### Added
- PUID/PGID environment support to map container UID/GID for host-friendly file ownership.
- Documentation and sample env entries explaining UID/GID mapping and startup privilege behavior.
- Small in-app help link for the root folder path.
- Minimum versions for key HTTP and WSGI libraries to improve compatibility.
### Changed
- Entrypoint now handles ownership fixes and privilege drop at runtime instead of enforcing a build-time non-root user.
- Contribution guide updated to require PRs, encourage single-feature PRs, and clarify testing/rebuild workflow.
### Security
- Pin minimum versions for critical libraries to address compatibility and known vulnerabilities and improve overall security posture.
### Fixed
- Improves OpenAI parsing for fenced code blocks.
- Adds clearer admin actions with separated handlers for user and request management.
### Security
- Runs the application as a non-root user by default and tightens ownership of writable configuration paths.
