63b418Ai34Ud0hEdTVXq9NW9+Sx6uXf3k=
+github.com/onsi/ginkgo/v2 v2.27.3 h1:ICsZJ8JoYafeXFFlFAG75a7CxMsJHwgKwtO+82SE9L8=
+github.com/onsi/ginkgo/v2 v2.27.3/go.mod h1:ArE1D/XhNXBXCBkKOLkbsb2c81dQHCRcF5zwn/ykDRo=
+github.com/onsi/gomega v1.38.3 h1:eTX+W6dobAYfFeGC2PV6RwXRu/MyT+cQguijutvkpSM=
+github.com/onsi/gomega v1.38.3/go.mod h1:ZCU1pkQcXDO5Sl9/VVEGlDyp+zm0m1cmeG5TOzLgdh4=
 github.com/pelletier/go-toml/v2 v2.2.4 h1:mye9XuhQ6gvn5h28+VilKrrPoQVanw5PMw/TB0t5Ec4=
 github.com/pelletier/go-toml/v2 v2.2.4/go.mod h1:2gIqNv+qfxSVS7cM2xJQKtLSTLUE9V8t9Stt+h56mCY=
 github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA=
@@ -244,8 +250,8 @@ github.com/spf13/afero v1.15.0 h1:b/YBCLWAJdFWJTN9cLhiXXcD7mzKn9Dm86dNnfyQw1I=
 github.com/spf13/afero v1.15.0/go.mod h1:NC2ByUVxtQs4b3sIUphxK0NioZnmxgyCrfzeuq8lxMg=
 github.com/spf13/cast v1.10.0 h1:h2x0u2shc1QuLHfxi+cTJvs30+ZAHOGRic8uyGTDWxY=
 github.com/spf13/cast v1.10.0/go.mod h1:jNfB8QC9IA6ZuY2ZjDp0KtFO2LZZlg4S/7bzP6qqeHo=
-github.com/spf13/cobra v1.10.1 h1:lJeBwCfmrnXthfAupyUTzJ/J4Nc1RsHC/mSRU2dll/s=
-github.com/spf13/cobra v1.10.1/go.mod h1:7SmJGaTHFVBY0jW4NXGluQoLvhqFQM+6XSKD+P4XaB0=
+github.com/spf13/cobra v1.10.2 h1:DMTTonx5m65Ic0GOoRY2c16WCbHxOOw6xxezuLaBpcU=
+github.com/spf13/cobra v1.10.2/go.mod h1:7C1pvHqHw5A4vrJfjNwvOdzYu0Gml16OCs2GRiTUUS4=
 github.com/spf13/pflag v1.0.9/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
 github.com/spf13/pflag v1.0.10 h1:4EBh2KAYBwaONj6b2Ye1GiHfwjqyROoF4RwYO+vPwFk=
 github.com/spf13/pflag v1.0.10/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
@@ -265,8 +271,10 @@ github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu
 github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U=
 github.com/subosito/gotenv v1.6.0 h1:9NlTDc1FTs4qu0DDq7AEtTPNw6SVm7uBMsUCUjABIf8=
 github.com/subosito/gotenv v1.6.0/go.mod h1:Dk4QP5c2W3ibzajGcXpNraDfq2IrhjMIvMSWPKKo0FU=
-github.com/tetratelabs/wazero v1.10.1 h1:2DugeJf6VVk58KTPszlNfeeN8AhhpwcZqkJj2wwFuH8=
-github.com/tetratelabs/wazero v1.10.1/go.mod h1:DRm5twOQ5Gr1AoEdSi0CLjDQF1J9ZAuyqFIjl1KKfQU=
+github.com/tetratelabs/wabin v0.0.0-20230304001439-f6f874872834 h1:ZF+QBjOI+tILZjBaFj3HgFonKXUcwgJ4djLb6i42S3Q=
+github.com/tetratelabs/wabin v0.0.0-20230304001439-f6f874872834/go.mod h1:m9ymHTgNSEjuxvw8E7WWe4Pl4hZQHXONY8wE6dMLaRk=
+github.com/tetratelabs/wazero v1.11.0 h1:+gKemEuKCTevU4d7ZTzlsvgd1uaToIDtlQlmNbwqYhA=
+github.com/tetratelabs/wazero v1.11.0/go.mod h1:eV28rsN8Q+xwjogd7f4/Pp4xFxO7uOGbLcD/LzB1wiU=
 github.com/tidwall/gjson v1.18.0 h1:FIDeeyB800efLX89e5a8Y0BNH+LOngJyGrIWxG2FKQY=
 github.com/tidwall/gjson v1.18.0/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk=
 github.com/tidwall/match v1.1.1 h1:+Ho715JplO36QYgwN9PGYNhgZvoUSc9X2c80KVTi+GA=
@@ -284,6 +292,8 @@ github.com/zeebo/assert v1.3.0 h1:g7C04CbJuIDKNPFHmsk4hwZDO5O+kntRxzaUoNXj+IQ=
 github.com/zeebo/assert v1.3.0/go.mod h1:Pq9JiuJQpG8JLJdtkwrJESF0Foym2/D9XMU5ciN/wJ0=
 github.com/zeebo/xxh3 v1.0.2 h1:xZmwmqxHZA8AI603jOQ0tMqmBr9lPeFwGg6d+xy9DC0=
 github.com/zeebo/xxh3 v1.0.2/go.mod h1:5NWz9Sef7zIDm2JHfFlcQvNekmcEl9ekUZQQKCYaDcA=
+go.opentelemetry.io/proto/otlp v1.3.1 h1:TrMUixzpM0yuc/znrFTP9MMRh8trP93mkCiDVeXrui0=
+go.opentelemetry.io/proto/otlp v1.3.1/go.mod h1:0X1WI4de4ZsLrrJNLAQbFeLCm3T7yBkR0XqQ7niQU+8=
 go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
 go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
 go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
@@ -298,20 +308,20 @@ golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliY
 golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
 golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8=
 golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk=
-golang.org/x/crypto v0.45.0 h1:jMBrvKuj23MTlT0bQEOBcAE0mjg8mK9RXFhRH6nyF3Q=
-golang.org/x/crypto v0.45.0/go.mod h1:XTGrrkGJve7CYK7J8PEww4aY7gM3qMCElcJQ8n8JdX4=
-golang.org/x/exp v0.0.0-20251113190631-e25ba8c21ef6 h1:zfMcR1Cs4KNuomFFgGefv5N0czO2XZpUbxGUy8i8ug0=
-golang.org/x/exp v0.0.0-20251113190631-e25ba8c21ef6/go.mod h1:46edojNIoXTNOhySWIWdix628clX9ODXwPsQuG6hsK0=
+golang.org/x/crypto v0.46.0 h1:cKRW/pmt1pKAfetfu+RCEvjvZkA9RimPbh7bhFjGVBU=
+golang.org/x/crypto v0.46.0/go.mod h1:Evb/oLKmMraqjZ2iQTwDwvCtJkczlDuTmdJXoZVzqU0=
+golang.org/x/exp v0.0.0-20251209150349-8475f28825e9 h1:MDfG8Cvcqlt9XXrmEiD4epKn7VJHZO84hejP9Jmp0MM=
+golang.org/x/exp v0.0.0-20251209150349-8475f28825e9/go.mod h1:EPRbTFwzwjXj9NpYyyrvenVh9Y+GFeEvMNh7Xuz7xgU=
 golang.org/x/image v0.0.0-20191009234506-e7c1f5e7dbb8/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
-golang.org/x/image v0.33.0 h1:LXRZRnv1+zGd5XBUVRFmYEphyyKJjQjCRiOuAP3sZfQ=
-golang.org/x/image v0.33.0/go.mod h1:DD3OsTYT9chzuzTQt+zMcOlBHgfoKQb1gry8p76Y1sc=
+golang.org/x/image v0.34.0 h1:33gCkyw9hmwbZJeZkct8XyR11yH889EQt/QH4VmXMn8=
+golang.org/x/image v0.34.0/go.mod h1:2RNFBZRB+vnwwFil8GkMdRvrJOFd1AzdZI6vOY+eJVU=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
 golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/mod v0.15.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
-golang.org/x/mod v0.30.0 h1:fDEXFVZ/fmCKProc/yAXXUijritrDzahmwwefnjoPFk=
-golang.org/x/mod v0.30.0/go.mod h1:lAsf5O2EvJeSFMiBxXDki7sCgAxEUcZHXoXMKT4GJKc=
+golang.org/x/mod v0.31.0 h1:HaW9xtz0+kOcWKwli0ZXy79Ix+UW/vOfmWI5QVd2tgI=
+golang.org/x/mod v0.31.0/go.mod h1:43JraMp9cGx1Rx3AqioxrbrhNsLl2l/iNAvuBkrezpg=
 golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
@@ -323,8 +333,8 @@ golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk=
 golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
 golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM=
 golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4=
-golang.org/x/net v0.47.0 h1:Mx+4dIFzqraBXUugkia1OOvlD6LemFo1ALMHjrXDOhY=
-golang.org/x/net v0.47.0/go.mod h1:/jNxtkgq5yWUGYkaZGqo27cfGZ1c5Nen03aYrrKpVRU=
+golang.org/x/net v0.48.0 h1:zyQRTTrjc33Lhh0fBgT/H3oZq9WuvRR5gPC70xpDiQU=
+golang.org/x/net v0.48.0/go.mod h1:+ndRgGjkh8FGtu1w1FGbEC31if4VrNVMuKTgcAAnQRY=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -332,8 +342,8 @@ golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
 golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
-golang.org/x/sync v0.18.0 h1:kr88TuHDroi+UVf+0hZnirlk8o8T+4MrK6mr60WkH/I=
-golang.org/x/sync v0.18.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
+golang.org/x/sync v0.19.0 h1:vV+1eWNmZ5geRlYjzm2adRgW2/mcpevXNg50YZtPCE4=
+golang.org/x/sync v0.19.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
 golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180926160741-c2ed4eda69e7/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -350,11 +360,11 @@ golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/sys v0.38.0 h1:3yZWxaJjBmCWXqhN1qh02AkOnCQ1poK6oF+a7xWL6Gc=
-golang.org/x/sys v0.38.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
+golang.org/x/sys v0.39.0 h1:CvCKL8MeisomCi6qNZ+wbb0DN9E5AATixKsvNtMoMFk=
+golang.org/x/sys v0.39.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
 golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE=
-golang.org/x/telemetry v0.0.0-20251111182119-bc8e575c7b54 h1:E2/AqCUMZGgd73TQkxUMcMla25GB9i/5HOdLr+uH7Vo=
-golang.org/x/telemetry v0.0.0-20251111182119-bc8e575c7b54/go.mod h1:hKdjCMrbv9skySur+Nek8Hd0uJ0GuxJIoIX2payrIdQ=
+golang.org/x/telemetry v0.0.0-20251203150158-8fff8a5912fc h1:bH6xUXay0AIFMElXG2rQ4uiE+7ncwtiOdPfYK1NK2XA=
+golang.org/x/telemetry v0.0.0-20251203150158-8fff8a5912fc/go.mod h1:hKdjCMrbv9skySur+Nek8Hd0uJ0GuxJIoIX2payrIdQ=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
@@ -363,6 +373,8 @@ golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU=
 golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk=
 golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY=
 golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM=
+golang.org/x/term v0.38.0 h1:PQ5pkm/rLO6HnxFR7N2lJHOZX6Kez5Y1gDSJla6jo7Q=
+golang.org/x/term v0.38.0/go.mod h1:bSEAKrOT1W+VSu9TSCMtoGEOUcKxOKgl3LE5QEF/xVg=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
@@ -373,8 +385,8 @@ golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
-golang.org/x/text v0.31.0 h1:aC8ghyu4JhP8VojJ2lEHBnochRno1sgL6nEi9WGFGMM=
-golang.org/x/text v0.31.0/go.mod h1:tKRAlv61yKIjGGHX/4tP1LTbc13YSec1pxVEWXzfoeM=
+golang.org/x/text v0.32.0 h1:ZD01bjUt1FQ9WJ0ClOL5vxgxOI/sVCNgX1YtKwcY0mU=
+golang.org/x/text v0.32.0/go.mod h1:o/rUWzghvpD5TXrTIBuJU77MTaN0ljMWE47kxGJQ7jY=
 golang.org/x/time v0.14.0 h1:MRx4UaLrDotUKUdCIqzPC48t1Y9hANFKIRpNx+Te8PI=
 golang.org/x/time v0.14.0/go.mod h1:eL/Oa2bBBK0TkX57Fyni+NgnyQQN4LitPmob2Hjnqw4=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
@@ -384,12 +396,12 @@ golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc
 golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
 golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58=
 golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk=
-golang.org/x/tools v0.39.0 h1:ik4ho21kwuQln40uelmciQPp9SipgNDdrafrYA4TmQQ=
-golang.org/x/tools v0.39.0/go.mod h1:JnefbkDPyD8UU2kI5fuf8ZX4/yUeh9W877ZeBONxUqQ=
+golang.org/x/tools v0.40.0 h1:yLkxfA+Qnul4cs9QA3KnlFu0lVmd8JJfoq+E41uSutA=
+golang.org/x/tools v0.40.0/go.mod h1:Ik/tzLRlbscWpqqMRjyWYDisX8bG13FrdXp3o4Sr9lc=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
-google.golang.org/protobuf v1.36.10 h1:AYd7cD/uASjIL6Q9LiTjz8JLcrh/88q5UObnmY3aOOE=
-google.golang.org/protobuf v1.36.10/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco=
+google.golang.org/protobuf v1.36.11 h1:fV6ZwhNocDyBLK0dj+fg8ektcVegBBuEolpbTQyBNVE=
+google.golang.org/protobuf v1.36.11/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
--- a/log/log.go
+++ b/log/log.go
@@ -29,8 +29,8 @@ var redacted = &Hook{
 		"(Secret:\")[\\w]*",
 		"(Spotify.*ID:\")[\\w]*",
 		"(PasswordEncryptionKey:[\\s]*\")[^\"]*",
-		"(ReverseProxyUserHeader:[\\s]*\")[^\"]*",
-		"(ReverseProxyWhitelist:[\\s]*\")[^\"]*",
+		"(UserHeader:[\\s]*\")[^\"]*",
+		"(TrustedSources:[\\s]*\")[^\"]*",
 		"(MetricsPath:[\\s]*\")[^\"]*",
 		"(DevAutoCreateAdminPassword:[\\s]*\")[^\"]*",
 		"(DevAutoLoginUsername:[\\s]*\")[^\"]*",
@@ -88,11 +88,11 @@ func SetLevel(l Level) {
 }

 func SetLevelString(l string) {
-	level := levelFromString(l)
+	level := ParseLogLevel(l)
 	SetLevel(level)
 }

-func levelFromString(l string) Level {
+func ParseLogLevel(l string) Level {
 	envLevel := strings.ToLower(l)
 	var level Level
 	switch envLevel {
@@ -118,7 +118,7 @@ func SetLogLevels(levels map[string]string) {
 	defer loggerMu.Unlock()
 	logLevels = nil
 	for k, v := range levels {
-		logLevels = append(logLevels, levelPath{path: k, level: levelFromString(v)})
+		logLevels = append(logLevels, levelPath{path: k, level: ParseLogLevel(v)})
 	}
 	sort.Slice(logLevels, func(i, j int) bool {
 		return logLevels[i].path > logLevels[j].path
@@ -185,31 +185,31 @@ func IsGreaterOrEqualTo(level Level) bool {
 }

 func Fatal(args ...interface{}) {
-	log(LevelFatal, args...)
+	Log(LevelFatal, args...)
 	os.Exit(1)
 }

 func Error(args ...interface{}) {
-	log(LevelError, args...)
+	Log(LevelError, args...)
 }

 func Warn(args ...interface{}) {
-	log(LevelWarn, args...)
+	Log(LevelWarn, args...)
 }

 func Info(args ...interface{}) {
-	log(LevelInfo, args...)
+	Log(LevelInfo, args...)
 }

 func Debug(args ...interface{}) {
-	log(LevelDebug, args...)
+	Log(LevelDebug, args...)
 }

 func Trace(args ...interface{}) {
-	log(LevelTrace, args...)
+	Log(LevelTrace, args...)
 }

-func log(level Level, args ...interface{}) {
+func Log(level Level, args ...interface{}) {
 	if !shouldLog(level, 3) {
 		return
 	}
--- a/model/datastore.go
+++ b/model/datastore.go
@@ -38,6 +38,8 @@ type DataStore interface {
 	User(ctx context.Context) UserRepository
 	UserProps(ctx context.Context) UserPropsRepository
 	ScrobbleBuffer(ctx context.Context) ScrobbleBufferRepository
+	Scrobble(ctx context.Context) ScrobbleRepository
+	Plugin(ctx context.Context) PluginRepository

 	Resource(ctx context.Context, model interface{}) ResourceRepository

--- a/model/plugin.go
+++ b/model/plugin.go
@@ -0,0 +1,26 @@
+package model
+
+import "time"
+
+type Plugin struct {
+	ID        string    `structs:"id"         json:"id"`
+	Path      string    `structs:"path"       json:"path"`
+	Manifest  string    `structs:"manifest"   json:"manifest"`
+	Config    string    `structs:"config"     json:"config,omitempty"`
+	Enabled   bool      `structs:"enabled"    json:"enabled"`
+	LastError string    `structs:"last_error" json:"lastError,omitempty"`
+	SHA256    string    `structs:"sha256"     json:"sha256"`
+	CreatedAt time.Time `structs:"created_at" json:"createdAt"`
+	UpdatedAt time.Time `structs:"updated_at" json:"updatedAt"`
+}
+
+type Plugins []Plugin
+
+type PluginRepository interface {
+	ResourceRepository
+	CountAll(options ...QueryOptions) (int64, error)
+	Delete(id string) error
+	Get(id string) (*Plugin, error)
+	GetAll(options ...QueryOptions) (Plugins, error)
+	Put(p *Plugin) error
+}
--- a/model/scrobble.go
+++ b/model/scrobble.go
@@ -0,0 +1,13 @@
+package model
+
+import "time"
+
+type Scrobble struct {
+	MediaFileID    string
+	UserID         string
+	SubmissionTime time.Time
+}
+
+type ScrobbleRepository interface {
+	RecordScrobble(mediaFileID string, submissionTime time.Time) error
+}
--- a/model/user.go
+++ b/model/user.go
@@ -42,7 +42,9 @@ func (u User) HasLibraryAccess(libraryID int) bool {
 type Users []User

 type UserRepository interface {
+	ResourceRepository
 	CountAll(...QueryOptions) (int64, error)
+	Delete(id string) error
 	Get(id string) (*User, error)
 	Put(*User) error
 	UpdateLastLoginAt(id string) error
--- a/persistence/album_repository_test.go
+++ b/persistence/album_repository_test.go
@@ -512,6 +512,70 @@ var _ = Describe("AlbumRepository", func() {
 			// Clean up the test album created for this test
 			_, _ = albumRepo.executeSQL(squirrel.Delete("album").Where(squirrel.Eq{"id": album.ID}))
 		})
+
+		It("removes stale role associations when artist role changes", func() {
+			// Regression test for issue #4242: Composers displayed in albumartist list
+			// This happens when an artist's role changes (e.g., was both albumartist and composer,
+			// now only composer) and the old role association isn't properly removed.
+
+			// Create an artist that will have changing roles
+			artist := &model.Artist{
+				ID:              "role-change-artist-1",
+				Name:            "Role Change Artist",
+				OrderArtistName: "role change artist",
+			}
+			err := createArtistWithLibrary(artistRepo, artist, 1)
+			Expect(err).ToNot(HaveOccurred())
+
+			// Create album with artist as both albumartist and composer
+			album := &model.Album{
+				LibraryID:     1,
+				ID:            "test-album-role-change",
+				Name:          "Test Album Role Change",
+				AlbumArtistID: "role-change-artist-1",
+				AlbumArtist:   "Role Change Artist",
+				Participants: model.Participants{
+					model.RoleAlbumArtist: {
+						{Artist: model.Artist{ID: "role-change-artist-1", Name: "Role Change Artist"}},
+					},
+					model.RoleComposer: {
+						{Artist: model.Artist{ID: "role-change-artist-1", Name: "Role Change Artist"}},
+					},
+				},
+			}
+
+			err = albumRepo.Put(album)
+			Expect(err).ToNot(HaveOccurred())
+
+			// Verify initial state: artist has both albumartist and composer roles
+			expected := []albumArtistRecord{
+				{ArtistID: "role-change-artist-1", Role: "albumartist", SubRole: ""},
+				{ArtistID: "role-change-artist-1", Role: "composer", SubRole: ""},
+			}
+			verifyAlbumArtists(album.ID, expected)
+
+			// Now update album so artist is ONLY a composer (remove albumartist role)
+			album.Participants = model.Participants{
+				model.RoleComposer: {
+					{Artist: model.Artist{ID: "role-change-artist-1", Name: "Role Change Artist"}},
+				},
+			}
+
+			err = albumRepo.Put(album)
+			Expect(err).ToNot(HaveOccurred())
+
+			// Verify that the albumartist role was removed - only composer should remain
+			// This is the key test: before the fix, the albumartist role would remain
+			// causing composers to appear in the albumartist filter
+			expectedAfter := []albumArtistRecord{
+				{ArtistID: "role-change-artist-1", Role: "composer", SubRole: ""},
+			}
+			verifyAlbumArtists(album.ID, expectedAfter)
+
+			// Clean up
+			_, _ = artistRepo.executeSQL(squirrel.Delete("artist").Where(squirrel.Eq{"id": artist.ID}))
+			_, _ = albumRepo.executeSQL(squirrel.Delete("album").Where(squirrel.Eq{"id": album.ID}))
+		})
 	})
 })

--- a/persistence/folder_repository.go
+++ b/persistence/folder_repository.go
@@ -95,45 +95,82 @@ func (r folderRepository) CountAll(opt ...model.QueryOptions) (int64, error) {
 }

 func (r folderRepository) GetFolderUpdateInfo(lib model.Library, targetPaths ...string) (map[string]model.FolderUpdateInfo, error) {
+	// If no specific paths, return all folders in the library
+	if len(targetPaths) == 0 {
+		return r.getFolderUpdateInfoAll(lib)
+	}
+
+	// Check if any path is root (return all folders)
+	for _, targetPath := range targetPaths {
+		if targetPath == "" || targetPath == "." {
+			return r.getFolderUpdateInfoAll(lib)
+		}
+	}
+
+	// Process paths in batches to avoid SQLite's expression tree depth limit (max 1000).
+	// Each path generates ~3 conditions, so batch size of 100 keeps us well under the limit.
+	const batchSize = 100
+	result := make(map[string]model.FolderUpdateInfo)
+
+	for batch := range slices.Chunk(targetPaths, batchSize) {
+		batchResult, err := r.getFolderUpdateInfoBatch(lib, batch)
+		if err != nil {
+			return nil, err
+		}
+		for id, info := range batchResult {
+			result[id] = info
+		}
+	}
+
+	return result, nil
+}
+
+// getFolderUpdateInfoAll returns update info for all non-missing folders in the library
+func (r folderRepository) getFolderUpdateInfoAll(lib model.Library) (map[string]model.FolderUpdateInfo, error) {
+	where := And{
+		Eq{"library_id": lib.ID},
+		Eq{"missing": false},
+	}
+	return r.queryFolderUpdateInfo(where)
+}
+
+// getFolderUpdateInfoBatch returns update info for a batch of target paths and their descendants
+func (r folderRepository) getFolderUpdateInfoBatch(lib model.Library, targetPaths []string) (map[string]model.FolderUpdateInfo, error) {
 	where := And{
 		Eq{"library_id": lib.ID},
 		Eq{"missing": false},
 	}

-	// If specific paths are requested, include those folders and all their descendants
-	if len(targetPaths) > 0 {
-		// Collect folder IDs for exact target folders and path conditions for descendants
-		folderIDs := make([]string, 0, len(targetPaths))
-		pathConditions := make(Or, 0, len(targetPaths)*2)
+	// Collect folder IDs for exact target folders and path conditions for descendants
+	folderIDs := make([]string, 0, len(targetPaths))
+	pathConditions := make(Or, 0, len(targetPaths)*2)

-		for _, targetPath := range targetPaths {
-			if targetPath == "" || targetPath == "." {
-				// Root path - include everything in this library
-				pathConditions = Or{}
-				folderIDs = nil
-				break
-			}
-			// Clean the path to normalize it. Paths stored in the folder table do not have leading/trailing slashes.
-			cleanPath := strings.TrimPrefix(targetPath, string(os.PathSeparator))
-			cleanPath = filepath.Clean(cleanPath)
+	for _, targetPath := range targetPaths {
+		// Clean the path to normalize it. Paths stored in the folder table do not have leading/trailing slashes.
+		cleanPath := strings.TrimPrefix(targetPath, string(os.PathSeparator))
+		cleanPath = filepath.Clean(cleanPath)

-			// Include the target folder itself by ID
-			folderIDs = append(folderIDs, model.FolderID(lib, cleanPath))
+		// Include the target folder itself by ID
+		folderIDs = append(folderIDs, model.FolderID(lib, cleanPath))

-			// Include all descendants: folders whose path field equals or starts with the target path
-			// Note: Folder.Path is the directory path, so children have path = targetPath
-			pathConditions = append(pathConditions, Eq{"path": cleanPath})
-			pathConditions = append(pathConditions, Like{"path": cleanPath + "/%"})
-		}
-
-		// Combine conditions: exact folder IDs OR descendant path patterns
-		if len(folderIDs) > 0 {
-			where = append(where, Or{Eq{"id": folderIDs}, pathConditions})
-		} else if len(pathConditions) > 0 {
-			where = append(where, pathConditions)
-		}
+		// Include all descendants: folders whose path field equals or starts with the target path
+		// Note: Folder.Path is the directory path, so children have path = targetPath
+		pathConditions = append(pathConditions, Eq{"path": cleanPath})
+		pathConditions = append(pathConditions, Like{"path": cleanPath + "/%"})
 	}

+	// Combine conditions: exact folder IDs OR descendant path patterns
+	if len(folderIDs) > 0 {
+		where = append(where, Or{Eq{"id": folderIDs}, pathConditions})
+	} else if len(pathConditions) > 0 {
+		where = append(where, pathConditions)
+	}
+
+	return r.queryFolderUpdateInfo(where)
+}
+
+// queryFolderUpdateInfo executes the query and returns the result map
+func (r folderRepository) queryFolderUpdateInfo(where And) (map[string]model.FolderUpdateInfo, error) {
 	sq := r.newSelect().Columns("id", "updated_at", "hash").Where(where)
 	var res []struct {
 		ID        string
--- a/persistence/mediafile_repository.go
+++ b/persistence/mediafile_repository.go
@@ -4,6 +4,8 @@ import (
 	"context"
 	"fmt"
 	"slices"
+	"strconv"
+	"strings"
 	"sync"
 	"time"

@@ -193,12 +195,43 @@ func (r *mediaFileRepository) GetCursor(options ...model.QueryOptions) (model.Me
 	}, nil
 }

+// FindByPaths finds media files by their paths.
+// The paths can be library-qualified (format: "libraryID:path") or unqualified ("path").
+// Library-qualified paths search within the specified library, while unqualified paths
+// search across all libraries for backward compatibility.
 func (r *mediaFileRepository) FindByPaths(paths []string) (model.MediaFiles, error) {
-	sel := r.newSelect().Columns("*").Where(Eq{"path collate nocase": paths})
+	query := Or{}
+
+	for _, path := range paths {
+		parts := strings.SplitN(path, ":", 2)
+		if len(parts) == 2 {
+			// Library-qualified path: "libraryID:path"
+			libraryID, err := strconv.Atoi(parts[0])
+			if err != nil {
+				// Invalid format, skip
+				continue
+			}
+			relativePath := parts[1]
+			query = append(query, And{
+				Eq{"path collate nocase": relativePath},
+				Eq{"library_id": libraryID},
+			})
+		} else {
+			// Unqualified path: search across all libraries
+			query = append(query, Eq{"path collate nocase": path})
+		}
+	}
+
+	if len(query) == 0 {
+		return model.MediaFiles{}, nil
+	}
+
+	sel := r.newSelect().Columns("*").Where(query)
 	var res dbMediaFiles
 	if err := r.queryAll(sel, &res); err != nil {
 		return nil, err
 	}
+
 	return res.toModels(), nil
 }

--- a/persistence/persistence.go
+++ b/persistence/persistence.go
@@ -89,6 +89,14 @@ func (s *SQLStore) ScrobbleBuffer(ctx context.Context) model.ScrobbleBufferRepos
 	return NewScrobbleBufferRepository(ctx, s.getDBXBuilder())
 }

+func (s *SQLStore) Scrobble(ctx context.Context) model.ScrobbleRepository {
+	return NewScrobbleRepository(ctx, s.getDBXBuilder())
+}
+
+func (s *SQLStore) Plugin(ctx context.Context) model.PluginRepository {
+	return NewPluginRepository(ctx, s.getDBXBuilder())
+}
+
 func (s *SQLStore) Resource(ctx context.Context, m interface{}) model.ResourceRepository {
 	switch m.(type) {
 	case model.User:
@@ -113,6 +121,8 @@ func (s *SQLStore) Resource(ctx context.Context, m interface{}) model.ResourceRe
 		return s.Share(ctx).(model.ResourceRepository)
 	case model.Tag:
 		return s.Tag(ctx).(model.ResourceRepository)
+	case model.Plugin:
+		return s.Plugin(ctx).(model.ResourceRepository)
 	}
 	log.Error("Resource not implemented", "model", reflect.TypeOf(m).Name())
 	return nil
--- a/persistence/plugin_repository.go
+++ b/persistence/plugin_repository.go
@@ -0,0 +1,153 @@
+package persistence
+
+import (
+	"context"
+	"errors"
+	"time"
+
+	. "github.com/Masterminds/squirrel"
+	"github.com/deluan/rest"
+	"github.com/navidrome/navidrome/model"
+	"github.com/pocketbase/dbx"
+)
+
+type pluginRepository struct {
+	sqlRepository
+}
+
+func NewPluginRepository(ctx context.Context, db dbx.Builder) model.PluginRepository {
+	r := &pluginRepository{}
+	r.ctx = ctx
+	r.db = db
+	r.registerModel(&model.Plugin{}, map[string]filterFunc{
+		"id":      idFilter("plugin"),
+		"enabled": booleanFilter,
+	})
+	return r
+}
+
+func (r *pluginRepository) isPermitted() bool {
+	user := loggedUser(r.ctx)
+	return user.IsAdmin
+}
+
+func (r *pluginRepository) CountAll(options ...model.QueryOptions) (int64, error) {
+	if !r.isPermitted() {
+		return 0, rest.ErrPermissionDenied
+	}
+	sql := r.newSelect()
+	return r.count(sql, options...)
+}
+
+func (r *pluginRepository) Delete(id string) error {
+	if !r.isPermitted() {
+		return rest.ErrPermissionDenied
+	}
+	return r.delete(Eq{"id": id})
+}
+
+func (r *pluginRepository) Get(id string) (*model.Plugin, error) {
+	if !r.isPermitted() {
+		return nil, rest.ErrPermissionDenied
+	}
+	sel := r.newSelect().Where(Eq{"id": id}).Columns("*")
+	res := model.Plugin{}
+	err := r.queryOne(sel, &res)
+	return &res, err
+}
+
+func (r *pluginRepository) GetAll(options ...model.QueryOptions) (model.Plugins, error) {
+	if !r.isPermitted() {
+		return nil, rest.ErrPermissionDenied
+	}
+	sel := r.newSelect(options...).Columns("*")
+	res := model.Plugins{}
+	err := r.queryAll(sel, &res)
+	return res, err
+}
+
+func (r *pluginRepository) Put(plugin *model.Plugin) error {
+	if !r.isPermitted() {
+		return rest.ErrPermissionDenied
+	}
+
+	plugin.UpdatedAt = time.Now()
+
+	if plugin.ID == "" {
+		return errors.New("plugin ID cannot be empty")
+	}
+
+	// Upsert using INSERT ... ON CONFLICT for atomic operation
+	_, err := r.db.NewQuery(`
+		INSERT INTO plugin (id, path, manifest, config, enabled, last_error, sha256, created_at, updated_at)
+		VALUES ({:id}, {:path}, {:manifest}, {:config}, {:enabled}, {:last_error}, {:sha256}, {:created_at}, {:updated_at})
+		ON CONFLICT(id) DO UPDATE SET
+			path = excluded.path,
+			manifest = excluded.manifest,
+			config = excluded.config,
+			enabled = excluded.enabled,
+			last_error = excluded.last_error,
+			sha256 = excluded.sha256,
+			updated_at = excluded.updated_at
+	`).Bind(dbx.Params{
+		"id":         plugin.ID,
+		"path":       plugin.Path,
+		"manifest":   plugin.Manifest,
+		"config":     plugin.Config,
+		"enabled":    plugin.Enabled,
+		"last_error": plugin.LastError,
+		"sha256":     plugin.SHA256,
+		"created_at": time.Now(),
+		"updated_at": plugin.UpdatedAt,
+	}).Execute()
+	return err
+}
+
+func (r *pluginRepository) Count(options ...rest.QueryOptions) (int64, error) {
+	return r.CountAll(r.parseRestOptions(r.ctx, options...))
+}
+
+func (r *pluginRepository) EntityName() string {
+	return "plugin"
+}
+
+func (r *pluginRepository) NewInstance() interface{} {
+	return &model.Plugin{}
+}
+
+func (r *pluginRepository) Read(id string) (interface{}, error) {
+	return r.Get(id)
+}
+
+func (r *pluginRepository) ReadAll(options ...rest.QueryOptions) (interface{}, error) {
+	return r.GetAll(r.parseRestOptions(r.ctx, options...))
+}
+
+func (r *pluginRepository) Save(entity interface{}) (string, error) {
+	p := entity.(*model.Plugin)
+	if !r.isPermitted() {
+		return "", rest.ErrPermissionDenied
+	}
+	err := r.Put(p)
+	if errors.Is(err, model.ErrNotFound) {
+		return "", rest.ErrNotFound
+	}
+	return p.ID, err
+}
+
+func (r *pluginRepository) Update(id string, entity interface{}, cols ...string) error {
+	p := entity.(*model.Plugin)
+	p.ID = id
+	if !r.isPermitted() {
+		return rest.ErrPermissionDenied
+	}
+	err := r.Put(p)
+	if errors.Is(err, model.ErrNotFound) {
+		return rest.ErrNotFound
+	}
+	return err
+}
+
+var _ model.PluginRepository = (*pluginRepository)(nil)
+var _ rest.Repository = (*pluginRepository)(nil)
+var _ rest.Persistable = (*pluginRepository)(nil)
--- a/persistence/plugin_repository_test.go
+++ b/persistence/plugin_repository_test.go
@@ -0,0 +1,227 @@
+package persistence
+
+import (
+	"github.com/deluan/rest"
+	"github.com/navidrome/navidrome/model"
+	"github.com/navidrome/navidrome/model/request"
+	. "github.com/onsi/ginkgo/v2"
+	. "github.com/onsi/gomega"
+)
+
+var _ = Describe("PluginRepository", func() {
+	var repo model.PluginRepository
+
+	Describe("Admin User", func() {
+		BeforeEach(func() {
+			ctx := GinkgoT().Context()
+			ctx = request.WithUser(ctx, model.User{ID: "userid", UserName: "userid", IsAdmin: true})
+			repo = NewPluginRepository(ctx, GetDBXBuilder())
+
+			// Clean up any existing plugins
+			all, _ := repo.GetAll()
+			for _, p := range all {
+				_ = repo.Delete(p.ID)
+			}
+		})
+
+		AfterEach(func() {
+			// Clean up after tests
+			all, _ := repo.GetAll()
+			for _, p := range all {
+				_ = repo.Delete(p.ID)
+			}
+		})
+
+		Describe("CountAll", func() {
+			It("returns 0 when no plugins exist", func() {
+				Expect(repo.CountAll()).To(Equal(int64(0)))
+			})
+
+			It("returns the number of plugins in the DB", func() {
+				_ = repo.Put(&model.Plugin{ID: "test-plugin-1", Path: "/plugins/test1.wasm", Manifest: "{}", SHA256: "abc123"})
+				_ = repo.Put(&model.Plugin{ID: "test-plugin-2", Path: "/plugins/test2.wasm", Manifest: "{}", SHA256: "def456"})
+
+				Expect(repo.CountAll()).To(Equal(int64(2)))
+			})
+		})
+
+		Describe("Delete", func() {
+			It("deletes existing item", func() {
+				plugin := &model.Plugin{ID: "to-delete", Path: "/plugins/delete.wasm", Manifest: "{}", SHA256: "hash"}
+				_ = repo.Put(plugin)
+
+				err := repo.Delete(plugin.ID)
+				Expect(err).To(BeNil())
+
+				_, err = repo.Get(plugin.ID)
+				Expect(err).To(MatchError(model.ErrNotFound))
+			})
+		})
+
+		Describe("Get", func() {
+			It("returns an existing item", func() {
+				plugin := &model.Plugin{ID: "test-get", Path: "/plugins/test.wasm", Manifest: `{"name":"test"}`, SHA256: "hash123"}
+				_ = repo.Put(plugin)
+
+				res, err := repo.Get(plugin.ID)
+				Expect(err).To(BeNil())
+				Expect(res.ID).To(Equal(plugin.ID))
+				Expect(res.Path).To(Equal(plugin.Path))
+				Expect(res.Manifest).To(Equal(plugin.Manifest))
+			})
+
+			It("errors when missing", func() {
+				_, err := repo.Get("notanid")
+				Expect(err).To(MatchError(model.ErrNotFound))
+			})
+		})
+
+		Describe("GetAll", func() {
+			It("returns all items from the DB", func() {
+				_ = repo.Put(&model.Plugin{ID: "plugin-a", Path: "/plugins/a.wasm", Manifest: "{}", SHA256: "hash1"})
+				_ = repo.Put(&model.Plugin{ID: "plugin-b", Path: "/plugins/b.wasm", Manifest: "{}", SHA256: "hash2"})
+
+				all, err := repo.GetAll()
+				Expect(err).To(BeNil())
+				Expect(all).To(HaveLen(2))
+			})
+
+			It("supports pagination", func() {
+				_ = repo.Put(&model.Plugin{ID: "plugin-1", Path: "/plugins/1.wasm", Manifest: "{}", SHA256: "h1"})
+				_ = repo.Put(&model.Plugin{ID: "plugin-2", Path: "/plugins/2.wasm", Manifest: "{}", SHA256: "h2"})
+				_ = repo.Put(&model.Plugin{ID: "plugin-3", Path: "/plugins/3.wasm", Manifest: "{}", SHA256: "h3"})
+
+				page1, err := repo.GetAll(model.QueryOptions{Max: 2, Offset: 0, Sort: "id"})
+				Expect(err).To(BeNil())
+				Expect(page1).To(HaveLen(2))
+
+				page2, err := repo.GetAll(model.QueryOptions{Max: 2, Offset: 2, Sort: "id"})
+				Expect(err).To(BeNil())
+				Expect(page2).To(HaveLen(1))
+			})
+		})
+
+		Describe("Put", func() {
+			It("successfully creates a new plugin", func() {
+				plugin := &model.Plugin{
+					ID:       "new-plugin",
+					Path:     "/plugins/new.wasm",
+					Manifest: `{"name":"new","version":"1.0"}`,
+					Config:   `{"setting":"value"}`,
+					SHA256:   "sha256hash",
+					Enabled:  false,
+				}
+
+				err := repo.Put(plugin)
+				Expect(err).To(BeNil())
+
+				saved, err := repo.Get(plugin.ID)
+				Expect(err).To(BeNil())
+				Expect(saved.Path).To(Equal(plugin.Path))
+				Expect(saved.Manifest).To(Equal(plugin.Manifest))
+				Expect(saved.Config).To(Equal(plugin.Config))
+				Expect(saved.Enabled).To(BeFalse())
+				Expect(saved.CreatedAt).NotTo(BeZero())
+				Expect(saved.UpdatedAt).NotTo(BeZero())
+			})
+
+			It("successfully updates an existing plugin", func() {
+				plugin := &model.Plugin{
+					ID:       "update-plugin",
+					Path:     "/plugins/update.wasm",
+					Manifest: `{"name":"test"}`,
+					SHA256:   "original",
+					Enabled:  false,
+				}
+				_ = repo.Put(plugin)
+
+				plugin.Enabled = true
+				plugin.Config = `{"new":"config"}`
+				plugin.SHA256 = "updated"
+				err := repo.Put(plugin)
+				Expect(err).To(BeNil())
+
+				saved, err := repo.Get(plugin.ID)
+				Expect(err).To(BeNil())
+				Expect(saved.Enabled).To(BeTrue())
+				Expect(saved.Config).To(Equal(`{"new":"config"}`))
+				Expect(saved.SHA256).To(Equal("updated"))
+			})
+
+			It("stores and retrieves last_error", func() {
+				plugin := &model.Plugin{
+					ID:        "error-plugin",
+					Path:      "/plugins/error.wasm",
+					Manifest:  "{}",
+					SHA256:    "hash",
+					LastError: "failed to load: missing export",
+				}
+				err := repo.Put(plugin)
+				Expect(err).To(BeNil())
+
+				saved, err := repo.Get(plugin.ID)
+				Expect(err).To(BeNil())
+				Expect(saved.LastError).To(Equal("failed to load: missing export"))
+			})
+
+			It("fails when ID is empty", func() {
+				plugin := &model.Plugin{
+					Path:     "/plugins/noid.wasm",
+					Manifest: "{}",
+					SHA256:   "hash",
+				}
+				err := repo.Put(plugin)
+				Expect(err).To(HaveOccurred())
+				Expect(err.Error()).To(ContainSubstring("ID cannot be empty"))
+			})
+		})
+	})
+
+	Describe("Regular User", func() {
+		BeforeEach(func() {
+			ctx := GinkgoT().Context()
+			ctx = request.WithUser(ctx, model.User{ID: "userid", UserName: "userid", IsAdmin: false})
+			repo = NewPluginRepository(ctx, GetDBXBuilder())
+		})
+
+		Describe("CountAll", func() {
+			It("fails to count items", func() {
+				_, err := repo.CountAll()
+				Expect(err).To(Equal(rest.ErrPermissionDenied))
+			})
+		})
+
+		Describe("Delete", func() {
+			It("fails to delete items", func() {
+				err := repo.Delete("any-id")
+				Expect(err).To(Equal(rest.ErrPermissionDenied))
+			})
+		})
+
+		Describe("Get", func() {
+			It("fails to get items", func() {
+				_, err := repo.Get("any-id")
+				Expect(err).To(Equal(rest.ErrPermissionDenied))
+			})
+		})
+
+		Describe("GetAll", func() {
+			It("fails to get all items", func() {
+				_, err := repo.GetAll()
+				Expect(err).To(Equal(rest.ErrPermissionDenied))
+			})
+		})
+
+		Describe("Put", func() {
+			It("fails to create/update item", func() {
+				err := repo.Put(&model.Plugin{
+					ID:       "user-create",
+					Path:     "/plugins/create.wasm",
+					Manifest: "{}",
+					SHA256:   "hash",
+				})
+				Expect(err).To(Equal(rest.ErrPermissionDenied))
+			})
+		})
+	})
+})
--- a/persistence/scrobble_repository.go
+++ b/persistence/scrobble_repository.go
@@ -0,0 +1,34 @@
+package persistence
+
+import (
+	"context"
+	"time"
+
+	. "github.com/Masterminds/squirrel"
+	"github.com/navidrome/navidrome/model"
+	"github.com/pocketbase/dbx"
+)
+
+type scrobbleRepository struct {
+	sqlRepository
+}
+
+func NewScrobbleRepository(ctx context.Context, db dbx.Builder) model.ScrobbleRepository {
+	r := &scrobbleRepository{}
+	r.ctx = ctx
+	r.db = db
+	r.tableName = "scrobbles"
+	return r
+}
+
+func (r *scrobbleRepository) RecordScrobble(mediaFileID string, submissionTime time.Time) error {
+	userID := loggedUser(r.ctx).ID
+	values := map[string]interface{}{
+		"media_file_id":   mediaFileID,
+		"user_id":         userID,
+		"submission_time": submissionTime.Unix(),
+	}
+	insert := Insert(r.tableName).SetMap(values)
+	_, err := r.executeSQL(insert)
+	return err
+}
--- a/persistence/scrobble_repository_test.go
+++ b/persistence/scrobble_repository_test.go
@@ -0,0 +1,84 @@
+package persistence
+
+import (
+	"context"
+	"time"
+
+	"github.com/navidrome/navidrome/log"
+	"github.com/navidrome/navidrome/model"
+	"github.com/navidrome/navidrome/model/id"
+	"github.com/navidrome/navidrome/model/request"
+	. "github.com/onsi/ginkgo/v2"
+	. "github.com/onsi/gomega"
+	"github.com/pocketbase/dbx"
+)
+
+var _ = Describe("ScrobbleRepository", func() {
+	var repo model.ScrobbleRepository
+	var rawRepo sqlRepository
+	var ctx context.Context
+	var fileID string
+	var userID string
+
+	BeforeEach(func() {
+		fileID = id.NewRandom()
+		userID = id.NewRandom()
+		ctx = request.WithUser(log.NewContext(GinkgoT().Context()), model.User{ID: userID, UserName: "johndoe", IsAdmin: true})
+		db := GetDBXBuilder()
+		repo = NewScrobbleRepository(ctx, db)
+
+		rawRepo = sqlRepository{
+			ctx:       ctx,
+			tableName: "scrobbles",
+			db:        db,
+		}
+	})
+
+	AfterEach(func() {
+		_, _ = rawRepo.db.Delete("scrobbles", dbx.HashExp{"media_file_id": fileID}).Execute()
+		_, _ = rawRepo.db.Delete("media_file", dbx.HashExp{"id": fileID}).Execute()
+		_, _ = rawRepo.db.Delete("user", dbx.HashExp{"id": userID}).Execute()
+	})
+
+	Describe("RecordScrobble", func() {
+		It("records a scrobble event", func() {
+			submissionTime := time.Now().UTC()
+
+			// Insert User
+			_, err := rawRepo.db.Insert("user", dbx.Params{
+				"id":         userID,
+				"user_name":  "user",
+				"password":   "pw",
+				"created_at": time.Now(),
+				"updated_at": time.Now(),
+			}).Execute()
+			Expect(err).ToNot(HaveOccurred())
+
+			// Insert MediaFile
+			_, err = rawRepo.db.Insert("media_file", dbx.Params{
+				"id":         fileID,
+				"path":       "path",
+				"created_at": time.Now(),
+				"updated_at": time.Now(),
+			}).Execute()
+			Expect(err).ToNot(HaveOccurred())
+
+			err = repo.RecordScrobble(fileID, submissionTime)
+			Expect(err).ToNot(HaveOccurred())
+
+			// Verify insertion
+			var scrobble struct {
+				MediaFileID    string `db:"media_file_id"`
+				UserID         string `db:"user_id"`
+				SubmissionTime int64  `db:"submission_time"`
+			}
+			err = rawRepo.db.Select("*").From("scrobbles").
+				Where(dbx.HashExp{"media_file_id": fileID, "user_id": userID}).
+				One(&scrobble)
+			Expect(err).ToNot(HaveOccurred())
+			Expect(scrobble.MediaFileID).To(Equal(fileID))
+			Expect(scrobble.UserID).To(Equal(userID))
+			Expect(scrobble.SubmissionTime).To(Equal(submissionTime.Unix()))
+		})
+	})
+})
--- a/persistence/sql_participations.go
+++ b/persistence/sql_participations.go
@@ -51,8 +51,10 @@ func unmarshalParticipants(data string) (model.Participants, error) {
 }

 func (r sqlRepository) updateParticipants(itemID string, participants model.Participants) error {
-	ids := participants.AllIDs()
-	sqd := Delete(r.tableName + "_artists").Where(And{Eq{r.tableName + "_id": itemID}, NotEq{"artist_id": ids}})
+	// Delete all existing participant entries for this item.
+	// This ensures stale role associations are removed when an artist's role changes
+	// (e.g., an artist was both albumartist and composer, but is now only composer).
+	sqd := Delete(r.tableName + "_artists").Where(Eq{r.tableName + "_id": itemID})
 	_, err := r.executeSQL(sqd)
 	if err != nil {
 		return err
--- a/plugins/.gitignore
+++ b/plugins/.gitignore
@@ -0,0 +1,4 @@
+# Rust build artifacts
+# Cargo.lock is not needed for library crates (this is a cdylib)
+Cargo.lock
+target
--- a/plugins/README.md
+++ b/plugins/README.md
--- a/plugins/adapter_media_agent.go
+++ b/plugins/adapter_media_agent.go
@@ -1,166 +0,0 @@
-package plugins
-
-import (
-	"context"
-
-	"github.com/navidrome/navidrome/core/agents"
-	"github.com/navidrome/navidrome/log"
-	"github.com/navidrome/navidrome/plugins/api"
-	"github.com/tetratelabs/wazero"
-)
-
-// NewWasmMediaAgent creates a new adapter for a MetadataAgent plugin
-func newWasmMediaAgent(wasmPath, pluginID string, m *managerImpl, runtime api.WazeroNewRuntime, mc wazero.ModuleConfig) WasmPlugin {
-	loader, err := api.NewMetadataAgentPlugin(context.Background(), api.WazeroRuntime(runtime), api.WazeroModuleConfig(mc))
-	if err != nil {
-		log.Error("Error creating media metadata service plugin", "plugin", pluginID, "path", wasmPath, err)
-		return nil
-	}
-	return &wasmMediaAgent{
-		baseCapability: newBaseCapability[api.MetadataAgent, *api.MetadataAgentPlugin](
-			wasmPath,
-			pluginID,
-			CapabilityMetadataAgent,
-			m.metrics,
-			loader,
-			func(ctx context.Context, l *api.MetadataAgentPlugin, path string) (api.MetadataAgent, error) {
-				return l.Load(ctx, path)
-			},
-		),
-	}
-}
-
-// wasmMediaAgent adapts a MetadataAgent plugin to implement the agents.Interface
-type wasmMediaAgent struct {
-	*baseCapability[api.MetadataAgent, *api.MetadataAgentPlugin]
-}
-
-func (w *wasmMediaAgent) AgentName() string {
-	return w.id
-}
-
-func (w *wasmMediaAgent) mapError(err error) error {
-	if err != nil && (err.Error() == api.ErrNotFound.Error() || err.Error() == api.ErrNotImplemented.Error()) {
-		return agents.ErrNotFound
-	}
-	return err
-}
-
-// Album-related methods
-
-func (w *wasmMediaAgent) GetAlbumInfo(ctx context.Context, name, artist, mbid string) (*agents.AlbumInfo, error) {
-	res, err := callMethod(ctx, w, "GetAlbumInfo", func(inst api.MetadataAgent) (*api.AlbumInfoResponse, error) {
-		return inst.GetAlbumInfo(ctx, &api.AlbumInfoRequest{Name: name, Artist: artist, Mbid: mbid})
-	})
-	if err != nil {
-		return nil, w.mapError(err)
-	}
-	if res == nil || res.Info == nil {
-		return nil, agents.ErrNotFound
-	}
-	info := res.Info
-	return &agents.AlbumInfo{
-		Name:        info.Name,
-		MBID:        info.Mbid,
-		Description: info.Description,
-		URL:         info.Url,
-	}, nil
-}
-
-func (w *wasmMediaAgent) GetAlbumImages(ctx context.Context, name, artist, mbid string) ([]agents.ExternalImage, error) {
-	res, err := callMethod(ctx, w, "GetAlbumImages", func(inst api.MetadataAgent) (*api.AlbumImagesResponse, error) {
-		return inst.GetAlbumImages(ctx, &api.AlbumImagesRequest{Name: name, Artist: artist, Mbid: mbid})
-	})
-	if err != nil {
-		return nil, w.mapError(err)
-	}
-	return convertExternalImages(res.Images), nil
-}
-
-// Artist-related methods
-
-func (w *wasmMediaAgent) GetArtistMBID(ctx context.Context, id string, name string) (string, error) {
-	res, err := callMethod(ctx, w, "GetArtistMBID", func(inst api.MetadataAgent) (*api.ArtistMBIDResponse, error) {
-		return inst.GetArtistMBID(ctx, &api.ArtistMBIDRequest{Id: id, Name: name})
-	})
-	if err != nil {
-		return "", w.mapError(err)
-	}
-	return res.GetMbid(), nil
-}
-
-func (w *wasmMediaAgent) GetArtistURL(ctx context.Context, id, name, mbid string) (string, error) {
-	res, err := callMethod(ctx, w, "GetArtistURL", func(inst api.MetadataAgent) (*api.ArtistURLResponse, error) {
-		return inst.GetArtistURL(ctx, &api.ArtistURLRequest{Id: id, Name: name, Mbid: mbid})
-	})
-	if err != nil {
-		return "", w.mapError(err)
-	}
-	return res.GetUrl(), nil
-}
-
-func (w *wasmMediaAgent) GetArtistBiography(ctx context.Context, id, name, mbid string) (string, error) {
-	res, err := callMethod(ctx, w, "GetArtistBiography", func(inst api.MetadataAgent) (*api.ArtistBiographyResponse, error) {
-		return inst.GetArtistBiography(ctx, &api.ArtistBiographyRequest{Id: id, Name: name, Mbid: mbid})
-	})
-	if err != nil {
-		return "", w.mapError(err)
-	}
-	return res.GetBiography(), nil
-}
-
-func (w *wasmMediaAgent) GetSimilarArtists(ctx context.Context, id, name, mbid string, limit int) ([]agents.Artist, error) {
-	resp, err := callMethod(ctx, w, "GetSimilarArtists", func(inst api.MetadataAgent) (*api.ArtistSimilarResponse, error) {
-		return inst.GetSimilarArtists(ctx, &api.ArtistSimilarRequest{Id: id, Name: name, Mbid: mbid, Limit: int32(limit)})
-	})
-	if err != nil {
-		return nil, w.mapError(err)
-	}
-	artists := make([]agents.Artist, 0, len(resp.GetArtists()))
-	for _, a := range resp.GetArtists() {
-		artists = append(artists, agents.Artist{
-			Name: a.GetName(),
-			MBID: a.GetMbid(),
-		})
-	}
-	return artists, nil
-}
-
-func (w *wasmMediaAgent) GetArtistImages(ctx context.Context, id, name, mbid string) ([]agents.ExternalImage, error) {
-	resp, err := callMethod(ctx, w, "GetArtistImages", func(inst api.MetadataAgent) (*api.ArtistImageResponse, error) {
-		return inst.GetArtistImages(ctx, &api.ArtistImageRequest{Id: id, Name: name, Mbid: mbid})
-	})
-	if err != nil {
-		return nil, w.mapError(err)
-	}
-	return convertExternalImages(resp.Images), nil
-}
-
-func (w *wasmMediaAgent) GetArtistTopSongs(ctx context.Context, id, artistName, mbid string, count int) ([]agents.Song, error) {
-	resp, err := callMethod(ctx, w, "GetArtistTopSongs", func(inst api.MetadataAgent) (*api.ArtistTopSongsResponse, error) {
-		return inst.GetArtistTopSongs(ctx, &api.ArtistTopSongsRequest{Id: id, ArtistName: artistName, Mbid: mbid, Count: int32(count)})
-	})
-	if err != nil {
-		return nil, w.mapError(err)
-	}
-	songs := make([]agents.Song, 0, len(resp.GetSongs()))
-	for _, s := range resp.GetSongs() {
-		songs = append(songs, agents.Song{
-			Name: s.GetName(),
-			MBID: s.GetMbid(),
-		})
-	}
-	return songs, nil
-}
-
-// Helper function to convert ExternalImage objects from the API to the agents package
-func convertExternalImages(images []*api.ExternalImage) []agents.ExternalImage {
-	result := make([]agents.ExternalImage, 0, len(images))
-	for _, img := range images {
-		result = append(result, agents.ExternalImage{
-			URL:  img.GetUrl(),
-			Size: int(img.GetSize()),
-		})
-	}
-	return result
-}
--- a/plugins/adapter_media_agent_test.go
+++ b/plugins/adapter_media_agent_test.go
@@ -1,227 +0,0 @@
-package plugins
-
-import (
-	"context"
-	"errors"
-
-	"github.com/navidrome/navidrome/conf"
-	"github.com/navidrome/navidrome/conf/configtest"
-	"github.com/navidrome/navidrome/core/agents"
-	"github.com/navidrome/navidrome/core/metrics"
-	"github.com/navidrome/navidrome/plugins/api"
-	. "github.com/onsi/ginkgo/v2"
-	. "github.com/onsi/gomega"
-)
-
-var _ = Describe("Adapter Media Agent", func() {
-	var ctx context.Context
-	var mgr *managerImpl
-
-	BeforeEach(func() {
-		ctx = GinkgoT().Context()
-
-		// Ensure plugins folder is set to testdata
-		DeferCleanup(configtest.SetupConfig())
-		conf.Server.Plugins.Folder = testDataDir
-
-		mgr = createManager(nil, metrics.NewNoopInstance())
-		mgr.ScanPlugins()
-
-		// Wait for all plugins to compile to avoid race conditions
-		err := mgr.EnsureCompiled("multi_plugin")
-		Expect(err).NotTo(HaveOccurred(), "multi_plugin should compile successfully")
-		err = mgr.EnsureCompiled("fake_album_agent")
-		Expect(err).NotTo(HaveOccurred(), "fake_album_agent should compile successfully")
-	})
-
-	Describe("AgentName and PluginName", func() {
-		It("should return the plugin name", func() {
-			agent := mgr.LoadPlugin("multi_plugin", "MetadataAgent")
-			Expect(agent).NotTo(BeNil(), "multi_plugin should be loaded")
-			Expect(agent.PluginID()).To(Equal("multi_plugin"))
-		})
-		It("should return the agent name", func() {
-			agent, ok := mgr.LoadMediaAgent("multi_plugin")
-			Expect(ok).To(BeTrue(), "multi_plugin should be loaded as media agent")
-			Expect(agent.AgentName()).To(Equal("multi_plugin"))
-		})
-	})
-
-	Describe("Album methods", func() {
-		var agent *wasmMediaAgent
-
-		BeforeEach(func() {
-			a, ok := mgr.LoadMediaAgent("fake_album_agent")
-			Expect(ok).To(BeTrue(), "fake_album_agent should be loaded")
-			agent = a.(*wasmMediaAgent)
-		})
-
-		Context("GetAlbumInfo", func() {
-			It("should return album information", func() {
-				info, err := agent.GetAlbumInfo(ctx, "Test Album", "Test Artist", "mbid")
-
-				Expect(err).NotTo(HaveOccurred())
-				Expect(info).NotTo(BeNil())
-				Expect(info.Name).To(Equal("Test Album"))
-				Expect(info.MBID).To(Equal("album-mbid-123"))
-				Expect(info.Description).To(Equal("This is a test album description"))
-				Expect(info.URL).To(Equal("https://example.com/album"))
-			})
-
-			It("should return ErrNotFound when plugin returns not found", func() {
-				_, err := agent.GetAlbumInfo(ctx, "Test Album", "", "mbid")
-
-				Expect(err).To(Equal(agents.ErrNotFound))
-			})
-
-			It("should return ErrNotFound when plugin returns nil response", func() {
-				_, err := agent.GetAlbumInfo(ctx, "", "", "")
-
-				Expect(err).To(Equal(agents.ErrNotFound))
-			})
-		})
-
-		Context("GetAlbumImages", func() {
-			It("should return album images", func() {
-				images, err := agent.GetAlbumImages(ctx, "Test Album", "Test Artist", "mbid")
-
-				Expect(err).NotTo(HaveOccurred())
-				Expect(images).To(Equal([]agents.ExternalImage{
-					{URL: "https://example.com/album1.jpg", Size: 300},
-					{URL: "https://example.com/album2.jpg", Size: 400},
-				}))
-			})
-		})
-	})
-
-	Describe("Artist methods", func() {
-		var agent *wasmMediaAgent
-
-		BeforeEach(func() {
-			a, ok := mgr.LoadMediaAgent("fake_artist_agent")
-			Expect(ok).To(BeTrue(), "fake_artist_agent should be loaded")
-			agent = a.(*wasmMediaAgent)
-		})
-
-		Context("GetArtistMBID", func() {
-			It("should return artist MBID", func() {
-				mbid, err := agent.GetArtistMBID(ctx, "artist-id", "Test Artist")
-
-				Expect(err).NotTo(HaveOccurred())
-				Expect(mbid).To(Equal("1234567890"))
-			})
-
-			It("should return ErrNotFound when plugin returns not found", func() {
-				_, err := agent.GetArtistMBID(ctx, "artist-id", "")
-
-				Expect(err).To(Equal(agents.ErrNotFound))
-			})
-		})
-
-		Context("GetArtistURL", func() {
-			It("should return artist URL", func() {
-				url, err := agent.GetArtistURL(ctx, "artist-id", "Test Artist", "mbid")
-
-				Expect(err).NotTo(HaveOccurred())
-				Expect(url).To(Equal("https://example.com"))
-			})
-		})
-
-		Context("GetArtistBiography", func() {
-			It("should return artist biography", func() {
-				bio, err := agent.GetArtistBiography(ctx, "artist-id", "Test Artist", "mbid")
-
-				Expect(err).NotTo(HaveOccurred())
-				Expect(bio).To(Equal("This is a test biography"))
-			})
-		})
-
-		Context("GetSimilarArtists", func() {
-			It("should return similar artists", func() {
-				artists, err := agent.GetSimilarArtists(ctx, "artist-id", "Test Artist", "mbid", 10)
-
-				Expect(err).NotTo(HaveOccurred())
-				Expect(artists).To(Equal([]agents.Artist{
-					{Name: "Similar Artist 1", MBID: "mbid1"},
-					{Name: "Similar Artist 2", MBID: "mbid2"},
-				}))
-			})
-		})
-
-		Context("GetArtistImages", func() {
-			It("should return artist images", func() {
-				images, err := agent.GetArtistImages(ctx, "artist-id", "Test Artist", "mbid")
-
-				Expect(err).NotTo(HaveOccurred())
-				Expect(images).To(Equal([]agents.ExternalImage{
-					{URL: "https://example.com/image1.jpg", Size: 100},
-					{URL: "https://example.com/image2.jpg", Size: 200},
-				}))
-			})
-		})
-
-		Context("GetArtistTopSongs", func() {
-			It("should return artist top songs", func() {
-				songs, err := agent.GetArtistTopSongs(ctx, "artist-id", "Test Artist", "mbid", 10)
-
-				Expect(err).NotTo(HaveOccurred())
-				Expect(songs).To(Equal([]agents.Song{
-					{Name: "Song 1", MBID: "mbid1"},
-					{Name: "Song 2", MBID: "mbid2"},
-				}))
-			})
-		})
-	})
-
-	Describe("Helper functions", func() {
-		It("convertExternalImages should convert API image objects to agent image objects", func() {
-			apiImages := []*api.ExternalImage{
-				{Url: "https://example.com/image1.jpg", Size: 100},
-				{Url: "https://example.com/image2.jpg", Size: 200},
-			}
-
-			agentImages := convertExternalImages(apiImages)
-			Expect(agentImages).To(HaveLen(2))
-
-			for i, img := range agentImages {
-				Expect(img.URL).To(Equal(apiImages[i].Url))
-				Expect(img.Size).To(Equal(int(apiImages[i].Size)))
-			}
-		})
-
-		It("convertExternalImages should handle empty slice", func() {
-			agentImages := convertExternalImages([]*api.ExternalImage{})
-			Expect(agentImages).To(BeEmpty())
-		})
-
-		It("convertExternalImages should handle nil", func() {
-			agentImages := convertExternalImages(nil)
-			Expect(agentImages).To(BeEmpty())
-		})
-	})
-
-	Describe("Error mapping", func() {
-		var agent wasmMediaAgent
-
-		It("should map API ErrNotFound to agents.ErrNotFound", func() {
-			err := agent.mapError(api.ErrNotFound)
-			Expect(err).To(Equal(agents.ErrNotFound))
-		})
-
-		It("should map API ErrNotImplemented to agents.ErrNotFound", func() {
-			err := agent.mapError(api.ErrNotImplemented)
-			Expect(err).To(Equal(agents.ErrNotFound))
-		})
-
-		It("should pass through other errors", func() {
-			testErr := errors.New("test error")
-			err := agent.mapError(testErr)
-			Expect(err).To(Equal(testErr))
-		})
-
-		It("should handle nil error", func() {
-			err := agent.mapError(nil)
-			Expect(err).To(BeNil())
-		})
-	})
-})
--- a/plugins/adapter_scheduler_callback.go
+++ b/plugins/adapter_scheduler_callback.go
@@ -1,46 +0,0 @@
-package plugins
-
-import (
-	"context"
-
-	"github.com/navidrome/navidrome/log"
-	"github.com/navidrome/navidrome/plugins/api"
-	"github.com/tetratelabs/wazero"
-)
-
-// newWasmSchedulerCallback creates a new adapter for a SchedulerCallback plugin
-func newWasmSchedulerCallback(wasmPath, pluginID string, m *managerImpl, runtime api.WazeroNewRuntime, mc wazero.ModuleConfig) WasmPlugin {
-	loader, err := api.NewSchedulerCallbackPlugin(context.Background(), api.WazeroRuntime(runtime), api.WazeroModuleConfig(mc))
-	if err != nil {
-		log.Error("Error creating scheduler callback plugin", "plugin", pluginID, "path", wasmPath, err)
-		return nil
-	}
-	return &wasmSchedulerCallback{
-		baseCapability: newBaseCapability[api.SchedulerCallback, *api.SchedulerCallbackPlugin](
-			wasmPath,
-			pluginID,
-			CapabilitySchedulerCallback,
-			m.metrics,
-			loader,
-			func(ctx context.Context, l *api.SchedulerCallbackPlugin, path string) (api.SchedulerCallback, error) {
-				return l.Load(ctx, path)
-			},
-		),
-	}
-}
-
-// wasmSchedulerCallback adapts a SchedulerCallback plugin
-type wasmSchedulerCallback struct {
-	*baseCapability[api.SchedulerCallback, *api.SchedulerCallbackPlugin]
-}
-
-func (w *wasmSchedulerCallback) OnSchedulerCallback(ctx context.Context, scheduleID string, payload []byte, isRecurring bool) error {
-	_, err := callMethod(ctx, w, "OnSchedulerCallback", func(inst api.SchedulerCallback) (*api.SchedulerCallbackResponse, error) {
-		return inst.OnSchedulerCallback(ctx, &api.SchedulerCallbackRequest{
-			ScheduleId:  scheduleID,
-			Payload:     payload,
-			IsRecurring: isRecurring,
-		})
-	})
-	return err
-}
--- a/plugins/adapter_scrobbler.go
+++ b/plugins/adapter_scrobbler.go
@@ -1,136 +0,0 @@
-package plugins
-
-import (
-	"context"
-	"time"
-
-	"github.com/navidrome/navidrome/core/scrobbler"
-	"github.com/navidrome/navidrome/log"
-	"github.com/navidrome/navidrome/model"
-	"github.com/navidrome/navidrome/model/request"
-	"github.com/navidrome/navidrome/plugins/api"
-	"github.com/tetratelabs/wazero"
-)
-
-func newWasmScrobblerPlugin(wasmPath, pluginID string, m *managerImpl, runtime api.WazeroNewRuntime, mc wazero.ModuleConfig) WasmPlugin {
-	loader, err := api.NewScrobblerPlugin(context.Background(), api.WazeroRuntime(runtime), api.WazeroModuleConfig(mc))
-	if err != nil {
-		log.Error("Error creating scrobbler service plugin", "plugin", pluginID, "path", wasmPath, err)
-		return nil
-	}
-	return &wasmScrobblerPlugin{
-		baseCapability: newBaseCapability[api.Scrobbler, *api.ScrobblerPlugin](
-			wasmPath,
-			pluginID,
-			CapabilityScrobbler,
-			m.metrics,
-			loader,
-			func(ctx context.Context, l *api.ScrobblerPlugin, path string) (api.Scrobbler, error) {
-				return l.Load(ctx, path)
-			},
-		),
-	}
-}
-
-type wasmScrobblerPlugin struct {
-	*baseCapability[api.Scrobbler, *api.ScrobblerPlugin]
-}
-
-func (w *wasmScrobblerPlugin) IsAuthorized(ctx context.Context, userId string) bool {
-	username, _ := request.UsernameFrom(ctx)
-	if username == "" {
-		u, ok := request.UserFrom(ctx)
-		if ok {
-			username = u.UserName
-		}
-	}
-	resp, err := callMethod(ctx, w, "IsAuthorized", func(inst api.Scrobbler) (*api.ScrobblerIsAuthorizedResponse, error) {
-		return inst.IsAuthorized(ctx, &api.ScrobblerIsAuthorizedRequest{
-			UserId:   userId,
-			Username: username,
-		})
-	})
-	if err != nil {
-		log.Warn("Error calling IsAuthorized", "userId", userId, "pluginID", w.id, err)
-	}
-	return err == nil && resp.Authorized
-}
-
-func (w *wasmScrobblerPlugin) NowPlaying(ctx context.Context, userId string, track *model.MediaFile, position int) error {
-	username, _ := request.UsernameFrom(ctx)
-	if username == "" {
-		u, ok := request.UserFrom(ctx)
-		if ok {
-			username = u.UserName
-		}
-	}
-
-	trackInfo := w.toTrackInfo(track, position)
-	_, err := callMethod(ctx, w, "NowPlaying", func(inst api.Scrobbler) (struct{}, error) {
-		resp, err := inst.NowPlaying(ctx, &api.ScrobblerNowPlayingRequest{
-			UserId:    userId,
-			Username:  username,
-			Track:     trackInfo,
-			Timestamp: time.Now().Unix(),
-		})
-		if err != nil {
-			return struct{}{}, err
-		}
-		if resp.Error != "" {
-			return struct{}{}, nil
-		}
-		return struct{}{}, nil
-	})
-	return err
-}
-
-func (w *wasmScrobblerPlugin) Scrobble(ctx context.Context, userId string, s scrobbler.Scrobble) error {
-	username, _ := request.UsernameFrom(ctx)
-	if username == "" {
-		u, ok := request.UserFrom(ctx)
-		if ok {
-			username = u.UserName
-		}
-	}
-	trackInfo := w.toTrackInfo(&s.MediaFile, 0)
-	_, err := callMethod(ctx, w, "Scrobble", func(inst api.Scrobbler) (struct{}, error) {
-		resp, err := inst.Scrobble(ctx, &api.ScrobblerScrobbleRequest{
-			UserId:    userId,
-			Username:  username,
-			Track:     trackInfo,
-			Timestamp: s.TimeStamp.Unix(),
-		})
-		if err != nil {
-			return struct{}{}, err
-		}
-		if resp.Error != "" {
-			return struct{}{}, nil
-		}
-		return struct{}{}, nil
-	})
-	return err
-}
-
-func (w *wasmScrobblerPlugin) toTrackInfo(track *model.MediaFile, position int) *api.TrackInfo {
-	artists := make([]*api.Artist, 0, len(track.Participants[model.RoleArtist]))
-
-	for _, a := range track.Participants[model.RoleArtist] {
-		artists = append(artists, &api.Artist{Name: a.Name, Mbid: a.MbzArtistID})
-	}
-	albumArtists := make([]*api.Artist, 0, len(track.Participants[model.RoleAlbumArtist]))
-	for _, a := range track.Participants[model.RoleAlbumArtist] {
-		albumArtists = append(albumArtists, &api.Artist{Name: a.Name, Mbid: a.MbzArtistID})
-	}
-	trackInfo := &api.TrackInfo{
-		Id:           track.ID,
-		Mbid:         track.MbzRecordingID,
-		Name:         track.Title,
-		Album:        track.Album,
-		AlbumMbid:    track.MbzAlbumID,
-		Artists:      artists,
-		AlbumArtists: albumArtists,
-		Length:       int32(track.Duration),
-		Position:     int32(position),
-	}
-	return trackInfo
-}
--- a/plugins/adapter_websocket_callback.go
+++ b/plugins/adapter_websocket_callback.go
@@ -1,35 +0,0 @@
-package plugins
-
-import (
-	"context"
-
-	"github.com/navidrome/navidrome/log"
-	"github.com/navidrome/navidrome/plugins/api"
-	"github.com/tetratelabs/wazero"
-)
-
-// newWasmWebSocketCallback creates a new adapter for a WebSocketCallback plugin
-func newWasmWebSocketCallback(wasmPath, pluginID string, m *managerImpl, runtime api.WazeroNewRuntime, mc wazero.ModuleConfig) WasmPlugin {
-	loader, err := api.NewWebSocketCallbackPlugin(context.Background(), api.WazeroRuntime(runtime), api.WazeroModuleConfig(mc))
-	if err != nil {
-		log.Error("Error creating WebSocket callback plugin", "plugin", pluginID, "path", wasmPath, err)
-		return nil
-	}
-	return &wasmWebSocketCallback{
-		baseCapability: newBaseCapability[api.WebSocketCallback, *api.WebSocketCallbackPlugin](
-			wasmPath,
-			pluginID,
-			CapabilityWebSocketCallback,
-			m.metrics,
-			loader,
-			func(ctx context.Context, l *api.WebSocketCallbackPlugin, path string) (api.WebSocketCallback, error) {
-				return l.Load(ctx, path)
-			},
-		),
-	}
-}
-
-// wasmWebSocketCallback adapts a WebSocketCallback plugin
-type wasmWebSocketCallback struct {
-	*baseCapability[api.WebSocketCallback, *api.WebSocketCallbackPlugin]
-}
--- a/plugins/api/api.pb.go
+++ b/plugins/api/api.pb.go
--- a/plugins/api/api.proto
+++ b/plugins/api/api.proto
@@ -1,246 +0,0 @@
-syntax = "proto3";
-
-package api;
-
-option go_package = "github.com/navidrome/navidrome/plugins/api;api";
-
-// go:plugin type=plugin version=1
-service MetadataAgent {
-  // Artist metadata methods
-  rpc GetArtistMBID(ArtistMBIDRequest) returns (ArtistMBIDResponse);
-  rpc GetArtistURL(ArtistURLRequest) returns (ArtistURLResponse);
-  rpc GetArtistBiography(ArtistBiographyRequest) returns (ArtistBiographyResponse);
-  rpc GetSimilarArtists(ArtistSimilarRequest) returns (ArtistSimilarResponse);
-  rpc GetArtistImages(ArtistImageRequest) returns (ArtistImageResponse);
-  rpc GetArtistTopSongs(ArtistTopSongsRequest) returns (ArtistTopSongsResponse);
-
-  // Album metadata methods
-  rpc GetAlbumInfo(AlbumInfoRequest) returns (AlbumInfoResponse);
-  rpc GetAlbumImages(AlbumImagesRequest) returns (AlbumImagesResponse);
-}
-
-message ArtistMBIDRequest {
-  string id = 1;
-  string name = 2;
-}
-
-message ArtistMBIDResponse {
-  string mbid = 1;
-}
-
-message ArtistURLRequest {
-  string id = 1;
-  string name = 2;
-  string mbid = 3;
-}
-
-message ArtistURLResponse {
-  string url = 1;
-}
-
-message ArtistBiographyRequest {
-  string id = 1;
-  string name = 2;
-  string mbid = 3;
-}
-
-message ArtistBiographyResponse {
-  string biography = 1;
-}
-
-message ArtistSimilarRequest {
-  string id = 1;
-  string name = 2;
-  string mbid = 3;
-  int32 limit = 4;
-}
-
-message Artist {
-  string name = 1;
-  string mbid = 2;
-}
-
-message ArtistSimilarResponse {
-  repeated Artist artists = 1;
-}
-
-message ArtistImageRequest {
-  string id = 1;
-  string name = 2;
-  string mbid = 3;
-}
-
-message ExternalImage {
-  string url = 1;
-  int32 size = 2;
-}
-
-message ArtistImageResponse {
-  repeated ExternalImage images = 1;
-}
-
-message ArtistTopSongsRequest {
-  string id = 1;
-  string artistName = 2;
-  string mbid = 3;
-  int32 count = 4;
-}
-
-message Song {
-  string name = 1;
-  string mbid = 2;
-}
-
-message ArtistTopSongsResponse {
-  repeated Song songs = 1;
-}
-
-message AlbumInfoRequest {
-  string name = 1;
-  string artist = 2;
-  string mbid = 3;
-}
-
-message AlbumInfo {
-  string name = 1;
-  string mbid = 2;
-  string description = 3;
-  string url = 4;
-}
-
-message AlbumInfoResponse {
-  AlbumInfo info = 1;
-}
-
-message AlbumImagesRequest {
-  string name = 1;
-  string artist = 2;
-  string mbid = 3;
-}
-
-message AlbumImagesResponse {
-  repeated ExternalImage images = 1;
-}
-
-// go:plugin type=plugin version=1
-service Scrobbler {
-  rpc IsAuthorized(ScrobblerIsAuthorizedRequest) returns (ScrobblerIsAuthorizedResponse);
-  rpc NowPlaying(ScrobblerNowPlayingRequest) returns (ScrobblerNowPlayingResponse);
-  rpc Scrobble(ScrobblerScrobbleRequest) returns (ScrobblerScrobbleResponse);
-}
-
-message ScrobblerIsAuthorizedRequest {
-  string user_id = 1;
-  string username = 2;
-}
-
-message ScrobblerIsAuthorizedResponse {
-  bool authorized = 1;
-  string error = 2;
-}
-
-message TrackInfo {
-  string id = 1;
-  string mbid = 2;
-  string name = 3;
-  string album = 4;
-  string album_mbid = 5;
-  repeated Artist artists = 6;
-  repeated Artist album_artists = 7;
-  int32 length = 8; // seconds
-  int32 position = 9; // seconds
-}
-
-message ScrobblerNowPlayingRequest {
-  string user_id = 1;
-  string username = 2;
-  TrackInfo track = 3;
-  int64 timestamp = 4;
-}
-
-message ScrobblerNowPlayingResponse {
-  string error = 1;
-}
-
-message ScrobblerScrobbleRequest {
-  string user_id = 1;
-  string username = 2;
-  TrackInfo track = 3;
-  int64 timestamp = 4;
-}
-
-message ScrobblerScrobbleResponse {
-  string error = 1;
-}
-
-// go:plugin type=plugin version=1
-service SchedulerCallback {
-  rpc OnSchedulerCallback(SchedulerCallbackRequest) returns (SchedulerCallbackResponse);
-}
-
-message SchedulerCallbackRequest {
-  string schedule_id = 1;  // ID of the scheduled job that triggered this callback
-  bytes payload = 2;       // The data passed when the job was scheduled
-  bool is_recurring = 3;   // Whether this is from a recurring schedule (cron job)
-}
-
-message SchedulerCallbackResponse {
-  string error = 1;        // Error message if the callback failed
-}
-
-// go:plugin type=plugin version=1
-service LifecycleManagement {
-  rpc OnInit(InitRequest) returns (InitResponse);
-}
-
-message InitRequest {
-  map<string, string> config = 1;  // Configuration specific to this plugin
-}
-
-message InitResponse {
-  string error = 1;     // Error message if initialization failed
-}
-
-// go:plugin type=plugin version=1
-service WebSocketCallback {
-  // Called when a text message is received
-  rpc OnTextMessage(OnTextMessageRequest) returns (OnTextMessageResponse);
-
-  // Called when a binary message is received
-  rpc OnBinaryMessage(OnBinaryMessageRequest) returns (OnBinaryMessageResponse);
-
-  // Called when an error occurs
-  rpc OnError(OnErrorRequest) returns (OnErrorResponse);
-
-  // Called when the connection is closed
-  rpc OnClose(OnCloseRequest) returns (OnCloseResponse);
-}
-
-message OnTextMessageRequest {
-  string connection_id = 1;
-  string message = 2;
-}
-
-message OnTextMessageResponse {}
-
-message OnBinaryMessageRequest {
-  string connection_id = 1;
-  bytes data = 2;
-}
-
-message OnBinaryMessageResponse {}
-
-message OnErrorRequest {
-  string connection_id = 1;
-  string error = 2;
-}
-
-message OnErrorResponse {}
-
-message OnCloseRequest {
-  string connection_id = 1;
-  int32 code = 2;
-  string reason = 3;
-}
-
-message OnCloseResponse {}
--- a/plugins/api/api_host.pb.go
+++ b/plugins/api/api_host.pb.go
--- a/plugins/api/api_options.pb.go
+++ b/plugins/api/api_options.pb.go
@@ -1,47 +0,0 @@
-//go:build !wasip1
-
-// Code generated by protoc-gen-go-plugin. DO NOT EDIT.
-// versions:
-// 	protoc-gen-go-plugin v0.1.0
-// 	protoc               v5.29.3
-// source: api/api.proto
-
-package api
-
-import (
-	context "context"
-	wazero "github.com/tetratelabs/wazero"
-	wasi_snapshot_preview1 "github.com/tetratelabs/wazero/imports/wasi_snapshot_preview1"
-)
-
-type wazeroConfigOption func(plugin *WazeroConfig)
-
-type WazeroNewRuntime func(context.Context) (wazero.Runtime, error)
-
-type WazeroConfig struct {
-	newRuntime   func(context.Context) (wazero.Runtime, error)
-	moduleConfig wazero.ModuleConfig
-}
-
-func WazeroRuntime(newRuntime WazeroNewRuntime) wazeroConfigOption {
-	return func(h *WazeroConfig) {
-		h.newRuntime = newRuntime
-	}
-}
-
-func DefaultWazeroRuntime() WazeroNewRuntime {
-	return func(ctx context.Context) (wazero.Runtime, error) {
-		r := wazero.NewRuntime(ctx)
-		if _, err := wasi_snapshot_preview1.Instantiate(ctx, r); err != nil {
-			return nil, err
-		}
-
-		return r, nil
-	}
-}
-
-func WazeroModuleConfig(moduleConfig wazero.ModuleConfig) wazeroConfigOption {
-	return func(h *WazeroConfig) {
-		h.moduleConfig = moduleConfig
-	}
-}
--- a/plugins/api/api_plugin.pb.go
+++ b/plugins/api/api_plugin.pb.go
@@ -1,487 +0,0 @@
-//go:build wasip1
-
-// Code generated by protoc-gen-go-plugin. DO NOT EDIT.
-// versions:
-// 	protoc-gen-go-plugin v0.1.0
-// 	protoc               v5.29.3
-// source: api/api.proto
-
-package api
-
-import (
-	context "context"
-	wasm "github.com/knqyf263/go-plugin/wasm"
-)
-
-const MetadataAgentPluginAPIVersion = 1
-
-//go:wasmexport metadata_agent_api_version
-func _metadata_agent_api_version() uint64 {
-	return MetadataAgentPluginAPIVersion
-}
-
-var metadataAgent MetadataAgent
-
-func RegisterMetadataAgent(p MetadataAgent) {
-	metadataAgent = p
-}
-
-//go:wasmexport metadata_agent_get_artist_mbid
-func _metadata_agent_get_artist_mbid(ptr, size uint32) uint64 {
-	b := wasm.PtrToByte(ptr, size)
-	req := new(ArtistMBIDRequest)
-	if err := req.UnmarshalVT(b); err != nil {
-		return 0
-	}
-	response, err := metadataAgent.GetArtistMBID(context.Background(), req)
-	if err != nil {
-		ptr, size = wasm.ByteToPtr([]byte(err.Error()))
-		return (uint64(ptr) << uint64(32)) | uint64(size) |
-			// Indicate that this is the error string by setting the 32-th bit, assuming that
-			// no data exceeds 31-bit size (2 GiB).
-			(1 << 31)
-	}
-
-	b, err = response.MarshalVT()
-	if err != nil {
-		return 0
-	}
-	ptr, size = wasm.ByteToPtr(b)
-	return (uint64(ptr) << uint64(32)) | uint64(size)
-}
-
-//go:wasmexport metadata_agent_get_artist_url
-func _metadata_agent_get_artist_url(ptr, size uint32) uint64 {
-	b := wasm.PtrToByte(ptr, size)
-	req := new(ArtistURLRequest)
-	if err := req.UnmarshalVT(b); err != nil {
-		return 0
-	}
-	response, err := metadataAgent.GetArtistURL(context.Background(), req)
-	if err != nil {
-		ptr, size = wasm.ByteToPtr([]byte(err.Error()))
-		return (uint64(ptr) << uint64(32)) | uint64(size) |
-			// Indicate that this is the error string by setting the 32-th bit, assuming that
-			// no data exceeds 31-bit size (2 GiB).
-			(1 << 31)
-	}
-
-	b, err = response.MarshalVT()
-	if err != nil {
-		return 0
-	}
-	ptr, size = wasm.ByteToPtr(b)
-	return (uint64(ptr) << uint64(32)) | uint64(size)
-}
-
-//go:wasmexport metadata_agent_get_artist_biography
-func _metadata_agent_get_artist_biography(ptr, size uint32) uint64 {
-	b := wasm.PtrToByte(ptr, size)
-	req := new(ArtistBiographyRequest)
-	if err := req.UnmarshalVT(b); err != nil {
-		return 0
-	}
-	response, err := metadataAgent.GetArtistBiography(context.Background(), req)
-	if err != nil {
-		ptr, size = wasm.ByteToPtr([]byte(err.Error()))
-		return (uint64(ptr) << uint64(32)) | uint64(size) |
-			// Indicate that this is the error string by setting the 32-th bit, assuming that
-			// no data exceeds 31-bit size (2 GiB).
-			(1 << 31)
-	}
-
-	b, err = response.MarshalVT()
-	if err != nil {
-		return 0
-	}
-	ptr, size = wasm.ByteToPtr(b)
-	return (uint64(ptr) << uint64(32)) | uint64(size)
-}
-
-//go:wasmexport metadata_agent_get_similar_artists
-func _metadata_agent_get_similar_artists(ptr, size uint32) uint64 {
-	b := wasm.PtrToByte(ptr, size)
-	req := new(ArtistSimilarRequest)
-	if err := req.UnmarshalVT(b); err != nil {
-		return 0
-	}
-	response, err := metadataAgent.GetSimilarArtists(context.Background(), req)
-	if err != nil {
-		ptr, size = wasm.ByteToPtr([]byte(err.Error()))
-		return (uint64(ptr) << uint64(32)) | uint64(size) |
-			// Indicate that this is the error string by setting the 32-th bit, assuming that
-			// no data exceeds 31-bit size (2 GiB).
-			(1 << 31)
-	}
-
-	b, err = response.MarshalVT()
-	if err != nil {
-		return 0
-	}
-	ptr, size = wasm.ByteToPtr(b)
-	return (uint64(ptr) << uint64(32)) | uint64(size)
-}
-
-//go:wasmexport metadata_agent_get_artist_images
-func _metadata_agent_get_artist_images(ptr, size uint32) uint64 {
-	b := wasm.PtrToByte(ptr, size)
-	req := new(ArtistImageRequest)
-	if err := req.UnmarshalVT(b); err != nil {
-		return 0
-	}
-	response, err := metadataAgent.GetArtistImages(context.Background(), req)
-	if err != nil {
-		ptr, size = wasm.ByteToPtr([]byte(err.Error()))
-		return (uint64(ptr) << uint64(32)) | uint64(size) |
-			// Indicate that this is the error string by setting the 32-th bit, assuming that
-			// no data exceeds 31-bit size (2 GiB).
-			(1 << 31)
-	}
-
-	b, err = response.MarshalVT()
-	if err != nil {
-		return 0
-	}
-	ptr, size = wasm.ByteToPtr(b)
-	return (uint64(ptr) << uint64(32)) | uint64(size)
-}
-
-//go:wasmexport metadata_agent_get_artist_top_songs
-func _metadata_agent_get_artist_top_songs(ptr, size uint32) uint64 {
-	b := wasm.PtrToByte(ptr, size)
-	req := new(ArtistTopSongsRequest)
-	if err := req.UnmarshalVT(b); err != nil {
-		return 0
-	}
-	response, err := metadataAgent.GetArtistTopSongs(context.Background(), req)
-	if err != nil {
-		ptr, size = wasm.ByteToPtr([]byte(err.Error()))
-		return (uint64(ptr) << uint64(32)) | uint64(size) |
-			// Indicate that this is the error string by setting the 32-th bit, assuming that
-			// no data exceeds 31-bit size (2 GiB).
-			(1 << 31)
-	}
-
-	b, err = response.MarshalVT()
-	if err != nil {
-		return 0
-	}
-	ptr, size = wasm.ByteToPtr(b)
-	return (uint64(ptr) << uint64(32)) | uint64(size)
-}
-
-//go:wasmexport metadata_agent_get_album_info
-func _metadata_agent_get_album_info(ptr, size uint32) uint64 {
-	b := wasm.PtrToByte(ptr, size)
-	req := new(AlbumInfoRequest)
-	if err := req.UnmarshalVT(b); err != nil {
-		return 0
-	}
-	response, err := metadataAgent.GetAlbumInfo(context.Background(), req)
-	if err != nil {
-		ptr, size = wasm.ByteToPtr([]byte(err.Error()))
-		return (uint64(ptr) << uint64(32)) | uint64(size) |
-			// Indicate that this is the error string by setting the 32-th bit, assuming that
-			// no data exceeds 31-bit size (2 GiB).
-			(1 << 31)
-	}
-
-	b, err = response.MarshalVT()
-	if err != nil {
-		return 0
-	}
-	ptr, size = wasm.ByteToPtr(b)
-	return (uint64(ptr) << uint64(32)) | uint64(size)
-}
-
-//go:wasmexport metadata_agent_get_album_images
-func _metadata_agent_get_album_images(ptr, size uint32) uint64 {
-	b := wasm.PtrToByte(ptr, size)
-	req := new(AlbumImagesRequest)
-	if err := req.UnmarshalVT(b); err != nil {
-		return 0
-	}
-	response, err := metadataAgent.GetAlbumImages(context.Background(), req)
-	if err != nil {
-		ptr, size = wasm.ByteToPtr([]byte(err.Error()))
-		return (uint64(ptr) << uint64(32)) | uint64(size) |
-			// Indicate that this is the error string by setting the 32-th bit, assuming that
-			// no data exceeds 31-bit size (2 GiB).
-			(1 << 31)
-	}
-
-	b, err = response.MarshalVT()
-	if err != nil {
-		return 0
-	}
-	ptr, size = wasm.ByteToPtr(b)
-	return (uint64(ptr) << uint64(32)) | uint64(size)
-}
-
-const ScrobblerPluginAPIVersion = 1
-
-//go:wasmexport scrobbler_api_version
-func _scrobbler_api_version() uint64 {
-	return ScrobblerPluginAPIVersion
-}
-
-var scrobbler Scrobbler
-
-func RegisterScrobbler(p Scrobbler) {
-	scrobbler = p
-}
-
-//go:wasmexport scrobbler_is_authorized
-func _scrobbler_is_authorized(ptr, size uint32) uint64 {
-	b := wasm.PtrToByte(ptr, size)
-	req := new(ScrobblerIsAuthorizedRequest)
-	if err := req.UnmarshalVT(b); err != nil {
-		return 0
-	}
-	response, err := scrobbler.IsAuthorized(context.Background(), req)
-	if err != nil {
-		ptr, size = wasm.ByteToPtr([]byte(err.Error()))
-		return (uint64(ptr) << uint64(32)) | uint64(size) |
-			// Indicate that this is the error string by setting the 32-th bit, assuming that
-			// no data exceeds 31-bit size (2 GiB).
-			(1 << 31)
-	}
-
-	b, err = response.MarshalVT()
-	if err != nil {
-		return 0
-	}
-	ptr, size = wasm.ByteToPtr(b)
-	return (uint64(ptr) << uint64(32)) | uint64(size)
-}
-
-//go:wasmexport scrobbler_now_playing
-func _scrobbler_now_playing(ptr, size uint32) uint64 {
-	b := wasm.PtrToByte(ptr, size)
-	req := new(ScrobblerNowPlayingRequest)
-	if err := req.UnmarshalVT(b); err != nil {
-		return 0
-	}
-	response, err := scrobbler.NowPlaying(context.Background(), req)
-	if err != nil {
-		ptr, size = wasm.ByteToPtr([]byte(err.Error()))
-		return (uint64(ptr) << uint64(32)) | uint64(size) |
-			// Indicate that this is the error string by setting the 32-th bit, assuming that
-			// no data exceeds 31-bit size (2 GiB).
-			(1 << 31)
-	}
-
-	b, err = response.MarshalVT()
-	if err != nil {
-		return 0
-	}
-	ptr, size = wasm.ByteToPtr(b)
-	return (uint64(ptr) << uint64(32)) | uint64(size)
-}
-
-//go:wasmexport scrobbler_scrobble
-func _scrobbler_scrobble(ptr, size uint32) uint64 {
-	b := wasm.PtrToByte(ptr, size)
-	req := new(ScrobblerScrobbleRequest)
-	if err := req.UnmarshalVT(b); err != nil {
-		return 0
-	}
-	response, err := scrobbler.Scrobble(context.Background(), req)
-	if err != nil {
-		ptr, size = wasm.ByteToPtr([]byte(err.Error()))
-		return (uint64(ptr) << uint64(32)) | uint64(size) |
-			// Indicate that this is the error string by setting the 32-th bit, assuming that
-			// no data exceeds 31-bit size (2 GiB).
-			(1 << 31)
-	}
-
-	b, err = response.MarshalVT()
-	if err != nil {
-		return 0
-	}
-	ptr, size = wasm.ByteToPtr(b)
-	return (uint64(ptr) << uint64(32)) | uint64(size)
-}
-
-const SchedulerCallbackPluginAPIVersion = 1
-
-//go:wasmexport scheduler_callback_api_version
-func _scheduler_callback_api_version() uint64 {
-	return SchedulerCallbackPluginAPIVersion
-}
-
-var schedulerCallback SchedulerCallback
-
-func RegisterSchedulerCallback(p SchedulerCallback) {
-	schedulerCallback = p
-}
-
-//go:wasmexport scheduler_callback_on_scheduler_callback
-func _scheduler_callback_on_scheduler_callback(ptr, size uint32) uint64 {
-	b := wasm.PtrToByte(ptr, size)
-	req := new(SchedulerCallbackRequest)
-	if err := req.UnmarshalVT(b); err != nil {
-		return 0
-	}
-	response, err := schedulerCallback.OnSchedulerCallback(context.Background(), req)
-	if err != nil {
-		ptr, size = wasm.ByteToPtr([]byte(err.Error()))
-		return (uint64(ptr) << uint64(32)) | uint64(size) |
-			// Indicate that this is the error string by setting the 32-th bit, assuming that
-			// no data exceeds 31-bit size (2 GiB).
-			(1 << 31)
-	}
-
-	b, err = response.MarshalVT()
-	if err != nil {
-		return 0
-	}
-	ptr, size = wasm.ByteToPtr(b)
-	return (uint64(ptr) << uint64(32)) | uint64(size)
-}
-
-const LifecycleManagementPluginAPIVersion = 1
-
-//go:wasmexport lifecycle_management_api_version
-func _lifecycle_management_api_version() uint64 {
-	return LifecycleManagementPluginAPIVersion
-}
-
-var lifecycleManagement LifecycleManagement
-
-func RegisterLifecycleManagement(p LifecycleManagement) {
-	lifecycleManagement = p
-}
-
-//go:wasmexport lifecycle_management_on_init
-func _lifecycle_management_on_init(ptr, size uint32) uint64 {
-	b := wasm.PtrToByte(ptr, size)
-	req := new(InitRequest)
-	if err := req.UnmarshalVT(b); err != nil {
-		return 0
-	}
-	response, err := lifecycleManagement.OnInit(context.Background(), req)
-	if err != nil {
-		ptr, size = wasm.ByteToPtr([]byte(err.Error()))
-		return (uint64(ptr) << uint64(32)) | uint64(size) |
-			// Indicate that this is the error string by setting the 32-th bit, assuming that
-			// no data exceeds 31-bit size (2 GiB).
-			(1 << 31)
-	}
-
-	b, err = response.MarshalVT()
-	if err != nil {
-		return 0
-	}
-	ptr, size = wasm.ByteToPtr(b)
-	return (uint64(ptr) << uint64(32)) | uint64(size)
-}
-
-const WebSocketCallbackPluginAPIVersion = 1
-
-//go:wasmexport web_socket_callback_api_version
-func _web_socket_callback_api_version() uint64 {
-	return WebSocketCallbackPluginAPIVersion
-}
-
-var webSocketCallback WebSocketCallback
-
-func RegisterWebSocketCallback(p WebSocketCallback) {
-	webSocketCallback = p
-}
-
-//go:wasmexport web_socket_callback_on_text_message
-func _web_socket_callback_on_text_message(ptr, size uint32) uint64 {
-	b := wasm.PtrToByte(ptr, size)
-	req := new(OnTextMessageRequest)
-	if err := req.UnmarshalVT(b); err != nil {
-		return 0
-	}
-	response, err := webSocketCallback.OnTextMessage(context.Background(), req)
-	if err != nil {
-		ptr, size = wasm.ByteToPtr([]byte(err.Error()))
-		return (uint64(ptr) << uint64(32)) | uint64(size) |
-			// Indicate that this is the error string by setting the 32-th bit, assuming that
-			// no data exceeds 31-bit size (2 GiB).
-			(1 << 31)
-	}
-
-	b, err = response.MarshalVT()
-	if err != nil {
-		return 0
-	}
-	ptr, size = wasm.ByteToPtr(b)
-	return (uint64(ptr) << uint64(32)) | uint64(size)
-}
-
-//go:wasmexport web_socket_callback_on_binary_message
-func _web_socket_callback_on_binary_message(ptr, size uint32) uint64 {
-	b := wasm.PtrToByte(ptr, size)
-	req := new(OnBinaryMessageRequest)
-	if err := req.UnmarshalVT(b); err != nil {
-		return 0
-	}
-	response, err := webSocketCallback.OnBinaryMessage(context.Background(), req)
-	if err != nil {
-		ptr, size = wasm.ByteToPtr([]byte(err.Error()))
-		return (uint64(ptr) << uint64(32)) | uint64(size) |
-			// Indicate that this is the error string by setting the 32-th bit, assuming that
-			// no data exceeds 31-bit size (2 GiB).
-			(1 << 31)
-	}
-
-	b, err = response.MarshalVT()
-	if err != nil {
-		return 0
-	}
-	ptr, size = wasm.ByteToPtr(b)
-	return (uint64(ptr) << uint64(32)) | uint64(size)
-}
-
-//go:wasmexport web_socket_callback_on_error
-func _web_socket_callback_on_error(ptr, size uint32) uint64 {
-	b := wasm.PtrToByte(ptr, size)
-	req := new(OnErrorRequest)
-	if err := req.UnmarshalVT(b); err != nil {
-		return 0
-	}
-	response, err := webSocketCallback.OnError(context.Background(), req)
-	if err != nil {
-		ptr, size = wasm.ByteToPtr([]byte(err.Error()))
-		return (uint64(ptr) << uint64(32)) | uint64(size) |
-			// Indicate that this is the error string by setting the 32-th bit, assuming that
-			// no data exceeds 31-bit size (2 GiB).
-			(1 << 31)
-	}
-
-	b, err = response.MarshalVT()
-	if err != nil {
-		return 0
-	}
-	ptr, size = wasm.ByteToPtr(b)
-	return (uint64(ptr) << uint64(32)) | uint64(size)
-}
-
-//go:wasmexport web_socket_callback_on_close
-func _web_socket_callback_on_close(ptr, size uint32) uint64 {
-	b := wasm.PtrToByte(ptr, size)
-	req := new(OnCloseRequest)
-	if err := req.UnmarshalVT(b); err != nil {
-		return 0
-	}
-	response, err := webSocketCallback.OnClose(context.Background(), req)
-	if err != nil {
-		ptr, size = wasm.ByteToPtr([]byte(err.Error()))
-		return (uint64(ptr) << uint64(32)) | uint64(size) |
-			// Indicate that this is the error string by setting the 32-th bit, assuming that
-			// no data exceeds 31-bit size (2 GiB).
-			(1 << 31)
-	}
-
-	b, err = response.MarshalVT()
-	if err != nil {
-		return 0
-	}
-	ptr, size = wasm.ByteToPtr(b)
-	return (uint64(ptr) << uint64(32)) | uint64(size)
-}
--- a/plugins/api/api_plugin_dev.go
+++ b/plugins/api/api_plugin_dev.go
@@ -1,34 +0,0 @@
-//go:build !wasip1
-
-package api
-
-import "github.com/navidrome/navidrome/plugins/host/scheduler"
-
-// This file exists to provide stubs for the plugin registration functions when building for non-WASM targets.
-// This is useful for testing and development purposes, as it allows you to build and run your plugin code
-// without having to compile it to WASM.
-// In a real-world scenario, you would compile your plugin to WASM and use the generated registration functions.
-
-func RegisterMetadataAgent(MetadataAgent) {
-	panic("not implemented")
-}
-
-func RegisterScrobbler(Scrobbler) {
-	panic("not implemented")
-}
-
-func RegisterSchedulerCallback(SchedulerCallback) {
-	panic("not implemented")
-}
-
-func RegisterLifecycleManagement(LifecycleManagement) {
-	panic("not implemented")
-}
-
-func RegisterWebSocketCallback(WebSocketCallback) {
-	panic("not implemented")
-}
-
-func RegisterNamedSchedulerCallback(name string, cb SchedulerCallback) scheduler.SchedulerService {
-	panic("not implemented")
-}
--- a/plugins/api/api_plugin_dev_named_registry.go
+++ b/plugins/api/api_plugin_dev_named_registry.go
@@ -1,94 +0,0 @@
-//go:build wasip1
-
-package api
-
-import (
-	"context"
-	"strings"
-
-	"github.com/navidrome/navidrome/plugins/host/scheduler"
-)
-
-var callbacks = make(namedCallbacks)
-
-// RegisterNamedSchedulerCallback registers a named scheduler callback. Named callbacks allow multiple callbacks to be registered
-// within the same plugin, and for the schedules to be scoped to the named callback. If you only need a single callback, you can use
-// the default (unnamed) callback registration function, RegisterSchedulerCallback.
-// It returns a scheduler.SchedulerService that can be used to schedule jobs for the named callback.
-//
-// Notes:
-//
-// - You can't mix named and unnamed callbacks within the same plugin.
-// - The name should be unique within the plugin, and it's recommended to use a short, descriptive name.
-// - The name is case-sensitive.
-func RegisterNamedSchedulerCallback(name string, cb SchedulerCallback) scheduler.SchedulerService {
-	callbacks[name] = cb
-	RegisterSchedulerCallback(&callbacks)
-	return &namedSchedulerService{name: name, svc: scheduler.NewSchedulerService()}
-}
-
-const zwsp = string('\u200b')
-
-// namedCallbacks is a map of named scheduler callbacks. The key is the name of the callback, and the value is the callback itself.
-type namedCallbacks map[string]SchedulerCallback
-
-func parseKey(key string) (string, string) {
-	parts := strings.SplitN(key, zwsp, 2)
-	if len(parts) != 2 {
-		return "", ""
-	}
-	return parts[0], parts[1]
-}
-
-func (n *namedCallbacks) OnSchedulerCallback(ctx context.Context, req *SchedulerCallbackRequest) (*SchedulerCallbackResponse, error) {
-	name, scheduleId := parseKey(req.ScheduleId)
-	cb, exists := callbacks[name]
-	if !exists {
-		return nil, nil
-	}
-	req.ScheduleId = scheduleId
-	return cb.OnSchedulerCallback(ctx, req)
-}
-
-// namedSchedulerService is a wrapper around the host scheduler service that prefixes the schedule IDs with the
-// callback name. It is returned by RegisterNamedSchedulerCallback, and should be used by the plugin to schedule
-// jobs for the named callback.
-type namedSchedulerService struct {
-	name string
-	cb   SchedulerCallback
-	svc  scheduler.SchedulerService
-}
-
-func (n *namedSchedulerService) makeKey(id string) string {
-	return n.name + zwsp + id
-}
-
-func (n *namedSchedulerService) mapResponse(resp *scheduler.ScheduleResponse, err error) (*scheduler.ScheduleResponse, error) {
-	if err != nil {
-		return nil, err
-	}
-	_, resp.ScheduleId = parseKey(resp.ScheduleId)
-	return resp, nil
-}
-
-func (n *namedSchedulerService) ScheduleOneTime(ctx context.Context, request *scheduler.ScheduleOneTimeRequest) (*scheduler.ScheduleResponse, error) {
-	key := n.makeKey(request.ScheduleId)
-	request.ScheduleId = key
-	return n.mapResponse(n.svc.ScheduleOneTime(ctx, request))
-}
-
-func (n *namedSchedulerService) ScheduleRecurring(ctx context.Context, request *scheduler.ScheduleRecurringRequest) (*scheduler.ScheduleResponse, error) {
-	key := n.makeKey(request.ScheduleId)
-	request.ScheduleId = key
-	return n.mapResponse(n.svc.ScheduleRecurring(ctx, request))
-}
-
-func (n *namedSchedulerService) CancelSchedule(ctx context.Context, request *scheduler.CancelRequest) (*scheduler.CancelResponse, error) {
-	key := n.makeKey(request.ScheduleId)
-	request.ScheduleId = key
-	return n.svc.CancelSchedule(ctx, request)
-}
-
-func (n *namedSchedulerService) TimeNow(ctx context.Context, request *scheduler.TimeNowRequest) (*scheduler.TimeNowResponse, error) {
-	return n.svc.TimeNow(ctx, request)
-}
--- a/plugins/api/api_vtproto.pb.go
+++ b/plugins/api/api_vtproto.pb.go
--- a/plugins/api/errors.go
+++ b/plugins/api/errors.go
@@ -1,12 +0,0 @@
-package api
-
-import "errors"
-
-var (
-	// ErrNotImplemented indicates that the plugin does not implement the requested method.
-	// No logic should be executed by the plugin.
-	ErrNotImplemented = errors.New("plugin:not_implemented")
-
-	// ErrNotFound indicates that the requested resource was not found by the plugin.
-	ErrNotFound = errors.New("plugin:not_found")
-)
--- a/plugins/base_capability.go
+++ b/plugins/base_capability.go
@@ -1,159 +0,0 @@
-package plugins
-
-import (
-	"context"
-	"errors"
-	"fmt"
-	"time"
-
-	"github.com/navidrome/navidrome/core/metrics"
-	"github.com/navidrome/navidrome/log"
-	"github.com/navidrome/navidrome/model/id"
-	"github.com/navidrome/navidrome/plugins/api"
-)
-
-// newBaseCapability creates a new instance of baseCapability with the required parameters.
-func newBaseCapability[S any, P any](wasmPath, id, capability string, m metrics.Metrics, loader P, loadFunc loaderFunc[S, P]) *baseCapability[S, P] {
-	return &baseCapability[S, P]{
-		wasmPath:   wasmPath,
-		id:         id,
-		capability: capability,
-		loader:     loader,
-		loadFunc:   loadFunc,
-		metrics:    m,
-	}
-}
-
-// LoaderFunc is a generic function type that loads a plugin instance.
-type loaderFunc[S any, P any] func(ctx context.Context, loader P, path string) (S, error)
-
-// baseCapability is a generic base implementation for WASM plugins.
-// S is the capability interface type and P is the plugin loader type.
-type baseCapability[S any, P any] struct {
-	wasmPath   string
-	id         string
-	capability string
-	loader     P
-	loadFunc   loaderFunc[S, P]
-	metrics    metrics.Metrics
-}
-
-func (w *baseCapability[S, P]) PluginID() string {
-	return w.id
-}
-
-func (w *baseCapability[S, P]) serviceName() string {
-	return w.id + "_" + w.capability
-}
-
-func (w *baseCapability[S, P]) getMetrics() metrics.Metrics {
-	return w.metrics
-}
-
-// getInstance loads a new plugin instance and returns a cleanup function.
-func (w *baseCapability[S, P]) getInstance(ctx context.Context, methodName string) (S, func(), error) {
-	start := time.Now()
-	// Add context metadata for tracing
-	ctx = log.NewContext(ctx, "capability", w.serviceName(), "method", methodName)
-
-	inst, err := w.loadFunc(ctx, w.loader, w.wasmPath)
-	if err != nil {
-		var zero S
-		return zero, func() {}, fmt.Errorf("baseCapability: failed to load instance for %s: %w", w.serviceName(), err)
-	}
-	// Add context metadata for tracing
-	ctx = log.NewContext(ctx, "instanceID", getInstanceID(inst))
-	log.Trace(ctx, "baseCapability: loaded instance", "elapsed", time.Since(start))
-	return inst, func() {
-		log.Trace(ctx, "baseCapability: finished using instance", "elapsed", time.Since(start))
-		if closer, ok := any(inst).(interface{ Close(context.Context) error }); ok {
-			_ = closer.Close(ctx)
-		}
-	}, nil
-}
-
-type wasmPlugin[S any] interface {
-	PluginID() string
-	getInstance(ctx context.Context, methodName string) (S, func(), error)
-	getMetrics() metrics.Metrics
-}
-
-func callMethod[S any, R any](ctx context.Context, wp WasmPlugin, methodName string, fn func(inst S) (R, error)) (R, error) {
-	// Add a unique call ID to the context for tracing
-	ctx = log.NewContext(ctx, "callID", id.NewRandom())
-	var r R
-
-	p, ok := wp.(wasmPlugin[S])
-	if !ok {
-		log.Error(ctx, "callMethod: not a wasm plugin", "method", methodName, "pluginID", wp.PluginID())
-		return r, fmt.Errorf("wasm plugin: not a wasm plugin: %s", wp.PluginID())
-	}
-
-	inst, done, err := p.getInstance(ctx, methodName)
-	if err != nil {
-		return r, err
-	}
-	start := time.Now()
-	defer done()
-	r, err = checkErr(fn(inst))
-	elapsed := time.Since(start)
-
-	if !errors.Is(err, api.ErrNotImplemented) {
-		id := p.PluginID()
-		isOk := err == nil
-		metrics := p.getMetrics()
-		if metrics != nil {
-			metrics.RecordPluginRequest(ctx, id, methodName, isOk, elapsed.Milliseconds())
-			log.Trace(ctx, "callMethod: sending metrics", "plugin", id, "method", methodName, "ok", isOk, "elapsed", elapsed)
-		}
-	}
-
-	return r, err
-}
-
-// errorResponse is an interface that defines a method to retrieve an error message.
-// It is automatically implemented (generated) by all plugin responses that have an Error field
-type errorResponse interface {
-	GetError() string
-}
-
-// checkErr returns an updated error if the response implements errorResponse and contains an error message.
-// If the response is nil, it returns the original error. Otherwise, it wraps or creates an error as needed.
-// It also maps error strings to their corresponding api.Err* constants.
-func checkErr[T any](resp T, err error) (T, error) {
-	if any(resp) == nil {
-		return resp, mapAPIError(err)
-	}
-	respErr, ok := any(resp).(errorResponse)
-	if ok && respErr.GetError() != "" {
-		respErrMsg := respErr.GetError()
-		respErrErr := errors.New(respErrMsg)
-		mappedErr := mapAPIError(respErrErr)
-		// Check if the error was mapped to an API error (different from the temp error)
-		if errors.Is(mappedErr, api.ErrNotImplemented) || errors.Is(mappedErr, api.ErrNotFound) {
-			// Return the mapped API error instead of wrapping
-			return resp, mappedErr
-		}
-		// For non-API errors, use wrap the original error if it is not nil
-		return resp, errors.Join(respErrErr, err)
-	}
-	return resp, mapAPIError(err)
-}
-
-// mapAPIError maps error strings to their corresponding api.Err* constants.
-// This is needed as errors from plugins may not be of type api.Error, due to serialization/deserialization.
-func mapAPIError(err error) error {
-	if err == nil {
-		return nil
-	}
-
-	errStr := err.Error()
-	switch errStr {
-	case api.ErrNotImplemented.Error():
-		return api.ErrNotImplemented
-	case api.ErrNotFound.Error():
-		return api.ErrNotFound
-	default:
-		return err
-	}
-}
--- a/plugins/base_capability_test.go
+++ b/plugins/base_capability_test.go
@@ -1,285 +0,0 @@
-package plugins
-
-import (
-	"context"
-	"errors"
-
-	"github.com/navidrome/navidrome/plugins/api"
-	. "github.com/onsi/ginkgo/v2"
-	. "github.com/onsi/gomega"
-)
-
-type nilInstance struct{}
-
-var _ = Describe("baseCapability", func() {
-	var ctx = context.Background()
-
-	It("should load instance using loadFunc", func() {
-		called := false
-		plugin := &baseCapability[*nilInstance, any]{
-			wasmPath:   "",
-			id:         "test",
-			capability: "test",
-			loadFunc: func(ctx context.Context, _ any, path string) (*nilInstance, error) {
-				called = true
-				return &nilInstance{}, nil
-			},
-		}
-		inst, done, err := plugin.getInstance(ctx, "test")
-		defer done()
-		Expect(err).To(BeNil())
-		Expect(inst).ToNot(BeNil())
-		Expect(called).To(BeTrue())
-	})
-})
-
-var _ = Describe("checkErr", func() {
-	Context("when resp is nil", func() {
-		It("should return nil error when both resp and err are nil", func() {
-			var resp *testErrorResponse
-
-			result, err := checkErr(resp, nil)
-
-			Expect(result).To(BeNil())
-			Expect(err).To(BeNil())
-		})
-
-		It("should return original error unchanged for non-API errors", func() {
-			var resp *testErrorResponse
-			originalErr := errors.New("original error")
-
-			result, err := checkErr(resp, originalErr)
-
-			Expect(result).To(BeNil())
-			Expect(err).To(Equal(originalErr))
-		})
-
-		It("should return mapped API error for ErrNotImplemented", func() {
-			var resp *testErrorResponse
-			err := errors.New("plugin:not_implemented")
-
-			result, mappedErr := checkErr(resp, err)
-
-			Expect(result).To(BeNil())
-			Expect(mappedErr).To(Equal(api.ErrNotImplemented))
-		})
-
-		It("should return mapped API error for ErrNotFound", func() {
-			var resp *testErrorResponse
-			err := errors.New("plugin:not_found")
-
-			result, mappedErr := checkErr(resp, err)
-
-			Expect(result).To(BeNil())
-			Expect(mappedErr).To(Equal(api.ErrNotFound))
-		})
-	})
-
-	Context("when resp is a typed nil that implements errorResponse", func() {
-		It("should not panic and return original error", func() {
-			var resp *testErrorResponse // typed nil
-			originalErr := errors.New("original error")
-
-			// This should not panic
-			result, err := checkErr(resp, originalErr)
-
-			Expect(result).To(BeNil())
-			Expect(err).To(Equal(originalErr))
-		})
-
-		It("should handle typed nil with nil error gracefully", func() {
-			var resp *testErrorResponse // typed nil
-
-			// This should not panic
-			result, err := checkErr(resp, nil)
-
-			Expect(result).To(BeNil())
-			Expect(err).To(BeNil())
-		})
-	})
-
-	Context("when resp implements errorResponse with non-empty error", func() {
-		It("should create new error when original error is nil", func() {
-			resp := &testErrorResponse{errorMsg: "plugin error"}
-
-			result, err := checkErr(resp, nil)
-
-			Expect(result).To(Equal(resp))
-			Expect(err).To(MatchError("plugin error"))
-		})
-
-		It("should wrap original error when both exist", func() {
-			resp := &testErrorResponse{errorMsg: "plugin error"}
-			originalErr := errors.New("original error")
-
-			result, err := checkErr(resp, originalErr)
-
-			Expect(result).To(Equal(resp))
-			Expect(err).To(HaveOccurred())
-			// Check that both error messages are present in the joined error
-			errStr := err.Error()
-			Expect(errStr).To(ContainSubstring("plugin error"))
-			Expect(errStr).To(ContainSubstring("original error"))
-		})
-
-		It("should return mapped API error for ErrNotImplemented when no original error", func() {
-			resp := &testErrorResponse{errorMsg: "plugin:not_implemented"}
-
-			result, err := checkErr(resp, nil)
-
-			Expect(result).To(Equal(resp))
-			Expect(err).To(MatchError(api.ErrNotImplemented))
-		})
-
-		It("should return mapped API error for ErrNotFound when no original error", func() {
-			resp := &testErrorResponse{errorMsg: "plugin:not_found"}
-
-			result, err := checkErr(resp, nil)
-
-			Expect(result).To(Equal(resp))
-			Expect(err).To(MatchError(api.ErrNotFound))
-		})
-
-		It("should return mapped API error for ErrNotImplemented even with original error", func() {
-			resp := &testErrorResponse{errorMsg: "plugin:not_implemented"}
-			originalErr := errors.New("original error")
-
-			result, err := checkErr(resp, originalErr)
-
-			Expect(result).To(Equal(resp))
-			Expect(err).To(MatchError(api.ErrNotImplemented))
-		})
-
-		It("should return mapped API error for ErrNotFound even with original error", func() {
-			resp := &testErrorResponse{errorMsg: "plugin:not_found"}
-			originalErr := errors.New("original error")
-
-			result, err := checkErr(resp, originalErr)
-
-			Expect(result).To(Equal(resp))
-			Expect(err).To(MatchError(api.ErrNotFound))
-		})
-	})
-
-	Context("when resp implements errorResponse with empty error", func() {
-		It("should return original error unchanged", func() {
-			resp := &testErrorResponse{errorMsg: ""}
-			originalErr := errors.New("original error")
-
-			result, err := checkErr(resp, originalErr)
-
-			Expect(result).To(Equal(resp))
-			Expect(err).To(MatchError(originalErr))
-		})
-
-		It("should return nil error when both are empty/nil", func() {
-			resp := &testErrorResponse{errorMsg: ""}
-
-			result, err := checkErr(resp, nil)
-
-			Expect(result).To(Equal(resp))
-			Expect(err).To(BeNil())
-		})
-
-		It("should map original API error when response error is empty", func() {
-			resp := &testErrorResponse{errorMsg: ""}
-			originalErr := errors.New("plugin:not_implemented")
-
-			result, err := checkErr(resp, originalErr)
-
-			Expect(result).To(Equal(resp))
-			Expect(err).To(MatchError(api.ErrNotImplemented))
-		})
-	})
-
-	Context("when resp does not implement errorResponse", func() {
-		It("should return original error unchanged", func() {
-			resp := &testNonErrorResponse{data: "some data"}
-			originalErr := errors.New("original error")
-
-			result, err := checkErr(resp, originalErr)
-
-			Expect(result).To(Equal(resp))
-			Expect(err).To(Equal(originalErr))
-		})
-
-		It("should return nil error when original error is nil", func() {
-			resp := &testNonErrorResponse{data: "some data"}
-
-			result, err := checkErr(resp, nil)
-
-			Expect(result).To(Equal(resp))
-			Expect(err).To(BeNil())
-		})
-
-		It("should map original API error when response doesn't implement errorResponse", func() {
-			resp := &testNonErrorResponse{data: "some data"}
-			originalErr := errors.New("plugin:not_found")
-
-			result, err := checkErr(resp, originalErr)
-
-			Expect(result).To(Equal(resp))
-			Expect(err).To(MatchError(api.ErrNotFound))
-		})
-	})
-
-	Context("when resp is a value type (not pointer)", func() {
-		It("should handle value types that implement errorResponse", func() {
-			resp := testValueErrorResponse{errorMsg: "value error"}
-			originalErr := errors.New("original error")
-
-			result, err := checkErr(resp, originalErr)
-
-			Expect(result).To(Equal(resp))
-			Expect(err).To(HaveOccurred())
-			// Check that both error messages are present in the joined error
-			errStr := err.Error()
-			Expect(errStr).To(ContainSubstring("value error"))
-			Expect(errStr).To(ContainSubstring("original error"))
-		})
-
-		It("should handle value types with empty error", func() {
-			resp := testValueErrorResponse{errorMsg: ""}
-			originalErr := errors.New("original error")
-
-			result, err := checkErr(resp, originalErr)
-
-			Expect(result).To(Equal(resp))
-			Expect(err).To(MatchError(originalErr))
-		})
-
-		It("should handle value types with API error", func() {
-			resp := testValueErrorResponse{errorMsg: "plugin:not_implemented"}
-			originalErr := errors.New("original error")
-
-			result, err := checkErr(resp, originalErr)
-
-			Expect(result).To(Equal(resp))
-			Expect(err).To(MatchError(api.ErrNotImplemented))
-		})
-	})
-})
-
-// Test helper types
-type testErrorResponse struct {
-	errorMsg string
-}
-
-func (t *testErrorResponse) GetError() string {
-	if t == nil {
-		return "" // This is what would typically happen with a typed nil
-	}
-	return t.errorMsg
-}
-
-type testNonErrorResponse struct {
-	data string
-}
-
-type testValueErrorResponse struct {
-	errorMsg string
-}
-
-func (t testValueErrorResponse) GetError() string {
-	return t.errorMsg
-}
--- a/plugins/capabilities.go
+++ b/plugins/capabilities.go
@@ -0,0 +1,47 @@
+package plugins
+
+// Capability represents a plugin capability type.
+// Capabilities are detected by checking which functions a plugin exports.
+type Capability string
+
+// capabilityFunctions maps each capability to its required/optional functions.
+// A plugin has a capability if it exports at least one of these functions.
+var capabilityFunctions = map[Capability][]string{}
+
+// registerCapability registers a capability with its associated functions.
+func registerCapability(cap Capability, functions ...string) {
+	capabilityFunctions[cap] = functions
+}
+
+// functionExistsChecker is an interface for checking if a function exists in a plugin.
+// This allows for testing without a real plugin instance.
+type functionExistsChecker interface {
+	FunctionExists(name string) bool
+}
+
+// detectCapabilities detects which capabilities a plugin has by checking
+// which functions it exports.
+func detectCapabilities(plugin functionExistsChecker) []Capability {
+	var capabilities []Capability
+
+	for cap, functions := range capabilityFunctions {
+		for _, fn := range functions {
+			if plugin.FunctionExists(fn) {
+				capabilities = append(capabilities, cap)
+				break // Found at least one function, plugin has this capability
+			}
+		}
+	}
+
+	return capabilities
+}
+
+// hasCapability checks if the given capabilities slice contains a specific capability.
+func hasCapability(capabilities []Capability, cap Capability) bool {
+	for _, c := range capabilities {
+		if c == cap {
+			return true
+		}
+	}
+	return false
+}
--- a/plugins/capabilities/README.md
+++ b/plugins/capabilities/README.md
@@ -0,0 +1,87 @@
+# Navidrome Plugin Capabilities
+
+This directory contains the Go interface definitions for Navidrome plugin capabilities. These interfaces are the **source of truth** for plugin development and are used to generate:
+
+1. **Go PDK packages** (`pdk/go/*/`) - Type-safe wrappers for Go plugin developers
+2. **Rust PDK crates** (`pdk/rust/*/`) - Type-safe wrappers for Rust plugin developers
+3. **XTP YAML schemas** (`*.yaml`) - Schema files for other [Extism plugin languages](https://extism.org/docs/concepts/pdk/) (TypeScript, Python, C#, Zig, C++, ...)
+
+## For Go Plugin Developers
+
+Go developers should use the generated PDK packages in `plugins/pdk/go/`. See the example Go plugins in `plugins/examples/` for usage patterns.
+
+## For Rust Plugin Developers
+
+Rust developers should use the generated PDK crate in `plugins/pdk/rust/nd-pdk`. See the example Rust plugins in `plugins/examples` for usage patterns.
+
+## For Non-Go Plugin Developers
+
+If you're developing plugins in other languages (TypeScript, Rust, Python, C#, Zig, C++), you can use the XTP CLI to generate type-safe bindings from the YAML schema files in this directory.
+
+### Prerequisites
+
+Install the XTP CLI:
+
+```bash
+# macOS
+brew install dylibso/tap/xtp
+
+# Other platforms - see https://docs.xtp.dylibso.com/docs/cli
+curl https://static.dylibso.com/cli/install.sh | bash
+```
+
+### Generating Plugin Scaffolding
+
+Use the XTP CLI to generate plugin boilerplate from any capability schema:
+
+```bash
+# TypeScript
+xtp plugin init --schema-file plugins/capabilities/metadata_agent.yaml \
+    --template typescript --path my-plugin
+
+# Rust
+xtp plugin init --schema-file plugins/capabilities/scrobbler.yaml \
+    --template rust --path my-plugin
+
+# Python
+xtp plugin init --schema-file plugins/capabilities/lifecycle.yaml \
+    --template python --path my-plugin
+
+# C#
+xtp plugin init --schema-file plugins/capabilities/scheduler_callback.yaml \
+    --template csharp --path my-plugin
+
+# Go (alternative to using the PDK packages)
+xtp plugin init --schema-file plugins/capabilities/websocket_callback.yaml \
+    --template go --path my-plugin
+```
+
+### Available Capabilities
+
+| Capability         | Schema File               | Description                                                 |
+|--------------------|---------------------------|-------------------------------------------------------------|
+| Metadata Agent     | `metadata_agent.yaml`     | Fetch artist biographies, album images, and similar artists |
+| Scrobbler          | `scrobbler.yaml`          | Report listening activity to external services              |
+| Lifecycle          | `lifecycle.yaml`          | Plugin initialization callbacks                             |
+| Scheduler Callback | `scheduler_callback.yaml` | Scheduled task execution                                    |
+| WebSocket Callback | `websocket_callback.yaml` | Real-time WebSocket message handling                        |
+
+### Building Your Plugin
+
+After generating the scaffolding, implement the required functions and build your plugin as a WebAssembly module. The exact build process depends on your chosen language - see the [Extism PDK documentation](https://extism.org/docs/concepts/pdk) for language-specific guides.
+
+## XTP Schema Generation
+
+The YAML schemas in this package are automatically generated from the capability Go interfaces using `ndpgen`.
+To regenerate the schemas after modifying the interfaces, run:
+
+```bash
+cd plugins/cmd/ndpgen && go run . -schemas -input=./plugins/capabilities
+```
+
+## Resources
+
+- [XTP Documentation](https://docs.xtp.dylibso.com/)
+- [XTP Bindgen Repository](https://github.com/dylibso/xtp-bindgen)
+- [Extism Plugin Development Kit](https://extism.org/docs/concepts/pdk)
+- [XTP Schema Definition](https://raw.githubusercontent.com/dylibso/xtp-bindgen/5090518dd86ba5e734dc225a33066ecc0ed2e12d/plugin/schema.json)
--- a/plugins/capabilities/doc.go
+++ b/plugins/capabilities/doc.go
@@ -0,0 +1,56 @@
+// Package capabilities defines Go interfaces for Navidrome plugin capabilities.
+//
+// These interfaces serve as the source of truth for capability definitions.
+// The ndpgen tool generates:
+//   - Go export wrappers in plugins/pdk/go/<capability>/ for Go plugins
+//   - XTP YAML schemas for non-Go plugins (Rust, TypeScript, etc.)
+//
+// Each capability is defined as an annotated interface:
+//
+//	//nd:capability name=metadata
+//	type MetadataAgent interface {
+//	    //nd:export name=nd_get_artist_biography
+//	    GetArtistBiography(ArtistRequest) (*ArtistBiographyResponse, error)
+//	}
+//
+// Annotation Reference:
+//
+//	//nd:capability name=<pkg> [required=true]
+//	  - Marks an interface as a capability
+//	  - name: Generated package name (e.g., name=metadata → pdk/go/metadata/)
+//	  - required: If true, all methods must be implemented (default: false)
+//
+//	//nd:export name=<func>
+//	  - Marks a method as an exported WASM function
+//	  - name: The export name (e.g., nd_get_artist_biography)
+//
+// Generated Code Structure:
+//
+// For a capability like MetadataAgent with required=false:
+//
+//	package metadata
+//
+//	// Agent is the marker interface
+//	type Agent interface{}
+//
+//	// Optional provider interfaces
+//	type ArtistBiographyProvider interface {
+//	    GetArtistBiography(ArtistRequest) (*ArtistBiographyResponse, error)
+//	}
+//
+//	// Registration function
+//	func Register(impl Agent) { ... }
+//
+// For a capability with required=true:
+//
+//	package scrobbler
+//
+//	// Scrobbler requires all methods
+//	type Scrobbler interface {
+//	    IsAuthorized(IsAuthorizedRequest) (bool, error)
+//	    NowPlaying(NowPlayingRequest) error
+//	    Scrobble(ScrobbleRequest) error
+//	}
+//
+//	func Register(impl Scrobbler) { ... }
+package capabilities
--- a/plugins/capabilities/lifecycle.go
+++ b/plugins/capabilities/lifecycle.go
@@ -0,0 +1,19 @@
+package capabilities
+
+// Lifecycle provides plugin lifecycle hooks.
+// This capability allows plugins to perform initialization when loaded,
+// such as establishing connections, starting background processes, or
+// validating configuration.
+//
+// The OnInit function is called once when the plugin is loaded, and is NOT
+// called when the plugin is hot-reloaded. Plugins should not assume this
+// function will be called on every startup.
+//
+//nd:capability name=lifecycle
+type Lifecycle interface {
+	// OnInit is called after a plugin is fully loaded with all services registered.
+	// Plugins can use this function to perform one-time initialization tasks.
+	// Errors are logged but will not prevent the plugin from being loaded.
+	//nd:export name=nd_on_init
+	OnInit() error
+}
--- a/plugins/capabilities/lifecycle.yaml
+++ b/plugins/capabilities/lifecycle.yaml
@@ -0,0 +1,7 @@
+version: v1-draft
+exports:
+    nd_on_init:
+        description: |-
+            OnInit is called after a plugin is fully loaded with all services registered.
+            Plugins can use this function to perform one-time initialization tasks.
+            Errors are logged but will not prevent the plugin from being loaded.
--- a/plugins/capabilities/metadata_agent.go
+++ b/plugins/capabilities/metadata_agent.go
@@ -0,0 +1,173 @@
+package capabilities
+
+// MetadataAgent provides artist and album metadata retrieval.
+// This capability allows plugins to provide external metadata for artists and albums,
+// such as biographies, images, similar artists, and top songs.
+//
+// Plugins implementing this capability can choose which methods to implement.
+// Each method is optional - plugins only need to provide the functionality they support.
+//
+//nd:capability name=metadata
+type MetadataAgent interface {
+	// GetArtistMBID retrieves the MusicBrainz ID for an artist.
+	//nd:export name=nd_get_artist_mbid
+	GetArtistMBID(ArtistMBIDRequest) (*ArtistMBIDResponse, error)
+
+	// GetArtistURL retrieves the external URL for an artist.
+	//nd:export name=nd_get_artist_url
+	GetArtistURL(ArtistRequest) (*ArtistURLResponse, error)
+
+	// GetArtistBiography retrieves the biography for an artist.
+	//nd:export name=nd_get_artist_biography
+	GetArtistBiography(ArtistRequest) (*ArtistBiographyResponse, error)
+
+	// GetSimilarArtists retrieves similar artists for a given artist.
+	//nd:export name=nd_get_similar_artists
+	GetSimilarArtists(SimilarArtistsRequest) (*SimilarArtistsResponse, error)
+
+	// GetArtistImages retrieves images for an artist.
+	//nd:export name=nd_get_artist_images
+	GetArtistImages(ArtistRequest) (*ArtistImagesResponse, error)
+
+	// GetArtistTopSongs retrieves top songs for an artist.
+	//nd:export name=nd_get_artist_top_songs
+	GetArtistTopSongs(TopSongsRequest) (*TopSongsResponse, error)
+
+	// GetAlbumInfo retrieves album information.
+	//nd:export name=nd_get_album_info
+	GetAlbumInfo(AlbumRequest) (*AlbumInfoResponse, error)
+
+	// GetAlbumImages retrieves images for an album.
+	//nd:export name=nd_get_album_images
+	GetAlbumImages(AlbumRequest) (*AlbumImagesResponse, error)
+}
+
+// ArtistMBIDRequest is the request for GetArtistMBID.
+type ArtistMBIDRequest struct {
+	// ID is the internal Navidrome artist ID.
+	ID string `json:"id"`
+	// Name is the artist name.
+	Name string `json:"name"`
+}
+
+// ArtistMBIDResponse is the response for GetArtistMBID.
+type ArtistMBIDResponse struct {
+	// MBID is the MusicBrainz ID for the artist.
+	MBID string `json:"mbid"`
+}
+
+// ArtistRequest is the common request for artist-related functions.
+type ArtistRequest struct {
+	// ID is the internal Navidrome artist ID.
+	ID string `json:"id"`
+	// Name is the artist name.
+	Name string `json:"name"`
+	// MBID is the MusicBrainz ID for the artist (if known).
+	MBID string `json:"mbid,omitempty"`
+}
+
+// ArtistURLResponse is the response for GetArtistURL.
+type ArtistURLResponse struct {
+	// URL is the external URL for the artist.
+	URL string `json:"url"`
+}
+
+// ArtistBiographyResponse is the response for GetArtistBiography.
+type ArtistBiographyResponse struct {
+	// Biography is the artist biography text.
+	Biography string `json:"biography"`
+}
+
+// SimilarArtistsRequest is the request for GetSimilarArtists.
+type SimilarArtistsRequest struct {
+	// ID is the internal Navidrome artist ID.
+	ID string `json:"id"`
+	// Name is the artist name.
+	Name string `json:"name"`
+	// MBID is the MusicBrainz ID for the artist (if known).
+	MBID string `json:"mbid,omitempty"`
+	// Limit is the maximum number of similar artists to return.
+	Limit int32 `json:"limit"`
+}
+
+// ArtistRef is a reference to an artist with name and optional MBID.
+type ArtistRef struct {
+	// Name is the artist name.
+	Name string `json:"name"`
+	// MBID is the MusicBrainz ID for the artist.
+	MBID string `json:"mbid,omitempty"`
+}
+
+// SimilarArtistsResponse is the response for GetSimilarArtists.
+type SimilarArtistsResponse struct {
+	// Artists is the list of similar artists.
+	Artists []ArtistRef `json:"artists"`
+}
+
+// ImageInfo represents an image with URL and size.
+type ImageInfo struct {
+	// URL is the URL of the image.
+	URL string `json:"url"`
+	// Size is the size of the image in pixels (width or height).
+	Size int32 `json:"size"`
+}
+
+// ArtistImagesResponse is the response for GetArtistImages.
+type ArtistImagesResponse struct {
+	// Images is the list of artist images.
+	Images []ImageInfo `json:"images"`
+}
+
+// TopSongsRequest is the request for GetArtistTopSongs.
+type TopSongsRequest struct {
+	// ID is the internal Navidrome artist ID.
+	ID string `json:"id"`
+	// Name is the artist name.
+	Name string `json:"name"`
+	// MBID is the MusicBrainz ID for the artist (if known).
+	MBID string `json:"mbid,omitempty"`
+	// Count is the maximum number of top songs to return.
+	Count int32 `json:"count"`
+}
+
+// SongRef is a reference to a song with name and optional MBID.
+type SongRef struct {
+	// Name is the song name.
+	Name string `json:"name"`
+	// MBID is the MusicBrainz ID for the song.
+	MBID string `json:"mbid,omitempty"`
+}
+
+// TopSongsResponse is the response for GetArtistTopSongs.
+type TopSongsResponse struct {
+	// Songs is the list of top songs.
+	Songs []SongRef `json:"songs"`
+}
+
+// AlbumRequest is the common request for album-related functions.
+type AlbumRequest struct {
+	// Name is the album name.
+	Name string `json:"name"`
+	// Artist is the album artist name.
+	Artist string `json:"artist"`
+	// MBID is the MusicBrainz ID for the album (if known).
+	MBID string `json:"mbid,omitempty"`
+}
+
+// AlbumInfoResponse is the response for GetAlbumInfo.
+type AlbumInfoResponse struct {
+	// Name is the album name.
+	Name string `json:"name"`
+	// MBID is the MusicBrainz ID for the album.
+	MBID string `json:"mbid"`
+	// Description is the album description/notes.
+	Description string `json:"description"`
+	// URL is the external URL for the album.
+	URL string `json:"url"`
+}
+
+// AlbumImagesResponse is the response for GetAlbumImages.
+type AlbumImagesResponse struct {
+	// Images is the list of album images.
+	Images []ImageInfo `json:"images"`
+}
--- a/plugins/capabilities/metadata_agent.yaml
+++ b/plugins/capabilities/metadata_agent.yaml
@@ -0,0 +1,269 @@
+version: v1-draft
+exports:
+    nd_get_artist_mbid:
+        description: GetArtistMBID retrieves the MusicBrainz ID for an artist.
+        input:
+            $ref: '#/components/schemas/ArtistMBIDRequest'
+            contentType: application/json
+        output:
+            $ref: '#/components/schemas/ArtistMBIDResponse'
+            contentType: application/json
+    nd_get_artist_url:
+        description: GetArtistURL retrieves the external URL for an artist.
+        input:
+            $ref: '#/components/schemas/ArtistRequest'
+            contentType: application/json
+        output:
+            $ref: '#/components/schemas/ArtistURLResponse'
+            contentType: application/json
+    nd_get_artist_biography:
+        description: GetArtistBiography retrieves the biography for an artist.
+        input:
+            $ref: '#/components/schemas/ArtistRequest'
+            contentType: application/json
+        output:
+            $ref: '#/components/schemas/ArtistBiographyResponse'
+            contentType: application/json
+    nd_get_similar_artists:
+        description: GetSimilarArtists retrieves similar artists for a given artist.
+        input:
+            $ref: '#/components/schemas/SimilarArtistsRequest'
+            contentType: application/json
+        output:
+            $ref: '#/components/schemas/SimilarArtistsResponse'
+            contentType: application/json
+    nd_get_artist_images:
+        description: GetArtistImages retrieves images for an artist.
+        input:
+            $ref: '#/components/schemas/ArtistRequest'
+            contentType: application/json
+        output:
+            $ref: '#/components/schemas/ArtistImagesResponse'
+            contentType: application/json
+    nd_get_artist_top_songs:
+        description: GetArtistTopSongs retrieves top songs for an artist.
+        input:
+            $ref: '#/components/schemas/TopSongsRequest'
+            contentType: application/json
+        output:
+            $ref: '#/components/schemas/TopSongsResponse'
+            contentType: application/json
+    nd_get_album_info:
+        description: GetAlbumInfo retrieves album information.
+        input:
+            $ref: '#/components/schemas/AlbumRequest'
+            contentType: application/json
+        output:
+            $ref: '#/components/schemas/AlbumInfoResponse'
+            contentType: application/json
+    nd_get_album_images:
+        description: GetAlbumImages retrieves images for an album.
+        input:
+            $ref: '#/components/schemas/AlbumRequest'
+            contentType: application/json
+        output:
+            $ref: '#/components/schemas/AlbumImagesResponse'
+            contentType: application/json
+components:
+    schemas:
+        AlbumImagesResponse:
+            description: AlbumImagesResponse is the response for GetAlbumImages.
+            properties:
+                images:
+                    type: array
+                    description: Images is the list of album images.
+                    items:
+                        $ref: '#/components/schemas/ImageInfo'
+            required:
+                - images
+        AlbumInfoResponse:
+            description: AlbumInfoResponse is the response for GetAlbumInfo.
+            properties:
+                name:
+                    type: string
+                    description: Name is the album name.
+                mbid:
+                    type: string
+                    description: MBID is the MusicBrainz ID for the album.
+                description:
+                    type: string
+                    description: Description is the album description/notes.
+                url:
+                    type: string
+                    description: URL is the external URL for the album.
+            required:
+                - name
+                - mbid
+                - description
+                - url
+        AlbumRequest:
+            description: AlbumRequest is the common request for album-related functions.
+            properties:
+                name:
+                    type: string
+                    description: Name is the album name.
+                artist:
+                    type: string
+                    description: Artist is the album artist name.
+                mbid:
+                    type: string
+                    description: MBID is the MusicBrainz ID for the album (if known).
+            required:
+                - name
+                - artist
+        ArtistBiographyResponse:
+            description: ArtistBiographyResponse is the response for GetArtistBiography.
+            properties:
+                biography:
+                    type: string
+                    description: Biography is the artist biography text.
+            required:
+                - biography
+        ArtistImagesResponse:
+            description: ArtistImagesResponse is the response for GetArtistImages.
+            properties:
+                images:
+                    type: array
+                    description: Images is the list of artist images.
+                    items:
+                        $ref: '#/components/schemas/ImageInfo'
+            required:
+                - images
+        ArtistMBIDRequest:
+            description: ArtistMBIDRequest is the request for GetArtistMBID.
+            properties:
+                id:
+                    type: string
+                    description: ID is the internal Navidrome artist ID.
+                name:
+                    type: string
+                    description: Name is the artist name.
+            required:
+                - id
+                - name
+        ArtistMBIDResponse:
+            description: ArtistMBIDResponse is the response for GetArtistMBID.
+            properties:
+                mbid:
+                    type: string
+                    description: MBID is the MusicBrainz ID for the artist.
+            required:
+                - mbid
+        ArtistRef:
+            description: ArtistRef is a reference to an artist with name and optional MBID.
+            properties:
+                name:
+                    type: string
+                    description: Name is the artist name.
+                mbid:
+                    type: string
+                    description: MBID is the MusicBrainz ID for the artist.
+            required:
+                - name
+        ArtistRequest:
+            description: ArtistRequest is the common request for artist-related functions.
+            properties:
+                id:
+                    type: string
+                    description: ID is the internal Navidrome artist ID.
+                name:
+                    type: string
+                    description: Name is the artist name.
+                mbid:
+                    type: string
+                    description: MBID is the MusicBrainz ID for the artist (if known).
+            required:
+                - id
+                - name
+        ArtistURLResponse:
+            description: ArtistURLResponse is the response for GetArtistURL.
+            properties:
+                url:
+                    type: string
+                    description: URL is the external URL for the artist.
+            required:
+                - url
+        ImageInfo:
+            description: ImageInfo represents an image with URL and size.
+            properties:
+                url:
+                    type: string
+                    description: URL is the URL of the image.
+                size:
+                    type: integer
+                    format: int32
+                    description: Size is the size of the image in pixels (width or height).
+            required:
+                - url
+                - size
+        SimilarArtistsRequest:
+            description: SimilarArtistsRequest is the request for GetSimilarArtists.
+            properties:
+                id:
+                    type: string
+                    description: ID is the internal Navidrome artist ID.
+                name:
+                    type: string
+                    description: Name is the artist name.
+                mbid:
+                    type: string
+                    description: MBID is the MusicBrainz ID for the artist (if known).
+                limit:
+                    type: integer
+                    format: int32
+                    description: Limit is the maximum number of similar artists to return.
+            required:
+                - id
+                - name
+                - limit
+        SimilarArtistsResponse:
+            description: SimilarArtistsResponse is the response for GetSimilarArtists.
+            properties:
+                artists:
+                    type: array
+                    description: Artists is the list of similar artists.
+                    items:
+                        $ref: '#/components/schemas/ArtistRef'
+            required:
+                - artists
+        SongRef:
+            description: SongRef is a reference to a song with name and optional MBID.
+            properties:
+                name:
+                    type: string
+                    description: Name is the song name.
+                mbid:
+                    type: string
+                    description: MBID is the MusicBrainz ID for the song.
+            required:
+                - name
+        TopSongsRequest:
+            description: TopSongsRequest is the request for GetArtistTopSongs.
+            properties:
+                id:
+                    type: string
+                    description: ID is the internal Navidrome artist ID.
+                name:
+                    type: string
+                    description: Name is the artist name.
+                mbid:
+                    type: string
+                    description: MBID is the MusicBrainz ID for the artist (if known).
+                count:
+                    type: integer
+                    format: int32
+                    description: Count is the maximum number of top songs to return.
+            required:
+                - id
+                - name
+                - count
+        TopSongsResponse:
+            description: TopSongsResponse is the response for GetArtistTopSongs.
+            properties:
+                songs:
+                    type: array
+                    description: Songs is the list of top songs.
+                    items:
+                        $ref: '#/components/schemas/SongRef'
+            required:
+                - songs
--- a/plugins/capabilities/scheduler_callback.go
+++ b/plugins/capabilities/scheduler_callback.go
@@ -0,0 +1,27 @@
+package capabilities
+
+// SchedulerCallback provides scheduled task handling.
+// This capability allows plugins to receive callbacks when their scheduled tasks execute.
+// Plugins that use the scheduler host service must implement this capability
+// to handle task execution.
+//
+//nd:capability name=scheduler
+type SchedulerCallback interface {
+	// OnCallback is called when a scheduled task fires.
+	// Errors are logged but do not affect the scheduling system.
+	//nd:export name=nd_scheduler_callback
+	OnCallback(SchedulerCallbackRequest) error
+}
+
+// SchedulerCallbackRequest is the request provided when a scheduled task fires.
+type SchedulerCallbackRequest struct {
+	// ScheduleID is the unique identifier for this scheduled task.
+	// This is either the ID provided when scheduling, or an auto-generated UUID if none was specified.
+	ScheduleID string `json:"scheduleId"`
+	// Payload is the payload data that was provided when the task was scheduled.
+	// Can be used to pass context or parameters to the callback handler.
+	Payload string `json:"payload"`
+	// IsRecurring is true if this is a recurring schedule (created via ScheduleRecurring),
+	// false if it's a one-time schedule (created via ScheduleOneTime).
+	IsRecurring bool `json:"isRecurring"`
+}
--- a/plugins/capabilities/scheduler_callback.yaml
+++ b/plugins/capabilities/scheduler_callback.yaml
@@ -0,0 +1,33 @@
+version: v1-draft
+exports:
+    nd_scheduler_callback:
+        description: |-
+            OnCallback is called when a scheduled task fires.
+            Errors are logged but do not affect the scheduling system.
+        input:
+            $ref: '#/components/schemas/SchedulerCallbackRequest'
+            contentType: application/json
+components:
+    schemas:
+        SchedulerCallbackRequest:
+            description: SchedulerCallbackRequest is the request provided when a scheduled task fires.
+            properties:
+                scheduleId:
+                    type: string
+                    description: |-
+                        ScheduleID is the unique identifier for this scheduled task.
+                        This is either the ID provided when scheduling, or an auto-generated UUID if none was specified.
+                payload:
+                    type: string
+                    description: |-
+                        Payload is the payload data that was provided when the task was scheduled.
+                        Can be used to pass context or parameters to the callback handler.
+                isRecurring:
+                    type: boolean
+                    description: |-
+                        IsRecurring is true if this is a recurring schedule (created via ScheduleRecurring),
+                        false if it's a one-time schedule (created via ScheduleOneTime).
+            required:
+                - scheduleId
+                - payload
+                - isRecurring
--- a/plugins/capabilities/scrobbler.go
+++ b/plugins/capabilities/scrobbler.go
@@ -0,0 +1,102 @@
+package capabilities
+
+// Scrobbler provides scrobbling functionality to external services.
+// This capability allows plugins to submit listening history to services like Last.fm,
+// ListenBrainz, or custom scrobbling backends.
+//
+// All methods are required - plugins implementing this capability must provide
+// all three functions: IsAuthorized, NowPlaying, and Scrobble.
+//
+//nd:capability name=scrobbler required=true
+type Scrobbler interface {
+	// IsAuthorized checks if a user is authorized to scrobble to this service.
+	//nd:export name=nd_scrobbler_is_authorized
+	IsAuthorized(IsAuthorizedRequest) (bool, error)
+
+	// NowPlaying sends a now playing notification to the scrobbling service.
+	//nd:export name=nd_scrobbler_now_playing
+	NowPlaying(NowPlayingRequest) error
+
+	// Scrobble submits a completed scrobble to the scrobbling service.
+	//nd:export name=nd_scrobbler_scrobble
+	Scrobble(ScrobbleRequest) error
+}
+
+// IsAuthorizedRequest is the request for authorization check.
+type IsAuthorizedRequest struct {
+	// UserID is the internal Navidrome user ID.
+	UserID string `json:"userId"`
+	// Username is the username of the user.
+	Username string `json:"username"`
+}
+
+// TrackInfo contains track metadata for scrobbling.
+type TrackInfo struct {
+	// ID is the internal Navidrome track ID.
+	ID string `json:"id"`
+	// Title is the track title.
+	Title string `json:"title"`
+	// Album is the album name.
+	Album string `json:"album"`
+	// Artist is the track artist.
+	Artist string `json:"artist"`
+	// AlbumArtist is the album artist.
+	AlbumArtist string `json:"albumArtist"`
+	// Duration is the track duration in seconds.
+	Duration float32 `json:"duration"`
+	// TrackNumber is the track number on the album.
+	TrackNumber int32 `json:"trackNumber"`
+	// DiscNumber is the disc number.
+	DiscNumber int32 `json:"discNumber"`
+	// MBZRecordingID is the MusicBrainz recording ID.
+	MBZRecordingID string `json:"mbzRecordingId,omitempty"`
+	// MBZAlbumID is the MusicBrainz album/release ID.
+	MBZAlbumID string `json:"mbzAlbumId,omitempty"`
+	// MBZArtistID is the MusicBrainz artist ID.
+	MBZArtistID string `json:"mbzArtistId,omitempty"`
+	// MBZReleaseGroupID is the MusicBrainz release group ID.
+	MBZReleaseGroupID string `json:"mbzReleaseGroupId,omitempty"`
+	// MBZAlbumArtistID is the MusicBrainz album artist ID.
+	MBZAlbumArtistID string `json:"mbzAlbumArtistId,omitempty"`
+	// MBZReleaseTrackID is the MusicBrainz release track ID.
+	MBZReleaseTrackID string `json:"mbzReleaseTrackId,omitempty"`
+}
+
+// NowPlayingRequest is the request for now playing notification.
+type NowPlayingRequest struct {
+	// UserID is the internal Navidrome user ID.
+	UserID string `json:"userId"`
+	// Username is the username of the user.
+	Username string `json:"username"`
+	// Track is the track currently playing.
+	Track TrackInfo `json:"track"`
+	// Position is the current playback position in seconds.
+	Position int32 `json:"position"`
+}
+
+// ScrobbleRequest is the request for submitting a scrobble.
+type ScrobbleRequest struct {
+	// UserID is the internal Navidrome user ID.
+	UserID string `json:"userId"`
+	// Username is the username of the user.
+	Username string `json:"username"`
+	// Track is the track that was played.
+	Track TrackInfo `json:"track"`
+	// Timestamp is the Unix timestamp when the track started playing.
+	Timestamp int64 `json:"timestamp"`
+}
+
+// ScrobblerError represents an error type for scrobbling operations.
+type ScrobblerError string
+
+const (
+	// ScrobblerErrorNotAuthorized indicates the user is not authorized.
+	ScrobblerErrorNotAuthorized ScrobblerError = "scrobbler(not_authorized)"
+	// ScrobblerErrorRetryLater indicates the operation should be retried later.
+	ScrobblerErrorRetryLater ScrobblerError = "scrobbler(retry_later)"
+	// ScrobblerErrorUnrecoverable indicates an unrecoverable error.
+	ScrobblerErrorUnrecoverable ScrobblerError = "scrobbler(unrecoverable)"
+)
+
+// Error implements the error interface for ScrobblerError.
+func (e ScrobblerError) Error() string { return string(e) }
--- a/plugins/capabilities/scrobbler.yaml
+++ b/plugins/capabilities/scrobbler.yaml
@@ -0,0 +1,133 @@
+version: v1-draft
+exports:
+    nd_scrobbler_is_authorized:
+        description: IsAuthorized checks if a user is authorized to scrobble to this service.
+        input:
+            $ref: '#/components/schemas/IsAuthorizedRequest'
+            contentType: application/json
+        output:
+            type: boolean
+            contentType: application/json
+    nd_scrobbler_now_playing:
+        description: NowPlaying sends a now playing notification to the scrobbling service.
+        input:
+            $ref: '#/components/schemas/NowPlayingRequest'
+            contentType: application/json
+    nd_scrobbler_scrobble:
+        description: Scrobble submits a completed scrobble to the scrobbling service.
+        input:
+            $ref: '#/components/schemas/ScrobbleRequest'
+            contentType: application/json
+components:
+    schemas:
+        IsAuthorizedRequest:
+            description: IsAuthorizedRequest is the request for authorization check.
+            properties:
+                userId:
+                    type: string
+                    description: UserID is the internal Navidrome user ID.
+                username:
+                    type: string
+                    description: Username is the username of the user.
+            required:
+                - userId
+                - username
+        NowPlayingRequest:
+            description: NowPlayingRequest is the request for now playing notification.
+            properties:
+                userId:
+                    type: string
+                    description: UserID is the internal Navidrome user ID.
+                username:
+                    type: string
+                    description: Username is the username of the user.
+                track:
+                    $ref: '#/components/schemas/TrackInfo'
+                    description: Track is the track currently playing.
+                position:
+                    type: integer
+                    format: int32
+                    description: Position is the current playback position in seconds.
+            required:
+                - userId
+                - username
+                - track
+                - position
+        ScrobbleRequest:
+            description: ScrobbleRequest is the request for submitting a scrobble.
+            properties:
+                userId:
+                    type: string
+                    description: UserID is the internal Navidrome user ID.
+                username:
+                    type: string
+                    description: Username is the username of the user.
+                track:
+                    $ref: '#/components/schemas/TrackInfo'
+                    description: Track is the track that was played.
+                timestamp:
+                    type: integer
+                    format: int64
+                    description: Timestamp is the Unix timestamp when the track started playing.
+            required:
+                - userId
+                - username
+                - track
+                - timestamp
+        TrackInfo:
+            description: TrackInfo contains track metadata for scrobbling.
+            properties:
+                id:
+                    type: string
+                    description: ID is the internal Navidrome track ID.
+                title:
+                    type: string
+                    description: Title is the track title.
+                album:
+                    type: string
+                    description: Album is the album name.
+                artist:
+                    type: string
+                    description: Artist is the track artist.
+                albumArtist:
+                    type: string
+                    description: AlbumArtist is the album artist.
+                duration:
+                    type: number
+                    format: float
+                    description: Duration is the track duration in seconds.
+                trackNumber:
+                    type: integer
+                    format: int32
+                    description: TrackNumber is the track number on the album.
+                discNumber:
+                    type: integer
+                    format: int32
+                    description: DiscNumber is the disc number.
+                mbzRecordingId:
+                    type: string
+                    description: MBZRecordingID is the MusicBrainz recording ID.
+                mbzAlbumId:
+                    type: string
+                    description: MBZAlbumID is the MusicBrainz album/release ID.
+                mbzArtistId:
+                    type: string
+                    description: MBZArtistID is the MusicBrainz artist ID.
+                mbzReleaseGroupId:
+                    type: string
+                    description: MBZReleaseGroupID is the MusicBrainz release group ID.
+                mbzAlbumArtistId:
+                    type: string
+                    description: MBZAlbumArtistID is the MusicBrainz album artist ID.
+                mbzReleaseTrackId:
+                    type: string
+                    description: MBZReleaseTrackID is the MusicBrainz release track ID.
+            required:
+                - id
+                - title
+                - album
+                - artist
+                - albumArtist
+                - duration
+                - trackNumber
+                - discNumber
--- a/plugins/capabilities/websocket_callback.go
+++ b/plugins/capabilities/websocket_callback.go
@@ -0,0 +1,61 @@
+package capabilities
+
+// WebSocketCallback provides WebSocket message handling.
+// This capability allows plugins to receive callbacks for WebSocket events
+// such as text messages, binary messages, errors, and connection closures.
+// Plugins that use the WebSocket host service must implement this capability
+// to handle incoming events.
+//
+//nd:capability name=websocket
+type WebSocketCallback interface {
+	// OnTextMessage is called when a text message is received on a WebSocket connection.
+	//nd:export name=nd_websocket_on_text_message
+	OnTextMessage(OnTextMessageRequest) error
+
+	// OnBinaryMessage is called when a binary message is received on a WebSocket connection.
+	//nd:export name=nd_websocket_on_binary_message
+	OnBinaryMessage(OnBinaryMessageRequest) error
+
+	// OnError is called when an error occurs on a WebSocket connection.
+	//nd:export name=nd_websocket_on_error
+	OnError(OnErrorRequest) error
+
+	// OnClose is called when a WebSocket connection is closed.
+	//nd:export name=nd_websocket_on_close
+	OnClose(OnCloseRequest) error
+}
+
+// OnTextMessageRequest is the request provided when a text message is received.
+type OnTextMessageRequest struct {
+	// ConnectionID is the unique identifier for the WebSocket connection that received the message.
+	ConnectionID string `json:"connectionId"`
+	// Message is the text message content received from the WebSocket.
+	Message string `json:"message"`
+}
+
+// OnBinaryMessageRequest is the request provided when a binary message is received.
+type OnBinaryMessageRequest struct {
+	// ConnectionID is the unique identifier for the WebSocket connection that received the message.
+	ConnectionID string `json:"connectionId"`
+	// Data is the binary data received from the WebSocket, encoded as base64.
+	Data string `json:"data"`
+}
+
+// OnErrorRequest is the request provided when an error occurs on a WebSocket connection.
+type OnErrorRequest struct {
+	// ConnectionID is the unique identifier for the WebSocket connection where the error occurred.
+	ConnectionID string `json:"connectionId"`
+	// Error is the error message describing what went wrong.
+	Error string `json:"error"`
+}
+
+// OnCloseRequest is the request provided when a WebSocket connection is closed.
+type OnCloseRequest struct {
+	// ConnectionID is the unique identifier for the WebSocket connection that was closed.
+	ConnectionID string `json:"connectionId"`
+	// Code is the WebSocket close status code (e.g., 1000 for normal closure,
+	// 1001 for going away, 1006 for abnormal closure).
+	Code int32 `json:"code"`
+	// Reason is the human-readable reason for the connection closure, if provided.
+	Reason string `json:"reason"`
+}
--- a/plugins/capabilities/websocket_callback.yaml
+++ b/plugins/capabilities/websocket_callback.yaml
@@ -0,0 +1,79 @@
+version: v1-draft
+exports:
+    nd_websocket_on_text_message:
+        description: OnTextMessage is called when a text message is received on a WebSocket connection.
+        input:
+            $ref: '#/components/schemas/OnTextMessageRequest'
+            contentType: application/json
+    nd_websocket_on_binary_message:
+        description: OnBinaryMessage is called when a binary message is received on a WebSocket connection.
+        input:
+            $ref: '#/components/schemas/OnBinaryMessageRequest'
+            contentType: application/json
+    nd_websocket_on_error:
+        description: OnError is called when an error occurs on a WebSocket connection.
+        input:
+            $ref: '#/components/schemas/OnErrorRequest'
+            contentType: application/json
+    nd_websocket_on_close:
+        description: OnClose is called when a WebSocket connection is closed.
+        input:
+            $ref: '#/components/schemas/OnCloseRequest'
+            contentType: application/json
+components:
+    schemas:
+        OnBinaryMessageRequest:
+            description: OnBinaryMessageRequest is the request provided when a binary message is received.
+            properties:
+                connectionId:
+                    type: string
+                    description: ConnectionID is the unique identifier for the WebSocket connection that received the message.
+                data:
+                    type: string
+                    description: Data is the binary data received from the WebSocket, encoded as base64.
+            required:
+                - connectionId
+                - data
+        OnCloseRequest:
+            description: OnCloseRequest is the request provided when a WebSocket connection is closed.
+            properties:
+                connectionId:
+                    type: string
+                    description: ConnectionID is the unique identifier for the WebSocket connection that was closed.
+                code:
+                    type: integer
+                    format: int32
+                    description: |-
+                        Code is the WebSocket close status code (e.g., 1000 for normal closure,
+                        1001 for going away, 1006 for abnormal closure).
+                reason:
+                    type: string
+                    description: Reason is the human-readable reason for the connection closure, if provided.
+            required:
+                - connectionId
+                - code
+                - reason
+        OnErrorRequest:
+            description: OnErrorRequest is the request provided when an error occurs on a WebSocket connection.
+            properties:
+                connectionId:
+                    type: string
+                    description: ConnectionID is the unique identifier for the WebSocket connection where the error occurred.
+                error:
+                    type: string
+                    description: Error is the error message describing what went wrong.
+            required:
+                - connectionId
+                - error
+        OnTextMessageRequest:
+            description: OnTextMessageRequest is the request provided when a text message is received.
+            properties:
+                connectionId:
+                    type: string
+                    description: ConnectionID is the unique identifier for the WebSocket connection that received the message.
+                message:
+                    type: string
+                    description: Message is the text message content received from the WebSocket.
+            required:
+                - connectionId
+                - message
--- a/plugins/capabilities_test.go
+++ b/plugins/capabilities_test.go
@@ -0,0 +1,81 @@
+package plugins
+
+import (
+	. "github.com/onsi/ginkgo/v2"
+	. "github.com/onsi/gomega"
+)
+
+// mockFunctionChecker implements functionExistsChecker for testing
+type mockFunctionChecker struct {
+	functions map[string]bool
+}
+
+func (m *mockFunctionChecker) FunctionExists(name string) bool {
+	return m.functions[name]
+}
+
+var _ = Describe("Capabilities", func() {
+	Describe("detectCapabilities", func() {
+		It("detects MetadataAgent capability when plugin exports artist biography function", func() {
+			checker := &mockFunctionChecker{
+				functions: map[string]bool{
+					FuncGetArtistBiography: true,
+				},
+			}
+
+			caps := detectCapabilities(checker)
+			Expect(caps).To(ContainElement(CapabilityMetadataAgent))
+		})
+
+		It("detects MetadataAgent capability when plugin exports multiple functions", func() {
+			checker := &mockFunctionChecker{
+				functions: map[string]bool{
+					FuncGetArtistMBID:  true,
+					FuncGetArtistURL:   true,
+					FuncGetAlbumInfo:   true,
+					FuncGetAlbumImages: true,
+				},
+			}
+
+			caps := detectCapabilities(checker)
+			Expect(caps).To(ContainElement(CapabilityMetadataAgent))
+			Expect(caps).To(HaveLen(1)) // Should only have one MetadataAgent capability
+		})
+
+		It("returns empty slice when no capability functions are exported", func() {
+			checker := &mockFunctionChecker{
+				functions: map[string]bool{
+					"some_other_function": true,
+				},
+			}
+
+			caps := detectCapabilities(checker)
+			Expect(caps).To(BeEmpty())
+		})
+
+		It("returns empty slice when plugin exports no functions", func() {
+			checker := &mockFunctionChecker{
+				functions: map[string]bool{},
+			}
+
+			caps := detectCapabilities(checker)
+			Expect(caps).To(BeEmpty())
+		})
+	})
+
+	Describe("hasCapability", func() {
+		It("returns true when capability exists", func() {
+			caps := []Capability{CapabilityMetadataAgent}
+			Expect(hasCapability(caps, CapabilityMetadataAgent)).To(BeTrue())
+		})
+
+		It("returns false when capability does not exist", func() {
+			var caps []Capability
+			Expect(hasCapability(caps, CapabilityMetadataAgent)).To(BeFalse())
+		})
+
+		It("returns false when capabilities slice is nil", func() {
+			Expect(hasCapability(nil, CapabilityMetadataAgent)).To(BeFalse())
+		})
+	})
+})
--- a/plugins/capability_lifecycle.go
+++ b/plugins/capability_lifecycle.go
@@ -0,0 +1,38 @@
+package plugins
+
+import (
+	"context"
+
+	"github.com/navidrome/navidrome/log"
+)
+
+// CapabilityLifecycle indicates the plugin has lifecycle callback functions.
+// Detected when the plugin exports the nd_on_init function.
+const CapabilityLifecycle Capability = "Lifecycle"
+
+const FuncOnInit = "nd_on_init"
+
+func init() {
+	registerCapability(
+		CapabilityLifecycle,
+		FuncOnInit,
+	)
+}
+
+// callPluginInit calls the plugin's nd_on_init function if it has the Lifecycle capability.
+// This is called after the plugin is fully loaded with all services registered.
+func callPluginInit(ctx context.Context, instance *plugin) {
+	if !hasCapability(instance.capabilities, CapabilityLifecycle) {
+		return
+	}
+
+	log.Debug(ctx, "Calling plugin init function", "plugin", instance.name)
+
+	err := callPluginFunctionNoInput(ctx, instance, FuncOnInit)
+	if err != nil {
+		log.Error(ctx, "Plugin init function failed", "plugin", instance.name, err)
+		return
+	}
+
+	log.Debug(ctx, "Plugin init function completed", "plugin", instance.name)
+}
--- a/plugins/cmd/ndpgen/README.md
+++ b/plugins/cmd/ndpgen/README.md
@@ -0,0 +1,198 @@
+# ndpgen
+
+Navidrome Plugin Development Kit (PDK) code generator. It reads Go interface definitions with special annotations and generates client wrappers for WASM plugins.
+
+This tool is the unified code generator that handle both host function wrappers and capability wrappers.
+
+## Usage
+
+```bash
+ndpgen -input <dir> -output <dir> [-package <name>] [-v] [-dry-run] [-host-only] [-go] [-python] [-rust]
+```
+
+### Flags
+
+| Flag         | Description                                                    | Default              |
+|--------------|----------------------------------------------------------------|----------------------|
+| `-input`     | Directory containing Go source files with annotated interfaces | Required             |
+| `-output`    | Directory where generated files will be written                | Same as input        |
+| `-package`   | Package name for generated files                               | Inferred from output |
+| `-v`         | Verbose output                                                 | `false`              |
+| `-dry-run`   | Parse and validate without writing files                       | `false`              |
+| `-host-only` | Generate only host function wrappers (capability support TBD)  | `true`               |
+| `-go`        | Generate Go client wrappers                                    | `true`*              |
+| `-python`    | Generate Python client wrappers                                | `false`              |
+| `-rust`      | Generate Rust client wrappers                                  | `false`              |
+
+\* `-go` is enabled by default when neither `-python` nor `-rust` is specified. Use combinations like `-go -python -rust` to generate multiple languages.
+
+### Example
+
+```bash
+go run ./plugins/cmd/ndpgen \
+  -input ./plugins/host \
+  -output ./plugins/pdk
+```
+
+## Annotations
+
+### `//nd:hostservice`
+
+Marks an interface as a host service that will have wrappers generated.
+
+```go
+//nd:hostservice name=<ServiceName> permission=<permission>
+type MyService interface { ... }
+```
+
+| Parameter    | Description                                                     | Required |
+|--------------|-----------------------------------------------------------------|----------|
+| `name`       | Service name used in generated type names and function prefixes | Yes      |
+| `permission` | Permission required by plugins to use this service              | Yes      |
+
+### `//nd:hostfunc`
+
+Marks a method within a host service interface for export to plugins.
+
+```go
+//nd:hostfunc [name=<export_name>]
+MethodName(ctx context.Context, ...) (result Type, err error)
+```
+
+| Parameter | Description                                                             | Required |
+|-----------|-------------------------------------------------------------------------|----------|
+| `name`    | Custom export name (default: `<servicename>_<methodname>` in lowercase) | No       |
+
+## Input Format
+
+Host service interfaces must follow these conventions:
+
+1. **First parameter must be `context.Context`** - Required for all methods
+2. **Last return value should be `error`** - For proper error handling
+3. **Annotations must be on consecutive lines** - No blank comment lines between doc and annotation
+
+### Example Interface
+
+```go
+package host
+
+import "context"
+
+// SubsonicAPIService provides access to Navidrome's Subsonic API.
+// This documentation becomes part of the generated code.
+//nd:hostservice name=SubsonicAPI permission=subsonicapi
+type SubsonicAPIService interface {
+    // Call executes a Subsonic API request and returns the response.
+    //nd:hostfunc
+    Call(ctx context.Context, uri string) (response string, err error)
+}
+```
+
+## Generated Output
+
+### Go Client Library (Go/TinyGo WASM)
+
+Generated files are named `nd_host_<servicename>.go` (lowercase) and placed in `$output/go/host/`. The `$output/go/` directory becomes a complete Go module (`github.com/navidrome/navidrome/plugins/pdk/go`) with package name `host`, intended for import by Navidrome plugins built with TinyGo.
+
+The generator creates:
+- `nd_host_<servicename>.go` - Client wrapper code (WASM build)
+- `nd_host_<servicename>_stub.go` - Mock implementations for non-WASM platforms (testing)
+- `doc.go` - Package documentation listing all available services
+- `go.mod` - Go module file with required dependencies
+
+Each service file includes:
+
+- `// Code generated by ndpgen. DO NOT EDIT.` header
+- Required imports (`encoding/json`, `errors`, `github.com/extism/go-pdk`)
+- `//go:wasmimport` declarations for each host function
+- Response struct types and any struct definitions from the service
+- Wrapper functions that handle memory allocation and JSON parsing
+
+### Testing Plugins with Mocks
+
+The stub files (`*_stub.go`) contain [testify/mock](https://github.com/stretchr/testify) implementations that allow plugin authors to unit test their code on non-WASM platforms.
+
+Each host service has:
+- A private mock struct embedding `mock.Mock`
+- An exported auto-instantiated mock instance (e.g., `host.CacheMock`, `host.ArtworkMock`)
+- Wrapper functions that delegate to the mock
+
+**Example: Testing a plugin that uses the Cache service**
+
+```go
+package myplugin
+
+import (
+    "testing"
+    
+    "github.com/navidrome/navidrome/plugins/pdk/go/host"
+)
+
+func TestMyPluginFunction(t *testing.T) {
+    // Set expectations on the mock
+    host.CacheMock.On("GetString", "my-key").Return("cached-value", true, nil)
+    host.CacheMock.On("SetString", "new-key", "new-value", int64(3600)).Return(nil)
+    
+    // Call your plugin code that uses host.CacheGetString and host.CacheSetString
+    result := myPluginFunction()
+    
+    // Assert the result
+    if result != "expected" {
+        t.Errorf("unexpected result: %s", result)
+    }
+    
+    // Verify all expected calls were made
+    host.CacheMock.AssertExpectations(t)
+}
+```
+
+**Resetting mocks between tests:**
+
+If you need to reset mock state between tests, testify's mock doesn't have a built-in reset. Either use separate test functions (testify automatically resets between test runs), or create a helper to set up fresh expectations.
+
+### Python Client Library
+
+When using `-python`, Python client files are generated in a `python/` subdirectory.
+
+### Rust Client Library
+
+When using `-rust`, Rust client files are generated in a `rust/` subdirectory.
+
+## Supported Types
+
+ndpgen supports these Go types in method signatures:
+
+| Type                          | JSON Representation                      |
+|-------------------------------|------------------------------------------|
+| `string`, `int`, `bool`, etc. | Native JSON types                        |
+| `[]T` (slices)                | JSON arrays                              |
+| `map[K]V` (maps)              | JSON objects                             |
+| `*T` (pointers)               | Nullable fields                          |
+| `interface{}` / `any`         | Converts to `any`                        |
+| Custom structs                | JSON objects (must be JSON-serializable) |
+
+### Multiple Return Values
+
+Methods can return multiple values (plus error):
+
+```go
+//nd:hostfunc
+Search(ctx context.Context, query string) (results []string, total int, hasMore bool, err error)
+```
+
+Generates:
+
+```go
+type ServiceSearchResponse struct {
+    Results []string `json:"results,omitempty"`
+    Total   int      `json:"total,omitempty"`
+    HasMore bool     `json:"hasMore,omitempty"`
+    Error   string   `json:"error,omitempty"`
+}
+```
+
+## Running Tests
+
+```bash
+go test ./plugins/cmd/ndpgen/...
+```
--- a/plugins/cmd/ndpgen/go.mod
+++ b/plugins/cmd/ndpgen/go.mod
@@ -0,0 +1,23 @@
+module github.com/navidrome/navidrome/plugins/cmd/ndpgen
+
+go 1.25
+
+require (
+	github.com/onsi/ginkgo/v2 v2.22.2
+	github.com/onsi/gomega v1.36.2
+	github.com/xeipuuv/gojsonschema v1.2.0
+	gopkg.in/yaml.v3 v3.0.1
+)
+
+require (
+	github.com/go-logr/logr v1.4.2 // indirect
+	github.com/go-task/slim-sprig/v3 v3.0.0 // indirect
+	github.com/google/go-cmp v0.6.0 // indirect
+	github.com/google/pprof v0.0.0-20241210010833-40e02aabc2ad // indirect
+	github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
+	github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
+	golang.org/x/net v0.33.0 // indirect
+	golang.org/x/sys v0.28.0 // indirect
+	golang.org/x/text v0.21.0 // indirect
+	golang.org/x/tools v0.28.0 // indirect
+)
--- a/Show More
+++ b/Show More