### Added
- Support for custom LLM gateways via configurable API base URL and extra headers.
- Settings UI and help text for providing gateway URL and JSON headers, plus environment support.
### Added
- Flasgger dependency and Swagger integration for interactive OpenAPI docs.
- Swagger UI and JSON spec exposed at /api/docs/ and /api/docs.json.
- OpenAPI template that includes API title and version from app config.
- API key security scheme (X-API-Key header) included in the spec.
### Added
- ListenBrainz integration to fetch weekly exploration playlist artists for personal recommendations.
- Profile field and UI controls to enable ListenBrainz as a personal discovery source.
### Added
- UI controls for monitor strategy, monitor-new-items, monitored toggle, and a per-album list so users can configure how newly added artists/albums are monitored.
- Server-side helpers to parse and normalize incoming settings (boolean/int/float coercion, monitor option normalization, album-list parsing).
- Inclusion of monitor options and album list in the payload sent when adding artists to the external music manager.
### Fixed
- Improves OpenAI parsing for fenced code blocks.
- Adds clearer admin actions with separated handlers for user and request management.
### Security
- Runs the application as a non-root user by default and tightens ownership of writable configuration paths.
### Added
- REST API endpoints for status, artist-requests, and stats with optional key-based access.
- Settings UI input for an API key and client-side wiring to include it in saved settings.
- Server-side config/storage for the API key and DataHandler support to propagate it at runtime.
### Added
- Broadcast artist rejection events to connected clients to trigger UI refresh.
### Changed
- Show "Pending Approval" for requested artists and mark rejections as an error state in the UI.
- Disable and restyle the add button for already-added, requested, failed, invalid, or rejected statuses.
### Fixed
- Correct datetime usage when recording approval timestamp to avoid a runtime error.
### Fixed
- Ensures an application context when persisting request records to avoid DB context issues.
- Makes the artist-add operation return a status and checks it before approving requests.
- Updates the admin approval flow to only mark requests approved when the add operation succeeds.
### Added
- Persistent artist request model and migration for tracking user requests.
- Admin interface for reviewing, approving, and rejecting pending requests.
- Socket endpoint for users to submit artist requests from the UI.
- Client-side request button and user-info emission so the UI can show request vs add actions.
- Server-side handler to create requests, emit toast notifications, and update the UI.
### Changed
- Button behavior now shows "Request" for non-admins and preserves add-to-service action for admins.
- Session state includes an admin flag and is sent to clients on connection.
- Approving a request now triggers adding the artist to the external content service and marks the request approved.
### Added
- Per-user LastFM discovery to surface personal recommendations.
- Example container compose manifest to simplify quickstart.
### Changed
- Settings persistence now performs atomic writes and enforces restrictive file permissions to protect stored API keys and admin credentials.
- Quickstart and deployment guidance clarifies owning the working directory (container UID/GID), suggests setting ownership, and recommends attaching to an external reverse-proxy network rather than publishing ports.
### Security
- Hardened config storage to minimize secret exposure on shared hosts.
