refactor: update mock playlist repository and tests for consistency

Signed-off-by: Deluan <deluan@navidrome.org>
refactor: rename New function to NewPlaylists for clarity
2026-02-15 01:11:20 -05:00 · 2026-02-11 23:19:15 -05:00 · 2026-02-11 22:47:18 -05:00 · 2026-02-11 21:38:29 -05:00 · 2026-02-11 14:21:57 -05:00 · 2026-02-11 14:20:18 -05:00
206 changed files with 7919 additions and 1295 deletions
--- a/.dockerignore
+++ b/.dockerignore
@@ -15,4 +15,5 @@ dist
 binaries
 cache
 music
+music.old
 !Dockerfile
--- a/.gitignore
+++ b/.gitignore
@@ -20,6 +20,7 @@ cache/*
 coverage.out
 dist
 music
+music.old
 *.db*
 .gitinfo
 docker-compose.yml
--- a/2
+++ b/2
@@ -20,7 +20,7 @@ DOCKER_TAG ?= deluan/navidrome:develop

 # Taglib version to use in cross-compilation, from https://github.com/navidrome/cross-taglib
 CROSS_TAGLIB_VERSION ?= 2.1.1-2
-GOLANGCI_LINT_VERSION ?= v2.8.0
+GOLANGCI_LINT_VERSION ?= v2.9.0

 UI_SRC_FILES := $(shell find ui -type f -not -path "ui/build/*" -not -path "ui/node_modules/*")

--- a/adapters/deezer/client_auth_test.go
+++ b/adapters/deezer/client_auth_test.go
@@ -252,7 +252,7 @@ var _ = Describe("JWT Authentication", func() {

 			// Writer goroutine
 			wg.Go(func() {
-				for i := 0; i < 100; i++ {
+				for i := range 100 {
 					cache.set(fmt.Sprintf("token-%d", i), 1*time.Hour)
 					time.Sleep(1 * time.Millisecond)
 				}
@@ -260,7 +260,7 @@ var _ = Describe("JWT Authentication", func() {

 			// Reader goroutine
 			wg.Go(func() {
-				for i := 0; i < 100; i++ {
+				for range 100 {
 					cache.get()
 					time.Sleep(1 * time.Millisecond)
 				}
--- a/adapters/gotaglib/gotaglib.go
+++ b/adapters/gotaglib/gotaglib.go
@@ -13,12 +13,15 @@ package gotaglib

 import (
 	"errors"
+	"fmt"
 	"io"
 	"io/fs"
+	"runtime/debug"
 	"strings"
 	"time"

 	"github.com/navidrome/navidrome/core/storage/local"
+	"github.com/navidrome/navidrome/log"
 	"github.com/navidrome/navidrome/model/metadata"
 	"go.senan.xyz/taglib"
 )
@@ -46,6 +49,7 @@ func (e extractor) Version() string {
 func (e extractor) extractMetadata(filePath string) (*metadata.Info, error) {
 	f, close, err := e.openFile(filePath)
 	if err != nil {
+		log.Warn("gotaglib: Error reading metadata from file. Skipping", "filePath", filePath, err)
 		return nil, err
 	}
 	defer close()
@@ -94,7 +98,17 @@ func (e extractor) extractMetadata(filePath string) (*metadata.Info, error) {

 // openFile opens the file at filePath using the extractor's filesystem.
 // It returns a TagLib File handle and a cleanup function to close resources.
-func (e extractor) openFile(filePath string) (*taglib.File, func(), error) {
+func (e extractor) openFile(filePath string) (f *taglib.File, closeFunc func(), err error) {
+	// Recover from panics in the WASM runtime (e.g., wazero failing to mmap executable memory
+	// on hardened systems like NixOS with MemoryDenyWriteExecute=true)
+	debug.SetPanicOnFault(true)
+	defer func() {
+		if r := recover(); r != nil {
+			log.Error("WASM runtime panic: This may be caused by a hardened system that blocks executable memory mapping.", "file", filePath, "panic", r)
+			err = fmt.Errorf("WASM runtime panic (hardened system?): %v", r)
+		}
+	}()
+
 	// Open the file from the filesystem
 	file, err := e.fs.Open(filePath)
 	if err != nil {
@@ -105,12 +119,17 @@ func (e extractor) openFile(filePath string) (*taglib.File, func(), error) {
 		file.Close()
 		return nil, nil, errors.New("file is not seekable")
 	}
-	f, err := taglib.OpenStream(rs, taglib.WithReadStyle(taglib.ReadStyleFast))
+	// WithFilename provides a format detection hint via the file extension,
+	// since OpenStream alone relies on content-sniffing which fails for some files.
+	f, err = taglib.OpenStream(rs,
+		taglib.WithReadStyle(taglib.ReadStyleFast),
+		taglib.WithFilename(filePath),
+	)
 	if err != nil {
 		file.Close()
 		return nil, nil, err
 	}
-	closeFunc := func() {
+	closeFunc = func() {
 		f.Close()
 		file.Close()
 	}
@@ -241,7 +260,7 @@ func parseTIPL(tags map[string][]string) {
 	}
 	var currentRole string
 	var currentValue []string
-	for _, part := range strings.Split(tipl[0], " ") {
+	for part := range strings.SplitSeq(tipl[0], " ") {
 		if _, ok := tiplMapping[part]; ok {
 			addRole(currentRole, currentValue)
 			currentRole = part
--- a/adapters/gotaglib/gotaglib_test.go
+++ b/adapters/gotaglib/gotaglib_test.go
@@ -173,6 +173,9 @@ var _ = Describe("Extractor", func() {
 			Entry("correctly parses m4a (aac) gain tags (uppercase)", "test.m4a", "1.04s", 2, 44100, 16, "0.37", "0.48", "0.37", "0.48", false, true),
 			Entry("correctly parses ogg (vorbis) tags", "test.ogg", "1.04s", 2, 8000, 0, "+7.64 dB", "0.11772506", "+7.64 dB", "0.11772506", false, true),

+			// ffmpeg -f lavfi -i "sine=frequency=1100:duration=1" -c:a libopus test.opus (tags added via mutagen)
+			Entry("correctly parses opus tags (#4998)", "test.opus", "1s", 1, 48000, 0, "+5.12 dB", "0.11345678", "+5.12 dB", "0.11345678", false, true),
+
 			// ffmpeg -f lavfi -i "sine=frequency=900:duration=1" test.wma
 			// Weird note: for the tag parsing to work, the lyrics are actually stored in the reverse order
 			Entry("correctly parses wma/asf tags", "test.wma", "1.02s", 1, 44100, 16, "3.27 dB", "0.132914", "3.27 dB", "0.132914", false, true),
--- a/adapters/lastfm/agent.go
+++ b/adapters/lastfm/agent.go
@@ -31,6 +31,12 @@ var ignoredContent = []string{
 	`<a href="https://www.last.fm/music/`,
 }

+var lastFMReadMoreRegex = regexp.MustCompile(`\s*<a href="https://www\.last\.fm/music/[^"]*">Read more on Last\.fm</a>\.?`)
+
+func cleanContent(content string) string {
+	return strings.TrimSpace(lastFMReadMoreRegex.ReplaceAllString(content, ""))
+}
+
 type lastfmAgent struct {
 	ds           model.DataStore
 	sessionKeys  *agents.SessionKeys
@@ -95,7 +101,7 @@ func (l *lastfmAgent) GetAlbumInfo(ctx context.Context, name, artist, mbid strin
 		resp.MBID = a.MBID
 		resp.URL = a.URL
 		if isValidContent(a.Description.Summary) {
-			resp.Description = strings.TrimSpace(a.Description.Summary)
+			resp.Description = cleanContent(a.Description.Summary)
 			return &resp, nil
 		}
 		log.Debug(ctx, "LastFM/album.getInfo returned empty/ignored description, trying next language", "album", name, "artist", artist, "lang", lang)
@@ -171,7 +177,7 @@ func (l *lastfmAgent) GetArtistBiography(ctx context.Context, id, name, mbid str
 			return "", err
 		}
 		if isValidContent(a.Bio.Summary) {
-			return strings.TrimSpace(a.Bio.Summary), nil
+			return cleanContent(a.Bio.Summary), nil
 		}
 		log.Debug(ctx, "LastFM/artist.getInfo returned empty/ignored biography, trying next language", "artist", name, "lang", lang)
 	}
--- a/adapters/lastfm/agent_test.go
+++ b/adapters/lastfm/agent_test.go
@@ -80,7 +80,7 @@ var _ = Describe("lastfmAgent", func() {
 		It("returns the biography", func() {
 			f, _ := os.Open("tests/fixtures/lastfm.artist.getinfo.json")
 			httpClient.Res = http.Response{Body: f, StatusCode: 200}
-			Expect(agent.GetArtistBiography(ctx, "123", "U2", "")).To(Equal("U2 é uma das mais importantes bandas de rock de todos os tempos. Formada em 1976 em Dublin, composta por Bono (vocalista  e guitarrista), The Edge (guitarrista, pianista e backing vocal), Adam Clayton (baixista), Larry Mullen, Jr. (baterista e percussionista).\n\nDesde a década de 80, U2 é uma das bandas mais populares no mundo. Seus shows são únicos e um verdadeiro festival de efeitos especiais, além de serem um dos que mais arrecadam anualmente. <a href=\"https://www.last.fm/music/U2\">Read more on Last.fm</a>"))
+			Expect(agent.GetArtistBiography(ctx, "123", "U2", "")).To(Equal("U2 é uma das mais importantes bandas de rock de todos os tempos. Formada em 1976 em Dublin, composta por Bono (vocalista  e guitarrista), The Edge (guitarrista, pianista e backing vocal), Adam Clayton (baixista), Larry Mullen, Jr. (baterista e percussionista).\n\nDesde a década de 80, U2 é uma das bandas mais populares no mundo. Seus shows são únicos e um verdadeiro festival de efeitos especiais, além de serem um dos que mais arrecadam anualmente."))
 			Expect(httpClient.RequestCount).To(Equal(1))
 			Expect(httpClient.SavedRequest.URL.Query().Get("artist")).To(Equal("U2"))
 		})
@@ -535,7 +535,7 @@ var _ = Describe("lastfmAgent", func() {
 			Expect(agent.GetAlbumInfo(ctx, "Believe", "Cher", "03c91c40-49a6-44a7-90e7-a700edf97a62")).To(Equal(&agents.AlbumInfo{
 				Name:        "Believe",
 				MBID:        "03c91c40-49a6-44a7-90e7-a700edf97a62",
-				Description: "Believe is the twenty-third studio album by American singer-actress Cher, released on November 10, 1998 by Warner Bros. Records. The RIAA certified it Quadruple Platinum on December 23, 1999, recognizing four million shipments in the United States; Worldwide, the album has sold more than 20 million copies, making it the biggest-selling album of her career. In 1999 the album received three Grammy Awards nominations including \"Record of the Year\", \"Best Pop Album\" and winning \"Best Dance Recording\" for the single \"Believe\". It was released by Warner Bros. Records at the end of 1998. The album was executive produced by Rob <a href=\"https://www.last.fm/music/Cher/Believe\">Read more on Last.fm</a>.",
+				Description: "Believe is the twenty-third studio album by American singer-actress Cher, released on November 10, 1998 by Warner Bros. Records. The RIAA certified it Quadruple Platinum on December 23, 1999, recognizing four million shipments in the United States; Worldwide, the album has sold more than 20 million copies, making it the biggest-selling album of her career. In 1999 the album received three Grammy Awards nominations including \"Record of the Year\", \"Best Pop Album\" and winning \"Best Dance Recording\" for the single \"Believe\". It was released by Warner Bros. Records at the end of 1998. The album was executive produced by Rob",
 				URL:         "https://www.last.fm/music/Cher/Believe",
 			}))
 			Expect(httpClient.RequestCount).To(Equal(1))
--- a/adapters/lastfm/auth_router.go
+++ b/adapters/lastfm/auth_router.go
@@ -65,7 +65,7 @@ func (s *Router) routes() http.Handler {
 }

 func (s *Router) getLinkStatus(w http.ResponseWriter, r *http.Request) {
-	resp := map[string]interface{}{
+	resp := map[string]any{
 		"apiKey": s.apiKey,
 	}
 	u, _ := request.UserFrom(r.Context())
--- a/adapters/listenbrainz/agent.go
+++ b/adapters/listenbrainz/agent.go
@@ -118,12 +118,129 @@ func (l *listenBrainzAgent) IsAuthorized(ctx context.Context, userId string) boo
 	return err == nil && sk != ""
 }

+func (l *listenBrainzAgent) GetArtistURL(ctx context.Context, id, name, mbid string) (string, error) {
+	if mbid == "" {
+		return "", agents.ErrNotFound
+	}
+
+	url, err := l.client.getArtistUrl(ctx, mbid)
+	if err != nil {
+		return "", err
+	}
+	return url, nil
+}
+
+func (l *listenBrainzAgent) GetArtistTopSongs(ctx context.Context, id, artistName, mbid string, count int) ([]agents.Song, error) {
+	resp, err := l.client.getArtistTopSongs(ctx, mbid, count)
+	if err != nil {
+		return nil, err
+	}
+	if len(resp) == 0 {
+		return nil, agents.ErrNotFound
+	}
+
+	res := make([]agents.Song, len(resp))
+	for i, t := range resp {
+		mbid := ""
+		if len(t.ArtistMBIDs) > 0 {
+			mbid = t.ArtistMBIDs[0]
+		}
+
+		res[i] = agents.Song{
+			Album:      t.ReleaseName,
+			AlbumMBID:  t.ReleaseMBID,
+			Artist:     t.ArtistName,
+			ArtistMBID: mbid,
+			Duration:   t.DurationMs,
+			Name:       t.RecordingName,
+			MBID:       t.RecordingMbid,
+		}
+	}
+	return res, nil
+}
+
+func (l *listenBrainzAgent) GetSimilarArtists(ctx context.Context, id string, name string, mbid string, limit int) ([]agents.Artist, error) {
+	if mbid == "" {
+		return nil, agents.ErrNotFound
+	}
+
+	resp, err := l.client.getSimilarArtists(ctx, mbid, limit)
+	if err != nil {
+		return nil, err
+	}
+
+	if len(resp) == 0 {
+		return nil, agents.ErrNotFound
+	}
+
+	artists := make([]agents.Artist, len(resp))
+	for i, artist := range resp {
+		artists[i] = agents.Artist{
+			MBID: artist.MBID,
+			Name: artist.Name,
+		}
+	}
+
+	return artists, nil
+}
+
+func (l *listenBrainzAgent) GetSimilarSongsByTrack(ctx context.Context, id string, name string, artist string, mbid string, limit int) ([]agents.Song, error) {
+	if mbid == "" {
+		return nil, agents.ErrNotFound
+	}
+
+	resp, err := l.client.getSimilarRecordings(ctx, mbid, limit)
+	if err != nil {
+		return nil, err
+	}
+
+	if len(resp) == 0 {
+		return nil, agents.ErrNotFound
+	}
+
+	songs := make([]agents.Song, len(resp))
+	for i, song := range resp {
+		songs[i] = agents.Song{
+			Album:     song.ReleaseName,
+			AlbumMBID: song.ReleaseMBID,
+			Artist:    song.Artist,
+			MBID:      song.MBID,
+			Name:      song.Name,
+		}
+	}
+
+	return songs, nil
+}
+
 func init() {
 	conf.AddHook(func() {
 		if conf.Server.ListenBrainz.Enabled {
 			scrobbler.Register(listenBrainzAgentName, func(ds model.DataStore) scrobbler.Scrobbler {
-				return listenBrainzConstructor(ds)
+				// This is a workaround for the fact that a (Interface)(nil) is not the same as a (*listenBrainzAgent)(nil)
+				// See https://go.dev/doc/faq#nil_error
+				a := listenBrainzConstructor(ds)
+				if a != nil {
+					return a
+				}
+				return nil
+			})
+
+			agents.Register(listenBrainzAgentName, func(ds model.DataStore) agents.Interface {
+				// This is a workaround for the fact that a (Interface)(nil) is not the same as a (*listenBrainzAgent)(nil)
+				// See https://go.dev/doc/faq#nil_error
+				a := listenBrainzConstructor(ds)
+				if a != nil {
+					return a
+				}
+				return nil
 			})
 		}
 	})
 }
+
+var (
+	_ agents.ArtistTopSongsRetriever      = (*listenBrainzAgent)(nil)
+	_ agents.ArtistURLRetriever           = (*listenBrainzAgent)(nil)
+	_ agents.ArtistSimilarRetriever       = (*listenBrainzAgent)(nil)
+	_ agents.SimilarSongsByTrackRetriever = (*listenBrainzAgent)(nil)
+)
--- a/adapters/listenbrainz/agent_test.go
+++ b/adapters/listenbrainz/agent_test.go
@@ -4,11 +4,14 @@ import (
 	"bytes"
 	"context"
 	"encoding/json"
+	"errors"
 	"io"
 	"net/http"
+	"os"
 	"time"

 	"github.com/navidrome/navidrome/consts"
+	"github.com/navidrome/navidrome/core/agents"
 	"github.com/navidrome/navidrome/core/scrobbler"
 	"github.com/navidrome/navidrome/model"
 	"github.com/navidrome/navidrome/tests"
@@ -162,4 +165,279 @@ var _ = Describe("listenBrainzAgent", func() {
 			Expect(err).To(MatchError(scrobbler.ErrUnrecoverable))
 		})
 	})
+
+	Describe("GetArtistUrl", func() {
+		var agent *listenBrainzAgent
+		var httpClient *tests.FakeHttpClient
+		BeforeEach(func() {
+			httpClient = &tests.FakeHttpClient{}
+			client := newClient("BASE_URL", httpClient)
+			agent = listenBrainzConstructor(ds)
+			agent.client = client
+		})
+
+		It("returns artist url when MBID present", func() {
+			f, _ := os.Open("tests/fixtures/listenbrainz.artist.metadata.homepage.json")
+			httpClient.Res = http.Response{Body: f, StatusCode: 200}
+			Expect(agent.GetArtistURL(ctx, "", "", "d2a92ee2-27ce-4e71-bfc5-12e34fe8ef56")).To(Equal("http://projectmili.com/"))
+			Expect(httpClient.RequestCount).To(Equal(1))
+			Expect(httpClient.SavedRequest.URL.Query().Get("artist_mbids")).To(Equal("d2a92ee2-27ce-4e71-bfc5-12e34fe8ef56"))
+		})
+
+		It("returns error when url not present", func() {
+			f, _ := os.Open("tests/fixtures/listenbrainz.artist.metadata.no_homepage.json")
+			httpClient.Res = http.Response{Body: f, StatusCode: 200}
+			_, err := agent.GetArtistURL(ctx, "", "", "7c2cc610-f998-43ef-a08f-dae3344b8973")
+			Expect(err).To(HaveOccurred())
+			Expect(httpClient.RequestCount).To(Equal(1))
+			Expect(httpClient.SavedRequest.URL.Query().Get("artist_mbids")).To(Equal("7c2cc610-f998-43ef-a08f-dae3344b8973"))
+		})
+
+		It("returns error when fetch calls fails", func() {
+			httpClient.Err = errors.New("error")
+			_, err := agent.GetArtistURL(ctx, "", "", "7c2cc610-f998-43ef-a08f-dae3344b8973")
+			Expect(err).To(HaveOccurred())
+			Expect(httpClient.RequestCount).To(Equal(1))
+			Expect(httpClient.SavedRequest.URL.Query().Get("artist_mbids")).To(Equal("7c2cc610-f998-43ef-a08f-dae3344b8973"))
+		})
+
+		It("returns error when ListenBrainz returns an error", func() {
+			httpClient.Res = http.Response{
+				Body:       io.NopCloser(bytes.NewBufferString(`{"code": 400,"error": "artist mbid 1 is not valid."}`)),
+				StatusCode: 400,
+			}
+			_, err := agent.GetArtistURL(ctx, "", "", "7c2cc610-f998-43ef-a08f-dae3344b8973")
+			Expect(err).To(HaveOccurred())
+			Expect(httpClient.RequestCount).To(Equal(1))
+			Expect(httpClient.SavedRequest.URL.Query().Get("artist_mbids")).To(Equal("7c2cc610-f998-43ef-a08f-dae3344b8973"))
+		})
+	})
+
+	Describe("GetTopSongs", func() {
+		var agent *listenBrainzAgent
+		var httpClient *tests.FakeHttpClient
+		BeforeEach(func() {
+			httpClient = &tests.FakeHttpClient{}
+			client := newClient("BASE_URL", httpClient)
+			agent = listenBrainzConstructor(ds)
+			agent.client = client
+		})
+
+		It("returns error when fetch calls", func() {
+			httpClient.Err = errors.New("error")
+			_, err := agent.GetArtistTopSongs(ctx, "", "", "d2a92ee2-27ce-4e71-bfc5-12e34fe8ef56", 1)
+			Expect(err).To(HaveOccurred())
+			Expect(httpClient.RequestCount).To(Equal(1))
+			Expect(httpClient.SavedRequest.URL.Path).To(Equal("/1/popularity/top-recordings-for-artist/d2a92ee2-27ce-4e71-bfc5-12e34fe8ef56"))
+		})
+
+		It("returns an error on listenbrainz error", func() {
+			httpClient.Res = http.Response{
+				Body:       io.NopCloser(bytes.NewBufferString(`{"code":400,"error":"artist_mbid: '1' is not a valid uuid"}`)),
+				StatusCode: 400,
+			}
+			_, err := agent.GetArtistTopSongs(ctx, "", "", "1", 1)
+			Expect(err).To(HaveOccurred())
+			Expect(httpClient.RequestCount).To(Equal(1))
+			Expect(httpClient.SavedRequest.URL.Path).To(Equal("/1/popularity/top-recordings-for-artist/1"))
+		})
+
+		It("returns all tracks when asked", func() {
+			f, _ := os.Open("tests/fixtures/listenbrainz.popularity.json")
+			httpClient.Res = http.Response{Body: f, StatusCode: 200}
+			data, err := agent.GetArtistTopSongs(ctx, "", "", "d2a92ee2-27ce-4e71-bfc5-12e34fe8ef56", 2)
+			Expect(err).ToNot(HaveOccurred())
+			Expect(data).To(Equal([]agents.Song{
+				{
+					ID:         "",
+					Name:       "world.execute(me);",
+					MBID:       "9980309d-3480-4e7e-89ce-fce971a452be",
+					Artist:     "Mili",
+					ArtistMBID: "d2a92ee2-27ce-4e71-bfc5-12e34fe8ef56",
+					Album:      "Miracle Milk",
+					AlbumMBID:  "38a8f6e1-0e34-4418-a89d-78240a367408",
+					Duration:   211912,
+				},
+				{
+					ID:         "",
+					Name:       "String Theocracy",
+					MBID:       "afa2c83d-b17f-4029-b9da-790ea9250cf9",
+					Artist:     "Mili",
+					ArtistMBID: "d2a92ee2-27ce-4e71-bfc5-12e34fe8ef56",
+					Album:      "String Theocracy",
+					AlbumMBID:  "d79a38e3-7016-4f39-a31a-f495ce914b8e",
+					Duration:   174000,
+				},
+			}))
+		})
+
+		It("returns only one track when prompted", func() {
+			f, _ := os.Open("tests/fixtures/listenbrainz.popularity.json")
+			httpClient.Res = http.Response{Body: f, StatusCode: 200}
+			data, err := agent.GetArtistTopSongs(ctx, "", "", "d2a92ee2-27ce-4e71-bfc5-12e34fe8ef56", 1)
+			Expect(err).ToNot(HaveOccurred())
+			Expect(data).To(Equal([]agents.Song{
+				{
+					ID:         "",
+					Name:       "world.execute(me);",
+					MBID:       "9980309d-3480-4e7e-89ce-fce971a452be",
+					Artist:     "Mili",
+					ArtistMBID: "d2a92ee2-27ce-4e71-bfc5-12e34fe8ef56",
+					Album:      "Miracle Milk",
+					AlbumMBID:  "38a8f6e1-0e34-4418-a89d-78240a367408",
+					Duration:   211912,
+				},
+			}))
+		})
+	})
+
+	Describe("GetSimilarArtists", func() {
+		var agent *listenBrainzAgent
+		var httpClient *tests.FakeHttpClient
+		baseUrl := "https://labs.api.listenbrainz.org/similar-artists/json?algorithm=session_based_days_9000_session_300_contribution_5_threshold_15_limit_50_skip_30&artist_mbids="
+		mbid := "db92a151-1ac2-438b-bc43-b82e149ddd50"
+
+		BeforeEach(func() {
+			httpClient = &tests.FakeHttpClient{}
+			client := newClient("BASE_URL", httpClient)
+			agent = listenBrainzConstructor(ds)
+			agent.client = client
+		})
+
+		It("returns error when fetch calls", func() {
+			httpClient.Err = errors.New("error")
+			_, err := agent.GetSimilarArtists(ctx, "", "", mbid, 1)
+			Expect(err).To(HaveOccurred())
+			Expect(httpClient.RequestCount).To(Equal(1))
+			Expect(httpClient.SavedRequest.URL.String()).To(Equal(baseUrl + mbid))
+		})
+
+		It("returns an error on listenbrainz error", func() {
+			httpClient.Res = http.Response{
+				Body:       io.NopCloser(bytes.NewBufferString(`Bad request`)),
+				StatusCode: 400,
+			}
+			_, err := agent.GetSimilarArtists(ctx, "", "", "1", 1)
+			Expect(err).To(HaveOccurred())
+			Expect(httpClient.RequestCount).To(Equal(1))
+			Expect(httpClient.SavedRequest.URL.String()).To(Equal(baseUrl + "1"))
+		})
+
+		It("returns all data on call", func() {
+			f, _ := os.Open("tests/fixtures/listenbrainz.labs.similar-artists.json")
+			httpClient.Res = http.Response{Body: f, StatusCode: 200}
+
+			resp, err := agent.GetSimilarArtists(ctx, "", "", "db92a151-1ac2-438b-bc43-b82e149ddd50", 2)
+			Expect(err).ToNot(HaveOccurred())
+			Expect(httpClient.RequestCount).To(Equal(1))
+			Expect(httpClient.SavedRequest.URL.String()).To(Equal(baseUrl + mbid))
+			Expect(resp).To(Equal([]agents.Artist{
+				{MBID: "f27ec8db-af05-4f36-916e-3d57f91ecf5e", Name: "Michael Jackson"},
+				{MBID: "7364dea6-ca9a-48e3-be01-b44ad0d19897", Name: "a-ha"},
+			}))
+		})
+
+		It("returns subset of data on call", func() {
+			f, _ := os.Open("tests/fixtures/listenbrainz.labs.similar-artists.json")
+			httpClient.Res = http.Response{Body: f, StatusCode: 200}
+
+			resp, err := agent.GetSimilarArtists(ctx, "", "", "db92a151-1ac2-438b-bc43-b82e149ddd50", 1)
+			Expect(err).ToNot(HaveOccurred())
+			Expect(httpClient.RequestCount).To(Equal(1))
+			Expect(httpClient.SavedRequest.URL.String()).To(Equal(baseUrl + mbid))
+			Expect(resp).To(Equal([]agents.Artist{
+				{MBID: "f27ec8db-af05-4f36-916e-3d57f91ecf5e", Name: "Michael Jackson"},
+			}))
+		})
+	})
+
+	Describe("GetSimilarTracks", func() {
+		var agent *listenBrainzAgent
+		var httpClient *tests.FakeHttpClient
+		mbid := "8f3471b5-7e6a-48da-86a9-c1c07a0f47ae"
+		baseUrl := "https://labs.api.listenbrainz.org/similar-recordings/json?algorithm=session_based_days_9000_session_300_contribution_5_threshold_15_limit_50_skip_30&recording_mbids="
+
+		BeforeEach(func() {
+			httpClient = &tests.FakeHttpClient{}
+			client := newClient("BASE_URL", httpClient)
+			agent = listenBrainzConstructor(ds)
+			agent.client = client
+		})
+
+		It("returns error when fetch calls", func() {
+			httpClient.Err = errors.New("error")
+			_, err := agent.GetSimilarSongsByTrack(ctx, "", "", "", mbid, 1)
+			Expect(err).To(HaveOccurred())
+			Expect(httpClient.RequestCount).To(Equal(1))
+			Expect(httpClient.SavedRequest.URL.String()).To(Equal(baseUrl + mbid))
+		})
+
+		It("returns an error on listenbrainz error", func() {
+			httpClient.Res = http.Response{
+				Body:       io.NopCloser(bytes.NewBufferString(`Bad request`)),
+				StatusCode: 400,
+			}
+			_, err := agent.GetSimilarSongsByTrack(ctx, "", "", "", "1", 1)
+			Expect(err).To(HaveOccurred())
+			Expect(httpClient.RequestCount).To(Equal(1))
+			Expect(httpClient.SavedRequest.URL.String()).To(Equal(baseUrl + "1"))
+		})
+
+		It("returns all data on call", func() {
+			f, _ := os.Open("tests/fixtures/listenbrainz.labs.similar-recordings.json")
+			httpClient.Res = http.Response{Body: f, StatusCode: 200}
+
+			resp, err := agent.GetSimilarSongsByTrack(ctx, "", "", "", mbid, 2)
+			Expect(err).ToNot(HaveOccurred())
+			Expect(httpClient.RequestCount).To(Equal(1))
+			Expect(httpClient.SavedRequest.URL.String()).To(Equal(baseUrl + mbid))
+			Expect(resp).To(Equal([]agents.Song{
+				{
+					ID:         "",
+					Name:       "Take On Me",
+					MBID:       "12f65dca-de8f-43fe-a65d-f12a02aaadf3",
+					ISRC:       "",
+					Artist:     "a‐ha",
+					ArtistMBID: "",
+					Album:      "Hunting High and Low",
+					AlbumMBID:  "4ec07fe8-e7c6-3106-a0aa-fdf92f13f7fc",
+					Duration:   0,
+				},
+				{
+					ID:         "",
+					Name:       "Wake Me Up Before You Go‐Go",
+					MBID:       "80033c72-aa19-4ba8-9227-afb075fec46e",
+					ISRC:       "",
+					Artist:     "Wham!",
+					ArtistMBID: "",
+					Album:      "Make It Big",
+					AlbumMBID:  "c143d542-48dc-446b-b523-1762da721638",
+					Duration:   0,
+				},
+			}))
+		})
+
+		It("returns subset of data on call", func() {
+			f, _ := os.Open("tests/fixtures/listenbrainz.labs.similar-recordings.json")
+			httpClient.Res = http.Response{Body: f, StatusCode: 200}
+
+			resp, err := agent.GetSimilarSongsByTrack(ctx, "", "", "", mbid, 1)
+			Expect(err).ToNot(HaveOccurred())
+			Expect(httpClient.RequestCount).To(Equal(1))
+			Expect(httpClient.SavedRequest.URL.String()).To(Equal(baseUrl + mbid))
+			Expect(resp).To(Equal([]agents.Song{
+				{
+					ID:         "",
+					Name:       "Take On Me",
+					MBID:       "12f65dca-de8f-43fe-a65d-f12a02aaadf3",
+					ISRC:       "",
+					Artist:     "a‐ha",
+					ArtistMBID: "",
+					Album:      "Hunting High and Low",
+					AlbumMBID:  "4ec07fe8-e7c6-3106-a0aa-fdf92f13f7fc",
+					Duration:   0,
+				},
+			}))
+		})
+	})
 })
--- a/adapters/listenbrainz/auth_router.go
+++ b/adapters/listenbrainz/auth_router.go
@@ -60,7 +60,7 @@ func (s *Router) routes() http.Handler {
 }

 func (s *Router) getLinkStatus(w http.ResponseWriter, r *http.Request) {
-	resp := map[string]interface{}{}
+	resp := map[string]any{}
 	u, _ := request.UserFrom(r.Context())
 	key, err := s.sessionKeys.Get(r.Context(), u.ID)
 	if err != nil && !errors.Is(err, model.ErrNotFound) {
@@ -107,7 +107,7 @@ func (s *Router) link(w http.ResponseWriter, r *http.Request) {
 		return
 	}

-	_ = rest.RespondWithJSON(w, http.StatusOK, map[string]interface{}{"status": resp.Valid, "user": resp.UserName})
+	_ = rest.RespondWithJSON(w, http.StatusOK, map[string]any{"status": resp.Valid, "user": resp.UserName})
 }

 func (s *Router) unlink(w http.ResponseWriter, r *http.Request) {
--- a/adapters/listenbrainz/auth_router_test.go
+++ b/adapters/listenbrainz/auth_router_test.go
@@ -37,7 +37,7 @@ var _ = Describe("ListenBrainz Auth Router", func() {
 			req = httptest.NewRequest("GET", "/listenbrainz/link", nil)
 			r.getLinkStatus(resp, req)
 			Expect(resp.Code).To(Equal(http.StatusOK))
-			var parsed map[string]interface{}
+			var parsed map[string]any
 			Expect(json.Unmarshal(resp.Body.Bytes(), &parsed)).To(BeNil())
 			Expect(parsed["status"]).To(Equal(false))
 		})
@@ -47,7 +47,7 @@ var _ = Describe("ListenBrainz Auth Router", func() {
 			req = httptest.NewRequest("GET", "/listenbrainz/link", nil)
 			r.getLinkStatus(resp, req)
 			Expect(resp.Code).To(Equal(http.StatusOK))
-			var parsed map[string]interface{}
+			var parsed map[string]any
 			Expect(json.Unmarshal(resp.Body.Bytes(), &parsed)).To(BeNil())
 			Expect(parsed["status"]).To(Equal(true))
 		})
@@ -80,7 +80,7 @@ var _ = Describe("ListenBrainz Auth Router", func() {
 			req = httptest.NewRequest("PUT", "/listenbrainz/link", strings.NewReader(`{"token": "tok-1"}`))
 			r.link(resp, req)
 			Expect(resp.Code).To(Equal(http.StatusOK))
-			var parsed map[string]interface{}
+			var parsed map[string]any
 			Expect(json.Unmarshal(resp.Body.Bytes(), &parsed)).To(BeNil())
 			Expect(parsed["status"]).To(Equal(true))
 			Expect(parsed["user"]).To(Equal("ListenBrainzUser"))
--- a/adapters/listenbrainz/client.go
+++ b/adapters/listenbrainz/client.go
@@ -2,16 +2,29 @@ package listenbrainz

 import (
 	"bytes"
+	"cmp"
 	"context"
 	"encoding/json"
+	"errors"
 	"fmt"
 	"net/http"
 	"net/url"
 	"path"
+	"slices"

+	"github.com/navidrome/navidrome/conf"
 	"github.com/navidrome/navidrome/log"
 )

+const (
+	lbzApiUrl = "https://api.listenbrainz.org/1/"
+	labsBase  = "https://labs.api.listenbrainz.org/"
+)
+
+var (
+	ErrorNotFound = errors.New("listenbrainz: not found")
+)
+
 type listenBrainzError struct {
 	Code    int
 	Message string
@@ -62,14 +75,14 @@ const (

 type listenInfo struct {
 	ListenedAt    int           `json:"listened_at,omitempty"`
-	TrackMetadata trackMetadata `json:"track_metadata,omitempty"`
+	TrackMetadata trackMetadata `json:"track_metadata"`
 }

 type trackMetadata struct {
 	ArtistName     string         `json:"artist_name,omitempty"`
 	TrackName      string         `json:"track_name,omitempty"`
 	ReleaseName    string         `json:"release_name,omitempty"`
-	AdditionalInfo additionalInfo `json:"additional_info,omitempty"`
+	AdditionalInfo additionalInfo `json:"additional_info"`
 }

 type additionalInfo struct {
@@ -88,7 +101,7 @@ func (c *client) validateToken(ctx context.Context, apiKey string) (*listenBrain
 	r := &listenBrainzRequest{
 		ApiKey: apiKey,
 	}
-	response, err := c.makeRequest(ctx, http.MethodGet, "validate-token", r)
+	response, err := c.makeAuthenticatedRequest(ctx, http.MethodGet, "validate-token", r)
 	if err != nil {
 		return nil, err
 	}
@@ -104,7 +117,7 @@ func (c *client) updateNowPlaying(ctx context.Context, apiKey string, li listenI
 		},
 	}

-	resp, err := c.makeRequest(ctx, http.MethodPost, "submit-listens", r)
+	resp, err := c.makeAuthenticatedRequest(ctx, http.MethodPost, "submit-listens", r)
 	if err != nil {
 		return err
 	}
@@ -122,7 +135,7 @@ func (c *client) scrobble(ctx context.Context, apiKey string, li listenInfo) err
 			Payload:    []listenInfo{li},
 		},
 	}
-	resp, err := c.makeRequest(ctx, http.MethodPost, "submit-listens", r)
+	resp, err := c.makeAuthenticatedRequest(ctx, http.MethodPost, "submit-listens", r)
 	if err != nil {
 		return err
 	}
@@ -141,7 +154,7 @@ func (c *client) path(endpoint string) (string, error) {
 	return u.String(), nil
 }

-func (c *client) makeRequest(ctx context.Context, method string, endpoint string, r *listenBrainzRequest) (*listenBrainzResponse, error) {
+func (c *client) makeAuthenticatedRequest(ctx context.Context, method string, endpoint string, r *listenBrainzRequest) (*listenBrainzResponse, error) {
 	b, _ := json.Marshal(r.Body)
 	uri, err := c.path(endpoint)
 	if err != nil {
@@ -177,3 +190,189 @@ func (c *client) makeRequest(ctx context.Context, method string, endpoint string

 	return &response, nil
 }
+
+type lbzHttpError struct {
+	Code  int    `json:"code"`
+	Error string `json:"error"`
+}
+
+func (c *client) makeGenericRequest(ctx context.Context, method string, endpoint string, params url.Values) (*http.Response, error) {
+	req, _ := http.NewRequestWithContext(ctx, method, lbzApiUrl+endpoint, nil)
+	req.Header.Add("Content-Type", "application/json; charset=UTF-8")
+	req.URL.RawQuery = params.Encode()
+
+	log.Trace(ctx, fmt.Sprintf("Sending ListenBrainz %s request", req.Method), "url", req.URL)
+	resp, err := c.hc.Do(req)
+
+	if err != nil {
+		return nil, err
+	}
+
+	// On a 200 code, there is no code. Decode using using error message if it exists
+	if resp.StatusCode != 200 {
+		defer resp.Body.Close()
+		decoder := json.NewDecoder(resp.Body)
+
+		var lbzError lbzHttpError
+		jsonErr := decoder.Decode(&lbzError)
+
+		if jsonErr != nil {
+			return nil, fmt.Errorf("ListenBrainz: HTTP Error, Status: (%d)", resp.StatusCode)
+		}
+
+		return nil, &listenBrainzError{Code: lbzError.Code, Message: lbzError.Error}
+	}
+
+	return resp, err
+}
+
+type artistMetadataResult struct {
+	Rels struct {
+		OfficialHomepage string `json:"official homepage,omitempty"`
+	} `json:"rels,omitzero"`
+}
+
+func (c *client) getArtistUrl(ctx context.Context, mbid string) (string, error) {
+	params := url.Values{}
+	params.Add("artist_mbids", mbid)
+	resp, err := c.makeGenericRequest(ctx, http.MethodGet, "metadata/artist", params)
+	if err != nil {
+		return "", err
+	}
+
+	defer resp.Body.Close()
+	decoder := json.NewDecoder(resp.Body)
+
+	var response []artistMetadataResult
+	jsonErr := decoder.Decode(&response)
+	if jsonErr != nil {
+		return "", fmt.Errorf("ListenBrainz: HTTP Error, Status: (%d)", resp.StatusCode)
+	}
+
+	if len(response) == 0 || response[0].Rels.OfficialHomepage == "" {
+		return "", ErrorNotFound
+	}
+
+	return response[0].Rels.OfficialHomepage, nil
+}
+
+type trackInfo struct {
+	ArtistName    string   `json:"artist_name"`
+	ArtistMBIDs   []string `json:"artist_mbids"`
+	DurationMs    uint32   `json:"length"`
+	RecordingName string   `json:"recording_name"`
+	RecordingMbid string   `json:"recording_mbid"`
+	ReleaseName   string   `json:"release_name"`
+	ReleaseMBID   string   `json:"release_mbid"`
+}
+
+func (c *client) getArtistTopSongs(ctx context.Context, mbid string, count int) ([]trackInfo, error) {
+	resp, err := c.makeGenericRequest(ctx, http.MethodGet, "popularity/top-recordings-for-artist/"+mbid, url.Values{})
+	if err != nil {
+		return nil, err
+	}
+
+	defer resp.Body.Close()
+	decoder := json.NewDecoder(resp.Body)
+
+	var response []trackInfo
+	jsonErr := decoder.Decode(&response)
+	if jsonErr != nil {
+		return nil, fmt.Errorf("ListenBrainz: HTTP Error, Status: (%d)", resp.StatusCode)
+	}
+
+	if len(response) > count {
+		return response[0:count], nil
+	}
+
+	return response, nil
+}
+
+type artist struct {
+	MBID  string `json:"artist_mbid"`
+	Name  string `json:"name"`
+	Score int    `json:"score"`
+}
+
+func (c *client) getSimilarArtists(ctx context.Context, mbid string, limit int) ([]artist, error) {
+	req, _ := http.NewRequestWithContext(ctx, http.MethodGet, labsBase+"similar-artists/json", nil)
+	req.Header.Add("Content-Type", "application/json; charset=UTF-8")
+	req.URL.RawQuery = url.Values{
+		"artist_mbids": []string{mbid}, "algorithm": []string{conf.Server.ListenBrainz.ArtistAlgorithm},
+	}.Encode()
+
+	log.Trace(ctx, fmt.Sprintf("Sending ListenBrainz Labs %s request", req.Method), "url", req.URL)
+	resp, err := c.hc.Do(req)
+
+	if err != nil {
+		return nil, err
+	}
+
+	defer resp.Body.Close()
+	decoder := json.NewDecoder(resp.Body)
+
+	var artists []artist
+	jsonErr := decoder.Decode(&artists)
+	if jsonErr != nil {
+		return nil, fmt.Errorf("ListenBrainz: HTTP Error, Status: (%d)", resp.StatusCode)
+	}
+
+	if len(artists) > limit {
+		return artists[:limit], nil
+	}
+
+	return artists, nil
+}
+
+type recording struct {
+	MBID        string `json:"recording_mbid"`
+	Name        string `json:"recording_name"`
+	Artist      string `json:"artist_credit_name"`
+	ReleaseName string `json:"release_name"`
+	ReleaseMBID string `json:"release_mbid"`
+	Score       int    `json:"score"`
+}
+
+func (c *client) getSimilarRecordings(ctx context.Context, mbid string, limit int) ([]recording, error) {
+	req, _ := http.NewRequestWithContext(ctx, http.MethodGet, labsBase+"similar-recordings/json", nil)
+	req.Header.Add("Content-Type", "application/json; charset=UTF-8")
+	req.URL.RawQuery = url.Values{
+		"recording_mbids": []string{mbid}, "algorithm": []string{conf.Server.ListenBrainz.TrackAlgorithm},
+	}.Encode()
+
+	log.Trace(ctx, fmt.Sprintf("Sending ListenBrainz Labs %s request", req.Method), "url", req.URL)
+	resp, err := c.hc.Do(req)
+
+	if err != nil {
+		return nil, err
+	}
+
+	defer resp.Body.Close()
+	decoder := json.NewDecoder(resp.Body)
+
+	var recordings []recording
+	jsonErr := decoder.Decode(&recordings)
+	if jsonErr != nil {
+		return nil, fmt.Errorf("ListenBrainz: HTTP Error, Status: (%d)", resp.StatusCode)
+	}
+
+	// For whatever reason, labs API isn't guaranteed to give results in the proper order
+	// and may also provide duplicates. See listenbrainz.labs.similar-recordings-real-out-of-order.json
+	// generated from https://labs.api.listenbrainz.org/similar-recordings/json?recording_mbids=8f3471b5-7e6a-48da-86a9-c1c07a0f47ae&algorithm=session_based_days_180_session_300_contribution_5_threshold_15_limit_50_skip_30
+	slices.SortFunc(recordings, func(a, b recording) int {
+		return cmp.Or(
+			cmp.Compare(b.Score, a.Score), // Sort by score descending
+			cmp.Compare(a.MBID, b.MBID),   // Then by MBID ascending to ensure deterministic order for duplicates
+		)
+	})
+
+	recordings = slices.CompactFunc(recordings, func(a, b recording) bool {
+		return a.MBID == b.MBID
+	})
+
+	if len(recordings) > limit {
+		return recordings[:limit], nil
+	}
+
+	return recordings, nil
+}
--- a/adapters/listenbrainz/client_test.go
+++ b/adapters/listenbrainz/client_test.go
@@ -4,10 +4,13 @@ import (
 	"bytes"
 	"context"
 	"encoding/json"
+	"fmt"
 	"io"
 	"net/http"
 	"os"

+	"github.com/navidrome/navidrome/conf"
+	"github.com/navidrome/navidrome/conf/configtest"
 	"github.com/navidrome/navidrome/tests"
 	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
@@ -117,4 +120,345 @@ var _ = Describe("client", func() {
 			})
 		})
 	})
+
+	Context("getArtistUrl", func() {
+		baseUrl := "https://api.listenbrainz.org/1/metadata/artist?"
+		It("handles a malformed request with status code", func() {
+			httpClient.Res = http.Response{
+				Body:       io.NopCloser(bytes.NewBufferString(`{"code": 400,"error": "artist mbid 1 is not valid."}`)),
+				StatusCode: 400,
+			}
+			_, err := client.getArtistUrl(context.Background(), "1")
+			Expect(err.Error()).To(Equal("ListenBrainz error(400): artist mbid 1 is not valid."))
+			Expect(httpClient.SavedRequest.Method).To(Equal(http.MethodGet))
+			Expect(httpClient.SavedRequest.URL.String()).To(Equal(baseUrl + "artist_mbids=1"))
+			Expect(httpClient.SavedRequest.Header.Get("Content-Type")).To(Equal("application/json; charset=UTF-8"))
+		})
+
+		It("handles a malformed request without meaningful body", func() {
+			httpClient.Res = http.Response{
+				Body:       io.NopCloser(bytes.NewBufferString(``)),
+				StatusCode: 501,
+			}
+			_, err := client.getArtistUrl(context.Background(), "1")
+			Expect(err.Error()).To(Equal("ListenBrainz: HTTP Error, Status: (501)"))
+			Expect(httpClient.SavedRequest.Method).To(Equal(http.MethodGet))
+			Expect(httpClient.SavedRequest.URL.String()).To(Equal(baseUrl + "artist_mbids=1"))
+			Expect(httpClient.SavedRequest.Header.Get("Content-Type")).To(Equal("application/json; charset=UTF-8"))
+		})
+
+		It("It returns not found when the artist has no official homepage", func() {
+			f, _ := os.Open("tests/fixtures/listenbrainz.artist.metadata.no_homepage.json")
+			httpClient.Res = http.Response{Body: f, StatusCode: 200}
+			_, err := client.getArtistUrl(context.Background(), "7c2cc610-f998-43ef-a08f-dae3344b8973")
+			Expect(err.Error()).To(Equal("listenbrainz: not found"))
+			Expect(httpClient.SavedRequest.Method).To(Equal(http.MethodGet))
+			Expect(httpClient.SavedRequest.URL.String()).To(Equal(baseUrl + "artist_mbids=7c2cc610-f998-43ef-a08f-dae3344b8973"))
+			Expect(httpClient.SavedRequest.Header.Get("Content-Type")).To(Equal("application/json; charset=UTF-8"))
+		})
+
+		It("It returns data when the artist has a homepage", func() {
+			f, _ := os.Open("tests/fixtures/listenbrainz.artist.metadata.homepage.json")
+			httpClient.Res = http.Response{Body: f, StatusCode: 200}
+			url, err := client.getArtistUrl(context.Background(), "d2a92ee2-27ce-4e71-bfc5-12e34fe8ef56")
+			Expect(err).ToNot(HaveOccurred())
+			Expect(url).To(Equal("http://projectmili.com/"))
+			Expect(httpClient.SavedRequest.Method).To(Equal(http.MethodGet))
+			Expect(httpClient.SavedRequest.URL.String()).To(Equal(baseUrl + "artist_mbids=d2a92ee2-27ce-4e71-bfc5-12e34fe8ef56"))
+			Expect(httpClient.SavedRequest.Header.Get("Content-Type")).To(Equal("application/json; charset=UTF-8"))
+		})
+	})
+
+	Context("getArtistTopSongs", func() {
+		baseUrl := "https://api.listenbrainz.org/1/popularity/top-recordings-for-artist/"
+
+		It("handles a malformed request with status code", func() {
+			httpClient.Res = http.Response{
+				Body:       io.NopCloser(bytes.NewBufferString(`{"code":400,"error":"artist_mbid: '1' is not a valid uuid"}`)),
+				StatusCode: 400,
+			}
+			_, err := client.getArtistTopSongs(context.Background(), "1", 50)
+			Expect(err.Error()).To(Equal("ListenBrainz error(400): artist_mbid: '1' is not a valid uuid"))
+			Expect(httpClient.SavedRequest.Method).To(Equal(http.MethodGet))
+			Expect(httpClient.SavedRequest.URL.String()).To(Equal(baseUrl + "1"))
+			Expect(httpClient.SavedRequest.Header.Get("Content-Type")).To(Equal("application/json; charset=UTF-8"))
+		})
+
+		It("handles a malformed request without standard body", func() {
+			httpClient.Res = http.Response{
+				Body:       io.NopCloser(bytes.NewBufferString(``)),
+				StatusCode: 500,
+			}
+			_, err := client.getArtistTopSongs(context.Background(), "1", 1)
+			Expect(err.Error()).To(Equal("ListenBrainz: HTTP Error, Status: (500)"))
+			Expect(httpClient.SavedRequest.Method).To(Equal(http.MethodGet))
+			Expect(httpClient.SavedRequest.URL.String()).To(Equal(baseUrl + "1"))
+			Expect(httpClient.SavedRequest.Header.Get("Content-Type")).To(Equal("application/json; charset=UTF-8"))
+		})
+
+		It("It returns all tracks when given the opportunity", func() {
+			f, _ := os.Open("tests/fixtures/listenbrainz.popularity.json")
+			httpClient.Res = http.Response{Body: f, StatusCode: 200}
+			data, err := client.getArtistTopSongs(context.Background(), "d2a92ee2-27ce-4e71-bfc5-12e34fe8ef56", 5)
+			Expect(err).ToNot(HaveOccurred())
+			Expect(data).To(Equal([]trackInfo{
+				{
+					ArtistName:    "Mili",
+					ArtistMBIDs:   []string{"d2a92ee2-27ce-4e71-bfc5-12e34fe8ef56"},
+					DurationMs:    211912,
+					RecordingName: "world.execute(me);",
+					RecordingMbid: "9980309d-3480-4e7e-89ce-fce971a452be",
+					ReleaseName:   "Miracle Milk",
+					ReleaseMBID:   "38a8f6e1-0e34-4418-a89d-78240a367408",
+				},
+				{
+					ArtistName:    "Mili",
+					ArtistMBIDs:   []string{"d2a92ee2-27ce-4e71-bfc5-12e34fe8ef56"},
+					DurationMs:    174000,
+					RecordingName: "String Theocracy",
+					RecordingMbid: "afa2c83d-b17f-4029-b9da-790ea9250cf9",
+					ReleaseName:   "String Theocracy",
+					ReleaseMBID:   "d79a38e3-7016-4f39-a31a-f495ce914b8e",
+				},
+			}))
+			Expect(httpClient.SavedRequest.Method).To(Equal(http.MethodGet))
+			Expect(httpClient.SavedRequest.URL.String()).To(Equal(baseUrl + "d2a92ee2-27ce-4e71-bfc5-12e34fe8ef56"))
+			Expect(httpClient.SavedRequest.Header.Get("Content-Type")).To(Equal("application/json; charset=UTF-8"))
+		})
+
+		It("It returns a subset of tracks when allowed", func() {
+			f, _ := os.Open("tests/fixtures/listenbrainz.popularity.json")
+			httpClient.Res = http.Response{Body: f, StatusCode: 200}
+			data, err := client.getArtistTopSongs(context.Background(), "d2a92ee2-27ce-4e71-bfc5-12e34fe8ef56", 1)
+			Expect(err).ToNot(HaveOccurred())
+			Expect(data).To(Equal([]trackInfo{
+				{
+					ArtistName:    "Mili",
+					ArtistMBIDs:   []string{"d2a92ee2-27ce-4e71-bfc5-12e34fe8ef56"},
+					DurationMs:    211912,
+					RecordingName: "world.execute(me);",
+					RecordingMbid: "9980309d-3480-4e7e-89ce-fce971a452be",
+					ReleaseName:   "Miracle Milk",
+					ReleaseMBID:   "38a8f6e1-0e34-4418-a89d-78240a367408",
+				},
+			}))
+			Expect(httpClient.SavedRequest.Method).To(Equal(http.MethodGet))
+			Expect(httpClient.SavedRequest.URL.String()).To(Equal(baseUrl + "d2a92ee2-27ce-4e71-bfc5-12e34fe8ef56"))
+			Expect(httpClient.SavedRequest.Header.Get("Content-Type")).To(Equal("application/json; charset=UTF-8"))
+		})
+	})
+
+	Context("getSimilarArtists", func() {
+		var algorithm string
+
+		BeforeEach(func() {
+			algorithm = "session_based_days_9000_session_300_contribution_5_threshold_15_limit_50_skip_30"
+			DeferCleanup(configtest.SetupConfig())
+		})
+
+		getUrl := func(mbid string) string {
+			return fmt.Sprintf("https://labs.api.listenbrainz.org/similar-artists/json?algorithm=%s&artist_mbids=%s", algorithm, mbid)
+		}
+
+		mbid := "db92a151-1ac2-438b-bc43-b82e149ddd50"
+
+		It("handles a malformed request with status code", func() {
+			httpClient.Res = http.Response{
+				Body:       io.NopCloser(bytes.NewBufferString(`Bad request`)),
+				StatusCode: 400,
+			}
+			_, err := client.getSimilarArtists(context.Background(), "1", 2)
+			Expect(err.Error()).To(Equal("ListenBrainz: HTTP Error, Status: (400)"))
+			Expect(httpClient.SavedRequest.Method).To(Equal(http.MethodGet))
+			Expect(httpClient.SavedRequest.URL.String()).To(Equal(getUrl("1")))
+			Expect(httpClient.SavedRequest.Header.Get("Content-Type")).To(Equal("application/json; charset=UTF-8"))
+		})
+
+		It("handles real data properly", func() {
+			f, _ := os.Open("tests/fixtures/listenbrainz.labs.similar-artists.json")
+			httpClient.Res = http.Response{Body: f, StatusCode: 200}
+			resp, err := client.getSimilarArtists(context.Background(), mbid, 2)
+			Expect(err).ToNot(HaveOccurred())
+			Expect(httpClient.SavedRequest.Method).To(Equal(http.MethodGet))
+			Expect(httpClient.SavedRequest.URL.String()).To(Equal(getUrl(mbid)))
+			Expect(httpClient.SavedRequest.Header.Get("Content-Type")).To(Equal("application/json; charset=UTF-8"))
+			Expect(resp).To(Equal([]artist{
+				{MBID: "f27ec8db-af05-4f36-916e-3d57f91ecf5e", Name: "Michael Jackson", Score: 800},
+				{MBID: "7364dea6-ca9a-48e3-be01-b44ad0d19897", Name: "a-ha", Score: 792},
+			}))
+		})
+
+		It("truncates data when requested", func() {
+			f, _ := os.Open("tests/fixtures/listenbrainz.labs.similar-artists.json")
+			httpClient.Res = http.Response{Body: f, StatusCode: 200}
+			resp, err := client.getSimilarArtists(context.Background(), "db92a151-1ac2-438b-bc43-b82e149ddd50", 1)
+			Expect(err).ToNot(HaveOccurred())
+			Expect(httpClient.SavedRequest.Method).To(Equal(http.MethodGet))
+			Expect(httpClient.SavedRequest.URL.String()).To(Equal(getUrl(mbid)))
+			Expect(httpClient.SavedRequest.Header.Get("Content-Type")).To(Equal("application/json; charset=UTF-8"))
+			Expect(resp).To(Equal([]artist{
+				{MBID: "f27ec8db-af05-4f36-916e-3d57f91ecf5e", Name: "Michael Jackson", Score: 800},
+			}))
+		})
+
+		It("fetches a different endpoint when algorithm changes", func() {
+			algorithm = "session_based_days_1825_session_300_contribution_3_threshold_10_limit_100_filter_True_skip_30"
+			conf.Server.ListenBrainz.ArtistAlgorithm = algorithm
+
+			f, _ := os.Open("tests/fixtures/listenbrainz.labs.similar-artists.json")
+			httpClient.Res = http.Response{Body: f, StatusCode: 200}
+			resp, err := client.getSimilarArtists(context.Background(), mbid, 2)
+			Expect(err).ToNot(HaveOccurred())
+			Expect(httpClient.SavedRequest.Method).To(Equal(http.MethodGet))
+			Expect(httpClient.SavedRequest.URL.String()).To(Equal(getUrl(mbid)))
+			Expect(httpClient.SavedRequest.Header.Get("Content-Type")).To(Equal("application/json; charset=UTF-8"))
+			Expect(resp).To(Equal([]artist{
+				{MBID: "f27ec8db-af05-4f36-916e-3d57f91ecf5e", Name: "Michael Jackson", Score: 800},
+				{MBID: "7364dea6-ca9a-48e3-be01-b44ad0d19897", Name: "a-ha", Score: 792},
+			}))
+		})
+	})
+
+	Context("getSimilarRecordings", func() {
+		var algorithm string
+
+		BeforeEach(func() {
+			algorithm = "session_based_days_9000_session_300_contribution_5_threshold_15_limit_50_skip_30"
+			DeferCleanup(configtest.SetupConfig())
+		})
+
+		getUrl := func(mbid string) string {
+			return fmt.Sprintf("https://labs.api.listenbrainz.org/similar-recordings/json?algorithm=%s&recording_mbids=%s", algorithm, mbid)
+		}
+
+		mbid := "8f3471b5-7e6a-48da-86a9-c1c07a0f47ae"
+
+		It("handles a malformed request with status code", func() {
+			httpClient.Res = http.Response{
+				Body:       io.NopCloser(bytes.NewBufferString(`Bad request`)),
+				StatusCode: 400,
+			}
+			_, err := client.getSimilarRecordings(context.Background(), "1", 2)
+			Expect(err.Error()).To(Equal("ListenBrainz: HTTP Error, Status: (400)"))
+			Expect(httpClient.SavedRequest.Method).To(Equal(http.MethodGet))
+			Expect(httpClient.SavedRequest.URL.String()).To(Equal(getUrl("1")))
+			Expect(httpClient.SavedRequest.Header.Get("Content-Type")).To(Equal("application/json; charset=UTF-8"))
+		})
+
+		It("handles real data properly", func() {
+			f, _ := os.Open("tests/fixtures/listenbrainz.labs.similar-recordings.json")
+			httpClient.Res = http.Response{Body: f, StatusCode: 200}
+			resp, err := client.getSimilarRecordings(context.Background(), mbid, 2)
+			Expect(err).ToNot(HaveOccurred())
+			Expect(httpClient.SavedRequest.Method).To(Equal(http.MethodGet))
+			Expect(httpClient.SavedRequest.URL.String()).To(Equal(getUrl(mbid)))
+			Expect(httpClient.SavedRequest.Header.Get("Content-Type")).To(Equal("application/json; charset=UTF-8"))
+			Expect(resp).To(Equal([]recording{
+				{
+					MBID:        "12f65dca-de8f-43fe-a65d-f12a02aaadf3",
+					Name:        "Take On Me",
+					Artist:      "a‐ha",
+					ReleaseName: "Hunting High and Low",
+					ReleaseMBID: "4ec07fe8-e7c6-3106-a0aa-fdf92f13f7fc",
+					Score:       124,
+				},
+				{
+					MBID:        "80033c72-aa19-4ba8-9227-afb075fec46e",
+					Name:        "Wake Me Up Before You Go‐Go",
+					Artist:      "Wham!",
+					ReleaseName: "Make It Big",
+					ReleaseMBID: "c143d542-48dc-446b-b523-1762da721638",
+					Score:       65,
+				},
+			}))
+		})
+
+		It("truncates data when requested", func() {
+			f, _ := os.Open("tests/fixtures/listenbrainz.labs.similar-recordings.json")
+			httpClient.Res = http.Response{Body: f, StatusCode: 200}
+			resp, err := client.getSimilarRecordings(context.Background(), mbid, 1)
+			Expect(err).ToNot(HaveOccurred())
+			Expect(httpClient.SavedRequest.Method).To(Equal(http.MethodGet))
+			Expect(httpClient.SavedRequest.URL.String()).To(Equal(getUrl(mbid)))
+			Expect(httpClient.SavedRequest.Header.Get("Content-Type")).To(Equal("application/json; charset=UTF-8"))
+			Expect(resp).To(Equal([]recording{
+				{
+					MBID:        "12f65dca-de8f-43fe-a65d-f12a02aaadf3",
+					Name:        "Take On Me",
+					Artist:      "a‐ha",
+					ReleaseName: "Hunting High and Low",
+					ReleaseMBID: "4ec07fe8-e7c6-3106-a0aa-fdf92f13f7fc",
+					Score:       124,
+				},
+			}))
+		})
+
+		It("properly sorts by score and truncates duplicates", func() {
+			f, _ := os.Open("tests/fixtures/listenbrainz.labs.similar-recordings-real-out-of-order.json")
+			httpClient.Res = http.Response{Body: f, StatusCode: 200}
+			// There are actually 5 items. The dedup should happen FIRST
+			resp, err := client.getSimilarRecordings(context.Background(), mbid, 4)
+			Expect(err).ToNot(HaveOccurred())
+			Expect(httpClient.SavedRequest.Method).To(Equal(http.MethodGet))
+			Expect(httpClient.SavedRequest.URL.String()).To(Equal(getUrl(mbid)))
+			Expect(httpClient.SavedRequest.Header.Get("Content-Type")).To(Equal("application/json; charset=UTF-8"))
+			Expect(resp).To(Equal([]recording{
+				{
+					MBID:        "12f65dca-de8f-43fe-a65d-f12a02aaadf3",
+					Name:        "Take On Me",
+					Artist:      "a‐ha",
+					ReleaseName: "Hunting High and Low",
+					ReleaseMBID: "4ec07fe8-e7c6-3106-a0aa-fdf92f13f7fc",
+					Score:       124,
+				},
+				{
+					MBID:        "e4b347be-ecb2-44ff-aaa8-3d4c517d7ea5",
+					Name:        "Everybody Wants to Rule the World",
+					Artist:      "Tears for Fears",
+					ReleaseName: "Songs From the Big Chair",
+					ReleaseMBID: "21f19b06-81f1-347a-add5-5d0c77696597",
+					Score:       68,
+				},
+				{
+					MBID:        "80033c72-aa19-4ba8-9227-afb075fec46e",
+					Name:        "Wake Me Up Before You Go‐Go",
+					Artist:      "Wham!",
+					ReleaseName: "Make It Big",
+					ReleaseMBID: "c143d542-48dc-446b-b523-1762da721638",
+					Score:       65,
+				},
+				{
+					MBID:        "ef4c6855-949e-4e22-b41e-8e0a2d372d5f",
+					Name:        "Tainted Love",
+					Artist:      "Soft Cell",
+					ReleaseName: "Non-Stop Erotic Cabaret",
+					ReleaseMBID: "1acaa870-6e0c-4b6e-9e91-fdec4e5ea4b1",
+					Score:       61,
+				},
+			}))
+		})
+
+		It("uses a different algorithm when configured", func() {
+			algorithm = "session_based_days_180_session_300_contribution_5_threshold_15_limit_50_skip_30"
+			conf.Server.ListenBrainz.TrackAlgorithm = algorithm
+
+			f, _ := os.Open("tests/fixtures/listenbrainz.labs.similar-recordings.json")
+			httpClient.Res = http.Response{Body: f, StatusCode: 200}
+			resp, err := client.getSimilarRecordings(context.Background(), mbid, 1)
+			Expect(err).ToNot(HaveOccurred())
+			Expect(httpClient.SavedRequest.Method).To(Equal(http.MethodGet))
+			Expect(httpClient.SavedRequest.URL.String()).To(Equal(getUrl(mbid)))
+			Expect(httpClient.SavedRequest.Header.Get("Content-Type")).To(Equal("application/json; charset=UTF-8"))
+			Expect(resp).To(Equal([]recording{
+				{
+					MBID:        "12f65dca-de8f-43fe-a65d-f12a02aaadf3",
+					Name:        "Take On Me",
+					Artist:      "a‐ha",
+					ReleaseName: "Hunting High and Low",
+					ReleaseMBID: "4ec07fe8-e7c6-3106-a0aa-fdf92f13f7fc",
+					Score:       124,
+				},
+			}))
+		})
+	})
 })
--- a/adapters/spotify/client.go
+++ b/adapters/spotify/client.go
@@ -73,7 +73,7 @@ func (c *client) authorize(ctx context.Context) (string, error) {
 	auth := c.id + ":" + c.secret
 	req.Header.Add("Authorization", "Basic "+base64.StdEncoding.EncodeToString([]byte(auth)))

-	response := map[string]interface{}{}
+	response := map[string]any{}
 	err := c.makeRequest(req, &response)
 	if err != nil {
 		return "", err
@@ -86,7 +86,7 @@ func (c *client) authorize(ctx context.Context) (string, error) {
 	return "", errors.New("invalid response")
 }

-func (c *client) makeRequest(req *http.Request, response interface{}) error {
+func (c *client) makeRequest(req *http.Request, response any) error {
 	log.Trace(req.Context(), fmt.Sprintf("Sending Spotify %s request", req.Method), "url", req.URL)
 	resp, err := c.hc.Do(req)
 	if err != nil {
--- a/cmd/scan.go
+++ b/cmd/scan.go
@@ -8,7 +8,7 @@ import (
 	"os"
 	"strings"

-	"github.com/navidrome/navidrome/core"
+	"github.com/navidrome/navidrome/core/playlists"
 	"github.com/navidrome/navidrome/db"
 	"github.com/navidrome/navidrome/log"
 	"github.com/navidrome/navidrome/model"
@@ -74,7 +74,7 @@ func runScanner(ctx context.Context) {
 	sqlDB := db.Db()
 	defer db.Db().Close()
 	ds := persistence.New(sqlDB)
-	pls := core.NewPlaylists(ds)
+	pls := playlists.NewPlaylists(ds)

 	// Parse targets from command line or file
 	var scanTargets []model.ScanTarget
--- a/cmd/wire_gen.go
+++ b/cmd/wire_gen.go
@@ -18,6 +18,7 @@ import (
 	"github.com/navidrome/navidrome/core/ffmpeg"
 	"github.com/navidrome/navidrome/core/metrics"
 	"github.com/navidrome/navidrome/core/playback"
+	"github.com/navidrome/navidrome/core/playlists"
 	"github.com/navidrome/navidrome/core/scrobbler"
 	"github.com/navidrome/navidrome/db"
 	"github.com/navidrome/navidrome/model"
@@ -61,7 +62,7 @@ func CreateNativeAPIRouter(ctx context.Context) *nativeapi.Router {
 	sqlDB := db.Db()
 	dataStore := persistence.New(sqlDB)
 	share := core.NewShare(dataStore)
-	playlists := core.NewPlaylists(dataStore)
+	playlistsPlaylists := playlists.NewPlaylists(dataStore)
 	insights := metrics.GetInstance(dataStore)
 	fileCache := artwork.GetImageCache()
 	fFmpeg := ffmpeg.New()
@@ -72,12 +73,12 @@ func CreateNativeAPIRouter(ctx context.Context) *nativeapi.Router {
 	provider := external.NewProvider(dataStore, agentsAgents)
 	artworkArtwork := artwork.NewArtwork(dataStore, fileCache, fFmpeg, provider)
 	cacheWarmer := artwork.NewCacheWarmer(artworkArtwork, fileCache)
-	modelScanner := scanner.New(ctx, dataStore, cacheWarmer, broker, playlists, metricsMetrics)
+	modelScanner := scanner.New(ctx, dataStore, cacheWarmer, broker, playlistsPlaylists, metricsMetrics)
 	watcher := scanner.GetWatcher(dataStore, modelScanner)
 	library := core.NewLibrary(dataStore, modelScanner, watcher, broker, manager)
 	user := core.NewUser(dataStore, manager)
 	maintenance := core.NewMaintenance(dataStore)
-	router := nativeapi.New(dataStore, share, playlists, insights, library, user, maintenance, manager)
+	router := nativeapi.New(dataStore, share, playlistsPlaylists, insights, library, user, maintenance, manager)
 	return router
 }

@@ -98,11 +99,11 @@ func CreateSubsonicAPIRouter(ctx context.Context) *subsonic.Router {
 	archiver := core.NewArchiver(mediaStreamer, dataStore, share)
 	players := core.NewPlayers(dataStore)
 	cacheWarmer := artwork.NewCacheWarmer(artworkArtwork, fileCache)
-	playlists := core.NewPlaylists(dataStore)
-	modelScanner := scanner.New(ctx, dataStore, cacheWarmer, broker, playlists, metricsMetrics)
+	playlistsPlaylists := playlists.NewPlaylists(dataStore)
+	modelScanner := scanner.New(ctx, dataStore, cacheWarmer, broker, playlistsPlaylists, metricsMetrics)
 	playTracker := scrobbler.GetPlayTracker(dataStore, broker, manager)
 	playbackServer := playback.GetInstance(dataStore)
-	router := subsonic.New(dataStore, artworkArtwork, mediaStreamer, archiver, players, provider, modelScanner, broker, playlists, playTracker, share, playbackServer, metricsMetrics)
+	router := subsonic.New(dataStore, artworkArtwork, mediaStreamer, archiver, players, provider, modelScanner, broker, playlistsPlaylists, playTracker, share, playbackServer, metricsMetrics)
 	return router
 }

@@ -165,8 +166,8 @@ func CreateScanner(ctx context.Context) model.Scanner {
 	provider := external.NewProvider(dataStore, agentsAgents)
 	artworkArtwork := artwork.NewArtwork(dataStore, fileCache, fFmpeg, provider)
 	cacheWarmer := artwork.NewCacheWarmer(artworkArtwork, fileCache)
-	playlists := core.NewPlaylists(dataStore)
-	modelScanner := scanner.New(ctx, dataStore, cacheWarmer, broker, playlists, metricsMetrics)
+	playlistsPlaylists := playlists.NewPlaylists(dataStore)
+	modelScanner := scanner.New(ctx, dataStore, cacheWarmer, broker, playlistsPlaylists, metricsMetrics)
 	return modelScanner
 }

@@ -182,8 +183,8 @@ func CreateScanWatcher(ctx context.Context) scanner.Watcher {
 	provider := external.NewProvider(dataStore, agentsAgents)
 	artworkArtwork := artwork.NewArtwork(dataStore, fileCache, fFmpeg, provider)
 	cacheWarmer := artwork.NewCacheWarmer(artworkArtwork, fileCache)
-	playlists := core.NewPlaylists(dataStore)
-	modelScanner := scanner.New(ctx, dataStore, cacheWarmer, broker, playlists, metricsMetrics)
+	playlistsPlaylists := playlists.NewPlaylists(dataStore)
+	modelScanner := scanner.New(ctx, dataStore, cacheWarmer, broker, playlistsPlaylists, metricsMetrics)
 	watcher := scanner.GetWatcher(dataStore, modelScanner)
 	return watcher
 }
--- a/conf/configuration.go
+++ b/conf/configuration.go
@@ -7,6 +7,7 @@ import (
 	"os"
 	"path/filepath"
 	"runtime"
+	"slices"
 	"strings"
 	"time"

@@ -194,8 +195,10 @@ type deezerOptions struct {
 }

 type listenBrainzOptions struct {
-	Enabled bool
-	BaseURL string
+	Enabled         bool
+	BaseURL         string
+	ArtistAlgorithm string
+	TrackAlgorithm  string
 }

 type httpHeaderOptions struct {
@@ -431,7 +434,7 @@ func mapDeprecatedOption(legacyName, newName string) {
 func parseIniFileConfiguration() {
 	cfgFile := viper.ConfigFileUsed()
 	if strings.ToLower(filepath.Ext(cfgFile)) == ".ini" {
-		var iniConfig map[string]interface{}
+		var iniConfig map[string]any
 		err := viper.Unmarshal(&iniConfig)
 		if err != nil {
 			_, _ = fmt.Fprintln(os.Stderr, "FATAL: Error parsing config:", err)
@@ -464,7 +467,7 @@ func disableExternalServices() {
 }

 func validatePlaylistsPath() error {
-	for _, path := range strings.Split(Server.PlaylistsPath, string(filepath.ListSeparator)) {
+	for path := range strings.SplitSeq(Server.PlaylistsPath, string(filepath.ListSeparator)) {
 		_, err := doublestar.Match(path, "")
 		if err != nil {
 			log.Error("Invalid PlaylistsPath", "path", path, err)
@@ -478,7 +481,7 @@ func validatePlaylistsPath() error {
 // It trims whitespace from each entry and ensures at least [DefaultInfoLanguage] is returned.
 func parseLanguages(lang string) []string {
 	var languages []string
-	for _, l := range strings.Split(lang, ",") {
+	for l := range strings.SplitSeq(lang, ",") {
 		l = strings.TrimSpace(l)
 		if l != "" {
 			languages = append(languages, l)
@@ -492,13 +495,7 @@ func parseLanguages(lang string) []string {

 func validatePurgeMissingOption() error {
 	allowedValues := []string{consts.PurgeMissingNever, consts.PurgeMissingAlways, consts.PurgeMissingFull}
-	valid := false
-	for _, v := range allowedValues {
-		if v == Server.Scanner.PurgeMissing {
-			valid = true
-			break
-		}
-	}
+	valid := slices.Contains(allowedValues, Server.Scanner.PurgeMissing)
 	if !valid {
 		err := fmt.Errorf("invalid Scanner.PurgeMissing value: '%s'. Must be one of: %v", Server.Scanner.PurgeMissing, allowedValues)
 		log.Error(err.Error())
@@ -656,7 +653,9 @@ func setViperDefaults() {
 	viper.SetDefault("deezer.enabled", true)
 	viper.SetDefault("deezer.language", consts.DefaultInfoLanguage)
 	viper.SetDefault("listenbrainz.enabled", true)
-	viper.SetDefault("listenbrainz.baseurl", "https://api.listenbrainz.org/1/")
+	viper.SetDefault("listenbrainz.baseurl", consts.DefaultListenBrainzBaseURL)
+	viper.SetDefault("listenbrainz.artistalgorithm", consts.DefaultListenBrainzArtistAlgorithm)
+	viper.SetDefault("listenbrainz.trackalgorithm", consts.DefaultListenBrainzTrackAlgorithm)
 	viper.SetDefault("enablescrobblehistory", true)
 	viper.SetDefault("httpheaders.frameoptions", "DENY")
 	viper.SetDefault("backup.path", "")
--- a/consts/consts.go
+++ b/consts/consts.go
@@ -74,6 +74,10 @@ const (

 	DefaultHttpClientTimeOut = 10 * time.Second

+	DefaultListenBrainzBaseURL         = "https://api.listenbrainz.org/1/"
+	DefaultListenBrainzArtistAlgorithm = "session_based_days_9000_session_300_contribution_5_threshold_15_limit_50_skip_30"
+	DefaultListenBrainzTrackAlgorithm  = "session_based_days_9000_session_300_contribution_5_threshold_15_limit_50_skip_30"
+
 	DefaultScannerExtractor = "taglib"
 	DefaultWatcherWait      = 5 * time.Second
 	Zwsp                    = string('\u200b')
--- a/core/agents/agents_test.go
+++ b/core/agents/agents_test.go
@@ -365,7 +365,7 @@ var _ = Describe("Agents", func() {
 })

 type mockAgent struct {
-	Args []interface{}
+	Args []any
 	Err  error
 }

@@ -374,7 +374,7 @@ func (a *mockAgent) AgentName() string {
 }

 func (a *mockAgent) GetArtistMBID(_ context.Context, id string, name string) (string, error) {
-	a.Args = []interface{}{id, name}
+	a.Args = []any{id, name}
 	if a.Err != nil {
 		return "", a.Err
 	}
@@ -382,7 +382,7 @@ func (a *mockAgent) GetArtistMBID(_ context.Context, id string, name string) (st
 }

 func (a *mockAgent) GetArtistURL(_ context.Context, id, name, mbid string) (string, error) {
-	a.Args = []interface{}{id, name, mbid}
+	a.Args = []any{id, name, mbid}
 	if a.Err != nil {
 		return "", a.Err
 	}
@@ -390,7 +390,7 @@ func (a *mockAgent) GetArtistURL(_ context.Context, id, name, mbid string) (stri
 }

 func (a *mockAgent) GetArtistBiography(_ context.Context, id, name, mbid string) (string, error) {
-	a.Args = []interface{}{id, name, mbid}
+	a.Args = []any{id, name, mbid}
 	if a.Err != nil {
 		return "", a.Err
 	}
@@ -398,7 +398,7 @@ func (a *mockAgent) GetArtistBiography(_ context.Context, id, name, mbid string)
 }

 func (a *mockAgent) GetArtistImages(_ context.Context, id, name, mbid string) ([]ExternalImage, error) {
-	a.Args = []interface{}{id, name, mbid}
+	a.Args = []any{id, name, mbid}
 	if a.Err != nil {
 		return nil, a.Err
 	}
@@ -409,7 +409,7 @@ func (a *mockAgent) GetArtistImages(_ context.Context, id, name, mbid string) ([
 }

 func (a *mockAgent) GetSimilarArtists(_ context.Context, id, name, mbid string, limit int) ([]Artist, error) {
-	a.Args = []interface{}{id, name, mbid, limit}
+	a.Args = []any{id, name, mbid, limit}
 	if a.Err != nil {
 		return nil, a.Err
 	}
@@ -420,7 +420,7 @@ func (a *mockAgent) GetSimilarArtists(_ context.Context, id, name, mbid string,
 }

 func (a *mockAgent) GetArtistTopSongs(_ context.Context, id, artistName, mbid string, count int) ([]Song, error) {
-	a.Args = []interface{}{id, artistName, mbid, count}
+	a.Args = []any{id, artistName, mbid, count}
 	if a.Err != nil {
 		return nil, a.Err
 	}
@@ -431,7 +431,7 @@ func (a *mockAgent) GetArtistTopSongs(_ context.Context, id, artistName, mbid st
 }

 func (a *mockAgent) GetAlbumInfo(ctx context.Context, name, artist, mbid string) (*AlbumInfo, error) {
-	a.Args = []interface{}{name, artist, mbid}
+	a.Args = []any{name, artist, mbid}
 	if a.Err != nil {
 		return nil, a.Err
 	}
@@ -444,7 +444,7 @@ func (a *mockAgent) GetAlbumInfo(ctx context.Context, name, artist, mbid string)
 }

 func (a *mockAgent) GetSimilarSongsByTrack(_ context.Context, id, name, artist, mbid string, count int) ([]Song, error) {
-	a.Args = []interface{}{id, name, artist, mbid, count}
+	a.Args = []any{id, name, artist, mbid, count}
 	if a.Err != nil {
 		return nil, a.Err
 	}
@@ -455,7 +455,7 @@ func (a *mockAgent) GetSimilarSongsByTrack(_ context.Context, id, name, artist,
 }

 func (a *mockAgent) GetSimilarSongsByAlbum(_ context.Context, id, name, artist, mbid string, count int) ([]Song, error) {
-	a.Args = []interface{}{id, name, artist, mbid, count}
+	a.Args = []any{id, name, artist, mbid, count}
 	if a.Err != nil {
 		return nil, a.Err
 	}
@@ -466,7 +466,7 @@ func (a *mockAgent) GetSimilarSongsByAlbum(_ context.Context, id, name, artist,
 }

 func (a *mockAgent) GetSimilarSongsByArtist(_ context.Context, id, name, mbid string, count int) ([]Song, error) {
-	a.Args = []interface{}{id, name, mbid, count}
+	a.Args = []any{id, name, mbid, count}
 	if a.Err != nil {
 		return nil, a.Err
 	}
@@ -488,12 +488,12 @@ type testImageAgent struct {
 	Name   string
 	Images []ExternalImage
 	Err    error
-	Args   []interface{}
+	Args   []any
 }

 func (t *testImageAgent) AgentName() string { return t.Name }

 func (t *testImageAgent) GetArtistImages(_ context.Context, id, name, mbid string) ([]ExternalImage, error) {
-	t.Args = []interface{}{id, name, mbid}
+	t.Args = []any{id, name, mbid}
 	return t.Images, t.Err
 }
--- a/core/artwork/cache_warmer_test.go
+++ b/core/artwork/cache_warmer_test.go
@@ -143,7 +143,7 @@ var _ = Describe("CacheWarmer", func() {

 		It("processes items in batches", func() {
 			cw := NewCacheWarmer(aw, fc).(*cacheWarmer)
-			for i := 0; i < 5; i++ {
+			for i := range 5 {
 				cw.PreCache(model.MustParseArtworkID(fmt.Sprintf("al-%d", i)))
 			}

--- a/core/artwork/reader_album.go
+++ b/core/artwork/reader_album.go
@@ -79,7 +79,7 @@ func (a *albumArtworkReader) Reader(ctx context.Context) (io.ReadCloser, string,

 func (a *albumArtworkReader) fromCoverArtPriority(ctx context.Context, ffmpeg ffmpeg.FFmpeg, priority string) []sourceFunc {
 	var ff []sourceFunc
-	for _, pattern := range strings.Split(strings.ToLower(priority), ",") {
+	for pattern := range strings.SplitSeq(strings.ToLower(priority), ",") {
 		pattern = strings.TrimSpace(pattern)
 		switch {
 		case pattern == "embedded":
--- a/core/artwork/reader_artist.go
+++ b/core/artwork/reader_artist.go
@@ -99,7 +99,7 @@ func (a *artistReader) Reader(ctx context.Context) (io.ReadCloser, string, error

 func (a *artistReader) fromArtistArtPriority(ctx context.Context, priority string) []sourceFunc {
 	var ff []sourceFunc
-	for _, pattern := range strings.Split(strings.ToLower(priority), ",") {
+	for pattern := range strings.SplitSeq(strings.ToLower(priority), ",") {
 		pattern = strings.TrimSpace(pattern)
 		switch {
 		case pattern == "external":
@@ -116,7 +116,7 @@ func (a *artistReader) fromArtistArtPriority(ctx context.Context, priority strin
 func fromArtistFolder(ctx context.Context, artistFolder string, pattern string) sourceFunc {
 	return func() (io.ReadCloser, string, error) {
 		current := artistFolder
-		for i := 0; i < maxArtistFolderTraversalDepth; i++ {
+		for range maxArtistFolderTraversalDepth {
 			if reader, path, err := findImageInFolder(ctx, current, pattern); err == nil {
 				return reader, path, nil
 			}
--- a/core/auth/auth.go
+++ b/core/auth/auth.go
@@ -4,6 +4,7 @@ import (
 	"cmp"
 	"context"
 	"crypto/sha256"
+	"maps"
 	"sync"
 	"time"

@@ -53,9 +54,7 @@ func createBaseClaims() map[string]any {

 func CreatePublicToken(claims map[string]any) (string, error) {
 	tokenClaims := createBaseClaims()
-	for k, v := range claims {
-		tokenClaims[k] = v
-	}
+	maps.Copy(tokenClaims, claims)
 	_, token, err := TokenAuth.Encode(tokenClaims)

 	return token, err
@@ -66,9 +65,7 @@ func CreateExpiringPublicToken(exp time.Time, claims map[string]any) (string, er
 	if !exp.IsZero() {
 		tokenClaims[jwt.ExpirationKey] = exp.UTC().Unix()
 	}
-	for k, v := range claims {
-		tokenClaims[k] = v
-	}
+	maps.Copy(tokenClaims, claims)
 	_, token, err := TokenAuth.Encode(tokenClaims)

 	return token, err
@@ -100,7 +97,7 @@ func TouchToken(token jwt.Token) (string, error) {
 	return newToken, err
 }

-func Validate(tokenStr string) (map[string]interface{}, error) {
+func Validate(tokenStr string) (map[string]any, error) {
 	token, err := jwtauth.VerifyToken(TokenAuth, tokenStr)
 	if err != nil {
 		return nil, err
--- a/core/auth/auth_test.go
+++ b/core/auth/auth_test.go
@@ -45,7 +45,7 @@ var _ = Describe("Auth", func() {
 		})

 		It("returns the claims from a valid JWT token", func() {
-			claims := map[string]interface{}{}
+			claims := map[string]any{}
 			claims["iss"] = "issuer"
 			claims["iat"] = time.Now().Unix()
 			claims["exp"] = time.Now().Add(1 * time.Minute).Unix()
@@ -58,7 +58,7 @@ var _ = Describe("Auth", func() {
 		})

 		It("returns ErrExpired if the `exp` field is in the past", func() {
-			claims := map[string]interface{}{}
+			claims := map[string]any{}
 			claims["iss"] = "issuer"
 			claims["exp"] = time.Now().Add(-1 * time.Minute).Unix()
 			_, tokenStr, err := auth.TokenAuth.Encode(claims)
@@ -93,7 +93,7 @@ var _ = Describe("Auth", func() {
 	Describe("TouchToken", func() {
 		It("updates the expiration time", func() {
 			yesterday := time.Now().Add(-oneDay)
-			claims := map[string]interface{}{}
+			claims := map[string]any{}
 			claims["iss"] = "issuer"
 			claims["exp"] = yesterday.Unix()
 			token, _, err := auth.TokenAuth.Encode(claims)
--- a/core/external/extdata_helper_test.go
+++ b/core/external/extdata_helper_test.go
@@ -40,7 +40,7 @@ func (m *mockArtistRepo) Get(id string) (*model.Artist, error) {

 // GetAll implements model.ArtistRepository.
 func (m *mockArtistRepo) GetAll(options ...model.QueryOptions) (model.Artists, error) {
-	argsSlice := make([]interface{}, len(options))
+	argsSlice := make([]any, len(options))
 	for i, v := range options {
 		argsSlice[i] = v
 	}
@@ -99,7 +99,7 @@ func (m *mockMediaFileRepo) GetAllByTags(_ model.TagName, _ []string, options ..

 // GetAll implements model.MediaFileRepository.
 func (m *mockMediaFileRepo) GetAll(options ...model.QueryOptions) (model.MediaFiles, error) {
-	argsSlice := make([]interface{}, len(options))
+	argsSlice := make([]any, len(options))
 	for i, v := range options {
 		argsSlice[i] = v
 	}
@@ -152,7 +152,7 @@ func (m *mockAlbumRepo) Get(id string) (*model.Album, error) {

 // GetAll implements model.AlbumRepository.
 func (m *mockAlbumRepo) GetAll(options ...model.QueryOptions) (model.Albums, error) {
-	argsSlice := make([]interface{}, len(options))
+	argsSlice := make([]any, len(options))
 	for i, v := range options {
 		argsSlice[i] = v
 	}
--- a/core/external/provider.go
+++ b/core/external/provider.go
@@ -93,7 +93,7 @@ func NewProvider(ds model.DataStore, agents Agents) Provider {
 }

 func (e *provider) getAlbum(ctx context.Context, id string) (auxAlbum, error) {
-	var entity interface{}
+	var entity any
 	entity, err := model.GetEntityByID(ctx, e.ds, id)
 	if err != nil {
 		return auxAlbum{}, err
@@ -187,7 +187,7 @@ func (e *provider) populateAlbumInfo(ctx context.Context, album auxAlbum) (auxAl
 }

 func (e *provider) getArtist(ctx context.Context, id string) (auxArtist, error) {
-	var entity interface{}
+	var entity any
 	entity, err := model.GetEntityByID(ctx, e.ds, id)
 	if err != nil {
 		return auxArtist{}, err
--- a/core/library.go
+++ b/core/library.go
@@ -159,7 +159,7 @@ type libraryRepositoryWrapper struct {
 	pluginManager PluginUnloader
 }

-func (r *libraryRepositoryWrapper) Save(entity interface{}) (string, error) {
+func (r *libraryRepositoryWrapper) Save(entity any) (string, error) {
 	lib := entity.(*model.Library)
 	if err := r.validateLibrary(lib); err != nil {
 		return "", err
@@ -191,7 +191,7 @@ func (r *libraryRepositoryWrapper) Save(entity interface{}) (string, error) {
 	return strconv.Itoa(lib.ID), nil
 }

-func (r *libraryRepositoryWrapper) Update(id string, entity interface{}, _ ...string) error {
+func (r *libraryRepositoryWrapper) Update(id string, entity any, _ ...string) error {
 	lib := entity.(*model.Library)
 	libID, err := strconv.Atoi(id)
 	if err != nil {
--- a/core/maintenance.go
+++ b/core/maintenance.go
@@ -196,9 +196,7 @@ func (s *maintenanceService) getAffectedAlbumIDs(ctx context.Context, ids []stri
 // refreshStatsAsync refreshes artist and album statistics in background goroutines
 func (s *maintenanceService) refreshStatsAsync(ctx context.Context, affectedAlbumIDs []string) {
 	// Refresh artist stats in background
-	s.wg.Add(1)
-	go func() {
-		defer s.wg.Done()
+	s.wg.Go(func() {
 		bgCtx := request.AddValues(context.Background(), ctx)
 		if _, err := s.ds.Artist(bgCtx).RefreshStats(true); err != nil {
 			log.Error(bgCtx, "Error refreshing artist stats after deleting missing files", err)
@@ -214,7 +212,7 @@ func (s *maintenanceService) refreshStatsAsync(ctx context.Context, affectedAlbu
 				log.Debug(bgCtx, "Successfully refreshed album stats after deleting missing files", "count", len(affectedAlbumIDs))
 			}
 		}
-	}()
+	})
 }

 // Wait waits for all background goroutines to complete.
--- a/core/playback/queue.go
+++ b/core/playback/queue.go
@@ -3,6 +3,7 @@ package playback
 import (
 	"fmt"
 	"math/rand"
+	"strings"

 	"github.com/navidrome/navidrome/log"
 	"github.com/navidrome/navidrome/model"
@@ -21,11 +22,11 @@ func NewQueue() *Queue {
 }

 func (pd *Queue) String() string {
-	filenames := ""
+	var filenames strings.Builder
 	for idx, item := range pd.Items {
-		filenames += fmt.Sprint(idx) + ":" + item.Path + " "
+		filenames.WriteString(fmt.Sprint(idx) + ":" + item.Path + " ")
 	}
-	return fmt.Sprintf("#Items: %d, idx: %d, files: %s", len(pd.Items), pd.Index, filenames)
+	return fmt.Sprintf("#Items: %d, idx: %d, files: %s", len(pd.Items), pd.Index, filenames.String())
 }

 // returns the current mediafile or nil
--- a/core/playlists/import.go
+++ b/core/playlists/import.go
@@ -0,0 +1,119 @@
+package playlists
+
+import (
+	"context"
+	"errors"
+	"io"
+	"os"
+	"path/filepath"
+	"strings"
+	"time"
+
+	"github.com/navidrome/navidrome/conf"
+	"github.com/navidrome/navidrome/log"
+	"github.com/navidrome/navidrome/model"
+	"github.com/navidrome/navidrome/model/request"
+	"github.com/navidrome/navidrome/utils/ioutils"
+	"golang.org/x/text/unicode/norm"
+)
+
+func (s *playlists) ImportFile(ctx context.Context, folder *model.Folder, filename string) (*model.Playlist, error) {
+	pls, err := s.parsePlaylist(ctx, filename, folder)
+	if err != nil {
+		log.Error(ctx, "Error parsing playlist", "path", filepath.Join(folder.AbsolutePath(), filename), err)
+		return nil, err
+	}
+	log.Debug(ctx, "Found playlist", "name", pls.Name, "lastUpdated", pls.UpdatedAt, "path", pls.Path, "numTracks", len(pls.Tracks))
+	err = s.updatePlaylist(ctx, pls)
+	if err != nil {
+		log.Error(ctx, "Error updating playlist", "path", filepath.Join(folder.AbsolutePath(), filename), err)
+	}
+	return pls, err
+}
+
+func (s *playlists) ImportM3U(ctx context.Context, reader io.Reader) (*model.Playlist, error) {
+	owner, _ := request.UserFrom(ctx)
+	pls := &model.Playlist{
+		OwnerID: owner.ID,
+		Public:  false,
+		Sync:    false,
+	}
+	err := s.parseM3U(ctx, pls, nil, reader)
+	if err != nil {
+		log.Error(ctx, "Error parsing playlist", err)
+		return nil, err
+	}
+	err = s.ds.Playlist(ctx).Put(pls)
+	if err != nil {
+		log.Error(ctx, "Error saving playlist", err)
+		return nil, err
+	}
+	return pls, nil
+}
+
+func (s *playlists) parsePlaylist(ctx context.Context, playlistFile string, folder *model.Folder) (*model.Playlist, error) {
+	pls, err := s.newSyncedPlaylist(folder.AbsolutePath(), playlistFile)
+	if err != nil {
+		return nil, err
+	}
+
+	file, err := os.Open(pls.Path)
+	if err != nil {
+		return nil, err
+	}
+	defer file.Close()
+
+	reader := ioutils.UTF8Reader(file)
+	extension := strings.ToLower(filepath.Ext(playlistFile))
+	switch extension {
+	case ".nsp":
+		err = s.parseNSP(ctx, pls, reader)
+	default:
+		err = s.parseM3U(ctx, pls, folder, reader)
+	}
+	return pls, err
+}
+
+func (s *playlists) updatePlaylist(ctx context.Context, newPls *model.Playlist) error {
+	owner, _ := request.UserFrom(ctx)
+
+	// Try to find existing playlist by path. Since filesystem normalization differs across
+	// platforms (macOS uses NFD, Linux/Windows use NFC), we try both forms to match
+	// playlists that may have been imported on a different platform.
+	pls, err := s.ds.Playlist(ctx).FindByPath(newPls.Path)
+	if errors.Is(err, model.ErrNotFound) {
+		// Try alternate normalization form
+		altPath := norm.NFD.String(newPls.Path)
+		if altPath == newPls.Path {
+			altPath = norm.NFC.String(newPls.Path)
+		}
+		if altPath != newPls.Path {
+			pls, err = s.ds.Playlist(ctx).FindByPath(altPath)
+		}
+	}
+	if err != nil && !errors.Is(err, model.ErrNotFound) {
+		return err
+	}
+	if err == nil && !pls.Sync {
+		log.Debug(ctx, "Playlist already imported and not synced", "playlist", pls.Name, "path", pls.Path)
+		return nil
+	}
+
+	if err == nil {
+		log.Info(ctx, "Updating synced playlist", "playlist", pls.Name, "path", newPls.Path)
+		newPls.ID = pls.ID
+		newPls.Name = pls.Name
+		newPls.Comment = pls.Comment
+		newPls.OwnerID = pls.OwnerID
+		newPls.Public = pls.Public
+		newPls.EvaluatedAt = &time.Time{}
+	} else {
+		log.Info(ctx, "Adding synced playlist", "playlist", newPls.Name, "path", newPls.Path, "owner", owner.UserName)
+		newPls.OwnerID = owner.ID
+		// For NSP files, Public may already be set from the file; for M3U, use server default
+		if !newPls.IsSmartPlaylist() {
+			newPls.Public = conf.Server.DefaultPlaylistPublicVisibility
+		}
+	}
+	return s.ds.Playlist(ctx).Put(newPls)
+}
--- a/core/playlists/import_test.go
+++ b/core/playlists/import_test.go
@@ -1,4 +1,4 @@
-package core_test
+package playlists_test

 import (
 	"context"
@@ -9,7 +9,7 @@ import (

 	"github.com/navidrome/navidrome/conf"
 	"github.com/navidrome/navidrome/conf/configtest"
-	"github.com/navidrome/navidrome/core"
+	"github.com/navidrome/navidrome/core/playlists"
 	"github.com/navidrome/navidrome/model"
 	"github.com/navidrome/navidrome/model/criteria"
 	"github.com/navidrome/navidrome/model/request"
@@ -19,18 +19,18 @@ import (
 	"golang.org/x/text/unicode/norm"
 )

-var _ = Describe("Playlists", func() {
+var _ = Describe("Playlists - Import", func() {
 	var ds *tests.MockDataStore
-	var ps core.Playlists
-	var mockPlsRepo mockedPlaylistRepo
+	var ps playlists.Playlists
+	var mockPlsRepo *tests.MockPlaylistRepo
 	var mockLibRepo *tests.MockLibraryRepo
 	ctx := context.Background()

 	BeforeEach(func() {
-		mockPlsRepo = mockedPlaylistRepo{}
+		mockPlsRepo = tests.CreateMockPlaylistRepo()
 		mockLibRepo = &tests.MockLibraryRepo{}
 		ds = &tests.MockDataStore{
-			MockedPlaylist: &mockPlsRepo,
+			MockedPlaylist: mockPlsRepo,
 			MockedLibrary:  mockLibRepo,
 		}
 		ctx = request.WithUser(ctx, model.User{ID: "123"})
@@ -39,7 +39,7 @@ var _ = Describe("Playlists", func() {
 	Describe("ImportFile", func() {
 		var folder *model.Folder
 		BeforeEach(func() {
-			ps = core.NewPlaylists(ds)
+			ps = playlists.NewPlaylists(ds)
 			ds.MockedMediaFile = &mockedMediaFileRepo{}
 			libPath, _ := os.Getwd()
 			// Set up library with the actual library path that matches the folder
@@ -61,7 +61,7 @@ var _ = Describe("Playlists", func() {
 				Expect(pls.Tracks).To(HaveLen(2))
 				Expect(pls.Tracks[0].Path).To(Equal("tests/fixtures/playlists/test.mp3"))
 				Expect(pls.Tracks[1].Path).To(Equal("tests/fixtures/playlists/test.ogg"))
-				Expect(mockPlsRepo.last).To(Equal(pls))
+				Expect(mockPlsRepo.Last).To(Equal(pls))
 			})

 			It("parses playlists using LF ending", func() {
@@ -99,7 +99,7 @@ var _ = Describe("Playlists", func() {
 			It("parses well-formed playlists", func() {
 				pls, err := ps.ImportFile(ctx, folder, "recently_played.nsp")
 				Expect(err).ToNot(HaveOccurred())
-				Expect(mockPlsRepo.last).To(Equal(pls))
+				Expect(mockPlsRepo.Last).To(Equal(pls))
 				Expect(pls.OwnerID).To(Equal("123"))
 				Expect(pls.Name).To(Equal("Recently Played"))
 				Expect(pls.Comment).To(Equal("Recently played tracks"))
@@ -149,7 +149,7 @@ var _ = Describe("Playlists", func() {
 				tmpDir := GinkgoT().TempDir()
 				mockLibRepo.SetData([]model.Library{{ID: 1, Path: tmpDir}})
 				ds.MockedMediaFile = &mockedMediaFileFromListRepo{data: []string{}}
-				ps = core.NewPlaylists(ds)
+				ps = playlists.NewPlaylists(ds)

 				// Create the playlist file on disk with the filesystem's normalization form
 				plsFile := tmpDir + "/" + filesystemName + ".m3u"
@@ -163,7 +163,7 @@ var _ = Describe("Playlists", func() {
 					Path: storedPath,
 					Sync: true,
 				}
-				mockPlsRepo.data = map[string]*model.Playlist{storedPath: existingPls}
+				mockPlsRepo.PathMap = map[string]*model.Playlist{storedPath: existingPls}

 				// Import using the filesystem's normalization form
 				plsFolder := &model.Folder{
@@ -209,7 +209,7 @@ var _ = Describe("Playlists", func() {
 						"def.mp3", // This is playlists/def.mp3 relative to plsDir
 					},
 				}
-				ps = core.NewPlaylists(ds)
+				ps = playlists.NewPlaylists(ds)
 			})

 			It("handles relative paths that reference files in other libraries", func() {
@@ -365,7 +365,7 @@ var _ = Describe("Playlists", func() {
 					},
 				}
 				// Recreate playlists service to pick up new mock
-				ps = core.NewPlaylists(ds)
+				ps = playlists.NewPlaylists(ds)

 				// Create playlist in music library that references both tracks
 				plsContent := "#PLAYLIST:Same Path Test\nalbum/track.mp3\n../classical/album/track.mp3"
@@ -408,7 +408,7 @@ var _ = Describe("Playlists", func() {
 		BeforeEach(func() {
 			repo = &mockedMediaFileFromListRepo{}
 			ds.MockedMediaFile = repo
-			ps = core.NewPlaylists(ds)
+			ps = playlists.NewPlaylists(ds)
 			mockLibRepo.SetData([]model.Library{{ID: 1, Path: "/music"}, {ID: 2, Path: "/new"}})
 			ctx = request.WithUser(ctx, model.User{ID: "123"})
 		})
@@ -439,7 +439,7 @@ var _ = Describe("Playlists", func() {
 			Expect(pls.Tracks[1].Path).To(Equal("tests/test.ogg"))
 			Expect(pls.Tracks[2].Path).To(Equal("downloads/newfile.flac"))
 			Expect(pls.Tracks[3].Path).To(Equal("tests/01 Invisible (RED) Edit Version.mp3"))
-			Expect(mockPlsRepo.last).To(Equal(pls))
+			Expect(mockPlsRepo.Last).To(Equal(pls))
 		})

 		It("sets the playlist name as a timestamp if the #PLAYLIST directive is not present", func() {
@@ -460,7 +460,7 @@ var _ = Describe("Playlists", func() {
 			Expect(pls.Tracks).To(HaveLen(2))
 		})

-		It("returns only tracks that exist in the database and in the same other as the m3u", func() {
+		It("returns only tracks that exist in the database and in the same order as the m3u", func() {
 			repo.data = []string{
 				"album1/test1.mp3",
 				"album2/test2.mp3",
@@ -570,7 +570,7 @@ var _ = Describe("Playlists", func() {

 	})

-	Describe("InPlaylistsPath", func() {
+	Describe("InPath", func() {
 		var folder model.Folder

 		BeforeEach(func() {
@@ -584,27 +584,27 @@ var _ = Describe("Playlists", func() {

 		It("returns true if PlaylistsPath is empty", func() {
 			conf.Server.PlaylistsPath = ""
-			Expect(core.InPlaylistsPath(folder)).To(BeTrue())
+			Expect(playlists.InPath(folder)).To(BeTrue())
 		})

 		It("returns true if PlaylistsPath is any (**/**)", func() {
 			conf.Server.PlaylistsPath = "**/**"
-			Expect(core.InPlaylistsPath(folder)).To(BeTrue())
+			Expect(playlists.InPath(folder)).To(BeTrue())
 		})

 		It("returns true if folder is in PlaylistsPath", func() {
 			conf.Server.PlaylistsPath = "other/**:playlists/**"
-			Expect(core.InPlaylistsPath(folder)).To(BeTrue())
+			Expect(playlists.InPath(folder)).To(BeTrue())
 		})

 		It("returns false if folder is not in PlaylistsPath", func() {
 			conf.Server.PlaylistsPath = "other"
-			Expect(core.InPlaylistsPath(folder)).To(BeFalse())
+			Expect(playlists.InPath(folder)).To(BeFalse())
 		})

 		It("returns true if for a playlist in root of MusicFolder if PlaylistsPath is '.'", func() {
 			conf.Server.PlaylistsPath = "."
-			Expect(core.InPlaylistsPath(folder)).To(BeFalse())
+			Expect(playlists.InPath(folder)).To(BeFalse())

 			folder2 := model.Folder{
 				LibraryPath: "/music",
@@ -612,7 +612,7 @@ var _ = Describe("Playlists", func() {
 				Name:        ".",
 			}

-			Expect(core.InPlaylistsPath(folder2)).To(BeTrue())
+			Expect(playlists.InPath(folder2)).To(BeTrue())
 		})
 	})
 })
@@ -693,23 +693,3 @@ func (r *mockedMediaFileFromListRepo) FindByPaths(paths []string) (model.MediaFi
 	}
 	return mfs, nil
 }
-
-type mockedPlaylistRepo struct {
-	last *model.Playlist
-	data map[string]*model.Playlist // keyed by path
-	model.PlaylistRepository
-}
-
-func (r *mockedPlaylistRepo) FindByPath(path string) (*model.Playlist, error) {
-	if r.data != nil {
-		if pls, ok := r.data[path]; ok {
-			return pls, nil
-		}
-	}
-	return nil, model.ErrNotFound
-}
-
-func (r *mockedPlaylistRepo) Put(pls *model.Playlist) error {
-	r.last = pls
-	return nil
-}
--- a/core/playlists/parse_m3u.go
+++ b/core/playlists/parse_m3u.go
@@ -1,183 +1,28 @@
-package core
+package playlists

 import (
 	"cmp"
 	"context"
-	"encoding/json"
-	"errors"
 	"fmt"
 	"io"
 	"net/url"
-	"os"
 	"path/filepath"
 	"slices"
 	"strings"
 	"time"

-	"github.com/RaveNoX/go-jsoncommentstrip"
-	"github.com/bmatcuk/doublestar/v4"
-	"github.com/navidrome/navidrome/conf"
 	"github.com/navidrome/navidrome/log"
 	"github.com/navidrome/navidrome/model"
-	"github.com/navidrome/navidrome/model/criteria"
-	"github.com/navidrome/navidrome/model/request"
-	"github.com/navidrome/navidrome/utils/ioutils"
 	"github.com/navidrome/navidrome/utils/slice"
 	"golang.org/x/text/unicode/norm"
 )

-type Playlists interface {
-	ImportFile(ctx context.Context, folder *model.Folder, filename string) (*model.Playlist, error)
-	Update(ctx context.Context, playlistID string, name *string, comment *string, public *bool, idsToAdd []string, idxToRemove []int) error
-	ImportM3U(ctx context.Context, reader io.Reader) (*model.Playlist, error)
-}
-
-type playlists struct {
-	ds model.DataStore
-}
-
-func NewPlaylists(ds model.DataStore) Playlists {
-	return &playlists{ds: ds}
-}
-
-func InPlaylistsPath(folder model.Folder) bool {
-	if conf.Server.PlaylistsPath == "" {
-		return true
-	}
-	rel, _ := filepath.Rel(folder.LibraryPath, folder.AbsolutePath())
-	for _, path := range strings.Split(conf.Server.PlaylistsPath, string(filepath.ListSeparator)) {
-		if match, _ := doublestar.Match(path, rel); match {
-			return true
-		}
-	}
-	return false
-}
-
-func (s *playlists) ImportFile(ctx context.Context, folder *model.Folder, filename string) (*model.Playlist, error) {
-	pls, err := s.parsePlaylist(ctx, filename, folder)
-	if err != nil {
-		log.Error(ctx, "Error parsing playlist", "path", filepath.Join(folder.AbsolutePath(), filename), err)
-		return nil, err
-	}
-	log.Debug("Found playlist", "name", pls.Name, "lastUpdated", pls.UpdatedAt, "path", pls.Path, "numTracks", len(pls.Tracks))
-	err = s.updatePlaylist(ctx, pls)
-	if err != nil {
-		log.Error(ctx, "Error updating playlist", "path", filepath.Join(folder.AbsolutePath(), filename), err)
-	}
-	return pls, err
-}
-
-func (s *playlists) ImportM3U(ctx context.Context, reader io.Reader) (*model.Playlist, error) {
-	owner, _ := request.UserFrom(ctx)
-	pls := &model.Playlist{
-		OwnerID: owner.ID,
-		Public:  false,
-		Sync:    false,
-	}
-	err := s.parseM3U(ctx, pls, nil, reader)
-	if err != nil {
-		log.Error(ctx, "Error parsing playlist", err)
-		return nil, err
-	}
-	err = s.ds.Playlist(ctx).Put(pls)
-	if err != nil {
-		log.Error(ctx, "Error saving playlist", err)
-		return nil, err
-	}
-	return pls, nil
-}
-
-func (s *playlists) parsePlaylist(ctx context.Context, playlistFile string, folder *model.Folder) (*model.Playlist, error) {
-	pls, err := s.newSyncedPlaylist(folder.AbsolutePath(), playlistFile)
-	if err != nil {
-		return nil, err
-	}
-
-	file, err := os.Open(pls.Path)
-	if err != nil {
-		return nil, err
-	}
-	defer file.Close()
-
-	reader := ioutils.UTF8Reader(file)
-	extension := strings.ToLower(filepath.Ext(playlistFile))
-	switch extension {
-	case ".nsp":
-		err = s.parseNSP(ctx, pls, reader)
-	default:
-		err = s.parseM3U(ctx, pls, folder, reader)
-	}
-	return pls, err
-}
-
-func (s *playlists) newSyncedPlaylist(baseDir string, playlistFile string) (*model.Playlist, error) {
-	playlistPath := filepath.Join(baseDir, playlistFile)
-	info, err := os.Stat(playlistPath)
-	if err != nil {
-		return nil, err
-	}
-
-	var extension = filepath.Ext(playlistFile)
-	var name = playlistFile[0 : len(playlistFile)-len(extension)]
-
-	pls := &model.Playlist{
-		Name:      name,
-		Comment:   fmt.Sprintf("Auto-imported from '%s'", playlistFile),
-		Public:    false,
-		Path:      playlistPath,
-		Sync:      true,
-		UpdatedAt: info.ModTime(),
-	}
-	return pls, nil
-}
-
-func getPositionFromOffset(data []byte, offset int64) (line, column int) {
-	line = 1
-	for _, b := range data[:offset] {
-		if b == '\n' {
-			line++
-			column = 1
-		} else {
-			column++
-		}
-	}
-	return
-}
-
-func (s *playlists) parseNSP(_ context.Context, pls *model.Playlist, reader io.Reader) error {
-	nsp := &nspFile{}
-	reader = io.LimitReader(reader, 100*1024) // Limit to 100KB
-	reader = jsoncommentstrip.NewReader(reader)
-	input, err := io.ReadAll(reader)
-	if err != nil {
-		return fmt.Errorf("reading SmartPlaylist: %w", err)
-	}
-	err = json.Unmarshal(input, nsp)
-	if err != nil {
-		var syntaxErr *json.SyntaxError
-		if errors.As(err, &syntaxErr) {
-			line, col := getPositionFromOffset(input, syntaxErr.Offset)
-			return fmt.Errorf("JSON syntax error in SmartPlaylist at line %d, column %d: %w", line, col, err)
-		}
-		return fmt.Errorf("JSON parsing error in SmartPlaylist: %w", err)
-	}
-	pls.Rules = &nsp.Criteria
-	if nsp.Name != "" {
-		pls.Name = nsp.Name
-	}
-	if nsp.Comment != "" {
-		pls.Comment = nsp.Comment
-	}
-	if nsp.Public != nil {
-		pls.Public = *nsp.Public
-	} else {
-		pls.Public = conf.Server.DefaultPlaylistPublicVisibility
-	}
-	return nil
-}
-
 func (s *playlists) parseM3U(ctx context.Context, pls *model.Playlist, folder *model.Folder, reader io.Reader) error {
 	mediaFileRepository := s.ds.MediaFile(ctx)
+	resolver, err := newPathResolver(ctx, s.ds)
+	if err != nil {
+		return err
+	}
 	var mfs model.MediaFiles
 	// Chunk size of 100 lines, as each line can generate up to 4 lookup candidates
 	// (NFC/NFD × raw/lowercase), and SQLite has a max expression tree depth of 1000.
@@ -193,8 +38,8 @@ func (s *playlists) parseM3U(ctx context.Context, pls *model.Playlist, folder *m
 			if line == "" || strings.HasPrefix(line, "#") {
 				continue
 			}
-			if strings.HasPrefix(line, "file://") {
-				line = strings.TrimPrefix(line, "file://")
+			if after, ok := strings.CutPrefix(line, "file://"); ok {
+				line = after
 				line, _ = url.QueryUnescape(line)
 			}
 			if !model.IsAudioFile(line) {
@@ -202,7 +47,7 @@ func (s *playlists) parseM3U(ctx context.Context, pls *model.Playlist, folder *m
 			}
 			filteredLines = append(filteredLines, line)
 		}
-		resolvedPaths, err := s.resolvePaths(ctx, folder, filteredLines)
+		resolvedPaths, err := resolver.resolvePaths(ctx, folder, filteredLines)
 		if err != nil {
 			log.Warn(ctx, "Error resolving paths in playlist", "playlist", pls.Name, err)
 			continue
@@ -258,7 +103,9 @@ func (s *playlists) parseM3U(ctx context.Context, pls *model.Playlist, folder *m
 			existing[key] = idx
 		}

-		// Find media files in the order of the resolved paths, to keep playlist order
+		// Find media files in the order of the resolved paths, to keep playlist order.
+		// Both `existing` keys and `resolvedPaths` use the library-qualified format "libraryID:relativePath",
+		// so normalizing the full string produces matching keys (digits and ':' are ASCII-invariant).
 		for _, path := range resolvedPaths {
 			key := strings.ToLower(norm.NFC.String(path))
 			idx, ok := existing[key]
@@ -398,15 +245,10 @@ func (r *pathResolver) findInLibraries(absolutePath string) pathResolution {
 // resolvePaths converts playlist file paths to library-qualified paths (format: "libraryID:relativePath").
 // For relative paths, it resolves them to absolute paths first, then determines which
 // library they belong to. This allows playlists to reference files across library boundaries.
-func (s *playlists) resolvePaths(ctx context.Context, folder *model.Folder, lines []string) ([]string, error) {
-	resolver, err := newPathResolver(ctx, s.ds)
-	if err != nil {
-		return nil, err
-	}
-
+func (r *pathResolver) resolvePaths(ctx context.Context, folder *model.Folder, lines []string) ([]string, error) {
 	results := make([]string, 0, len(lines))
 	for idx, line := range lines {
-		resolution := resolver.resolvePath(line, folder)
+		resolution := r.resolvePath(line, folder)

 		if !resolution.valid {
 			log.Warn(ctx, "Path in playlist not found in any library", "path", line, "line", idx)
@@ -425,123 +267,3 @@ func (s *playlists) resolvePaths(ctx context.Context, folder *model.Folder, line

 	return results, nil
 }
-
-func (s *playlists) updatePlaylist(ctx context.Context, newPls *model.Playlist) error {
-	owner, _ := request.UserFrom(ctx)
-
-	// Try to find existing playlist by path. Since filesystem normalization differs across
-	// platforms (macOS uses NFD, Linux/Windows use NFC), we try both forms to match
-	// playlists that may have been imported on a different platform.
-	pls, err := s.ds.Playlist(ctx).FindByPath(newPls.Path)
-	if errors.Is(err, model.ErrNotFound) {
-		// Try alternate normalization form
-		altPath := norm.NFD.String(newPls.Path)
-		if altPath == newPls.Path {
-			altPath = norm.NFC.String(newPls.Path)
-		}
-		if altPath != newPls.Path {
-			pls, err = s.ds.Playlist(ctx).FindByPath(altPath)
-		}
-	}
-	if err != nil && !errors.Is(err, model.ErrNotFound) {
-		return err
-	}
-	if err == nil && !pls.Sync {
-		log.Debug(ctx, "Playlist already imported and not synced", "playlist", pls.Name, "path", pls.Path)
-		return nil
-	}
-
-	if err == nil {
-		log.Info(ctx, "Updating synced playlist", "playlist", pls.Name, "path", newPls.Path)
-		newPls.ID = pls.ID
-		newPls.Name = pls.Name
-		newPls.Comment = pls.Comment
-		newPls.OwnerID = pls.OwnerID
-		newPls.Public = pls.Public
-		newPls.EvaluatedAt = &time.Time{}
-	} else {
-		log.Info(ctx, "Adding synced playlist", "playlist", newPls.Name, "path", newPls.Path, "owner", owner.UserName)
-		newPls.OwnerID = owner.ID
-		// For NSP files, Public may already be set from the file; for M3U, use server default
-		if !newPls.IsSmartPlaylist() {
-			newPls.Public = conf.Server.DefaultPlaylistPublicVisibility
-		}
-	}
-	return s.ds.Playlist(ctx).Put(newPls)
-}
-
-func (s *playlists) Update(ctx context.Context, playlistID string,
-	name *string, comment *string, public *bool,
-	idsToAdd []string, idxToRemove []int) error {
-	needsInfoUpdate := name != nil || comment != nil || public != nil
-	needsTrackRefresh := len(idxToRemove) > 0
-
-	return s.ds.WithTxImmediate(func(tx model.DataStore) error {
-		var pls *model.Playlist
-		var err error
-		repo := tx.Playlist(ctx)
-		tracks := repo.Tracks(playlistID, true)
-		if tracks == nil {
-			return fmt.Errorf("%w: playlist '%s'", model.ErrNotFound, playlistID)
-		}
-		if needsTrackRefresh {
-			pls, err = repo.GetWithTracks(playlistID, true, false)
-			pls.RemoveTracks(idxToRemove)
-			pls.AddMediaFilesByID(idsToAdd)
-		} else {
-			if len(idsToAdd) > 0 {
-				_, err = tracks.Add(idsToAdd)
-				if err != nil {
-					return err
-				}
-			}
-			if needsInfoUpdate {
-				pls, err = repo.Get(playlistID)
-			}
-		}
-		if err != nil {
-			return err
-		}
-		if !needsTrackRefresh && !needsInfoUpdate {
-			return nil
-		}
-
-		if name != nil {
-			pls.Name = *name
-		}
-		if comment != nil {
-			pls.Comment = *comment
-		}
-		if public != nil {
-			pls.Public = *public
-		}
-		// Special case: The playlist is now empty
-		if len(idxToRemove) > 0 && len(pls.Tracks) == 0 {
-			if err = tracks.DeleteAll(); err != nil {
-				return err
-			}
-		}
-		return repo.Put(pls)
-	})
-}
-
-type nspFile struct {
-	criteria.Criteria
-	Name    string `json:"name"`
-	Comment string `json:"comment"`
-	Public  *bool  `json:"public"`
-}
-
-func (i *nspFile) UnmarshalJSON(data []byte) error {
-	m := map[string]interface{}{}
-	err := json.Unmarshal(data, &m)
-	if err != nil {
-		return err
-	}
-	i.Name, _ = m["name"].(string)
-	i.Comment, _ = m["comment"].(string)
-	if public, ok := m["public"].(bool); ok {
-		i.Public = &public
-	}
-	return json.Unmarshal(data, &i.Criteria)
-}
--- a/core/playlists/parse_m3u_test.go
+++ b/core/playlists/parse_m3u_test.go
@@ -1,4 +1,4 @@
-package core
+package playlists

 import (
 	"context"
@@ -214,38 +214,38 @@ var _ = Describe("pathResolver", func() {
 	})

 	Describe("resolvePath", func() {
-		It("resolves absolute paths", func() {
-			resolution := resolver.resolvePath("/music/artist/album/track.mp3", nil)
+		Context("basic", func() {
+			It("resolves absolute paths", func() {
+				resolution := resolver.resolvePath("/music/artist/album/track.mp3", nil)

-			Expect(resolution.valid).To(BeTrue())
-			Expect(resolution.libraryID).To(Equal(1))
-			Expect(resolution.libraryPath).To(Equal("/music"))
-			Expect(resolution.absolutePath).To(Equal("/music/artist/album/track.mp3"))
+				Expect(resolution.valid).To(BeTrue())
+				Expect(resolution.libraryID).To(Equal(1))
+				Expect(resolution.libraryPath).To(Equal("/music"))
+				Expect(resolution.absolutePath).To(Equal("/music/artist/album/track.mp3"))
+			})
+
+			It("resolves relative paths when folder is provided", func() {
+				folder := &model.Folder{
+					Path:        "playlists",
+					LibraryPath: "/music",
+					LibraryID:   1,
+				}
+
+				resolution := resolver.resolvePath("../artist/album/track.mp3", folder)
+
+				Expect(resolution.valid).To(BeTrue())
+				Expect(resolution.libraryID).To(Equal(1))
+				Expect(resolution.absolutePath).To(Equal("/music/artist/album/track.mp3"))
+			})
+
+			It("returns invalid resolution for paths outside any library", func() {
+				resolution := resolver.resolvePath("/outside/library/track.mp3", nil)
+
+				Expect(resolution.valid).To(BeFalse())
+			})
 		})

-		It("resolves relative paths when folder is provided", func() {
-			folder := &model.Folder{
-				Path:        "playlists",
-				LibraryPath: "/music",
-				LibraryID:   1,
-			}
-
-			resolution := resolver.resolvePath("../artist/album/track.mp3", folder)
-
-			Expect(resolution.valid).To(BeTrue())
-			Expect(resolution.libraryID).To(Equal(1))
-			Expect(resolution.absolutePath).To(Equal("/music/artist/album/track.mp3"))
-		})
-
-		It("returns invalid resolution for paths outside any library", func() {
-			resolution := resolver.resolvePath("/outside/library/track.mp3", nil)
-
-			Expect(resolution.valid).To(BeFalse())
-		})
-	})
-
-	Describe("resolvePath", func() {
-		Context("With absolute paths", func() {
+		Context("cross-library", func() {
 			It("resolves path within a library", func() {
 				resolution := resolver.resolvePath("/music/track.mp3", nil)

--- a/core/playlists/parse_nsp.go
+++ b/core/playlists/parse_nsp.go
@@ -0,0 +1,103 @@
+package playlists
+
+import (
+	"context"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"io"
+	"os"
+	"path/filepath"
+
+	"github.com/RaveNoX/go-jsoncommentstrip"
+	"github.com/navidrome/navidrome/conf"
+	"github.com/navidrome/navidrome/model"
+	"github.com/navidrome/navidrome/model/criteria"
+)
+
+func (s *playlists) newSyncedPlaylist(baseDir string, playlistFile string) (*model.Playlist, error) {
+	playlistPath := filepath.Join(baseDir, playlistFile)
+	info, err := os.Stat(playlistPath)
+	if err != nil {
+		return nil, err
+	}
+
+	var extension = filepath.Ext(playlistFile)
+	var name = playlistFile[0 : len(playlistFile)-len(extension)]
+
+	pls := &model.Playlist{
+		Name:      name,
+		Comment:   fmt.Sprintf("Auto-imported from '%s'", playlistFile),
+		Public:    false,
+		Path:      playlistPath,
+		Sync:      true,
+		UpdatedAt: info.ModTime(),
+	}
+	return pls, nil
+}
+
+func getPositionFromOffset(data []byte, offset int64) (line, column int) {
+	line = 1
+	for _, b := range data[:offset] {
+		if b == '\n' {
+			line++
+			column = 1
+		} else {
+			column++
+		}
+	}
+	return
+}
+
+func (s *playlists) parseNSP(_ context.Context, pls *model.Playlist, reader io.Reader) error {
+	nsp := &nspFile{}
+	reader = io.LimitReader(reader, 100*1024) // Limit to 100KB
+	reader = jsoncommentstrip.NewReader(reader)
+	input, err := io.ReadAll(reader)
+	if err != nil {
+		return fmt.Errorf("reading SmartPlaylist: %w", err)
+	}
+	err = json.Unmarshal(input, nsp)
+	if err != nil {
+		var syntaxErr *json.SyntaxError
+		if errors.As(err, &syntaxErr) {
+			line, col := getPositionFromOffset(input, syntaxErr.Offset)
+			return fmt.Errorf("JSON syntax error in SmartPlaylist at line %d, column %d: %w", line, col, err)
+		}
+		return fmt.Errorf("JSON parsing error in SmartPlaylist: %w", err)
+	}
+	pls.Rules = &nsp.Criteria
+	if nsp.Name != "" {
+		pls.Name = nsp.Name
+	}
+	if nsp.Comment != "" {
+		pls.Comment = nsp.Comment
+	}
+	if nsp.Public != nil {
+		pls.Public = *nsp.Public
+	} else {
+		pls.Public = conf.Server.DefaultPlaylistPublicVisibility
+	}
+	return nil
+}
+
+type nspFile struct {
+	criteria.Criteria
+	Name    string `json:"name"`
+	Comment string `json:"comment"`
+	Public  *bool  `json:"public"`
+}
+
+func (i *nspFile) UnmarshalJSON(data []byte) error {
+	m := map[string]any{}
+	err := json.Unmarshal(data, &m)
+	if err != nil {
+		return err
+	}
+	i.Name, _ = m["name"].(string)
+	i.Comment, _ = m["comment"].(string)
+	if public, ok := m["public"].(bool); ok {
+		i.Public = &public
+	}
+	return json.Unmarshal(data, &i.Criteria)
+}
--- a/core/playlists/parse_nsp_test.go
+++ b/core/playlists/parse_nsp_test.go
@@ -0,0 +1,213 @@
+package playlists
+
+import (
+	"context"
+	"os"
+	"path/filepath"
+	"strings"
+
+	"github.com/navidrome/navidrome/conf"
+	"github.com/navidrome/navidrome/conf/configtest"
+	"github.com/navidrome/navidrome/model"
+	"github.com/navidrome/navidrome/model/criteria"
+	. "github.com/onsi/ginkgo/v2"
+	. "github.com/onsi/gomega"
+)
+
+var _ = Describe("parseNSP", func() {
+	var s *playlists
+	ctx := context.Background()
+
+	BeforeEach(func() {
+		s = &playlists{}
+	})
+
+	It("parses a well-formed NSP with all fields", func() {
+		nsp := `{
+			"name": "My Smart Playlist",
+			"comment": "A test playlist",
+			"public": true,
+			"all": [{"is": {"loved": true}}],
+			"sort": "title",
+			"order": "asc",
+			"limit": 50
+		}`
+		pls := &model.Playlist{Name: "default-name"}
+		err := s.parseNSP(ctx, pls, strings.NewReader(nsp))
+		Expect(err).ToNot(HaveOccurred())
+		Expect(pls.Name).To(Equal("My Smart Playlist"))
+		Expect(pls.Comment).To(Equal("A test playlist"))
+		Expect(pls.Public).To(BeTrue())
+		Expect(pls.Rules).ToNot(BeNil())
+		Expect(pls.Rules.Sort).To(Equal("title"))
+		Expect(pls.Rules.Order).To(Equal("asc"))
+		Expect(pls.Rules.Limit).To(Equal(50))
+		Expect(pls.Rules.Expression).To(BeAssignableToTypeOf(criteria.All{}))
+	})
+
+	It("keeps existing name when NSP has no name field", func() {
+		nsp := `{"all": [{"is": {"loved": true}}]}`
+		pls := &model.Playlist{Name: "Original Name"}
+		err := s.parseNSP(ctx, pls, strings.NewReader(nsp))
+		Expect(err).ToNot(HaveOccurred())
+		Expect(pls.Name).To(Equal("Original Name"))
+	})
+
+	It("keeps existing comment when NSP has no comment field", func() {
+		nsp := `{"all": [{"is": {"loved": true}}]}`
+		pls := &model.Playlist{Comment: "Original Comment"}
+		err := s.parseNSP(ctx, pls, strings.NewReader(nsp))
+		Expect(err).ToNot(HaveOccurred())
+		Expect(pls.Comment).To(Equal("Original Comment"))
+	})
+
+	It("strips JSON comments before parsing", func() {
+		nsp := `{
+			// Line comment
+			"name": "Commented Playlist",
+			/* Block comment */
+			"all": [{"is": {"loved": true}}]
+		}`
+		pls := &model.Playlist{}
+		err := s.parseNSP(ctx, pls, strings.NewReader(nsp))
+		Expect(err).ToNot(HaveOccurred())
+		Expect(pls.Name).To(Equal("Commented Playlist"))
+	})
+
+	It("uses server default when public field is absent", func() {
+		DeferCleanup(configtest.SetupConfig())
+		conf.Server.DefaultPlaylistPublicVisibility = true
+
+		nsp := `{"all": [{"is": {"loved": true}}]}`
+		pls := &model.Playlist{}
+		err := s.parseNSP(ctx, pls, strings.NewReader(nsp))
+		Expect(err).ToNot(HaveOccurred())
+		Expect(pls.Public).To(BeTrue())
+	})
+
+	It("honors explicit public: false over server default", func() {
+		DeferCleanup(configtest.SetupConfig())
+		conf.Server.DefaultPlaylistPublicVisibility = true
+
+		nsp := `{"public": false, "all": [{"is": {"loved": true}}]}`
+		pls := &model.Playlist{}
+		err := s.parseNSP(ctx, pls, strings.NewReader(nsp))
+		Expect(err).ToNot(HaveOccurred())
+		Expect(pls.Public).To(BeFalse())
+	})
+
+	It("returns a syntax error with line and column info", func() {
+		nsp := "{\n  \"name\": \"Bad\",\n  \"all\": [INVALID]\n}"
+		pls := &model.Playlist{}
+		err := s.parseNSP(ctx, pls, strings.NewReader(nsp))
+		Expect(err).To(HaveOccurred())
+		Expect(err.Error()).To(ContainSubstring("JSON syntax error in SmartPlaylist"))
+		Expect(err.Error()).To(MatchRegexp(`line \d+, column \d+`))
+	})
+
+	It("returns a parsing error for completely invalid JSON", func() {
+		nsp := `not json at all`
+		pls := &model.Playlist{}
+		err := s.parseNSP(ctx, pls, strings.NewReader(nsp))
+		Expect(err).To(HaveOccurred())
+		Expect(err.Error()).To(ContainSubstring("SmartPlaylist"))
+	})
+
+	It("gracefully handles non-string name field", func() {
+		nsp := `{"name": 123, "all": [{"is": {"loved": true}}]}`
+		pls := &model.Playlist{Name: "Original"}
+		err := s.parseNSP(ctx, pls, strings.NewReader(nsp))
+		Expect(err).ToNot(HaveOccurred())
+		// Type assertion in UnmarshalJSON fails silently; name stays as original
+		Expect(pls.Name).To(Equal("Original"))
+	})
+
+	It("parses criteria with multiple rules", func() {
+		nsp := `{
+			"all": [
+				{"is": {"loved": true}},
+				{"contains": {"title": "rock"}}
+			],
+			"sort": "lastPlayed",
+			"order": "desc",
+			"limit": 100
+		}`
+		pls := &model.Playlist{}
+		err := s.parseNSP(ctx, pls, strings.NewReader(nsp))
+		Expect(err).ToNot(HaveOccurred())
+		Expect(pls.Rules).ToNot(BeNil())
+		Expect(pls.Rules.Sort).To(Equal("lastPlayed"))
+		Expect(pls.Rules.Order).To(Equal("desc"))
+		Expect(pls.Rules.Limit).To(Equal(100))
+	})
+})
+
+var _ = Describe("getPositionFromOffset", func() {
+	It("returns correct position on first line", func() {
+		data := []byte("hello world")
+		line, col := getPositionFromOffset(data, 5)
+		Expect(line).To(Equal(1))
+		Expect(col).To(Equal(5))
+	})
+
+	It("returns correct position after newlines", func() {
+		data := []byte("line1\nline2\nline3")
+		// Offsets: l(0) i(1) n(2) e(3) 1(4) \n(5) l(6) i(7) n(8)
+		line, col := getPositionFromOffset(data, 8)
+		Expect(line).To(Equal(2))
+		Expect(col).To(Equal(3))
+	})
+
+	It("returns correct position at start of new line", func() {
+		data := []byte("line1\nline2")
+		// After \n at offset 5, col resets to 1; offset 6 is 'l' -> col=1
+		line, col := getPositionFromOffset(data, 6)
+		Expect(line).To(Equal(2))
+		Expect(col).To(Equal(1))
+	})
+
+	It("handles multiple newlines", func() {
+		data := []byte("a\nb\nc\nd")
+		// a(0) \n(1) b(2) \n(3) c(4) \n(5) d(6)
+		line, col := getPositionFromOffset(data, 6)
+		Expect(line).To(Equal(4))
+		Expect(col).To(Equal(1))
+	})
+})
+
+var _ = Describe("newSyncedPlaylist", func() {
+	var s *playlists
+
+	BeforeEach(func() {
+		s = &playlists{}
+	})
+
+	It("creates a synced playlist with correct attributes", func() {
+		tmpDir := GinkgoT().TempDir()
+		Expect(os.WriteFile(filepath.Join(tmpDir, "test.m3u"), []byte("content"), 0600)).To(Succeed())
+
+		pls, err := s.newSyncedPlaylist(tmpDir, "test.m3u")
+		Expect(err).ToNot(HaveOccurred())
+		Expect(pls.Name).To(Equal("test"))
+		Expect(pls.Comment).To(Equal("Auto-imported from 'test.m3u'"))
+		Expect(pls.Public).To(BeFalse())
+		Expect(pls.Path).To(Equal(filepath.Join(tmpDir, "test.m3u")))
+		Expect(pls.Sync).To(BeTrue())
+		Expect(pls.UpdatedAt).ToNot(BeZero())
+	})
+
+	It("strips extension from filename to derive name", func() {
+		tmpDir := GinkgoT().TempDir()
+		Expect(os.WriteFile(filepath.Join(tmpDir, "My Favorites.nsp"), []byte("{}"), 0600)).To(Succeed())
+
+		pls, err := s.newSyncedPlaylist(tmpDir, "My Favorites.nsp")
+		Expect(err).ToNot(HaveOccurred())
+		Expect(pls.Name).To(Equal("My Favorites"))
+	})
+
+	It("returns error for non-existent file", func() {
+		tmpDir := GinkgoT().TempDir()
+		_, err := s.newSyncedPlaylist(tmpDir, "nonexistent.m3u")
+		Expect(err).To(HaveOccurred())
+	})
+})
--- a/core/playlists/playlists.go
+++ b/core/playlists/playlists.go
@@ -0,0 +1,265 @@
+package playlists
+
+import (
+	"context"
+	"io"
+	"path/filepath"
+	"strconv"
+	"strings"
+
+	"github.com/bmatcuk/doublestar/v4"
+	"github.com/deluan/rest"
+	"github.com/navidrome/navidrome/conf"
+	"github.com/navidrome/navidrome/model"
+	"github.com/navidrome/navidrome/model/request"
+)
+
+type Playlists interface {
+	// Reads
+	GetAll(ctx context.Context, options ...model.QueryOptions) (model.Playlists, error)
+	Get(ctx context.Context, id string) (*model.Playlist, error)
+	GetWithTracks(ctx context.Context, id string) (*model.Playlist, error)
+	GetPlaylists(ctx context.Context, mediaFileId string) (model.Playlists, error)
+
+	// Mutations
+	Create(ctx context.Context, playlistId string, name string, ids []string) (string, error)
+	Delete(ctx context.Context, id string) error
+	Update(ctx context.Context, playlistID string, name *string, comment *string, public *bool, idsToAdd []string, idxToRemove []int) error
+
+	// Track management
+	AddTracks(ctx context.Context, playlistID string, ids []string) (int, error)
+	AddAlbums(ctx context.Context, playlistID string, albumIds []string) (int, error)
+	AddArtists(ctx context.Context, playlistID string, artistIds []string) (int, error)
+	AddDiscs(ctx context.Context, playlistID string, discs []model.DiscID) (int, error)
+	RemoveTracks(ctx context.Context, playlistID string, trackIds []string) error
+	ReorderTrack(ctx context.Context, playlistID string, pos int, newPos int) error
+
+	// Import
+	ImportFile(ctx context.Context, folder *model.Folder, filename string) (*model.Playlist, error)
+	ImportM3U(ctx context.Context, reader io.Reader) (*model.Playlist, error)
+
+	// REST adapters (follows Share/Library pattern)
+	NewRepository(ctx context.Context) rest.Repository
+	TracksRepository(ctx context.Context, playlistId string, refreshSmartPlaylist bool) rest.Repository
+}
+
+type playlists struct {
+	ds model.DataStore
+}
+
+func NewPlaylists(ds model.DataStore) Playlists {
+	return &playlists{ds: ds}
+}
+
+func InPath(folder model.Folder) bool {
+	if conf.Server.PlaylistsPath == "" {
+		return true
+	}
+	rel, _ := filepath.Rel(folder.LibraryPath, folder.AbsolutePath())
+	for path := range strings.SplitSeq(conf.Server.PlaylistsPath, string(filepath.ListSeparator)) {
+		if match, _ := doublestar.Match(path, rel); match {
+			return true
+		}
+	}
+	return false
+}
+
+// --- Read operations ---
+
+func (s *playlists) GetAll(ctx context.Context, options ...model.QueryOptions) (model.Playlists, error) {
+	return s.ds.Playlist(ctx).GetAll(options...)
+}
+
+func (s *playlists) Get(ctx context.Context, id string) (*model.Playlist, error) {
+	return s.ds.Playlist(ctx).Get(id)
+}
+
+func (s *playlists) GetWithTracks(ctx context.Context, id string) (*model.Playlist, error) {
+	return s.ds.Playlist(ctx).GetWithTracks(id, true, false)
+}
+
+func (s *playlists) GetPlaylists(ctx context.Context, mediaFileId string) (model.Playlists, error) {
+	return s.ds.Playlist(ctx).GetPlaylists(mediaFileId)
+}
+
+// --- Mutation operations ---
+
+// Create creates a new playlist (when name is provided) or replaces tracks on an existing
+// playlist (when playlistId is provided). This matches the Subsonic createPlaylist semantics.
+func (s *playlists) Create(ctx context.Context, playlistId string, name string, ids []string) (string, error) {
+	usr, _ := request.UserFrom(ctx)
+	err := s.ds.WithTxImmediate(func(tx model.DataStore) error {
+		var pls *model.Playlist
+		var err error
+
+		if playlistId != "" {
+			pls, err = tx.Playlist(ctx).Get(playlistId)
+			if err != nil {
+				return err
+			}
+			if pls.IsSmartPlaylist() {
+				return model.ErrNotAuthorized
+			}
+			if !usr.IsAdmin && pls.OwnerID != usr.ID {
+				return model.ErrNotAuthorized
+			}
+		} else {
+			pls = &model.Playlist{Name: name}
+			pls.OwnerID = usr.ID
+		}
+		pls.Tracks = nil
+		pls.AddMediaFilesByID(ids)
+
+		err = tx.Playlist(ctx).Put(pls)
+		playlistId = pls.ID
+		return err
+	})
+	return playlistId, err
+}
+
+func (s *playlists) Delete(ctx context.Context, id string) error {
+	if _, err := s.checkWritable(ctx, id); err != nil {
+		return err
+	}
+	return s.ds.Playlist(ctx).Delete(id)
+}
+
+func (s *playlists) Update(ctx context.Context, playlistID string,
+	name *string, comment *string, public *bool,
+	idsToAdd []string, idxToRemove []int) error {
+	var pls *model.Playlist
+	var err error
+	hasTrackChanges := len(idsToAdd) > 0 || len(idxToRemove) > 0
+	if hasTrackChanges {
+		pls, err = s.checkTracksEditable(ctx, playlistID)
+	} else {
+		pls, err = s.checkWritable(ctx, playlistID)
+	}
+	if err != nil {
+		return err
+	}
+	return s.ds.WithTxImmediate(func(tx model.DataStore) error {
+		repo := tx.Playlist(ctx)
+
+		if len(idxToRemove) > 0 {
+			tracksRepo := repo.Tracks(playlistID, false)
+			// Convert 0-based indices to 1-based position IDs and delete them directly,
+			// avoiding the need to load all tracks into memory.
+			positions := make([]string, len(idxToRemove))
+			for i, idx := range idxToRemove {
+				positions[i] = strconv.Itoa(idx + 1)
+			}
+			if err := tracksRepo.Delete(positions...); err != nil {
+				return err
+			}
+			if len(idsToAdd) > 0 {
+				if _, err := tracksRepo.Add(idsToAdd); err != nil {
+					return err
+				}
+			}
+			return s.updateMetadata(ctx, tx, pls, name, comment, public)
+		}
+
+		if len(idsToAdd) > 0 {
+			if _, err := repo.Tracks(playlistID, false).Add(idsToAdd); err != nil {
+				return err
+			}
+		}
+		if name == nil && comment == nil && public == nil {
+			return nil
+		}
+		// Reuse the playlist from checkWritable (no tracks loaded, so Put only refreshes counters)
+		return s.updateMetadata(ctx, tx, pls, name, comment, public)
+	})
+}
+
+// --- Permission helpers ---
+
+// checkWritable fetches the playlist and verifies the current user can modify it.
+func (s *playlists) checkWritable(ctx context.Context, id string) (*model.Playlist, error) {
+	pls, err := s.ds.Playlist(ctx).Get(id)
+	if err != nil {
+		return nil, err
+	}
+	usr, _ := request.UserFrom(ctx)
+	if !usr.IsAdmin && pls.OwnerID != usr.ID {
+		return nil, model.ErrNotAuthorized
+	}
+	return pls, nil
+}
+
+// checkTracksEditable verifies the user can modify tracks (ownership + not smart playlist).
+func (s *playlists) checkTracksEditable(ctx context.Context, playlistID string) (*model.Playlist, error) {
+	pls, err := s.checkWritable(ctx, playlistID)
+	if err != nil {
+		return nil, err
+	}
+	if pls.IsSmartPlaylist() {
+		return nil, model.ErrNotAuthorized
+	}
+	return pls, nil
+}
+
+// updateMetadata applies optional metadata changes to a playlist and persists it.
+// Accepts a DataStore parameter so it can be used inside transactions.
+// The caller is responsible for permission checks.
+func (s *playlists) updateMetadata(ctx context.Context, ds model.DataStore, pls *model.Playlist, name *string, comment *string, public *bool) error {
+	if name != nil {
+		pls.Name = *name
+	}
+	if comment != nil {
+		pls.Comment = *comment
+	}
+	if public != nil {
+		pls.Public = *public
+	}
+	return ds.Playlist(ctx).Put(pls)
+}
+
+// --- Track management operations ---
+
+func (s *playlists) AddTracks(ctx context.Context, playlistID string, ids []string) (int, error) {
+	if _, err := s.checkTracksEditable(ctx, playlistID); err != nil {
+		return 0, err
+	}
+	return s.ds.Playlist(ctx).Tracks(playlistID, false).Add(ids)
+}
+
+func (s *playlists) AddAlbums(ctx context.Context, playlistID string, albumIds []string) (int, error) {
+	if _, err := s.checkTracksEditable(ctx, playlistID); err != nil {
+		return 0, err
+	}
+	return s.ds.Playlist(ctx).Tracks(playlistID, false).AddAlbums(albumIds)
+}
+
+func (s *playlists) AddArtists(ctx context.Context, playlistID string, artistIds []string) (int, error) {
+	if _, err := s.checkTracksEditable(ctx, playlistID); err != nil {
+		return 0, err
+	}
+	return s.ds.Playlist(ctx).Tracks(playlistID, false).AddArtists(artistIds)
+}
+
+func (s *playlists) AddDiscs(ctx context.Context, playlistID string, discs []model.DiscID) (int, error) {
+	if _, err := s.checkTracksEditable(ctx, playlistID); err != nil {
+		return 0, err
+	}
+	return s.ds.Playlist(ctx).Tracks(playlistID, false).AddDiscs(discs)
+}
+
+func (s *playlists) RemoveTracks(ctx context.Context, playlistID string, trackIds []string) error {
+	if _, err := s.checkTracksEditable(ctx, playlistID); err != nil {
+		return err
+	}
+	return s.ds.WithTx(func(tx model.DataStore) error {
+		return tx.Playlist(ctx).Tracks(playlistID, false).Delete(trackIds...)
+	})
+}
+
+func (s *playlists) ReorderTrack(ctx context.Context, playlistID string, pos int, newPos int) error {
+	if _, err := s.checkTracksEditable(ctx, playlistID); err != nil {
+		return err
+	}
+	return s.ds.WithTx(func(tx model.DataStore) error {
+		return tx.Playlist(ctx).Tracks(playlistID, false).Reorder(pos, newPos)
+	})
+}
--- a/core/playlists/playlists_suite_test.go
+++ b/core/playlists/playlists_suite_test.go
@@ -0,0 +1,17 @@
+package playlists_test
+
+import (
+	"testing"
+
+	"github.com/navidrome/navidrome/log"
+	"github.com/navidrome/navidrome/tests"
+	. "github.com/onsi/ginkgo/v2"
+	. "github.com/onsi/gomega"
+)
+
+func TestPlaylists(t *testing.T) {
+	tests.Init(t, false)
+	log.SetLevel(log.LevelFatal)
+	RegisterFailHandler(Fail)
+	RunSpecs(t, "Playlists Suite")
+}
--- a/core/playlists/playlists_test.go
+++ b/core/playlists/playlists_test.go
@@ -0,0 +1,297 @@
+package playlists_test
+
+import (
+	"context"
+
+	"github.com/navidrome/navidrome/core/playlists"
+	"github.com/navidrome/navidrome/model"
+	"github.com/navidrome/navidrome/model/criteria"
+	"github.com/navidrome/navidrome/model/request"
+	"github.com/navidrome/navidrome/tests"
+	. "github.com/onsi/ginkgo/v2"
+	. "github.com/onsi/gomega"
+)
+
+var _ = Describe("Playlists", func() {
+	var ds *tests.MockDataStore
+	var ps playlists.Playlists
+	var mockPlsRepo *tests.MockPlaylistRepo
+	ctx := context.Background()
+
+	BeforeEach(func() {
+		mockPlsRepo = tests.CreateMockPlaylistRepo()
+		ds = &tests.MockDataStore{
+			MockedPlaylist: mockPlsRepo,
+			MockedLibrary:  &tests.MockLibraryRepo{},
+		}
+		ctx = request.WithUser(ctx, model.User{ID: "123"})
+	})
+
+	Describe("Delete", func() {
+		var mockTracks *tests.MockPlaylistTrackRepo
+
+		BeforeEach(func() {
+			mockTracks = &tests.MockPlaylistTrackRepo{AddCount: 3}
+			mockPlsRepo.Data = map[string]*model.Playlist{
+				"pls-1": {ID: "pls-1", Name: "My Playlist", OwnerID: "user-1"},
+			}
+			mockPlsRepo.TracksRepo = mockTracks
+			ps = playlists.NewPlaylists(ds)
+		})
+
+		It("allows owner to delete their playlist", func() {
+			ctx = request.WithUser(ctx, model.User{ID: "user-1", IsAdmin: false})
+			err := ps.Delete(ctx, "pls-1")
+			Expect(err).ToNot(HaveOccurred())
+			Expect(mockPlsRepo.Deleted).To(ContainElement("pls-1"))
+		})
+
+		It("allows admin to delete any playlist", func() {
+			ctx = request.WithUser(ctx, model.User{ID: "admin-1", IsAdmin: true})
+			err := ps.Delete(ctx, "pls-1")
+			Expect(err).ToNot(HaveOccurred())
+			Expect(mockPlsRepo.Deleted).To(ContainElement("pls-1"))
+		})
+
+		It("denies non-owner, non-admin from deleting", func() {
+			ctx = request.WithUser(ctx, model.User{ID: "other-user", IsAdmin: false})
+			err := ps.Delete(ctx, "pls-1")
+			Expect(err).To(MatchError(model.ErrNotAuthorized))
+			Expect(mockPlsRepo.Deleted).To(BeEmpty())
+		})
+
+		It("returns error when playlist not found", func() {
+			ctx = request.WithUser(ctx, model.User{ID: "user-1", IsAdmin: false})
+			err := ps.Delete(ctx, "nonexistent")
+			Expect(err).To(Equal(model.ErrNotFound))
+		})
+	})
+
+	Describe("Create", func() {
+		BeforeEach(func() {
+			mockPlsRepo.Data = map[string]*model.Playlist{
+				"pls-1": {ID: "pls-1", Name: "Existing", OwnerID: "user-1"},
+				"pls-2": {ID: "pls-2", Name: "Other's", OwnerID: "other-user"},
+				"pls-smart": {ID: "pls-smart", Name: "Smart", OwnerID: "user-1",
+					Rules: &criteria.Criteria{Expression: criteria.Contains{"title": "test"}}},
+			}
+			ps = playlists.NewPlaylists(ds)
+		})
+
+		It("creates a new playlist with owner set from context", func() {
+			ctx = request.WithUser(ctx, model.User{ID: "user-1", IsAdmin: false})
+			id, err := ps.Create(ctx, "", "New Playlist", []string{"song-1", "song-2"})
+			Expect(err).ToNot(HaveOccurred())
+			Expect(id).ToNot(BeEmpty())
+			Expect(mockPlsRepo.Last.Name).To(Equal("New Playlist"))
+			Expect(mockPlsRepo.Last.OwnerID).To(Equal("user-1"))
+		})
+
+		It("replaces tracks on existing playlist when owner matches", func() {
+			ctx = request.WithUser(ctx, model.User{ID: "user-1", IsAdmin: false})
+			id, err := ps.Create(ctx, "pls-1", "", []string{"song-3"})
+			Expect(err).ToNot(HaveOccurred())
+			Expect(id).To(Equal("pls-1"))
+			Expect(mockPlsRepo.Last.Tracks).To(HaveLen(1))
+		})
+
+		It("allows admin to replace tracks on any playlist", func() {
+			ctx = request.WithUser(ctx, model.User{ID: "admin-1", IsAdmin: true})
+			id, err := ps.Create(ctx, "pls-2", "", []string{"song-3"})
+			Expect(err).ToNot(HaveOccurred())
+			Expect(id).To(Equal("pls-2"))
+		})
+
+		It("denies non-owner, non-admin from replacing tracks on existing playlist", func() {
+			ctx = request.WithUser(ctx, model.User{ID: "user-1", IsAdmin: false})
+			_, err := ps.Create(ctx, "pls-2", "", []string{"song-3"})
+			Expect(err).To(MatchError(model.ErrNotAuthorized))
+		})
+
+		It("returns error when existing playlistId not found", func() {
+			ctx = request.WithUser(ctx, model.User{ID: "user-1", IsAdmin: false})
+			_, err := ps.Create(ctx, "nonexistent", "", []string{"song-1"})
+			Expect(err).To(Equal(model.ErrNotFound))
+		})
+
+		It("denies replacing tracks on a smart playlist", func() {
+			ctx = request.WithUser(ctx, model.User{ID: "user-1", IsAdmin: false})
+			_, err := ps.Create(ctx, "pls-smart", "", []string{"song-1"})
+			Expect(err).To(MatchError(model.ErrNotAuthorized))
+		})
+	})
+
+	Describe("Update", func() {
+		var mockTracks *tests.MockPlaylistTrackRepo
+
+		BeforeEach(func() {
+			mockTracks = &tests.MockPlaylistTrackRepo{AddCount: 2}
+			mockPlsRepo.Data = map[string]*model.Playlist{
+				"pls-1":     {ID: "pls-1", Name: "My Playlist", OwnerID: "user-1"},
+				"pls-other": {ID: "pls-other", Name: "Other's", OwnerID: "other-user"},
+				"pls-smart": {ID: "pls-smart", Name: "Smart", OwnerID: "user-1",
+					Rules: &criteria.Criteria{Expression: criteria.Contains{"title": "test"}}},
+			}
+			mockPlsRepo.TracksRepo = mockTracks
+			ps = playlists.NewPlaylists(ds)
+		})
+
+		It("allows owner to update their playlist", func() {
+			ctx = request.WithUser(ctx, model.User{ID: "user-1", IsAdmin: false})
+			newName := "Updated Name"
+			err := ps.Update(ctx, "pls-1", &newName, nil, nil, nil, nil)
+			Expect(err).ToNot(HaveOccurred())
+		})
+
+		It("allows admin to update any playlist", func() {
+			ctx = request.WithUser(ctx, model.User{ID: "admin-1", IsAdmin: true})
+			newName := "Updated Name"
+			err := ps.Update(ctx, "pls-other", &newName, nil, nil, nil, nil)
+			Expect(err).ToNot(HaveOccurred())
+		})
+
+		It("denies non-owner, non-admin from updating", func() {
+			ctx = request.WithUser(ctx, model.User{ID: "other-user", IsAdmin: false})
+			newName := "Updated Name"
+			err := ps.Update(ctx, "pls-1", &newName, nil, nil, nil, nil)
+			Expect(err).To(MatchError(model.ErrNotAuthorized))
+		})
+
+		It("returns error when playlist not found", func() {
+			ctx = request.WithUser(ctx, model.User{ID: "user-1", IsAdmin: false})
+			newName := "Updated Name"
+			err := ps.Update(ctx, "nonexistent", &newName, nil, nil, nil, nil)
+			Expect(err).To(Equal(model.ErrNotFound))
+		})
+
+		It("denies adding tracks to a smart playlist", func() {
+			ctx = request.WithUser(ctx, model.User{ID: "user-1", IsAdmin: false})
+			err := ps.Update(ctx, "pls-smart", nil, nil, nil, []string{"song-1"}, nil)
+			Expect(err).To(MatchError(model.ErrNotAuthorized))
+		})
+
+		It("denies removing tracks from a smart playlist", func() {
+			ctx = request.WithUser(ctx, model.User{ID: "user-1", IsAdmin: false})
+			err := ps.Update(ctx, "pls-smart", nil, nil, nil, nil, []int{0})
+			Expect(err).To(MatchError(model.ErrNotAuthorized))
+		})
+
+		It("allows metadata updates on a smart playlist", func() {
+			ctx = request.WithUser(ctx, model.User{ID: "user-1", IsAdmin: false})
+			newName := "Updated Smart"
+			err := ps.Update(ctx, "pls-smart", &newName, nil, nil, nil, nil)
+			Expect(err).ToNot(HaveOccurred())
+		})
+	})
+
+	Describe("AddTracks", func() {
+		var mockTracks *tests.MockPlaylistTrackRepo
+
+		BeforeEach(func() {
+			mockTracks = &tests.MockPlaylistTrackRepo{AddCount: 2}
+			mockPlsRepo.Data = map[string]*model.Playlist{
+				"pls-1": {ID: "pls-1", Name: "My Playlist", OwnerID: "user-1"},
+				"pls-smart": {ID: "pls-smart", Name: "Smart", OwnerID: "user-1",
+					Rules: &criteria.Criteria{Expression: criteria.Contains{"title": "test"}}},
+				"pls-other": {ID: "pls-other", Name: "Other's", OwnerID: "other-user"},
+			}
+			mockPlsRepo.TracksRepo = mockTracks
+			ps = playlists.NewPlaylists(ds)
+		})
+
+		It("allows owner to add tracks", func() {
+			ctx = request.WithUser(ctx, model.User{ID: "user-1", IsAdmin: false})
+			count, err := ps.AddTracks(ctx, "pls-1", []string{"song-1", "song-2"})
+			Expect(err).ToNot(HaveOccurred())
+			Expect(count).To(Equal(2))
+			Expect(mockTracks.AddedIds).To(ConsistOf("song-1", "song-2"))
+		})
+
+		It("allows admin to add tracks to any playlist", func() {
+			ctx = request.WithUser(ctx, model.User{ID: "admin-1", IsAdmin: true})
+			count, err := ps.AddTracks(ctx, "pls-other", []string{"song-1"})
+			Expect(err).ToNot(HaveOccurred())
+			Expect(count).To(Equal(2))
+		})
+
+		It("denies non-owner, non-admin", func() {
+			ctx = request.WithUser(ctx, model.User{ID: "other-user", IsAdmin: false})
+			_, err := ps.AddTracks(ctx, "pls-1", []string{"song-1"})
+			Expect(err).To(MatchError(model.ErrNotAuthorized))
+		})
+
+		It("denies editing smart playlists", func() {
+			ctx = request.WithUser(ctx, model.User{ID: "user-1", IsAdmin: false})
+			_, err := ps.AddTracks(ctx, "pls-smart", []string{"song-1"})
+			Expect(err).To(MatchError(model.ErrNotAuthorized))
+		})
+
+		It("returns error when playlist not found", func() {
+			ctx = request.WithUser(ctx, model.User{ID: "user-1", IsAdmin: false})
+			_, err := ps.AddTracks(ctx, "nonexistent", []string{"song-1"})
+			Expect(err).To(Equal(model.ErrNotFound))
+		})
+	})
+
+	Describe("RemoveTracks", func() {
+		var mockTracks *tests.MockPlaylistTrackRepo
+
+		BeforeEach(func() {
+			mockTracks = &tests.MockPlaylistTrackRepo{}
+			mockPlsRepo.Data = map[string]*model.Playlist{
+				"pls-1": {ID: "pls-1", Name: "My Playlist", OwnerID: "user-1"},
+				"pls-smart": {ID: "pls-smart", Name: "Smart", OwnerID: "user-1",
+					Rules: &criteria.Criteria{Expression: criteria.Contains{"title": "test"}}},
+			}
+			mockPlsRepo.TracksRepo = mockTracks
+			ps = playlists.NewPlaylists(ds)
+		})
+
+		It("allows owner to remove tracks", func() {
+			ctx = request.WithUser(ctx, model.User{ID: "user-1", IsAdmin: false})
+			err := ps.RemoveTracks(ctx, "pls-1", []string{"track-1", "track-2"})
+			Expect(err).ToNot(HaveOccurred())
+			Expect(mockTracks.DeletedIds).To(ConsistOf("track-1", "track-2"))
+		})
+
+		It("denies on smart playlist", func() {
+			ctx = request.WithUser(ctx, model.User{ID: "user-1", IsAdmin: false})
+			err := ps.RemoveTracks(ctx, "pls-smart", []string{"track-1"})
+			Expect(err).To(MatchError(model.ErrNotAuthorized))
+		})
+
+		It("denies non-owner", func() {
+			ctx = request.WithUser(ctx, model.User{ID: "other-user", IsAdmin: false})
+			err := ps.RemoveTracks(ctx, "pls-1", []string{"track-1"})
+			Expect(err).To(MatchError(model.ErrNotAuthorized))
+		})
+	})
+
+	Describe("ReorderTrack", func() {
+		var mockTracks *tests.MockPlaylistTrackRepo
+
+		BeforeEach(func() {
+			mockTracks = &tests.MockPlaylistTrackRepo{}
+			mockPlsRepo.Data = map[string]*model.Playlist{
+				"pls-1": {ID: "pls-1", Name: "My Playlist", OwnerID: "user-1"},
+				"pls-smart": {ID: "pls-smart", Name: "Smart", OwnerID: "user-1",
+					Rules: &criteria.Criteria{Expression: criteria.Contains{"title": "test"}}},
+			}
+			mockPlsRepo.TracksRepo = mockTracks
+			ps = playlists.NewPlaylists(ds)
+		})
+
+		It("allows owner to reorder", func() {
+			ctx = request.WithUser(ctx, model.User{ID: "user-1", IsAdmin: false})
+			err := ps.ReorderTrack(ctx, "pls-1", 1, 3)
+			Expect(err).ToNot(HaveOccurred())
+			Expect(mockTracks.Reordered).To(BeTrue())
+		})
+
+		It("denies on smart playlist", func() {
+			ctx = request.WithUser(ctx, model.User{ID: "user-1", IsAdmin: false})
+			err := ps.ReorderTrack(ctx, "pls-smart", 1, 3)
+			Expect(err).To(MatchError(model.ErrNotAuthorized))
+		})
+	})
+})
--- a/core/playlists/rest_adapter.go
+++ b/core/playlists/rest_adapter.go
@@ -0,0 +1,95 @@
+package playlists
+
+import (
+	"context"
+	"errors"
+
+	"github.com/deluan/rest"
+	"github.com/navidrome/navidrome/model"
+	"github.com/navidrome/navidrome/model/request"
+)
+
+// --- REST adapter (follows Share/Library pattern) ---
+
+func (s *playlists) NewRepository(ctx context.Context) rest.Repository {
+	return &playlistRepositoryWrapper{
+		ctx:                ctx,
+		PlaylistRepository: s.ds.Playlist(ctx),
+		service:            s,
+	}
+}
+
+// playlistRepositoryWrapper wraps the playlist repository as a thin REST-to-service adapter.
+// It satisfies rest.Repository through the embedded PlaylistRepository (via ResourceRepository),
+// and rest.Persistable by delegating to service methods for all mutations.
+type playlistRepositoryWrapper struct {
+	model.PlaylistRepository
+	ctx     context.Context
+	service *playlists
+}
+
+func (r *playlistRepositoryWrapper) Save(entity any) (string, error) {
+	return r.service.savePlaylist(r.ctx, entity.(*model.Playlist))
+}
+
+func (r *playlistRepositoryWrapper) Update(id string, entity any, cols ...string) error {
+	return r.service.updatePlaylistEntity(r.ctx, id, entity.(*model.Playlist), cols...)
+}
+
+func (r *playlistRepositoryWrapper) Delete(id string) error {
+	err := r.service.Delete(r.ctx, id)
+	switch {
+	case errors.Is(err, model.ErrNotFound):
+		return rest.ErrNotFound
+	case errors.Is(err, model.ErrNotAuthorized):
+		return rest.ErrPermissionDenied
+	default:
+		return err
+	}
+}
+
+func (s *playlists) TracksRepository(ctx context.Context, playlistId string, refreshSmartPlaylist bool) rest.Repository {
+	repo := s.ds.Playlist(ctx)
+	tracks := repo.Tracks(playlistId, refreshSmartPlaylist)
+	if tracks == nil {
+		return nil
+	}
+	return tracks.(rest.Repository)
+}
+
+// savePlaylist creates a new playlist, assigning the owner from context.
+func (s *playlists) savePlaylist(ctx context.Context, pls *model.Playlist) (string, error) {
+	usr, _ := request.UserFrom(ctx)
+	pls.OwnerID = usr.ID
+	pls.ID = "" // Force new creation
+	err := s.ds.Playlist(ctx).Put(pls)
+	if err != nil {
+		return "", err
+	}
+	return pls.ID, nil
+}
+
+// updatePlaylistEntity updates playlist metadata with permission checks.
+// Used by the REST API wrapper.
+func (s *playlists) updatePlaylistEntity(ctx context.Context, id string, entity *model.Playlist, cols ...string) error {
+	current, err := s.checkWritable(ctx, id)
+	if err != nil {
+		switch {
+		case errors.Is(err, model.ErrNotFound):
+			return rest.ErrNotFound
+		case errors.Is(err, model.ErrNotAuthorized):
+			return rest.ErrPermissionDenied
+		default:
+			return err
+		}
+	}
+	usr, _ := request.UserFrom(ctx)
+	if !usr.IsAdmin && entity.OwnerID != "" && entity.OwnerID != current.OwnerID {
+		return rest.ErrPermissionDenied
+	}
+	// Apply ownership change (admin only)
+	if entity.OwnerID != "" {
+		current.OwnerID = entity.OwnerID
+	}
+	return s.updateMetadata(ctx, s.ds, current, &entity.Name, &entity.Comment, &entity.Public)
+}
--- a/core/playlists/rest_adapter_test.go
+++ b/core/playlists/rest_adapter_test.go
@@ -0,0 +1,120 @@
+package playlists_test
+
+import (
+	"context"
+
+	"github.com/deluan/rest"
+	"github.com/navidrome/navidrome/core/playlists"
+	"github.com/navidrome/navidrome/model"
+	"github.com/navidrome/navidrome/model/request"
+	"github.com/navidrome/navidrome/tests"
+	. "github.com/onsi/ginkgo/v2"
+	. "github.com/onsi/gomega"
+)
+
+var _ = Describe("REST Adapter", func() {
+	var ds *tests.MockDataStore
+	var ps playlists.Playlists
+	var mockPlsRepo *tests.MockPlaylistRepo
+	ctx := context.Background()
+
+	BeforeEach(func() {
+		mockPlsRepo = tests.CreateMockPlaylistRepo()
+		ds = &tests.MockDataStore{
+			MockedPlaylist: mockPlsRepo,
+			MockedLibrary:  &tests.MockLibraryRepo{},
+		}
+		ctx = request.WithUser(ctx, model.User{ID: "123"})
+	})
+
+	Describe("NewRepository", func() {
+		var repo rest.Persistable
+
+		BeforeEach(func() {
+			mockPlsRepo.Data = map[string]*model.Playlist{
+				"pls-1": {ID: "pls-1", Name: "My Playlist", OwnerID: "user-1"},
+			}
+			ps = playlists.NewPlaylists(ds)
+		})
+
+		Describe("Save", func() {
+			It("sets the owner from the context user", func() {
+				ctx = request.WithUser(ctx, model.User{ID: "user-1", IsAdmin: false})
+				repo = ps.NewRepository(ctx).(rest.Persistable)
+				pls := &model.Playlist{Name: "New Playlist"}
+				id, err := repo.Save(pls)
+				Expect(err).ToNot(HaveOccurred())
+				Expect(id).ToNot(BeEmpty())
+				Expect(pls.OwnerID).To(Equal("user-1"))
+			})
+
+			It("forces a new creation by clearing ID", func() {
+				ctx = request.WithUser(ctx, model.User{ID: "user-1", IsAdmin: false})
+				repo = ps.NewRepository(ctx).(rest.Persistable)
+				pls := &model.Playlist{ID: "should-be-cleared", Name: "New"}
+				_, err := repo.Save(pls)
+				Expect(err).ToNot(HaveOccurred())
+				Expect(pls.ID).ToNot(Equal("should-be-cleared"))
+			})
+		})
+
+		Describe("Update", func() {
+			It("allows owner to update their playlist", func() {
+				ctx = request.WithUser(ctx, model.User{ID: "user-1", IsAdmin: false})
+				repo = ps.NewRepository(ctx).(rest.Persistable)
+				pls := &model.Playlist{Name: "Updated"}
+				err := repo.Update("pls-1", pls)
+				Expect(err).ToNot(HaveOccurred())
+			})
+
+			It("allows admin to update any playlist", func() {
+				ctx = request.WithUser(ctx, model.User{ID: "admin-1", IsAdmin: true})
+				repo = ps.NewRepository(ctx).(rest.Persistable)
+				pls := &model.Playlist{Name: "Updated"}
+				err := repo.Update("pls-1", pls)
+				Expect(err).ToNot(HaveOccurred())
+			})
+
+			It("denies non-owner, non-admin", func() {
+				ctx = request.WithUser(ctx, model.User{ID: "other-user", IsAdmin: false})
+				repo = ps.NewRepository(ctx).(rest.Persistable)
+				pls := &model.Playlist{Name: "Updated"}
+				err := repo.Update("pls-1", pls)
+				Expect(err).To(Equal(rest.ErrPermissionDenied))
+			})
+
+			It("denies regular user from changing ownership", func() {
+				ctx = request.WithUser(ctx, model.User{ID: "user-1", IsAdmin: false})
+				repo = ps.NewRepository(ctx).(rest.Persistable)
+				pls := &model.Playlist{Name: "Updated", OwnerID: "other-user"}
+				err := repo.Update("pls-1", pls)
+				Expect(err).To(Equal(rest.ErrPermissionDenied))
+			})
+
+			It("returns rest.ErrNotFound when playlist doesn't exist", func() {
+				ctx = request.WithUser(ctx, model.User{ID: "user-1", IsAdmin: false})
+				repo = ps.NewRepository(ctx).(rest.Persistable)
+				pls := &model.Playlist{Name: "Updated"}
+				err := repo.Update("nonexistent", pls)
+				Expect(err).To(Equal(rest.ErrNotFound))
+			})
+		})
+
+		Describe("Delete", func() {
+			It("delegates to service Delete with permission checks", func() {
+				ctx = request.WithUser(ctx, model.User{ID: "user-1", IsAdmin: false})
+				repo = ps.NewRepository(ctx).(rest.Persistable)
+				err := repo.Delete("pls-1")
+				Expect(err).ToNot(HaveOccurred())
+				Expect(mockPlsRepo.Deleted).To(ContainElement("pls-1"))
+			})
+
+			It("denies non-owner", func() {
+				ctx = request.WithUser(ctx, model.User{ID: "other-user", IsAdmin: false})
+				repo = ps.NewRepository(ctx).(rest.Persistable)
+				err := repo.Delete("pls-1")
+				Expect(err).To(Equal(rest.ErrPermissionDenied))
+			})
+		})
+	})
+})
--- a/core/scrobbler/play_tracker.go
+++ b/core/scrobbler/play_tracker.go
@@ -212,10 +212,7 @@ func (p *playTracker) NowPlaying(ctx context.Context, playerId string, playerNam

 	// Calculate TTL based on remaining track duration. If position exceeds track duration,
 	// remaining is set to 0 to avoid negative TTL.
-	remaining := int(mf.Duration) - position
-	if remaining < 0 {
-		remaining = 0
-	}
+	remaining := max(int(mf.Duration)-position, 0)
 	// Add 5 seconds buffer to ensure the NowPlaying info is available slightly longer than the track duration.
 	ttl := time.Duration(remaining+5) * time.Second
 	_ = p.playMap.AddWithTTL(playerId, info, ttl)
--- a/core/share.go
+++ b/core/share.go
@@ -87,7 +87,7 @@ func (r *shareRepositoryWrapper) newId() (string, error) {
 	}
 }

-func (r *shareRepositoryWrapper) Save(entity interface{}) (string, error) {
+func (r *shareRepositoryWrapper) Save(entity any) (string, error) {
 	s := entity.(*model.Share)
 	id, err := r.newId()
 	if err != nil {
@@ -127,7 +127,7 @@ func (r *shareRepositoryWrapper) Save(entity interface{}) (string, error) {
 	return id, err
 }

-func (r *shareRepositoryWrapper) Update(id string, entity interface{}, _ ...string) error {
+func (r *shareRepositoryWrapper) Update(id string, entity any, _ ...string) error {
 	cols := []string{"description", "downloadable"}

 	// TODO Better handling of Share expiration
--- a/core/storage/storagetest/fake_storage.go
+++ b/core/storage/storagetest/fake_storage.go
@@ -6,6 +6,7 @@ import (
 	"errors"
 	"fmt"
 	"io/fs"
+	"maps"
 	"net/url"
 	"path"
 	"testing/fstest"
@@ -135,9 +136,7 @@ func (ffs *FakeFS) UpdateTags(filePath string, newTags map[string]any, when ...t
 	if err != nil {
 		panic(err)
 	}
-	for k, v := range newTags {
-		tags[k] = v
-	}
+	maps.Copy(tags, newTags)
 	data, _ := json.Marshal(tags)
 	f.Data = data
 	ffs.Touch(filePath, when...)
@@ -180,9 +179,7 @@ func Track(num int, title string, tags ...map[string]any) map[string]any {
 	ts["title"] = title
 	ts["track"] = num
 	for _, t := range tags {
-		for k, v := range t {
-			ts[k] = v
-		}
+		maps.Copy(ts, t)
 	}
 	return ts
 }
@@ -200,9 +197,7 @@ func MP3(tags ...map[string]any) *fstest.MapFile {
 func File(tags ...map[string]any) *fstest.MapFile {
 	ts := map[string]any{}
 	for _, t := range tags {
-		for k, v := range t {
-			ts[k] = v
-		}
+		maps.Copy(ts, t)
 	}
 	modTime := time.Now()
 	if mt, ok := ts[fakeFileInfoModTime]; !ok {
--- a/core/user.go
+++ b/core/user.go
@@ -50,12 +50,12 @@ type userRepositoryWrapper struct {
 }

 // Save implements rest.Persistable by delegating to the underlying repository.
-func (r *userRepositoryWrapper) Save(entity interface{}) (string, error) {
+func (r *userRepositoryWrapper) Save(entity any) (string, error) {
 	return r.UserRepository.(rest.Persistable).Save(entity)
 }

 // Update implements rest.Persistable by delegating to the underlying repository.
-func (r *userRepositoryWrapper) Update(id string, entity interface{}, cols ...string) error {
+func (r *userRepositoryWrapper) Update(id string, entity any, cols ...string) error {
 	return r.UserRepository.(rest.Persistable).Update(id, entity, cols...)
 }

--- a/core/wire_providers.go
+++ b/core/wire_providers.go
@@ -7,6 +7,7 @@ import (
 	"github.com/navidrome/navidrome/core/ffmpeg"
 	"github.com/navidrome/navidrome/core/metrics"
 	"github.com/navidrome/navidrome/core/playback"
+	"github.com/navidrome/navidrome/core/playlists"
 	"github.com/navidrome/navidrome/core/scrobbler"
 )

@@ -16,7 +17,7 @@ var Set = wire.NewSet(
 	NewArchiver,
 	NewPlayers,
 	NewShare,
-	NewPlaylists,
+	playlists.NewPlaylists,
 	NewLibrary,
 	NewUser,
 	NewMaintenance,
--- a/db/db.go
+++ b/db/db.go
@@ -126,7 +126,7 @@ func Optimize(ctx context.Context) {
 	}
 	log.Debug(ctx, "Optimizing open connections", "numConns", numConns)
 	var conns []*sql.Conn
-	for i := 0; i < numConns; i++ {
+	for range numConns {
 		conn, err := Db().Conn(ctx)
 		conns = append(conns, conn)
 		if err != nil {
@@ -147,8 +147,8 @@ func Optimize(ctx context.Context) {

 type statusLogger struct{ numPending int }

-func (*statusLogger) Fatalf(format string, v ...interface{}) { log.Fatal(fmt.Sprintf(format, v...)) }
-func (l *statusLogger) Printf(format string, v ...interface{}) {
+func (*statusLogger) Fatalf(format string, v ...any) { log.Fatal(fmt.Sprintf(format, v...)) }
+func (l *statusLogger) Printf(format string, v ...any) {
 	if len(v) < 1 {
 		return
 	}
@@ -183,27 +183,27 @@ type logAdapter struct {
 	silent bool
 }

-func (l *logAdapter) Fatal(v ...interface{}) {
+func (l *logAdapter) Fatal(v ...any) {
 	log.Fatal(l.ctx, fmt.Sprint(v...))
 }

-func (l *logAdapter) Fatalf(format string, v ...interface{}) {
+func (l *logAdapter) Fatalf(format string, v ...any) {
 	log.Fatal(l.ctx, fmt.Sprintf(format, v...))
 }

-func (l *logAdapter) Print(v ...interface{}) {
+func (l *logAdapter) Print(v ...any) {
 	if !l.silent {
 		log.Info(l.ctx, fmt.Sprint(v...))
 	}
 }

-func (l *logAdapter) Println(v ...interface{}) {
+func (l *logAdapter) Println(v ...any) {
 	if !l.silent {
 		log.Info(l.ctx, fmt.Sprintln(v...))
 	}
 }

-func (l *logAdapter) Printf(format string, v ...interface{}) {
+func (l *logAdapter) Printf(format string, v ...any) {
 	if !l.silent {
 		log.Info(l.ctx, fmt.Sprintf(format, v...))
 	}
--- a/go.mod
+++ b/go.mod
@@ -7,14 +7,14 @@ replace (
 	github.com/dhowden/tag v0.0.0-20240417053706-3d75831295e8 => github.com/deluan/tag v0.0.0-20241002021117-dfe5e6ea396d

 	// Fork to implement raw tags support
-	go.senan.xyz/taglib => github.com/deluan/go-taglib v0.0.0-20260119020817-8753c7531798
+	go.senan.xyz/taglib => github.com/deluan/go-taglib v0.0.0-20260209170351-c057626454d0
 )

 require (
 	github.com/Masterminds/squirrel v1.5.4
 	github.com/RaveNoX/go-jsoncommentstrip v1.0.0
 	github.com/andybalholm/cascadia v1.3.3
-	github.com/bmatcuk/doublestar/v4 v4.9.2
+	github.com/bmatcuk/doublestar/v4 v4.10.0
 	github.com/bradleyjkemp/cupaloy/v2 v2.8.0
 	github.com/deluan/rest v0.0.0-20211102003136-6260bc399cbf
 	github.com/deluan/sanitize v0.0.0-20241120162836-fdfd8fdfaa55
@@ -28,7 +28,7 @@ require (
 	github.com/dustin/go-humanize v1.0.1
 	github.com/extism/go-sdk v1.7.1
 	github.com/fatih/structs v1.1.0
-	github.com/go-chi/chi/v5 v5.2.4
+	github.com/go-chi/chi/v5 v5.2.5
 	github.com/go-chi/cors v1.2.2
 	github.com/go-chi/httprate v0.15.0
 	github.com/go-chi/jwtauth/v5 v5.3.3
@@ -49,8 +49,8 @@ require (
 	github.com/mattn/go-sqlite3 v1.14.33
 	github.com/microcosm-cc/bluemonday v1.0.27
 	github.com/mileusna/useragent v1.3.5
-	github.com/onsi/ginkgo/v2 v2.27.5
-	github.com/onsi/gomega v1.39.0
+	github.com/onsi/ginkgo/v2 v2.28.1
+	github.com/onsi/gomega v1.39.1
 	github.com/pelletier/go-toml/v2 v2.2.4
 	github.com/pocketbase/dbx v1.11.0
 	github.com/pressly/goose/v3 v3.26.0
@@ -68,12 +68,12 @@ require (
 	github.com/xrash/smetrics v0.0.0-20250705151800-55b8f293f342
 	go.senan.xyz/taglib v0.11.1
 	go.uber.org/goleak v1.3.0
-	golang.org/x/image v0.35.0
-	golang.org/x/net v0.49.0
+	golang.org/x/image v0.36.0
+	golang.org/x/net v0.50.0
 	golang.org/x/sync v0.19.0
-	golang.org/x/sys v0.40.0
-	golang.org/x/term v0.39.0
-	golang.org/x/text v0.33.0
+	golang.org/x/sys v0.41.0
+	golang.org/x/term v0.40.0
+	golang.org/x/text v0.34.0
 	golang.org/x/time v0.14.0
 	gopkg.in/yaml.v3 v3.0.1
 )
@@ -98,7 +98,7 @@ require (
 	github.com/goccy/go-json v0.10.5 // indirect
 	github.com/goccy/go-yaml v1.19.2 // indirect
 	github.com/google/go-cmp v0.7.0 // indirect
-	github.com/google/pprof v0.0.0-20260115054156-294ebfa9ad83 // indirect
+	github.com/google/pprof v0.0.0-20260202012954-cb029daf43ef // indirect
 	github.com/google/subcommands v1.2.0 // indirect
 	github.com/gorilla/css v1.0.1 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
@@ -134,16 +134,16 @@ require (
 	github.com/stretchr/objx v0.5.3 // indirect
 	github.com/subosito/gotenv v1.6.0 // indirect
 	github.com/tetratelabs/wabin v0.0.0-20230304001439-f6f874872834 // indirect
-	github.com/zeebo/xxh3 v1.0.2 // indirect
+	github.com/zeebo/xxh3 v1.1.0 // indirect
 	go.opentelemetry.io/proto/otlp v1.9.0 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
 	go.yaml.in/yaml/v2 v2.4.3 // indirect
 	go.yaml.in/yaml/v3 v3.0.4 // indirect
-	golang.org/x/crypto v0.47.0 // indirect
+	golang.org/x/crypto v0.48.0 // indirect
 	golang.org/x/exp v0.0.0-20260112195511-716be5621a96 // indirect
-	golang.org/x/mod v0.32.0 // indirect
-	golang.org/x/telemetry v0.0.0-20260109210033-bd525da824e2 // indirect
-	golang.org/x/tools v0.41.0 // indirect
+	golang.org/x/mod v0.33.0 // indirect
+	golang.org/x/telemetry v0.0.0-20260209163413-e7419c687ee4 // indirect
+	golang.org/x/tools v0.42.0 // indirect
 	google.golang.org/protobuf v1.36.11 // indirect
 	gopkg.in/ini.v1 v1.67.1 // indirect
 	gopkg.in/natefinch/npipe.v2 v2.0.0-20160621034901-c1b8fa8bdcce // indirect
--- a/go.sum
+++ b/go.sum
@@ -16,8 +16,8 @@ github.com/aymerick/douceur v0.2.0 h1:Mv+mAeH1Q+n9Fr+oyamOlAkUNPWPlA8PPGR0QAaYuP
 github.com/aymerick/douceur v0.2.0/go.mod h1:wlT5vV2O3h55X9m7iVYN0TBM0NH/MmbLnd30/FjWUq4=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
-github.com/bmatcuk/doublestar/v4 v4.9.2 h1:b0mc6WyRSYLjzofB2v/0cuDUZ+MqoGyH3r0dVij35GI=
-github.com/bmatcuk/doublestar/v4 v4.9.2/go.mod h1:xBQ8jztBU6kakFMg+8WGxn0c6z1fTSPVIjEY1Wr7jzc=
+github.com/bmatcuk/doublestar/v4 v4.10.0 h1:zU9WiOla1YA122oLM6i4EXvGW62DvKZVxIe6TYWexEs=
+github.com/bmatcuk/doublestar/v4 v4.10.0/go.mod h1:xBQ8jztBU6kakFMg+8WGxn0c6z1fTSPVIjEY1Wr7jzc=
 github.com/bradleyjkemp/cupaloy/v2 v2.8.0 h1:any4BmKE+jGIaMpnU8YgH/I2LPiLBufr6oMMlVBbn9M=
 github.com/bradleyjkemp/cupaloy/v2 v2.8.0/go.mod h1:bm7JXdkRd4BHJk9HpwqAI8BoAY1lps46Enkdqw6aRX0=
 github.com/cespare/reflex v0.3.1 h1:N4Y/UmRrjwOkNT0oQQnYsdr6YBxvHqtSfPB4mqOyAKk=
@@ -36,8 +36,8 @@ github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1
 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/decred/dcrd/dcrec/secp256k1/v4 v4.4.0 h1:NMZiJj8QnKe1LgsbDayM4UoHwbvwDRwnI3hwNaAHRnc=
 github.com/decred/dcrd/dcrec/secp256k1/v4 v4.4.0/go.mod h1:ZXNYxsqcloTdSy/rNShjYzMhyjf0LaoftYK0p+A3h40=
-github.com/deluan/go-taglib v0.0.0-20260119020817-8753c7531798 h1:q4fvcIK/LxElpyQILCejG6WPYjVb2F/4P93+k017ANk=
-github.com/deluan/go-taglib v0.0.0-20260119020817-8753c7531798/go.mod h1:sKDN0U4qXDlq6LFK+aOAkDH4Me5nDV1V/A4B+B69xBA=
+github.com/deluan/go-taglib v0.0.0-20260209170351-c057626454d0 h1:R8fMzz++cqdQ3DVjzrmAKmZFr2PT8vT8pQEfRzxms00=
+github.com/deluan/go-taglib v0.0.0-20260209170351-c057626454d0/go.mod h1:sKDN0U4qXDlq6LFK+aOAkDH4Me5nDV1V/A4B+B69xBA=
 github.com/deluan/rest v0.0.0-20211102003136-6260bc399cbf h1:tb246l2Zmpt/GpF9EcHCKTtwzrd0HGfEmoODFA/qnk4=
 github.com/deluan/rest v0.0.0-20211102003136-6260bc399cbf/go.mod h1:tSgDythFsl0QgS/PFWfIZqcJKnkADWneY80jaVRlqK8=
 github.com/deluan/sanitize v0.0.0-20241120162836-fdfd8fdfaa55 h1:wSCnggTs2f2ji6nFwQmfwgINcmSMj0xF0oHnoyRSPe4=
@@ -77,8 +77,8 @@ github.com/gkampitakis/go-diff v1.3.2 h1:Qyn0J9XJSDTgnsgHRdz9Zp24RaJeKMUHg2+PDZZ
 github.com/gkampitakis/go-diff v1.3.2/go.mod h1:LLgOrpqleQe26cte8s36HTWcTmMEur6OPYerdAAS9tk=
 github.com/gkampitakis/go-snaps v0.5.15 h1:amyJrvM1D33cPHwVrjo9jQxX8g/7E2wYdZ+01KS3zGE=
 github.com/gkampitakis/go-snaps v0.5.15/go.mod h1:HNpx/9GoKisdhw9AFOBT1N7DBs9DiHo/hGheFGBZ+mc=
-github.com/go-chi/chi/v5 v5.2.4 h1:WtFKPHwlywe8Srng8j2BhOD9312j9cGUxG1SP4V2cR4=
-github.com/go-chi/chi/v5 v5.2.4/go.mod h1:X7Gx4mteadT3eDOMTsXzmI4/rwUpOwBHLpAfupzFJP0=
+github.com/go-chi/chi/v5 v5.2.5 h1:Eg4myHZBjyvJmAFjFvWgrqDTXFyOzjj7YIm3L3mu6Ug=
+github.com/go-chi/chi/v5 v5.2.5/go.mod h1:X7Gx4mteadT3eDOMTsXzmI4/rwUpOwBHLpAfupzFJP0=
 github.com/go-chi/cors v1.2.2 h1:Jmey33TE+b+rB7fT8MUy1u0I4L+NARQlK6LhzKPSyQE=
 github.com/go-chi/cors v1.2.2/go.mod h1:sSbTewc+6wYHBBCW7ytsFSn836hqM7JxpglAy2Vzc58=
 github.com/go-chi/httprate v0.15.0 h1:j54xcWV9KGmPf/X4H32/aTH+wBlrvxL7P+SdnRqxh5g=
@@ -110,8 +110,8 @@ github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
 github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU=
 github.com/google/go-pipeline v0.0.0-20230411140531-6cbedfc1d3fc h1:hd+uUVsB1vdxohPneMrhGH2YfQuH5hRIK9u4/XCeUtw=
 github.com/google/go-pipeline v0.0.0-20230411140531-6cbedfc1d3fc/go.mod h1:SL66SJVysrh7YbDCP9tH30b8a9o/N2HeiQNUm85EKhc=
-github.com/google/pprof v0.0.0-20260115054156-294ebfa9ad83 h1:z2ogiKUYzX5Is6zr/vP9vJGqPwcdqsWjOt+V8J7+bTc=
-github.com/google/pprof v0.0.0-20260115054156-294ebfa9ad83/go.mod h1:MxpfABSjhmINe3F1It9d+8exIHFvUqtLIRCdOGNXqiI=
+github.com/google/pprof v0.0.0-20260202012954-cb029daf43ef h1:xpF9fUHpoIrrjX24DURVKiwHcFpw19ndIs+FwTSMbno=
+github.com/google/pprof v0.0.0-20260202012954-cb029daf43ef/go.mod h1:MxpfABSjhmINe3F1It9d+8exIHFvUqtLIRCdOGNXqiI=
 github.com/google/subcommands v1.2.0 h1:vWQspBTo2nEqTUFita5/KeEWlUL8kQObDFbub/EN9oE=
 github.com/google/subcommands v1.2.0/go.mod h1:ZjhPrFU+Olkh9WazFPsl27BQ4UPiG37m3yTrtFlrHVk=
 github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
@@ -197,10 +197,10 @@ github.com/ncruces/go-strftime v0.1.9 h1:bY0MQC28UADQmHmaF5dgpLmImcShSi2kHU9XLdh
 github.com/ncruces/go-strftime v0.1.9/go.mod h1:Fwc5htZGVVkseilnfgOVb9mKy6w1naJmn9CehxcKcls=
 github.com/ogier/pflag v0.0.1 h1:RW6JSWSu/RkSatfcLtogGfFgpim5p7ARQ10ECk5O750=
 github.com/ogier/pflag v0.0.1/go.mod h1:zkFki7tvTa0tafRvTBIZTvzYyAu6kQhPZFnshFFPE+g=
-github.com/onsi/ginkgo/v2 v2.27.5 h1:ZeVgZMx2PDMdJm/+w5fE/OyG6ILo1Y3e+QX4zSR0zTE=
-github.com/onsi/ginkgo/v2 v2.27.5/go.mod h1:ArE1D/XhNXBXCBkKOLkbsb2c81dQHCRcF5zwn/ykDRo=
-github.com/onsi/gomega v1.39.0 h1:y2ROC3hKFmQZJNFeGAMeHZKkjBL65mIZcvrLQBF9k6Q=
-github.com/onsi/gomega v1.39.0/go.mod h1:ZCU1pkQcXDO5Sl9/VVEGlDyp+zm0m1cmeG5TOzLgdh4=
+github.com/onsi/ginkgo/v2 v2.28.1 h1:S4hj+HbZp40fNKuLUQOYLDgZLwNUVn19N3Atb98NCyI=
+github.com/onsi/ginkgo/v2 v2.28.1/go.mod h1:CLtbVInNckU3/+gC8LzkGUb9oF+e8W8TdUsxPwvdOgE=
+github.com/onsi/gomega v1.39.1 h1:1IJLAad4zjPn2PsnhH70V4DKRFlrCzGBNrNaru+Vf28=
+github.com/onsi/gomega v1.39.1/go.mod h1:hL6yVALoTOxeWudERyfppUcZXjMwIMLnuSfruD2lcfg=
 github.com/pelletier/go-toml/v2 v2.2.4 h1:mye9XuhQ6gvn5h28+VilKrrPoQVanw5PMw/TB0t5Ec4=
 github.com/pelletier/go-toml/v2 v2.2.4/go.mod h1:2gIqNv+qfxSVS7cM2xJQKtLSTLUE9V8t9Stt+h56mCY=
 github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA=
@@ -301,8 +301,8 @@ github.com/xrash/smetrics v0.0.0-20250705151800-55b8f293f342/go.mod h1:Ohn+xnUBi
 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
 github.com/zeebo/assert v1.3.0 h1:g7C04CbJuIDKNPFHmsk4hwZDO5O+kntRxzaUoNXj+IQ=
 github.com/zeebo/assert v1.3.0/go.mod h1:Pq9JiuJQpG8JLJdtkwrJESF0Foym2/D9XMU5ciN/wJ0=
-github.com/zeebo/xxh3 v1.0.2 h1:xZmwmqxHZA8AI603jOQ0tMqmBr9lPeFwGg6d+xy9DC0=
-github.com/zeebo/xxh3 v1.0.2/go.mod h1:5NWz9Sef7zIDm2JHfFlcQvNekmcEl9ekUZQQKCYaDcA=
+github.com/zeebo/xxh3 v1.1.0 h1:s7DLGDK45Dyfg7++yxI0khrfwq9661w9EN78eP/UZVs=
+github.com/zeebo/xxh3 v1.1.0/go.mod h1:IisAie1LELR4xhVinxWS5+zf1lA4p0MW4T+w+W07F5s=
 go.opentelemetry.io/proto/otlp v1.9.0 h1:l706jCMITVouPOqEnii2fIAuO3IVGBRPV5ICjceRb/A=
 go.opentelemetry.io/proto/otlp v1.9.0/go.mod h1:xE+Cx5E/eEHw+ISFkwPLwCZefwVjY+pqKg1qcK03+/4=
 go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
@@ -319,20 +319,20 @@ golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliY
 golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
 golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8=
 golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk=
-golang.org/x/crypto v0.47.0 h1:V6e3FRj+n4dbpw86FJ8Fv7XVOql7TEwpHapKoMJ/GO8=
-golang.org/x/crypto v0.47.0/go.mod h1:ff3Y9VzzKbwSSEzWqJsJVBnWmRwRSHt/6Op5n9bQc4A=
+golang.org/x/crypto v0.48.0 h1:/VRzVqiRSggnhY7gNRxPauEQ5Drw9haKdM0jqfcCFts=
+golang.org/x/crypto v0.48.0/go.mod h1:r0kV5h3qnFPlQnBSrULhlsRfryS2pmewsg+XfMgkVos=
 golang.org/x/exp v0.0.0-20260112195511-716be5621a96 h1:Z/6YuSHTLOHfNFdb8zVZomZr7cqNgTJvA8+Qz75D8gU=
 golang.org/x/exp v0.0.0-20260112195511-716be5621a96/go.mod h1:nzimsREAkjBCIEFtHiYkrJyT+2uy9YZJB7H1k68CXZU=
 golang.org/x/image v0.0.0-20191009234506-e7c1f5e7dbb8/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
-golang.org/x/image v0.35.0 h1:LKjiHdgMtO8z7Fh18nGY6KDcoEtVfsgLDPeLyguqb7I=
-golang.org/x/image v0.35.0/go.mod h1:MwPLTVgvxSASsxdLzKrl8BRFuyqMyGhLwmC+TO1Sybk=
+golang.org/x/image v0.36.0 h1:Iknbfm1afbgtwPTmHnS2gTM/6PPZfH+z2EFuOkSbqwc=
+golang.org/x/image v0.36.0/go.mod h1:YsWD2TyyGKiIX1kZlu9QfKIsQ4nAAK9bdgdrIsE7xy4=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
 golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/mod v0.15.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
-golang.org/x/mod v0.32.0 h1:9F4d3PHLljb6x//jOyokMv3eX+YDeepZSEo3mFJy93c=
-golang.org/x/mod v0.32.0/go.mod h1:SgipZ/3h2Ci89DlEtEXWUk/HteuRin+HHhN+WbNhguU=
+golang.org/x/mod v0.33.0 h1:tHFzIWbBifEmbwtGz65eaWyGiGZatSrT9prnU8DbVL8=
+golang.org/x/mod v0.33.0/go.mod h1:swjeQEj+6r7fODbD2cqrnje9PnziFuw4bmLbBZFrQ5w=
 golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
@@ -344,8 +344,8 @@ golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk=
 golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
 golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM=
 golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4=
-golang.org/x/net v0.49.0 h1:eeHFmOGUTtaaPSGNmjBKpbng9MulQsJURQUAfUwY++o=
-golang.org/x/net v0.49.0/go.mod h1:/ysNB2EvaqvesRkuLAyjI1ycPZlQHM3q01F02UY/MV8=
+golang.org/x/net v0.50.0 h1:ucWh9eiCGyDR3vtzso0WMQinm2Dnt8cFMuQa9K33J60=
+golang.org/x/net v0.50.0/go.mod h1:UgoSli3F/pBgdJBHCTc+tp3gmrU4XswgGRgtnwWTfyM=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -370,11 +370,11 @@ golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/sys v0.40.0 h1:DBZZqJ2Rkml6QMQsZywtnjnnGvHza6BTfYFWY9kjEWQ=
-golang.org/x/sys v0.40.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
+golang.org/x/sys v0.41.0 h1:Ivj+2Cp/ylzLiEU89QhWblYnOE9zerudt9Ftecq2C6k=
+golang.org/x/sys v0.41.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
 golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE=
-golang.org/x/telemetry v0.0.0-20260109210033-bd525da824e2 h1:O1cMQHRfwNpDfDJerqRoE2oD+AFlyid87D40L/OkkJo=
-golang.org/x/telemetry v0.0.0-20260109210033-bd525da824e2/go.mod h1:b7fPSJ0pKZ3ccUh8gnTONJxhn3c/PS6tyzQvyqw4iA8=
+golang.org/x/telemetry v0.0.0-20260209163413-e7419c687ee4 h1:bTLqdHv7xrGlFbvf5/TXNxy/iUwwdkjhqQTJDjW7aj0=
+golang.org/x/telemetry v0.0.0-20260209163413-e7419c687ee4/go.mod h1:g5NllXBEermZrmR51cJDQxmJUHUOfRAaNyWBM+R+548=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
@@ -383,8 +383,8 @@ golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU=
 golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk=
 golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY=
 golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM=
-golang.org/x/term v0.39.0 h1:RclSuaJf32jOqZz74CkPA9qFuVTX7vhLlpfj/IGWlqY=
-golang.org/x/term v0.39.0/go.mod h1:yxzUCTP/U+FzoxfdKmLaA0RV1WgE0VY7hXBwKtY/4ww=
+golang.org/x/term v0.40.0 h1:36e4zGLqU4yhjlmxEaagx2KuYbJq3EwY8K943ZsHcvg=
+golang.org/x/term v0.40.0/go.mod h1:w2P8uVp06p2iyKKuvXIm7N/y0UCRt3UfJTfZ7oOpglM=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
@@ -395,8 +395,8 @@ golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
-golang.org/x/text v0.33.0 h1:B3njUFyqtHDUI5jMn1YIr5B0IE2U0qck04r6d4KPAxE=
-golang.org/x/text v0.33.0/go.mod h1:LuMebE6+rBincTi9+xWTY8TztLzKHc/9C1uBCG27+q8=
+golang.org/x/text v0.34.0 h1:oL/Qq0Kdaqxa1KbNeMKwQq0reLCCaFtqu2eNuSeNHbk=
+golang.org/x/text v0.34.0/go.mod h1:homfLqTYRFyVYemLBFl5GgL/DWEiH5wcsQ5gSh1yziA=
 golang.org/x/time v0.14.0 h1:MRx4UaLrDotUKUdCIqzPC48t1Y9hANFKIRpNx+Te8PI=
 golang.org/x/time v0.14.0/go.mod h1:eL/Oa2bBBK0TkX57Fyni+NgnyQQN4LitPmob2Hjnqw4=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
@@ -406,8 +406,8 @@ golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc
 golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
 golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58=
 golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk=
-golang.org/x/tools v0.41.0 h1:a9b8iMweWG+S0OBnlU36rzLp20z1Rp10w+IY2czHTQc=
-golang.org/x/tools v0.41.0/go.mod h1:XSY6eDqxVNiYgezAVqqCeihT4j1U2CCsqvH3WhQpnlg=
+golang.org/x/tools v0.42.0 h1:uNgphsn75Tdz5Ji2q36v/nsFSfR/9BRFvqhGBaJGd5k=
+golang.org/x/tools v0.42.0/go.mod h1:Ma6lCIwGZvHK6XtgbswSoWroEkhugApmsXyrUmBhfr0=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
 google.golang.org/protobuf v1.36.11 h1:fV6ZwhNocDyBLK0dj+fg8ektcVegBBuEolpbTQyBNVE=
--- a/log/log.go
+++ b/log/log.go
@@ -19,7 +19,7 @@ import (

 type Level uint32

-type LevelFunc = func(ctx interface{}, msg interface{}, keyValuePairs ...interface{})
+type LevelFunc = func(ctx any, msg any, keyValuePairs ...any)

 var redacted = &Hook{
 	AcceptedLevels: logrus.AllLevels,
@@ -152,7 +152,7 @@ func Redact(msg string) string {
 	return r
 }

-func NewContext(ctx context.Context, keyValuePairs ...interface{}) context.Context {
+func NewContext(ctx context.Context, keyValuePairs ...any) context.Context {
 	if ctx == nil {
 		ctx = context.Background()
 	}
@@ -184,32 +184,32 @@ func IsGreaterOrEqualTo(level Level) bool {
 	return shouldLog(level, 2)
 }

-func Fatal(args ...interface{}) {
+func Fatal(args ...any) {
 	Log(LevelFatal, args...)
 	os.Exit(1)
 }

-func Error(args ...interface{}) {
+func Error(args ...any) {
 	Log(LevelError, args...)
 }

-func Warn(args ...interface{}) {
+func Warn(args ...any) {
 	Log(LevelWarn, args...)
 }

-func Info(args ...interface{}) {
+func Info(args ...any) {
 	Log(LevelInfo, args...)
 }

-func Debug(args ...interface{}) {
+func Debug(args ...any) {
 	Log(LevelDebug, args...)
 }

-func Trace(args ...interface{}) {
+func Trace(args ...any) {
 	Log(LevelTrace, args...)
 }

-func Log(level Level, args ...interface{}) {
+func Log(level Level, args ...any) {
 	if !shouldLog(level, 3) {
 		return
 	}
@@ -250,7 +250,7 @@ func shouldLog(requiredLevel Level, skip int) bool {
 	return false
 }

-func parseArgs(args []interface{}) (*logrus.Entry, string) {
+func parseArgs(args []any) (*logrus.Entry, string) {
 	var l *logrus.Entry
 	var err error
 	if args[0] == nil {
@@ -289,7 +289,7 @@ func parseArgs(args []interface{}) (*logrus.Entry, string) {
 	return l, ""
 }

-func addFields(logger *logrus.Entry, keyValuePairs []interface{}) *logrus.Entry {
+func addFields(logger *logrus.Entry, keyValuePairs []any) *logrus.Entry {
 	for i := 0; i < len(keyValuePairs); i += 2 {
 		switch name := keyValuePairs[i].(type) {
 		case error:
@@ -316,7 +316,7 @@ func addFields(logger *logrus.Entry, keyValuePairs []interface{}) *logrus.Entry
 	return logger
 }

-func extractLogger(ctx interface{}) (*logrus.Entry, error) {
+func extractLogger(ctx any) (*logrus.Entry, error) {
 	switch ctx := ctx.(type) {
 	case *logrus.Entry:
 		return ctx, nil
--- a/model/criteria/fields.go
+++ b/model/criteria/fields.go
@@ -23,6 +23,7 @@ var fieldMap = map[string]*mappedField{
 	"releasedate":          {field: "media_file.release_date"},
 	"size":                 {field: "media_file.size"},
 	"compilation":          {field: "media_file.compilation"},
+	"explicitstatus":       {field: "media_file.explicit_status"},
 	"dateadded":            {field: "media_file.created_at"},
 	"datemodified":         {field: "media_file.updated_at"},
 	"discsubtitle":         {field: "media_file.disc_subtitle"},
--- a/model/datastore.go
+++ b/model/datastore.go
@@ -41,7 +41,7 @@ type DataStore interface {
 	Scrobble(ctx context.Context) ScrobbleRepository
 	Plugin(ctx context.Context) PluginRepository

-	Resource(ctx context.Context, model interface{}) ResourceRepository
+	Resource(ctx context.Context, model any) ResourceRepository

 	WithTx(block func(tx DataStore) error, scope ...string) error
 	WithTxImmediate(block func(tx DataStore) error, scope ...string) error
--- a/model/get_entity.go
+++ b/model/get_entity.go
@@ -5,7 +5,7 @@ import (
 )

 // TODO: Should the type be encoded in the ID?
-func GetEntityByID(ctx context.Context, ds DataStore, id string) (interface{}, error) {
+func GetEntityByID(ctx context.Context, ds DataStore, id string) (any, error) {
 	ar, err := ds.Artist(ctx).Get(id)
 	if err == nil {
 		return ar, nil
--- a/model/mediafile.go
+++ b/model/mediafile.go
@@ -140,7 +140,7 @@ func (mf MediaFile) Hash() string {
 	}
 	hash, _ := hashstructure.Hash(mf, opts)
 	sum := md5.New()
-	sum.Write([]byte(fmt.Sprintf("%d", hash)))
+	sum.Write(fmt.Appendf(nil, "%d", hash))
 	sum.Write(mf.Tags.Hash())
 	sum.Write(mf.Participants.Hash())
 	return fmt.Sprintf("%x", sum.Sum(nil))
--- a/model/metadata/metadata.go
+++ b/model/metadata/metadata.go
@@ -250,7 +250,15 @@ func processPairMapping(name model.TagName, mapping model.TagConf, lowered model
 	id3Base := parseID3Pairs(name, lowered)

 	if len(aliasValues) > 0 {
-		id3Base = append(id3Base, parseVorbisPairs(aliasValues)...)
+		// For lyrics, don't use parseVorbisPairs as parentheses in lyrics content
+		// should not be interpreted as language keys (e.g. "(intro)" is not a language)
+		if name == model.TagLyrics {
+			for _, v := range aliasValues {
+				id3Base = append(id3Base, NewPair("xxx", v))
+			}
+		} else {
+			id3Base = append(id3Base, parseVorbisPairs(aliasValues)...)
+		}
 	}
 	return id3Base
 }
@@ -260,8 +268,8 @@ func parseID3Pairs(name model.TagName, lowered model.Tags) []string {
 	prefix := string(name) + ":"
 	for tagKey, tagValues := range lowered {
 		keyStr := string(tagKey)
-		if strings.HasPrefix(keyStr, prefix) {
-			keyPart := strings.TrimPrefix(keyStr, prefix)
+		if after, ok := strings.CutPrefix(keyStr, prefix); ok {
+			keyPart := after
 			if keyPart == string(name) {
 				keyPart = ""
 			}
--- a/model/metadata/metadata_test.go
+++ b/model/metadata/metadata_test.go
@@ -246,6 +246,18 @@ var _ = Describe("Metadata", func() {
 					metadata.NewPair("eng", "Lyrics"),
 				))
 			})
+
+			It("should preserve lyrics starting with parentheses from alias tags", func() {
+				props.Tags = model.RawTags{
+					"LYRICS": {"(line one)\nline two\nline three"},
+				}
+				md = metadata.New(filePath, props)
+
+				Expect(md.All()).To(HaveKey(model.TagLyrics))
+				Expect(md.Strings(model.TagLyrics)).To(ContainElements(
+					metadata.NewPair("xxx", "(line one)\nline two\nline three"),
+				))
+			})
 		})

 		Describe("ReplayGain", func() {
--- a/model/metadata/persistent_ids.go
+++ b/model/metadata/persistent_ids.go
@@ -49,8 +49,8 @@ func createGetPID(hash hashFunc) getPIDFunc {
 	}
 	getPID = func(mf model.MediaFile, md Metadata, spec string, prependLibId bool) string {
 		pid := ""
-		fields := strings.Split(spec, "|")
-		for _, field := range fields {
+		fields := strings.SplitSeq(spec, "|")
+		for field := range fields {
 			attributes := strings.Split(field, ",")
 			hasValue := false
 			values := slice.Map(attributes, func(attr string) string {
--- a/model/scanner.go
+++ b/model/scanner.go
@@ -51,13 +51,13 @@ func ParseTargets(libFolders []string) ([]ScanTarget, error) {
 		}

 		// Split by the first colon
-		colonIdx := strings.Index(part, ":")
-		if colonIdx == -1 {
+		before, after, ok := strings.Cut(part, ":")
+		if !ok {
 			return nil, fmt.Errorf("invalid target format: %q (expected libraryID:folderPath)", part)
 		}

-		libIDStr := part[:colonIdx]
-		folderPath := part[colonIdx+1:]
+		libIDStr := before
+		folderPath := after

 		libID, err := strconv.Atoi(libIDStr)
 		if err != nil {
--- a/model/share.go
+++ b/model/share.go
@@ -22,8 +22,8 @@ type Share struct {
 	Format        string     `structs:"format" json:"format,omitempty"`
 	MaxBitRate    int        `structs:"max_bit_rate" json:"maxBitRate,omitempty"`
 	VisitCount    int        `structs:"visit_count" json:"visitCount,omitempty"`
-	CreatedAt     time.Time  `structs:"created_at" json:"createdAt,omitempty"`
-	UpdatedAt     time.Time  `structs:"updated_at" json:"updatedAt,omitempty"`
+	CreatedAt     time.Time  `structs:"created_at" json:"createdAt"`
+	UpdatedAt     time.Time  `structs:"updated_at" json:"updatedAt"`
 	Tracks        MediaFiles `structs:"-" json:"tracks,omitempty"`
 	Albums        Albums     `structs:"-" json:"albums,omitempty"`
 	URL           string     `structs:"-" json:"-"`
--- a/model/tag.go
+++ b/model/tag.go
@@ -144,10 +144,8 @@ func (t Tags) Merge(tags Tags) {
 }

 func (t Tags) Add(name TagName, v string) {
-	for _, existing := range t[name] {
-		if existing == v {
-			return
-		}
+	if slices.Contains(t[name], v) {
+		return
 	}
 	t[name] = append(t[name], v)
 }
--- a/persistence/album_repository.go
+++ b/persistence/album_repository.go
@@ -145,11 +145,11 @@ func recentlyAddedSort() string {
 	return "created_at"
 }

-func recentlyPlayedFilter(string, interface{}) Sqlizer {
+func recentlyPlayedFilter(string, any) Sqlizer {
 	return Gt{"play_count": 0}
 }

-func yearFilter(_ string, value interface{}) Sqlizer {
+func yearFilter(_ string, value any) Sqlizer {
 	return Or{
 		And{
 			Gt{"min_year": 0},
@@ -160,14 +160,14 @@ func yearFilter(_ string, value interface{}) Sqlizer {
 	}
 }

-func artistFilter(_ string, value interface{}) Sqlizer {
+func artistFilter(_ string, value any) Sqlizer {
 	return Or{
 		Exists("json_tree(participants, '$.albumartist')", Eq{"value": value}),
 		Exists("json_tree(participants, '$.artist')", Eq{"value": value}),
 	}
 }

-func artistRoleFilter(name string, value interface{}) Sqlizer {
+func artistRoleFilter(name string, value any) Sqlizer {
 	roleName := strings.TrimSuffix(strings.TrimPrefix(name, "role_"), "_id")

 	// Check if the role name is valid. If not, return an invalid filter
@@ -177,7 +177,7 @@ func artistRoleFilter(name string, value interface{}) Sqlizer {
 	return Exists(fmt.Sprintf("json_tree(participants, '$.%s')", roleName), Eq{"value": value})
 }

-func allRolesFilter(_ string, value interface{}) Sqlizer {
+func allRolesFilter(_ string, value any) Sqlizer {
 	return Like{"participants": fmt.Sprintf(`%%"%s"%%`, value)}
 }

@@ -248,7 +248,7 @@ func (r *albumRepository) CopyAttributes(fromID, toID string, columns ...string)
 	if err != nil {
 		return fmt.Errorf("getting album to copy fields from: %w", err)
 	}
-	to := make(map[string]interface{})
+	to := make(map[string]any)
 	for _, col := range columns {
 		to[col] = from[col]
 	}
@@ -370,11 +370,11 @@ func (r *albumRepository) Count(options ...rest.QueryOptions) (int64, error) {
 	return r.CountAll(r.parseRestOptions(r.ctx, options...))
 }

-func (r *albumRepository) Read(id string) (interface{}, error) {
+func (r *albumRepository) Read(id string) (any, error) {
 	return r.Get(id)
 }

-func (r *albumRepository) ReadAll(options ...rest.QueryOptions) (interface{}, error) {
+func (r *albumRepository) ReadAll(options ...rest.QueryOptions) (any, error) {
 	return r.GetAll(r.parseRestOptions(r.ctx, options...))
 }

@@ -382,7 +382,7 @@ func (r *albumRepository) EntityName() string {
 	return "album"
 }

-func (r *albumRepository) NewInstance() interface{} {
+func (r *albumRepository) NewInstance() any {
 	return &model.Album{}
 }

--- a/persistence/album_repository_test.go
+++ b/persistence/album_repository_test.go
@@ -162,7 +162,7 @@ var _ = Describe("AlbumRepository", func() {

 				newID := id.NewRandom()
 				Expect(albumRepo.Put(&model.Album{LibraryID: 1, ID: newID, Name: "name", SongCount: songCount})).To(Succeed())
-				for i := 0; i < playCount; i++ {
+				for range playCount {
 					Expect(albumRepo.IncPlayCount(newID, time.Now())).To(Succeed())
 				}

@@ -185,7 +185,7 @@ var _ = Describe("AlbumRepository", func() {

 				newID := id.NewRandom()
 				Expect(albumRepo.Put(&model.Album{LibraryID: 1, ID: newID, Name: "name", SongCount: songCount})).To(Succeed())
-				for i := 0; i < playCount; i++ {
+				for range playCount {
 					Expect(albumRepo.IncPlayCount(newID, time.Now())).To(Succeed())
 				}

@@ -406,7 +406,7 @@ var _ = Describe("AlbumRepository", func() {
 				sql, args, err := sqlizer.ToSql()
 				Expect(err).ToNot(HaveOccurred())
 				Expect(sql).To(Equal(expectedSQL))
-				Expect(args).To(Equal([]interface{}{artistID}))
+				Expect(args).To(Equal([]any{artistID}))
 			},
 			Entry("artist role", "role_artist_id", "123",
 				"exists (select 1 from json_tree(participants, '$.artist') where value = ?)"),
@@ -428,7 +428,7 @@ var _ = Describe("AlbumRepository", func() {
 				sql, args, err := sqlizer.ToSql()
 				Expect(err).ToNot(HaveOccurred())
 				Expect(sql).To(Equal(fmt.Sprintf("exists (select 1 from json_tree(participants, '$.%s') where value = ?)", roleName)))
-				Expect(args).To(Equal([]interface{}{"test-id"}))
+				Expect(args).To(Equal([]any{"test-id"}))
 			}
 		})

--- a/persistence/artist_repository.go
+++ b/persistence/artist_repository.go
@@ -164,7 +164,7 @@ func roleFilter(_ string, role any) Sqlizer {
 }

 // artistLibraryIdFilter filters artists based on library access through the library_artist table
-func artistLibraryIdFilter(_ string, value interface{}) Sqlizer {
+func artistLibraryIdFilter(_ string, value any) Sqlizer {
 	return Eq{"library_artist.library_id": value}
 }

@@ -534,11 +534,11 @@ func (r *artistRepository) Count(options ...rest.QueryOptions) (int64, error) {
 	return r.CountAll(r.parseRestOptions(r.ctx, options...))
 }

-func (r *artistRepository) Read(id string) (interface{}, error) {
+func (r *artistRepository) Read(id string) (any, error) {
 	return r.Get(id)
 }

-func (r *artistRepository) ReadAll(options ...rest.QueryOptions) (interface{}, error) {
+func (r *artistRepository) ReadAll(options ...rest.QueryOptions) (any, error) {
 	role := "total"
 	if len(options) > 0 {
 		if v, ok := options[0].Filters["role"].(string); ok {
@@ -555,7 +555,7 @@ func (r *artistRepository) EntityName() string {
 	return "artist"
 }

-func (r *artistRepository) NewInstance() interface{} {
+func (r *artistRepository) NewInstance() any {
 	return &model.Artist{}
 }

--- a/persistence/folder_repository.go
+++ b/persistence/folder_repository.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
+	"maps"
 	"os"
 	"path/filepath"
 	"slices"
@@ -117,9 +118,7 @@ func (r folderRepository) GetFolderUpdateInfo(lib model.Library, targetPaths ...
 		if err != nil {
 			return nil, err
 		}
-		for id, info := range batchResult {
-			result[id] = info
-		}
+		maps.Copy(result, batchResult)
 	}

 	return result, nil
--- a/persistence/genre_repository.go
+++ b/persistence/genre_repository.go
@@ -33,18 +33,18 @@ func (r *genreRepository) GetAll(opt ...model.QueryOptions) (model.Genres, error

 // Override ResourceRepository methods to return Genre objects instead of Tag objects

-func (r *genreRepository) Read(id string) (interface{}, error) {
+func (r *genreRepository) Read(id string) (any, error) {
 	sel := r.selectGenre().Where(Eq{"tag.id": id})
 	var res model.Genre
 	err := r.queryOne(sel, &res)
 	return &res, err
 }

-func (r *genreRepository) ReadAll(options ...rest.QueryOptions) (interface{}, error) {
+func (r *genreRepository) ReadAll(options ...rest.QueryOptions) (any, error) {
 	return r.GetAll(r.parseRestOptions(r.ctx, options...))
 }

-func (r *genreRepository) NewInstance() interface{} {
+func (r *genreRepository) NewInstance() any {
 	return &model.Genre{}
 }

--- a/persistence/genre_repository_test.go
+++ b/persistence/genre_repository_test.go
@@ -182,7 +182,7 @@ var _ = Describe("GenreRepository", func() {
 		It("should filter by name using like match", func() {
 			// Test filtering by partial name match using the "name" filter which maps to containsFilter("tag_value")
 			options := rest.QueryOptions{
-				Filters: map[string]interface{}{"name": "%rock%"},
+				Filters: map[string]any{"name": "%rock%"},
 			}
 			count, err := restRepo.Count(options)
 			Expect(err).ToNot(HaveOccurred())
@@ -289,7 +289,7 @@ var _ = Describe("GenreRepository", func() {
 			It("should allow headless processes to apply explicit library_id filters", func() {
 				// Filter by specific library
 				genres, err := headlessRestRepo.ReadAll(rest.QueryOptions{
-					Filters: map[string]interface{}{"library_id": 2},
+					Filters: map[string]any{"library_id": 2},
 				})
 				Expect(err).ToNot(HaveOccurred())

--- a/persistence/helpers.go
+++ b/persistence/helpers.go
@@ -15,7 +15,7 @@ type PostMapper interface {
 	PostMapArgs(map[string]any) error
 }

-func toSQLArgs(rec interface{}) (map[string]interface{}, error) {
+func toSQLArgs(rec any) (map[string]any, error) {
 	m := structs.Map(rec)
 	for k, v := range m {
 		switch t := v.(type) {
@@ -71,7 +71,7 @@ type existsCond struct {
 	not      bool
 }

-func (e existsCond) ToSql() (string, []interface{}, error) {
+func (e existsCond) ToSql() (string, []any, error) {
 	sql, args, err := e.cond.ToSql()
 	sql = fmt.Sprintf("exists (select 1 from %s where %s)", e.subTable, sql)
 	if e.not {
--- a/persistence/library_repository.go
+++ b/persistence/library_repository.go
@@ -305,7 +305,7 @@ func (r *libraryRepository) Count(options ...rest.QueryOptions) (int64, error) {
 	return r.CountAll(r.parseRestOptions(r.ctx, options...))
 }

-func (r *libraryRepository) Read(id string) (interface{}, error) {
+func (r *libraryRepository) Read(id string) (any, error) {
 	idInt, err := strconv.Atoi(id)
 	if err != nil {
 		log.Trace(r.ctx, "invalid library id: %s", id, err)
@@ -314,7 +314,7 @@ func (r *libraryRepository) Read(id string) (interface{}, error) {
 	return r.Get(idInt)
 }

-func (r *libraryRepository) ReadAll(options ...rest.QueryOptions) (interface{}, error) {
+func (r *libraryRepository) ReadAll(options ...rest.QueryOptions) (any, error) {
 	return r.GetAll(r.parseRestOptions(r.ctx, options...))
 }

@@ -322,11 +322,11 @@ func (r *libraryRepository) EntityName() string {
 	return "library"
 }

-func (r *libraryRepository) NewInstance() interface{} {
+func (r *libraryRepository) NewInstance() any {
 	return &model.Library{}
 }

-func (r *libraryRepository) Save(entity interface{}) (string, error) {
+func (r *libraryRepository) Save(entity any) (string, error) {
 	lib := entity.(*model.Library)
 	lib.ID = 0 // Reset ID to ensure we create a new library
 	err := r.Put(lib)
@@ -336,7 +336,7 @@ func (r *libraryRepository) Save(entity interface{}) (string, error) {
 	return strconv.Itoa(lib.ID), nil
 }

-func (r *libraryRepository) Update(id string, entity interface{}, cols ...string) error {
+func (r *libraryRepository) Update(id string, entity any, cols ...string) error {
 	lib := entity.(*model.Library)
 	idInt, err := strconv.Atoi(id)
 	if err != nil {
--- a/persistence/mediafile_repository.go
+++ b/persistence/mediafile_repository.go
@@ -443,11 +443,11 @@ func (r *mediaFileRepository) Count(options ...rest.QueryOptions) (int64, error)
 	return r.CountAll(r.parseRestOptions(r.ctx, options...))
 }

-func (r *mediaFileRepository) Read(id string) (interface{}, error) {
+func (r *mediaFileRepository) Read(id string) (any, error) {
 	return r.Get(id)
 }

-func (r *mediaFileRepository) ReadAll(options ...rest.QueryOptions) (interface{}, error) {
+func (r *mediaFileRepository) ReadAll(options ...rest.QueryOptions) (any, error) {
 	return r.GetAll(r.parseRestOptions(r.ctx, options...))
 }

@@ -455,7 +455,7 @@ func (r *mediaFileRepository) EntityName() string {
 	return "mediafile"
 }

-func (r *mediaFileRepository) NewInstance() interface{} {
+func (r *mediaFileRepository) NewInstance() any {
 	return &model.MediaFile{}
 }

--- a/persistence/mediafile_repository_test.go
+++ b/persistence/mediafile_repository_test.go
@@ -310,7 +310,7 @@ var _ = Describe("MediaRepository", func() {

 				// Update "Old Song": created long ago, updated recently
 				_, err := db.Update("media_file",
-					map[string]interface{}{
+					map[string]any{
 						"created_at": oldTime,
 						"updated_at": newTime,
 					},
@@ -319,7 +319,7 @@ var _ = Describe("MediaRepository", func() {

 				// Update "Middle Song": created and updated at the same middle time
 				_, err = db.Update("media_file",
-					map[string]interface{}{
+					map[string]any{
 						"created_at": middleTime,
 						"updated_at": middleTime,
 					},
@@ -328,7 +328,7 @@ var _ = Describe("MediaRepository", func() {

 				// Update "New Song": created recently, updated long ago
 				_, err = db.Update("media_file",
-					map[string]interface{}{
+					map[string]any{
 						"created_at": newTime,
 						"updated_at": oldTime,
 					},
--- a/persistence/persistence.go
+++ b/persistence/persistence.go
@@ -97,7 +97,7 @@ func (s *SQLStore) Plugin(ctx context.Context) model.PluginRepository {
 	return NewPluginRepository(ctx, s.getDBXBuilder())
 }

-func (s *SQLStore) Resource(ctx context.Context, m interface{}) model.ResourceRepository {
+func (s *SQLStore) Resource(ctx context.Context, m any) model.ResourceRepository {
 	switch m.(type) {
 	case model.User:
 		return s.User(ctx).(model.ResourceRepository)
--- a/persistence/player_repository.go
+++ b/persistence/player_repository.go
@@ -103,14 +103,14 @@ func (r *playerRepository) Count(options ...rest.QueryOptions) (int64, error) {
 	return r.CountAll(r.parseRestOptions(r.ctx, options...))
 }

-func (r *playerRepository) Read(id string) (interface{}, error) {
+func (r *playerRepository) Read(id string) (any, error) {
 	sel := r.newRestSelect().Where(Eq{"player.id": id})
 	var res model.Player
 	err := r.queryOne(sel, &res)
 	return &res, err
 }

-func (r *playerRepository) ReadAll(options ...rest.QueryOptions) (interface{}, error) {
+func (r *playerRepository) ReadAll(options ...rest.QueryOptions) (any, error) {
 	sel := r.newRestSelect(r.parseRestOptions(r.ctx, options...))
 	res := model.Players{}
 	err := r.queryAll(sel, &res)
@@ -121,7 +121,7 @@ func (r *playerRepository) EntityName() string {
 	return "player"
 }

-func (r *playerRepository) NewInstance() interface{} {
+func (r *playerRepository) NewInstance() any {
 	return &model.Player{}
 }

@@ -130,7 +130,7 @@ func (r *playerRepository) isPermitted(p *model.Player) bool {
 	return u.IsAdmin || p.UserId == u.ID
 }

-func (r *playerRepository) Save(entity interface{}) (string, error) {
+func (r *playerRepository) Save(entity any) (string, error) {
 	t := entity.(*model.Player)
 	if !r.isPermitted(t) {
 		return "", rest.ErrPermissionDenied
@@ -142,7 +142,7 @@ func (r *playerRepository) Save(entity interface{}) (string, error) {
 	return id, err
 }

-func (r *playerRepository) Update(id string, entity interface{}, cols ...string) error {
+func (r *playerRepository) Update(id string, entity any, cols ...string) error {
 	t := entity.(*model.Player)
 	t.ID = id
 	if !r.isPermitted(t) {
--- a/persistence/playlist_repository.go
+++ b/persistence/playlist_repository.go
@@ -61,14 +61,14 @@ func NewPlaylistRepository(ctx context.Context, db dbx.Builder) model.PlaylistRe
 	return r
 }

-func playlistFilter(_ string, value interface{}) Sqlizer {
+func playlistFilter(_ string, value any) Sqlizer {
 	return Or{
 		substringFilter("playlist.name", value),
 		substringFilter("playlist.comment", value),
 	}
 }

-func smartPlaylistFilter(string, interface{}) Sqlizer {
+func smartPlaylistFilter(string, any) Sqlizer {
 	return Or{
 		Eq{"rules": ""},
 		Eq{"rules": nil},
@@ -96,16 +96,6 @@ func (r *playlistRepository) Exists(id string) (bool, error) {
 }

 func (r *playlistRepository) Delete(id string) error {
-	usr := loggedUser(r.ctx)
-	if !usr.IsAdmin {
-		pls, err := r.Get(id)
-		if err != nil {
-			return err
-		}
-		if pls.OwnerID != usr.ID {
-			return rest.ErrPermissionDenied
-		}
-	}
 	return r.delete(And{Eq{"id": id}, r.userFilter()})
 }

@@ -113,14 +103,6 @@ func (r *playlistRepository) Put(p *model.Playlist) error {
 	pls := dbPlaylist{Playlist: *p}
 	if pls.ID == "" {
 		pls.CreatedAt = time.Now()
-	} else {
-		ok, err := r.Exists(pls.ID)
-		if err != nil {
-			return err
-		}
-		if !ok {
-			return model.ErrNotAuthorized
-		}
 	}
 	pls.UpdatedAt = time.Now()

@@ -132,7 +114,6 @@ func (r *playlistRepository) Put(p *model.Playlist) error {

 	if p.IsSmartPlaylist() {
 		// Do not update tracks at this point, as it may take a long time and lock the DB, breaking the scan process
-		//r.refreshSmartPlaylist(p)
 		return nil
 	}
 	// Only update tracks if they were specified
@@ -285,13 +266,16 @@ func (r *playlistRepository) refreshSmartPlaylist(pls *model.Playlist) bool {
 	}

 	// Update when the playlist was last refreshed (for cache purposes)
-	updSql := Update(r.tableName).Set("evaluated_at", time.Now()).Where(Eq{"id": pls.ID})
+	now := time.Now()
+	updSql := Update(r.tableName).Set("evaluated_at", now).Where(Eq{"id": pls.ID})
 	_, err = r.executeSQL(updSql)
 	if err != nil {
 		log.Error(r.ctx, "Error updating smart playlist", "playlist", pls.Name, "id", pls.ID, err)
 		return false
 	}

+	pls.EvaluatedAt = &now
+
 	log.Debug(r.ctx, "Refreshed playlist", "playlist", pls.Name, "id", pls.ID, "numTracks", pls.SongCount, "elapsed", time.Since(start))

 	return true
@@ -317,10 +301,6 @@ func (r *playlistRepository) updateTracks(id string, tracks model.MediaFiles) er
 }

 func (r *playlistRepository) updatePlaylist(playlistId string, mediaFileIds []string) error {
-	if !r.isWritable(playlistId) {
-		return rest.ErrPermissionDenied
-	}
-
 	// Remove old tracks
 	del := Delete("playlist_tracks").Where(Eq{"playlist_id": playlistId})
 	_, err := r.executeSQL(del)
@@ -418,11 +398,11 @@ func (r *playlistRepository) Count(options ...rest.QueryOptions) (int64, error)
 	return r.CountAll(r.parseRestOptions(r.ctx, options...))
 }

-func (r *playlistRepository) Read(id string) (interface{}, error) {
+func (r *playlistRepository) Read(id string) (any, error) {
 	return r.Get(id)
 }

-func (r *playlistRepository) ReadAll(options ...rest.QueryOptions) (interface{}, error) {
+func (r *playlistRepository) ReadAll(options ...rest.QueryOptions) (any, error) {
 	return r.GetAll(r.parseRestOptions(r.ctx, options...))
 }

@@ -430,14 +410,13 @@ func (r *playlistRepository) EntityName() string {
 	return "playlist"
 }

-func (r *playlistRepository) NewInstance() interface{} {
+func (r *playlistRepository) NewInstance() any {
 	return &model.Playlist{}
 }

-func (r *playlistRepository) Save(entity interface{}) (string, error) {
+func (r *playlistRepository) Save(entity any) (string, error) {
 	pls := entity.(*model.Playlist)
-	pls.OwnerID = loggedUser(r.ctx).ID
-	pls.ID = "" // Make sure we don't override an existing playlist
+	pls.ID = "" // Force new creation
 	err := r.Put(pls)
 	if err != nil {
 		return "", err
@@ -445,26 +424,11 @@ func (r *playlistRepository) Save(entity interface{}) (string, error) {
 	return pls.ID, err
 }

-func (r *playlistRepository) Update(id string, entity interface{}, cols ...string) error {
+func (r *playlistRepository) Update(id string, entity any, cols ...string) error {
 	pls := dbPlaylist{Playlist: *entity.(*model.Playlist)}
-	current, err := r.Get(id)
-	if err != nil {
-		return err
-	}
-	usr := loggedUser(r.ctx)
-	if !usr.IsAdmin {
-		// Only the owner can update the playlist
-		if current.OwnerID != usr.ID {
-			return rest.ErrPermissionDenied
-		}
-		// Regular users can't change the ownership of a playlist
-		if pls.OwnerID != "" && pls.OwnerID != usr.ID {
-			return rest.ErrPermissionDenied
-		}
-	}
 	pls.ID = id
 	pls.UpdatedAt = time.Now()
-	_, err = r.put(id, pls, append(cols, "updatedAt")...)
+	_, err := r.put(id, pls, append(cols, "updatedAt")...)
 	if errors.Is(err, model.ErrNotFound) {
 		return rest.ErrNotFound
 	}
@@ -504,23 +468,31 @@ func (r *playlistRepository) removeOrphans() error {
 	return nil
 }

+// renumber updates the position of all tracks in the playlist to be sequential starting from 1, ordered by their
+// current position. This is needed after removing orphan tracks, to ensure there are no gaps in the track numbering.
+// The two-step approach (negate then reassign via CTE) avoids UNIQUE constraint violations on (playlist_id, id).
 func (r *playlistRepository) renumber(id string) error {
-	var ids []string
-	sq := Select("media_file_id").From("playlist_tracks").Where(Eq{"playlist_id": id}).OrderBy("id")
-	err := r.queryAllSlice(sq, &ids)
+	// Step 1: Negate all IDs to clear the positive ID space
+	_, err := r.executeSQL(Expr(
+		`UPDATE playlist_tracks SET id = -id WHERE playlist_id = ? AND id > 0`, id))
 	if err != nil {
 		return err
 	}
-	return r.updatePlaylist(id, ids)
-}
-
-func (r *playlistRepository) isWritable(playlistId string) bool {
-	usr := loggedUser(r.ctx)
-	if usr.IsAdmin {
-		return true
+	// Step 2: Assign new sequential positive IDs using UPDATE...FROM with a CTE.
+	// The CTE is fully materialized before the UPDATE begins, avoiding self-referencing issues.
+	// ORDER BY id DESC restores original order since IDs are now negative.
+	_, err = r.executeSQL(Expr(
+		`WITH new_ids AS (
+			SELECT rowid as rid, ROW_NUMBER() OVER (ORDER BY id DESC) as new_id
+			FROM playlist_tracks WHERE playlist_id = ?
+		)
+		UPDATE playlist_tracks SET id = new_ids.new_id
+		FROM new_ids
+		WHERE playlist_tracks.rowid = new_ids.rid AND playlist_tracks.playlist_id = ?`, id, id))
+	if err != nil {
+		return err
 	}
-	pls, err := r.Get(playlistId)
-	return err == nil && pls.OwnerID == usr.ID
+	return r.refreshCounters(&model.Playlist{ID: id})
 }

 var _ model.PlaylistRepository = (*playlistRepository)(nil)
--- a/persistence/playlist_repository_test.go
+++ b/persistence/playlist_repository_test.go
@@ -4,6 +4,7 @@ import (
 	"time"

 	"github.com/navidrome/navidrome/conf"
+	"github.com/navidrome/navidrome/conf/configtest"
 	"github.com/navidrome/navidrome/log"
 	"github.com/navidrome/navidrome/model"
 	"github.com/navidrome/navidrome/model/criteria"
@@ -160,14 +161,23 @@ var _ = Describe("PlaylistRepository", func() {
 			})
 		})

-		// TODO Validate these tests
-		XContext("child smart playlists", func() {
-			When("refresh day has expired", func() {
+		Context("child smart playlists", func() {
+			BeforeEach(func() {
+				DeferCleanup(configtest.SetupConfig())
+			})
+
+			When("refresh delay has expired", func() {
 				It("should refresh tracks for smart playlist referenced in parent smart playlist criteria", func() {
 					conf.Server.SmartPlaylistRefreshDelay = -1 * time.Second

-					nestedPls := model.Playlist{Name: "Nested", OwnerID: "userid", Rules: rules}
+					childRules := &criteria.Criteria{
+						Expression: criteria.All{
+							criteria.Contains{"title": "Day"},
+						},
+					}
+					nestedPls := model.Playlist{Name: "Nested", OwnerID: "userid", Public: true, Rules: childRules}
 					Expect(repo.Put(&nestedPls)).To(Succeed())
+					DeferCleanup(func() { _ = repo.Delete(nestedPls.ID) })

 					parentPls := model.Playlist{Name: "Parent", OwnerID: "userid", Rules: &criteria.Criteria{
 						Expression: criteria.All{
@@ -175,45 +185,69 @@ var _ = Describe("PlaylistRepository", func() {
 						},
 					}}
 					Expect(repo.Put(&parentPls)).To(Succeed())
+					DeferCleanup(func() { _ = repo.Delete(parentPls.ID) })

+					// Nested playlist has not been evaluated yet
 					nestedPlsRead, err := repo.Get(nestedPls.ID)
 					Expect(err).ToNot(HaveOccurred())
+					Expect(nestedPlsRead.EvaluatedAt).To(BeNil())

-					_, err = repo.GetWithTracks(parentPls.ID, true, false)
+					// Getting parent with refresh should recursively refresh the nested playlist
+					pls, err := repo.GetWithTracks(parentPls.ID, true, false)
 					Expect(err).ToNot(HaveOccurred())
+					Expect(pls.EvaluatedAt).ToNot(BeNil())
+					Expect(*pls.EvaluatedAt).To(BeTemporally("~", time.Now(), 2*time.Second))

-					// Check that the nested playlist was refreshed by parent get by verifying evaluatedAt is updated since first nestedPls get
+					// Parent should have tracks from the nested playlist
+					Expect(pls.Tracks).To(HaveLen(1))
+					Expect(pls.Tracks[0].MediaFileID).To(Equal(songDayInALife.ID))
+
+					// Nested playlist should now have been refreshed (EvaluatedAt set)
 					nestedPlsAfterParentGet, err := repo.Get(nestedPls.ID)
 					Expect(err).ToNot(HaveOccurred())
-
-					Expect(*nestedPlsAfterParentGet.EvaluatedAt).To(BeTemporally(">", *nestedPlsRead.EvaluatedAt))
+					Expect(nestedPlsAfterParentGet.EvaluatedAt).ToNot(BeNil())
+					Expect(*nestedPlsAfterParentGet.EvaluatedAt).To(BeTemporally("~", time.Now(), 2*time.Second))
 				})
 			})

-			When("refresh day has not expired", func() {
+			When("refresh delay has not expired", func() {
 				It("should NOT refresh tracks for smart playlist referenced in parent smart playlist criteria", func() {
 					conf.Server.SmartPlaylistRefreshDelay = 1 * time.Hour
+					childEvaluatedAt := time.Now().Add(-30 * time.Minute)

-					nestedPls := model.Playlist{Name: "Nested", OwnerID: "userid", Rules: rules}
+					childRules := &criteria.Criteria{
+						Expression: criteria.All{
+							criteria.Contains{"title": "Day"},
+						},
+					}
+					nestedPls := model.Playlist{Name: "Nested", OwnerID: "userid", Public: true, Rules: childRules, EvaluatedAt: &childEvaluatedAt}
 					Expect(repo.Put(&nestedPls)).To(Succeed())
+					DeferCleanup(func() { _ = repo.Delete(nestedPls.ID) })

+					// Parent has no EvaluatedAt, so it WILL refresh, but the child should not
 					parentPls := model.Playlist{Name: "Parent", OwnerID: "userid", Rules: &criteria.Criteria{
 						Expression: criteria.All{
 							criteria.InPlaylist{"id": nestedPls.ID},
 						},
 					}}
 					Expect(repo.Put(&parentPls)).To(Succeed())
+					DeferCleanup(func() { _ = repo.Delete(parentPls.ID) })

 					nestedPlsRead, err := repo.Get(nestedPls.ID)
 					Expect(err).ToNot(HaveOccurred())

-					_, err = repo.GetWithTracks(parentPls.ID, true, false)
+					// Getting parent with refresh should NOT recursively refresh the nested playlist
+					parent, err := repo.GetWithTracks(parentPls.ID, true, false)
 					Expect(err).ToNot(HaveOccurred())

-					// Check that the nested playlist was not refreshed by parent get by verifying evaluatedAt is not updated since first nestedPls get
+					// Parent should have been refreshed (its EvaluatedAt was nil)
+					Expect(parent.EvaluatedAt).ToNot(BeNil())
+					Expect(*parent.EvaluatedAt).To(BeTemporally("~", time.Now(), 2*time.Second))
+
+					// Nested playlist should NOT have been refreshed (still within delay window)
 					nestedPlsAfterParentGet, err := repo.Get(nestedPls.ID)
 					Expect(err).ToNot(HaveOccurred())
-
+					Expect(*nestedPlsAfterParentGet.EvaluatedAt).To(BeTemporally("~", childEvaluatedAt, time.Second))
 					Expect(*nestedPlsAfterParentGet.EvaluatedAt).To(Equal(*nestedPlsRead.EvaluatedAt))
 				})
 			})
@@ -367,6 +401,79 @@ var _ = Describe("PlaylistRepository", func() {
 		})
 	})

+	Describe("Track Deletion and Renumbering", func() {
+		var testPlaylistID string
+
+		AfterEach(func() {
+			if testPlaylistID != "" {
+				Expect(repo.Delete(testPlaylistID)).To(BeNil())
+				testPlaylistID = ""
+			}
+		})
+
+		// helper to get track positions and media file IDs
+		getTrackInfo := func(playlistID string) (ids []string, mediaFileIDs []string) {
+			pls, err := repo.GetWithTracks(playlistID, false, false)
+			Expect(err).ToNot(HaveOccurred())
+			for _, t := range pls.Tracks {
+				ids = append(ids, t.ID)
+				mediaFileIDs = append(mediaFileIDs, t.MediaFileID)
+			}
+			return
+		}
+
+		It("renumbers correctly after deleting a track from the middle", func() {
+			By("creating a playlist with 4 tracks")
+			newPls := model.Playlist{Name: "Renumber Test Middle", OwnerID: "userid"}
+			newPls.AddMediaFilesByID([]string{"1001", "1002", "1003", "1004"})
+			Expect(repo.Put(&newPls)).To(Succeed())
+			testPlaylistID = newPls.ID
+
+			By("deleting the second track (position 2)")
+			tracksRepo := repo.Tracks(newPls.ID, false)
+			Expect(tracksRepo.Delete("2")).To(Succeed())
+
+			By("verifying remaining tracks are renumbered sequentially")
+			ids, mediaFileIDs := getTrackInfo(newPls.ID)
+			Expect(ids).To(Equal([]string{"1", "2", "3"}))
+			Expect(mediaFileIDs).To(Equal([]string{"1001", "1003", "1004"}))
+		})
+
+		It("renumbers correctly after deleting the first track", func() {
+			By("creating a playlist with 3 tracks")
+			newPls := model.Playlist{Name: "Renumber Test First", OwnerID: "userid"}
+			newPls.AddMediaFilesByID([]string{"1001", "1002", "1003"})
+			Expect(repo.Put(&newPls)).To(Succeed())
+			testPlaylistID = newPls.ID
+
+			By("deleting the first track (position 1)")
+			tracksRepo := repo.Tracks(newPls.ID, false)
+			Expect(tracksRepo.Delete("1")).To(Succeed())
+
+			By("verifying remaining tracks are renumbered sequentially")
+			ids, mediaFileIDs := getTrackInfo(newPls.ID)
+			Expect(ids).To(Equal([]string{"1", "2"}))
+			Expect(mediaFileIDs).To(Equal([]string{"1002", "1003"}))
+		})
+
+		It("renumbers correctly after deleting the last track", func() {
+			By("creating a playlist with 3 tracks")
+			newPls := model.Playlist{Name: "Renumber Test Last", OwnerID: "userid"}
+			newPls.AddMediaFilesByID([]string{"1001", "1002", "1003"})
+			Expect(repo.Put(&newPls)).To(Succeed())
+			testPlaylistID = newPls.ID
+
+			By("deleting the last track (position 3)")
+			tracksRepo := repo.Tracks(newPls.ID, false)
+			Expect(tracksRepo.Delete("3")).To(Succeed())
+
+			By("verifying remaining tracks are renumbered sequentially")
+			ids, mediaFileIDs := getTrackInfo(newPls.ID)
+			Expect(ids).To(Equal([]string{"1", "2"}))
+			Expect(mediaFileIDs).To(Equal([]string{"1001", "1002"}))
+		})
+	})
+
 	Describe("Smart Playlists Library Filtering", func() {
 		var mfRepo model.MediaFileRepository
 		var testPlaylistID string
--- a/persistence/playlist_track_repository.go
+++ b/persistence/playlist_track_repository.go
@@ -84,7 +84,7 @@ func (r *playlistTrackRepository) Count(options ...rest.QueryOptions) (int64, er
 	return r.count(query, r.parseRestOptions(r.ctx, options...))
 }

-func (r *playlistTrackRepository) Read(id string) (interface{}, error) {
+func (r *playlistTrackRepository) Read(id string) (any, error) {
 	userID := loggedUser(r.ctx).ID
 	sel := r.newSelect().
 		LeftJoin("annotation on ("+
@@ -128,7 +128,7 @@ func (r *playlistTrackRepository) GetAlbumIDs(options ...model.QueryOptions) ([]
 	return ids, nil
 }

-func (r *playlistTrackRepository) ReadAll(options ...rest.QueryOptions) (interface{}, error) {
+func (r *playlistTrackRepository) ReadAll(options ...rest.QueryOptions) (any, error) {
 	return r.GetAll(r.parseRestOptions(r.ctx, options...))
 }

@@ -136,19 +136,11 @@ func (r *playlistTrackRepository) EntityName() string {
 	return "playlist_tracks"
 }

-func (r *playlistTrackRepository) NewInstance() interface{} {
+func (r *playlistTrackRepository) NewInstance() any {
 	return &model.PlaylistTrack{}
 }

-func (r *playlistTrackRepository) isTracksEditable() bool {
-	return r.playlistRepo.isWritable(r.playlistId) && !r.playlist.IsSmartPlaylist()
-}
-
 func (r *playlistTrackRepository) Add(mediaFileIds []string) (int, error) {
-	if !r.isTracksEditable() {
-		return 0, rest.ErrPermissionDenied
-	}
-
 	if len(mediaFileIds) > 0 {
 		log.Debug(r.ctx, "Adding songs to playlist", "playlistId", r.playlistId, "mediaFileIds", mediaFileIds)
 	} else {
@@ -196,22 +188,7 @@ func (r *playlistTrackRepository) AddDiscs(discs []model.DiscID) (int, error) {
 	return r.addMediaFileIds(clauses)
 }

-// Get ids from all current tracks
-func (r *playlistTrackRepository) getTracks() ([]string, error) {
-	all := r.newSelect().Columns("media_file_id").Where(Eq{"playlist_id": r.playlistId}).OrderBy("id")
-	var ids []string
-	err := r.queryAllSlice(all, &ids)
-	if err != nil {
-		log.Error(r.ctx, "Error querying current tracks from playlist", "playlistId", r.playlistId, err)
-		return nil, err
-	}
-	return ids, nil
-}
-
 func (r *playlistTrackRepository) Delete(ids ...string) error {
-	if !r.isTracksEditable() {
-		return rest.ErrPermissionDenied
-	}
 	err := r.delete(And{Eq{"playlist_id": r.playlistId}, Eq{"id": ids}})
 	if err != nil {
 		return err
@@ -221,9 +198,6 @@ func (r *playlistTrackRepository) Delete(ids ...string) error {
 }

 func (r *playlistTrackRepository) DeleteAll() error {
-	if !r.isTracksEditable() {
-		return rest.ErrPermissionDenied
-	}
 	err := r.delete(Eq{"playlist_id": r.playlistId})
 	if err != nil {
 		return err
@@ -232,16 +206,45 @@ func (r *playlistTrackRepository) DeleteAll() error {
 	return r.playlistRepo.renumber(r.playlistId)
 }

+// Reorder moves a track from pos to newPos, shifting other tracks accordingly.
 func (r *playlistTrackRepository) Reorder(pos int, newPos int) error {
-	if !r.isTracksEditable() {
-		return rest.ErrPermissionDenied
+	if pos == newPos {
+		return nil
 	}
-	ids, err := r.getTracks()
+	pid := r.playlistId
+
+	// Step 1: Move the source track out of the way (temporary sentinel value)
+	_, err := r.executeSQL(Expr(
+		`UPDATE playlist_tracks SET id = -999999 WHERE playlist_id = ? AND id = ?`, pid, pos))
 	if err != nil {
 		return err
 	}
-	newOrder := slice.Move(ids, pos-1, newPos-1)
-	return r.playlistRepo.updatePlaylist(r.playlistId, newOrder)
+
+	// Step 2: Shift the affected range using negative values to avoid unique constraint violations
+	if pos < newPos {
+		_, err = r.executeSQL(Expr(
+			`UPDATE playlist_tracks SET id = -(id - 1) WHERE playlist_id = ? AND id > ? AND id <= ?`,
+			pid, pos, newPos))
+	} else {
+		_, err = r.executeSQL(Expr(
+			`UPDATE playlist_tracks SET id = -(id + 1) WHERE playlist_id = ? AND id >= ? AND id < ?`,
+			pid, newPos, pos))
+	}
+	if err != nil {
+		return err
+	}
+
+	// Step 3: Flip the shifted range back to positive
+	_, err = r.executeSQL(Expr(
+		`UPDATE playlist_tracks SET id = -id WHERE playlist_id = ? AND id < 0 AND id != -999999`, pid))
+	if err != nil {
+		return err
+	}
+
+	// Step 4: Place the source track at its new position
+	_, err = r.executeSQL(Expr(
+		`UPDATE playlist_tracks SET id = ? WHERE playlist_id = ? AND id = -999999`, newPos, pid))
+	return err
 }

 var _ model.PlaylistTrackRepository = (*playlistTrackRepository)(nil)
--- a/persistence/playqueue_repository.go
+++ b/persistence/playqueue_repository.go
@@ -122,8 +122,8 @@ func (r *playQueueRepository) toModel(pq *playQueue) model.PlayQueue {
 		UpdatedAt: pq.UpdatedAt,
 	}
 	if strings.TrimSpace(pq.Items) != "" {
-		tracks := strings.Split(pq.Items, ",")
-		for _, t := range tracks {
+		tracks := strings.SplitSeq(pq.Items, ",")
+		for t := range tracks {
 			q.Items = append(q.Items, model.MediaFile{ID: t})
 		}
 	}
--- a/persistence/radio_repository.go
+++ b/persistence/radio_repository.go
@@ -63,7 +63,7 @@ func (r *radioRepository) Put(radio *model.Radio) error {
 		return rest.ErrPermissionDenied
 	}

-	var values map[string]interface{}
+	var values map[string]any

 	radio.UpdatedAt = time.Now()

@@ -97,19 +97,19 @@ func (r *radioRepository) EntityName() string {
 	return "radio"
 }

-func (r *radioRepository) NewInstance() interface{} {
+func (r *radioRepository) NewInstance() any {
 	return &model.Radio{}
 }

-func (r *radioRepository) Read(id string) (interface{}, error) {
+func (r *radioRepository) Read(id string) (any, error) {
 	return r.Get(id)
 }

-func (r *radioRepository) ReadAll(options ...rest.QueryOptions) (interface{}, error) {
+func (r *radioRepository) ReadAll(options ...rest.QueryOptions) (any, error) {
 	return r.GetAll(r.parseRestOptions(r.ctx, options...))
 }

-func (r *radioRepository) Save(entity interface{}) (string, error) {
+func (r *radioRepository) Save(entity any) (string, error) {
 	t := entity.(*model.Radio)
 	if !r.isPermitted() {
 		return "", rest.ErrPermissionDenied
@@ -121,7 +121,7 @@ func (r *radioRepository) Save(entity interface{}) (string, error) {
 	return t.ID, err
 }

-func (r *radioRepository) Update(id string, entity interface{}, cols ...string) error {
+func (r *radioRepository) Update(id string, entity any, cols ...string) error {
 	t := entity.(*model.Radio)
 	t.ID = id
 	if !r.isPermitted() {
--- a/persistence/scrobble_buffer_repository.go
+++ b/persistence/scrobble_buffer_repository.go
@@ -51,7 +51,7 @@ func (r *scrobbleBufferRepository) UserIDs(service string) ([]string, error) {
 }

 func (r *scrobbleBufferRepository) Enqueue(service, userId, mediaFileId string, playTime time.Time) error {
-	ins := Insert(r.tableName).SetMap(map[string]interface{}{
+	ins := Insert(r.tableName).SetMap(map[string]any{
 		"id":            id.NewRandom(),
 		"user_id":       userId,
 		"service":       service,
--- a/persistence/scrobble_buffer_repository_test.go
+++ b/persistence/scrobble_buffer_repository_test.go
@@ -24,7 +24,7 @@ var _ = Describe("ScrobbleBufferRepository", func() {
 		id := id.NewRandom()
 		ids = append(ids, id)

-		ins := squirrel.Insert("scrobble_buffer").SetMap(map[string]interface{}{
+		ins := squirrel.Insert("scrobble_buffer").SetMap(map[string]any{
 			"id":            id,
 			"user_id":       userId,
 			"service":       service,
--- a/persistence/scrobble_repository.go
+++ b/persistence/scrobble_repository.go
@@ -23,7 +23,7 @@ func NewScrobbleRepository(ctx context.Context, db dbx.Builder) model.ScrobbleRe

 func (r *scrobbleRepository) RecordScrobble(mediaFileID string, submissionTime time.Time) error {
 	userID := loggedUser(r.ctx).ID
-	values := map[string]interface{}{
+	values := map[string]any{
 		"media_file_id":   mediaFileID,
 		"user_id":         userID,
 		"submission_time": submissionTime.Unix(),
--- a/persistence/share_repository.go
+++ b/persistence/share_repository.go
@@ -138,7 +138,7 @@ func sortByIdPosition(mfs model.MediaFiles, ids []string) model.MediaFiles {
 	return sorted
 }

-func (r *shareRepository) Update(id string, entity interface{}, cols ...string) error {
+func (r *shareRepository) Update(id string, entity any, cols ...string) error {
 	s := entity.(*model.Share)
 	// TODO Validate record
 	s.ID = id
@@ -151,7 +151,7 @@ func (r *shareRepository) Update(id string, entity interface{}, cols ...string)
 	return err
 }

-func (r *shareRepository) Save(entity interface{}) (string, error) {
+func (r *shareRepository) Save(entity any) (string, error) {
 	s := entity.(*model.Share)
 	// TODO Validate record
 	u := loggedUser(r.ctx)
@@ -179,18 +179,18 @@ func (r *shareRepository) EntityName() string {
 	return "share"
 }

-func (r *shareRepository) NewInstance() interface{} {
+func (r *shareRepository) NewInstance() any {
 	return &model.Share{}
 }

-func (r *shareRepository) Read(id string) (interface{}, error) {
+func (r *shareRepository) Read(id string) (any, error) {
 	sel := r.selectShare().Where(Eq{"share.id": id})
 	var res model.Share
 	err := r.queryOne(sel, &res)
 	return &res, err
 }

-func (r *shareRepository) ReadAll(options ...rest.QueryOptions) (interface{}, error) {
+func (r *shareRepository) ReadAll(options ...rest.QueryOptions) (any, error) {
 	sq := r.selectShare(r.parseRestOptions(r.ctx, options...))
 	res := model.Shares{}
 	err := r.queryAll(sq, &res)
--- a/persistence/share_repository_test.go
+++ b/persistence/share_repository_test.go
@@ -47,7 +47,7 @@ var _ = Describe("ShareRepository", func() {
 				_, err := GetDBXBuilder().NewQuery(`
 					INSERT INTO share (id, user_id, description, resource_type, resource_ids, created_at, updated_at) 
 					VALUES ({:id}, {:user}, {:desc}, {:type}, {:ids}, {:created}, {:updated})
-				`).Bind(map[string]interface{}{
+				`).Bind(map[string]any{
 					"id":      shareID,
 					"user":    adminUser.ID,
 					"desc":    "Headless Test Share",
@@ -79,7 +79,7 @@ var _ = Describe("ShareRepository", func() {
 				_, err := GetDBXBuilder().NewQuery(`
 					INSERT INTO share (id, user_id, description, resource_type, resource_ids, created_at, updated_at) 
 					VALUES ({:id}, {:user}, {:desc}, {:type}, {:ids}, {:created}, {:updated})
-				`).Bind(map[string]interface{}{
+				`).Bind(map[string]any{
 					"id":      shareID,
 					"user":    adminUser.ID,
 					"desc":    "Headless Get Share",
@@ -110,7 +110,7 @@ var _ = Describe("ShareRepository", func() {
 			_, err := GetDBXBuilder().NewQuery(`
 				INSERT INTO share (id, user_id, description, resource_type, resource_ids, created_at, updated_at) 
 				VALUES ({:id}, {:user}, {:desc}, {:type}, {:ids}, {:created}, {:updated})
-			`).Bind(map[string]interface{}{
+			`).Bind(map[string]any{
 				"id":      shareID,
 				"user":    adminUser.ID,
 				"desc":    "SQL Test Share",
--- a/persistence/sql_annotations.go
+++ b/persistence/sql_annotations.go
@@ -66,7 +66,7 @@ func (r sqlRepository) annId(itemID ...string) And {
 	}
 }

-func (r sqlRepository) annUpsert(values map[string]interface{}, itemIDs ...string) error {
+func (r sqlRepository) annUpsert(values map[string]any, itemIDs ...string) error {
 	upd := Update(annotationTable).Where(r.annId(itemIDs...))
 	for f, v := range values {
 		upd = upd.Set(f, v)
@@ -90,12 +90,12 @@ func (r sqlRepository) annUpsert(values map[string]interface{}, itemIDs ...strin

 func (r sqlRepository) SetStar(starred bool, ids ...string) error {
 	starredAt := time.Now()
-	return r.annUpsert(map[string]interface{}{"starred": starred, "starred_at": starredAt}, ids...)
+	return r.annUpsert(map[string]any{"starred": starred, "starred_at": starredAt}, ids...)
 }

 func (r sqlRepository) SetRating(rating int, itemID string) error {
 	ratedAt := time.Now()
-	err := r.annUpsert(map[string]interface{}{"rating": rating, "rated_at": ratedAt}, itemID)
+	err := r.annUpsert(map[string]any{"rating": rating, "rated_at": ratedAt}, itemID)
 	if err != nil {
 		return err
 	}
@@ -121,7 +121,7 @@ func (r sqlRepository) IncPlayCount(itemID string, ts time.Time) error {

 	if c == 0 || errors.Is(err, sql.ErrNoRows) {
 		userID := loggedUser(r.ctx).ID
-		values := map[string]interface{}{}
+		values := map[string]any{}
 		values["user_id"] = userID
 		values["item_type"] = r.tableName
 		values["item_id"] = itemID
--- a/persistence/sql_annotations_test.go
+++ b/persistence/sql_annotations_test.go
@@ -32,17 +32,17 @@ var _ = Describe("Annotation Filters", func() {

 	Describe("annotationBoolFilter", func() {
 		DescribeTable("creates correct SQL expressions",
-			func(field, value string, expectedSQL string, expectedArgs []interface{}) {
+			func(field, value string, expectedSQL string, expectedArgs []any) {
 				sqlizer := annotationBoolFilter(field)(field, value)
 				sql, args, err := sqlizer.ToSql()
 				Expect(err).ToNot(HaveOccurred())
 				Expect(sql).To(Equal(expectedSQL))
 				Expect(args).To(Equal(expectedArgs))
 			},
-			Entry("starred=true", "starred", "true", "COALESCE(starred, 0) > 0", []interface{}(nil)),
-			Entry("starred=false", "starred", "false", "COALESCE(starred, 0) = 0", []interface{}(nil)),
-			Entry("starred=True (case insensitive)", "starred", "True", "COALESCE(starred, 0) > 0", []interface{}(nil)),
-			Entry("rating=true", "rating", "true", "COALESCE(rating, 0) > 0", []interface{}(nil)),
+			Entry("starred=true", "starred", "true", "COALESCE(starred, 0) > 0", []any(nil)),
+			Entry("starred=false", "starred", "false", "COALESCE(starred, 0) = 0", []any(nil)),
+			Entry("starred=True (case insensitive)", "starred", "True", "COALESCE(starred, 0) > 0", []any(nil)),
+			Entry("rating=true", "rating", "true", "COALESCE(rating, 0) > 0", []any(nil)),
 		)

 		It("returns nil if value is not a string", func() {
--- a/persistence/sql_base_repository.go
+++ b/persistence/sql_base_repository.go
@@ -196,7 +196,7 @@ func (r *sqlRepository) withTableName(filter filterFunc) filterFunc {
 }

 // libraryIdFilter is a filter function to be added to resources that have a library_id column.
-func libraryIdFilter(_ string, value interface{}) Sqlizer {
+func libraryIdFilter(_ string, value any) Sqlizer {
 	return Eq{"library_id": value}
 }

@@ -281,7 +281,7 @@ func (r sqlRepository) toSQL(sq Sqlizer) (string, dbx.Params, error) {
 	return result, params, nil
 }

-func (r sqlRepository) queryOne(sq Sqlizer, response interface{}) error {
+func (r sqlRepository) queryOne(sq Sqlizer, response any) error {
 	query, args, err := r.toSQL(sq)
 	if err != nil {
 		return err
@@ -328,7 +328,7 @@ func queryWithStableResults[T any](r sqlRepository, sq SelectBuilder, options ..
 	}, nil
 }

-func (r sqlRepository) queryAll(sq SelectBuilder, response interface{}, options ...model.QueryOptions) error {
+func (r sqlRepository) queryAll(sq SelectBuilder, response any, options ...model.QueryOptions) error {
 	if len(options) > 0 && options[0].Offset > 0 {
 		sq = r.optimizePagination(sq, options[0])
 	}
@@ -347,7 +347,7 @@ func (r sqlRepository) queryAll(sq SelectBuilder, response interface{}, options
 }

 // queryAllSlice is a helper function to query a single column and return the result in a slice
-func (r sqlRepository) queryAllSlice(sq SelectBuilder, response interface{}) error {
+func (r sqlRepository) queryAllSlice(sq SelectBuilder, response any) error {
 	query, args, err := r.toSQL(sq)
 	if err != nil {
 		return err
@@ -394,7 +394,7 @@ func (r sqlRepository) count(countQuery SelectBuilder, options ...model.QueryOpt
 	return res.Count, err
 }

-func (r sqlRepository) putByMatch(filter Sqlizer, id string, m interface{}, colsToUpdate ...string) (string, error) {
+func (r sqlRepository) putByMatch(filter Sqlizer, id string, m any, colsToUpdate ...string) (string, error) {
 	if id != "" {
 		return r.put(id, m, colsToUpdate...)
 	}
@@ -408,14 +408,14 @@ func (r sqlRepository) putByMatch(filter Sqlizer, id string, m interface{}, cols
 	return r.put(res.ID, m, colsToUpdate...)
 }

-func (r sqlRepository) put(id string, m interface{}, colsToUpdate ...string) (newId string, err error) {
+func (r sqlRepository) put(id string, m any, colsToUpdate ...string) (newId string, err error) {
 	values, err := toSQLArgs(m)
 	if err != nil {
 		return "", fmt.Errorf("error preparing values to write to DB: %w", err)
 	}
 	// If there's an ID, try to update first
 	if id != "" {
-		updateValues := map[string]interface{}{}
+		updateValues := map[string]any{}

 		// This is a map of the columns that need to be updated, if specified
 		c2upd := slice.ToMap(colsToUpdate, func(s string) (string, struct{}) {
--- a/persistence/sql_bookmarks.go
+++ b/persistence/sql_bookmarks.go
@@ -37,7 +37,7 @@ func (r sqlRepository) bmkID(itemID ...string) And {
 func (r sqlRepository) bmkUpsert(itemID, comment string, position int64) error {
 	client, _ := request.ClientFrom(r.ctx)
 	user, _ := request.UserFrom(r.ctx)
-	values := map[string]interface{}{
+	values := map[string]any{
 		"comment":    comment,
 		"position":   position,
 		"updated_at": time.Now(),
--- a/persistence/sql_restful_test.go
+++ b/persistence/sql_restful_test.go
@@ -30,7 +30,7 @@ var _ = Describe("sqlRestful", func() {
 			r.filterMappings = map[string]filterFunc{
 				"name": fullTextFilter("table"),
 			}
-			options.Filters = map[string]interface{}{"name": "'"}
+			options.Filters = map[string]any{"name": "'"}
 			Expect(r.parseRestFilters(context.Background(), options)).To(BeEmpty())
 		})

@@ -40,32 +40,32 @@ var _ = Describe("sqlRestful", func() {
 					return nil
 				},
 			}
-			options.Filters = map[string]interface{}{"name": "joe"}
+			options.Filters = map[string]any{"name": "joe"}
 			Expect(r.parseRestFilters(context.Background(), options)).To(BeEmpty())
 		})

 		It("returns a '=' condition for 'id' filter", func() {
-			options.Filters = map[string]interface{}{"id": "123"}
+			options.Filters = map[string]any{"id": "123"}
 			Expect(r.parseRestFilters(context.Background(), options)).To(Equal(squirrel.And{squirrel.Eq{"id": "123"}}))
 		})

 		It("returns a 'in' condition for multiples 'id' filters", func() {
-			options.Filters = map[string]interface{}{"id": []string{"123", "456"}}
+			options.Filters = map[string]any{"id": []string{"123", "456"}}
 			Expect(r.parseRestFilters(context.Background(), options)).To(Equal(squirrel.And{squirrel.Eq{"id": []string{"123", "456"}}}))
 		})

 		It("returns a 'like' condition for other filters", func() {
-			options.Filters = map[string]interface{}{"name": "joe"}
+			options.Filters = map[string]any{"name": "joe"}
 			Expect(r.parseRestFilters(context.Background(), options)).To(Equal(squirrel.And{squirrel.Like{"name": "joe%"}}))
 		})

 		It("uses the custom filter", func() {
 			r.filterMappings = map[string]filterFunc{
-				"test": func(field string, value interface{}) squirrel.Sqlizer {
+				"test": func(field string, value any) squirrel.Sqlizer {
 					return squirrel.Gt{field: value}
 				},
 			}
-			options.Filters = map[string]interface{}{"test": 100}
+			options.Filters = map[string]any{"test": 100}
 			Expect(r.parseRestFilters(context.Background(), options)).To(Equal(squirrel.And{squirrel.Gt{"test": 100}}))
 		})
 	})
--- a/persistence/sql_tags.go
+++ b/persistence/sql_tags.go
@@ -60,7 +60,7 @@ func tagIDFilter(name string, idValue any) Sqlizer {
 }

 // tagLibraryIdFilter filters tags based on library access through the library_tag table
-func tagLibraryIdFilter(_ string, value interface{}) Sqlizer {
+func tagLibraryIdFilter(_ string, value any) Sqlizer {
 	return Eq{"library_tag.library_id": value}
 }

@@ -142,14 +142,14 @@ func (r *baseTagRepository) Count(options ...rest.QueryOptions) (int64, error) {
 	return r.count(sq, r.parseRestOptions(r.ctx, options...))
 }

-func (r *baseTagRepository) Read(id string) (interface{}, error) {
+func (r *baseTagRepository) Read(id string) (any, error) {
 	query := r.newSelect().Where(Eq{"id": id})
 	var res model.Tag
 	err := r.queryOne(query, &res)
 	return &res, err
 }

-func (r *baseTagRepository) ReadAll(options ...rest.QueryOptions) (interface{}, error) {
+func (r *baseTagRepository) ReadAll(options ...rest.QueryOptions) (any, error) {
 	query := r.newSelect(r.parseRestOptions(r.ctx, options...))
 	var res model.TagList
 	err := r.queryAll(query, &res)
@@ -160,7 +160,7 @@ func (r *baseTagRepository) EntityName() string {
 	return "tag"
 }

-func (r *baseTagRepository) NewInstance() interface{} {
+func (r *baseTagRepository) NewInstance() any {
 	return model.Tag{}
 }

--- a/persistence/tag_library_filtering_test.go
+++ b/persistence/tag_library_filtering_test.go
@@ -165,7 +165,7 @@ var _ = Describe("Tag Library Filtering", func() {

 			It("should respect explicit library_id filters within accessible libraries", func() {
 				tags := readAllTags(&regularUser, rest.QueryOptions{
-					Filters: map[string]interface{}{"library_id": libraryID2},
+					Filters: map[string]any{"library_id": libraryID2},
 				})
 				// Should see only tags from library 2: pop and rock(lib2)
 				Expect(tags).To(HaveLen(2))
@@ -174,7 +174,7 @@ var _ = Describe("Tag Library Filtering", func() {

 			It("should not return tags when filtering by inaccessible library", func() {
 				tags := readAllTags(&regularUser, rest.QueryOptions{
-					Filters: map[string]interface{}{"library_id": libraryID3},
+					Filters: map[string]any{"library_id": libraryID3},
 				})
 				// Should return no tags since user can't access library 3
 				Expect(tags).To(HaveLen(0))
@@ -182,7 +182,7 @@ var _ = Describe("Tag Library Filtering", func() {

 			It("should filter by library 1 correctly", func() {
 				tags := readAllTags(&regularUser, rest.QueryOptions{
-					Filters: map[string]interface{}{"library_id": libraryID1},
+					Filters: map[string]any{"library_id": libraryID1},
 				})
 				// Should see only rock from library 1
 				Expect(tags).To(HaveLen(1))
@@ -227,7 +227,7 @@ var _ = Describe("Tag Library Filtering", func() {

 			It("should allow headless processes to apply explicit library_id filters", func() {
 				tags := readAllTags(nil, rest.QueryOptions{
-					Filters: map[string]interface{}{"library_id": libraryID3},
+					Filters: map[string]any{"library_id": libraryID3},
 				})
 				// Should see only jazz from library 3
 				Expect(tags).To(HaveLen(1))
@@ -243,7 +243,7 @@ var _ = Describe("Tag Library Filtering", func() {

 			It("should respect explicit library_id filters", func() {
 				tags := readAllTags(&adminUser, rest.QueryOptions{
-					Filters: map[string]interface{}{"library_id": libraryID3},
+					Filters: map[string]any{"library_id": libraryID3},
 				})
 				// Should see only jazz from library 3
 				Expect(tags).To(HaveLen(1))
@@ -252,7 +252,7 @@ var _ = Describe("Tag Library Filtering", func() {

 			It("should filter by library 2 correctly", func() {
 				tags := readAllTags(&adminUser, rest.QueryOptions{
-					Filters: map[string]interface{}{"library_id": libraryID2},
+					Filters: map[string]any{"library_id": libraryID2},
 				})
 				// Should see pop and rock from library 2
 				Expect(tags).To(HaveLen(2))
--- a/persistence/tag_repository_test.go
+++ b/persistence/tag_repository_test.go
@@ -234,7 +234,7 @@ var _ = Describe("TagRepository", func() {

 		It("should filter tags by partial value correctly", func() {
 			options := rest.QueryOptions{
-				Filters: map[string]interface{}{"name": "%rock%"}, // Tags containing 'rock'
+				Filters: map[string]any{"name": "%rock%"}, // Tags containing 'rock'
 			}
 			result, err := restRepo.ReadAll(options)
 			Expect(err).ToNot(HaveOccurred())
@@ -249,7 +249,7 @@ var _ = Describe("TagRepository", func() {

 		It("should filter tags by partial value using LIKE", func() {
 			options := rest.QueryOptions{
-				Filters: map[string]interface{}{"name": "%e%"}, // Tags containing 'e'
+				Filters: map[string]any{"name": "%e%"}, // Tags containing 'e'
 			}
 			result, err := restRepo.ReadAll(options)
 			Expect(err).ToNot(HaveOccurred())
@@ -264,7 +264,7 @@ var _ = Describe("TagRepository", func() {

 		It("should sort tags by value ascending", func() {
 			options := rest.QueryOptions{
-				Filters: map[string]interface{}{"name": "%r%"}, // Tags containing 'r'
+				Filters: map[string]any{"name": "%r%"}, // Tags containing 'r'
 				Sort:    "name",
 				Order:   "asc",
 			}
@@ -280,7 +280,7 @@ var _ = Describe("TagRepository", func() {

 		It("should sort tags by value descending", func() {
 			options := rest.QueryOptions{
-				Filters: map[string]interface{}{"name": "%r%"}, // Tags containing 'r'
+				Filters: map[string]any{"name": "%r%"}, // Tags containing 'r'
 				Sort:    "name",
 				Order:   "desc",
 			}
--- a/persistence/transcoding_repository.go
+++ b/persistence/transcoding_repository.go
@@ -52,11 +52,11 @@ func (r *transcodingRepository) Count(options ...rest.QueryOptions) (int64, erro
 	return r.count(Select(), r.parseRestOptions(r.ctx, options...))
 }

-func (r *transcodingRepository) Read(id string) (interface{}, error) {
+func (r *transcodingRepository) Read(id string) (any, error) {
 	return r.Get(id)
 }

-func (r *transcodingRepository) ReadAll(options ...rest.QueryOptions) (interface{}, error) {
+func (r *transcodingRepository) ReadAll(options ...rest.QueryOptions) (any, error) {
 	sel := r.newSelect(r.parseRestOptions(r.ctx, options...)).Columns("*")
 	res := model.Transcodings{}
 	err := r.queryAll(sel, &res)
@@ -67,11 +67,11 @@ func (r *transcodingRepository) EntityName() string {
 	return "transcoding"
 }

-func (r *transcodingRepository) NewInstance() interface{} {
+func (r *transcodingRepository) NewInstance() any {
 	return &model.Transcoding{}
 }

-func (r *transcodingRepository) Save(entity interface{}) (string, error) {
+func (r *transcodingRepository) Save(entity any) (string, error) {
 	if !loggedUser(r.ctx).IsAdmin {
 		return "", rest.ErrPermissionDenied
 	}
@@ -83,7 +83,7 @@ func (r *transcodingRepository) Save(entity interface{}) (string, error) {
 	return id, err
 }

-func (r *transcodingRepository) Update(id string, entity interface{}, cols ...string) error {
+func (r *transcodingRepository) Update(id string, entity any, cols ...string) error {
 	if !loggedUser(r.ctx).IsAdmin {
 		return rest.ErrPermissionDenied
 	}
--- a/plugins/capabilities.go
+++ b/plugins/capabilities.go
@@ -1,5 +1,7 @@
 package plugins

+import "slices"
+
 // Capability represents a plugin capability type.
 // Capabilities are detected by checking which functions a plugin exports.
 type Capability string
@@ -25,11 +27,8 @@ func detectCapabilities(plugin functionExistsChecker) []Capability {
 	var capabilities []Capability

 	for cap, functions := range capabilityFunctions {
-		for _, fn := range functions {
-			if plugin.FunctionExists(fn) {
-				capabilities = append(capabilities, cap)
-				break // Found at least one function, plugin has this capability
-			}
+		if slices.ContainsFunc(functions, plugin.FunctionExists) {
+			capabilities = append(capabilities, cap) // Found at least one function, plugin has this capability
 		}
 	}

@@ -38,10 +37,5 @@ func detectCapabilities(plugin functionExistsChecker) []Capability {

 // hasCapability checks if the given capabilities slice contains a specific capability.
 func hasCapability(capabilities []Capability, cap Capability) bool {
-	for _, c := range capabilities {
-		if c == cap {
-			return true
-		}
-	}
-	return false
+	return slices.Contains(capabilities, cap)
 }
--- a/plugins/cmd/ndpgen/integration_test.go
+++ b/plugins/cmd/ndpgen/integration_test.go
@@ -282,6 +282,9 @@ type ServiceB interface {

 			Entry("option pattern (value, exists bool)",
 				"config_service.go.txt", "config_client_expected.go.txt", "config_client_expected.py", "config_client_expected.rs"),
+
+			Entry("raw=true binary response",
+				"raw_service.go.txt", "raw_client_expected.go.txt", "raw_client_expected.py", "raw_client_expected.rs"),
 		)

 		It("generates compilable client code for comprehensive service", func() {
--- a/plugins/cmd/ndpgen/internal/generator_test.go
+++ b/plugins/cmd/ndpgen/internal/generator_test.go
@@ -264,6 +264,96 @@ var _ = Describe("Generator", func() {
 			Expect(codeStr).To(ContainSubstring(`extism "github.com/extism/go-sdk"`))
 		})

+		It("should generate binary framing for raw=true methods", func() {
+			svc := Service{
+				Name:       "Stream",
+				Permission: "stream",
+				Interface:  "StreamService",
+				Methods: []Method{
+					{
+						Name:     "GetStream",
+						HasError: true,
+						Raw:      true,
+						Params:   []Param{NewParam("uri", "string")},
+						Returns: []Param{
+							NewParam("contentType", "string"),
+							NewParam("data", "[]byte"),
+						},
+					},
+				},
+			}
+
+			code, err := GenerateHost(svc, "host")
+			Expect(err).NotTo(HaveOccurred())
+
+			_, err = format.Source(code)
+			Expect(err).NotTo(HaveOccurred())
+
+			codeStr := string(code)
+
+			// Should include encoding/binary import for raw methods
+			Expect(codeStr).To(ContainSubstring(`"encoding/binary"`))
+
+			// Should NOT generate a response type for raw methods
+			Expect(codeStr).NotTo(ContainSubstring("type StreamGetStreamResponse struct"))
+
+			// Should generate request type (request is still JSON)
+			Expect(codeStr).To(ContainSubstring("type StreamGetStreamRequest struct"))
+
+			// Should build binary frame [0x00][4-byte CT len][CT][data]
+			Expect(codeStr).To(ContainSubstring("frame[0] = 0x00"))
+			Expect(codeStr).To(ContainSubstring("binary.BigEndian.PutUint32"))
+
+			// Should have writeRawError helper
+			Expect(codeStr).To(ContainSubstring("streamWriteRawError"))
+
+			// Should use writeRawError instead of writeError for raw methods
+			Expect(codeStr).To(ContainSubstring("streamWriteRawError(p, stack"))
+		})
+
+		It("should generate both writeError and writeRawError for mixed services", func() {
+			svc := Service{
+				Name:       "API",
+				Permission: "api",
+				Interface:  "APIService",
+				Methods: []Method{
+					{
+						Name:     "Call",
+						HasError: true,
+						Params:   []Param{NewParam("uri", "string")},
+						Returns:  []Param{NewParam("response", "string")},
+					},
+					{
+						Name:     "CallRaw",
+						HasError: true,
+						Raw:      true,
+						Params:   []Param{NewParam("uri", "string")},
+						Returns: []Param{
+							NewParam("contentType", "string"),
+							NewParam("data", "[]byte"),
+						},
+					},
+				},
+			}
+
+			code, err := GenerateHost(svc, "host")
+			Expect(err).NotTo(HaveOccurred())
+
+			_, err = format.Source(code)
+			Expect(err).NotTo(HaveOccurred())
+
+			codeStr := string(code)
+
+			// Should have both helpers
+			Expect(codeStr).To(ContainSubstring("apiWriteResponse"))
+			Expect(codeStr).To(ContainSubstring("apiWriteError"))
+			Expect(codeStr).To(ContainSubstring("apiWriteRawError"))
+
+			// Should generate response type for non-raw method only
+			Expect(codeStr).To(ContainSubstring("type APICallResponse struct"))
+			Expect(codeStr).NotTo(ContainSubstring("type APICallRawResponse struct"))
+		})
+
 		It("should always include json import for JSON protocol", func() {
 			// All services use JSON protocol, so json import is always needed
 			svc := Service{
@@ -626,6 +716,72 @@ var _ = Describe("Generator", func() {
 			Expect(codeStr).To(ContainSubstring(`response.get("floatVal", 0.0)`))
 			Expect(codeStr).To(ContainSubstring(`response.get("boolVal", False)`))
 		})
+
+		It("should generate binary frame parsing for raw methods", func() {
+			svc := Service{
+				Name:       "Stream",
+				Permission: "stream",
+				Interface:  "StreamService",
+				Methods: []Method{
+					{
+						Name:     "GetStream",
+						HasError: true,
+						Raw:      true,
+						Params:   []Param{NewParam("uri", "string")},
+						Returns: []Param{
+							NewParam("contentType", "string"),
+							NewParam("data", "[]byte"),
+						},
+						Doc: "GetStream returns raw binary stream data.",
+					},
+				},
+			}
+
+			code, err := GenerateClientPython(svc)
+			Expect(err).NotTo(HaveOccurred())
+
+			codeStr := string(code)
+
+			// Should import Tuple and struct for raw methods
+			Expect(codeStr).To(ContainSubstring("from typing import Any, Tuple"))
+			Expect(codeStr).To(ContainSubstring("import struct"))
+
+			// Should return Tuple[str, bytes]
+			Expect(codeStr).To(ContainSubstring("-> Tuple[str, bytes]:"))
+
+			// Should parse binary frame instead of JSON
+			Expect(codeStr).To(ContainSubstring("response_bytes = response_mem.bytes()"))
+			Expect(codeStr).To(ContainSubstring("response_bytes[0] == 0x01"))
+			Expect(codeStr).To(ContainSubstring("struct.unpack"))
+			Expect(codeStr).To(ContainSubstring("return content_type, data"))
+
+			// Should NOT use json.loads for response
+			Expect(codeStr).NotTo(ContainSubstring("json.loads(extism.memory.string(response_mem))"))
+		})
+
+		It("should not import Tuple or struct for non-raw services", func() {
+			svc := Service{
+				Name:       "Test",
+				Permission: "test",
+				Interface:  "TestService",
+				Methods: []Method{
+					{
+						Name:     "Call",
+						HasError: true,
+						Params:   []Param{NewParam("uri", "string")},
+						Returns:  []Param{NewParam("response", "string")},
+					},
+				},
+			}
+
+			code, err := GenerateClientPython(svc)
+			Expect(err).NotTo(HaveOccurred())
+
+			codeStr := string(code)
+
+			Expect(codeStr).NotTo(ContainSubstring("Tuple"))
+			Expect(codeStr).NotTo(ContainSubstring("import struct"))
+		})
 	})

 	Describe("GenerateGoDoc", func() {
@@ -782,6 +938,47 @@ var _ = Describe("Generator", func() {
 			// Check for PDK import
 			Expect(codeStr).To(ContainSubstring("github.com/navidrome/navidrome/plugins/pdk/go/pdk"))
 		})
+
+		It("should include encoding/binary import for raw methods", func() {
+			svc := Service{
+				Name:       "Stream",
+				Permission: "stream",
+				Interface:  "StreamService",
+				Methods: []Method{
+					{
+						Name:     "GetStream",
+						HasError: true,
+						Raw:      true,
+						Params:   []Param{NewParam("uri", "string")},
+						Returns: []Param{
+							NewParam("contentType", "string"),
+							NewParam("data", "[]byte"),
+						},
+					},
+				},
+			}
+
+			code, err := GenerateClientGo(svc, "host")
+			Expect(err).NotTo(HaveOccurred())
+
+			codeStr := string(code)
+
+			// Should include encoding/binary for raw binary frame parsing
+			Expect(codeStr).To(ContainSubstring(`"encoding/binary"`))
+
+			// Should NOT generate response type struct for raw methods
+			Expect(codeStr).NotTo(ContainSubstring("streamGetStreamResponse struct"))
+
+			// Should still generate request type
+			Expect(codeStr).To(ContainSubstring("streamGetStreamRequest struct"))
+
+			// Should parse binary frame
+			Expect(codeStr).To(ContainSubstring("responseBytes[0] == 0x01"))
+			Expect(codeStr).To(ContainSubstring("binary.BigEndian.Uint32"))
+
+			// Should return (string, []byte, error)
+			Expect(codeStr).To(ContainSubstring("func StreamGetStream(uri string) (string, []byte, error)"))
+		})
 	})

 	Describe("GenerateClientGoStub", func() {
@@ -1550,6 +1747,51 @@ var _ = Describe("Rust Generation", func() {
 			Expect(codeStr).To(ContainSubstring("Result<bool, Error>"))
 			Expect(codeStr).NotTo(ContainSubstring("Option<bool>"))
 		})
+
+		It("should generate raw extern C import and binary frame parsing for raw methods", func() {
+			svc := Service{
+				Name:       "Stream",
+				Permission: "stream",
+				Interface:  "StreamService",
+				Methods: []Method{
+					{
+						Name:     "GetStream",
+						HasError: true,
+						Raw:      true,
+						Params:   []Param{NewParam("uri", "string")},
+						Returns: []Param{
+							NewParam("contentType", "string"),
+							NewParam("data", "[]byte"),
+						},
+						Doc: "GetStream returns raw binary stream data.",
+					},
+				},
+			}
+
+			code, err := GenerateClientRust(svc)
+			Expect(err).NotTo(HaveOccurred())
+
+			codeStr := string(code)
+
+			// Should use extern "C" with wasm_import_module for raw methods, not #[host_fn] extern "ExtismHost"
+			Expect(codeStr).To(ContainSubstring(`#[link(wasm_import_module = "extism:host/user")]`))
+			Expect(codeStr).To(ContainSubstring(`extern "C"`))
+			Expect(codeStr).To(ContainSubstring("fn stream_getstream(offset: u64) -> u64"))
+
+			// Should NOT generate response type for raw methods
+			Expect(codeStr).NotTo(ContainSubstring("StreamGetStreamResponse"))
+
+			// Should generate request type (request is still JSON)
+			Expect(codeStr).To(ContainSubstring("struct StreamGetStreamRequest"))
+
+			// Should return Result<(String, Vec<u8>), Error>
+			Expect(codeStr).To(ContainSubstring("Result<(String, Vec<u8>), Error>"))
+
+			// Should parse binary frame
+			Expect(codeStr).To(ContainSubstring("response_bytes[0] == 0x01"))
+			Expect(codeStr).To(ContainSubstring("u32::from_be_bytes"))
+			Expect(codeStr).To(ContainSubstring("String::from_utf8_lossy"))
+		})
 	})
 })

--- a/plugins/cmd/ndpgen/internal/parser.go
+++ b/plugins/cmd/ndpgen/internal/parser.go
@@ -761,6 +761,7 @@ func parseMethod(name string, funcType *ast.FuncType, annotation map[string]stri
 	m := Method{
 		Name:       name,
 		ExportName: annotation["name"],
+		Raw:        annotation["raw"] == "true",
 		Doc:        doc,
 	}

@@ -799,6 +800,13 @@ func parseMethod(name string, funcType *ast.FuncType, annotation map[string]stri
 		}
 	}

+	// Validate raw=true methods: must return exactly (string, []byte, error)
+	if m.Raw {
+		if !m.HasError || len(m.Returns) != 2 || m.Returns[0].Type != "string" || m.Returns[1].Type != "[]byte" {
+			return m, fmt.Errorf("raw=true method %s must return (string, []byte, error) — content-type, data, error", name)
+		}
+	}
+
 	return m, nil
 }

--- a/plugins/cmd/ndpgen/internal/parser_test.go
+++ b/plugins/cmd/ndpgen/internal/parser_test.go
@@ -122,6 +122,119 @@ type TestService interface {
 			Expect(services[0].Methods[0].Name).To(Equal("Exported"))
 		})

+		It("should parse raw=true annotation", func() {
+			src := `package host
+
+import "context"
+
+//nd:hostservice name=Stream permission=stream
+type StreamService interface {
+	//nd:hostfunc raw=true
+	GetStream(ctx context.Context, uri string) (contentType string, data []byte, err error)
+}
+`
+			err := os.WriteFile(filepath.Join(tmpDir, "stream.go"), []byte(src), 0600)
+			Expect(err).NotTo(HaveOccurred())
+
+			services, err := ParseDirectory(tmpDir)
+			Expect(err).NotTo(HaveOccurred())
+			Expect(services).To(HaveLen(1))
+
+			m := services[0].Methods[0]
+			Expect(m.Name).To(Equal("GetStream"))
+			Expect(m.Raw).To(BeTrue())
+			Expect(m.HasError).To(BeTrue())
+			Expect(m.Returns).To(HaveLen(2))
+			Expect(m.Returns[0].Name).To(Equal("contentType"))
+			Expect(m.Returns[0].Type).To(Equal("string"))
+			Expect(m.Returns[1].Name).To(Equal("data"))
+			Expect(m.Returns[1].Type).To(Equal("[]byte"))
+		})
+
+		It("should set Raw=false when raw annotation is absent", func() {
+			src := `package host
+
+import "context"
+
+//nd:hostservice name=Test permission=test
+type TestService interface {
+	//nd:hostfunc
+	Call(ctx context.Context, uri string) (response string, err error)
+}
+`
+			err := os.WriteFile(filepath.Join(tmpDir, "test.go"), []byte(src), 0600)
+			Expect(err).NotTo(HaveOccurred())
+
+			services, err := ParseDirectory(tmpDir)
+			Expect(err).NotTo(HaveOccurred())
+			Expect(services[0].Methods[0].Raw).To(BeFalse())
+		})
+
+		It("should reject raw=true with invalid return signature", func() {
+			src := `package host
+
+import "context"
+
+//nd:hostservice name=Test permission=test
+type TestService interface {
+	//nd:hostfunc raw=true
+	BadRaw(ctx context.Context, uri string) (result string, err error)
+}
+`
+			err := os.WriteFile(filepath.Join(tmpDir, "test.go"), []byte(src), 0600)
+			Expect(err).NotTo(HaveOccurred())
+
+			_, err = ParseDirectory(tmpDir)
+			Expect(err).To(HaveOccurred())
+			Expect(err.Error()).To(ContainSubstring("raw=true"))
+			Expect(err.Error()).To(ContainSubstring("must return (string, []byte, error)"))
+		})
+
+		It("should reject raw=true without error return", func() {
+			src := `package host
+
+import "context"
+
+//nd:hostservice name=Test permission=test
+type TestService interface {
+	//nd:hostfunc raw=true
+	BadRaw(ctx context.Context, uri string) (contentType string, data []byte)
+}
+`
+			err := os.WriteFile(filepath.Join(tmpDir, "test.go"), []byte(src), 0600)
+			Expect(err).NotTo(HaveOccurred())
+
+			_, err = ParseDirectory(tmpDir)
+			Expect(err).To(HaveOccurred())
+			Expect(err.Error()).To(ContainSubstring("raw=true"))
+		})
+
+		It("should parse mixed raw and non-raw methods", func() {
+			src := `package host
+
+import "context"
+
+//nd:hostservice name=API permission=api
+type APIService interface {
+	//nd:hostfunc
+	Call(ctx context.Context, uri string) (responseJSON string, err error)
+
+	//nd:hostfunc raw=true
+	CallRaw(ctx context.Context, uri string) (contentType string, data []byte, err error)
+}
+`
+			err := os.WriteFile(filepath.Join(tmpDir, "api.go"), []byte(src), 0600)
+			Expect(err).NotTo(HaveOccurred())
+
+			services, err := ParseDirectory(tmpDir)
+			Expect(err).NotTo(HaveOccurred())
+			Expect(services).To(HaveLen(1))
+			Expect(services[0].Methods).To(HaveLen(2))
+			Expect(services[0].Methods[0].Raw).To(BeFalse())
+			Expect(services[0].Methods[1].Raw).To(BeTrue())
+			Expect(services[0].HasRawMethods()).To(BeTrue())
+		})
+
 		It("should handle custom export name", func() {
 			src := `package host

--- a/plugins/cmd/ndpgen/internal/templates/client.go.tmpl
+++ b/plugins/cmd/ndpgen/internal/templates/client.go.tmpl
@@ -8,6 +8,9 @@
 package {{.Package}}

 import (
+{{- if .Service.HasRawMethods}}
+	"encoding/binary"
+{{- end}}
 	"encoding/json"
 {{- if .Service.HasErrors}}
 	"errors"
@@ -49,7 +52,7 @@ type {{requestType .}} struct {
 {{- end}}
 }
 {{- end}}
-{{- if not .IsErrorOnly}}
+{{- if and (not .IsErrorOnly) (not .Raw)}}

 type {{responseType .}} struct {
 {{- range .Returns}}
@@ -95,7 +98,27 @@ func {{$.Service.Name}}{{.Name}}({{range $i, $p := .Params}}{{if $i}}, {{end}}{{
 	// Read the response from memory
 	responseMem := pdk.FindMemory(responsePtr)
 	responseBytes := responseMem.ReadBytes()
-{{- if .IsErrorOnly}}
+{{- if .Raw}}
+
+	// Parse binary-framed response
+	if len(responseBytes) == 0 {
+		return "", nil, errors.New("empty response from host")
+	}
+	if responseBytes[0] == 0x01 { // error
+		return "", nil, errors.New(string(responseBytes[1:]))
+	}
+	if responseBytes[0] != 0x00 {
+		return "", nil, errors.New("unknown response status")
+	}
+	if len(responseBytes) < 5 {
+		return "", nil, errors.New("malformed raw response: incomplete header")
+	}
+	ctLen := binary.BigEndian.Uint32(responseBytes[1:5])
+	if uint32(len(responseBytes)) < 5+ctLen {
+		return "", nil, errors.New("malformed raw response: content-type overflow")
+	}
+	return string(responseBytes[5 : 5+ctLen]), responseBytes[5+ctLen:], nil
+{{- else if .IsErrorOnly}}

 	// Parse error-only response
 	var response struct {
--- a/plugins/cmd/ndpgen/internal/templates/client.py.tmpl
+++ b/plugins/cmd/ndpgen/internal/templates/client.py.tmpl
@@ -8,10 +8,13 @@
 # main __init__.py file. Copy the needed functions from this file into your plugin.

 from dataclasses import dataclass
-from typing import Any
+from typing import Any{{- if .Service.HasRawMethods}}, Tuple{{end}}

 import extism
 import json
+{{- if .Service.HasRawMethods}}
+import struct
+{{- end}}


 class HostFunctionError(Exception):
@@ -29,7 +32,7 @@ def _{{exportName .}}(offset: int) -> int:
 {{- end}}
 {{- /* Generate dataclasses for multi-value returns */ -}}
 {{range .Service.Methods}}
-{{- if .NeedsResultClass}}
+{{- if and .NeedsResultClass (not .Raw)}}


@dataclass
@@ -44,7 +47,7 @@ class {{pythonResultType .}}:
 {{range .Service.Methods}}


-def {{pythonFunc .}}({{range $i, $p := .Params}}{{if $i}}, {{end}}{{$p.PythonName}}: {{$p.PythonType}}{{end}}){{if .NeedsResultClass}} -> {{pythonResultType .}}{{else if .HasReturns}} -> {{(index .Returns 0).PythonType}}{{else}} -> None{{end}}:
+def {{pythonFunc .}}({{range $i, $p := .Params}}{{if $i}}, {{end}}{{$p.PythonName}}: {{$p.PythonType}}{{end}}){{if .Raw}} -> Tuple[str, bytes]{{else if .NeedsResultClass}} -> {{pythonResultType .}}{{else if .HasReturns}} -> {{(index .Returns 0).PythonType}}{{else}} -> None{{end}}:
    """{{if .Doc}}{{.Doc}}{{else}}Call the {{exportName .}} host function.{{end}}
 {{- if .HasParams}}

@@ -53,7 +56,11 @@ def {{pythonFunc .}}({{range $i, $p := .Params}}{{if $i}}, {{end}}{{$p.PythonNam
        {{.PythonName}}: {{.PythonType}} parameter.
 {{- end}}
 {{- end}}
-{{- if .HasReturns}}
+{{- if .Raw}}
+
+    Returns:
+        Tuple of (content_type, data) with the raw binary response.
+{{- else if .HasReturns}}

    Returns:
 {{- if .NeedsResultClass}}
@@ -79,6 +86,24 @@ def {{pythonFunc .}}({{range $i, $p := .Params}}{{if $i}}, {{end}}{{$p.PythonNam
    request_mem = extism.memory.alloc(request_bytes)
    response_offset = _{{exportName .}}(request_mem.offset)
    response_mem = extism.memory.find(response_offset)
+{{- if .Raw}}
+    response_bytes = response_mem.bytes()
+
+    if len(response_bytes) == 0:
+        raise HostFunctionError("empty response from host")
+    if response_bytes[0] == 0x01:
+        raise HostFunctionError(response_bytes[1:].decode("utf-8"))
+    if response_bytes[0] != 0x00:
+        raise HostFunctionError("unknown response status")
+    if len(response_bytes) < 5:
+        raise HostFunctionError("malformed raw response: incomplete header")
+    ct_len = struct.unpack(">I", response_bytes[1:5])[0]
+    if len(response_bytes) < 5 + ct_len:
+        raise HostFunctionError("malformed raw response: content-type overflow")
+    content_type = response_bytes[5:5 + ct_len].decode("utf-8")
+    data = response_bytes[5 + ct_len:]
+    return content_type, data
+{{- else}}
    response = json.loads(extism.memory.string(response_mem))
 {{if .HasError}}
    if response.get("error"):
@@ -94,3 +119,4 @@ def {{pythonFunc .}}({{range $i, $p := .Params}}{{if $i}}, {{end}}{{$p.PythonNam
    return response.get("{{(index .Returns 0).JSONName}}"{{pythonDefault (index .Returns 0)}})
 {{- end}}
 {{- end}}
+{{- end}}
--- a/plugins/cmd/ndpgen/internal/templates/client.rs.tmpl
+++ b/plugins/cmd/ndpgen/internal/templates/client.rs.tmpl
@@ -33,6 +33,7 @@ struct {{requestType .}} {
 {{- end}}
 }
 {{- end}}
+{{- if not .Raw}}

 #[derive(Debug, Clone, Deserialize)]
 #[serde(rename_all = "camelCase")]
@@ -47,16 +48,92 @@ struct {{responseType .}} {
 {{- end}}
 }
 {{- end}}
+{{- end}}

 #[host_fn]
 extern "ExtismHost" {
 {{- range .Service.Methods}}
+{{- if not .Raw}}
    fn {{exportName .}}(input: Json<{{if .HasParams}}{{requestType .}}{{else}}serde_json::Value{{end}}>) -> Json<{{responseType .}}>;
 {{- end}}
+{{- end}}
 }
+{{- /* Declare raw extern "C" imports for raw methods */ -}}
+{{- range .Service.Methods}}
+{{- if .Raw}}
+
+#[link(wasm_import_module = "extism:host/user")]
+extern "C" {
+    fn {{exportName .}}(offset: u64) -> u64;
+}
+{{- end}}
+{{- end}}

 {{- /* Generate wrapper functions */ -}}
 {{range .Service.Methods}}
+{{- if .Raw}}
+
+{{if .Doc}}{{rustDocComment .Doc}}{{else}}/// Calls the {{exportName .}} host function.{{end}}
+{{- if .HasParams}}
+///
+/// # Arguments
+{{- range .Params}}
+/// * `{{.RustName}}` - {{rustType .}} parameter.
+{{- end}}
+{{- end}}
+///
+/// # Returns
+/// A tuple of (content_type, data) with the raw binary response.
+///
+/// # Errors
+/// Returns an error if the host function call fails.
+pub fn {{rustFunc .}}({{range $i, $p := .Params}}{{if $i}}, {{end}}{{$p.RustName}}: {{rustParamType $p}}{{end}}) -> Result<(String, Vec<u8>), Error> {
+{{- if .HasParams}}
+    let req = {{requestType .}} {
+{{- range .Params}}
+        {{.RustName}}: {{.RustName}}{{if .NeedsToOwned}}.to_owned(){{end}},
+{{- end}}
+    };
+    let input_bytes = serde_json::to_vec(&req).map_err(|e| Error::msg(e.to_string()))?;
+{{- else}}
+    let input_bytes = b"{}".to_vec();
+{{- end}}
+    let input_mem = Memory::from_bytes(&input_bytes).map_err(|e| Error::msg(e.to_string()))?;
+
+    let response_offset = unsafe { {{exportName .}}(input_mem.offset()) };
+
+    let response_mem = Memory::find(response_offset)
+        .ok_or_else(|| Error::msg("empty response from host"))?;
+    let response_bytes = response_mem.to_vec();
+
+    if response_bytes.is_empty() {
+        return Err(Error::msg("empty response from host"));
+    }
+    if response_bytes[0] == 0x01 {
+        let msg = String::from_utf8_lossy(&response_bytes[1..]).to_string();
+        return Err(Error::msg(msg));
+    }
+    if response_bytes[0] != 0x00 {
+        return Err(Error::msg("unknown response status"));
+    }
+    if response_bytes.len() < 5 {
+        return Err(Error::msg("malformed raw response: incomplete header"));
+    }
+    let ct_len = u32::from_be_bytes([
+        response_bytes[1],
+        response_bytes[2],
+        response_bytes[3],
+        response_bytes[4],
+    ]) as usize;
+    if ct_len > response_bytes.len() - 5 {
+        return Err(Error::msg("malformed raw response: content-type overflow"));
+    }
+    let ct_end = 5 + ct_len;
+    let content_type = String::from_utf8_lossy(&response_bytes[5..ct_end]).to_string();
+    let data = response_bytes[ct_end..].to_vec();
+    Ok((content_type, data))
+}
+{{- else}}

 {{if .Doc}}{{rustDocComment .Doc}}{{else}}/// Calls the {{exportName .}} host function.{{end}}
 {{- if .HasParams}}
@@ -132,3 +209,4 @@ pub fn {{rustFunc .}}({{range $i, $p := .Params}}{{if $i}}, {{end}}{{$p.RustName
 }
 {{- end}}
 {{- end}}
+{{- end}}
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Deluan	271da15174	refactor: update mock playlist repository and tests for consistency Signed-off-by: Deluan <deluan@navidrome.org>	2026-02-11 23:19:15 -05:00
Deluan	51aa893181	refactor: rename New function to NewPlaylists for clarity Signed-off-by: Deluan <deluan@navidrome.org>	2026-02-11 22:47:18 -05:00
Deluan	ef55b42a60	refactor: optimize playlist track renumbering with CTE-based UPDATE Replace the DELETE + re-INSERT renumbering strategy with a two-step UPDATE approach using a materialized CTE and ROW_NUMBER() window function. The previous approach (SELECT all IDs, DELETE all tracks, re-INSERT in chunks of 200) required 13 SQL operations for a 2000-track playlist. The new approach uses just 2 UPDATEs: first negating all IDs to clear the positive space, then assigning sequential positions via UPDATE...FROM with a CTE. This avoids the UNIQUE constraint violations that affected the original correlated subquery while reducing per-delete request time from ~110ms to ~12ms on a 2000-track playlist. Signed-off-by: Deluan <deluan@navidrome.org>	2026-02-11 21:38:29 -05:00
Deluan	8e49c013fd	refactor: remove unused getTracks method from playlistTrackRepository Signed-off-by: Deluan <deluan@navidrome.org>	2026-02-11 14:21:57 -05:00
Deluan	8191924a25	refactor: wrap track deletion and reordering in transactions for consistency Signed-off-by: Deluan <deluan@navidrome.org>	2026-02-11 14:20:18 -05:00
Deluan	39089912ab	refactor: implement track reordering in playlists with SQL updates Signed-off-by: Deluan <deluan@navidrome.org>	2026-02-11 14:20:18 -05:00
Deluan	cb4c29c432	refactor: optimize track removal and renumbering in playlists Signed-off-by: Deluan <deluan@navidrome.org>	2026-02-11 14:20:18 -05:00
Deluan	3b1082b7d9	test: add smart playlist protection tests to ensure readonly behavior and mutation restrictions	2026-02-11 14:20:18 -05:00
Deluan	cce938fdbd	fix: block track mutations on smart playlists in Create and Update Create now rejects replacing tracks on smart playlists (pre-existing gap). Update now uses checkTracksEditable instead of checkWritable when track changes are requested, restoring the protection that was removed from the repository layer during the refactoring. Metadata-only updates on smart playlists remain allowed.	2026-02-11 14:20:18 -05:00
Deluan	00113ae79a	refactor: rename playlists_internal_test.go to parse_m3u_test.go and update tests; add new parse_nsp.go and rest_adapter.go files Signed-off-by: Deluan <deluan@navidrome.org>	2026-02-11 14:20:18 -05:00
Deluan	fc5458ce33	refactor: rename core.Playlists to playlists package and update references Signed-off-by: Deluan <deluan@navidrome.org>	2026-02-11 14:20:18 -05:00
Deluan	e9d605d825	refactor: improve playlist permission checks and error handling, add e2e tests Signed-off-by: Deluan <deluan@navidrome.org>	2026-02-11 14:20:18 -05:00
Deluan	cabf758aa3	fix: add authorization check to playlist Update method Added ownership verification to the Subsonic Update endpoint in the playlist service layer. The authorization check was present in the old repository code but was not carried over during the refactoring to the service layer, allowing any authenticated user to modify playlists they don't own via the Subsonic API. Also added corresponding tests for the Update method's permission logic.	2026-02-11 14:20:18 -05:00
Deluan	ebe0ce59ea	test: add coverage for playlist service methods and REST wrapper Add 30 new tests covering the service methods added during the playlist refactoring: - Delete: owner, admin, denied, not found - Create: new playlist, replace tracks, admin bypass, denied, not found - AddTracks: owner, admin, denied, smart playlist, not found - RemoveTracks: owner, smart playlist denied, non-owner denied - ReorderTrack: owner, smart playlist denied - NewRepository wrapper: Save (owner assignment, ID clearing), Update (owner, admin, denied, ownership change, not found), Delete (delegation with permission checks) Expand mockedPlaylistRepo with Get, Delete, Tracks, GetWithTracks, and rest.Persistable methods. Add mockedPlaylistTrackRepo for track operation verification.	2026-02-11 14:20:18 -05:00
Deluan	df5319eb3a	refactor: move playlist business logic from repositories to core.Playlists service Move authorization, permission checks, and orchestration logic from playlist repositories to the core.Playlists service, following the existing pattern used by core.Share and core.Library. Changes: - Expand core.Playlists interface with read, mutation, track management, and REST adapter methods - Add playlistRepositoryWrapper for REST Save/Update/Delete with permission checks (follows Share/Library pattern) - Simplify persistence/playlist_repository.go: remove isWritable(), auth checks from Delete()/Put()/updatePlaylist() - Simplify persistence/playlist_track_repository.go: remove isTracksEditable() and permission checks from Add/Delete/Reorder - Update Subsonic API handlers to route through service - Update Native API handlers to accept core.Playlists instead of model.DataStore	2026-02-11 14:20:18 -05:00
Deluan	7ee56fe3bf	chore: update golangci-lint version to v2.9.0 in Makefile Signed-off-by: Deluan <deluan@navidrome.org>	2026-02-11 08:31:51 -05:00
Kendall Garner	34c6f12aee	feat(server): add explicit status support in smart playlists (#5031 ) * feat(smart playlist): add explicit status support * retrigger checks * rename field (remove snake_case) Signed-off-by: Deluan <deluan@navidrome.org> --------- Signed-off-by: Deluan <deluan@navidrome.org> Co-authored-by: Deluan <deluan@navidrome.org>	2026-02-10 18:22:34 -05:00
Denisa Rissa	eb9ebc3fba	fix(ui): add missing keys in Danish translation (#5011 ) update Danish translation with 59 missing keys for the `resources.plugin` section as well as `message.startingInstantMix`, `resources.song.actions.instantMix`, `resources.song.fields.composer`, and `resources.plugin.name`.	2026-02-10 14:05:14 -05:00
Deluan	e05a7e230f	fix: prevent data race on conf.Server during cleanup in e2e tests Signed-off-by: Deluan <deluan@navidrome.org>	2026-02-10 11:25:17 -05:00
Rob Emery	62f9c3a458	fix: linux service should restart when upgrading (#5001 ) * When upgrading packages this should restart the service * We need to specify configfile otherwise this command doesn't work	2026-02-09 17:11:45 -05:00
Deluan	fd09ca103f	fix(scanner): resolve data race on conf.Server access in getScanner Captured DevExternalScanner config value in the controller struct at construction time instead of reading the global conf.Server pointer in getScanner(). The background goroutine spawned by ScanFolders() was reading conf.Server.DevExternalScanner concurrently with test cleanup reassigning the conf.Server pointer, causing a data race detected by the race detector in the E2E test suite.	2026-02-09 16:42:05 -05:00
Deluan Quintão	ed79a8897b	fix(scanner): pass filename hint to gotaglib's OpenStream for format detection (#5012 ) * fix: split reflex -R flags to preserve directory exclusion optimization Combining the _test.go exclusion pattern (which uses $) into the same -R regex as the directory prefixes (^ui, ^data, ^db/migrations) disabled reflex's ExcludePrefix optimization. Reflex disables prefix-based directory skipping when the regex AST contains $, \z, or \b operators, causing it to traverse into ui/node_modules and hit "too many open files". Splitting into two separate -R flags fixes this: the directory prefix regex remains $-free so ExcludePrefix works, while the _test.go pattern gets its own flag where the $ anchor doesn't affect directory skipping. * fix(gotaglib): pass filename hint to OpenStream for format detection OpenStream relies on content-sniffing when no filename is provided, which fails for some files (e.g. OPUS). Pass the filename via the new WithFilename option so TagLib can use the file extension as a hint. Also adds an OPUS test fixture and test entry. Relates to https://github.com/navidrome/navidrome/issues/4604#issuecomment-3868569113, #4998, #5010	2026-02-09 16:16:28 -05:00
Deluan	302d99aa8b	chore(deps): update dependencies in go.mod and go.sum Signed-off-by: Deluan <deluan@navidrome.org>	2026-02-09 16:05:37 -05:00
Deluan	bee0305831	fix: split reflex -R flags to preserve directory exclusion optimization Combining the _test.go exclusion pattern (which uses $) into the same -R regex as the directory prefixes (^ui, ^data, ^db/migrations) disabled reflex's ExcludePrefix optimization. Reflex disables prefix-based directory skipping when the regex AST contains $, \z, or \b operators, causing it to traverse into ui/node_modules and hit "too many open files". Splitting into two separate -R flags fixes this: the directory prefix regex remains $-free so ExcludePrefix works, while the _test.go pattern gets its own flag where the $ anchor doesn't affect directory skipping.	2026-02-09 10:47:30 -05:00
Deluan	c280dd67a4	refactor: run Go modernize Signed-off-by: Deluan <deluan@navidrome.org>	2026-02-09 08:44:44 -05:00
Deluan Quintão	8319905d2c	test(subsonic): add comprehensive e2e test suite for Subsonic API (#5003 ) * test(e2e): add comprehensive tests for Subsonic API endpoints Signed-off-by: Deluan <deluan@navidrome.org> * fix(e2e): improve database handling and snapshot restoration in tests Signed-off-by: Deluan <deluan@navidrome.org> * test(e2e): add tests for album sharing and user isolation scenarios Signed-off-by: Deluan <deluan@navidrome.org> * test(e2e): add tests for multi-library support and user access control Signed-off-by: Deluan <deluan@navidrome.org> * test(e2e): tests are fast, no need to skip on -short Signed-off-by: Deluan <deluan@navidrome.org> * address gemini comments Signed-off-by: Deluan <deluan@navidrome.org> * fix(tests): prevent MockDataStore from caching repos with stale context When RealDS is set, MockDataStore previously cached repository instances on first access, binding them to the initial caller's context. This meant repos created with an admin context would skip library filtering for all subsequent non-admin calls, silently masking access control bugs. Changed MockDataStore to delegate to RealDS on every call without caching, so each caller gets a fresh repo with the correct context. Removed the pre-warm calls in e2e setupTestDB that were working around the old caching behavior. * test(e2e): route subsonic tests through full HTTP middleware stack Replace direct router method calls with full HTTP round-trips via router.ServeHTTP(w, r) across all 15 e2e test files. Tests now exercise the complete chi middleware chain including postFormToQueryParams, checkRequiredParameters, authenticate, UpdateLastAccessMiddleware, getPlayer, and sendResponse/sendError serialization. New helpers (doReq, doReqWithUser, doRawReq, buildReq, parseJSONResponse) use plaintext password auth and JSON response format. Old helpers that injected context directly (newReq, newReqWithUser, newRawReq) are removed. Sharing tests now set conf.Server.EnableSharing before router creation to ensure sharing routes are registered. --------- Signed-off-by: Deluan <deluan@navidrome.org>	2026-02-09 08:24:37 -05:00
Deluan	c80ef8ae41	chore: ignore _test.go files in reflex conf Signed-off-by: Deluan <deluan@navidrome.org>	2026-02-08 20:06:19 -05:00
Deluan	0a4722802a	fix(subsonic): validate JSONP callback parameter Added validation to ensure the JSONP callback parameter is a valid JavaScript identifier before reflecting it into the response. Invalid callbacks now return a JSON error response instead. This prevents malicious input from being injected into the response body via the callback parameter.	2026-02-08 10:33:46 -05:00
Maximilian	a704e86ac1	refactor: run Go modernize (#5002 )	2026-02-08 09:57:30 -05:00
Deluan	408aa78ed5	fix(scanner): log warning when metadata extraction fails Added a warning log when the gotaglib extractor fails to read metadata from a file. Previously, extraction errors were silently skipped, making it difficult to diagnose issues with unreadable files during scanning. Ref: https://github.com/navidrome/navidrome/issues/4604#issuecomment-3865690165 Signed-off-by: Deluan <deluan@navidrome.org>	2026-02-07 21:39:07 -05:00
Deluan	29f98b889b	chore(deps): update dependencies in go.mod and go.sum to latest versions Signed-off-by: Deluan <deluan@navidrome.org>	2026-02-07 13:23:58 -05:00
Kendall Garner	1e37e680d7	feat(agents): Add artist url and top and similar songs to ListenBrainz agent (#4934 ) * feat(agents): Add artist url and top songs to ListenBrainz agent * add newline at end of file * respond to some feedback * add more tests, include more metadata in top songs * add duration to album info * add similar artists from labs * add similar artists and track radio * fix(client): replace sort with slices.SortFunc for deterministic ordering of recordings with same score Signed-off-by: Deluan <deluan@navidrome.org> * fix: typos Signed-off-by: Deluan <deluan@navidrome.org> * refactor: use struct literal initialization consistently Signed-off-by: Deluan <deluan@navidrome.org> * feat: configurable artist and track algorithms Signed-off-by: Deluan <deluan@navidrome.org> * test configuration changes --------- Signed-off-by: Deluan <deluan@navidrome.org> Co-authored-by: Deluan Quintão <deluan@navidrome.org> Signed-off-by: Deluan <deluan@navidrome.org>	2026-02-07 13:20:42 -05:00
Kendall Garner	6fb4cd277e	feat(subsonic): add OS readonly and validUntil properties in playlists (#4993 ) * feat(subsonic): add OS readonly and validUntil properties * remove duplicated test * test: fix and enable disabled child smart playlist tests Fixed the XContext("child smart playlists") tests that were disabled with a TODO comment. The tests had several issues: nested playlists were missing Public: true (required by InPlaylist criteria), the criteria matched no test fixtures, the "not expired" test set EvaluatedAt on the parent too (preventing it from refreshing at all), and the "expired" test dereferenced a nil EvaluatedAt. Added proper cleanup with DeferCleanup and config restoration via configtest. * fix(subsonic): always include readonly field in JSON playlist responses Removed omitempty from the JSON tag of the Readonly field in OpenSubsonicPlaylist so that readonly: false is always serialized in JSON responses, per the OpenSubsonic spec requirement that supported fields must be returned with default values. Added a test case with an empty OpenSubsonicPlaylist to verify the behavior. --------- Co-authored-by: Deluan Quintão <deluan@navidrome.org>	2026-02-06 19:35:54 -05:00
Deluan	e11206f0ee	fix(lastfm): clean up Last.fm content by removing "Read more" links from descriptions and bios Signed-off-by: Deluan <deluan@navidrome.org>	2026-02-06 16:52:34 -05:00
Deluan Quintão	b4e03673ba	fix(scanner): preserve parentheses in lyrics when processing alias tags (#4985 ) Signed-off-by: Deluan <deluan@navidrome.org>	2026-02-06 16:21:35 -05:00
Deluan	01c839d9be	fix: add music.old to .dockerignore and .gitignore	2026-02-06 07:40:05 -05:00
Kendall Garner	2731e25fd2	fix(ui): use div for fragment, check lastfm url for artist page (#4980 ) * fix(ui): use div for fragment, check lastfm url for artist page * use span instead of div for better compat * fix: implement isLastFmURL utility and add tests for URL validation --------- Co-authored-by: Deluan <deluan@navidrome.org>	2026-02-04 17:34:26 -05:00
Boris Rorsvort	4f3845bbe3	fix(ui): Nautiline theme font path (#4983 ) * fix: Nautiline theme font path * refactor font path	2026-02-04 17:24:30 -05:00
Deluan Quintão	e8863ed147	feat(plugins): add SubsonicAPI CallRaw, with support for raw=true binary response for host functions (#4982 ) * feat: implement raw binary framing for host function responses Signed-off-by: Deluan <deluan@navidrome.org> * feat: add CallRaw method for Subsonic API to handle binary responses Signed-off-by: Deluan <deluan@navidrome.org> * test: add tests for raw=true methods and binary framing generation Signed-off-by: Deluan <deluan@navidrome.org> * fix: improve error message for malformed raw responses to indicate incomplete header Signed-off-by: Deluan <deluan@navidrome.org> * fix: add wasm_import_module attribute for raw methods and improve content-type handling Signed-off-by: Deluan <deluan@navidrome.org> --------- Signed-off-by: Deluan <deluan@navidrome.org>	2026-02-04 15:48:08 -05:00
dependabot[bot]	19ea338bed	chore(deps): bump @isaacs/brace-expansion from 5.0.0 to 5.0.1 in /ui (#4974 ) Bumps @isaacs/brace-expansion from 5.0.0 to 5.0.1. --- updated-dependencies: - dependency-name: "@isaacs/brace-expansion" dependency-version: 5.0.1 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-02-04 10:12:00 -05:00
dependabot[bot]	338853468f	chore(deps): bump bytes in /plugins/pdk/rust/nd-pdk-host (#4973 ) Bumps [bytes](https://github.com/tokio-rs/bytes) from 1.11.0 to 1.11.1. - [Release notes](https://github.com/tokio-rs/bytes/releases) - [Changelog](https://github.com/tokio-rs/bytes/blob/master/CHANGELOG.md) - [Commits](https://github.com/tokio-rs/bytes/compare/v1.11.0...v1.11.1) --- updated-dependencies: - dependency-name: bytes dependency-version: 1.11.1 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-02-04 10:11:37 -05:00
Deluan	4e720ee931	fix: handle WASM runtime panics in gotaglib openFile function. see #4977 Signed-off-by: Deluan <deluan@navidrome.org>	2026-02-03 22:56:47 -05:00