- Add authlib for OAuth/OIDC support
- Implement OIDC login/callback routes with group-based admin sync
- Support OIDC_ONLY mode to disable password authentication
- Add logged_out page for post-logout flow
- Show OIDC/Local auth type badge in user management
- Add user edit modal with OIDC sync warning
- Fix script.js null guards for non-main pages
- Hide password change section for OIDC users in profile
- Add ProxyFix middleware for reverse proxy deployments
### Added
- PUID/PGID environment support to map container UID/GID for host-friendly file ownership.
- Documentation and sample env entries explaining UID/GID mapping and startup privilege behavior.
- Small in-app help link for the root folder path.
- Minimum versions for key HTTP and WSGI libraries to improve compatibility.
### Changed
- Entrypoint now handles ownership fixes and privilege drop at runtime instead of enforcing a build-time non-root user.
- Contribution guide updated to require PRs, encourage single-feature PRs, and clarify testing/rebuild workflow.
### Security
- Pin minimum versions for critical libraries to address compatibility and known vulnerabilities and improve overall security posture.
### Added
- Support for custom LLM gateways via configurable API base URL and extra headers.
- Settings UI and help text for providing gateway URL and JSON headers, plus environment support.
### Added
- Flasgger dependency and Swagger integration for interactive OpenAPI docs.
- Swagger UI and JSON spec exposed at /api/docs/ and /api/docs.json.
- OpenAPI template that includes API title and version from app config.
- API key security scheme (X-API-Key header) included in the spec.
### Added
- ListenBrainz integration to fetch weekly exploration playlist artists for personal recommendations.
- Profile field and UI controls to enable ListenBrainz as a personal discovery source.
### Added
- UI controls for monitor strategy, monitor-new-items, monitored toggle, and a per-album list so users can configure how newly added artists/albums are monitored.
- Server-side helpers to parse and normalize incoming settings (boolean/int/float coercion, monitor option normalization, album-list parsing).
- Inclusion of monitor options and album list in the payload sent when adding artists to the external music manager.
### Fixed
- Improves OpenAI parsing for fenced code blocks.
- Adds clearer admin actions with separated handlers for user and request management.
### Security
- Runs the application as a non-root user by default and tightens ownership of writable configuration paths.
### Added
- REST API endpoints for status, artist-requests, and stats with optional key-based access.
- Settings UI input for an API key and client-side wiring to include it in saved settings.
- Server-side config/storage for the API key and DataHandler support to propagate it at runtime.
